CSCI 2390 is about privacy-related challenges that computer systems face. The top-level question is whether we can design computer systems that better protect their users' privacy, while maintaining the desirable features, functionality, and convenience of today's applications. Some of the questions we will look at include:

• Where should a user's data be stored? On the user's own computer? In a datacenter run by a company like Google, Amazon, Facebook, or Microsoft? In commercial cloud storage services such as Amazon S3? In cooperative, decentralized peer-to-peer storage?
• What does current legislation require from the software systems that store and process our data? Are the current systems adequate?
• How do we translate abstract legislative requirements (e.g., the rights granted to users by the EU's GDPR) into technological solutions?
• What is the role of encrypted storage and data transmission? Can it help us preserve our privacy, given that many services we use need to process our data in various ways? Who should hold the keys?
• Can we specify precise privacy policies for our applications? Can we rely on systems to automatically enforce these policies?
• What are the right trust models for services that hold and process user data? How paranoid should we be?
• To what extent are the business models (e.g., targeted advertising) of current "free" web services incompatible with the desire for data privacy, and are the technologies that preserve both privacy and profitability?
• What performance overheads are acceptable for better privacy protection?
• How can we protect individuals' privacy while releasing meaningful aggregate statistics? How can we balance privacy and accuracy?
• Can we deeply embed user data privacy as a design concern in the computer systems we build? How disruptive would such a change be?
• How do we evaluate the usability of our tools, both in terms of developer effort and risk of misuse?

I (Kinan) don't know the answers to many of these questions, nor do I know if these questions are the right ones to ask; I hope to learn as much as you do from this course.

We will look at research papers on web services, datacenter systems, distributed communication systems, machine learning techniques, and privacy legislation. During the course, you will present and discuss papers, finish small hands-on assignments, work on a research project, and present your project at the end of the semester. There will be no exams.

Requirements

You can expect to spend approximately 3 hours per week in class (40 hours total), and around 3 hours preparing readings (40 hours total). Assignments and the final project will take upwards of 8-10 hours per week (112-140 hours total).

Grading

Your in-class presentations and participation, and your final project make up the bulk of your grade.

We will provide grades for specific assignments and are happy to discuss your academic standing on request. In general, if you've kept up with the material, and it is clear that you put significant effort into the class discussion, the paper presentations for which you were the lead and your project, you'll do well.

Grading breakdown:

1. Reading Questions: 10%;
2. Assignments: 15%;
3. Participation: 15%;
4. Presentations: 20%;
5. Final Project: 40%.

Policies

Late Policy

Since this is a reading-centric discussion course, there are no formal provisions for late submission. We expect you to attend every session, but let Kinan know if you have any special requirements. For sickness and other issues of wellbeing, please obtain a note from health services and We will accommodate them.

This course will involve substantial reading for each meeting, and you will need to stay on top of the assigned readings to keep up, as we quickly move between topics. However, the research papers are relatively standalone, so finding one paper difficult to read will not disadvantage you going forward.

Reading questions are due at 11pm (Eastern) before the relevant session, and owing to the small amount of credit they contribute individually, there will be no late submission. If you do encounter particular, unexpected hardships however, send an email to Kinan.

Use of Gen AI Tools

We believe it is important for students to learn how to use AI tools to increase their productivity. However, we disallow "whole-sale" use of AI tools, which compromises the learning process. For example, scenarios where students rely on the tool to generate the entirety (or large portions) of their written or coding assignments. Instead, if students decide to use such tools, they should use them as thinking buddies for brain storming or coding assistants.

When students use gen AI tools in their homework or projects, they should report that in their written reports using an appendix. The appendix should include:

• a log of the interactions between them and the AI tools.
• a description of which exact tools were used.
• an explanation of how the AI tools were used.
• a description of the reason for using the AI tools (e.g., save time, experiment with LLM, assist with understanding a specific API).