Courses
Core courses
17-631 Information Security, Privacy, and Policy
As layers upon layers of technology mediate increasingly rich business processes and social interactions, issues of information security and privacy are growing more complex too. This course takes a multi-disciplinary perspective of information security and privacy, looking at technologies as well as business, legal, policy and usability issues. The objective is to prepare students to identify and address critical security and privacy issues involved in the design, development and deployment of information systems. Examples used to introduce concepts covered in the class range from enterprise systems to mobile and pervasive computing as well as social networking. Format: Lectures, short student presentations on topics selected together with the instructor, and guest presentations Target Audience: Primarily intended for master students with a CS background or equivalent. Also open to motivated undergrads as well as PhD students interested in a more practical, multi-disciplinary understanding of information security and privacy.
17-662 Computer and AI Law (A1 6-unit mini)
This course consists of the first half of the 12-unit course 17-762. Students in the Privacy Engineering and AI Governance programs may take the 12-unit version for 6 units of elective credit.. It is both a survey of computer law and an examination of how courts evaluate technological evidence in their decision-making. It deals with the most important and controversial issues in technology law today. The material is divided into six primary subjects: 1. Legal process: how courts operate, how lawsuits are conducted, what happens in appeals, who has to obey the determination of a court, over whom can a court exercise power, and regulatory law. 2. Evidence: what has to be proven to a court and how it is done, rules of evidence, burdens of proof, expert testimony. 3. Business Transactions: software licenses, clickwrap contracts, electronic transactions. 4. Personal Intrusions: social media, libel and defamation, data privacy, position monitoring. 5. Intellectual Property: trade secrets and confidentiality agreements. No legal background is required or assumed. This is not a law school course. Great effort is expended to keep the syllabus current based on breaking legal events. Therefore, the content and ordering of lectures may vary somewhat as the course progresses.
17-716 AI Governance: Identifying and Mitigating Risks in the Design, Development and Operations of AI Solutions
As AI and machine learning systems become integral to products and services across industries, it is critical to identify and mitigate the risks associated with their design, deployment, and operation. This course examines the evolving landscape of AI governance, exploring both technical and organizational strategies for developing trustworthy and responsible AI systems. In 2025, the course expands to cover responsible development and governance of Agentic AI—systems capable of autonomous reasoning, planning, and collaboration. Students explore governance strategies across the AI lifecycle, including model alignment (RLHF, RLAIF), fairness, differential privacy, explainability, interpretability, and AI red teaming. The course integrates evolving policy and regulatory frameworks such as the EU AI Act, NIST’s AI Risk Management Framework, ISO/IEC 42001, and OECD guidelines. Case studies examine
responsible AI practices in foundation models, generative systems, and agent-based ecosystems. The course combines technical, policy, and management perspectives to equip students with the tools and frameworks needed to assess and mitigate AI-related risks.
17-731 Foundations of Privacy
Privacy is a significant concern in modern society. Individuals share personal information with many different organizations - healthcare, financial and educational institutions, the census bureau, web services providers and online social networks - often in electronic form. Privacy violations occur when such personal information is inappropriately collected, shared or used. We will study privacy in a few settings where rigorous definitions and enforcement mechanisms are being developed - statistical disclosure limitation (as may be used by the census bureau in releasing statistics), semantics and logical specification of privacy policies that constrain information flow and use (e.g., by privacy regulations such as the HIPAA Privacy Rule and the Gramm-Leach-Bliley Act), principled audit and accountability mechanisms for enforcing privacy policies, anonymous communication protocols - and other settings in which privacy concerns have prompted much research, such as in social networks, location privacy and Web privacy (in particular, online tracking & targeted advertising).
17-733 Privacy Policy, Law, and Technology
As new technologies are developed, they increasingly raise privacy concerns- the Web, wireless location-based services, and RFID are a few examples. In addition, the recent focus on fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy. This course provides an in depth look into privacy, privacy laws, and privacy-related technologies. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy. This course is appropriate for graduate students, juniors, and seniors who have strong technical backgrounds. 8-733 is for PhD students. 8-533 and 19-608 are for undergraduate students. Masters students may register for any of the course numbers. This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit. However, all students will be expected to do some writing and some technical work. A large emphasis will be placed on research and communication skills, which will be taught throughout the course.
17-734 Usable Privacy and Security
Our “Usable Privacy and Security” course, developed at CMU in 2006 by faculty in three departments, is designed to introduce students to usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course was designed for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. In addition to faculty and guest lectures, students present and discuss usable privacy and security research papers. Students work in interdisciplinary teams on a project throughout the semester under the guidance of faculty mentors.
17-735 Engineering Privacy in Software
Privacy harms that involve personal data can often be traced back to software failures, which can be prevented through sound engineering practices. In this course, students will learn how to engineer privacy using modern methods and tools for software requirements, design and testing. This integration includes how to collect and analyze software and privacy requirements, how to reconcile ambiguous, inconsistent and conflicting requirements, and how to develop and evaluate software designs based on established privacy principles, including how to analyze design alternatives to reduce threats to personal privacy. After completing this course, students will know how to integrate privacy into the software development lifecycle and how, and when, to interface with relevant stakeholders, including legal, marketing and other developers in order to align software designs with relevant privacy laws and business practices.
17-702 Current Topics in Privacy Seminar
In this seminar course students will discuss recent papers and current public policy issues related to privacy. Privacy professionals from industry, government, and non-profits will deliver several guest lectures each semester.
Elective Courses
These are examples of some of the electives that will be offered. This list will change each semester. Students may count independent study credits or other courses as electives with the approval of their advisor.
Students interested in taking privacy or security courses as electives should review the Privacy and Security Course list.
| Department |
Course Number |
Course Title |
Units |
|
Machine Learning Department (MLD) |
10601 |
Introduction to Machine Learning |
12 |
|
10607 |
Computational Foundations for Machine Learning |
6 |
|
|
10617 |
Intermediate Deep Learning |
12 |
|
|
10623 |
Generative AI |
12 |
|
|
10719 |
Federated and Collaborative Learning |
12 |
|
|
10735 |
Responsible AI |
12 |
|
|
Language Technologies Institute (LTI) |
11601 |
Coding & Algorithms Bootcamp |
12 |
|
11681 |
AI Venture Studio |
12 |
|
|
11711 |
Advanced Natural Language Processing |
12 |
|
|
11767 |
On-Device Machine Learning |
12 |
|
|
11785 |
Introduction to Deep Learning |
12 |
|
|
Information Networking Institute (INI) |
14684 |
Cyber Law and Ethics |
6 |
|
14691 |
Special Topics: AI Ethics- Multidisciplinary Perspectives and Industry Insights |
6 |
|
|
14757 |
Introduction to Adversarial Machine Learning |
12 |
|
|
14812, 14821 |
Special Topics |
6 |
|
|
Software and Societal Systems Department (S3D) |
17611 |
Statstics for Decision Making |
6 |
|
17630 |
Prompt Engineering |
12 |
|
|
17635 |
Software Architectures |
6 |
|
|
17636 |
DevOps: Engineering for Secure Development and Deployment |
12 |
|
|
17637 |
Web Application Development |
12 |
|
|
17683 |
Java for Application Programmers |
6 |
|
|
17683 |
Data Structures for Application Programmers |
6 |
|
|
17684 |
Ethics and Policy Issues in Computing |
6 |
|
|
17693 |
Negotiations for Software Leaders |
6 |
|
| Electrical and Computer Engineering (ECE) |
18739 |
Special Topics in Security |
12 |
|
18786 |
Introduction to Deep Learning |
12 |
|
| Integrated Innovation Institute (III) |
49783 |
Introduction to Cloud Computing |
12 |
| Entertainment Technology |
53730 |
Programming for Game Designers |
12 |
| Philosophy Department |
80630 |
Ethical Theory |
12 |
| CM Institute for Strategy and Technology (CMIST) |
84604 |
In the News: Analysis of Current US National Security Priorities |
6 |
|
84665 |
The Politics of Fake News and Misinformation |
12 |
|
|
|
90769 |
Critical AI Studies for Public Policy |
6 |
|
90812 |
Python Programming I |
6 |
|
|
90845 |
Social Entrepreneurship |
6 |
|
|
Heinz |
94800 | Negotiation |
6 |
| 94806 | Privacy in the Digital Age |
6 |
|
| 94807 | Entrepreneurship: A New Venture | 6 | |
| 94808 | Management Consulting | 12 | |
| 94842 | Programming R for Analytics |
6 |
|
| 94854 | Developing as a Leader | 6 | |
| 94894 | AI & Emerging Economies | 12 | |
|
Information Systems: Sch of IS & Mgt |
95702 | Distributed Systems for Information Systems Management | 12 |
| 95703 | Database Management | 12 | |
| 95718 | Professional Speaking | 6 | |
| 95734 | Managing Digital Business | 12 | |
| 95746 | Cloud Security | 6 | |
| 95759 | Malicious Code Analysis | 6 | |
| 95767 | Cybersecurity for Artificial Intelligence & Machine Learning | 6 | |
| 95799 | Linux and Open Source |
6 |
|
| 95810 | Blockchain Fundamentals | 6 | |
| 95835 | Time Series Forecasting in Python | 6 | |
| 95866 | Advanced Business Analytics | 6 | |
| 95881 | Web Application Development | 6 | |
| 95883 | Ethical Penetration Testing | 6 | |
| 95884 | Network Defenses | 6 | |
| 95898 | Introduction to Python | 6 | |
| Computational Biology Department (CBD) | 02613 | Algorithms and Advanced Data Structures | 12 |
| Human Computer Interaction Department (HCI) | 05618 | Human AI Interaction | 12 |
| 05899 | Special Topics in HCI | 12 |