E-Privacy - Privacy in the Electronic Society

E-Privacy - Privacy in the Electronic Society

Course at ETH Zurich, Department of Computer Science , Spring Semester 2008

Dates.

Lecture:	Tuesdays, 15:15-17:00, IFW B42, starting February 19, 2008.
Exercises:	Tuesdays, 17:00-18:00, IFW B42, starting February 26, 2008.

Web page. http://www.zurich.ibm.com/~gka/ePrivacy/

Organization

Lecturers.

Dr. Jan Camenisch, IBM Zurich Research Lab

Dr. Günter Karjoth, IBM Zurich Research Lab

Description
Privacy issues have been the subject of public debates since years. In particular, as new technologies are developed, they increasingly raise privacy concerns - the Web 2.0, wireless location-based services, and RFID chips are just a few examples. Thus, the need for privacy-aware policies, regulations, and techniques has been widely recognized by law makers, regulators, and the media. As a result, businesses are under pressure to draft privacy policies, chief privacy officers are becoming essential members of many organizations, and companies are taking pro-active steps to avoid the potential reputation damage of a privacy mistake. This course provides an in-depth look into privacy laws and regulations as well as into technologies for achieving privacy in an electronic world.

Prerequisites. Basic knowledge of cryptology is recommended to follow some of the topics of the course.

Tentative List of Topics

Introduction
Laws and Regulations
Privacy Seals
Privacy Policies
Policy negotiation
k-Anonymity
RFID
Anonymous Credentials
Encryption, Verifiable Encryption and Anonymous Communication

Announcements

[5-21] Foils "Economy" uploaded.
[5-19] Foils #E uploaded.
[5-13] The invited talk on May 20 will be given in German. It is not subject to the exam. It will start at 16:15. At 15:15, Günter Karjoth will talk about the economical aspects of privacy.
[5-08] Foils & Exercise #D uploaded.
[4-30] Solutions #4 & #5 uploaded.
[4-30] Foils & Exercise #C uploaded.
[4-24] Foils & Exercise #B uploaded.
[4-15] Foils #6 uploaded.
[4-11] Exercise #5 uploaded.
[4-10] Foils #5 uploaded.
[4-1] Foils Jan Camenisch uploaded.
[3-5] Foils and exercise #3 uploaded.
[2-29] No lecture on March 25 (ETH Osterferien)
[2-27] Foils and exercise #2 uploaded.
[2-25] Foils and exercise #1 uploaded.

Office consultation hours:

by e-mail or before lecture

Course Material

There is no main textbook for the course. See Supplemental Texts at the end of this Web page.

Class Schedule


Date	Lecturer	Topic	References	Exercises
Feb 19	Günter Karjoth	Introduction		Exercise #1
Feb 26	Günter Karjoth	Laws and Regulations, Privacy Seals		Exercise #2
Mar 4	Günter Karjoth	Privacy Policy Languages (P3P)		Exercise #3
Mar 11		No lecture !
Mar 18	Jan Camenisch	Identity and Trust Management
Mar 25		No lecture (ETH Osterferien)
Apr 1	Günter Karjoth	Privacy Policy Languages (Enterprise)		Exercise #4
Apr 8	Günter Karjoth	Database Privacy		Exercise #5
Apr 15	Günter Karjoth	Privacy in Sensor Networks (RFID)
Apr 22	Jan Camenisch	Anonymous Credentails I	Number Theory	Exercise B
Apr 29	Jan Camenisch	Anonymous Credentails II		Exercise C
May 6	Jan Camenisch	Anonymous Credentails III	[Camenisch, 2008],[BaCaLy04]	Exercise D
May 13	Jan Camenisch	Encryption, Verifiable Encryption and Anonymous Communication
May 20	Günter Karjoth	Privacy Practices and Economics
	Dr. Esther Hefti	Datenschutz und wirtschaftliche Realität
May 27	Mario Verdicchio	Exploiting cryptography for privacy-enhancing policies

News from the Press

Google begins blurring faces in Street View C|net News.com, May 13, 2008 10:01 AM PDT
HSBC loses CD with 370,000 customers details: Faces possible FSA investigation Apr 7, 2008
Neun Angestellte wegen StudiVZ-Gruppe entlassen Spiegel Online, 4. April 2008, 12:18 Uhr
Fawcett's cancer file breached The incident occurred months before UCLA hospital employees were caught snooping in Britney Spears' files. By Charles Ornstein, Los Angeles Times. April 3, 2008
Google stores patients' health records CNNMoney.com, February 21 2008: 3:30 PM EST
Werbung und persönliche Daten: neue AGB für StudiVZ Heise Online (12-14-07)
When it comes to privacy, gender matters UW Office of News and Information (05-23-06) Peter Lewis
Too much for NSA to mine? Government Computer News (05/22/06) Patience Wait
The Scramble to Protect Personal Data New York Times (06/09/05) P. C1; Zeller Jr., Tom
Debating the safety of a tiny technology Baltimore Sun (05/22/05) P. C1; Cohn, Meredith
Personal Data for the Taking New York Times (05/18/05) P. C1; Zeller Jr., Tom
Net Aids Access to Sensitive ID Data: Social Security Numbers Are Widely Available By Jonathan Krim, Washington Post, April 4, 2005; Page A01
"Identity Theft Made Easier" Wall Street Journal (03/29/05) P. B1; Delaney, Kevin J.

Optional Supplemental Texts

Privacy in General

The Transparent Society, Brin, Perseus Books, 1998.
In Pursuit of Privacy: Law, Ethics, and the Rise of Technology, DeCew, Cornell University Press, 1997.
The Right to Privacy, Alderman and Kennedy, Random House, 1995.

Books on Aspects of E-Privacy:

The Privacy Payoff: How Successful Businesses Build Customer Trust. Cavoukian and Hamilton, McGraw-Hill Ryerson, 2002.
Web Privacy with P3P, L. Cranor, O'Reilly, 2002.

Selected articles

[Camenisch, 2008]: J. Camenisch: The Camenisch-Lysyanskaya Private Credential System Explained, Work in Progress.
[BeCaLy0]: A. Bengerter, J. Camenisch and A. Lysyanskaya: A Cryptographic Framework for the Controlled Release Of Certified Data. In Twelfth International Workshop on Security Protocols 2004.
[Barth&Mitchell, 2005]: A. Barth and J.C. Mitchell: Enterprise pricavy Promises and Enforcement. WITS'05, 2005.
[Moores, 2005]: T. Moores: Do consumers understand the role of privacy seals in e-commerce? CACM 48(3) 86-91, 2005
[Hochheiser, 2004]: H. Hochheiser: The Platform for Privacy Preferences as a Social Protocol: An Examination Within the U.S. Policy Context. ACM Trans. on Internet Technology 2(4) 276-306, Nov. 2002.
[Molnar&Wagner, 2004]: D. Molnar and D. Wagner. Privacy and Security in Library RFID: Issues, Practices, and Architectures. In 11th ACM Conference on Computer and Communications Security (CCS), pages 210V219. ACM Press, 2004
[Juels et al, 2005]: A. Juels, D. Molnar, and D. Wagner: Security and Privacy Issues in E-passports. Cryptology ePrint Archive, Report 2005/095 http://eprint.iacr.org/
[BSI, 2005]: Bundesamt für Sicherheit in der Informationstechnik, Digitale Sicherheitsmerkmale im elektronischen Reisepass. 11.05.2005
[Agrawal et al, 2004]: R. Agrawal, R. Bayardo, C. Faloutsos, J. Kiernan, R. Rantzau, R. Srikant: Auditing Compliance with a Hippocratic Database, VDLB 2004
[Agrawal et al, 2002]: R. Agrawal, J. Kiernan, R. Srikant, Y. Xu: Hippocratic Databases, VDLB 2002
[LeFevere et al, 2004]: K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, D. DeWitt: Limiting Disclosure in Hipplocratic Databases, VLDB 2004
[Asonov&Freytag, 2002]: D. Asonov, J.-C. Freytag: Almost Optimal Private Information Retrieval, PET 2002
[Agrawal&Srikant, 2000]: R. Agrawal, R. Srikant: Privacy-preserving Data Mining, SIGMOD 2000
[Samarati, 2001]: P. Samarati, Protecting Respondent's Privacy in Microdata Release, IEEE Transactions on Knowledge and Data Engineering, 13(6), 2001; 1010-1027.

Gildas Avoine's Web page related to Security and Privacy Issues in RFID Systems: lasecwww.epfl.ch/~gavoine/rfid/.

Last modified: Thu May 8 13:45:46 MDT 2008

IBM doesn't necessarily share my personal opinions stated on this page.