Course Syllabus

lecture slides | lecture recordings | schedule and readings 

17-333 / 17-733 / 19-608 / 95-818

Fall 2024

Time and place:

Mon & Wed 9:30-10:50 AM ET / 3:30-4:50 PM CAT (before Nov 5; 4:30-5:50 PM CAT after Nov 5)

Scaife Hall 234 (Pittsburgh) + A203 (Kigali)

Students (except those enrolled in 17-733B) are expected to attend class in person, in their assigned classroom in Pittsburgh or Kigali. 17-733B students should see these additional details.

Instructor:

Prof. Lujo Bauer
lbauer@cmu.edu
Wed 12:30pm (usually; check Canvas calendar), in CIC 2203 and on Zoom

Teaching assistants:

  • Elijah Bouma-Sims (Pittsburgh)
    • eboumasi@andrew.cmu.edu 
    • Office hours: Tuesdays 9:30-10:30am ET or by appointment. In  CIC---2206 or on Zoom. Please contact me by email if you need to use Zoom to attend office hours
  • Jenny Tang (Pittsburgh)
    • jennytang@cmu.edu
    • Office Hours: Mondays 2-3 PM ET in CIC 2214 and on Zoom
  • Wendy Essuman (Kigali)
    • wessuman@andrew.cmu.edu 
    • Office hours: Tuesdays 2-3 PM CAT 

Course Description

This course focuses on policy issues related to privacy from the perspectives of governments, organizations, and individuals. We will begin with a philosophical and historical study of privacy and then explore recent public policy issues. We will examine the privacy protections provided by laws and regulations--primarily in the US and EU, but also in other countries--as well as the way technology can be used to protect privacy. We will emphasize technology-related privacy concerns and mitigation for technologies and settings like: online tracking and behavioral advertising, generative AI, internet cafes, drones, AR/VR headsets. We will also examine how technology-related privacy risks can affect individuals and groups of people disproportionately.

This course is intended primarily for graduate students and advanced undergraduate students (juniors and seniors) with some technical background. Programming skills are not required. 17-733, 19-608, and 95-818 are 12-unit courses for Masters and PhD students. Students enrolled under these course numbers will have extra assignments and will be expected to do a project suitable for publication. 17-333 is a 9-unit course for undergraduate students. Masters students may register for any of the course numbers permitted by their program. This course will include a lot of reading, writing, and class discussion. Students will be able to partially tailor group projects to their skills and interests. However, all students will be expected to do some writing and some technical work. A large emphasis will be placed on research and communication skills, which will be taught throughout the course.

MSIT-Privacy Engineering
This course is part of a three-course series of privacy courses offered as part of the MSIT-Privacy Engineering masters program. These courses may be taken in any order or simultaneously. Foundations of Privacy (offered in the Fall semester) offers more indepth coverage of technologies and algorithms used to reason about and protect privacy. Engineering Privacy in Software (offered in the Spring semester) focuses on the methods and tools needed to design systems for privacy.

Undergraduate concentration in security and privacy
This course is part of the undergraduate concentration in security and privacy in both Computer Science and in Electrical & Computer Engineering. In particular, this courses satisfies the "Context Course Area" requirement of the concentration. The security and privacy concentrations are designed to expose students to the key facets of and concerns about computer security and privacy that drive practice, research, and legislation. On completing the curriculum, students will be prepared to continue developing their interests in security or privacy through graduate study; to take jobs in security or privacy that will provide further training in applicable areas; and to be informed participants in public and other processes that shape how organizations and society develop to meet new challenges related to computer security or privacy.

Objectives

By the end of this course, students should:

  • Be able to discuss why privacy is important to society
  • Be familiar with the fair information practice principles as well as the privacy law and policy landscape in the United States
  • Understand the differences between privacy regulation in the US, the EU, and in several other countries; and be able to discuss different regulatory approaches to privacy
  • Understand how privacy laws and regulation may continue to develop
  • Be able to read, understand, and evaluate privacy policies
  • Understand the mechanics of online tracking and other technologies with privacy implications
  • Be able to analyze a product or technology to determine its privacy implications as seen through the perspective of different stakeholders
  • Be able to communicate the privacy implications of a technology with policymakers, lawyers, and engineers

Topics

Course topics will include:

  • Conceptions of privacy
  • Privacy harms
  • Privacy economics and measuring privacy attitudes and behaviors
  • Fair Information Practice Principles
  • Online advertising and media funding (guest lecturer: Eric Zeng)
  • Internet monitoring and web tracking (guest lecturer: Eric Zeng)
  • Notice and choice (guest lecturer: Elijah Bouma-Sims)
  • Privacy regulation (USA, Europe, and beyond)
  • Government surveillance
  • Biometrics and privacy
  • Location privacy
  • Health data privacy and contact tracing
  • Privacy for at-risk populations (Guest lecturer: Elijah Bouma-Sims)
  • Privacy challenges and solutions in the developing world (guest lecturer: Collins Munyendo)
  • AI and privacy
  • Data anonymization and differential privacy
  • Privacy engineering and privacy by design

Schedule and readings

Suggested Project Topics

Lecture recordings

For this course, we will be recording class sessions and making them available to you for your personal, educational use. Recordings of class sessions are covered under the Family Educational Rights and Privacy Act (FERPA) and must not be shared with anyone outside your course section. The purpose of these recordings is so students in this course (and only students in this course) can watch or re-watch past class sessions. Feel free to use the recordings if you would like to review something we discussed in class or if you are temporarily unable to attend class.

Grading

10% participation (in-class activities, class retrospectives)

10% quizzes (most lectures will start with a quiz on the assigned readings)

25% homework

30% project

25% midterms

Policy for late work

  • Homework: Each student will have a pool of 3 late days, of which at most one can be used toward any single homework deadline. 
  • Projects: Each project team will have a pool of 3 late days, of which at most one can be used toward any single project deliverable deadline, except for the final paper (due after the end of classes), for which no late day can be used.
  • Homeworks and projects when late days are exhausted: Late submission beyond what is covered by late days will incur a 20% per day penalty (i.e., the score a submission would have received if turned in on time will be multiplied by (1 LaTeX: - (0.2 LaTeX: \times number-of-days-late)).
  • Quizzes: Three lowest scores will be dropped.
  • Participation: Participation will be awarded on a per-lecture basis (i.e., a lecture might have several opportunities for participation points). The participation scores for the three lectures on which a student received their lowest participation scores will be dropped.

Generative AI 

You may use generative AI tools to improve your writing, e.g., to correct grammar or suggest alternate phrasings of text that you already wrote. You should not use generative AI tools to answer homework questions or to produce project deliverables. The goals of homeworks and project deliverables is to help you learn the key background and learn to think critically about the topics covered in this course. Using generative AI tools beyond the above-specified allowed uses will hamper you in achieving these learning goals, which are also what you will be assessed on during the in-class midterm exams. 

If you use generative AI tools, you might consider that many tools retain your prompts and use them to train models and for other unspecified purposes. While the instructors don't recommend any particular generative AI tool, you may be interested to know that Microsoft Copilot provides data protection when accessed with your AndrewID. Unlike open commercial tools, like ChatGPT, Microsoft will not retain your prompts or responses to train its AI models.

Health and wellness

Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress.

All of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful.

If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support, including through CMU resources. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

Accommodations for students with disabilities

If you have a disability and have an accommodations letter from the Disability Resources office, I encourage you to discuss your accommodations and needs with me as early in the semester as possible. I will work with you to ensure that accommodations are provided as appropriate. If you suspect that you may have a disability and would benefit from accommodations but are not yet registered with the Office of Disability Resources, I encourage you to contact them at access@andrew.cmu.edu.

We must treat every individual with respect.

We are diverse in many ways, and this diversity is fundamental to building and maintaining an equitable and inclusive campus community. Diversity can refer to multiple ways that we identify ourselves, including but not limited to race, color, national origin, language, sex, disability, age, sexual orientation, gender identity, religion, creed, ancestry, belief, veteran status, or genetic information. Each of these diverse identities, along with many others not mentioned here, shape the perspectives our students, faculty, and staff bring to our campus. We, at CMU, will work to promote diversity, equity and inclusion not only because diversity fuels excellence and innovation, but because we want to pursue justice.

Each of us is responsible for creating a safer, more inclusive environment.

Unfortunately, incidents of bias or discrimination do occur, whether intentional or unintentional. They contribute to creating an unwelcoming environment for individuals and groups at the university. The university and your instructor encourage anyone who experiences or observes unfair or hostile treatment on the basis of identity to speak out for justice and support, within the moment of the incident or after the incident has passed, including using the following resources:

  • Center for Student Diversity and Inclusion: csdi@andrew.cmu.edu, (412) 268-2150
  • Ethics Reporting Hotline. Students, faculty, and staff can anonymously file a report by calling 844-587-0793 or visiting cmu.ethicspoint.com.
  • Reaching out to your instructor, Lujo Bauer.

All reports will be documented and deliberated.