Travis D. Breaux Carnegie Mellon University Travis D. Breaux
Associate Professor of Computer Science
Institute for Software Research
School of Computer Science
5000 Forbes Avenue, Pittsburgh, PA 15213
5103 Wean Hall

Links: Home | Research | Teaching | Publications | Biography | Vitae

15-508: Privacy Policy, Law and Technology
Cross-listed with 08-533 and 08-733 (ISR), 19-608 (EPP), and 95-818 (MSISPM)

This mixed-undergraduate and graduate-level course reviews the interactions among policy, law and technology on personal privacy. We enroll students from computer science, engineering and public policy. This course was originally developed by Lorrie Cranor original course offering.

For Spring 2012, I redesigned 15-508 to highlight "Privacy as Controversy," which engages students to appreciate the conflicting viewpoints across three critical and distinct perspectives: the individual’s perspective (how students experience privacy, first-hand), the corporate perspective (how businesses experience privacy in a market- and profit-driven world), and the government perspective (how national institutions experience privacy, including programs of national scale: electronic voting, electronic healthcare records, national identity systems, etc.) This redesign includes new student-led, Karl Popper-style debates, in which students perform twice as debaters and twice as judges on resolutions that students both may personally support and oppose. The debates teach students how to identify, prioritize and organize facts into structured arguments and how to think critically in both written and verbal prose.

Required Textbook: Daniel J. Solove, Paul M. Schwartz (2011). Privacy, Information, and Technology, Third Edition. Aspen Publishers. Find it on

No.Course TopicsReading
01Introduction to the Course
  • Course requirements
  • Syllabus
  • Early history
  • Overview of course topics
02Privacy Primer
  • Warren and Brandeis
  • Alan Westin
  • Solove's Taxonomy
  • Privacy, Information, and Technology, 1C Introduction: Perspectives on Privacy, pp. 39-76
03Privacy, Culture and Harms
  • What is privacy?
  • Risk and morality
  • Secrecy and trust
04Course Debate Introduction HW1 Due: Wallet Collage
05Economics of Privacy
  • Privacy risks
  • Decision-making
  • Coping strategies

Introduction to Course Debates

Optional reading:  
06Online Privacy Mechanics
  • Web browsers, cookies
  • SPAM, phishing
  • Malware, spyware
  • Privacy, Information, and Technology, 4A, Sections 2. Use and Disclosure of Financial Information, pp. 405-411, and 3. Identity Theft, pp. 411-425
  • Privacy, Information, and Technology, 4D First Amendment Limitations, pp. 526-552.
  • Adil Alsaid and David Martin. "Detecting web bugs with Bugnosis," Privacy Enhancing Technologies Workshop, 2002
Optional Reading: HW #2 Due: Find a Web Bug
07Family, Parents and Teenagers
  • Children's privacy
  • Teenager perceptions
  • Parental interventions
Optional reading:
08Privacy in the Workplace

Guest Lecture: Michael Shamos

HW #3 Due: Workplace Privacy
09Location Privacy
  • Web cams, CCTV, Street View
  • RFID
  • Mobile phones
Optional Reading:
10Debate 1: Location privacy Topic Paper #1 Due
11Identity and Anonymity
  • What is digital identity?
  • Credentials
  • Access controls
  • Anonymity Tools
12Data linking, profiling, mining
  • Behavioral Advertising
  • Credit reports
  • Medical records
13Guest Lecture: Jason Hong  
14Field Trip: Biometric Lab HW #4 Due: Data Breach Analysis
15Incidents and Enforcement
  • Data breaches
  • Remediation
  • Enforcement models
16Debate 2: Consumer privacy Topic Paper #2 Due
17Spring break -- No class  
18Spring break -- No class  
19Industry Self-regulation
  • Privacy principles
  • Privacy seals and policies
  • Privacy as a Profession
  • Privacy, Information, and Technology, 4B Privacy, Business Records, and Financial Information: Regulating Business Records and Databases, pp. 197-249.
  • Jensen, Potts. "Privacy policies as decision-making tools," Conference on Human Factors in Computing Systems, pp. 471-478, 2004.
Optional reading:
20Technology Critique Presentations #1 Technology Critiques Due
21Technology Critique Presentations #2  
22Technology Critique Presentations #3  
23Engineering Privacy
  • Guidelines
  • DNT
  • OpenAuth
24Debate 3: Self-regulation Topic Paper #3 Due
25Trans-border data flows
  • Safe Harbor
  • OECD, APEC frameworks
  • Out-sourcing
  • Cloud computing
26National and provincial laws
  • U.S. versus E.U.
  • U.S. Rulemaking process
  • Global law survey
27National Programs
  • National identification
  • Census
  • Smart-grids and energy
  • Medical records
  • Research ethics
28Government surveillance
  • Wiretapping
  • Profiling
  • 4th amendment
  • CALEA, Pen-Trap, etc.
Optional Reading: HW #5 Due: SORNs, PIAs, Data linking
29Privacy and democracy
  • Freedom of speech
  • Electronic voting
30Debate 4: Law enforcement Topic Paper #4 Due
31Theories of Privacy
  • Individuality Theories
  • Sociality theories
  • Warren & Brandeis. "The Right to Privacy," Harv. L. Rev. 4(5), 1890
  • Nissenbaum. "Privacy as Contextual Integrity," Wash. L. Rev. 79(1): 119-158, 2004
  • Solove. "A Taxonomy of Privacy," U. Penn. L. Rev. 154(3): 477-560, 2006
  • Westin. Privacy and Freedom, Bodley Head Ltd., 1970
32Course Reflection and Summary