Syllabus - CSCI 435 - Anti-Forensics and Digital Privacy
Basic Information
- Section: D1
- Semester: Spring 2022
- This is an asynchronous distance learning course. The only required meetings are one-on-one meetings with the professor for interviews (competency-based grading), which will be scheduled individually.
- Prerequisites: Junior standing
- Credit Hours: 3
- Course Purpose: Introduces principles of digital privacy using anti-forensic techniques.
- Intended Audience: TODO FIX UP
Instructor Information
Dr. Mike Murphy
Please see the About Me page for contact information, and check my Schedule for office hours information.
Catalog Description
This course complements CSCI 434 by focusing on techniques to reduce the amount of information collected and stored by computer systems, with an emphasis on protecting the system and user from fraud and identity theft resulting from a compromised or stolen system. Concepts related to privacy in the digital world are discussed. Vulnerabilities in digital devices are explored in the context of a dystopian society in which citizens are under perpetual surveillance.
Course Student Learning Outcomes
Upon successful completion of this course, students should be able to:
- Describe ways in which modern computer systems, televisions, mobile phones, and other consumer electronics devices can be used to spy on users and bystanders.
- Explain how personal information, collected with or without consent, can be used to impersonate, manipulate, extort, rob, sue, prosecute, or coerce an individual.
- Articulate a personal threat model with vulnerabilities and controls.
- Implement anti-forensic data safeguards and procedures to reduce exposure to undesired data collection and discovery.
- Define identity theft and implement personal and corporate security controls to reduce the risk of victimization.
- Identify ways in which governments can utilize consumer electronics as part of a large-scale surveillance system.
Measured Competencies
The interview-based assessment mechanism in this course will measure the following competencies:
- Ability to configure a Web browser to improve online privacy.
- Understanding how digital forensics tools can be used both to solve and to facilitate crime.
- Recognition of the inability to protect personal privacy on a Windows or macOS computer.
- Recognition of cybersecurity terminology (confidentiality, integrity, availability, threat, vulnerability, control, threat actor, critical vulnerability).
- Ability to identify threat actors in the context of digital privacy.
- Understanding market and political forces that oppose greater regulation of privacy-invasive technologies.
- Understanding how corporations collect personal information from often unsuspecting users.
- Recognition of possible consequences of voluntary or involuntary disclosure of private information.
- Recognition of the loss of constitutional protections for electronically stored data.
- Understanding the basic theme and plot of 1984.
- Recognition of the privacy-invasive technologies found in 1984 and how modern devices are equivalent or worse.
- Recognition of privacy-related terminology (PII, personal data, sensitive PII, sensitive personal data, notice, awareness, choice, consent, access, participation, direct PII, linked PII, linkable PII, classification, data breach, high confidentiality impact, moderate confidentiality impact, low confidentiality impact, de-identification, data controller, data processor, data subject, data protection officer, personal information, threat model).
- Ability to articulate ethical obligations concerning privacy, as stipulated by the ACM and IEEE Codes of Ethics.
- Understanding Fair Information Practice Principles.
- Recognition of benefits and obligations under the GDPR and CCPA.
- Ability to assess the potential impact of a data breach on an individual or corporation.
- Ability to articulate a personal threat model.
- Understanding the dangers of using “smart” devices.
- Understanding specific privacy risks of using mobile devices (including cell phones) and available mitigations.
- Understanding the benefits, drawbacks, and limitations of using a VPN or Tor for online privacy.
- Recognition of the potential privacy dangers inherent with online and cloud computing services.
- Understanding the benefits of encryption and why back doors in encryption systems are a fundamentally bad idea.
- Recognition of cryptanalysis techniques, including rubber-hose cryptanalysis.
- Understanding how artifact minimization and control (anti-forensic techniques) can be used to improve privacy.
ABET Assessment
This course measures the following Performance Indicators:
- 1.1 - Define requirements and/or specifications for a computing problem.
- 1.2 - Analyze a complex problem by breaking it down into smaller components.
- 1.3 - Select an existing solution to mitigate or solve a problem.
- 1.4 - Solve a problem by applying principles of computing and/or other relevant disciplines.
- 2.1 - Design a system to meet specific requirements.
- 2.2 - Implement a system to meet a set of requirements.
- 2.3 - Evaluate a solution against requirements.
- 4.1 - Recommend a course of action for an ethical/legal issue in the discipline.
- 4.2 - Illustrate a violation of a professional code of ethics (ACM, IEEE).
- IT 6.1 - Analyze user needs to determine requirements of a computer-based system.
- IT 6.2 - Create appropriate IT-based solutions based upon user needs.
- IT 6.3 - Select systems appropriate for different user and environment requirements.
Texts and Materials
- REQUIRED: Orwell, George. 1984. Signet Classics, 1961. ISBN-13: 978-0451524935.
- Readings, reference materials, tutorials, and videos will be assigned, requiring Internet access.
Grading
This course does not use grades in the traditional sense. Instead, mastery of course competencies is measured through an interview-based evaluation system. You will have several interviews with me over the course of the semester, each of which will measure competencies related to the course material. At the end of the semester, letter grades for the course will be assigned based upon satisfying the course competencies:
| Letter Grade | Description |
|---|---|
| A | All course competencies are met. |
| B+ | One (1) course competency is missed. |
| B | Two (2) course competencies are missed. |
| C+ | Three (3) course competencies are missed. |
| C | Four (4) course competencies are missed. |
| D+ | Five (5) course competencies are missed. |
| D | Six (6) course competencies are missed. |
| F | Seven (7) or more course competencies are missed. |
During the semester, course competencies that have already been evaluated are assigned a status of “met,” “deferred,” or “missed.” For more detailed information, please see the Competency-Based Evaluation document.
Midterm Rule
Notwithstanding the above letter grade mapping, if you miss five (5) or more competencies before the last day to drop the course with a W, you will receive a course grade of F if the course is not dropped. Exceptions to this policy will be given only in circumstances that are both extensive and would otherwise meet the criteria for an excused absence under University Policy STUD-332: Class Attendance. An extensive circumstance is one that is ongoing for a period of two (2) or more weeks. For the purpose of this policy, you must give me documentation and request an exception no later than 5:00 PM ET on the day prior to the last day to drop the course with a W, unless you are hospitalized or deployed on active military duty on that date.
The purpose of this rule is to protect your GPA. In my experience, students who fall far behind during the first part of the semester rarely catch up in the end. Taking a D or F in a course has a significantly detrimental impact on your GPA, while dropping with a W has zero impact.
For the last day to drop a course with a W, please see the official Academic Calendar.
Grade Curve
In the event that unforeseen circumstances require a grade curve at the end of the semester, the number of satisfied competencies required to achieve a given final letter grade would be lowered. You should not expect such a curve. IF a curve is required, it might not be uniform with respect to each letter grade. Students who will be assigned a course grade of F as a result of the Midterm Rule, and students who are found to be in violation of the University Academic Integrity Code in this course, are NOT eligible for any grade curve.
Quarantine or Isolation
Since the interviews for this course are conducted electronically, quarantine or isolation by itself (e.g. for COVID-19) is not a valid excuse for any exception to a course policy or deadline, including the Midterm Rule. A symptomatic illness that is significant enough to interfere with your ability to complete your work would qualify for an exception, provided the illness lasts at least two (2) weeks. Documentation of the illness and its duration may be required.
Additional Policies and Information
The following policies and documents are incorporated into this syllabus by reference:
- Competency-Based Evaluation
- Common Course Policies
- Online Learning Expectations
- Contingency Plan
- First Week Checklist
- Student Services Guide
Disclaimer
Portions of this course may deal with issues related to cost analysis, laws, and ethics. The instructor of this course is not a lawyer, accountant, or financial advisor, and no portion of this class constitutes legal or financial advice. This syllabus and schedule are tentative and subject to change with notice to the student during the semester. If a portion of this syllabus is found to be non-compliant with University policies or applicable laws, the remainder of this syllabus will remain effective.