E-Privacy - Privacy in the Electronic Society

E-Privacy - Privacy in the Electronic Society

Course at ETH Zurich, Department of Computer Science , Spring Semester 2009

Dates.

Lecture:	Tuesdays, 15:15-17:00, ML F 40
Exercises:	Tuesdays, 17:00-18:00, ML F 40

Web page. http://www.zurich.ibm.com/~gka/ePrivacy/

Organization

Lecturers.

Dr. Jan Camenisch, IBM Zurich Research Lab

Dr. Günter Karjoth, IBM Zurich Research Lab

Assistent.

Anna Zych (anna.zych AT inf.ethz.ch)

Description
Privacy issues have been the subject of public debates since years. In particular, as new technologies are developed, they increasingly raise privacy concerns - the Web 2.0, wireless location-based services, and RFID chips are just a few examples. Thus, the need for privacy-aware policies, regulations, and techniques has been widely recognized by law makers, regulators, and the media. As a result, businesses are under pressure to draft privacy policies, chief privacy officers are becoming essential members of many organizations, and companies are taking pro-active steps to avoid the potential reputation damage of a privacy mistake. This course provides an in-depth look into privacy laws and regulations as well as into technologies for achieving privacy in an electronic world.

Prerequisites. Basic knowledge of cryptology is recommended to follow some of the topics of the course.

Tentative List of Topics

Introduction
Laws and Regulations
Privacy Seals
Privacy Policies
Policy negotiation
k-Anonymity
RFID
Anonymous Credentials
Encryption, Verifiable Encryption and Anonymous Communication

Announcements

2009-5-20: Foils E uploaded.
2009-5-18: Foils D & Exercises D uploaded.
2009-5-18: Foils #6 reloaded. There are also two voluntary exercises; the first one includes a precise description of the RFID protocol.
2009-5-8: Foils C & Exercises C uploaded.
2009-4-28: Foils A and B & Exercises B uploaded.
2009-3-31: Foils #5 reloaded.
2009-3-24: Foils #6 uploaded.
2009-3-23: Foils #5 + exercises #5 (change in text of question No. 1 !!); solution #4 uploaded.
2009-3-11: Foils #5 + exercises #4; solution #3 uploaded.
2009-3-03: Foils + exercises #3 uploaded.
2009-2-25: New lecture room: ML F 40
2009-2-18: Foils #1 uploaded.
2009-2-18: In excercise #1, it is sufficient to list the type of data instead of the value found, "age" instead of "37" for example.

Office consultation hours:

by e-mail or before lecture

Course Material

There is no main textbook for the course. See Supplemental Texts at the end of this Web page.

Class Schedule


Date	Lecturer	Topic	References	Exercises
Feb 17	Günter Karjoth	Introduction		Exercise #1
Feb 24	Günter Karjoth	Laws and Regulations, Privacy Seals		Exercise #2
Mar 3	Günter Karjoth	Privacy Policy Languages (P3P)		Exercise #3
Mar 10	Günter Karjoth	Privacy Policy Languages (Enterprise)		Exercise #4
Mar 17	Günter Karjoth	Database Privacy		Exercise #5
Mar 24	Günter Karjoth	Privacy in Sensor Networks (RFID)		Exercise #6
Mar 31	Günter Karjoth	Privacy in Sensor Networks (RFID)
Apr 7	Jan Camenisch	Identity and Trust Management
Apr 14		No lecture (ETH Osterferien)
Apr 21	Jan Camenisch	Anonymous Credentails I	Number Theory	Exercise B
Apr 28	Günter Karjoth	Privacy Practices and Economics
May 5	Jan Camenisch	Anonymous Credentails II		Exercise C
May 12	Jan Camenisch	Anonymous Credentails III	[Camenisch, 2008],[BaCaLy04]	Exercise D
May 19	Jan Camenisch	Encryption, Verifiable Encryption and Anonymous Communication
May 26	Nathalie Weiler (Invited Lecturer)	To be announced.

Cartoons and other interesting stuff

Meglena Kuneva, Euopean Consumer CommissionerKenynote Speech, Roundtable on Online Data Collection, Targeting and Profiling. Brussels, 31 March 2009
Doctor Fun
Die neue schöne Welt der Überwachung
An Interactive Map of Data Protection Laws Around the World

News from the Press

Unmasking Social-Network UsersBy Erica Naone, MIT Technology Review, May 06, 2009
Many See Privacy on Web as Big Issue, Survey Says By STEPHANIE CLIFFORD, The New York Times, March 15, 2009
Facebook's Users Ask Who Owns Information By BRIAN STELTER, The New York Times, February 17, 2009
Google begins blurring faces in Street View C|net News.com, May 13, 2008 10:01 AM PDT
HSBC loses CD with 370,000 customers details: Faces possible FSA investigation Apr 7, 2008
Neun Angestellte wegen StudiVZ-Gruppe entlassen Spiegel Online, 4. April 2008, 12:18 Uhr
Fawcett's cancer file breached The incident occurred months before UCLA hospital employees were caught snooping in Britney Spears' files. By Charles Ornstein, Los Angeles Times. April 3, 2008
Google stores patients' health records CNNMoney.com, February 21 2008: 3:30 PM EST
Werbung und persönliche Daten: neue AGB für StudiVZ Heise Online (12-14-07)

Optional Supplemental Texts

Privacy in General

The Transparent Society, Brin, Perseus Books, 1998.

In Pursuit of Privacy: Law, Ethics, and the Rise of Technology, DeCew, Cornell University Press, 1997.

The Right to Privacy, Alderman and Kennedy, Random House, 1995.

Anonymity, (Unlinkability,) Unobservability, Pseudonymity, and Identity Management - A (Consolidated) Proposal for Terminology

Books on Aspects of E-Privacy:

The Privacy Payoff: How Successful Businesses Build Customer Trust. Cavoukian and Hamilton, McGraw-Hill Ryerson, 2002.
Web Privacy with P3P, L. Cranor, O'Reilly, 2002.
Harmonizing Security and Privacy IBM Journal of Research and Development, Volume 53, Number 2, 2009.

Selected articles

[Camenisch, 2008]: J. Camenisch: The Camenisch-Lysyanskaya Private Credential System Explained, Work in Progress.
[BeCaLy0]: A. Bengerter, J. Camenisch and A. Lysyanskaya: A Cryptographic Framework for the Controlled Release Of Certified Data. In Twelfth International Workshop on Security Protocols 2004.
[Barth&Mitchell, 2005]: A. Barth and J.C. Mitchell: Enterprise pricavy Promises and Enforcement. WITS'05, 2005.
[Moores, 2005]: T. Moores: Do consumers understand the role of privacy seals in e-commerce? CACM 48(3) 86-91, 2005
[Hochheiser, 2004]: H. Hochheiser: The Platform for Privacy Preferences as a Social Protocol: An Examination Within the U.S. Policy Context. ACM Trans. on Internet Technology 2(4) 276-306, Nov. 2002.
[Molnar&Wagner, 2004]: D. Molnar and D. Wagner. Privacy and Security in Library RFID: Issues, Practices, and Architectures. In 11th ACM Conference on Computer and Communications Security (CCS), pages 210V219. ACM Press, 2004
[Juels et al, 2005]: A. Juels, D. Molnar, and D. Wagner: Security and Privacy Issues in E-passports. Cryptology ePrint Archive, Report 2005/095 http://eprint.iacr.org/
[BSI, 2005]: Bundesamt für Sicherheit in der Informationstechnik, Digitale Sicherheitsmerkmale im elektronischen Reisepass. 11.05.2005
[Agrawal et al, 2004]: R. Agrawal, R. Bayardo, C. Faloutsos, J. Kiernan, R. Rantzau, R. Srikant: Auditing Compliance with a Hippocratic Database, VDLB 2004
[Agrawal et al, 2002]: R. Agrawal, J. Kiernan, R. Srikant, Y. Xu: Hippocratic Databases, VDLB 2002
[LeFevere et al, 2004]: K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, D. DeWitt: Limiting Disclosure in Hipplocratic Databases, VLDB 2004
[Asonov&Freytag, 2002]: D. Asonov, J.-C. Freytag: Almost Optimal Private Information Retrieval, PET 2002
[Agrawal&Srikant, 2000]: R. Agrawal, R. Srikant: Privacy-preserving Data Mining, SIGMOD 2000
[Samarati, 2001]: P. Samarati, Protecting Respondent's Privacy in Microdata Release, IEEE Transactions on Knowledge and Data Engineering, 13(6), 2001; 1010-1027.

Gildas Avoine's Web page related to Security and Privacy Issues in RFID Systems: lasecwww.epfl.ch/~gavoine/rfid/.

Last modified: Wed Feb 18 13:45:46 MDT 2009

IBM doesn't necessarily share my personal opinions stated on this page.