I537: Social Informatics of Security

L Jean Camp
1031 Eigenmann
Scheduled for Fall 2006
Monday and Wednesday 11:15A-12:30P
Location: BU 205


Course Readings Are Here


Social Informatics of Security is a course targeted at graduate students with no previous expertise in security. Social Informatics of Security is designed as a conversation about the interaction between the social, organizational and technical elements of security. The course is organized around a series of major topics.

Organizational processes embed implicit and explicit decisions and information control. Security technologies and implementations make explicit organizational choices that determine individual autonomy within an organization. Security implementations allocate risk, determine authority over processes, make explicit relationships in overlapping hierarchies, and determine trust extended to organizational participants.

There are two ways to successfully participate in this class. The first option is to write a series of shorter papers. The weekly essays are only 500 words, and can discuss any of the reading. These function as feedback, proof of reading, and a foundation for participant discussion in OnCourse.

Second is a research paper. The research paper is a large part of the grade, and takes the place of the final. There are two interim deadlines, for the topic selection and the bibliography. The purpose of the topic selection and bibliography is more feedback than marking.



Grading: Multiple Short Papers

25% class participation in class discussions of the readings
75% weekly essays due every Friday, approximately 500 words on some aspect of the reading

Grading: Single In-depth Paper

25% class participation in class discussions of the readings
75% Final project:
  10% topic selection and abstract
  10% bibliography
  10% experimental design or argument structure and support
  45% research paper

Each student may choose the appropriate grading path. For those who choose to write a weekly paper, I expect you to post your comments each week in the open discussion area of the course website. In that way you will not only contribute to your grade, but more importantly you will contribute your thoughts to the class membership as a whole. The weekly commentary will be not less than 500 (five hundred) words, not including the title, the author's name, footnotes, or any references.

For those students interested in depth rather than breadth, there is the option of writing a single paper. The topic should be selected and the abstract should be drafted by the fourth week of the semester. The bibliography should be roughly complete by the middle of the semester, but of course there will be other material added as the semester progresses. This bibliography will serve as the foundation for your research paper.

If you choose to complete a single paper, complete the paper by Nov 13 and it is accepted to CEPE 2007 you will receive an A for the class. I will obtain at least partial support for you to present the work in San Diego.


Topics and Sessions

This is a case-based course on privacy and security in social contexts. The first topics will provide the students with the mechanisms to evaluate security technologies. The remaining sessions consists of in-class analysis of the cases from the readings.

Please note the addition of the nature of wiretapping, history of wiretapping, and traffic analysis in May due to the sudden timeliness of the topic.

Topic 1: Fundamentals of Security as Social Informatics

Social Informatics of Security is a case-based course on privacy and security in social contexts. Privacy and security technologies can diverge from their designers. Privacy-enhancing technologies have been used to defeat data protection legislation, and cryptographic technologies of freedom can be used by corrupt regimes to protect their records from external view. This overview will take at most two sessions.

Topic 2: Technological Determinism

How society is influenced by technology, and how technology influences society. Some theory with an emphasis on historical cases of information technologies (e.g., the telephone and the printing press). When code is law, and when law defines code are the exceptions. Code, and societal responses, social belief systems, and uses of technology are complex interactions, not unidirectional forces. Finally the issue of accountability when designing or purchasing information and communications technologies.

Topic 3: Social and Technical Concepts of Trust

Not only could the competing concepts of trust be a course in itself; but also entire courses have been built around each of these discrete concepts. Marketing, psychology, computer security, social theory and organizational theory all have different concepts of trust. We review these competing concepts, and use this session to evaluate security technologies.

Topic 4: The techno-Social Construction of Identity

Identity theft is a particularly interesting name for a type source of fraud that, ironically, takes advantage of social distance and the lack of identities in electronic contexts. Identity theft, and phishing, are considered online crimes while the most significant portion occurs through the mails and phone systems. Identity construction as social and organizational are discussed during these session. Two of the cases considered here, X.509 and PGP, have been well examined. Identity management systems make assumptions about a fundamental question: who are we? Role-based systems, federated identity systems, and centralized systems implement different views of identity, authentication and trust. Agency and contracts are discussed. Examples rich with rhetoric are stripped to the essential forces at play.

Topic 5: Privacy

Rather than a consideration of the nature of privacy (a long debated philosophical topic) a tightly focused examination of various policy and technology proposals to enhance privacy.

Topic 6: Wiretapping

A US-centric view of government surveillance of communications. The technology and the law are in an intricate dance, one that continues today.

Topic 7: Digital Rights Management & Copyright

Digital rights management systems present themselves as being based on copyright. An examination of copyright and DRM. The nature of trust and privacy as embedded in DRM.

Topic 8: Security in Games

There is no more perfectly socially constructed technology than a shared gaming environment. Security is games is far more complex than in DRM systems. While some games try to prevent cheating. others embrace it. Indiana University is a national leader in the study of games and gaming. At least one of those experts will join us for this discussion.

Topic 9: Usable Security and Privacy

The range of issues can enable us to engage in one of the larger ethical questions about security technologies: are these new ethical questions, or are they timeless questions of ethical behavior in a new digital guise?

Topic 10: The Great Ethics Debate

The range of issues can enable us to engage in one of the larger ethical questions about security technologies: are these new ethical questions, or are they timeless questions of ethical behavior in a new digital guise?

Exam Period --Student Presentations

The exam period will be used for class presentations, particularly for those students who want to submit their work for presentations at venues both internal and external to IU.