Usable Security and Privacy
Problem Set 4

Due on Canvas at 10:45am on Thursday, May 2nd.

Problem 1 (20 points)

People reuse passwords across accounts. As a result, password breaches cause major security issues in many cases. For this problem, imagine that you are in charge of IT Security for UChicago, and that Facebook recently suffered a major password breach. You find plaintext passwords from Facebook on the dark web, and some of the usernames and passwords in that leaked data are the same (or similar to) username-password pairs at UChicago. Follow the NEAT and SPRUCE guidelines to craft a notification to potentially impacted UChicago users. You should turn in:

1. One paragraph describing what details you believe to be most important to communicate, and why.
2. One paragraph describing the decisions you made in designing your breach notification grounded in the NEAT and SPRUCE guidelines discussed in class.
3. A sentence or two describing how this notification will be distributed (over email? etc.) and to whom.
4. A mock-up of the breach notification itself. (Make sure it looks nice.)

Problem 2 (15 points)

Political activists frequently fear being surveilled by a wide range of adversaries (ranging from governments to opposing factions), yet often lack the technical knowledge to keep themselves secure and private.

To help bridge this gap, create a 1-2 page overview for (non-technical) activists outlining what you believe to be the essential steps they can take to protect their privacy and security, including everything you think they need to know. We'd like to actually distribute some of these (with your permission), so style counts! Think about what you could imagine receiving as a handout (one-sided or two-sided). Think also about the best designed infographics you have seen and use those as aesthetic inspiration. Please turn in the following:

1. One paragraph describing the kinds of activists for whom you have designed this notice, as well as what assumptions you've made about them.
2. The overview page itself (single-sided or double-sided).
3. Citations to any sources you used to develop the information contained in your overview

Here are some starting resources you might consider when deciding what advice to include or leave out:

• Protecting Your Digital Life in 7 Easy Steps (NY Times)
• Attending Protests in the United States (EFF)
• Things to Consider When Crossing the US Border (EFF)
• The Paranoid Computer User's Guide to Privacy, Security and Encryption (Globe and Mail)
• Crossing the Border? Here's How to Safeguard Your Data From Searches (NY Times)

Problem 3 (50 points)

Twitter provides an API to collect data posted on Twitter. The Twitter API allows you to get a real-time, random sample of all tweets containing a set of keywords being posted on Twitter.

Utilize the Twitter API to collect all the tweets that was posted about information security and information privacy in real time for 8 hours. Note that you need to create a Twitter developer account for the data collection. You will have to choose your keywords carefully so that you obtain sufficiently relevant data from the API. Write code to filter out non-English tweets from your collection.

Create a word cloud from the filtered text of your tweets after removing all stop words, punctuation, and user mentions (tokens starting with "@").

Finally, we would like to know what are the most prominent information security and privacy concerns that Twitter users talked about during your data collection. To that end, randomly sample 50 English tweets from your collected set and manually divide them into at most 6 thematic categories representing information privacy and security issues. Turn in the following:

1. All code you wrote (which can be in any programming language)
2. The list of keywords you chose to use to obtain your tweets
3. The time of tweet collection, the number of unique (English) tweets you collected, the number of unique users who posted those tweets, and a random sample of 10 (English) tweets from your set.
4. Include the word cloud you generated.
5. List the top ten keywords from the word cloud and write a paragraph about how these keywords are linked to information security and privacy.
6. Turn in a table describing the thematic categories you manually created, the number of tweets (out of 50) in each theme, and an example tweet for each.

Items 2-6 should be submitted as a single PDF document.

Problem 4 (15 points)

Write a first draft of the methodology section for your group's research project. For the purpose of the homework assignmet, each team member should do this individually. Afterwards, your team will have a whole set of methodology drafts, which will allow you to combine the strongest aspects of each.