CS8803: Security, Privacy, & Democracy
Georgia Tech, Spring 2024
Schedule & Topics
Important Note
This syllabus is a living document and will be updated frequently with new information and speakers. Please check back often!
Introduction
- Jan 09
- Introduction
- Lecture
- Discussion papers:
- How to Read a Paper, S. Keshav
- How to Read a Legal Opinion, Orin S. Kerr, The Green Bag
- Jan 11
- Discussion papers:
- Declaration of Independence of Cyberspace, John Perry Barlow
- This World of Ours, James Mickens, Usenix login;
- You and Your Research, Richard W. Hamming, Speech at Bellcore
- Against Security Nihilism, Chris Palmer
Note: Yes, there are more readings here, though they are quite short
Optional:
- Moral Character of Cryptographic Work, Phillip Rogaway
- Discussion papers:
Voting
- Jan 16
- Discussion papers:
- Software Independence, Rivest & Wack
- Security analysis of the Diebold AccuVote-TS voting machine, AJ Feldman, JA Halderman, and EW Felten, USENIX SECURITY’06
- Discussion papers:
- Jan 18
- Discussion papers:
- Public Evidence from Secret Ballots, M Bernhard et. al, E-Vote-ID’17
- Risk-limiting Audits: A practical systematization of knowledge, M Bernhard et. al, E-Vote-ID’21
Optional
- A Gentle Introduction to Risk-Limiting Audits, Lindeman & Stark, IEEE Security & Privacy’12
- Discussion papers:
- Jan 19
- DUE: Group selection and short proposal document DUE: Groups must schedule a 1-on-1 with course staff
- See description on the projects page.
- Jan 23
- Usability Failures in Voting
- Lecture
- Discussion papers:
- Can Voters Detect Malicious Manipulation of Ballot Marking Devices?, Bernhard et. al, IEEE S&P’20
- Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters, Appel, Demillo, Stark
- Jan 25
- Internet Voting
- Lecture
- Discussion papers:
- Helios: Web-based Open-Audit Voting, Ben Adida, USENIX Security’08
- The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections, Michael A Specter, James Koppel and Daniel Weitzner, USENIX Security’20
Security, Privacy, and Economics
- Jan 30
- Economics – Information Asymmetry
- Discussion
- Discussion papers:
- The market for “lemons”: Quality uncertainty and the market mechanism, George A. Akerlof
- Credence goods in the literature: What the past fifteen years have taught us about fraud, incentives, and the role of institutions, Balafoutas & Kerschbamer, Journal of Behavioral and Experimental Finance
Optional:
- On Doctors, Mechanics, and Computer Specialists: The Economics of Credence Goods, Dulleck and Kirshbaumer, Journal of Economic Literature
- Bonus Question
- What kind of product, or an aspect of a product, is security?
- Feb 01
- Economics in Security & Privacy
- Discussion
- Discussion papers:
- So long and no thanks for all the externalities, Cormac Herley, NSPW’09
- The Economics of Information Security, Ross Anderson and Tyler Moore, Science’06
Optional:
- What is Privacy Worth?, Acquisti et. al
- Feb 02
- DUE: Related Works Document
- See description on the projects page.
Transparency & Accountability
- Feb 06
- Labeling Regimes
- Discussion
- Discussion papers:
- A “Nutrition Label” for Privacy, Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, Robert W. Reeder, SOUPS’09
- FTC’s Consent Decree Complaint on Zoom
- Feb 08
- Discussion papers:
- SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, Jeremy Clark and Paul C. van Oorschot
- Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate, Emily Stark et. al., IEEE S&P’19
Optional:
- Efficient Data Structures for Tamper-Evident Logging, Scott A. Crosby and Dan S. Wallach, USENIX Secuirty’09
- Google Binary Transparency
- Discussion papers:
- Feb 13
- Discussion papers:
- A Researcher’s Guide to Some Legal Risks of Security Research, Sunoo Park & Kendra Albert
- The EFF’s Amicus Brief in VanBuren v. United States
Optional:
- If you ever feel bad about reviewer #2, please read the Internet Voting company Voatz’s amicus brief in Van Buren. Your reviewer may be bad, but are they “complain about your research to the supreme court” bad?
- Discussion papers:
Censorship
- Feb 15
- Censorship (Law and Policy)
- Discussion
- Discussion papers:
- Communications Decency Act, Section 230
- Reno V. ACLU
- Only read the actual opinion, pages 6-42.
- Content warning: Brief mention of child pornography
- Feb 16
- DUE: Topic & Motivation V2
- See description on the projects page.
- Feb 20
- Censorship (Technology)
- Lecture
- Discussion papers:
- A Large-scale Investigation into Geodifferences in Mobile Apps, Renuka Kumar, Apurva Virkud, Ram Sundara Raman, Atul Prakash, and Roya Ensafi, USENIX Security’22
- Internet Censorship in Iran: A First Look, Simurgh Aryan, Homa Aryan, J. Alex Halderman, FOCI’13
Surveillance
- Feb 22
- Surveillance Policy and Law
- Discussion
- Discussion papers:
- Smith V. Maryland
- The System of Foreign Intelligence Surveillance Law, Peter Swire, GWU Law Review
- Feb 27
- Messaging Deniability
- Lecture
- Discussion papers:
- Off-the-Record Communication, or, Why Not To Use PGP, Nikita Borisov, Ian Goldberg, Eric Brewer, WPES’04;
- KeyForge: Non-Attributable Email from Forward-Forgeable Signatures, Michael A. Specter, Sunoo Park, Matthew Green, USENIX Security’21;
Optional:
- Is Cryptographic Deniability Sufficient? Non-Expert Perceptions of Deniability in Secure Messaging, Nathan Reitinger et. al , IEEE S&P’23
- Feb 29
- What is Anonymity, Really?
- Discussion
- Discussion papers:
- Robust De-anonymization of Large Datasets (How to Break Anonymity of the Netflix Prize Dataset), Arvind Narayanan and Vitaly Shmatikov, IEEE S&P’08
- k-anonymity: A model for protecting privacy, Latanya Sweeny
- Mar 1
- DUE: Plan & Methodology
- See description on the projects page.
- Mar 5
- Anti-Surveillance Technologies
- Discussion
- Discussion papers:
- Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson
- SOK on Secure Messaging, Nik Unger et al, IEEE S&P’15
- Mar 7
- Discussion papers:
- Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services, Albert Kwon et. al., USENIX Security’15
- The Parrot is Dead, Amir Houmansadr, Chad Brubaker, Vitaly Shmatikov, IEEE S&P’15;
- Discussion papers:
- Mar 12
- Fingerprinting & Covert Tracking
- Discussion
- Discussion papers:
- How unique is your web browser?, Peter Eckersley
- The Web Never Forgets, Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, Claudia Diaz, ACM CCS’14
Cryptography & Law Enforcement (The Crypto Wars)
- Mar 14
- Harassment & Abuse
- Lecture
- Discussion papers:
- SoK: Hate, Harassment, and the Changing Landscape of Online Abuse, Kurt Thomas et. al, IEEE S&P’21
- Content warning: Mention of online LGBTQ hate and harassment
- Rethinking the Detection of Child Sexual Abuse Imagery on the Internet, Elie Bursztein et. al, WWW’19
- Content warning: Mention of child abuse
- Mar 19
- ** NO CLASS **
- Mar 22
- ** NO CLASS **
- Mar 26
- The Crypto Wars – History
- Discussion
- Discussion papers:
- Keys under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications, Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, et al., Oxford Journal of Cybersecurity
- Bugs in Our Pockets: The Risks of Client-Side Scanning, Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie et. al
- Content warning: Mention of child abuse, abuse in general
- Mar 28
- Cryptographic Proposals
- Discussion
- Discussion papers:
- Robust, privacy-preserving, transparent, and auditable on-device blocklisting Kurt Thomas, Sarah Meiklejohn, Michael A. Specter, Xiang Wang, Xavier Llorà, Stephan Somogyi, and David Kleidermacher
- Content warning: Mention of child abuse
- Crypto Crumple Zones Charles V. Wright, Mayank Varia
Optional:
- Apple’s PSI Proposal, Abhishek Bhowmick, Dan Boneh, Steve Myers, Kunal Talwar, and Karl Tarbe
- April 2
- Ongoing Policy Debate
- Lecture
- Discussion papers:
- Internet Impact Brief: End-to-end Encryption under the UK’s Draft Online Safety Bill, Callum Voge and Robin Wilton, Technical Report from ISOC
- EARN-IT Bill, Lindsey Graham
- Content warning: Repeated mentions (100+) of child abuse, mention of trafficking
Security and Privacy in the Public Interest
- April 4
- Discussion papers:
- Care Infrastructures for Digital Security in Intimate Partner Violence, Emily Tseng, Mehrnaz Sabet, Rosanna Bellini, Harkiran Kaur Sodhi, Thomas Ristenpart, and Nicola Dell, CHI’22
- Content warning: Mention of domestic abuse, sexual abuse and harassment
- What is Your Mother’s Maiden Name? A Feminist History of Online Security Questions, Bo Ruberg
Optional
- You Can’t Escape Hyperparameters and Latent Variables: Machine Learning as a Software Engineering Enterprise, Charles Isbell, Keynote at Neurips
- Crypto for the People, Seny Kamara Keynote at Crypto’20
- Discussion papers:
- April 9
- Cryptography Usability
- Discussion
- Discussion papers:
- Why Johnny Can’t Encrypt, A Whitten, JD Tygar, USENIX Security’99
- Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System, A Whitten, JD Tygar, USENIX Security’11
Optional
- Rethinking Connection Security Indicators, Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris et al., SOUPS’16
- April 11
- Internet Access as a Human Right
- Discussion
- Discussion papers:
- Measuring the Political and Social Consequences of Government-Initiated Cyber Shutdowns, Ryan Shandler, FOCI 18
- A Reality of Vulnerability and Dependence: Internet Access as a Human Right, Ryan Shandler, Daphna Canetti, Israel Law Review
- April 12
- DUE: Paper Draft #1
- See description on the projects page.
- April 16
- Discussion papers:
- April 18
- Project Presentations (Day 1)
- April 23
- Project Presentations (Day 2)
- May 2
- DUE: Project Final Paper
- See description on the projects page.