Class meeting time: Tuesday-Thursday, 3:30-4:45pm, Sumwalt 305

Office hours: TBA

This URL is www.cse.sc.edu/~buell/sccc380p/sccc380p_2006_1spring.html

My home page is www.cse.sc.edu/~buell/Home.html

Caveat

Outline, Prerequisites, and Expectations:

A key feature of modern life is the electronic storage, transmission, and exchange of personal information among schools, employers, health and financial services providers, and many other entities. Electronic commerce, electronic voting, anonymizing web servers, and the nature of the global world with its highly varied laws regarding privacy and the expectations of privacy have created a situation in which the public policy surrounding cryptography and related issues of privacy has fallen behind the advance of technology.

This course, to be run as a seminar, will explore the public policy issues connected to information security and personal privacy, including such things as the nature of the technologies used to ensure privacy and information security, the role of the government in setting standards, and the complications generated by differences in legal systems around the world in the global "infospace."

We will cover some of the background technical material necessary for an understanding of the issues of computer security, electronic privacy, and the use of computers in areas like voting. We will examine why policy decisions are both difficult in this area and different from those in other areas, and we will discuss some of the as-yet-unresolved issues in the conflict. By focusing on recent case studies, students should learn to make reasoned conclusions about public policy based on an understanding of how modern computer technology often requires judgements different from those of traditional thinking and past case law.

We will rely heavily on contemporary material and case studies. Students will be expected to participate in discussions and write a term paper on a relevant focus topic. We are unlikely to come to any "conclusions" as to what policy should be; the goal will be that students be able to understand the competing sides of what is in the US are active debates on privacy and the data whose secrecy guarantees privacy to individuals.

Nominally this course has no programming prerequisite and no mathematics prerequisite beyond College Algebra. Realistically, if the topic is the policy relevant to highly technical material, one will have a better understanding of the issues if one understands something about the actual material. The dearth of expertise among politicians, lawyers, and judges is part of what has led us to the mess we are in with unclear policy and very bad precedents.

Students will be expected to be sufficiently computer literate as to be able to find material on the web and make sense of it and sufficiently mature to be able to separate flames in newsgroups from substantive commentary by reputable sources.

The main texts for this course will be

• Michael Quinn Ethics for the Information Age, Addison Wesley, 2004. (We will use this text occasionally; it is not necessary to purchase this for this course.)
• Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, MIT Press, 1998. (This text is required, but it is available free online in pdf form.)

Other references for this course will include

• S. Landau, S. Kent, C. Brooks, S. Charney, D. Denning, W. Diffie, A. Lauck, D. Miller, P. Neumann and D. Sobel, Codes, Keys and Conflicts: Issues in U.S. Crypto Policy, Association for Computing Machinery Press, 1994.
• James Bamford, The Puzzle Palace, Penguin Books, 1983.
• James Bamford, Body of Secrets, Anchor Books, 2002.
• Matt Curtin, Brute Force: Cracking the Data Encryption Standard, Copernicus Books, 2005.
• Ronald Lewin, The American Magic, Penguin Books, 1983.

Web Page Links

• The Fall 2005 cryptography course web page
• The Fall 2003 algorithms course web page
• Crypto page of Matt Blaze.
• Home page of Avi Rubin, who has shown us why skepticism is warranted.
• Home page of Susan Landau.
• Home page of Bruce Schneier.
• Home page of Marian Kassovic.
• Links on electronic voting
• The gmp multiprecise arithmetic package.
• Johannes Buchmann's home page and links to the Lidia package.
• Henri Cohen's home page and links to the Pari package.

Tests and assignments

There will be one midterm exam and a final exam during the semester and a term paper to be written.

The midterm is presently scheduled for 14 February 2006, timed so that you can get back your exams on or before the last day to drop without receiving a WF grade (that day is Monday 20 February).

The final exam is scheduled for Thursday, 27 April 2006, at 5:30 pm.

Grading scheme

The final grade will be computed on the basis of the weighted average of the scores for

• participation and discussion (10%),
• the midterm exam (30%),
• the term paper (30%),
• the final exam (30%).

The final grades will almost certainly be curved, but you should expect no lower a grade than you would receive under the usual 90/80/70/60/50 scheme.

Lecture notes, slides, and pointers

• Lecture notes 1 pdf
• Lecture notes 2

Deadlines

Assignments will have due dates. Unless otherwise specified, these will be turned in by the beginning of the class period on the due date. Late assignments will not be accepted without prior arrangement to accommodate truly extraordinary circumstances.

Academic Honesty

Assignments and examination work are expected to be the sole effort of the student submitting the work. Students are expected to follow the Code of Student Academic Responsibility found in the Carolina Community and should expect that every instance of a suspected violation will be reported. Students found guilty of violations of the Code will be subject to academic penalities under the Code in addition to whatever disciplinary sanctions are applied.

There seems to be a widespread misunderstanding of the concept of "your own work." In addition to the USC Code, some good sources of text for what is or is not acceptable behavior are the academic honesty policy statement from Harvey Mudd College, the policy statement from Professor Steven Huss-Lederman at Beloit College, and the text of part of the collaboration policy statement from MIT. You can expect your programming assignments to be checked against those turned in by other members of the class as well as code that I can find on the web. I expect the correlations between your work and that of others to be minimal.

A sample first-offense admission can be found at admission.

Proper Use of Computing Resources

Students are expected to be aware of the university policy on use of computing resources, including the Student Guidelines for Responsible Computing, as well as the college and departmental policies on proper use of computing resources. Every instance of a suspected violation will be reported. Students should be aware that neither the instructor nor the department are responsible for making alternative arrangements should improper use leading to revocation of access to departmental or college resources make it impossible for you to complete the programming assignments on time.

On the nature of academic work

Students might also find relevant an essay from a professor at Georgia Tech.