More and more of our data is being collected by both governments and private companies. There is increasing evidence of regimes using networking technologies to censor information. New policy and legal frameworks being developed to establish or curb online freedom. In light of these trends, understanding the technical aspects of privacy, anonymity, and online censorship becomes increasingly important for computer scientists.
This course will focus on these issues. We'll discuss attacks on privacy and cover notions of privacy, including differential privacy, k-anonymity, and others. We'll talk about tools for online anonymity, including Tor and others, as well as the technical means used for online censorship, including firewalls, deep-packet inspection, DNS poisoning, and BGP attacks. Basic notions from cryptography (encryption, authentication, etc.) will be introduced along the way.
Note that the focus of this course has changed slightly relative to previous years, but as before, a portion of the course will be taught in a seminar style, with course projects and student presentations.
Prerequisites are CS 237, CS 455, or permission of instructor.
Ethics, Law, and University Policies
To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law and the university's computing practices, or may be unethical. You must respect the privacy and property rights of others at all times, or else you will fail the course. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including civil fines, expulsion, and jail time.
Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusions. This is just one of several laws that govern hacking. Understand what the law prohibits; people have had serious trouble with this law. You don't want to end up like them. The EFF provides helpful advice on vulnerability reporting and other legal matters.
Please review BU's policy on computing ethics, as well as the CAS code of academic conduct. As members of the university, you are required to adhere to these policies.