COMP 599 - Information Privacy and Security

• An information privacy and security class that I took during my fourth year at McGill. We studied the book Information Privacy Engineering and Privacy by Design. Topics included:
  • PII (Personally Identifiable Information) - what it is, what it is not, sources of PII, quasi-identifiers, personal data vs PII
  • Privacy Policies - analyses of real world policies including the Walt Disney Privacy Policy and the LinkedIn Privacy Policy
  • Privacy by design - proactive not reactive, privacy as the default, full functionality of the system, end-to-end security and life-cycle protection, visibility and transparency
  • Privacy Engineering - implementation, system integration, testing, auditing, and incident response
  • Challenges of Information Security - defense mechanisms, constant monitoring, poor design, user interference, etc.
  • Security attacks - passive vs active attacks, security mechanisms to protect, detect, prevent, and recover from attacks
  • Cryptography - symmetric encryption, asymmetric encryption, cryptographic hash functions, post-quantum cryptographic algorithms, lightweight cryptography
  • Fair Information Practice Principles (FIPP) - collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, accountability
  • Privacy laws, regulations, standards, and best practices - USA vs Canada vs EU, GDPR, PIPEDA
  • Privacy Threats - problematic data actions and harms, identifying threats, threats vs attacks, privacy vulnerabilities, CVSS Metrics, NVD (National Vulnerability Database)
  • System Access - authorization, authentication, access control
  • Malware - types of malware, identifying malware, malware protection, firewalls
  • Privacy in Databases - deidentification, reidentification, k-anonymity, l-diversity, t-closeness, summary table protection, frequency tables, and magnitude tables
• We had three assignments throughout the course. The first was a blog-style article about privacy threats, controls, and best practices for an Android application of our choosing. We had to develop the app highlighting our topic then write the article. My group did our article on storing sensitive user data through an Android application. The second assignment was an analysis and presentation of a privacy research paper. I chose to do mine on Android Permissions: User Attention, Comprehension, and Behavior. The final assignment was a privacy analysis of a widely used open-source Android application. For this assignment my group chose the Android application Yet Another Call Blocker.