CS8803: Security, Privacy, & Democracy
Georgia Tech, Fall 2023
Schedule & Topics
Important Note
This syllabus is a living document and will be updated frequently with new information and speakers. Please check back often!
Introduction
- Aug 22
- Introduction
- Lecture
- Discussion papers:
- How to Read a Paper, S. Keshav
- How to Read a Legal Opinion, Orin S. Kerr, The Green Bag
- This World of Ours, James Mickens, Usenix login;
- Aug 24
- Discussion papers:
- Moral Character of Cryptographic Work, Phillip Rogaway
- Declaration of Independence of Cyberspace, John Perry Barlow
- Discussion papers:
Security, Privacy, and Economics
- Aug 29
- Economics – Information Asymmetry
- Discussion
- Discussion papers:
- The market for “lemons”: Quality uncertainty and the market mechanism, George A. Akerlof
- Credence goods in the literature: What the past fifteen years have taught us about fraud, incentives, and the role of institutions, Balafoutas & Kerschbamer, Journal of Behavioral and Experimental Finance
Optional:
- On Doctors, Mechanics, and Computer Specialists: The Economics of Credence Goods, Dulleck and Kirshbaumer, Journal of Economic Literature
- Bonus Question
- What kind of product, or an aspect of a product, is security?
- Aug 31
- Economics in Security & Privacy
- Discussion
- Discussion papers:
- So long and no thanks for all the externalities, Cormac Herley, NSPW’09
- The Economics of Information Security, Ross Anderson and Tyler Moore, Science’06
Optional:
- What is Privacy Worth?, Acquisti et. al DUE: Group selection and short proposal document
- Sep 5
- Discussion papers:
- A “Nutrition Label” for Privacy, Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, Robert W. Reeder, SOUPS’09
- FTC’s Consent Decree Complaint on Zoom
- Discussion papers:
- Sep 7
- Discussion papers:
- Efficient Data Structures for Tamper-Evident Logging, Scott A. Crosby and Dan S. Wallach, USENIX Secuirty’09
- Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate, Emily Stark et. al., IEEE S&P’19
Optional:
- SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, Jeremy Clark and Paul C. van Oorschot
- Google Binary Transparency
Guest Lecture: Ryan Hurst, CEO, Peculiar Ventures
- Discussion papers:
- Sep 12
- Discussion papers:
- A Researcher’s Guide to Some Legal Risks of Security Research, Sunoo Park & Kendra Albert
- The EFF’s Amicus Brief in VanBuren v. United States
Optional:
- If you ever feel bad about reviewer #2, please read the Internet Voting company Voatz’s amicus brief in Van Buren. Your reviewer may be bad, but are they “complain about your research to the supreme court” bad?
Guest Lecture: Andy Sellars, director of the MIT/BU Law Clinic DUE: Groups must schedule a 1-on-1 with course staff
- Discussion papers:
Voting
- Sep 14
- Discussion papers:
- Software Independence, Rivest & Wack
- Security analysis of the Diebold AccuVote-TS voting machine, AJ Feldman, JA Halderman, and EW Felten, USENIX SECURITY’06
- Guest Lecture: Rich Demillo
- Discussion papers:
- Sep 19
- Discussion papers:
- Public Evidence from Secret Ballots, M Bernhard et. al, E-Vote-ID’17
- A Gentle Introduction to Risk-Limiting Audits, Lindeman & Stark, IEEE Security & Privacy’12
- Guest Lecture: Matt Bernhard
- Discussion papers:
- Sep 21
- Usability Failures in Voting
- Lecture
- Discussion papers:
- Can Voters Detect Malicious Manipulation of Ballot Marking Devices?, Bernhard et. al, IEEE S&P’20
- Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters, Appel, Demillo, Stark
- Guest Lecture: Dr. Ben Adida, Executive Director, VotingWorks
- Sep 26
- Internet Voting
- Lecture
- Discussion papers:
- Helios: Web-based Open-Audit Voting, Ben Adida, USENIX Security’08
- The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections, Michael A Specter, James Koppel and Daniel Weitzner, USENIX Security’20
- Guest(?) Lecture: Michael A. Specter
Surveillance
- Sep 28
- Surveillance (Policy and Law)
- Discussion
- Discussion papers:
- Smith V. Maryland
- The System of Foreign Intelligence Surveillance Law, Peter Swire, GWU Law Review
- Oct 3
- Concepts of Anonymity
- Discussion
- Discussion papers:
- Robust De-anonymization of Large Datasets (How to Break Anonymity of the Netflix Prize Dataset), Arvind Narayanan and Vitaly Shmatikov, IEEE S&P’08
- k-anonymity: A model for protecting privacy, Latanya Sweeny
- Oct 5
- Anti-Surveillance Technologies
- Discussion
- Discussion papers:
- Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson
- SOK on Secure Messaging, Nik Unger et al, IEEE S&P’15;
- Oct 10
- NO CLASS, Fall break
- Oct 12
- Discussion papers:
- Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services, Albert Kwon et. al., USENIX Security’15
- The Parrot is Dead, Amir Houmansadr; Chad Brubaker; Vitaly Shmatikov, IEEE S&P’15;
- Guest Speaker: Chad Brubaker, Sailor
- Discussion papers:
- Oct 17
- Messaging Deniability
- Lecture
- Discussion papers:
- Is Cryptographic Deniability Sufficient? Non-Expert Perceptions of Deniability in Secure Messaging, Nathan Reitinger et. al , IEEE S&P’23
- KeyForge: Non-Attributable Email from Forward-Forgeable Signatures, Michael A. Specter, Sunoo Park, Matthew Green, USENIX Security’21;
- Guest(?) Speaker: Michael A. Specter
- Oct 19
- Fingerprinting & Covert Tracking
- Discussion
- Discussion papers:
- How unique is your web browser?, Peter Eckersley
- The Web Never Forgets, Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez Arvind Narayanan, Claudia Diaz, ACM CCS’14
Cryptography & Law Enforcement (The Crypto Wars)
- Oct 24
- Harassment & Abuse
- Lecture
- Discussion papers:
- SoK: Hate, Harassment, and the Changing Landscape of Online Abuse, Kurt Thomas et. al, IEEE S&P’21
- Rethinking the Detection of Child Sexual Abuse Imagery on the Internet, Elie Bursztein et. al, WWW’19
- Guest Speaker: Riana Pfefferkorn, Stanford Internet Observatory
- Oct 26
- The Crypto Wars – History
- Discussion
- Discussion papers:
- Keys under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications, Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, et al., Oxford Journal of Cybersecurity
- Bugs in Our Pockets: The Risks of Client-Side Scanning, Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie et. al
- Guest Speaker: Jeff Rothblum, Senior Professional Staff Member, Homeland Security and Governmental Affairs Committee, US Senate
- Oct 31
- Cryptographic Proposals
- Discussion
- Discussion papers:
- Apple’s PSI Proposal, Abhishek Bhowmick, Dan Boneh, Steve Myers, Kunal Talwar, and Karl Tarbe
- Robust, privacy-preserving, transparent, and auditable on-device blocklisting Kurt Thomas, Sarah Meiklejohn, Michael A. Specter, Xiang Wang, Xavier Llorà, Stephan Somogyi, and David Kleidermacher
- Nov 2
- Ongoing Policy Debate
- Lecture
- Discussion papers:
- Internet Impact Brief: End-to-end Encryption under the UK’s Draft Online Safety Bill, Callum Voge and Robin Wilton, Technical Report from ISOC
- EARN-IT Bill, Lindsey Graham
Security and Privacy in the Public Interest
- Nov 7
- Discussion papers:
- Care Infrastructures for Digital Security in Intimate Partner Violence, Emily Tseng, Mehrnaz Sabet, Rosanna Bellini, Harkiran Kaur Sodhi, Thomas Ristenpart, and Nicola Dell, CHI’22
- What is Your Mother’s Maiden Name? A Feminist History of Online Security Questions, Bo Ruberg
Optional
- You Can’t Escape Hyperparameters and Latent Variables: Machine Learning as a Software Engineering Enterprise, Charles Isbell, Keynote at Neurips
- Crypto for the People, Seny Kamara Keynote at Crypto’20
Guest Lecture: Kendra Albert
- Discussion papers:
- Nov 9
- Censorship (Law and Policy)
- Discussion
- Discussion papers:
- Communications Decency Act, Section 230
- Reno V. ACLU
- Only read the actual opinion, pages 6-42.
- Nov 14
- Censorship (Technology)
- Lecture
- Discussion papers:
- A Large-scale Investigation into Geodifferences in Mobile Apps, Renuka Kumar, Apurva Virkud, Ram Sundara Raman, Atul Prakash, and Roya Ensafi, USENIX Security’22
- Internet Censorship in Iran: A First Look, Simurgh Aryan, Homa Aryan, J. Alex Halderman, FOCI’13
Guest Lecture: Professor Roya Ensafi
- Nov 16
- Cryptography Usability
- Discussion
- Discussion papers:
- Why Johnny Can’t Encrypt, A Whitten, JD Tygar, USENIX Security’99
- Rethinking Connection Security Indicators, Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris et al., SOUPS’16
- Nov 21
- Internet Access as a Human Right
- Discussion
- Discussion papers:
- Measuring the Political and Social Consequences of Government-Initiated Cyber Shutdowns, Ryan Shandler, FOCI 18
- A Reality of Vulnerability and Dependence: Internet Access as a Human Right, Ryan Shandler, Daphna Canetti, Isreal Law Review
- Guest Lecture: Ryan Shandler
- Nov 23
- Official school holiday
- Nov 28
- Discussion papers:
- The PACT protocol specification, Ron Rivest et. al
- Exposure Notification: Risks and Mitigations FAQ– Google
- Guest Speaker: Stephan Somogyi
- Discussion papers:
- Nov 30
- Project Presentations (Day 1)
- Dec 5
- Project Presentations (Day 2)
DUE: Project Final Paper