CSCI 2390 is about privacy-related challenges that computer systems face. The top-level question is whether we can design computer systems that better protect their users' privacy, while maintaining the desirable features, functionality, and convenience of today's applications. Some of the questions we will look at include:
- Where should a user's data be stored? On the user's own computer? In a datacenter run by a company like Google, Amazon, Facebook, or Microsoft? In commercial cloud storage services such as Amazon S3? In cooperative, decentralized peer-to-peer storage?
- What does current legislation require from the software systems that store and process our data? Are the current systems adequate?
- How do we translate abstract legislative requirements (e.g., the rights granted to users by the EU's GDPR) into technological solutions?
- What is the role of encrypted storage and data transmission? Can it help us preserve our privacy, given that many services we use need to process our data in various ways? Who should hold the keys?
- What are the options for access control? Centralized ACLs, cryptography, or other techniques? How can we maintain ACLs with confidence that backend processing actually respects them?
- Can we define ACLs attached to the notion of a "purpose" of data processing? How do users consent to one use of their data, but object to another?
- Can we expect decentralized applications, such as those proposed in the context of smart contracts and blockchains, to be better than current web application stack from a privacy perspective?
- What are the right trust models for services that hold and process user data? How paranoid should we be?
- To what extent are the business models (e.g., targeted advertising) of current "free" web services incompatible with the desire for data privacy, and are the technologies that preserve both privacy and profitability?
- What performance overheads are acceptable for better privacy protection?
- Can we deeply embed user data privacy as a design concern in the computer systems we build? How disruptive would such a change be?
I (Malte) don't know if the answers to many of these questions, nor do I know if these questions are the right ones to ask; I hope to learn as much as you do from this course.
We will look at research papers on web services, datacenter systems, distributed communication systems, machine learning techniques, and privacy legislation. During the course, you will present and discuss papers, finish small hands-on assignments, work on a research project, and present your project at the end of the semester. There will be no exams.
This is an advanced, research-focused course, but undergraduate students are most welcome! The course staff are keen to guide you, but the course will benefit us all the most if you take initiative. Students should know something about distributed systems and have some> experience programming in systems languages before taking this course. For example, this might result from having taken one or more prior courses, such as:
- CSCI 0330: Introduction to Computer Systems: gives you a foundation in concurrent programming; this couse will assume a 0330-level understanding.
- CSCI 1380: Distributed Computer Systems: a good preparation in terms of distributed systems context and principles.
- CSCI 0320: Introduction to Software Engineering: gives you principles of scalable software engineering and prepares you well for the final project; without other prior classes, you will have to learn a lot about distributed systems quickly.
- CSCI 1320: Creating Modern Web Applications: will have given you context on web services and their backends; some distributed systems concepts might be a little tough without CSCI 1380.
You can expect to spend approximately 3 hours per week in class (40 hours total), and around 3 hours preparing readings (40 hours total). Assignments and the final project will take upwards of 8-10 hours per week (112-140 hours total).
Your in-class presentations and particiation, and your final project make up the bulk of your grade.
We will provide grades for specific assignments are happy to discuss your academic standing on request. In general, if you've kept up with the material, and it is clear that you put significant effort into the class discussion, the paper presentations for which you were the lead and your project, you'll do well.
- Questions: 10%;
- Assignments: 10%;
- Participation: 20%;
- Presentations: 20%;
- Final Project: 40%.
Since this is a reading-centric discussion course, there are no formal provisions for late submission. I expect you to attend every session, but let Malte know if you have any special requirements. For sickness and other issues of wellbeing, please obtain a note from health services and I will accommodate them.
This course will involve substantial reading for each meeting, and you will need to stay on top of the assigned readings to keep up, as we quickly move between topics. However, the research papers are relatively standalone, so finding one paper difficult to read will not disadvantage you going forward.
Questions and assignments are due at 11pm (Eastern) before the relevant session, and owing to the small amount of credit they contribute individually, there will be no late submission. If you do encounter particular, unexpected hardships however, send an email to Malte.
Brown University is committed to full inclusion of all students. Please inform me if you have a disability or other condition that might require accommodations or modification of any of these course procedures. You may email me, come to office hours, or speak with me after class, and your confidentiality is respected. We will do whatever we can to support accommodations recommended by SEAS. For more information contact Student and Employee Accessibility Services (SEAS) at 401-863-9588 or SEAS@brown.edu.
Being a student can be very stressful. If you feel you are under too much pressure or there are psychological issues that are keeping you from performing well at Brown, we encourage you to contact Brown’s Counseling and Psychological Services (CAPS). They provide confidential counseling and can provide notes supporting extensions on assignments for health reasons.
We expect everyone to complete the course on time. However, we certainly understand that there may be factors beyond your control, such as health problems and family crises, that prevent you from finishing the course on time. If you feel you cannot complete the course on time, please discuss with Malte Schwarzkopf the possibility of being given a grade of Incomplete for the course and setting a schedule for completing the course in the upcoming year.
Thanks to James Tompkin and Tom Doeppner for the text on accommodation, mental health, and incomplete policies.