-----------------------------
A. US Law, NSA, Snowden, ISIS
-----------------------------
A1. Wiretapping laws
What are the privacy laws that govern what network traffic the
government can collect and store?  Explain the evolution of communications
privacy from Olmstead to Katz to ECPA to CALEA.  How do wiretapping laws
apply to network traffic and VoIP?  What parts of the FISA, PATRIOT,
Stored Communications Act deal with privacy issues?  What was NSA's
warrantless wiretapping program?  What law did it allegedly break?
What did the FISA ammendment in 2008 do?

A2. Federally-mandated backdoors
Describe the history of communication equipment backdoors and wiretapping
laws.  In particular, what provisions are contained in the Omnibus Crime
Control and Safe Streets Act of 1968, the Communications Assistance for Law
Enforcement Act (CALEA), and the Electronic Communications Privacy Act of
1986 that govern their presence.  How have such backdoors been used legally
to capture criminal activity and how have such backdoors been abused?  What
has been revised in CALEA over the years (in 1994 and 2006).  Describe the
case of the United Arab Emirates and BlackBerry.  What is the
issue with communication software such as Skype and Apple's iMessage
and the "Going Dark" problem that the US government is seeking to change?
How does such software prevent government monitoring?  What does the
update to the ECPA in 2011 cover?

A3. Web portal data collection and the NSA (overt)
Describe the information Snowden revealed related to NSA's PRISM program.
What were the goals of PRISM?  What methods did it use to acheive those
goals?  Argue the legality of these PRISM and the controversy surrounding
it.  Provide a moral argument both for and against the program.  Provide
a moral argument both for and against the release of classified documents
describing this program by Snowden.  Has this program led to specific abuse,
is there potential for abuse, or are there sufficient checks and balances to
prevent abuse?  What has been the fallout of its revelation in terms of
potential new laws and/or changes in industry practices?  Is the program
still operational?  What changes might be necessary for this program
to make going forward?

A4. Transparency reports (Elias Alves)
What are some statistics reported by Dropbox, Google, and Facebook on
Government Data requests they've been forced to comply with?  How have
their policies been impacted by the revelation of their participation
in NSA's PRISM program?  What are transparency reports?  Describe some
of the information given in Google's transparency report over time.

A5. Web portal and optic cable data collection and the NSA (covert)
Describe the information Snowden revealed related to NSA's MUSCULAR program.
What methods did it use to collect data?  Describe the information Snowden
revealed related to NSA's Tempora program.  How does it differ from MUSCULAR?
Provide a moral argument both for and against these programs. Provide a moral
argument both for and against the release of these programs by Snowden.
Has this program led to specific abuse?  What has been the fallout of its
revelation within industry and foreign governments.  Is the program still
operational?

A6. User tracking (Jeannie Buss)
What is XKeyscore?  How can it be used to quickly identify user behavior
on the Internet?  What level of cooperation does it require from industry?
What are Google PREF cookies?  How are they used to track users?  Provide a
moral argument both for and against these programs.  Provide a moral argument
for and against the release of these programs by Snowden.  What has been
the fallout of its revelation in terms changes in industry practices?  Is
the program still operational?

A7. User request interception
What are the QUANTUM and FOXACID programs?  What is their potential impact on
users as they access web services and Tor?  What are technological solutions
that might prevent such tampering?  Are they widely deployed?  Provide a
moral argument both for and against these programs.  Provide a moral argument
for and against the release of these programs by Snowden.

A8. Telephony metadata (Arella Yi)
Describe Snowden's initial leaks related to Verizon and the sharing of
metadata phone records with the NSA.  How many records were shared?
How long are records stored?  What controls are there in accessing
these records.  Describe the MYSTIC program for tapping phone calls
internationally.  Why is this program less controversial?  Provide a
moral argument both for and against these programs.  Provide a moral
argument for and against the release of these programs by Snowden.

A9. Telephony data
Describe the CO-TRAVELER program for tracking phone geolocation data.
To what extent is user geolocation tracked?  Describe the Dishfire program
for collecting text messages.  Why are these programs controversial?
Provide a moral argument both for and against these programs.  Provide a
moral argument for and against the release of these programs by Snowden.

A10. Breaking telephony security (Patrick Salinas)
How are cell phone signals protected?  How were they protected 10 years ago?
How do landlines and VoIP compare?  What is A5/1?  When was it broken?  How
was it used to eavesdrop by government agencies?  Which versions of A5 are
known to have been compromised?  Describe the AURORAGOLD program for breaking
into telecommunication carrier networks.  Have US carriers been affected?
Provide a moral argument both for and against these programs.  Provide a
moral argument for and against the release of these programs by Snowden.

A11. Breaking encryption (Benjamin Stafford)
What is Dual_EC_DRBG?  Who developed it and how was it standardized?
When was it discovered to contain a backdoor?  What is Bullrun and
the SIGINT (signal interception) Enabling Project?  What are some of
their activities that have been disclosed?  How much money is being
invested in these programs?  Provide a moral argument both for and
against these programs.  Provide a moral argument both for and against
the release of these programs by Snowden.  How have these revelations
changed the relationship between the technology industry and the NSA?
How did this backdoor get used by unknown parties to compromise Juniper
routers in late 2015?
http://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/
How does this bolster the case against putting backdoors in encryption
schemes?
https://www.schneier.com/blog/archives/2015/12/back_door_in_ju.html

A12. Lavabit (Damas Gakwasi)
What was the Lavabit service?  Which of its users is believed to have
put Lavabit on the radar of the Department of Justice?  How was this
user's identity exposed? Explain the interactions between the Department
of Justice and Lavabit that ultimately led the site to shutdown.
http://www.wired.com/2016/03/lavabit-apple-fbi/
What are some other services that the Department of Justice gone after
in a similar manner?  Are these services still in operation?  If so,
how much is known about the kind of information being given up?
Describe what ``Perfect Forward Secrecy'' is.  Describe the Dark
Mail Alliance and its efforts to address the issue of e-mail privacy.

A13. Apple v. FBI (Instructor)
Describe the Feb. 2016 case between Apple and the FBI.
http://money.cnn.com/2016/02/23/technology/apple-fbi/
What changed in Apple iPhones that prevented the previous methods
for obtaining user information by the DoJ from Apple from working?
Whose phone prompted the DoJ to request Apple to create a tool to
break into locked iPhones?  What was the tool meant to accomplish?
Why did Apple not want to create such a tool?  Listen to Dan Guido's
segment (22:00-37:00) in this podcast http://risky.biz/RB399.  Listen
to the first 10 minutes of this podcast http://risky.biz/RB401.  What is
the current status of the case?  Why is it difficult to apply what the
founding fathers put in the Constitution to cases like this one as it
relates to secure enclaves?  Why might modern cryptography, free speech,
and the lack of nation-state borders on the Internet make any subsequent
US law ineffective?  What might have motivated the FBI bringing this
case to the forefront based on this article?
http://www.macobserver.com/tmo/article/fbi-still-manipulating-public-in-encryption-fight

A14. ISIS and the Digital Caliphate (Ryan Hoover)
Describe how ISIS uses technology to further its reach and coordinate its
activities.  How have they used Twitter and social media to spread its
message?  Include what is described in the last 15 minutes of this interview:
  https://www.youtube.com/watch?v=Z6cNPU4E5jE
Describe how the revelations of Edward Snowden have driven the
adoption of encryption and anonymity tools by ISIS.  How have they used
Tor, Bitcoins, anonymous message boards, encryption, and virtual private
networks. Include what is described in this report:
  http://cjlab.memri.org/latest-reports/encryption-technology-embraced-by-isis-al-qaeda-other-jihadis-reaches-new-level-with-increased-dependence-on-apps-software-kik-surespot-telegram-wickr-detekt-tor-part-iv-f/
How has the U.S. begun to attack ISIS in cyberspace?
http://www.cnn.com/2016/04/13/politics/robert-work-cyber-bombs-isis-sucks/index.html
http://www.extremetech.com/extreme/227238-us-to-drop-cyber-bombs-on-isis-changing-the-meaning-of-the-term-cyber-war
http://www.thedailybeast.com/articles/2016/04/17/u-s-ratchets-up-cyber-attacks-on-isis.html

A15. War
What are some of the takehome points to Dave Aitel's cyberwar fallacies?
https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fallacies
What is the approximate price for a zero-day exploit?  Explain his
reference to aircraft carriers and cyberwar.  What are some of the problems he
has with trying to regulate away the problem of securing the Internet in
the following talk?
https://www.youtube.com/watch?v=p1zSlUBfSUg 
What are the 5 elements necessary to execute an effective counter-insurgency
effort?  How many of them has the US successfully achieved?  Why has the
Internet made things more difficult to go after specific actors
with US laws?

A16. Offensive operations
Describe the NSA's effort in installing backdoors inside Cisco routers.
Describe the NSA's effort in compromising Huawei products.  Which countries
are top consumers of Huawei networking gear?  Describe the TAO (Tailored
Access Operations) group within NSA charged with breaking into systems
and the CNE program for distributing malware.  Provide a moral argument
both for and against these programs.  Provide a moral argument for and
against the release of these programs by Snowden.

A17. Financial warfare
Describe how financial transfers occur in the international banking system?
What is SWIFT?  What are SWIFT codes?  How has the U.S. recently used
the financial system to choke funds to Iran and North Korea?  Describe the
Terrorist Finance Tracking Program (TFTP) that the treasury set up with the
help from Juan Zarate.  What impact might this have had to Iran's nuclear
proliferation agreement in 2015?  What has prevented a similar approach
towards Russia from being used?
https://www.lawfareblog.com/treasurys-war-unleashing-new-era-financial-warfare-juan-zarate
Describe potential cyberattacks aimed at financial destruction.

-------------------------
B. Privacy and censorship
-------------------------
B1.  Cookies (Michael Sayer)
Explain how cookies threaten user privacy.  Explain what Referer
URL headers are and how they can be used to compromise user
privacy.  Why does almost every user have a cookie for DoubleClick
even though they have never visited DoubleClick's web site?  How
might such cookies be abused by web servers?  What software can be
used to better manage the use of cookies in order to protect a user's
privacy?  What is a third-party cookie?  What is a super-cookie?
How do super-cookies work?  What counter-measures are there for such
cookies?  What is private or incognito browsing?

B2.  Facebook tracking
What was Facebook's Beacon?  How did it use cookies to
track user activity?  Describe the resolution of the case.
What is Facebook's frictionless sharing and how does it work?  How
is it similar to Beacon?  What is post-logout tracking and how does
it work?  Describe the controversy behind Facebook's Sponsored Stories
that led to the Fraley v. Facebook case.  Describe some of the issues
behind the FTC's case against Facebook's privacy violations from December
2009.

B3.  Do Not Track
What is W3C's "Do Not Track" standard?  What are some important
provisions of the standard?  How and where has this standard been
implemented?  How effective is the mechanism?  What are some
problems with it?  Why is there opposition to the standard?
Give examples of how one enables the feature in browsers.
Can this standard be enforced?  What are Ghostery and DNT+?
Use Ghostery to show how many trackers there are on popular
news and social media sites.  How many trackers are loaded when
videos are played on dailymotion.com.

B4.  Portals and your data
Describe some of the privacy fears users have when using popular
portals such as Yahoo and Google.  What do these sites collect
per user and for how long is this information kept?  What was the
controversy over Yahoo's assistance in convicting Chinese dissidents?
What information was handed over to the government?  Describe
the warrant policy defined in the Electronic Communications Privacy Act
of 1986 that relates to government access to users' e-mail messages.
In Jan. 2013, Google announced a stricter policy the government must
meet before revealing e-mail messages on Gmail.  Explain its motivation.
Describe the situation behind the DOJ's request to keep secret the
partnership between the NSA and Google in March 2012.

B5.  Google's unified privacy policy
Describe Google's unified privacy policy of March 2012.  What was
Google's policy before March 2012?  What was it lacking that Google
wanted to change?  What are the new policies?  How does this impact
user privacy?  Are there legal challenges to this policy?  Describe
how Google's bypass of Safari's privacy settings worked.  What
was the resulting action taken against Google?

B6. Personal information trading (Xihan Bian)
Describe the issue of web sites selling customer information.  What
does the company Acxiom do?  How profitable are they?  Describe
COPPA and its provisions for preventing this practice.  Who enforces
the law?  Give examples of cases where the law has been enforced.
What is TrustE?  Describe the key components for a web site to be
compliant with TrustE.  In what ways has TrustE been criticized as
being insufficient?

B7. Geolocation data collection
Describe the the controversy associated with Android, iPhone, and
Windows Phone in terms of its geolocation data collection of phones
along with WiFi access points.  What are reasons for collecting the
geographic location of WiFi access points?  What information has been collected
that has led to objections by the EFF?  How have these companies addressed
these concerns?  What are some safeguards that might ensure such
information is not collected and used in the future?  What is "_nomap"?
Is this a satisfactory approach?  Describe some provisions of the
Wyden-Chaffetz proposal "Geolocational Privacy and Surveillance Act".

B8. Silverpush audio surveillance (Mary Shaffer)
Describe the Silverpush advertising service.  What is its business model
and why does it require access to a phones microphone?  What does the
application do with the audio it collects from user's phones?  Discuss
whether or not we would have an issue with the technology if it were the
NSA collecting the audio rather than an advertising company.  Would you
trust that the audio collected will be kept private?  Talk about some
of the potential for abuse described in the podcast below:
http://risky.biz/RB392

B9. Anonymizing networks (Connor Kazmierczak)
Find and comment on tools for anonymizing and/or preserving user privacy
over the Internet.  What kind of protection does Incognito Mode in Chrome
and Private Browsing in Firefox give to its users?  What is an anonymizing
web proxy?  What is the differnce between using it versus private browsing?
What is Tor?  How does it work?  How have governments attempted to shut
down such services?  Describe the FBI and its Freedom Hosting operation
in which malware was used to reveal the location of specific users of Tor.
What is Freenet?  How is it similar to Tor?  How is it different?

B10. De-identification and re-identification
Describe the process of de-identification of datasets.  After its
dataset was de-identified and released on Sept. 25, 2008, what information
did Harvard's "Taste, Ties, and Time" study still able reveal?
What indirect identifiers were still inside of the dataset that allowed
researchers to re-identify subjects (Zimmer 2010, Parry 2011)?  Explain
how AOL's search dataset of 2006 allowed specific users to be identified
using unique search queries.

B11.  Right to forget (Patrick Costa)
Describe the European case that led to the "Right to Forget" ruling.
What are the requirements that Google must provide in order to comply
with the ruling?  What is the status of this in the US?  Using ethical
frameworks, provide arguments both for and against this ruling.  What
are technical obstacles for implementing "Right to Forget"?  How long
does it take to be forgotten?

B12.  Nation-based censorship (Yavuz Sefunc)
Describe efforts to censor Internet content by countries such as
China and Australia.  What are their motivations and how has it
been implemented?  What success have they had?  What are the side
effects?  How can these filters be subverted?  Describe Tunisia's
attempt to compromise accounts and censor posting across a variety
of services such as Facebook in 2011.

B13.  Google and China (Shuo Yan)
What are some of the restrictions that were placed on Google for
doing business in China?  Are they required to implement censorship?
Are they required to reveal information about users?  What event led
Google to withdraw from China in 2010?  How did the U.S. government
intervene?  Describe the current status of Google in China today.

B14. CIPA
Describe CDA and COPA, the predecessors to CIPA?  What were some
of their provisions?  Why did they fail?  Describe CIPA.  What are
some of its requirements that schools and libraries must adhere to?
Which entity enforces CIPA?  What are sanctions/penalties given for
violations of this act?  What were the issues brought up by those
who attempted to challenge the constitutionality of the act in
2003?   Has anyone failed CIPA testing?  Describe how the proposed
bill by Lamar Smith (HR 1981, 5/25/2011, The Protecting Children
From Internet Pornographers Act Of 2011) extends CIPA and the
privacy issues around it.  What are provisions in the proposed bill
that deal with user data retention for Internet service providers?

--------------------
C.  Societal changes
--------------------
C1.  Internet advertising and tracking
Describe the business model of DoubleClick before its acquisition by
Google and how it matched that of traditional advertising syndicates
for old media.  Describe Google's approach for advertising and how
it usurped DoubleClick's market.  Describe how Google's AdWords program
works.  Who is this service intended for?  Describe how Google's AdSense
program work.  Who is this service intended for?  What kinds of
techniques do they employ to deliver their advertisements?  What are
restrictions in how they operate?  What protections are there against
fraud?  What are some of the highest AdSense earners and the amount
of revenue they are generating a month?  What are the most expensive
words on AdWords and how much are they selling for?

C2. References
Describe problems associated with using the web as a reference
resource.  What are some problems in citing web sources.
How can one overcome the problem of accuracy and attribution.
Are there solutions for the non-persistent nature of web content
in order to ensure that citations do not "disappear"?  What
are persistent identifier systems?  Give examples of services
that attempt to build-in persistence into their URLs.  Describe
the DOI system.

C3.  Wikileaks
Describe the history of Wikileaks and its current operation.  How do
they vet the content they are given?  How is anonymity guaranteed for
contributers?  How does Wikileaks make money?  Describe any controversy
surrounding this site.  What are laws that apply to its service?
What documents did Wikileaks release that the U.S. government objected
to.  How would Julian Assange be vulnerable to the U.S. Espionage Act?
What did the UN rule about Assange's current detainment (2/2016)?  Describe
alternatives to Wikileaks which people use to post similar material.
What did the UN recently rule about Julian Assange's detention?

C4. Movie distribution
Describe the original business model of Netflix.  Explain the transition
of its movie distribution service from physical media to on-line delivery.
How has the percentage/ratio of physical versus on-line delivery of content
changed over time?  Describe how royalties are paid to content owners
when movies are sent via postal mail versus when content is streamed on-line.
Why did Netflix attempt to separate its on-line and DVD service businesses?
What are differences between Netflix's service model, Amazon's Instant
Video model, and a pay-per-view model used by other movie distribution
services.  How quickly has Netflix's network usage increased?  How does
Netflix use third party content distribution networks and cloud
computation services?  What are some documented problems it has had
with them?  What is OpenConnect?  Why might be motivating Netflix's move
to generate its own original content?

C5. Internet addiction (Wumingkun Wei)
Describe some case studies of Internet addiction.  How has this been
categorized in the latest DSM manual?  What are the neurological
underpinnings that drive Internet addiction and how are they similar
or different than other forms of addiction?  What is the Chinese
policy on limiting MMORPG gameplaying in terms of time?  Are there
any similar policies elsewhere in the world?  Explain the Flappy
Bird game and the motivation behind the game being pulled from use.
What are ``flow'' states and how might Flappy Bird have triggered such
states in its users?

C6.  Impact on physiology
Describe the impact that the Internet has had on human behavior and
physiology.  How does Internet use impact the reward centers of the
brain?  How can Internet use influence attention span and focus?
How does Internet use and non-stop alerts create stressors for the
brain in terms of triggering the nervous system?  How do screens and
artificial lighting impact endocrine function (e.g. melatonin).  Summarize
some of the points in Nicholas Carr's article "Is Google Making Us Stupid?"
from The Atlantic (July 2008).  How has the use of Google impacted our
problem solving skills?  How has technology influenced our memory
retention abilities?  What is digital dementia?

C7. Healthcare, crowdsourcing, and technology (Matthew Stenson)
Explain Tim O'Reilly's position in his TedMed 2011 talk on how healtcare
can leverage technology to tap into the collective intelligence of people.
Explain how this is borne out in Roni Zeiger's TedMed 2013 talk on
``Smart Patients'' and Jamie Heywood's TedMed talk in 2009.
Explain Vinod Khosla's position on the healthcare industry in his 2012
"Do We Need Doctors or Algorithms"?  What kinds of companies are being
supported to meet this vision?

C8. Cyberbullying, public shaming
Describe what deindividuation is and why it has contributed to the problem
of cyberbullying.  Describe the impact that the Internet has had in the
rise of public shaming.  What are instances in which the Internet has been
instrumental in instantaneous, widespread public shaming.  What happened
to Tyler Clementi?  What are some of the issues raised in this video?
http://www.youtube.com/watch?v=H_8y0WLm78U

C9. Political campaigns (Trevor Williams)
Describe how Howard Dean changed the presidential primaries of 2004
by using the Internet to raise funds.  How has the Internet and
social networking impacted how campaigns are run and financed?  How
have they been used to collect and analyze polling data?  What is the
controversy over the use of Twitter to coordinate activities amongst
political parties and outside groups (super PACs).  [CNN, 11/17/2014]