COMP 599 - Information Privacy and Security

• This was an information privacy and security class I took during my fourth year at McGill. We studied the book Information Privacy Engineering and Privacy by Design and had in-class discussions, personal and group projects, and guest speakers. Some of the topics we covered are listed below.
  • PII (Personally Identifiable Information) - what it is, what it is not, sources of PII, quasi-identifiers, personal data vs PII
  • Privacy Policies - analyses of real world policies including the Walt Disney Privacy Policy and the LinkedIn Privacy Policy
  • Privacy by design - proactive not reactive, privacy as the default, full functionality of the system, end-to-end security and life-cycle protection, visibility and transparency
  • Privacy Engineering - implementation, system integration, testing, auditing, and incident response
  • Challenges of Information Security - defense mechanisms, constant monitoring, poor design, user interference, etc.
  • Security attacks - passive vs active attacks, security mechanisms to protect, detect, prevent, and recover from attacks
  • Cryptography - symmetric encryption, asymmetric encryption, cryptographic hash functions, post-quantum cryptographic algorithms, lightweight cryptography
  • Fair Information Practice Principles (FIPP) - collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, accountability
  • Privacy laws, regulations, standards, and best practices - USA vs Canada vs EU, GDPR, PIPEDA
  • Privacy Threats - problematic data actions and harms, identifying threats, threats vs attacks, privacy vulnerabilities, CVSS Metrics, NVD (National Vulnerability Database)
  • System Access - authorization, authentication, access control
  • Malware - types of malware, identifying malware, malware protection, firewalls
  • Privacy in Databases - deidentification, reidentification, k-anonymity, l-diversity, t-closeness, summary table protection, frequency tables, and magnitude tables
• We also had three assignments throughout the course. The first was a blog style article about privacy threats, controls, and best practices for an android application of our choosing. We had to develop the app highlighting our topic then write the article. My group chose to do our article on storing sensitive user data through an android application. The second assignment was an analysis and presentation of a privacy focussed research paper. I chose to do mine on Android Permissions: User Attention, Comprehension, and Behavior by Adrienne Porter Felt et al. The final assignment was an in-depth privacy analysis of a real-world, open-source, android application. For this assigment my group chose the android application Yet Another Call Blocker.