16:198:671 Privacy in a Networked World

Back to course home page.

Projects

70% of your grade is determined by a privacy-related project, which is due in four written "deliverables" plus an in-class presentation. Each deliverable should reflect thoughtful revision of earlier work as well as new work. Projects are largely student-directed, and can include activities such as a programming project, a research paper describing new results (or documenting failed attempts to obtain such results), a survey article describing the state of the art in a particular research area, a public policy or legal argument, or an article suitable for the popular press.

You may work singly or in pairs. Any pairs must be formed for the initial proposals and must remain the same throughout the project. Each pair will turn in only one product for each deliverable; both members of any pair will receive the same grade for each deliverable. The final presentation for pairs should be divided so that both members get a chance to speak. The expectations in the amount of work completed will be correspondingly higher for pairs than individuals.

You should expect to spend an average of at least five hours per week on your project in addition to class time and class reading.

Schedule

Each project component is due at the start of class on the specified day. Lateness on any project deliverable will be penalized at a rate of 5% of the available points per day.

Initial Proposals

• Background and motivation
• The problem you hope to solve, question you hope to address, capability you hope to provide, etc.
• The approach you plan to take, both at a general level and in detail.
• What form will your finished product take?
• How will you know if you've been successful? How will demonstrate your success?
• A schedule: what steps will you take, and in what order?
• What are your intermediate goals for your interim report?
• References to suitable books, papers, or other materials.

Revised Proposals

Interim Reports

Interim reports should be 4-6 pages for the main body of the report, with additional appendices allowed for additional materials such as references, source code, screen shots, experimental data, etc.

Final Reports

• Background and motivation
• The problem you solved, partially solved, or attempted to solve, or the question you addressed, partially addressed, or attempted to address, etc.
• The approach you took, both at a general level and in detail.
• What is your finished product?
• What are the good and bad properties of your solution/approach/whatever, and how does it compare to different solutions/approaches/whatevers?
• If you encountered any unexpected obstacles to a natural approach, perhaps describe them, what you learned from them, how you overcame them, etc.
• What did you learn, and/or find interesting?
• References to suitable books, papers, or other materials.
• Source code, screen shots, experimental data, etc, as appropriate.

Final Presentations

You should thoroughly prepare and rehearse your presentations, including any demo component, both for content and for timing. You will probably not be able to describe everything that you did, but make sure to explain:

• Background needed to describe the goal(s) of your project
• The goal(s) of your project
• The main findings of your project
• More detail of some aspect of your project as time permits (perhaps a demo)
• A brief conclusion: what you did, what you learned, perhaps what further work or interesting questions remain.

Sample Project Ideas

1. A comparative study of privacy in different countries. This might focus on cultural differences, perhaps with a historical perspective, legislative differences, etc. Options include broad coverage of several countries, or an in-depth focus on a specific topic (such as medical privacy) in two or three countries.
2. The role of Privacy Commissioners (for federal or local government) and/or Chief Privacy Officers (for companies): how can they help privacy? how can they hurt privacy? Topics might address both case studies of privacy successes and privacy failures from the past as well as speculation on what might be possible.
3. A research paper describing new results: Identify one or more open questions, and try to address them. It may help to start by reading a few privacy-related papers from recent conferences so that you are aware of the current state-of-the-art in a particular area, and also because papers often mention some particular open questions. Proposals should describe the open problem or problems in detail, perhaps give an annotated bibliography of relevant references, and suggest one or more possible approaches that seem promising. Given the uncertain nature of certain kinds of scholarly research, a documentation of tried approaches, failed approaches, and lessons learned is a valid final product, if the problem being addressed is sufficiently deep.
4. A survey paper of the state of the art in a particular privacy-related research area, such as systems for providing anonymity, privacy-preserving data mining systems for protecting against spam, issues of privacy vs usability, P3P, web privacy, etc. Obviously, such papers must be well-researched, include references beyond only URLs, and must be careful to attribute all quoted materials.
5. A magazine-type article, describing various privacy issues, solutions, and proposals surrounding one or more particular topic, such as social networks, web search, biometrics, RFID, identity theft, privacy breaches by data holders, HIPAA, surveillance and privacy, etc. Making connections between different areas might be particularly interesting. (There may not be a clear distinction between a survey paper and a magazine-type article, except that perhaps the magazine-type article may be more opinionated.) As above, such papers must be well-researched, include references beyond only URLs, and must be careful to attribute all quoted materials.
6. Implementation of privacy-enhancing technologies: look at papers from recent conferences and workshops that propose privacy-enhancing technologies (for example, Privacy-Enhancing Technologies Symposium, Workshop on Privacy in the Electronic Society). Choose one or more papers that describe a proposed system or method for providing privacy, and implement a prototype of the system. Your project might address issues such as: how easy or hard is the system to use? how does it compare to other systems that achieve the same or similar goals? If appropriate, have others act as users of your implementation and describe their experiences. If there are different options for making certain choices, perhaps try one or more and compare the results, etc. Perhaps you can find ways to improve the system as well.
7. A user study of Rutgers students or some other group of people to whom you have access, addressing their opinions and practices surrounding privacy issues. NOTE: This kind of project counts as "human subjects research" and therefore requires IRB approval. You will need to show that users provide informed consent. You should also design an appropriate privacy policy so the privacy of your subjects is adequately protected.
8. Practical investigation of privacy intrusions: while there is potential learning value in such activities, there are also ethical/legal issues that must be properly handled. Any such proposals must explain how the ethical issues are properly addressed. For example: a project that is NOT OK (at least without further permissions being obtained) would be to try to listen in on a Rutgers wireless network to see how many interesting things can be learned, along with a writeup of any juicy tidbits discovered. Maybe ok: deploy your own wireless network and implement various tools for listening in on cleartext and/or encrypted information. NOTE: This counts as "human subjects research" and therefore requires IRB approval. It's possible that such approval might not be given for this kind of project, even with consent. Approach such a project with caution!

Last updated 9/10/08 by rebecca.wright (at) rutgers (dot) edu

Copyright © 2008 Rebecca N. Wright