Assignments

Assignment for Monday, Jan 26:

Watch this TED talk.

Assignment for Wednesday, Jan 28:

To tell you what modern-day cryptography is and to put the issues surrounding it in context, I will for the next couple of classes talk about the history of cryptography from antiquity to the 1960s (this is when the story takes a sharp turn and gets especially interesting with the advent of the internet and public-key cryptography). This will also allow me to start introcuding the mathematics behind the most common cryptosystems. In preparation for the history part, please read this brief history of cryptography from An Introduction to Cryptography by R. Mollin. You don’t need to post any reponses to this reading on the discussion forum. If you’re interested in learning more about the history of cryptography, this wikipedia page is pretty good as well.

Assignment for Friday, January 30:

Nothing due.

Assignment for Monday, February 2:

Today we will start our discussion of the notion of privacy, its history, conceptualization, and the laws that govern it. To start, I’d like you to read What is privacy? from The End of Privacy by C. Sykes. As you read this, think about the following questions:

  • Can you come up with an example of an action which might constitute a violation of privacy in America but would not in another country (or vice versa)?

  • How about in the context of history? Can you think of something which would have been considered a violation of privacy in America some time ago but no longer would (or vice versa)?

  • How much are you comfortable with, or would allow, the government knowing about you? Is there anything you would allow the government but nobody else to know? Do you think this tolerance threshold is something that has varied throughout history for people? Is it different in different cultures?

Please post your responses to any of these questions on the discussion forum, or if you prefer to respond to something else from the reading, please feel free to do so.

As an optional reading assignment, you could take a look at this page on the history of number theory, the field of mathematics where much of cryptography we will learn in this class lives. Number theory is one of the most beautiful and elegant branches of math that abounds with unsolved problems that are frustratingly easy to state yet difficult to solve, such as those on this list.

Assignment for Friday, February 6:

Nothing due.

Assignment for Monday, February 9:

The first thing I'd like you to read for this week is Who is watching us from Dragnet Nation by J. Angwin. This gives more examples of how privacy might be in jeopardy, and also ties into the businesswomen example from Sykes' reading. As some of you observed, Sykes might be a little too alarmist and his example may be too far-fetched, but this reading gives more concrete situations from real life. Feel free to address anything you'd like from Angwin's writing in your response. As you read this, you might also want to think about and respond to some of the issues that were raised in our discussion:

    • An argument can be made that if you do not have anything to hide, then you should not care about being watched. Are there limitations to this reasoning? What does this mean in practice? Can you give some examples? How closely does this argument align the desire for privacy with the need to hide something? Should those be aligned or is there a clear distinction between the two?

    • What about the argument that we should all be ready and willing to give up some or all of our privacy in the name of crime prevention? After all, wiretapping or hidden cameras can lead to information that can help thwart the next terrorist attack. Again, what are the limitations, if any, of this argument and what could this turn into in practice? (Questions like this will later lead us to the Fourth Amendment and the discussion of current privacy legislation.)

    • More generally, would you be willing to relinquish more of your privacy in a time of crisis (war, imminent terrorist attack, etc.)? Would such curtailment (possibly temporary) of rights be justified or would it threaten constitutional democracy?

The second reading is Conceptualizing privacy from Understanding Privacy by D. Solove. This reading proposes and discusses several definitions of privacy. Having such definitions is crucial from the legal and policy-making standpoints. However, Solove argues that each of the attempts to define or conceptualize privacy is flawed. In your responses, you might want to explain, in your own language, what these conceptualizations entail; what the difference is between privacy and secrecy; tell us why you think one definition makes more sense than the others; or try to address Solove's rationale for the deficencies of each.

Lastly, as an optional reading, take a look at The right to privacy by S. Warren and L. Brandeis. This ties into Solove's reading above since his first explanation of privacy is as "the right to be left alone", an approach to understanding and defining privacy championed by Warren and Brandeis in this highly influential article. Solove summarizes this article, but the original is well worth the read. You should feel free to address any aspect of this article in your responses as well.

Assignment for Wednesday, February 11:

Nothing due.

Assignment for Friday, February 13:

Please turn in the following problems. In addition to your notes, Congruences from Elementary Number Theory by K. Rosen also covers most of the material you will encounter in this homework assignment.

Assignment for Monday, February 16:

No class. Presidents' Day.

Assignment for Wednesday, February 18:

We will discuss the reading and your responses from the February 9 assignment since that was a snow day and classes were canceled. I would also like you to read History of public-key cryptography from The Code Book by S. Singh. This is an easy read which picks up where we left off in class with the history of cryptography. It tells the story of how computer encryption developed in the 60s, the problem with key distribution, and the birth of public-key cryptography with the Diffie-Hellman key exchange and the RSA cryptosystem (we will study the math behind these systems later). If you feel like responding to this reading before Wednesday's class, please feel free to do so (but you are not required to).

As you read this, think about the following: Could you explain to someone who doesn't know much about cryptography what public key cryptography is? What is the basic difference between a public key cipher and, say, the Vigenère cipher? What is an asymmetric cipher?

Lastly, Singh talks about ARPA, which is the Department of Defense's fanciest research arm. This is a very fascinating organization, responsible for the internet, GPS, and scores of other inventions which started as military projects but eventually found their civilian use. Now called DARPA, it employes only the smartest of the smart in math, science, and engineering for advancing the military's technological edge. You might want to browse their website for more details on what kind of stuff they do.

Assignment for Friday, February 20:

Nothing due.

Assignment for Monday, February 23:

The first article I'd like you to read is Privacy isn’t everything: accountability as a personal and social good by A. Allen. The author here argues that various matters and "self-regarding actions" that we think of as private should in fact be subject to public accountability (to law, judge, jury, government, community, etc.). As you read this, try to think about the following:

    • What does Allen mean when she says that "privacy is our repose and intimate accountability our engagement"?

    • What is her argument against what John Stuart Mill says in the sentence she quotes from On Liberty? (By the way, Mill is one of the most influential thinkers in the domain of privacy; here is more on him.)

    • What do you think about the notion that accountability should enter the "territory of personal affairs and non-commercial enterprises"? What are some examples Allen gives of when accountability trumps privacy and what do you think about them?

    • What is "New Accountability" and what does this mean?

Feel free to comment on these questions or anything else from this reading in your responses.

I would also like us to start learning and discussing various legislation that has an impact on privacy. To start, you should read this Short history of privacy and security from Nothing to Hide by D. Solove. This is a quick read that gives a brief overview of the various laws and regulations that govern privacy. Then familiarize yourself the Fourth Amendment, the most important piece of legislation protecting privacy. As you read about the Fourth Amendment, think about (or research) what might constitute an "unreasonable search-and-seizure"; what are some examples of the "exclusionary rule", "expectation of privacy", "plain view", and "probable cause"; and what some gray areas in the interpretation and implementation of the Fourth Amendment might be. Feel free to write about any of this in your responses. If you come up with or find some examples of situations where the Fourth Amendment plays an interesting role, you can also share that in your responses.

Assignment for Wednesday, February 25:

For today, try to read Imperial Bedroom by Jonathan Franzen. This essay appeared in The New Yorker in 1998, but is equally relevant today (although you might want to read about the Kenneth Starr report so you can understand the historical context of the essay's starting point). In it, Franzen argues that our infatuation and the lament for the "loss of privacy" is misplaced and that the real danger comes from the invasion of our privacy by too much display of others' private lives. As he says in this video interview where he talks about why he wrote Imperial Bedroom, privacy protection should be about the "assault from other people's stained underwear".

This is an optional assignment, but I strongly encourage you to do it. As usual, you can tell us what you thought about it in a written response.

Assignment for Friday, February 27:

Please turn in the following problems.

Assignment for Monday, March 2:

Today we will discuss the laws and regulations governing privacy. Since we did not get to talk about the Fourth Amendment last week, you should look at the assignment from a week ago. Feel free to address any of the questions about this legislation posed there in your written responses.

I'd also like you to look at the Wikipedia page on national security. Much of the impetus for the legislation that has repercussions on privacy arises from concerns about national security. You do not have to read this entire webpage, but you should observe that the notion of national security is not quite well-defined and is in flux. You should definitely pay attention to the cybersecurity subsection of the page and, if you have time, should follow the link given there to the page on computer security. Cryptography is mentioned in various places on that page (check out the subsection on backdoors; we'll talk about these more later).

I would also like to discuss the Patriot Act and its impact on privacy. Some material on this topic can be found in this congressional research service report and this article. You are free to address anything from these writings in your responses. However, if you can find more recent information about the Patriot Act's impact on privacy or interesting examples of how privacy has been or could possibly be affected by it, you could write about that as well. The Patriot Act not only introduced new legislation but also amended a variety of the laws that were in place prior to 9/11, so one potential topic for you to think and write about is how the privacy landscape might have changed with 9/11.

Another option for your reading response is to research and describe some other legislation that has an impact on privacy. A list is given here, but the links there lead to the actual legislation in which the language is dry and often hard to parse, so it would be nice if you could find some explanations of some of these laws elsewhere and summarize them in your writing.

Assignment for Wednesday, March 4:

For today, I’d like you to read this chapter from Secrets and Lies by B. Schneier. Here Schneier summarizes the ways in which digital threats that arose in the last twenty years or so pose new challenges for law enforcement and new dangers for national security. Try to think about each kind of attack in terms of cryptography -- how could cryptography make attacks easier, the perpetrators harder to find, or whether digital attacks could be prevented if law enforcement had the ability to decrypt intercepted information that is encrypted.

You should also pay special attention to the technique propagation section; as we will see later, when publicly available and easily implemented cryptography became available for people to download and use, it gave them a way to protect themselves from snooping and data mining. The government did not like this loss of control and got involved in the regulation of cryptography. This started the so-called first crypto wars which we will learn about later.

As usual, you can post a response to this reading, but you are not required to do so.

Assignment for Friday, March 6:

Nothing due.

Assignment for Monday, March 9:

Today we’ll start discussing how national security concerns and cryptography came together in what is known as the first crypto wars of the 1990s. Here is an overview of what happened, but the articles I want you to read and think about are Pretty good privacy (PGP), key escrow, and Clipper from The Code Book by S. Singh and More PGP, key escrow, and Clipper from Privacy On the Line by W. Diffie and S. Landau (you should read them in that order). The first gives a detailed description of the controversy surrounding Pretty Good Privacy and its creator, Phil Zimmemann. If you want, you can also read his own account of why he wrote and published PGP. The second reading gives more detail about the controversy involving the introduction of the Clipper chip and key escrow, as well as the legislative battle that ensued (and ended in 2005; more on this can be found here). If you’re eager to read more, check out this article from the New York Times that recounts the first crypto war and the rise of public key cryptography.

As you read these, try to understand the two aspects of PGP -- message encryption and message authentication. PGP is based on the Diffie-Hellmann key exchange which we will study later and is still used as the standard tool for encrypting email and texts. Here are some other questions:

  • What do you think about Zimmermann’s decision to post PGP on the internet? In light of Singh’s examples of how cryptography can be used by criminals and terrorist organization, was this irresponsible (again, here is his own account of why he published it, in case you want to hear his side of the story).

  • Singh also gives examples of how cryptography can be misused by governments, so, with all this in mind, what do you think about regulation of cryptography? Is (some degree of) it necessary and desirable? Can you put this into the context of 9/11 (Singh wrote his book before then)?

  • What do you think about the import/export regulations of cryptography? Is this useful or necessary? How would it be implemented?

    • Singh says “Possibly the greatest allies of the civil libertarian cause are the big corporations”. What does he mean by this?

    • Why did the government’s attempt to introduce clipper and capstone fail?

As usual, feel free to address any of the above questions in your writing, but also feel free to write about anything else you find interesting in these readings.

Assignment for Wednesday, March 11:

Today we’ll continue our discussion of cryptography regulation and the first crypto wars. Read the following arguments for and against regulation of cryptography from Cryptography and Public Key Infrastructure by K. Schmeh. Keep in mind that this is dated, so that, for example, when Schem says “DES is still used on a grand scale”, this is no longer true. Nevertheless, his summary of the main arguments for and again crypto regulation is spot on. If you have any comments about this reading or further thoughts about our this Monday’s reading and our discussion of them, please feel free to tell us about it.

Another thing I’d like you to do it to think about a potential topic for your project. Here are some ideas:

The following may contain some math:

  • 0-knowledge proofs

  • Advanced Encryption Standard

  • Homomorphic encryption

  • Quantum cryptography

  • Electronic voting

The following may not contain any math:

  • Wikileaks

  • Snowden and his revelations about NSA backdoors

  • Big data and implications on privacy

  • Echelon

  • Privacy regulations across countries

  • Privacy across cultures

  • Ideas for protecting privacy with legislation

  • Cryptography export controls

Each one of you will be doing a different topic so you should email me your top four choices as soon as possible. If there is something we talked about in class you’d like to explore further or something you ran across on your own you’d like to research, that would be fine, but you should talk to me about it first.

Assignment for Friday, March 13:

Please turn in the following problems. In addition to your notes, Euler Theorem from A Friendly Introduction to Number Theory by J. Silverman also covers much of the material you will encounter in this homework assignment.

Assignment for Monday, March 16:

No new reading or homework due since we have an in-class midterm exam today. This is our last class before the spring break.

Assignment for Monday, March 30:

Today we will continue our discussion of the First Crypto Wars. The last reading on this topic will be A case for regulation of cryptography from The Limits of Privacy by A. Etzioni. This is an influential text that came out in 1999 that favored the regulation of cryptography. Here are some things to think about as you read this:

    • What do you think about the last item on Etzioni's (really Denning and Baugh's) list of the five threats cryptography poses for law enforcement?

    • What is "voluntary key recovery" and why didn't this approach work?

    • What is the main practical objection to key recovery? What do you think about Etzioni's arguments for why key recovery might still work despite this objection?

    • What do you think about the issue Etzioni's takles with Zimmermann's postcard/letter analogy?

    • What about his counterargument for those who claim that key recovery would almost certainly be misused if a tyrannical government came into power?

    • What do you think about Froomkin's arguments against crypto regulation and Etzioni's counterarguments?

  • How about his response to Rivest's analogy of the Clipper chip or his assessment of cipherpunks?

By the way, Etzioni mentions Dorothy Denning, who is one of the most important security analysts and writers on the topic of privacy and cryptography. We won't have time to discuss anything she's written, but if you're interested, here is her Wikipedia page; here is one of her articles, from 2000, where she discusses cyberterrorism and gives predictions about its development (was she right?); and here is one of her talks in which she argues that export of cryptography should be regulated (all these are optional readings).

The second reading assignment is Privacy and code from Code 2.0 by L. Lessig. The scan contains the chapter on privacy but also the book's introduction so that you have some context. This book on cyberlaw is also very influential, and Lessig in it argues that code itself serves as a regulatory instrument of the cyberspace. This is not a reading on cryptography and privacy per se, but it fits into many aspects of the discussions we've had so far in the sense that cryptography is also coded so it is automatically a part of the system that Lessig would argue should make up the fabric of the cyberspace's regulatory network. Here are some things to think about as you read this:

    • What does Lessig's premise "code is law" mean? How would code act as a constitution of sorts in cyberspace? What do you think about this?

    • What do you think about his claim that "left to itself, cyberspace will become the perfect tool of control"?

    • Can you think of an example of code acting as a regulator in cyberspace?

    • Do you agree with Lessig that we're not up to the challenges he talks about (p. 8)?

    • Do you think Google did the right thing by not letting the government look at its database?

    • What do you think of Lessig's invocation of 1984? Why are things potentially even worse now than in that book, according to him?

    • What about the argument that, since the machine is doing the surveillance, there is no real breach of privacy, and the counterargument that "the very idea of a search is an offense to dignity" (p. 211)? Do you have an answer to Lessig's questions "what is indignity in this situation" and "how is it expressed" (p. 213)?

    • According to Lessig, why could different conceptions of privacy yield different actions and results now more so than in the past? (This takes us back to our discussion of the various conceptualizations of privacy.)

    • What do you think about "the burden is on you" argument against data mining (p. 218)? What about the counter-surveillance proposition by Brin (p. 218-219)? (The latter takes us back to our discussion of accountability and privacy.)

    • What do you think about Lessig's proposed solutions of building PET and P3P into machines? How would this be implemented? Would cryptography play a role? What about the "privacy as property" proposal (item (3) on p. 228)?

Here is also a brief video of Lessig discussing some of these topics.

As usual, in your responses you can address any of the questions above or anything else that strikes you as interesting.

Assignment for Wednesday, April 1:

There’s no new assignment for today. We’ll continue to discuss the Etzioni and Lessig readings.

Assignment for Friday, April 3:

Nothing due.

Assignment for Monday, April 6:

We will continue to discuss the Lessig article. Please go over it before class and post a response if you haven't already or have something to add to your old one.

In addition, please read Strong encryption exists, so why isn’t anyone using it? Think about what the answer to the issue of end-to-end encryption causing a reduction in services provided by Google, Facebook, etc. (one answer might be homomorphic encryption). What about the issue of the impossibility of retrieving a password? Do you see a way around this with end-to-end encryption? Can encryption and the convenience of the internet coexist?

Assignment for Friday, April 10:

Please turn in the following problems. To help you do the problems, in addition to your class notes, see Diffie-Hellman and digital signatures from Elementary Number Theory by K. Rosen

Assignment for Monday, April 13:

Today we'll talk about anything you want. More precisely, I'd like you to think about some topics we visited or discussions we had that you felt were unfinished. Alternatively, browse the materials under the headings Second crypto war? and Recent Developments on our reading materials and handouts page and see if there is anything there that you feel we should discuss. Or if there's something you're interested in that's not listed there, it's fine to bring that up as well. Keep in mind that various topics will be covered in the presentations, so if you'd like to talk about something, it should be a topic that's different from those (see below for list of presentation topics).

In your responses, tell us what you'd like us to discuss or hear more about. If your topic comes from something you read on a website, please include the link in your response.

Assignment for Friday, April 17:

Please turn in the following problems. To help you do the problems, in addition to your class notes, see RSA cryptosystem from Elementary Number Theory by K. Rosen

Assignment for Tuesday, April 21:

There is no reading assignment for today except that you should continue working on your papers and presentations. We will have a guest lecture on adnostic by Professor Darakhshan Mir (at 2 pm). Update -- here are the slides from her talk. We’ll hear presentations on

Assignment for Friday, April 24:

Nothing due.

Assignment for Monday, April 27:

No reading assignment. We’ll hear presentations on

Assignment for Friday, May 1:

Nothing due.

Assignment for Monday, May 4:

Today is our last class. Your reading assignment for is What can be done to protect privacy from American Privacy by F. Lane. This gives a nice summary of the issues surrounding privacy as well as some suggestions on what can be done to protect it. You do not read to write a response to this reading, but we will set aside a few minutes of class to talk about it.

We’ll also hear presentations on