Computer and Network Privacy and Security: Ethical, Legal, and Technical Considerations

You have zero privacy anyway. Get over it.

Scott Mcnealy, CEO Sun Microsystems, January 1999

History will record what we, here in the early decades of the information age, did to foster freedom, liberty, and democracy. Did we build information technologies that protected people’s freedoms even during times when society tried to subvert them? Or did we build technologies that could easily be modified to watch and control?

Bruce Schneier, Risks of Data Reuse, CRYPTO-GRAM, July 15, 2007

UIC Computer Science 594 (Special Topics), and also a Kent IIT Law School course

Class: Tuesdays and Thursdays, 2:00–3:15 p.m.

Kent IIT Law School Adams & Clinton; Kent Classroom: 270
(UIC students: Walk North on Halsted, turn right at Adams; if you get to Union Station you've overshot.)
UIC classroom: 303 Stevenson Hall.

January 15 and 17, only UIC students will meet at UIC for a tutorial on law.
No class for UIC students week of March 24–28 (Spring break).
All other weeks: Tuesday class at Kent; Thursday class at UIC.

Prof. Richard Warner, Kent IIT Law School and Prof. Robert H. Sloan, University of Illinois at Chicago Department of Computer Science.

Prof. Sloan office hours: Mondays 11–12, and additionally both drop ins and appointments very very welcome.

This is Prof. Sloan's course page; students definitely need to look also at Prof. Warner's course page. Most readings are posted only there.

Materials

Syllabus (PDF)

Lecture Slides

Links to Selected Required Readings by week

Books for technological side of course:

Michael G. Solomon and Mike Chapple, Information Security Illuminated, Jones and Bartlett, 2005. Available from amazon and also the UIC bookstore.
Ross Anderson, Security Engineering, Wiley, 2001. Also available online via the link.

Except for those two books, unless otherwise indicated, all readings are available on the course websites, mostly on Prof. Warner's course page.

Useful links (a few may be required or optional readings)

About Facebook, The Nation, Jan. 7, 2008. (Facebook and students' notion of privacy)
The case of "Officer Scott": A Hoax Most Cruel, The Courrier Journal (Lexington, KY), Oct. 19, 2005.
National security vs. privacy:

The Spymaster: Can Mike McConnell fix America's Intelligence Community, The New Yorker, Jan. 21, 2008.
Bruce Schneir's response in Wired, Wired, Jan. 24, 2008.

Bruce Schneier, "Why 'Anonymous' Data Sometimes Isn't", Wired, December 13, 2007.
Cory Doctorow, "SCROOGLED," Radar Magazine, September 2007. A more contemporary short-story take on Asimov's "The Dead Past"?
Botnets:

"Bot Scams are Exploding," USA Today, March 16, 2008.
Botnet Guilty Plea, FBI press release, April 16, 2008
Bruce Schneir in Wired on Storm Bot, October 2007.

Public-key Cryptography Software—Gnu Privacy Guard

Gnu Privacy Guard (Main site, but perhaps less easy to use)
GPG packed for Windows
GPG packaged for Mac OS X. You'll want GPG itself and the Keychain access GUI.

Detailed instructions for Mac OS X version

Public-key Cryptography: Obtaining free peronal Certificates for S/MIME email

Leveson paper on Therac-25 accident
Information Security and Economics:

Bruce Schneier, A Security Market for Lemons.
Anderson's slides on economics of Information Security

Alternate version from May 2006 IFIP SEC talk

University of Illinois & UIC policies related to Info Assurance

Illiniois Insitute of Technology (which includes Kent Law School) policies related to Info Assurance

Master list of all technology policies (Note link to Security Policy isn't linking to anything!)
IIT Acceptable Use Policy

Signing and Encrypting email using S/MIME

This will probably be easier if you send and receive email (at least for this assignment) using one of the popular mail reading programs: Outlook, Outlook Express (both Windows only), Apple Mail.app, or Thunderbird (available in Windows, Linux, and Mac OS X versions).

Essentially, you need to (1) obtain a digital emaial certificate, and (2) install it in your email program and set your email program preferences to use S/MIME. You have two choices for getting certificates for free from major companies:

You need a certficiate no matter what, but if you don't want to use a mail reading program, your one other option is a plug-in for GMail read with the Firefox browser. (This did not work out for me in 5 minutes of fiddling on my Mac, but I have gotten email sucessfully signed by at least one student using it, and I imagine it would work out if I devoted 10 minutes to it.)

Academic Integrity; Plagiarism

For UIC students, this is a graduate course with much more writing than a typical graduate course. The minimum penalty for any acts of academic dishonesty will be a grade of F for the course; the maximum expulsion from UIC.

Plagiarism is using another's ideas or words without proper acknowledgment. You must cite any sources you have used. In addition to citing a source generally in a bibliography, you must indicate any phrases you use from sources by putting them in quotation marks (short to medium quotes) or setting them as block quotes (longer excerpts) with an immediately following citation.