You get 1 free point for submitting Quiz #2.

Problem #1: Public Anonymity (25 Points)

Read Protecting Public Anonymity by M. Granger Morgan and Elaine Newton of CMU. (PDF file doesn't read with MacOS Preview. You can also download [text].)

1. Write a 1-paragraph summary of the argument in this paper. (5 points)

2. Following the process described in the article, design an Electronic Toll Collection System the performs the same overall function as the E-ZPass or FastLane system, but which provides for Public Anonymity. (20 points)

Do not take more than a single page.

Problem #2: Reid on Computer Break-Ins (24 points)

Read Reflections on Some Recent Widespread Computer Break-Ins, by Brian Reid.

Find three recommendations that Reid made for changes to improve security in 1987 that are still relevant today. (8 points each). For each recommendation you should:

Problem #3: Your Blog or Mine? (25 Points)

Read Your Blog or Mine?, by Jeffrey Rosen, published in the December 19, 2004 issue of The New York Times Magazine

1. In a paragraph, summarize Rosen's argument and his conclusion. (5 points)

2. This article is presumably about privacy. Give a definition of privacy that you think that Rosen would be comfortable with, in light of what he has written in this article. (5 points)

3. Rosen briefly discusses and then dismisses LiveJournal's security mechanisms, stating that most of the dating bloggers that he has spoken with prefer to vent anonymously. Leaving aside Rosen's methological problems, evaluate three of the security and privacy mechanisms that are present on LiveJournal that are relevant to Rosen's argument. For each evaluate its goals, the usability of its implementation, and discuss whether the mechanism supports or detracts from Rosen's argument. (5 points each)

Problem #4: Usability and trust in information systems (25 points)

Read Usability and trust in information systems, by M. Angela Sasse. This is a chapter from a book and --- be advised --- it is very long.

The majority of this paper discusses authentication issues. Referring to section 2.1, discuss Sasse's discussion of passwords, tokens and biometrics. Do you think that Sasse successfully hides which of the three technologies she likes best, or is their a clear winner? Discuss. (10 points)

Referring to section 2.3.3, do you think that Sasse is arguing that user design depends on putting good interfaces on otherwise well-written and secure programs, or something else? (5 points)

According to Sasse, what is the funadmental problem with most of the research and published literature that has been done on the "privacy" problem to date? What does Sasse mean by her statement that "most people's attitudes to privacy is pragmatic, rather than dogmatic" ? Do you agree or disagree with her? Give an example from your own experience. (10 points).