COMS E6184: Lectures

The topics and readings listed here are subject to change, including in response to current events

Jan 18: Introduction

Chapter 3 of Who Goes There? Authentication Through the Lens of Privacy. (The HTML version is free.)
The Transparent Society, David Brin, Wired Magazine 4:12, Dec. 1996.
Cyberspace Privacy: A Primer and Proposal, Jerry Kang, Human Rights Magazine 26:1, Winter 1999.
The Right to Privacy, Samuel Warren and Louis D. Brandeis, 4 Harvard Law Review 193 (1890)
Dr. Fun
Jan 25: Legal Foundations of Privacy

Katz v U.S. 389 US 347 (1967)
Smith v Maryland 442 US 735 (1979)
18 USC 2510-2522, 2701-2712: wiretap law; Stored Communications Act (recommended)
18 USC 3121-3127: pen registers and trap-and-trace devices (recommended)
50 USC 1801-1811: Foreign Intelligence Surveillance Act (recommended)
Chapter II of the EU Privacy Directive (Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) (You may find this page helpful, but it's not required reading.)
Privacy on the Line: the Politics of Wiretapping and Encryption, Chapter 7. Whit Diffie and Susan Landau, MIT Press, 1998, first edition. Click on "Table of Contents" and then on Chapter 7.
Feb 01: Wiretapping

The Athens Affair, Vassilis Prevelakis and Diomidis Spinellis, IEEE Spectrum, July 2007.
Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP, Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler, June 2006.
Cisco Architecture for Lawful Intercept in IP Networks, RFC 3924, October 2004.
Feb 08: The Web: Cookies

HTTP State Management Mechanism (RFC 2965). Also see this blog posting.

How Unique is Your Browser?", Proceedings of the Privacy Enhancing Technologies Symposium (PETS 2010).
Google privacy policy.
Amazon Privacy Policy
Facebook privacy policy.
Feb 15: The Web: Protecting Privacy

Platform for Privacy Preferences (P3P) Project (CACM article)
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (optional; skim this, and don't worry about syntactic details)
Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine, Byers, Cranor, Kormann, McDaniel, Proceedings of 2004 Workshop on Privacy Enhancing Technologies (PETS), May 2004.
Crowds: Anonymity for Web Transactions, Reiter and Rubin, ACM Transactions on Information and System Security, vol. 1, no. 1, 1998.
Design and implementation of the Lucent Personalized Web Assistant (LPWA), Kristol, Gabber, Gibbons, Matias, and Mayer, Bell Labs TR, 1998.

Midterm paper topic approval deadline
Feb 22: Database Nation; Link Analysis

Read chapter 4 of Database Nation, by Simson Garfinkel, O'Reilly and Associates, 2000. The link to the book is via the Columbia library network; full text is available. However... they seem to limit the number of simultanous readers; do not wait until the night before. (In fact, you may wish to read more; it's a fast read. Chapter 9 is prescient and scary --- and it was written before the terrorist attacks of 9/11.)
Communities of Interest, C.Cortes, D. Pregibon, and C. Volinsky, Proceedings of IDA 2001 - Intelligent Data Analysis, 2001.
Mining Social Network from Spatio-Temporal Events, Hady W. Lauw, Ee-Peng Lim, Teck-Tim Tan, and Hwee-Hwa Pang. Workshop on Link Analysis, Counterterrorism and Security, 2005.
Mar 01: Social Networks

Information revelation and privacy in online social networks, Ralph Gross and Alessandro Acquisti, WPES '05 Proceedings of the 2005 ACM workshop on Privacy in the electronic society.
The failure of online social network privacy settings, Michelle Madejski, Maritza Johnson, and Steven M. Bellovin, Technical Report CUCS-010-11, Department of Computer Science, Columbia University, February 2011
Privacy Leakage in Mobile Online Social Networks, Balachander Krishnamurthy and Craig Wills, Proceedings of Workshop on Online Social Networks, June 2010.
Mar 08: Privacy and Data Mining

"Privacy-preserving data mining", Rakesh Agrawal and Ramakrishnan Srikant, Proceedings of SIGMOD '00, ACM, June 2000, Vol 29 Issue 2.
"Privacy Engineering in Digital Rights Management Systems," in Proceedings of the 2001 ACM Workshop on Security and Privacy in Digital Rights Management, Lecture Notes in Computer Science, vol. 2320, Springer, Berlin, 2002, pp. 76-105. (Joan Feigenbaum, Michael Freedman, Tomas Sander, and Adam Shostack)
Privacy-Preserving Data Mining Using Multi-Group Randomized Response Techniques". Zhijun Zhan and Wenliang Du. Technical Report, June 2003.
Mar 22: Anonymous Connectivity

Untraceable electronic mail, return addresses, and digital pseudonyms, David Chaum, CACM 24:2, February 1981.
Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson, Proceedings of the 13th USENIX Security Symposium, August 2004.
Low-Cost Traffic Analysis of Tor, IEEE Symposium on Security and Privacy, 2005.

Midterm papers due
Mar 29: Traffic Analysis

Using Signal Processing to Analyze Wireless Data Traffic, Craig Partridge, Davis Cousins, Alden Jackson, Rajesh Krishnan, Tushar Saxena, and W. Timothy Strayer. International Conference on Mobile Computing and Networking, 2002.
Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob?, Charles Wright, Lucas Ballard, Fabian Monrose, and Gerald Masson, Proceedings of the 16th USENIX Security Symposium, Boston, August, 2007.
Practical Traffic Analysis: Extending and Resisting Statistical Disclosure, Nick Mathewson and Roger Dingledine. Proceedings of Privacy Enhancing Technologies workshop (PET 2004).
Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet, Xinyuan Wang, Shiping Chen, and Sushil Jajodia, ACM CCS '05, 2005.

Final paper topic approval deadline
Apr 05: Side Channels

Timing Analysis of Keystrokes and Timing Attacks on SSH. Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001.
A Technique for Counting NATted Hosts. Steven Bellovin, Proc. Second Internet Measurement Workshop, November 2002.
Remote Physical Device Fingerprinting. Tadayoshi Kohono, Andre Broido, and KC Claffy. IEEE Symposium on Security and Privacy, May 8-11, 2005. (Note: read the conference version.)
Apr 12: Digital Cash

Untraceable Electronic Cash. David Chaum, Amos Fiat and Moni Naor, Crypto 1988.
Revokable and Versatile Electronic Money. Markus Jakobsson, Moti Yung, ACM CCS, 1996.
Anonymous Credit Cards, Steven H. Low, Nicholas F. Maxemchuk, and Sanjoy Paul, IEEE Symposium on Research in Security and Privacy, 1994.
Apr 19: Traceability

Marco Gruteser and Dirk Grunwald, "Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking", Proceedings of First ACM/USENIX International Conference on Mobile Systems, Applications, and Services (MobiSys), San Francisco, CA, May 2003.
Richard Clayton, Anonymity and Traceability in Cyberspace, Ph.D. dissertation, University of Cambridge, Computer Laboratory Technical Report UCAM-CL-TR-653, November 2005. Read Chapter 3 ("Traceability Failures").
Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy Strayer. Single-Packet IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10, Number 6, December 2002.
Apr 26: Location Privacy

Gerald Friedland, Robin Sommer, Cybercasing the Joint: On the Privacy Implications of Geo-Tagging, Proc. USENIX Workshop on Hot Topics in Security, August 2010.
Yong Wang, Daniel Burgener, Marcel Flores, Aleksandar Kuzmanovic, and Cheng Huang, Towards Street-Level Client-Independent IP Geolocation, 8th Usenix Symposium on Networked Systems Design and Implementation, March 2011.
Julien Freudiger, Raoul Neu, and Jean-Pierre Hubaux, Private Sharing of User Location over Online Social Networks, 10th Privacy Enhancing Technologies Symposium, 2010.

May 10

COMS E6184 — Lectures (Spring '11)

Midterm papers due

Final papers due