CS8803: Security, Privacy, & Democracy

Georgia Tech, Spring 2026

Schedule & Topics

Important Note
This syllabus is a living document and will be updated frequently with new information and speakers. Please check back often!

Introduction

Jan 13

Introduction

Discussion Papers:

How to Read a Paper, S. Keshav
How to Read a Legal Opinion, Orin S. Kerr, The Green Bag

Jan 15

Initial Takes on Security, Privacy, and Society

Discussion papers:

Declaration of Independence of Cyberspace, John Perry Barlow
This World of Ours, James Mickens, Usenix login;
You and Your Research, Richard W. Hamming, Speech at Bellcore
Against Security Nihilism, Chris Palmer

Note: Yes, there are more readings here, though they are quite short

Optional:

Moral Character of Cryptographic Work, Phillip Rogaway

Elections

Jan 20

What Do We Want From a Voting System?

Discussion papers:

Software Independence, Rivest & Wack
Security analysis of the Diebold AccuVote-TS voting machine, AJ Feldman, JA Halderman, and EW Felten, USENIX Security’06

Lecture:

Intro to Voting & Elections

Jan 22

How Can We Verify an Election Outcome?

Discussion papers:

Public Evidence from Secret Ballots, M Bernhard et al., E-Vote-ID’17
Risk-limiting Audits: A practical systematization of knowledge, M Bernhard et al., E-Vote-ID’21

Optional:

A Gentle Introduction to Risk-Limiting Audits, Lindeman & Stark, IEEE Security & Privacy’12

Lecture:

Intro to Cryptography 1: Symmetric & Asymmetric Crypto, DH Key Exchange, Hashing
This lecture follows Boneh/Shoup Chapters 2.1, 8.1, 10.4, & 10.5). Alternatively, Katz/Lindell Chapter 2.2–2.3, 5

Jan 25

DUE 11:59 PM: Group selection and short proposal document

See description on the projects page.

Jan 27

Usability Failures in Voting

Discussion papers:

Can Voters Detect Malicious Manipulation of Ballot Marking Devices?, Bernhard et al., IEEE S&P’20
Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters, Appel, Demillo, Stark

Lecture:

Intro to Cryptography 2: Merkle Trees, Signatures, Zero knowledge proofs
Roughly following Boneh/Shoup Chapter 20. Katz/Lindell 5.6.2, 2.5.1

Jan 29

Internet Voting

Discussion papers:

Helios: Web-based Open-Audit Voting, Ben Adida, USENIX Security’08
The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections, Michael A Specter, James Koppel and Daniel Weitzner, USENIX Security’20

Optional:

ElectionGuard: a Cryptographic Toolkit to Enable Verifiable Elections, Benaloh et al., Talk at USENIX Security’24

Lecture:

E2E-V and Internet Voting

Jan 30

DUE: Project groups must schedule a 1-on-1 with course staff

The Economics of Security & Privacy

Feb 03

Economics — Information Asymmetry

Discussion papers:

The market for “lemons”: Quality uncertainty and the market mechanism, George A. Akerlof
Credence goods in the literature: What the past fifteen years have taught us about fraud, incentives, and the role of institutions, Balafoutas & Kerschbamer, Journal of Behavioral and Experimental Finance

Optional:

On Doctors, Mechanics, and Computer Specialists: The Economics of Credence Goods, Dulleck and Kerschbamer, Journal of Economic Literature

Bonus Question:

What kind of product, or an aspect of a product, is security?

Feb 05

Economics in Security & Privacy

Discussion papers:

So long and no thanks for all the externalities, Cormac Herley, NSPW’09
The Economics of Information Security, Ross Anderson and Tyler Moore, Science’06

Optional:

What is Privacy Worth?, Acquisti et al.
“I’ve Got Nothing to Hide” and Other Misunderstandings of Privacy, Daniel J. Solove, San Diego Law Review

Transparency & Accountability

Feb 10

Labeling Regimes

Discussion papers:

A “Nutrition Label” for Privacy, Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, Robert W. Reeder, SOUPS’09
FTC’s Consent Decree Complaint on Zoom

Optional:

‘Anti-Features’ in the F-Droid Docs
Check out the labels on ToS;DR

DUE: Related Works Document

See description on the projects page.

Feb 12

Transparency & Accountability: Cryptography

Discussion papers:

SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, Jeremy Clark and Paul C. van Oorschot
Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate, Emily Stark et al., IEEE S&P’19

Optional:

Efficient Data Structures for Tamper-Evident Logging, Scott A. Crosby and Dan S. Wallach, USENIX Security’09
Google Binary Transparency

Feb 17

Barriers to Research — Increasing Information Asymmetry

Discussion papers:

A Researcher’s Guide to Some Legal Risks of Security Research, Sunoo Park & Kendra Albert
The EFF’s Amicus Brief in Van Buren v. United States

Optional:

If you ever feel bad about reviewer #2, please read the Internet Voting company Voatz’s amicus brief in Van Buren. Your reviewer may be bad, but are they “complain about your research to the supreme court” bad?

Censorship

Feb 19

Censorship — Law and Policy

Discussion papers:

Communications Decency Act, Section 230
Reno v. ACLU
- Only read the actual opinion, pages 6-42.
- Content warning: Brief mention of child pornography

Feb 20

DUE: Topic & Motivation V2

See description on the projects page.

Feb 24

Censorship — Technology

Discussion papers:

A Large-scale Investigation into Geodifferences in Mobile Apps, Renuka Kumar, Apurva Virkud, Ram Sundara Raman, Atul Prakash, and Roya Ensafi, USENIX Security’22
Internet Censorship in Iran: A First Look, Simurgh Aryan, Homa Aryan, J. Alex Halderman, FOCI’13

Surveillance

Feb 26

Surveillance Policy and Law

Discussion papers:

Smith v. Maryland
The System of Foreign Intelligence Surveillance Law, Peter Swire, GWU Law Review

Mar 03

Messaging Deniability

Discussion papers:

Off-the-Record Communication, or, Why Not To Use PGP, Nikita Borisov, Ian Goldberg, Eric Brewer, WPES’04;
KeyForge: Non-Attributable Email from Forward-Forgeable Signatures, Michael A. Specter, Sunoo Park, Matthew Green, USENIX Security’21;

Optional:

Is Cryptographic Deniability Sufficient? Non-Expert Perceptions of Deniability in Secure Messaging, Nathan Reitinger et al., IEEE S&P’23

Mar 05

What is Anonymity, Really?

Discussion papers:

Robust De-anonymization of Large Datasets (How to Break Anonymity of the Netflix Prize Dataset), Arvind Narayanan and Vitaly Shmatikov, IEEE S&P’08
k-anonymity: A model for protecting privacy, Latanya Sweeny

Mar 06

DUE: Plan & Methodology

See description on the projects page.

Mar 10

Anti-Surveillance Technologies

Discussion papers:

Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson
SOK on Secure Messaging, Nik Unger et al., IEEE S&P’15

Mar 12

Attacks Against Anti-Surveillance Tools

Discussion papers:

Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services, Albert Kwon et al., USENIX Security’15
The Parrot is Dead, Amir Houmansadr, Chad Brubaker, Vitaly Shmatikov, IEEE S&P’15;

Mar 17

Fingerprinting & Covert Tracking

Discussion papers:

How unique is your web browser?, Peter Eckersley
The Web Never Forgets, Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, Claudia Diaz, ACM CCS’14

Cryptography, Abuse, and Legal Mandates Against E2EE

Mar 19

Harassment & Abuse

Discussion papers:

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse, Kurt Thomas et al., IEEE S&P’21
- Content warning: Mention of online LGBTQ hate and harassment
Rethinking the Detection of Child Sexual Abuse Imagery on the Internet, Elie Bursztein et al., WWW’19
- Content warning: Mention of child abuse

Mar 24

No class: Spring Break

Mar 26

No class: Spring Break

Mar 31

The Crypto Wars — History

Discussion papers:

Keys under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications, Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, et al., Oxford Journal of Cybersecurity
Bugs in Our Pockets: The Risks of Client-Side Scanning, Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie et al.
- Content warning: Mention of child abuse, abuse in general

Apr 2

Cryptographic Proposals

Discussion papers:

Robust, privacy-preserving, transparent, and auditable on-device blocklisting Kurt Thomas, Sarah Meiklejohn, Michael A. Specter, Xiang Wang, Xavier Llorà, Stephan Somogyi, and David Kleidermacher
- Content warning: Mention of child abuse
Crypto Crumple Zones Charles V. Wright, Mayank Varia

Optional:

Apple’s PSI Proposal, Abhishek Bhowmick, Dan Boneh, Steve Myers, Kunal Talwar, and Karl Tarbe

Apr 7

Ongoing Policy Debate

Discussion papers:

Internet Impact Brief: End-to-end Encryption under the UK’s Draft Online Safety Bill, Callum Voge and Robin Wilton, Technical Report from ISOC
EARN-IT Bill, Lindsey Graham
- Content warning: Repeated mentions (100+) of child abuse, mention of trafficking

Cryptography & Systems for Real Users

Apr 9

Security & Privacy for At-Risk Groups

Discussion papers:

Care Infrastructures for Digital Security in Intimate Partner Violence, Emily Tseng, Mehrnaz Sabet, Rosanna Bellini, Harkiran Kaur Sodhi, Thomas Ristenpart, and Nicola Dell, CHI’22
- Content warning: Mention of domestic abuse, sexual abuse and harassment
TBD

Optional: