What I Learned In Teaching Computer Security, Privacy, and Politics to a General Audience

by Ming Chow

Related link: http://www.cs.tufts.edu/~mchow/excollege

Hard to believe, I am almost finished with teaching a full college course (one semester) --my course at Tufts University entitled "Security, Privacy, and Politics in the Computer Age," offered by the Experimental College. It has certainly been an exhilerating few months, but it has been a very rewarding, memorable, and flattering experience.

So what did I learn from teaching computer security, politics, and privacy to a group of twenty, mainly non-technical, college students? Here are some of my thoughts in a nutshell:

  • It is difficult to balance technical and non-technical information. Many students know what spyware and computer viruses are, but the technical workings of them are complicated. If you delve into complexities such as the operating system or the kernel, the students will be lost. I also recall making my cryptography lecture too simplistic, and I saw many students fall asleep.

  • Students are dependent on reactive tools including firewalls and anti-virus software. Such tools have been well-marketed, but they can only do so much. That is, the "bigger point" is missed --numerous security holes in software are unpublicized, which leads to one massive hole. The message that I sent to the class was clear: the first line of defense is to protect yourself and your systems (be proactive as possible). Funny, I still receive assignments that mention relying on firewalls and anti-virus software to protect their systems.

  • Few have knowledge about open source software, and alternatives to popular software packages. It is important to discuss the software life-cycle development process early in the semester because it will provide students insights on where a lot of the problems come from. One of the first comments from students that stuck me was that many have never heard of open source software, nor have they heard of alternatives to popular software packages such as GIMP, GAIM, and yes, even Firefox. As much as the technical community read and speak about OSS, the general public still don't understand it.

  • Few have used Unix or Linux. Unix and Linux are sometimes dubbed as the "the most important operating systems you may never use," and I found this quite true. That is why I distributed free copies of Knoppix to students, and used it for my lectures on occasion.

  • News and information evolve and change frequently. Several weeks after I gave a demonstration on password cracking, the news of Paris Hilton's sidekick cracked via simple password broke out. We had to reflect back on our previous lecture. Same issue with the recent slew of consumer database breaches. The instructor (myself) have to keep up with current events especially when teaching such a course.

  • Students enjoy examples. Students love screenshots and hands-on examples from the terminal.

  • Instructor has to encourage feedback and dialog. Maybe it is because of the college environment, most of us have been there, done that. I found that students walk into class with very little expectation or motivation each day. They just want to go to class and leave, and probably forget the information. It is the instructor's job to incorporate debate and dialog in the course. You just can't hope that all students will be active. I had two debates and two expert panel sessions in the class, and they have been most engaging (as said by the students). Same goes for the discussions on copyrights, electronic voting, and P2P technologies --no surprise considering the topics are controversial and debateable.

  • Need a hands-on assignment to show how hard security is. Security is hard, we know that. But talk can only do so much. Recently, I gave a two-part group project on designing a fictitious state lottery game and its secure system. Not only did the students find that designing a system is difficult and time-consuming, but also how hard it is the accomodate for everything there is. I had to use so much red ink on grading the design projects, both phases (the game design and the system design)

These are just some highlights of what I learned in my very first teaching experience. After I submit the course grades, I will sit down and collect all my thoughts about the course. Would I want to do this again? Absolutely, in a heartbeat.