Getting Started (20 mins)

Video: Big data is better data

Video: Big data is better data - TED talk - Video

Prompt: Based on what you saw in the video, what is big data?

Discuss: In small groups, have students share their responses. Afterwards, open the discussion to the whole class. The main points to draw out from this conversation are:

Big data means different things, at different times, to different people.

• It can mean devices that are constantly collecting data.
• It can mean digitizing data that’s been around for a long time (e.g., every book ever written).
• It can mean machine learning and artificial intelligence.

Activity (30 mins)

Exponential Growth and Moore's Law (10 mins)

Display: Direct students to the graphic showing the exponential growth of data, either by projecting it or having them find it on the Code.org website.

Moore's Law

Briefly introduce Moore's Law as simple piece of vocabulary.

However you do it, here are some key ideas students need to know about Moore's Law:

• Moore's law is actually about computing power, not data, but data growth seems to following the same trend
• So far, computing power/capacity seems to double every 1.5-2 years...
• That means it grows exponentially...
• Exponential growth is hard for humans to fathom...
• Yet we need to plan for it.

Wrap-up (20 mins)

Big Data Wrap Up (10 mins)

Share: Students should share their results from the Big Data Sleuth Cards with members of another group. This can also be conducted as a classwide discussion.

• What kinds of data are out there?
• What format does it come it?
• Where does it come from?
• Did anyone find a link to an actual data source?
• Did anyone find an API? What’s an API?

Prompt: After your explorations what do you think "big data" actually means? What makes it "big" as opposed to not?*"

Discuss: Have students share their thoughts with a neighbor. Then share more broadly with the class.

Introduce Explore PT (10 mins)

Distribute: Give students digital or printed copies of College Board - Assessment Overview and Performance Task Directions for Students. We will review pages 4-6 which introduces the Explore PT Components (Digital copy linked to from student resource section for this lesson on the Code.org website).

Review: Quick skim this document with the class, touching on the following points.

• Page 4: The Explore PT has 2 major components, 1. computational artifact, 2. written responses
• Pages 5-6: Skim the submission requirements and give students time to read prompts 2a - 2e.
• Highlight prompts 2c and 2d which references beneficial / harmful effects and the way computing innovations use data, themes of this unit.

Discuss: Respond to any questions students share. Don't lose too much time here. You'll have many opportunities to review the Explore PT in later lessons.

Extended Learning

Open Data: You might be interested in looking at some of the publicly available datasets provided at these sites. It can take a little digging, but you can see the raw datasets and some of the applications that have been made from them.

• Data.gov
• Open Data (opendata.socrata.com)
• Open Data Network (www.opendatanetwork.com/)

Google Maps Traffic: Another big data resource that students may use every day:

• Go to maps.google.com and zoom in on your town or city.
• Turn on the Live Traffic view for your area or a nearby town or city.
• The map should show real-time traffic data.
• Have students respond to the same set of questions that they did on the Big Data Sleuth Card. This may take a little more research, since the sources of the data aren’t as clearly marked.

Assessment

TBD

Getting Started (10-15 mins)

Video - Motivating the research

Goal: Develop some ideas (and excitement) about the rapid research project

Video: Show, or have students watch, one of the following videos:

• Data and Medicine - Video (6:07)
• Computer Science is Changing Everything - Video (4:33 NOTE: this video was also shown in Unit 1)
• The Math Behind Basketball's Wildest Moves - Video (12 mins)

The purpose is simply to motivate the upcoming research.

Get excited! This is your opportunity to dig deeper into a computing topic that has piqued your interest over the entire course.

• What kinds of things are you interested in?
• How does computing affect them?
• How is data used to make innovations you’re interested in actually work?

The project mimics some of the things you have to do for the Explore Performance Task and will be useful preparation. In particular the Explore Performance Task asks you to:

• Research a modern computing innovation.
• Explain how it uses, produces, or consumes data.

This is exactly what you’ll be doing today!

Activity (30 + 40 mins)

Rapid Reseach - Data Innovations

Distribute: Rapid Research - Data Innovations - Activity Guide and Data Innovation One-Pager - Template and review as a class.

Below is a suggested schedule for completing the project.

Wrap Up

Presentation (Optional):

If time allows, students may wish to have an opportunity to share their one-pagers with one another. Consider other options like creating a “Data Innovations Museum” by posting links to all their documents in single shared document. Or even print them out and post them in the room to be reviewed in a gallery walk.

Assessment

• Use the rubric provided with the Activity Guide to assess the one-pagers.

Getting Started (10 mins)

Explore: World’s Biggest Data Breaches Visualization

Distribute:

Direct students towards the World's Biggest Data Breaches Visualization - Web Site (link in code studio) They should spend a couple minutes browsing through the different breaches there. Ask them to make a few notes about the following questions:

• What kind of data is being lost? And how much?
• What kinds of issues could arise from this data getting into the wrong hands?

Discuss: In small groups or as a class, have students share their findings. The main points to draw out from this conversation are:

• All kinds of personal data, from usernames to social security numbers and credit card information, is lost fairly regularly.
• This information can be used to steal money or identities, get access to classified information, blackmail people, etc.

Transition:

We’ve spent a lot of time looking at potential benefits of collecting and analyzing data. As we’ve already seen today, however, there are some risks associated with collecting all of this information. If it falls into the wrong hands or is used in ways we didn’t intend, there may be serious risks imposed on our privacy or security. We’re going to start looking more deeply at this problem.

Activity (30 mins)

Data Privacy Lab: How easily can you be identified?

Distribute:

• Direct students to the Data Privacy Lab - Web Site.
• Students should type in their information (birthday, ZIP code, and gender) to determine how many other people share those characteristics.
• In most instances, they will find that those three pieces of information can uniquely identify them.

Thinking Prompt:

• "Why is it significant that you are one of only a few people with your birthday, gender, and ZIP code? What concerns does this raise?"

Discuss:

In small groups or as a full class, students should discuss their responses. The main points to draw out from this conversation are:

• We can be uniquely identified from just a few pieces of information.
• Even information we would not normally consider to be “sensitive” can still be used to identify us.
• There are security and privacy concerns raised as a result of most information about us being available online.

Research Yourself Online

Wrap-up

Class shares their findings

Time permitting it's very interesting to share findings.

Prompt:

• "What information were you able to find about yourself? Were you able to make connections in the data you collected to figure out anything else? Were you concerned about anything you were able to find?"

Discuss: Students should share their findings, either in small groups or as a class. The main points to draw out from this conversation are below:

• A great deal of information about us is freely and easily available online.
• By making connections in this data or to other sources of data. it is possible to form a more complete picture of who we are and what we do.
• There are security and privacy concerns raised by the data we post online about ourselves.

Assessment

• See the examplar response to the worksheet. Available in the teacher only area lesson 3 in code studio.
• See other assessment items in code studio.

Extended Learning

1. You may want to check out Chapter 2 of Blown to Bits, which goes into some depth about issues and concerns with data and privacy. In particular, pages 32-35 are related to this lesson.

2. It takes a bit more reading but the Data Privacy Lab project out of Harvard has another fascinating (and scary) project called The Data Map

   • You could take a lot of the information there for more rigorous research into how data can be used to identify people

Getting Started (15 mins)

Video - The Future of Big Data

Video:

• The Future of Big Data - Video
• Video is also linked in Code Studio for Students

Transition:

The video mentions how your phone and websites you use track certain things about you. Today we’re going to find out a little bit more about it. Here are the primary questions we’re interested in:

• Why is this tracking necessary? What are the benefits and drawbacks?
• How can you find out what kind of data is tracked about you and by whom?

Thinking Prompt: What do you know about data collected about you every day?

Prompt:

• "Write down 2 or 3 websites, web services, or apps that you use the most or rely on the most to stay connected to friends and family, or use for “productivity” like school work."

• "For each website / service / app, fill in the following information - just what you know off the top of your head from your own experience or memory":

Info to write down for each site:

Students can just complete this in a journal or notebook. They should make a little table in order to compare side-by-side

1. Name of Website / Service
2. Do you have an account, or need to login?
3. What kinds of data does (or could) this site potentially collect about you?
4. Do you know if this data is shared with other people, companies or organizations? (If so, which ones?)
5. Do you know how you would find out what data is collected or how it’s shared?

Give students about 5 minutes to write things down.

Quick Poll and Recap of Findings:

• Show of hands: How many of the apps that you chose were free?

  This will likely be all or almost all the apps.

• Whip around: Name one piece of data the app you chose could potentially collect or know about you.

  Try to get out as many different types as possible.

Activity 1 (30 mins)

Part 1 - Reading: Wall Street Journal: Users Get as Much as They Give

Distribute:

Wall Street Journal: It’s Modern Trade: Web Users Get as Much as They Give

• Original article on wsj.com: WSJ article [original] - External Article
• Annotated/Jigsaw shorter version for jigsaw option: WSJ article [annotated] - Article

You can have students read individually or break it up to “jigsaw” it. Either option in the end will probably take the same amount of time. (See teaching tip for more info)

Discuss: Ask students in small groups to discuss what they learned from the reading and come up with a quick “temperature check”:

• "Right now, which way are you leaning? Too little privacy? Right amount?"
• "Are you willing to give up some privacy (and potentially some security) to have free access to modern innovative tools - do you trust companies to be good stewards of your data?"
• "Are you concerned? Do you think too much of your data is out of your control? Do you think too much personally identifiable data is given over to someone else?"
• "What other questions do you have?"

Notes for the discussion:

• In the discussion, it’s worth noting the source of the article - The Wall Street Journal - and asking students to consider whether or not this information has a “pro-business” slant.

• This is a very complex issue. The important thing is whether or not students are seeing both sides of the issue.

• Try not to let students take the middle ground - “just the right amount of privacy” - as it’s an easy out. Press them to consider a specific case of one app or website and make a determination about that.

• Caution: Try to keep the conversation focused on economic terms and the central question of “What is the cost of ‘free’?” It can be easy for this slip into a debate about privacy versus utility, in terms of government access to data, espionage, terrorism, etc. These are extremely important issues as well, but the conversation might get unwieldy. The focus of this lesson is about students becoming more informed consumers of the technology they use.

Activity 2 (30 mins)

Part 2 - Read a real data privacy policy

Distribute:

• Activity Guide - Privacy Policies - Activity Guide

Prompt:

• "Pick one of the apps / websites that you chose at the beginning of class, and go find and read through that site’s privacy policy"

Here is a synopsis of what's in the activity guide for students to research.

• Students are asked to note what information the site says they collect, how they are using it, and (hopefully) how they are protecting it.
• The actual activity guide provides a bit more guidance for students about how to find answers to these questions.

Discussion / Share out:

• Put students into groups of 3 to share what they found with each other.

• Each group should report out 4 things for the policies reviewed in the group

  1. The names of the companies / organizations / websites reviewed by the group
  2. Notable similarities and differences in the kinds of data collected
  3. Just the number: How many privacy policies let you access, modify or delete your personal data?
  4. Just the number(s): How did you rate the policies on how comfortable you were?

• Teacher should take note of the “comfort ratings.”

Prompt:

• "What’s your “temperature” on data collection now? Are you leaning toward more privacy? Or the same/less as there is now?"

Wrap-up

Where do you stand?

Prompt:

• "This lesson is entitled The Cost of ‘Free.’ What does that mean to you now?"
• "How would you explain The Cost of ‘Free’ to a family member, or person you just met, if you had only 60 seconds?"

Would you install this “free app”?

As a final thought, what is your reaction to this app installation screen? (You can see a higher-resolution version in Code Studio.)

• What questions do you have?
• What would you want to know?
• What would you do to find that out?
• Bottom line: Would you install this app?
  
  

Assessment

• To get an idea of what to look for in the activity guides see the student exemplar in the teacher only area for Unit 4 lesson 4 here: EXEMPLAR - Activity Guide - Privacy Policies - Exemplar

Extended Learning

Articles in the news

Longer Reading

• Blown to Bits - Chapter 2 - Naked in the Sunlight: Privacy Lost, Privacy Abandoned
• Program or Be Programmed - Chapter 7: Social - Do Not Sell Your Friends

Getting Started (15 mins)

The critical role of encryption in everyday life

Thinking Prompt:

• "In your daily life what things do you or other people rely on keeping a secret? Who are these secrets being kept from? How are these things kept secret?"

Share:

• Provide a couple minutes for students to share their ideas with their classmates.
• Ask them to brainstorm as many areas as they can where they or other people rely on secrecy.
• Try to touch on as many different people and contexts as possible.

Classic Encryption - The Caesar Cipher

Background:

Many of the ideas we use to keep secrets in the digital age are far older than the Internet. The process of encoding a plain text message in some secret way is called Encryption

For example in Roman times Julius Caesar is reported to have encrypted messages to his soldiers and generals by using a simple alphabetic shift - every character was encrypted by substituting it with a character that was some fixed number of letters away in the alphabet.

As a result an alphabetic shift is often referred to as the Caesar Cipher.

Prompt:

• This message was encrypted using a Caesar Cipher (an "alphabetic shift").
• Let's see how long it takes you to decode this message (remember it's just a shifting of the alphabet):

Display or write this on the board

    serr cvmmn va gur pnsrgrevn

• Give students about 3-5 minutes to work on cracking the message.
  • ANSWER: "free pizza in the cafeteria" - the A-Z alphabet is shifted 13 characters.

Recap:

• With this simple encryption technique it only took a few minutes to decode a small message.
• What if the message were longer BUT you had a computational tool to help you?!

Activity (35 mins)

In this set of activities students will use two different versions of a simple widget in Code Studio to "crack" a messages encoded with substitution ciphers, including an alphabetic shift and random substitution.

Transition to Code Studio

Part 1 - Crack a Caesar Cipher

Part 2 - Crack a Random Substitution Cipher

After re-capping the first activity make sure students understand the following before proceeding:

• Cracking a Caesar cipher is easy...trivial with a computational tool like the one we used.
• The next step is to make the encryption slightly harder...

New Challenge:

• What if instead of shifting the whole alphabet, we mapped every letter of the alphabet to a random different letter of the alphabet? This is called a random substitution cipher.

• The new version of the widget you'll see is a more sophisticated version of the encryption tool that shows you lots of different stuff.

• But what it does is bit of a mystery! Let's check it out...

Wrap-up

As part of wrap up the major points we want to draw out are:

• Encryption is essential for every day life and activity
• The "strength" of encryption is related to how easy it is to crack a message, assuming adversary knows the technique but not the exact "key"
• A random substitution cipher is very crackable by hand though it might take some time, trial and error.
• However, when aided with computational tools, a random substitution cipher can be cracked by a novice in a matter of minutes.
• Simple substitution ciphers give insight into encryption algorithms, but as we've seen fall way short when a potential adversary is aided with computational tools...our understanding must become more sophisticated.
• If we are to create a secure Internet, we will need to develop tools and protocols which can resist the enormous computational power of modern computers.

Here are a couple of thought-provoking prompts you can use to bring closure to the lesson and as an avenue to draw out the points above. Choose one or more.

Prompts:

How much easier is it to crack a Caesar cipher than a random substitution cipher? Can you put a number on it?

• For Caesar's Cipher there are only 25 possible ways to shift the alphabet. Worst case, you only need to try 25 different possibilities. A random substitution cipher has MANY more possibilities (26 factorial = 4x10 ²⁶ possibilities). However, as we learned, with frequency analysis we can avoid having to try all of them blindly.

Was it difficult to crack a Random Substitution cipher? Did it take longer than you thought? shorter? Why?

• Computational tools aid humans in the implementation of encryption, decryption, and cracking algorithms. In other words, using a computer changes the speed and complexity of the types of encryption we can do, but it also increases our ability to break or circumvent encryption.

Any encryption cipher is an algorithm for transforming plaintext into ciphertext. What about the other way around? Can you write out an algorithm for cracking a Caesar cipher? What about a random substitution cipher?

• An algorithm for cracking a Caesar cipher is pretty easy - for each possible alphabetic shift, try it, see if the words come out as English.
• An algorithm for cracking random substitution is trickier and more nuanced. There might not be a single great answer but through thinking about it you realize how tricky it is to codify human intelligence and intuition for doing something like frequency analysis into a process that a machine can follow. It probably requires some human intervention which is an interesting point to make.

Recall that in RFC 3271, “The Internet is for Everyone” Vint Cerf wrote the following. What did he mean by "cryptographic technology?" What does it mean to you now?

Internet is for everyone - but it won't be if its users cannot protect their privacy and the confidentiality of transactions conducted on the network. Let us dedicate ourselves to the proposition that cryptographic technology sufficient to protect privacy from unauthorized disclosure should be freely available, applicable and exportable.

Review of Terminology -- you can use this opportunity to review new vocabulary introduced in the activity and respond to questions students may have encountered during the activity.

• Definitions of cryptography, encryption, decryption, cracking/breaking an encryption, cipher, etc.

Assessment

Questions (also included in Code Studio):

1. What is a Caesar cipher?

2. What is the “key” to a Caesar Cipher that someone needs to know (or discover) to decrypt the message?

   a) A secret word only know by Caesar.

   b) The number of characters to shift each letter in the alphabet.

   c) The letter that occurs most often in the encrypted message.

   d) The day of the month that the encrypted message was sent.

3. The Caesar Cipher has 25 different shifts to try. How many possibilities are there to try in a random substitution cipher?

   a) 26

   b) 26 × 25

   c) 26 × 25 × 24 ×···× 3 × 2 x 1

   d) 2626

Extended Learning

Read Blown to Bits

• Read pp. 165-169 of Blown to Bits, Chapter 5 - Reading.
• Answer the questions provided in the reading guide and worksheet Reading Guide for Encryption - Worksheet
  • For teachers: Worksheet KEY - Reading Guide for Encryption - Answer Key

More Blown to Bits

• The earlier sections of Chapter 5 of Blown to Bits make reference to the significance of and controversies surrounding encryption in the aftermath of September 11th. This reading may be a useful tool for further introducing the impact of cryptography on many aspects of modern life.

• Ask students to review the history of their Internet browsing and calculate roughly what percentage they conduct with the assumption that it is “private.” Do they have any way of being sure this is the case? Are there any websites they visit where they feel more confident in the secrecy of their traffic than others? Are they justified in this conclusion?

Getting Started (10 mins)

Think - Pair - Share

Prompt:

• "Are there ethical reasons to try to crack secret codes?"

Give students a few minutes to write down a response and discuss with a neighbor.

Discussion

• Have students quickly share out reasons they came up with.
• There are a lot of different reasons that a person may want to crack a code. Some of them are more ethical (legal) than others.

Encryption: Algorithms v. Keys

Today, we will attempt to crack codes, paying particular attention to the processes and algorithms that we use to do so.

So, before starting today we want to make sure that we distinguish between an encryption algorithm and an encryption key

• An Encryption algorithm is some method of doing encryption.
• The Encryption key is a specific input that dictates how to apply the method and can also be used to decrypt the message. Some people might say "What is the key to unlocking this message?"

For example:

• The Caesar Cipher is an encryption algorithm that involves shifting the alphabet
• The amount of alphabetic shift used to encode the message is the key
• When you are cracking the Caesar Cipher you are trying to figure out how much the alphabet was shifted - you are trying to discover the key.

Prompt:

• "If random substitution is an algorithm for encryption, what is the key to a random substitution cipher?"

  • A: The key is the actual letter-to-letter mapping that was used to encode the message - it can also be used to decrypt.

Activity 1 (30 mins)

Explore the Vigenère Cipher Widget

Go to Code Studio

• Distribute: Exploring the Vigenere Cipher Widget - Worksheet

• Students should click on the The Vigenere Cipher - Widget

• Use the worksheet as a guide for exploring the widget.

The goals of this activity are:

• Understand how the Vigenère Cipher Algorithm works
• Understand why simple frequency analysis doesn’t work against this cipher
• Figure out what makes for a good v. bad secret key

The activity guide asks students to:

Recap: Properties of strong encryption

You may wish to review students' responses on the activity guide at this point. Or you can move that to the wrap-up. We'd like to make a few points about encryption before moving to the next activity...

Prompt:

• "From what you've seen what are the properties of the Vigenere Cipher that make it harder to crack? In other words, if you had to crack a vigenere cipher what would you do?"

Discussion

A few points should come out in discussion:

• Vigenere is strong because looking at the cipher text there are no discerable patterns assuming a good key was chosen.
• Because the ciphertext is resistant to analysis it leaves us simply having to guess what the key is.
• Even if we know the length of the key we might still have to try every possible letter combination which is a prohibitively large number of possiblities.

Activity 2 (20 mins)

Computationally Hard Problems -- How good is your password?

Go to Code Studio

• Distribute: Keys and Passwords - Worksheet

  • The worksheet simply has questions on it to answer. You may distribute them in some other format if you like.

• Students should click on the next page in Code Studio: How Secure Is My Password? - Code Studio Page...

Wrap-up (10-15 mins)

Discuss:

• Before the Vigenere cipher was cracked, many governments openly used it. That is, they made no secret about the fact that they were using the Vigenere cipher - it was publicly known. In the modern day, it remains the case that most encryption techniques are publicly known.

• Prompt: Why might it actually be a good thing that encryption algorithms are freely shared, so that anyone who wishes can try to crack them?

  • If the security of an encryption technique relies solely on the method remaining a secret, it actually may not be that secure.
  • Ideally, a method will be so secure that even if you know which technique was used, it is difficult or impossible to crack the message.
  • By making encryption techniques public, we open them up to being tested by anyone who wishes to ensure there are no clever ways of cracking the encryption.

Video: Encryption and Public Keys

• Show the The Internet: Encryption & Public Keys - Video (optional)

You should know about this video:

• 0:00 to 4:11 covers Caesar and Vigenere ciphers and explains why they are hard to crack
• After 4:11...it explains the difference between encryption that uses symmetric v. asymmetric keys which is related to material in the next lesson and is intended as a preview.
• The next lesson begins by recalling symmetric v. asymmetric keys and getting into how they work.

(Optional) How Not to Get Hacked by Code.org

You may want students read or review this little site put together by Code.org

• How Not To Get Hacked

Assessment

The worksheet contains several questions for assessment. Here are some additional questions (also included on Code Studio):

1. (Choose two.) Why is the Vigenère cipher hard to crack?

   a) One cannot solve using frequency analysis directly.

   b) Long keys create exponential growth possibilities.

   c) The key is always secret to both the sender and receiver of the message.

   d) A Vigenère cipher relies upon an "alphabet shift" algorithm.

2. What problems exist with encryption schemes such as the Vigenère cipher, even when strong encryption keys are used?

3. Why are computers better than humans at breaking encryptions such as the Vigenère?

   a) Computers are smarter than humans.

   b) Computers are faster than humans.

   c) The Vigenère was originally designed by a computer.

   d) They are not; humans are better as breaking Vigenère encryptions than computers.

4. Which makes for a password that is harder to crack?

   a) A word from the dictionary

   b) 8 random characters that include numbers and punctuation

   c) A 16-character password that is all letters of the alphabet

   d) A 32-character password that is all letters of the alphabet

   e) A 150-character password that is all the same character. ANSWER: E

5. Companies and organizations commonly require users to change their passwords frequently. Websites have password length and complexity requirements. Is it better to change your password frequently or to have a longer password? What level of security is appropriate to require of end users? Does this change, depending on the context (for example, employee or customer)?

Extended Learning

• Go down the rabbit’s hole of encryption at Crypto Corner: http://crypto.interactive-maths.com/

• • Assign each student a type of cipher. Students should then research the cipher, including information on its algorithm, its history, and what they would have to do to crack the cipher. They should present an example, and describe the process they follow in cracking the code.

• Caesar Cipher video from Khan Academy: https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/caesar-cipher

• Real world stories of cracking codes:

  • Cracking a code as the key to understanding of ancient culture: http://www.wired.com/2012/11/ff-the-manuscript/all/
  • Cracking the human genome (NOVA Video): http://video.pbs.org/video/1841308959/
  • Nobel prize given for cracking the code of DNA: http://www.nobelprize.org/educational/medicine/gene-code/history.html
  • Navajo Code Talkers http://navajocodetalkers.org/
• • Read this quick overview that Code.org put together about How Not to Get Hacked, which summarizes some basic cybersecurity issues and how to prevent them.
• Read Blown to Bits (www.bitsbook.com), Chapter 5, Secret Bits, pages 161-165, then answer the following questions:
  • The opening pages of Blown to Bits, Chapter 5, discuss a move the government made to try to control encryption in the aftermath of the terrorist attacks of September 11, 2001, but then dropped. Additionally, during the 1990s, the US Government was pressuring the computer industry to be allowed to have a “back door” to decryption. Why do you think they stopped urging for this? http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all&_r=0 (Teacher notes: This would weaken the public’s trust in the Internet as an e-commerce vehicle. Any back door could probably be exploited by others. The government believed they could eventually break cryptography without a back door.)
  • Encryption is clearly seen as essential to Internet commercial activity. That it will not be outlawed seems like a settled matter. But conversely, should it be required by government regulation? What about for other non-web media, such as mobile phone traffic and television?
• Vigenère cipher cracker tool on Simon Singh's website. It's a lot of fun and fairly similar to the frequency analysis tool used in class http://www.simonsingh.net/The_Black_Chamber/vigenere_cracking_tool.html
• Have students find videos demonstrating these or other advanced encryption methods; ask them to describe each algorithm and what causes it to be “hard.”

Optional Lessons

To dive deeper into the notion of computationally hard problems, consider the following 2 optional lessons after this lesson:

• Hard Problems - The Traveling Salesperson Problem
• One-way Functions - The WiFi Hotspot Problem

Getting Started (5 mins)

How do you get the encryption key?

Prompt: "How can two people send encrypted messages to each other if they can't communicate, or agree on an encryption key ahead of time, and the only way they have to communicate is over the Internet?"

• You should assume that an adversary is always secretly eavesdropping on their conversation too.
• With a partner come up with a strategy they could use to send encrypted messages.

Discuss

• Give students a few minutes to discuss
• Don't let the discussion go too long
• Direct the conversation toward the idea from the video of using different keys - one to encrypt and one to decrypt.

Recall asymmetric keys were mentioned in the cryptography video.

• If you need to show the video The Internet: Encryption & Public Keys - Video
  in whole or in part - the public key cryptography portion starts around the 4:11 mark.

Activity 1 (15 mins)

Step 1: A New Analogy - Cups and Beans

Groups:

• Option 1 (preferred): Teacher Demo. We recommend doing this activity as a teacher demonstration in the interest of time. Instructions and teacher guide below

• Option 2: Groups of 3 Students. You can have students work through an activity guide that explains it as well. It will take more time. (Optional) Public Key Bean Counting - Activity Guide

Materials: Cups and Beans - enough for a demonstration (or for groups of 3, if running as student activity)

Display: You may want to display a picture of a jar full of candies to give a visual for the analogy you're about to explain.

Activity 2 (30-45 mins)

Step 2: Modulo - The operation behind public key encryption

The next idea we need to add is an important mathematical operation called "modulo".

Step 3: The Mod Clock Widget and Multiplication + Modulo

Activity 3 (30-45 mins)

Step 4: Use the Public Key Crypto Widget Activity

The public key crypto widget showing Alice's screen

Optional Recap Handout: There is an optional student handout that Recaps important ideas from the widget: (Optional) Public Key Cryptography Recap - Handout

Discussion (10 mins)

Discuss: What made the encryption harder/easier for Eve to crack?

• Perhaps obvious, but the bigger the clock size the harder it is for Eve to crack.
• There are also certain values that Bob could send, like 0 or 1, that would give away the secret.
• There is no way to crack the encryption other than brute force
• If you could imagine that value being not a 4-digit number but, say a 75-digit number the computation for Eve becomes mind bogglingly hard.

Discuss: Let's problem solve! The widget right now only lets you send one secret number at a time. Furthermore, it's kind of slow - it requires multiple trips over the internet to send one message. What's the fastest way you could use this tool (or any public key encryption) to send a secure text message?

Give students a moment to discuss and brainstorm.

• Students will likely suggest using ASCII codes in some fashion - perhaps trying to cluster more than one ASCII character per message sent.
• Note that if you're going to send multiple messages using public key cryptography you should change the public key occasionally, otherwise you're giving Eve more clues to crack the message with - you want Eve to start over every time.
• A really clever thing to do is to only send one number that represents a key both parties can use for a good old fashioned symmetric encryption. In other words, only use (the slower, multi-trip) public key cryptography for the purpose of establishing a secret key to use in some other encryption method.
• This is, in fact how HTTPS works - it uses public key cryptography to establish a secret key between two parties. Once established it uses a much faster encryption method for sending everything else.

Optional Discussion: According to the widget look at what Eve has to compute to crack Alice's private key. This reveals how Alice's public key was computed based on her choice of clock size and private key. Why are these made so that pvt * pub MOD clock = 1?

• The only thing students really need to takeaway from this is that Alice's public key is no accident. It was computed to make the math in the end work out. That's all they need to know.
• But, this fact - that the result of Alice's initial computation is 1 - is the crux of why the math works out in the end.
  • Short version: when Alice multiplies bob's encrypted message by her private key, it cancels out the public key portion of Bob's multiplication (because pvt * pub MOD clock = 1 it's just multiplying bob's number by 1), leaving only Bob's number remaining.
  • You can read a more thorough explanation here: How and Why Does the Public Key Crypto Really Work? - Resource

Wrap-up (10 mins)

Why this is important

Prompt: We just spent a lot of time learning about Public Key Cryptography through a bunch of different analogies, tools and activities. And what you've been exposed to mimics the real thing pretty closely. But what are the essential elements? Let's do a brain dump! List out what you think are the most important or crucial elements of Public Key Cryptography that you've learned.

Give students a few minutes to jot down their lists.

Pair & Share: Have students share their lists with an elbow partner. Then share to the whole group. Many valid points and ideas may emerge. Here are the key ones:

1. Public Key Cryptography is a form of asymmetric encryption
2. For Bob to send Alice a message, Bob must obtain Alice's public key
3. The underlying mathematics ensure that both the public key and a message encrypted with the public key are computationally hard to crack while making it easy to decrypt with a private key
4. It is strong because the method of encryption is publicly known, but keys are never exchanged.

There are some more detailed ideas about Public Key Cryptography that are interesting but not crucial for the AP Exam.

• A public and private key are mathematically related so that decrypting is easy
• The modulo operation acts as a one-way function to obscure inputs that are very large numbers
• No one owns it - it's a public standard

Optional: Make a table applying terminology to the various analogies we saw

Fill in a table that shows all of the terms we've learned around public key encryption and how each analogy we've seen applies.

Assessment

Questions:

1. In symmetric encryption, the same key is used to encrypt and decrypt a message. In asymmetric encryption different keys are used to encrypt and decrypt. Give at least one reason (more are welcome) why asymmetric encryption is useful.

2. In the cups and beans activity, what is the public key? What is the private key? What is the unencrypted and encrypted message?

3. What are some other examples of one-way functions? Can you think of a one-way function in real life?

4. Using your name and the name of a friend, describe the process of sending your friend a message using public key cryptography. Your explanation should include the terms: Public Key, Private Key, Encrypt(ion), Decrypt(ion)

5. Explain what the modulo operation does. You may use the analogy of a clock in your answer if you like.

6. Why is modulo a one-way function?

7. Describe to a person who knows nothing about encryption why public key encryption is hard to crack.

8. What is 13 MOD 17?

   a) 0

   b) 1 4/13

   c) 4

   d) 13

   e) 17

9. What is 20 MOD 15?

   a) 0

   b) 1.5

   c) 5

   d) 15

   e) 20

Extended Learning

• The Public Key Crypto Widget simulates the basic mechanics of RSA Encryption, with slightly more simple math. You could go read about RSA Encryption.

• RSA Encryption Examples

Getting Started (5 mins)

Video: Cybersecurity & Crime

Show: The Internet: Cybersecurity and Crime - Video

• Have students watch the video (display for all, or have students watch in Code Studio)
• Have students complete the Cybersecurity and Crime Video Worksheet (Optional) - Video Worksheet

The video touches on a number of topics that students might choose to research later:

• DDoS Attacks (and Bot Nets)
• Cyber warfare
• Viruses and Anti Virus Software
• Phishing Scams
• Credit Card theft
• Types of people who commit cybercrimes

Activity (40 + 30 mins)

Rapid Reseach - Cybersecurity and Crime

Distribute: Give students copies of Rapid Research - Cybercrime - Activity Guide
and Cybersecurity One-Pager - Template.

Below is a suggested schedule for completing the project.

Wrap Up (10 mins)

Review Cybersecurity Terms

Below is the list of cybersecurity terms that students were introduced to throughout this lesson.

We've annotated them with brief explanations that should come out during discussion.

• Implementing cybersecurity has software, hardware, and human components.

  • This is a theme for the whole lesson
  • Vulnerabilities in hardware and software can be compromised as part of an attack.
  • But, as mentioned in the video, a large percentage of cybersecurity vulnerabilities are human-related, such as choosing bad passwords, (unintentionally) installing viruses, or giving personal information away.

• Sockets layer/transport layer security (SSL/TLS)

  • An encryption layer of HTTP. When you see the little lock icon and https it means that you are visiting a website over HTTP but the data going back and forth bewtween you and the server is encrypted.
  • SSL (secure sockets layer) and TLS (transport layer security) use public key cryptography to establish a secure connection.

• Cyber warfare and cyber crime have widespread and potentially devastating effects.

  • This is especially true in the case of warfare which (fortunately) we have not experienced much of on a global scale. But using cyber attacks to cripple basic infrastructure (power, water) and communication could be devastating.

• Distributed denial of service attacks (DDoS)

  • Typically a virus installed on many computers (thousands) activate at the same time and flood a target with traffic to the point the server becomes overwhelmed -- doing this can render web services like DNS, or routers, or certain websites useless and unresponsive.

• Phishing scams

  • Typically a thief trying to trick you into sending them sensitive information. Typically these include emails about system updates asking you send your username and password, social security number or other things.
  • More sophisticated scams can make websites and email look very similar to the real thing.

• Viruses / Antivirus software and firewalls

  • A virus is program that runs on a computer to do something the owner of the computer does not intend. Viruses can be used as a Bot Net to trigger a DDoS-style attack, or they can spy on your computer activity, such as capturing all the keystrokes you make at the computer, or websites you visit, etc.
  • Antivirus software usually keeps big lists of known viruses and scans your computer looking for the virus programs in order to get rid of them.
  • A "firewall" is simply software that runs on servers (often routers) that only allows traffic through according to some set of security rules.

Assessment

Rapid Research: Use the rubric provided with the Activity Guide to assess the one-pagers.

Video: These questions refer to ideas in the Cybercrime video.

• What does the s in https refer to?

  • It's the plural of http - a more robust version of http that runs on multiple channels.
  • s is for "secure" - a version of http that is encrypted.
  • s is for "simple" - a simplified version of http that runs faster on modern computers
  • s is for "standard" - to distinguish the original http from non-standard versions like httpv and httpx

• When someone tries to get you to give up personal information through email or a bogus website it is called a:

  • DDoS Attack
  • Phishing Scam
  • Virus
  • SSL/TLS layer

• When someone attemps to compromise a target by flooding it with requests from multiple systems that is called a:

  • DDoS Attack
  • Phishing Scam
  • Virus
  • SSL/TLS layer

• The vast majority of computer security failures are due to:

  • Software vulnerabilities
  • Hardware limitations
  • Human carelessness
  • Bot Nets

Getting Started

Thus, to conclude our study of Big Data and Cybersecurity you will be completing a practice Performance Task on a topic of your choosing. Hopefully this will be an enjoyable opportunity to dig deeper on a topic that piqued your interest over the last few weeks, and it will of course be useful preparation for the Explore Performance Task, which you’ll do at the end of the year.

Distribute and Review the Project

Distribute: Big Data and Cybersecurity Dilemmas - Practice PT and as a class review the project guidelines and rubric. Respond to questions.

Activity

A proposed schedule of the steps of this project is included below, as well as more thorough explanations of how to conduct the various stages.

Day 1

• Review Project Guidelines and Rubric
• Select a big data or cybersecurity dilemma to research
• Identify online sources of information using the Research Guide

Day 2

• Continue to record findings in the Research Guide
• Identify potential artifacts to include
• Begin writing written responses

Day 3

• Complete any remaining research to answer questions
• Select and make any necessary edits to artifacts
• Complete written responses

Complete the Practice PT

Read Requirements:

At the beginning of the project emphasize the importance of reviewing the rubric. Students may assume that more is required of them than is actually the case. In particular emphasize that they do not need to create their artifact themselves, but it must still meet the requirements of the project. Point out that the written component of the project is similiar to what students did for the Practice PT - The Internet and Society in Unit 1.

Choosing Topics:

It is recommended that you place a time limit on this process (e.g. 20 minutes). Students should not leave class after the first day without a topic in mind and ideally with some resources identified. Luckily, in choosing their topics students will likely have begun to identify resources they can use in completing their project.

Complete the Research Guide:

This document is intended to serve primarily as a guide to students. The skill students need to develop is identifying useful and credible resources on their own and then synthesizing this information. Being presented with a structured way of doing this means students will have a model for how to complete their research when completing the actual Explore PT.

Identify an Artifact:

This is perhaps the greatest deviation from the real AP Explore PT. For this, students do not need to create their own artifact. Instead they need to identify an audio or visual artifact (image, visualization, drawing, chart, video, interview, etc.) that highlights a harm or benefit caused by the innovation, or helps to explain it better. This may still be a challenging process. The goal is to help students think about what good audio / visual artifacts look like and how they present complex material. You can recall what students learned from the "Good and Bad Visualizations" lesson from Unit 2. In Unit 2 they also developed skills for developing good computational artifacts on their own.

Written Responses:

Students should find this aspect of their project most familiar. The prompts are similar in style and content to prompts students have already seen. Emphasize the need for clarity in their writing, and remind them that while the 300 word limit is a maximum -- they do not necessarily need to write 300 words for each prompt. If they have responded completely to each of the prompts it is fine to write less.

Submission:

For the AP Explore Performance Task students are asked to compile all of their written work into a single PDF. You will need to determine how best to collect this work in your class but you may optionally wish to practice this process when collecting submissions for this project.

Assessment

Use the project rubric

Included in the Practice PT is a Rubric by which the project can be assessed.

Extended Learning

Ask students to look at the beneficial and harmful effects of cybersecurity issues like the NSA spying on emails. The more current and relevant the issue, the better.

The book Blown to Bits has several chapters that relate to personal security, privacy and liberty in face of big data and encryption.

Wrap-up

Presentation (Optional): If time allows students may wish to have an opportunity to share their research with one another. Consider other options like creating a “Digital Museum” by posting links to all their projects to a single shared document.