Assignment P5 (Spring 2021)

Answer the following prompt in a maximum of 8 pages (excluding references) in JDF format. Any content beyond 8 pages will not be considered for a grade. 8 pages is a maximum, not a target; our recommended per-section lengths intentionally add to less than 8 pages to leave you room to decide where to delve into more detail. This length is intentionally set expecting that your submission will include diagrams, drawings, pictures, etc. These should be incorporated into the body of the paper unless specifically required to be included in an appendix.

If you would like to include additional information beyond the word limit, you may include it in clearly-marked appendices. These materials will not be used in grading your assignment, but they may help you get better feedback from your classmates and grader.

Question 1 (from Lesson 2.9): ~1.5 pages

For Question 1, you may choose from one of three different question prompts. These prompts are written to target students from the three programs—Computer Science, Cybersecurity, and Analytics—but you do not have to choose the prompt written for your program. Any student may answer any of these three prompts for Question 1. Make sure to state which question you’re answering (ideally in the header for the question, e.g. “Question 1—Analytics Prompt”).

Computer Science Prompt

The OMSCS program is an excellent example of a place where technology and society are intersecting: using technology, the program is delivered at scale for comparably far lower tuition without requiring synchronous attendance or a physical presence in Atlanta.

First, select and describe a specific positive effect of the existence of programs like Georgia Tech’s OMSCS, emphasizing how that positive effect is due to specific elements of the program (such as its low cost, its asynchronous structure, its subsidized model, etc.).

Then, select a potential negative repercussion of programs like Georgia Tech’s OMSCS, emphasizing how that negative effect is also due to specific elements of the program.

Finally, design how the program can be structured to preserve the positive effect while limiting the negative effect.

Hint: Be specific, especially with the positive effect. “More people can get Master’s degrees” is not a specific positive benefit, although it might lead to more specific positive benefits (especially if the demographics of who is able to get the degree are changing). If you’re having trouble thinking of something specific, try to think of something unintentional but positive.

Cybersecurity Prompt

In response to rising concerns over user access, data privacy, and cyber attacks, Georgia Tech has taken two major steps to protect its systems: one, requiring two-factor authentication for all Georgia Tech users, and two, allowing only on-campus connections (through VPN) to access more and more systems.

The positive outcomes of these designs are obvious; however, consider the possible unintentional negative effects of these actions. Identify and describe three unintentional negative effects of these changes. These should not merely be issues or problems with these technologies, but the broader impacts of use of these technologies. Some areas you might consider are: threats to open access to materials, differential impacts on less technically-savvy audiences, use of these technologies for fine-grained behavioral tracking, etc.

Then, consider some of the problems VPN and dual-factor authentication are intended to solve: providing greater assurance of individuals’ identities, ensuring access to systems is permitted before allowing access to be attempted, notifying individuals early of potential compromised account access, etc. Brainstorm and describe two different ways some of these goals might be accomplished through design rather than through controlled access. Your designs need not address all possible roles played by VPN and/or two-factor authentication; they could each address only one role that those technologies serve.

Hint: You should not limit yourself to the possible goals of VPN and two-factor authentication listed here; you may identify any role they play and design an alternate means for addressing it. Similarly, you need not limit yourself to the categories of unintentional negative effects we listed above; you may select any as long as you describe the broader impact of the negative effect rather than just the effect itself.

Analytics Prompt

Information visualization plays a large role in telling stories about data. First, select an existing data visualization. You might consider news sources, visualization communities like /r/dataisbeautiful, or raw dashboards like lite.gatech.eduDescribe the visualization and the story that it tells. As designed presently, what conclusions do you draw from the visualization?

Then, redesign the visualization to tell a different story. Do not change any of the data, but modify the way the data is presented such that the reader or viewer comes away with a different perception of the conclusions of the visualization. The best answer here would redesign the visualization such that the viewer comes away with the opposite conclusion, but it is also acceptable to design it simply that the viewer comes away with no conclusion. For example, if the original visualization showed that cat-lovers do better in OMS-Analytics than dog-lovers, the best answer would—with the same data—show that dog-lovers do better than cat-lovers; however, it is also acceptable for the redesigned visualization to simply suggest there is no relationship between pet preference and academic success in OMS-Analytics.

Finally, analyze the difference between the original visualization and your redesigned visualization. What specific changes are responsible for the different conclusions being drawn? Is one visualization more faithful to the data than the other, or are they just two different interpretations? 

Question 2 (from Lesson 2.9): ~1.5 pages

For Question 2, you may choose from one of three different question prompts. These prompts are written to target students from the three programs—Computer Science, Cybersecurity, and Analytics—but you do not have to choose the prompt written for your program. Any student may answer any of these three prompts for Question 2. Make sure to state which question you’re answering (ideally in the header for the question, e.g. “Question 2—Analytics Prompt”).

Computer Science Prompt

Identify an area you encounter regularly where political motivations are determining the design of technology. First, describe the area you’ve selected.

Then, describe the stakeholders in that area, including their motivations. Any interesting technology will likely have at least three groups of stakeholders.

Then, describe at least three ways those motivations are specifically affecting the design of the technology in that area. If you’re on the right track, you’ll likely find the motivations are in conflict.

Hint: Remember, political motivations do not necessarily have to be things like liberal and conservative; rather, they are places where the technology is designed to create some kind of societal change rather than to maximize usability. Note that also you may choose a technology where different stakeholders are attempting to design it in competing ways; however, this should be present in their actual designs rather than in things like legislation for which they lobby.

Cybersecurity Prompt

One of the biggest threats to login security is users sharing passwords among multiple web sites; a single compromised password can be used to compromise a user’s accounts across multiple sites, some of which often hold the key to access other sites. The problem is disproportionately experienced by audiences with less technical aptitude, which means that many tools that exist to combat the problem—such as LastPass—feel too complex for these users. This in turn creates a negative unintentional side effect of more advanced password managers; they expose the already at-risk technologically-inexperienced to even further attack.

Design a usable way to protect novice internet users from the dangers of sharing passwords among multiple sites. In designing your way to protect against these attacks, you should make the following assumptions: the user is a technological novice who must both decide to use your approach and set it up themselves with no guidance that you do not provide; and the user must remain easily able to log into all sites across multiple devices, including new devices, rather than tying login solely to a specific device or browser (thus excluding Google’s and Apple’s built-in password managers). In other words, your design must preserve the flexibility and portability of passwords.

Then, discuss what it takes to adopt your design. What does it require from the user to get started? How likely is a novice user to agree to participate or follow your requirements?

Then, discuss what it takes to use your design. What ongoing cost does it create on the user, and how likely are they to continue using your design given that cost?

Finally, evalaute how much protection your design actually gives them. What are the remaining risks? If a single password was compromised, what would it take to compromise the rest with your design?

Hint: Take a broad view of “design”. You don’t necessarily have to design a technological solution to the issue. Your design can focus instead on education, both of the ‘why’ and ‘how’ to create more secure passwords. Or, it can focus on preventing shared passwords from being used nefariously if compromised. The important thing is to do something that novice audiences will agree to do and that will effectively protect them.

Analytics Prompt

Deductive disclosure is the identification of a person’s identity based on multiple factors that, while themselves not identifiable, together can be used to identify a person. Describing how you will protect against deductive disclosure is part of completing an IRB application’s data management section.

Imagine you have a dataset that lists every course and grade received by every Georgia Tech student in the past 20 years. It has four columns: an anonymous student identifer (e.g. ABC123), a semester (e.g. Fall 2005), a class number (e.g. MATH1552), and a grade that student received in that term of that class (e.g. C). Merging this data with publicly-available information you know about me (that I finished my PhD in 2015, my MS in 2009, and my BS in 2008), you could relatively easily discern that I received a C in Calculus 2 as an undergraduate at Georgia Tech: only PhD-HCC students take CS6451, and only one student has taken both CS6451 and MATH1552 within the timeframes that would work for my graduation data.

First, discuss whose responsibility it would be to prevent this sort of deductive disclosure: is it the responsibility of the creators of the dataset to ensure that this deductive disclosure cannot happen, potentially limiting the usefulness of the dataset? Is it the responsibility of the custodians of the dataset to ensure only those who are bound not to use it nefariously have access, limiting the people who can perform research on it? Or is it the responsibility of the researchers to only use the dataset for legitimate purposes?

Second, design a way in which the dataset can be used or structured that protects against this deductive disclosure. Would you limit access to approved individuals? Modify the dataset to remove consistent identifiers? More fundamentally change the infrastructure underlying the dataset?

Third, discuss the drawbacks your redesigned dataset would introduce in exchange for preventing deductive disclosure. What analyses would no longer be possible? What additional resources would be necessary to manage the dataset? What risks remain for deductive disclosure?

Hint: When considering drawbacks, take a wide view. For example, LearnSphere is an online repository of educational datasets constructed to allow individuals to run scripts against datasets without exposing the data itself; however, this requires the datasets to be put into a form that LearnSphere understands, and still requires researchers to still obtain the approval of legal counsel to share the dataset with a third-party who may not understand the technical reasons the data itself is safe.

Question 3 (from Lesson 2.10): ~1.5 pages

Every year, ACM CHI is the world’s largest conference on Human-Computer Interaction. Select two papers (not extended abstracts and not papers already part of the Required Readings) from one of the most recent three CHI conferences (2020, 2019, 2018); if the PDF is not accessible directly from the Proceedings, either log into the ACM Digital Library with your Georgia Tech account (Sign In in the top right > With you Organization in the bottom left), or search Google Scholar for the paper. Usually you’ll find them on the author’s own web sites. If you can’t get access to a paper, pick a different one!

For each of the two papers, list the paper’s title and author list, and then briefly summarize the paper. In summarizing, be careful not to restate the abstract: the abstract for the paper emphasizes the paper’s significance, but your summary should focus on describing the paper to someone unfamiliar with the contents at all. Then, describe why you find this paper interesting or why you selected it for this assignment.

Make sure to complete all these steps for each of the two papers. They may come from the same or different years.

Hint: If you’re a Cybersecurity student, try Ctrl+F searching the abstract listings for “security”, “cybersecurity”, “exploit”, “breach”, and “phish” to find Cybersecurity-oriented papers. If you’re an Analytics student, try Ctrl+F searching for “analytic”, “visualization”, “data science” , or “data scientist” to find Analytics-oriented papers.

Question 4 (from Lesson 2.10): ~1.5 pages

Each year, there are several other more specialized conferences about HCI sponsored by ACM, IEEE, APA, and others. Below is a list of such conferences.

Select two different conferences from this list. Then, from each conference, select a paper. For each of the two papers, list the paper’s title and author list, and then briefly summarize the paper. In summarizing, be careful not to restate the abstract: the abstract for the paper emphasizes the paper’s significance, but your summary should focus on describing the paper to someone unfamiliar with the contents at all.

Then, describe why you find this paper interesting or why you selected it for this assignment.

Make sure to complete all these steps for each of the two papers. They may come from the same or different years, but they must come from different conferences. The conferences you may choose from are:

Submission Instructions

Complete your assignment using JDF, then save your submission as a PDF. Assignments should be submitted to the corresponding assignment submission page in Canvas. You should submit a single PDF for this  assignment. This PDF will be ported over to Peer Feedback for peer review by your classmates. If your assignment involves things (like videos, working prototypes, etc.) that cannot be provided in PDF, you should provide them separately (through OneDrive, Google Drive, Dropbox, etc.) and submit a PDF that links to or otherwise describes how to access that material.

This is an individual assignment. All work you submit should be your own. Make sure to cite any sources you reference, and use quotes and in-line citations to mark any direct quotes.

Late work is not accepted without advanced agreement except in cases of medical or family emergencies. In the case of such an emergency, please contact the Dean of Students.

Grading Information

Your assignment will be graded on a 20-point scale coinciding with a rubric designed to mirror the question structure. Make sure to answer every question posted by the prompt. Pay special attention to bolded words and question marks in the question text.

Peer Review

After submission, your assignment will be ported to Peer Feedback for review by your classmates. Grading is not the primary function of this peer review process; the primary function is simply to give you the opportunity to read and comment on your classmates’ ideas, and receive additional feedback on your own. All grades will come from the graders alone.

You will typically be assigned three classmates to review. You receive 1.5 participation points for completing a peer review by the end of the day Thursday; 1.0 for completing a peer review by the end of the day Sunday; and 0.5 for completing it after Sunday but before the end of the semester. For more details, see the participation policy.