[ISN] What I Learned In Teaching Computer Security, Privacy, and Politics to a General Audience

InfoSec News isn at c4i.org
Tue Apr 26 01:49:52 EDT 2005 

http://www.onlamp.com/pub/wlg/6928

Ming Chow
Apr. 24, 2005 
http://www.cs.tufts.edu/~mchow/excollege/

Hard to believe, I am almost finished with teaching a full college
course (one semester) --my course at Tufts University entitled
"Security, Privacy, and Politics in the Computer Age," offered by the
Experimental College. It has certainly been an exhilerating few
months, but it has been a very rewarding, memorable, and flattering
experience.

So what did I learn from teaching computer security, politics, and
privacy to a group of twenty, mainly non-technical, college students?  
Here are some of my thoughts in a nutshell:

* It is difficult to balance technical and non-technical information.
  Many students know what spyware and computer viruses are, but the
  technical workings of them are complicated. If you delve into
  complexities such as the operating system or the kernel, the
  students will be lost. I also recall making my cryptography lecture
  too simplistic, and I saw many students fall asleep.

* Few have knowledge about open source software, and alternatives to
  popular software packages. It is important to discuss the software
  life-cycle development process early in the semester because it will
  provide students insights on where a lot of the problems come from.
  One of the first comments from students that stuck me was that many
  have never heard of open source software, nor have they heard of
  alternatives to popular software packages such as GIMP, GAIM, and
  yes, even Firefox. As much as the technical community read and speak
  about OSS, the general public still don't understand it.

* Few have used Unix or Linux. Unix and Linux are sometimes dubbed as
  the "the most important operating systems you may never use," and I
  found this quite true. That is why I distributed free copies of
  Knoppix to students, and used it for my lectures on occasion.

* News and information evolve and change frequently. Several weeks
  after I gave a demonstration on password cracking, the news of Paris
  Hilton's sidekick cracked via simple password broke out. We had to
  reflect back on our previous lecture. Same issue with the recent
  slew of consumer database breaches. The instructor (myself) have to
  keep up with current events especially when teaching such a course.

* Students enjoy examples. Students love screenshots and hands-on
  examples from the terminal.

* Instructor has to encourage feedback and dialog. Maybe it is because
  of the college environment, most of us have been there, done that. I
  found that students walk into class with very little expectation or
  motivation each day. They just want to go to class and leave, and
  probably forget the information. It is the instructor's job to
  incorporate debate and dialog in the course. You just can't hope
  that all students will be active. I had two debates and two expert
  panel sessions in the class, and they have been most engaging (as
  said by the students). Same goes for the discussions on copyrights,
  electronic voting, and P2P technologies -- no surprise considering
  the topics are controversial and debateable.

* Need a hands-on assignment to show how hard security is. Security is
  hard, we know that. But talk can only do so much. Recently, I gave a
  two-part group project on designing a fictitious state lottery game
  and its secure system. Not only did the students find that designing
  a system is difficult and time-consuming, but also how hard it is
  the accomodate for everything there is. I had to use so much red ink
  on grading the design projects, both phases (the game design and
  the system design)

These are just some highlights of what I learned in my very first
teaching experience. After I submit the course grades, I will sit down
and collect all my thoughts about the course. Would I want to do this
again? Absolutely, in a heartbeat.

Ming Chow is a scholar of science and technology, whose areas of
interests are human-computer interaction, game development, computer
security, and computer science in education.

More information about the ISN mailing list