Travis D. Breaux | Teaching

Travis D. Breaux Associate Professor of Computer Science
Institute for Software Research School of Computer Science 5000 Forbes Avenue, Pittsburgh, PA 15213	Office: Tel: Fax: E-mail:	5103 Wean Hall 412-268-7334 412-268-3455
Links: Home \| Research \| Teaching \| Publications \| Biography \| Vitae

15-508: Privacy Policy, Law and Technology
Cross-listed with 08-533 and 08-733 (ISR), 19-608 (EPP), and 95-818 (MSISPM)

This mixed-undergraduate and graduate-level course reviews the interactions among policy, law and technology on personal privacy. We enroll students from computer science, engineering and public policy. This course was originally developed by Lorrie Cranor original course offering.

For Spring 2012, I redesigned 15-508 to highlight "Privacy as Controversy," which engages students to appreciate the conflicting viewpoints across three critical and distinct perspectives: the individual’s perspective (how students experience privacy, first-hand), the corporate perspective (how businesses experience privacy in a market- and profit-driven world), and the government perspective (how national institutions experience privacy, including programs of national scale: electronic voting, electronic healthcare records, national identity systems, etc.) This redesign includes new student-led, Karl Popper-style debates, in which students perform twice as debaters and twice as judges on resolutions that students both may personally support and oppose. The debates teach students how to identify, prioritize and organize facts into structured arguments and how to think critically in both written and verbal prose.

Required Textbook: Daniel J. Solove, Paul M. Schwartz (2011). Privacy, Information, and Technology, Third Edition. Aspen Publishers. Find it on Amazon.com

No.	Course Topics	Reading
01	Introduction to the Course Course requirements Syllabus Early history Overview of course topics
02	Privacy Primer Warren and Brandeis Alan Westin Solove's Taxonomy	Privacy, Information, and Technology, 1C Introduction: Perspectives on Privacy, pp. 39-76
03	Privacy, Culture and Harms What is privacy? Risk and morality Secrecy and trust	Dourish, Anderson. "Collective information practice: exploring privacy and security as social and cultural phenomena," HCI 21: 319-342, 2006. Calo. "The Boundaries of Privacy Harm," Indiana L. Rev. 86: 1131-1162, 2007 Optional: Mao, Shuai, Kapadia. "Loose tweets: an analysis of privacy leaks on twitter," Workshop on Privacy in Electronic Society, pp. 1-12, 2011 Wang et al., "I regretted the minute I pressed share," 7th Symposium on Usable Privacy and Security, 2011
04	Course Debate Introduction	HW1 Due: Wallet Collage
05	Economics of Privacy Privacy risks Decision-making Coping strategies Introduction to Course Debates	Acquisti, Grossklags. "Privacy and rationality in individual decision making," IEEE S&P 3(1): 24-30, 2005 Poindexter, Earp, Baumer. "An experimental economics approach toward quantifying online privacy choices," 8(5): 363-374, 2006 Acquisti, Gross. "Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook," Workshop on Privacy-Enhancing Technologies, 2006 Optional reading: Harper, Singleton, "With a Grain of Salt," CATO Institute, 2001
06	Online Privacy Mechanics Web browsers, cookies SPAM, phishing Malware, spyware	Privacy, Information, and Technology, 4A, Sections 2. Use and Disclosure of Financial Information, pp. 405-411, and 3. Identity Theft, pp. 411-425 Privacy, Information, and Technology, 4D First Amendment Limitations, pp. 526-552. Adil Alsaid and David Martin. "Detecting web bugs with Bugnosis," Privacy Enhancing Technologies Workshop, 2002 Optional Reading: Hong, "The State of Phishing Attacks," Comm. ACM, 55(1): 74-81, 2012 Eckersley, "How Unique Is Your Web Browser?" Privacy Enhancing Technologies Symposium, 2010. Jagatic, Johnson, Jakobsson, Menczer, "Social Phishing," Comm. ACM, 50(10), 94-100, 2007 Kristol, "HTTP Cookies," ACM Transactions on Internet Technology, 1(2): 151-198, 2001. HW #2 Due: Find a Web Bug
07	Family, Parents and Teenagers Children's privacy Teenager perceptions Parental interventions	Boyd, Marwick. "Social privacy in networked publics," In Proc. A Decade in Internet Time, Univ. Oxford, 2011. Yardi, Bruckman. "Social and technical challenges in parenting teens' social media use," CHI, pp. 3237-3246, 2011. FTC's Frequently Asked Questions (FAQ) about the Child Online Privacy Protection Act (COPPA), Pub.L. 105-277, 112 Stat. 2581-728, 2008. Optional reading: Czeskis et al. "Parenting from the Pocket," 6th Symposium on Usable Privacy and Security, 2010. Rode. Digital Parenting, 23rd British HCI, pp. 244-251, 2009 Parts 3-5 in Lenhart, Madden, Smith, Purcell, Zickuhr, Rainie. "Teens, kindness, and cruelty on social network sites," PEW Internet & American Life Project, 2009.
08	Privacy in the Workplace Guest Lecture: Michael Shamos	Workplace Privacy (website), EPIC Ciocchetti, The Eavesdropping Employer, American Business Law Journal, 48(2): 285-369, 2011. HW #3 Due: Workplace Privacy
09	Location Privacy Web cams, CCTV, Street View RFID Mobile phones	Mancini et al. "In the Best Families: Tracking and Relationships," CHI, pp. 2419-2428, 2011. Teixeira, Jung, Savvides, "Tasking networked CCTV cameras and mobile phones to identify and localize multiple people," Ubiquitous Computing, pp. 213-222, 2010. Garfinkel, Juels, Pappu. "RFID Privacy," IEEE S&P, 3(3): 34-43, 2005 Optional Reading: Cranshaw, Mugan, Sadeh. "User-controllable learning of location privacy policies with Gaussian mixture models," 25th Conference on Artificial Intelligence, 2011 Kostakos, "The Privacy Implications of Bluetooth," 2008.
10	Debate 1: Location privacy	Topic Paper #1 Due
11	Identity and Anonymity What is digital identity? Credentials Access controls Anonymity Tools	Stephen T. Kent and Lynette I. Millett, Editors. Who Goes There? Authentication Through the Lens of Privacy, National Academy of Sciences, 2003, Chapters 1 and 2, pp. 16-54. Chaum. "Security without identification," Comm. ACM, 28(10): 1030-1044, 1985. Angwin, Valentino-Devries, "Race is on to ‘fingerprint' phones, PCs," Wall Street Journal, Nov. 30, 2010
12	Data linking, profiling, mining Behavioral Advertising Credit reports Medical records	Ohm, "Broken Promises of Privacy," UCLA L. Rev. 57: 1701-1777, 2010 Sweeney, "k-Anonymity," Int'l J. Uncertainty, Fuzziness and Knowledge-based Systems, 10(5): 557-570, 2002 Barbaro, Zeller. "A face is exposed for AOL searcher No. 4417749," New York Times, Aug. 9, 2006 Duhigg. "What does your credit-card company know about you?" The Times Magazine, May 17, 2009
13	Guest Lecture: Jason Hong
14	Field Trip: Biometric Lab	HW #4 Due: Data Breach Analysis
15	Incidents and Enforcement Data breaches Remediation Enforcement models	Privacy, Information, and Technology, 4C Privacy, Data Security, pp. 506-526. Fair Information Practice Principles (FIPPs), U.S. Federal Trade Comission Otto, Anton. "The ChoicePoint Dilemma," IEEE S&P, 5(5): 15-23, 2007
16	Debate 2: Consumer privacy	Topic Paper #2 Due
17	Spring break -- No class
18	Spring break -- No class
19	Industry Self-regulation Privacy principles Privacy seals and policies Privacy as a Profession	Privacy, Information, and Technology, 4B Privacy, Business Records, and Financial Information: Regulating Business Records and Databases, pp. 197-249. Jensen, Potts. "Privacy policies as decision-making tools," Conference on Human Factors in Computing Systems, pp. 471-478, 2004. Optional reading: Fair Information Practice Principles, 1973-Present OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980
20	Technology Critique Presentations #1	Technology Critiques Due
21	Technology Critique Presentations #2
22	Technology Critique Presentations #3
23	Engineering Privacy Guidelines P3P, APPEL, EPAL, XACML DNT OpenAuth	Microsoft's Privacy Guidelines for Developing Software Products and Services, v3, Sep. 29, 2010 Thurm, Kane. "Your apps are watching you," Wall Street Journal, Dec. 17, 2010 Cranor, Egelman, Sheng, McDonald, Chowdhury. "P3P deployment on websites," E-commerce Research and Applications, 7(3): 274-293, 2008 Optional: Wingfield. "Microsoft quashed effort to boost online privacy," Wall Street Journal, Aug. 2, 2010
24	Debate 3: Self-regulation	Topic Paper #3 Due
25	Trans-border data flows Safe Harbor OECD, APEC frameworks Out-sourcing Cloud computing	OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980 U.S. Safe Harbor Frameworks, Department of Commerce APEC Privacy Framework, Asia-Pacific Economic Cooperation, 2005
26	National and provincial laws U.S. versus E.U. U.S. Rulemaking process Global law survey	Privacy, Information, and Technology, 4B 5. Governance by Statutory Regulation, pp. 465-505. Breaux, Anton. "Analyzing regulatory rules for privacy and security requirements," IEEE TSE, 34(1):5-20, 2008
27	National Programs National identification Census Smart-grids and energy Medical records Research ethics
28	Government surveillance Wiretapping Profiling 4th amendment CALEA, Pen-Trap, etc.	Privacy, Information, and Technology, 2B Federal Electronic Surveillance, pp. 145-165, and 2C Digital Searches and Seizures, pp. 165-209 Solove. "'I've got nothing to hide' and other misunderstandings of privacy," San Diego L. Rev. 44: 745-772, 2007 Baker. "What's wrong with Privacy?" Skating on Stilts, 2010. Optional Reading: Analysis of the provisions of the USA PATRIOT Act, Electronic Frontier Foundation, 2001 Kerr, Internet surveillance law after the USA PATRIOT Act, Northwestern L. Rev. 97: 607-674, 2003 HW #5 Due: SORNs, PIAs, Data linking
29	Privacy and democracy Freedom of speech Electronic voting
30	Debate 4: Law enforcement	Topic Paper #4 Due
31	Theories of Privacy Individuality Theories Sociality theories	Warren & Brandeis. "The Right to Privacy," Harv. L. Rev. 4(5), 1890 Nissenbaum. "Privacy as Contextual Integrity," Wash. L. Rev. 79(1): 119-158, 2004 Solove. "A Taxonomy of Privacy," U. Penn. L. Rev. 154(3): 477-560, 2006 Westin. Privacy and Freedom, Bodley Head Ltd., 1970
32	Course Reflection and Summary