[ISN] What I Learned In Teaching Computer Security, Privacy,
and Politics to a General Audience
isn at c4i.org
Tue Apr 26 01:49:52 EDT 2005
Apr. 24, 2005
Hard to believe, I am almost finished with teaching a full college
course (one semester) --my course at Tufts University entitled
"Security, Privacy, and Politics in the Computer Age," offered by the
Experimental College. It has certainly been an exhilerating few
months, but it has been a very rewarding, memorable, and flattering
So what did I learn from teaching computer security, politics, and
privacy to a group of twenty, mainly non-technical, college students?
Here are some of my thoughts in a nutshell:
* It is difficult to balance technical and non-technical information.
Many students know what spyware and computer viruses are, but the
technical workings of them are complicated. If you delve into
complexities such as the operating system or the kernel, the
students will be lost. I also recall making my cryptography lecture
too simplistic, and I saw many students fall asleep.
* Few have knowledge about open source software, and alternatives to
popular software packages. It is important to discuss the software
life-cycle development process early in the semester because it will
provide students insights on where a lot of the problems come from.
One of the first comments from students that stuck me was that many
have never heard of open source software, nor have they heard of
alternatives to popular software packages such as GIMP, GAIM, and
yes, even Firefox. As much as the technical community read and speak
about OSS, the general public still don't understand it.
* Few have used Unix or Linux. Unix and Linux are sometimes dubbed as
the "the most important operating systems you may never use," and I
found this quite true. That is why I distributed free copies of
Knoppix to students, and used it for my lectures on occasion.
* News and information evolve and change frequently. Several weeks
after I gave a demonstration on password cracking, the news of Paris
Hilton's sidekick cracked via simple password broke out. We had to
reflect back on our previous lecture. Same issue with the recent
slew of consumer database breaches. The instructor (myself) have to
keep up with current events especially when teaching such a course.
* Students enjoy examples. Students love screenshots and hands-on
examples from the terminal.
* Instructor has to encourage feedback and dialog. Maybe it is because
of the college environment, most of us have been there, done that. I
found that students walk into class with very little expectation or
motivation each day. They just want to go to class and leave, and
probably forget the information. It is the instructor's job to
incorporate debate and dialog in the course. You just can't hope
that all students will be active. I had two debates and two expert
panel sessions in the class, and they have been most engaging (as
said by the students). Same goes for the discussions on copyrights,
electronic voting, and P2P technologies -- no surprise considering
the topics are controversial and debateable.
* Need a hands-on assignment to show how hard security is. Security is
hard, we know that. But talk can only do so much. Recently, I gave a
two-part group project on designing a fictitious state lottery game
and its secure system. Not only did the students find that designing
a system is difficult and time-consuming, but also how hard it is
the accomodate for everything there is. I had to use so much red ink
on grading the design projects, both phases (the game design and
the system design)
These are just some highlights of what I learned in my very first
teaching experience. After I submit the course grades, I will sit down
and collect all my thoughts about the course. Would I want to do this
again? Absolutely, in a heartbeat.
Ming Chow is a scholar of science and technology, whose areas of
interests are human-computer interaction, game development, computer
security, and computer science in education.
More information about the ISN