COS 597D — Advanced Topics in Computer Science:
Privacy Technologies (Fall 2012)

« Teaching — Arvind Narayanan

Monday/Wednesday 3:00–4:20 pm, 306 Sherrerd.

Goals and topics

Numerous privacy-enhancing technologies have been developed in the last few decades, often utilizing powerful math and algorithms. The results have been mixed — some have been successful while others have seen little adoption despite much hype and promise. In this course we will study privacy technologies, their uses and limitations, the reasons for their success and failure, and think critically about their place in society. More broadly, we will also try and understand the implications of ubiquitous data collection, aggregation and profiling.

On the technical end we will study topics like cryptography, differential privacy and anonymity (including Tor and Bitcoin). On the other hand we will see what scholars from the fields of human-computer interaction, law, economics, etc., as well as journalists and even sci-fi authors have to say about privacy technologies. Some of these papers include discussions of topics as diverse as 19th century railroads and piracy (the nautical kind!)

To accommodate students with varying levels of technical background, evaluation will be project-focused. You can choose a programming-based or essay/paper-based project.

Organization and Details

The course will be split into five sections, alternating between more technical and less technical. Each section will be a mix — we will study a technology as well as understand it in context.

Please do the reading before each class (there is no reading for the first class), and start discussing the reading for each class in the course wiki before class. You will be doing most of the talking in class. There will be very little lecturing.

We will have a scribe for each class, whose responsibility will be to take notes, synthesize them later and post them online. This frees up the rest of the class from having to take notes.

Evaluation: 50% project, 30% class discussion, 20% online discussion. There are no homeworks and no exams. Anyone may choose any style of project, but a paper would be more suitable for those without a strong technical/programming background.

Office hours: Monday/Wednesday 10:30–11:30 AM.

Undergrads. You need to get this permission form signed in order to enroll; you won't be able to do it directly in SCORE. Yay more paperwork! (Kidding.)

This course counts toward the CITP undergraduate certificate in information technology and society.

Reading list

(Subject to minor changes)

The horizontal lines separate individual classes. We will try to stick to these, but we won't follow it strictly. There is no reading for the first class. We will start discussing the reading on the second class, Wed Sep 19.

The reading material is a starting point for discussion, not absolute truth. The fact that I've assigned something to read doesn't mean I fully agree with it, much less that you should. We will even read pairs of papers that contradict each other.


Goals of this section: Why are we here? Who cares about privacy? What might the future look like?

Cryptography: power and limitations

Goals. Travel back in time to the 80s and early 90s, understand the often-euphoric vision that many crypto pioneers and hobbyists had for the impact it would have. Understand how cryptographic building blocks were thought to be able to support this restructuring of society. Reason about why it didn't happen.

Understand the motivations and mathematical underpinnings of the modern research on privacy-preserving computations. Experiment with various encryption tools, discover usability problems and other limitations of crypto.

[This might be two classes.]

Data collection and data mining, economics of personal data, behavioral economics of privacy

Goals. Jump forward in time to the present day and immerse ourselves in the world of ubiquitous data collection and surveillance. Discover what kinds of data collection and data mining are going on, and why. Discuss how and why the conversation has shifted from Government surveillance to data collection by private companies in the last 20 years.

Theme: first-party data collection.

Theme: third-party data collection.

Theme: why companies act the way they do.

Theme: why people act the way they do.

Anonymity and De-anonymization

Important note: communications anonymity (e.g., Tor) and data anonymity/de-anonymization (e.g., identifying people in digital databases) are technically very different, but we will discuss them together because they raise some of the same ethical questions. Also, Bitcoin lies somewhere in between the two.

Lightweight Privacy Technologies and New Approaches to Information Privacy

Purely technological approaches revisited