---------------- Changing society ---------------- 1. Many businesses have completely changed or been obsoleted by the Internet. Describe the technology and the Internet application that has transformed the following industries. o Auction houses o Book selling o Health care o Payment services such as Western Union o Politics o Postal service o Telephone service 1b. Kristopher Williams Describe the newspaper business prior to the Internet. How was revenue generated for them? Describe how it has been impacted by the Internet over the last decade in terms of revenue generation and circulation numbers. What on-line services have impacted print newspapers the most? 1c. Jacqueline Treiber Describe the book publishing business prior to the Internet. How was revenue generated for book publishers and authors? Describe how reference books have been impacted by on-line content. Describe how the industry has been impacted by downloadable e-books. How has revenue sharing been impacted with new on-line distribution channels? 2. Karin Hinze Describe the web as a social phenomenon. What are all of the mechanisms available for people to communicate with each other? How are they different? How are they the same? In particular, focus on the history of e-mail, NetNews, IRC, instant messaging, social networks, wikis, microblogging (i.e. twitter), blogs, and on-line games. Compare the functions of these services and the kinds of communication they are good for (i.e. small group, large group). Can one mechanism completely replace another one? 3. Describe problems associated with using the web as a reference resource. What are some problems in citing web sources. How can one overcome the problem of accuracy and attribution. Are there solutions for the non-persistent nature of web content in order to ensure that citations do not "disappear"? ---------------------- Privacy and censorship ---------------------- 4. Jess Wilson Find and comment on tools for anonymizing and/or preserving user privacy over the Internet. What is an anonymizing web proxy? What is Tor? How does it work? What mechanisms have been used by governments to interfere with Tor? 5. Joseph Henrich Explain how cookies threaten user privacy. Explain what Referer URL headers are and how they can be used to compromise user privacy. Why does almost every user have a cookie for DoubleClick even though they have never visited DoubleClick's web site? How might such cookies be abused by web servers? What software can be used to better manage the use of cookies in order to protect a user's privacy? 6. Nathan Caldwell What are the privacy laws that govern what network traffic the government can collect and store? Do wiretapping laws apply to network traffic and VoIP? If so, how? What was NSA's warrantless wiretapping program? What law did it allegedly break? What parts of the FISA, PATRIOT, Wiretap, and Stored Communications Act deal with privacy issues? 7. Michael Phelps What was Facebook's Beacon? How did it violate user privacy? Describe the resolution of the case and how it might apply to other situations and web sites. 8. Allan Wilson Comment on privacy and intellectual property issues related to social networking sites such as Facebook, MySpace, and LinkedIn. and LinkedIn such sites. How are they alike? How are they different? Who ``owns'' the content on these sites? 9. Corinne Elliott Describe some of the privacy fears users have when using popular portals such as Yahoo and Google. What do these sites collect per user and for how long is this information kept? What was the controversy over Yahoo's assistance in convicting Chinese dissidents? What information was handed over to the government? 9a. Dustin Fuchs What are some of the restrictions that were placed on Google for doing business in China? Describe restrictions on other U.S. companies are faced with when doing business in China. What led Google to threaten to withdraw from China? Why did the U.S. government intervene? What is the current status of the situation? 10. Tonya McGonigal Describe efforts to censor Internet content by countries such as China and Australia. What are their motivations and how has it been implemented? What success have they had? What are the side effects? How can these filters be subverted? What is FreeNet? How does it work? 11. Tony Fernandes Describe the problem of Spyware. Give prominent examples of spyware. How can users protect themselves against such software? Are there laws that exist that can deter this activity? Describe Blizzard's anti-cheating system called Warden for World of Warcraft. What does it do on a client's computer? Should this be considered spyware? --------------------- Intellectual property --------------------- 12. Noel LaViolette For user-driven sites such as YouTube, comment on what limits should be in place for protecting intellectual property. what is deep-linking? Describe what is fair-use on the Internet and describe whether common techniques such as deep-linking and excerpting fall under the policy. Describe actual cases where this has been an issue for indexing sites such as Google News. 13. Michael Andrews Describe Napster (1999), Gnutella, and BitTorrent. How are their services similar and how are they different? What is the current stance on the legality of each system under U.S., EU, and international law? Describe the music/movie industry's position on these services. Describe the position of file sharing advocates on these services. What you believe to be legal? 14. Carston Quinn Describe the service that Pirate Bay provides. Describe its legal history and what the founders have done to circumvent prosecution. What is the current stance on the legality of Pirate Bay under US, EU, and international law? Is this stance compatible with freedom of speech? 15. Brooks Faris Describe the Digital Millenium Copyright Act its application towards taking down content on P2P networks and popular sites such as Youtube. Describe cases where it has been misused by copyright holders. Are software vendors liable for distributing code that breaks laws? Are users liable for running code that can be used to break laws? http://dmca.cs.washington.edu/ http://www.freedom-to-tinker.com.nyud.net/blog/mfreed 15a. Jon Olachea What is open-source software and describe its history and the motivation behind it. How has open-source and open ideas contributed to the development of the Internet as it exists today. What are specific instances of open source code that have had transformative effects on the Internet? What is the IETF's stance on intellectual property and patents within Internet standards? What are some common proprietary protocols that are prevalently used on the Internet? 16. Describe the controversy associated with Google's massive effort to scan all of the books in selected libraries. Are their efforts illegal under copyright law that limits reproduction of work? How have they been able to continue this effort? Describe the court case and the settlement agreement. Is the settlement in the best interests of the authors? ----------------------- Internet administration ----------------------- 16. Ben Postman Describe the power that ICANN has over the Internet. Describe some of the conflicts that have led other countries to seek its independence from the US. Describe China's proposal for a split DNS system and problems it may cause. Describe the problems a split DNS system might cause. 17. Zach Calvert What are gTLD names? Describe how they have been created since the inception of the DNS system. How are gTLDs managed today and how many are there? Who manages .com and .edu? What are some proposals for creating new gTLDs? What is wrong with creating a large number of them? What policy do you believe is reasonable? 18. How are IPv4 addresses assigned and allocated? What entity controls them? How are IPv6 addresses assigned and allocated? What is the controversy surrounding this? 19. What is DNS name squatting? What are famous examples of it? How does trademark law impact this practice? What is ICANN's policy for such disputes (UDRP)? How does it impact gTLD names? Who do you think should be awarded the ".sun" domain? http://www.eweekeurope.co.uk/knowledge/icann-s-new-internet-domains-hit-trademark-issues--1398 --------------------- Taxation and gambling --------------------- 20. Gabe Kimlinger What is the policy for taxing sales over the Internet? Explain the arguments for creating a new sales tax for Internet sales? Who would stand to benefit from such a tax? How do e-tailers such as Amazon currently avoid having their customers pay sales taxes? Is the current taxation system fair? 21. Carolyn Abercrombie What kinds of gambling sites are available across the Internet. Are they legal? In which jurisdictions can gambling sites set up? How is gambling on-line controlled and regulated? -------------- Net Neutrality -------------- 22. Philip Kauffman Describe the issue of net neutrality. Give specific examples of how this principle has been violated by service providers such as Comcast. Argue both sides of the net neutrality issue and argue what the impact to the consumer would be. Describe the current legal state of net neutrality. 23. Tiffany Burrell Describe the results of the following presentation on Internet traffic evolution: http://www.nanog.org/meetings/nanog47/presentations/Monday/Labovitz_ObserveReport_N47_Mon.pdf Describe what it may mean for Net Neutrality. ---------- Technology ---------- 24. Michael Rivers Examine the PageRank algorithm Google uses. How does it work? How could it be subverted? Explain what Google bombing and spamdexing are. Explain the TrustRank method and other methods for addressing such attacks. 25. Sze wa Cheung Describe how advertising networks such as DoubleClick and Google's AdSense work. What kinds of techniques do they employ to deliver their advertisements? Do any of these violate user privacy? 26. Ally Swanson Describe what a Content Distribution Network is. How do such networks improve the performance of the web? How do such networks reduce the cost of providing content? Give some examples of how they are used in practice. 27. Explain what a geolocation database is. What are some example tools/products that are available? What kind of applications are such databases used for? How could might it help solve security problems? -------- Security -------- 28. Joshua Reyes What are the ways that one can establish identity in real life? What are the ways that one can do this on the Internet? How do web sites authenticate themselves to users? That is, how do we know a web site is legitimate? What are ways in which web sites, especially e-commerce ones, authenticate users on-line? Why can't a user's IP address be used to establish identity? 29a. Tenzin Rither What are SSL and TLS? How can browsers ensure remote web sites are who they say they are? Are they secure even over an unsecure wireless network? 29b. Steven Senkus Describe different ways of securing wireless networks including WEP and WPA. How was WEP broken? What are the different flavors of WPA? 30. Benjamin Lyerly What is a phishing attack? What are prominent examples of actual phishing attacks and how they worked. What are ways that phishing attacks can be avoided? What are services that help one identify phishing. 31. Richard Crawford Find and comment on tools for handling the spam problem at mail servers. What is the underlying algorithm used for content-based detection of spam? How can these algorithms change with the techniques used by spammers? Describe the provisions of the CAN-SPAM act and cases in which it has successfully been used to shut down spammers. Discuss how spammers avoid prosecution under this act. 32. Describe what DNS-based block lists are and how they work. Describe the components of the Composite Block List managed by Spamhaus and how they can be used to stop spam sources. Describe URL block lists and how they are used to identify and stop spam. Describe the DShield service and how it can be used to make the Internet more secure. 33. Alex Lam What is a botnet? How are they created? How are they managed? Give examples of the kinds of attacks have they been used for. 34. Explain how Spear phishing attacks and e-mail reputation hijacking work? Give real examples of such attacks. How can one identify them from legitimate messages. How prevalent have these attacks become over the last two years? 35. Describe several techniques for stopping spam including CentMail and "Stopping Outgoing Spam", J.T. Goodman, R. Rounthwaite, ACM Converence on Electronic Commerce 2004. What is the intuition behind how they work? 36. What are Domain Keys and how do they prevent spam from being transmitted? What are SPF DNS records and how do they prevent spam from being transmitted? Are there ways to circumvent these techniques. What problems do these techniques cause for legitimate usage. 37. Ian Boggs What are CAPTCHAs and what is the intuition behind them? Describe the many problems associated with CAPTCHAs and potential alternatives. 38. Explain what cross-site scripting is. Explain why it is a problem. How has been cross-site scripting been exploited to compromise a user's machine? What is NoScript? Describe alternative ways that the problem can be fixed. 39. Kyung Rok Han Examine malware problem from a social engineering perspective. What is scareware? What are examples of malware sent via e-mail attachments? What are examples of malware sent via popup ads? How do these techniques damage or exploit the user's machine? 40. Max Rees What is the danger of downloading software from the Internet? How do adversaries trick users into installing malicious software? What are methods used to mitigate this threat? Give examples of programs that trick users into running software from programmers they do not know? When downloading software over the network, how can one verify the software being installed does what it advertises? How do you know it won't steal all your information instead? 41. Joseph Broschart Who is responsible for filling in the source IP address. What is IP spoofing? Describe attacks that use IP spoofing to work. How can IP spoofing be combatted. What is the Spoofer project? What are their results? 42. Charles Carroll What is cross-site scripting? How does it work and why is it a problem? What is cross-site request forgery? Describe incidents in which attackers have successfully used these techniques to compromise users. What are techniques to prevent such problems. 43. Describe the ethical issues surrounding the disclosure of vulnerabilities by security professionals. Should they be disclosed to the vendor first before the public? Should they be discloded to the public if the vendor is either slow or unwilling to fix the vulnerability? What are the ethics behind ``good viruses'' that patch known vulnerabilities?