Course Syllabus

DHP P237M/CS150-09: Privacy in the Digital Age


Course Requirements and Grading:

You will have three written assignments and one group presentation. Two of the writing assignments will be three-page briefing papers; the third will be longer (10 pages) and will be written in conjunction with a group presentation for the final day of the module. Though the project and presentation will be a group effort, the paper itself should be done individually.

In addition to the week's reading, you are all required to send me a discussion question based on the week's reading. This should be a discussion question salient to the reading, and should focus on important issues that need discussion. This assignment is for weeks 2-6, and is due by 10 pm on Monday evenings.

  • Two three-page papers: 10% of grade each.
  • Group presentation: 20%.
  • Ten-page paper: 40%.
  • Class participation: 20%.

Class participation matters in your grade; I'll expect you to attend all classes in this six-week course.

Note that there are no late assignments. Six-week modules are short; you haven't time to do things late. Any assignment not handed in at the beginning of the class in which it was due will not be accepted, and you will receive a "0" for that particular effort.


Course Expectations:

The course has lots of readings and no exams---but class participation counts 20% of your grade. Do the reading before class, think about what you've read, and come in informed and ready to discuss the issues.

I like to grade papers with a pen in my hand and paper rustling. So please hand in your papers in hard copy as well as sending me an electronic copy. Papers are due at the beginning of class. There are no exceptions to that rule.

Writing well is important in virtually any career you might have, and I expect clear, careful writing in all assignments. Writing well involves thinking clearly, organizing your thoughts, and then expressing them clearly. Although two of the papers for this course are just three pages, don't be fooled by the short length of the assignments. Such brevity means you must work hard to get important ideas into a small amount of space (and please use 12 point fonts). Woodrow Wilson is said to have responded when asked how long it would take to write a speech, "That depends on the length of the speech. If it is a ten-minute speech it takes me all of two weeks to prepare it; if it is a half-hour speech it takes me a week; if I can talk as long as I want to, it requires no preparation at all. I am ready now." That's exactly right. Think hard, write down your ideas, and then express them succinctly.

My personal favorite book on writing is the decades-old Strunk and White, Elements of Style. If you need more help on writing, take advantage of the Tufts Writing Center.




January 23: Introduction: threats to privacy and the special case of communications

  • Setting context: what is privacy?
  • Is privacy a fundamental human right?
  • How are we identified?


January 30: Methods of tracking and de-identification

  • Breaking users' privacy: packet sniffing.
  • First-party data collection; third-party data collection: how ad networks work; surveillance by ISPs.
  • Tracking users: cookie tracking, ads.
  • Understanding privacy threat models.

(Note that the first week's set of readings is particularly long, as it has readings coalescing the discussion of the first class and providing background for the second class. If you haven't time to read everything before the second class, please read the papers for that class first, then play catch up on the papers by the third class.)


Papers for "Threats to privacy":

Papers for "Methods of Tracking and De-Identification":


Assignment: View "The Lives of Others" or read Timothy Garton Ash, "The File: A Personal History." Write a three-page briefing document for an EU data privacy commissioner describing how modern communications technologies change the abilities to conduct the type of surveillance shown in "The Lives of Others" or "The File." Due at the beginning of class.


February 6: The Special Case of Communications

  • Communications content and metadata: legal protections, changes the Internet brings to the distinctions.
  • Wiretap law.
  • How IP comms create multiple complications.




February 13: Privacy protections: technical and otherwise

  • Encryption (quick overview); Tor; Differential privacy; Privacy policies.



February 20: Legal protections for privacy

  • Fair Information Practices; implementation: Sector-specific laws (Fair Credit Reporting Act, GINA).
  • Data commissioners, and data protection in a globalized economy and a cloud infrastructure; Right to be Forgotten, GDPR.
  • Impact of ex ante regulation on innovation.


Assignment: The Secretary of State is considering funding a project supporting development of the Tor browser ( The Department of Justice opposes such a move, but the UN and various human rights organizations are strongly in favor. Install a Tor browser and use it for at least half your browsing during the week. Write a two-page evaluation for a senior official in the Department of State describing the tradeoffs in using a Tor browser versus using a standard browser. Discuss which types of users interesting to State will be likely to use Tor. Make a recommendation whether the ministry should fund Tor's development and why that would or would not be in the nation's interest. Note: you are free to choose a country other than the United States for this exercise. Due at the beginning of class.

IMPORTANT NOTE: February 22 is a Monday schedule for Tufts AS&E students and a DC trip day for Fletcher students. Because of this, there is no class on February 22.

February 27: Government threats to privacy

  • Snowden disclosures.
  • Hacking Team and Citizen Lab studies.
  • Iceland genome database.
  • India biometric authentication.
  • China and the Surveillance State



March 6: Student presentations

The class will be divided into groups of three students who will prepare a presentation on a technology that raises a privacy issue. Presentations will be twelve minutes long, to be followed by a four minute Q&A. The presention should cover the following issues:

  • What is the technology?
  • What privacy issues does it raise?
  • How are these being handled?

The presentation will be a group effort, and grading will be assigned partially on a group level and partially on an individual basis. I will ask each group to provide me with a brief memo describing how each member contributed to the group effort. In addition, each student will write a paper (of up to ten pages) discussing what and how privacy protections can be instituted in that situation. The paper should discuss, with clarity and precision, what the barriers are to adopting privacy-enhancing solutions, and the likelihood of such solutions being implemented.

List of possible topics:

  • Internet of Things.
  • Smart Meters.
  • Inter-Vehicle Communication.
  • Regulation of surveillance technologies.
  • Open sourcing of citizen-supplied data (e.g., London Transport Information).
  • Regulation of private-sector data aggregators.
  • The failure of P3P.
  • Genomic testing by private parties (e.g., 23andMe).
  • India's proposed Data Protection Framework.
  • A topic of your choice—this must be approved by me by February 6.






Course Summary:

Date Details Due