CSCI 2390 is about privacy-related challenges that computer systems face. The top-level question is whether we can design computer systems that better protect their users' privacy, while maintaining the desirable features, functionality, and convenience of today's applications. Some of the questions we will look at include:

• Where should a user's data be stored? On the user's own computer? In a datacenter run by a company like Google, Amazon, Facebook, or Microsoft? In commercial cloud storage services such as Amazon S3? In cooperative, decentralized peer-to-peer storage?
• What does current legislation require from the software systems that store and process our data? Are the current systems adequate?
• How do we translate abstract legislative requirements (e.g., the rights granted to users by the EU's GDPR) into technological solutions?
• What is the role of encrypted storage and data transmission? Can it help us preserve our privacy, given that many services we use need to process our data in various ways? Who should hold the keys?
• Can we specify precise privacy policies for our applications? Can we rely on systems to automatically enforce these policies?
• What are the right trust models for services that hold and process user data? How paranoid should we be?
• To what extent are the business models (e.g., targeted advertising) of current "free" web services incompatible with the desire for data privacy, and are the technologies that preserve both privacy and profitability?
• What performance overheads are acceptable for better privacy protection?
• How can we protect individuals' privacy while releasing meaningful aggregate statistics? How can we balance privacy and accuracy?
• Can we deeply embed user data privacy as a design concern in the computer systems we build? How disruptive would such a change be?
• How do we evaluate the usability of our tools, both in terms of developer effort and risk of misuse?

I (Kinan) don't know the answers to many of these questions, nor do I know if these questions are the right ones to ask; I hope to learn as much as you do from this course.

We will look at research papers on web services, datacenter systems, distributed communication systems, machine learning techniques, and privacy legislation. During the course, you will present and discuss papers, finish small hands-on assignments, work on a research project, and present your project at the end of the semester. There will be no exams.

Requirements

This is an advanced, research-focused course, but undergraduate students are most welcome! The course staff are keen to guide you, but the course will benefit us all the most if you take initiative. Students should know something about distributed systems and have some experience programming in systems languages before taking this course. For example, this might result from having taken one or more prior courses, such as:

You can expect to spend approximately 3 hours per week in class (40 hours total), and around 3 hours preparing readings (40 hours total). Assignments and the final project will take upwards of 8-10 hours per week (112-140 hours total).

Grading

Your in-class presentations and participation, and your final project make up the bulk of your grade.

We will provide grades for specific assignments and are happy to discuss your academic standing on request. In general, if you've kept up with the material, and it is clear that you put significant effort into the class discussion, the paper presentations for which you were the lead and your project, you'll do well.

Grading breakdown:

1. Reading Questions: 10%;
2. Assignments: 15%;
3. Participation: 15%;
4. Presentations: 20%;
5. Final Project: 40%.

Policies

Shopping Period

To ensure fair access in an oversubscribed course, we expect that you attend all course meetings during shopping period and submit all assignments due during shopping period in order to continue doing the course.

Late Policy

Since this is a reading-centric discussion course, there are no formal provisions for late submission. I expect you to attend every session, but let Kinan know if you have any special requirements. For sickness and other issues of wellbeing, please obtain a note from health services and I will accommodate them.

This course will involve substantial reading for each meeting, and you will need to stay on top of the assigned readings to keep up, as we quickly move between topics. However, the research papers are relatively standalone, so finding one paper difficult to read will not disadvantage you going forward.

Reading questions are due at 11pm (Eastern) before the relevant session, and owing to the small amount of credit they contribute individually, there will be no late submission. If you do encounter particular, unexpected hardships however, send an email to Kinan.

Accommodations

Brown University is committed to full inclusion of all students. Please inform me if you have a disability or other condition that might require accommodations or modification of any of these course procedures. You may email me, come to office hours, or speak with me after class, and your confidentiality is respected. We will do whatever we can to support accommodations recommended by SEAS. For more information contact Student and Employee Accessibility Services (SEAS) at 401-863-9588 or SEAS@brown.edu.

Mental Health