COL865 Special topic on Computer Applications

Digitization and Privacy



Co-taught by: Subhashis Banerjee and Subodh Sharma




``Every man is to be respected as an absolute end in himself; and it is a crime against the dignity that belongs to him as a human being, to use him as a mere means for some external purpose'' - Immanuel Kant

Notice

  1. Class schedule: 1530-1700 on Tuesdays and Fridays (AD slot)
  2. Please email {svs,suban}@iitd.ac.in with COL865 in the Subject if you are not registered in the course but are interested in attending.
  3. All students interested in attending the course are requested to email a one page pdf indicating:
    1. the reason for your interest in the course
    2. any prior reading that you may have done on the topic and
    3. your views on the issues to be covered in the course.

General reading

Classes and assignments

Course description

India is arguably the biggest deployer of digitization in public life with large public service applications (in-use or contemplated) like national identity, electronic voting, health registry, national population and voter registries, public credit registry, income and other tax registries, face recognition based access control to airports and other facilities, bluetooth based contact tracing and a national intelligence grid. However, the privacy issues in these are not well understood, and this has led to a constant tension between the state and the civil society and privacy activists resulting in several constitutional cases in the Supreme court and various High courts. The possibilities of inferential privacy violations with modern machine learning (whether deliberate or inadvertent), or unfair and discriminatory processing of data, compound the problem.

In this course we will unpack the privacy requirements in such applications from both legal and technical points of view. We will investigate the possibilities of early alignment of the two and examine if it is possible to outline the necessary and sufficient conditions for privacy protection. We will then review the privacy protection techniques in computer science ranging from encryption and applied cryptography, electronic voting, database and network security, trusted execution environments, blockchains, anonymization and other data minimisation techniques and evaluate their suitability for privacy protection. In the final part of the course we will investigate the architectural possibilities for privacy protection - from both legal and technical perspectives - that may help not only in design but also in assessing vulnerabilities and omissions.

The evaluations in this course will be based on scribing, reading and presentations, small implementations and a project cum term paper.

The course will not assume any background in cryptography and security, though familiarity will be useful. As such, the course will be accessible to all engineering students with 3rd year level maturity. The course however will assume familiarity with basic computing and probability. It will also assume some good common sense.

Evaluation
The course will have reading and discussions for the entire semester. In addition, each participant will be required to scribe all topics and do a term-paper. Evaluations will be based on peer and instructor review of class participation, quality of reports and presentations.


Subhashis Banerjee / Dept. Computer Science and Engineering / IIT Delhi / Hauz Khas/ New Delhi 110016