I330:Organizational Informatics of Security
Readings and schedule for Organizational Informatics for spring 2008.
11:15 pm Monday and Wednesday.
BH 242
Professor Jean Camp
Course Overview, Themes, Grading, and Goals
Overview: The Course in a Nutshell
Jan 7
Introduction and course overview
The topics the first day are who, when, and why. We will introduce ourselves. I will
descibe the course policies. I will provide information about the project,
about grade distribution, and answer any of your questions.
This course is about ICTs, organizations and your role in the organization. The course has three primary elements.
First, the readings and lectures contain the minimal critical information
for literacy. The readings
and lectures will focus primarily on theory, particularly looking at
organizations through the lens of economics. There are also, obviously, readings on organizational theory.
Second, the discussion section. There will be some readings
during the discussion section, primarily those that apply to the
practical training part of the course.
Third is the practical training. The project is an experience in
team management. It includes writing a workplan, implementing the work
plan, and filling out an evaluation of your peers. Most of you are
attending this University to broaden your horizons and increase your
employment-relevant skills. This project, properly executed, will do
both. At the end of the project you should have a considerably expanded
knowledge of your subject, improved presentation skills, and an
extremely cursory introduction to project management. Regular deadlines
during the semester are intended to force the groups not to wait until
the last moment to complete the project.
Jan 9 What Governs?
Questions to consider during reading
Technologists understand that code embeds constraints. Law and social norms also determine outcomes.
Readings
Lessig: Code and Other Laws of Cyberspace, Basic Books, 1999, Chapter 7: What Things Regulate PP 85-99
Jan 14 Technology as Policy
Questions to consider during reading
Roger Dingledine and Paul Syverson describe the technology and politics of Tor.
Tor is a strictly technical system built for political reasons. The code is open, thus fllowing traditional legal practices of transparency. Do any of you use it? Do social norms explain this?
Readings
An Introduction to Tor http://www.torproject.org/overview.html.en
Jan 16 Security and Competition
Questions to consider during reading
What are the goals of security in theory? How does this differ from how
it is used in practice? Would the security strategies discussed in
Anderson work with open code?
Readings
Ross Anderson, Cryptography and Competition Policy:Issues with Trusted
Computing, http://www.cl.cam.ac.uk/ftp/users/rja14/tcpa.pdf
Optional Readings
L. Jean Camp Frighteningly Basic Cryptography By Silly Metaphor
Chapter 3. You may purchase the book or select the material from the
on-line version. However, if you choose Print after going to the
on-line version Trust and Risk you will print the entire book. Also
note that this is the free and thus not the edited version.
Jan 21 MLK Day No Course Meeting
Group formation and project ideas due.
Jan 23 Technology as an Organizational Construct
Questions to consider during reading
From where do
organizations come? Is it just the cooperation of a many
people? Economic forces? Group psychology? Technologies, government and business are
presented in media and academy as distinct and clear opposites from
government. Yet in
fact their interaction is quite deep and profound. Government plays a
critical role in creating markets and businesses just as the
environment plays a critical role in creating ecosystems and species.
Readings
Deborah Spar Ruling the Waves pp. 1-22, p.124-289
H. Hocheiser "The platform for privacy preference as a social protocol: An examination within the U.S. policy context" ACM Trans. Inter. Tech., Vol 2, No. 4, pp. 1533-5399, http://doi.acm.org/10.1145/604596.604598
Organizations in Informatics Context
Jan 28 Digital Rights Management
Lecture by J Duncan
Do you believe the warnings at the beginning of videos? Not all companies do.
A computer-industry trade group has submitted a formal complaint because these warning overstate
copyright holders' power to the extent that it violates fair use.
http://www.defendfairuse.org/include/ccia-ftc.pdf
National Academy of Science, The Digital
Dilemma:Intellectual Property in the Information Age. National Academy
Press, Washington, DC (2000); (contents completely available on-line)
pp. 1-75.
Optional Reading
Spinello & Tavani:Excerpts from the Digital Millennium Copyright Act (DMCA) of 1998
Spinello & Tavani:James Boyle, A Politics of Intellectual Property: Environmentalism for the Net
Spinello & Tavani:J. W. Snapper,On the Web, Plagiarism Matters More Than Copyright Violations
Optional Readings
Spinello & Tavani:Shelly Warwick, Is Copyright Ethical?
Spinello & Tavani:Note on the DeCSS Trial
Samuleson, Digital Rights Management {and, or, vs.} the Law vol.
46, no. 4, April 2003. http://www.sims.berkeley.edu/~pam/papers.html
Camp, DRM Doesn't Really Mean Copyright
, IEEE Internet Computing. May 2003. http://www.ljean.org/files/DRM.pdf 16 Spring Break
Jan 30 Security and Usability
Lecture by Tonya Stroman
Organizational Models
An organization can be considered a
single entity, a collection of competing subsets, a group of
self-optimizing individuals, a machine following a process, or a
cultural entity. In the first section of this course we will examine
each of those models.
I will provide a very
short introduction to rational choices, and then examine the limits of
rationality. We return to the limits of rationality topic in Economics
and Uncertainty.
First draft of biliography due.
Feb 4 Organizations as Single Rational Beings
Questions to consider during reading
There are three models of
organizations:individual rational actors, collections of groups or
stakeholders, and as groups of political individuals with their own
visions and power struggles.
Reading
Images of Organizations by Gareth Morgan, pp11 - 27, Chapter 1: Mechanization Takes Command: Organizations as Machines (Sage Publications, Inc; 2 edition, December 10, 1996)
Tversky and Kahneman, "Rational Choice and the Framing of Decisions" in Rational Choice, Hogarth and Reder, eds., pp. 67-94.
Feb 6 Organizations as Compilation of Stakeholders
Questions to consider during reading
Organizations are not
always entirely rational. Ironically, the rational organization
understands itself as being created by a group of components, and tries
to construct mechanisms to create effective interactions between the
components. Understanding the components of the organization can
prevent the creation of perverse incentives.
Reading
Images of Organization by Gareth Morgan, pp 153-213, Chapter 6, Interests, Conflicts and Power: Organizations as Political Systems (Sage Publications, Inc; 2 edition, December 10, 1996)
Feb 11 Organizations as Competing Individuals
Questions to consider during reading
The paper below describes an application of the discussion above at the most fundamental levels of the net.
Reading
Fool
us Once Shame on Me - Fool us Twice Shame on You: What we can Learn
form the Privatizations of the Internet Backbone Network and the Domain
Name System
Optional Readings
Michael Froomkin's discussion of power concentration
at a global scale in The
Empire Strikes Back and in particular how ICANN is a part of this
trend in
Of Governance and Governments
Work plan and project definition.
Feb 13 Organizations as Cultures
Questions to consider during reading
Americans spend most of
their waking hours are work. Workplaces are not neutral or free from
emotion. Workplaces have their own cultures, some of which are
successfully cultured by management.
Readings
Van Mannen, J. (1991) "The
Smile Factory:Work at Disneyland." In Frost, P.J., L.E. Moore, M.R.
Louis, C.C. Lundberg and J. Martin (eds.):Reframing Organizational
Culture.
Recommended Additional Reading
Ullman, Ellen. (1997) Close to the Machine, pp 17-27;95-121
The Behavioral Component
A short discussion on how individuals
in an organization behave, and how economics alters that behavior. Do
you ever consider leaving Informatics? Is there an airline you refuse
to use? In Informatics are the people with whom you refuse to work?
Feb 18 Games Companies Plays
Questions to consider during reading
What happens when an organization is broken? How do the people that
make up organizations choose to function or fail to function in an
organization?
Readings
R. Hirschman, Exit, Voice, and Loyalty. Chapters 1, 2, 3, and 8 (pp. 1-20, 21-29, 30-43, 106-119)
Feb 20 The Human in the Organization
Questions to consider during reading
How are on-line discussions and organizations distinct from off-line organizations?
Does an organization or process change by virtue of replication
in an electronic form? How are people and interactions different on email? How did you handle this information overload?
Readings
Davis, J., Farnham, S., Jensen, C. (2002). Decreasing Online Bad
Behavior. In Extended Abstracts of CHI 2002, Minneapolis, April 2002.http://research.microsoft.com/scg/papers/Bad Behavior CHI 2002.pdf
Recommended Additional Reading
Connections New Ways of Working in the Networked Organization By Lee Sproull
and Sara Kiesler MIT Press, 1991, 212 pages.
The Organization of the ICT Market
The ICT market has distinct
sectors. Here, we want to begin to unpack the ICT
market.
Feb 25 Privacy Markets Basics
Questions to consider during reading
Direct incentives are required to protect privacy. The market by itself will not reach a equilibrium where privacy policies are readable, read and reliable.
Readings
Andrew Odlyzko "Privacy, Economics and Price Discrimination on the Internet", pp. 187-212, Ch. 15, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY
Michael Froomkin, The Death of Privacy , University of Miami School of Law, 2000. http://cyber.law.harvard.edu/privacy/Fromkin_DeathOfPrivacy.pdf
Work plan, second version.
Feb 27 Information Market Basics
Questions to consider during reading
How is content presentation different on the network?
Readings
Kalakota & Whinston, Electronic Commerce
pp 251-282. Addison Wesley (Boston, MA)
Optional Readings
Gupta, Stahl & Whinston, Pricing of Services on the Internet
http://cism.bus.utexas.edu/alok/pricing.html
Why were they wrong? Why has there not been per-use pricing?
Decision - Making Tools in Economics
Economics has developed a series of tools that are widely used in daily
business analysis. This section of the course will introduce a few of
those tools, and focus on the potential of these tools to enable
analytical insights.
March 3 Life's a Game
Questions to consider during reading
In classical economics life is never a beach, and joy is not an option. However, life can certainly be modeled as a game. We self-optimize and implement strategies according to our expectations of each other's behavior. For example, do you expect to be able to skip this reading and not be quized? What are your odds, and what is your expectation of my quiz-giving strategy?
Readings
Gardener, Games for Business and Economics
pp 1 -22.
Outline due as weekly assignment.
March 5 NPV and Discounted Cash Flow
Questions to consider during reading
Net present value is a way of deciding if we are better off investing
money today or saving money to invest tomorrow. Overview of examples. A
simple example of a decision tree in class.
Readings
Luehman, What's It Worth?:A General Manager's Guide to Valuation
HBR May - June pp. 133-141
Outline due as weekly assignment.
March 5 NPV and Discounted Cash Flow
Questions to consider during reading
Net present value is a way of deciding if we are better off investing
money today or saving money to invest tomorrow. Overview of examples. A
simple example of a decision tree in class. Readings
Luehman, What's It Worth?:A General Manager's Guide to Valuation
HBR May - June pp. 133-141
March 10 No Course Meeting
March 12 No Course Meeting
March 17 Economics and Uncertainty
Questions to consider during reading
Every person experiences
uncertainty. Now that uncertainty is merely personal but in the future
your uncertainty and decisions may play a role in decision-making.
Think about your own decisions and how you have fallen to these habits.
Readings
Tversky and Kahneman, "Judgment Under Uncertainty:Heuristics and Biases" Science, vol. 185, 1974, pp. 1124-1131.
M. G. Morgan , B. Fischhoff , A. Bostrom Risk Communication :A Mental Models Approach pp 1-18, pp 34-62.
Revised bibliography due as weekly assignment.
March 19 Productivity
Questions to consider during reading
Why and how have IT altered organizations? It seems inherently obvious
that it is more productive to send an email than write, print and
deliver an email. Where and what are the productivity gains?
Readings
Erik Brynjolfsson, The Productivity Paradox
Communications of the ACM, Volume 36 , Issue 12.
Try the ACM Portal
Information Economics
The
session above provided a rudimentary overview of economic tools. In
this section the focus is on the unique features of the information
market.
March 24 Digital is Different
Questions to consider during reading
Fundamental assumptions underlie market economics. How does digital challenge those assumptions?
Readings
Delong and Froomkin (1997) The Next Economy?
Internet Publishing
and Beyond:The Economics of Digital Information and Intellectual
Property. Edited by B Kahin and H Varian. Cambridge, MA MIT Press.
http://www.law.miami.edu/~froomkin/articles/newecon.htm
Project outline and abstract due.
March 26 IT in Organizations
The economics of information are different and therefore the markets in information goods also vary widely.
Questions to consider during reading
Why is IT important in an organization? Are ICTS inherently valuable? If not, how do ICTs illustrate their value. Reading
Carr, Nicholas G., "IT Doesn't Matter", Harvard Business Review, May 2003.
Social Engineering Attacks
March 31 Real World Anonymity- What Works?
Questions to consider during class
Why does anonymity matter? Why does it break?
Readings
Richard Clayton, George Danezis, Markus Kuhn, "Real World Patterns of Failure in Anonymity Systems" Information Hiding 2001, LNCS 2137-2152.
Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook
Gross and Acquisti
www.heinz.cmu.edu/~acquisti/papers/acquisti-gross-facebook-privacy-PET-final.pdf
Network Economics
April 2 Interconnection and Network Effects
Questions to consider during reading
Feedback is a critical concept in the economics of networks and in network-based competition.
Reading
Noam, Interconnecting the Network of Networks, MIT Press, 2001. pp. 1-25.
Optional Reading
The Economics of Networks, by Nicholas
Economides, International Journal of Industrial Organization, Vol. 16,
no. 4, pp. 673-699 (October 1996). Available on-line
April 7 Lock-in and feedback
Questions to consider during reading
Network economics implies feedback. Feedback can cause lock-in. How easy will it be for you to get a new email? A new phone?
Readings
W. B. Arthur, "Competing
Technologies, Increasing returns and Lock-in by Historical Events", The
Economic Journal, Vol 99, Issue 394, pp116-131
P. A. David "Clio and the Economics of Qwerty" The American
Economic Review, Vol 75, Issue 2, Papers and Proceedings of the 97th
Annual Review of the American Economic Association, May 1985, pp.
332-337.
Revised group work plans and outlines due.
April 9 Versioning
Questions to consider during reading
What is versioning? How does digital change versioning? Does beer taste differently from a keg than from a can?
MLS listings on-line http://www.realtor.com and http://www.targetmls.com/
Amazon.com and www.barnes and noble.com and www.reiters.com
Readings
Information
Rules, Shapiro, Carl. & Varian, Harvard Business School Press,
(Boston, MA) , c1999, pages 53-81
Capstone Preview by Dr. Dennis Groth
April 14 The Capstone
Questions to consider during class
The capstone, like this
class, is intended to provide a real-life experience. Dr. Groth will
introduce and discuss the capstone.
Readings
There are no readings.
IT From a Manager's Perspective
April 16 IT in the Real World
Questions to consider during class
What is an ASP? How do you value an ASP? How does versioning work in the world of ASPs? CFO of Cornerstone Software, Shaum McDermott, will speak at this session.
Readings
There are no readings.
Information Ownership
April 21 Intermediation
Questions to consider during reading
What is disintermediation?
Re-intermediation? How does a bookstore inherently bring together
certain business lines by virtue of physical location? Think about your
favorite sites or consider this sites:
The Hunger Site -- http://www.thehungersite.com -- could this work off line?
Readings
Laudon & Traver, "E-commerce" second edition. pp. 136 - 162
Whinston & Kalakota, "Electronic Commerce" pp. 21 - 23
Information is unique because the ownership structure is extremely
fluid. Who owns which elements of an information good is a critical
question.
All project presentation material due on OnCourse.
April 23 Closed Software & Rule of Law in MD, VA and thus IN
Questions to consider during reading
How are markets organized?
What were the inherent assumptions about markets in the readings from
last week? Where do markets come from? Who participates in defining the
rules of a market? What are EULA and UCITA?
Readings
The Uniform Computer Information Transactions Act:A Well Built Fence or Barbed Wire Around the Intellectual Commons?
uts.cc.utexas.edu/~lbjjpa/2001/bowman.pdf
Exam Period --Student Presentations