Embedded ethics at Harvard: Harvard: bringing ethical reasoning into the computer science curriculum.

Embedded EthiCS @ Harvard: bringing ethical reasoning into the computer science curriculum.
Course Modules / CS 165: Data Systems

Repository of Open Source Course Modules


Course: CS 165: Data Systems

Course Level: Upper-level undergraduate

Course Description: "This course is a comprehensive introduction to modern data systems. The primary focus is on trends that are shaping the data management industry right now: column-store and hybrid storage systems, NoSQL key-value stores, shared nothing architectures, cache conscious algorithms, hardware/software co-design, main-memory systems, adaptive indexing, stream processing, and scientific data management. We also study the history of data systems, traditional and seminal concepts and ideas such as the relational model, row-store database systems, optimization, indexing, concurrency control, recovery and SQL. In this way, we discuss both how and why data systems evolved over the years, as well as how these concepts apply today and how data systems might evolve in the future. We focus on understanding concepts and trends rather than specific techniques that will soon be outdated - as such the class relies on recent research material and on a semi-flipped class model with a lot of hands-on interaction in each class." (Course description )

Module Topic: Privacy in the Design of Data Systems

Module Author: Kate Vredenburgh

Semesters Taught: Fall 2017, Fall 2018


privacy phil
data systems CS
systems CS
moral rights phil
instrumental and final value phil

Module Overview: Privacy is a central moral concern in the design and regulation of technology, but there is widespread disagreement about why privacy is morally valuable, and whether individuals have a moral right to privacy. Both companies (such as Apple and Google) and countries (such as the United States and Germany) take different stances on this issue. These differing stances are reflected in the different approaches these companies and countries take to the design and regulation of technology.

In this module, we discuss different philosophical accounts of why privacy is valuable, with a focus on whether these accounts consider privacy to be instrumentally or finally valuable. We then discuss whether privacy is a moral right, and what implications the existence of a moral right to privacy would have for how data systems ought to be designed. Finally, we assess Apple and Google’s privacy policies in order to trace out the implications of adopting competing understandings of why privacy matters for data system design.

Connection to Course Technical Material: In the module, we consider the relationship between ethical concerns about privacy and two central course topics: the increasing ability to gather and store machine-generated data, and the growing understanding that the methods used to store and access those data play a key role in determining how valuable they are to the individuals and organizations that use them.

We decided to focus on privacy in this course because it is one of the central ethical issues that students will need to address if they go on to work on data storage design.

© 2018 by Kate Vredenburgh, "Privacy in the Design of Data Systems" is made available under a Creative Commons Attribution 4.0 International license (CC BY 4.0).

For the purpose of attribution, cite as: Kate Vredenburgh, "Privacy in the Design of Data Systems" for CS 165: Data Systems, Fall 2017, Fall 2018, Embedded EthiCS @ Harvard. CC BY 4.0.


Module Goals:

  1. Introduce students to the distinction between moral values and rights, and between instrumental and final value.
  2. Introduce students to different accounts of why privacy is valuable.
  3. Give students practice applying these philosophical concepts and accounts by asking them to use them to analyze an illustrative case study of Apple and Google’s privacy policy.
  4. Help students to understand and evaluate the implications of different accounts of the value of privacy for data system design through further exploration of this case study.

Key Philosophical Questions:

  1. What is privacy?
  2. Why is privacy morally valuable?
  3. Is there a right to privacy?
  4. How should data systems be designed to promote privacy?

Questions 2 and 3 are the key philosophical questions of the module. Clarity on these questions can help students to understand why companies such as Apple and Google treat privacy as they do, and give them tools to evaluate whether companies have made ethical design choices about privacy.


Key Philosophical Concepts:

  • Informational privacy.
  • Moral values.
  • Moral rights.
  • Instrumental value.
  • Final value.

These fundamental moral concepts are central for thinking through privacy issues raised by data storage and transfer. While these are basic concepts in ethics, students with less background in moral theory may not be familiar with them. We have found that teaching these concepts is crucial for helping students to understand the central ethical issues in this module.

Assigned Material:

This reading was excerpted from the Stanford Encyclopedia of Philosophy article “Privacy and Information Technology.” The Stanford Encyclopedia of philosophy is an excellent resource for clear and concise overviews of different philosophical topics. This reading provides the main philosophical content for the module. The reading introduces students to background on how information technology has impacted privacy. It then discusses accounts of the value of privacy, introducing the distinction between reductionist accounts of privacy, which take privacy to be important only insofar as it protects other values, and non-reductionist accounts of privacy, which take privacy to be valuable for its own sake. In the module, we discuss this distinction in terms of accounts of privacy that value it instrumentally (reductively) or finally (non-reductively).

This EU factsheet explains one type of privacy protection: the EU’s so-called “right to be forgotten.” It also encourages students to begin thinking about whether privacy rights are absolute, i.e., should never be violated. (The factsheet explicitly discusses the claim that the right to be forgotten is not absolute.)

This Planet Money episode on credit scores gives additional, more detailed background on privacy issues raised by data collection and storage. The episode discusses the history of data collection for credit scoring, and modern day data collection and storing practices for credit scoring.


Class Agenda:

  1. Motivating examples of recent privacy concerns from the news.
  2. Introduction to informational privacy.
  3. Key concepts: instrumental value and final value.
  4. Discussion of three accounts of why privacy is valuable: privacy allows us to get along; privacy is a good in itself; privacy protects against unfair decision-making.
  5. Key concepts: moral rights versus values.
  6. Activity: discussion of Apple and Google’s positions on privacy.

There are a number of accounts of why privacy is valuable in the philosophical literature, so someone using this module in a particular course context may want to use accounts of privacy that are tailored to other material from the course. In this module, we discuss Nagel’s 1998 article “Concealment and Exposure” (the “getting along” account) and Scanlon’s 1975 article “Thompson on Privacy” (the “good in itself” account).

Sample Class Activity: Shortly you’ll be presented with part of Apple and Google’s statements on privacy. In response to those statements, please think about the following questions:

  1. Does the company in question treat privacy as a right or as a value? Explain your answer.
  2. What kinds of features would you expect their data storage and transfer systems to have, in light of the way they treat privacy?
  3. Give at least one reason the company could appeal to in support of their decision to treat privacy in this way (feel free to use hypothetical cases/examples).
  4. Finally, think of at least one potential counterargument an opponent might pose to the company re: their decision to treat privacy in this manner, and if possible, come up with a response on their behalf. (Again feel free to use hypothetical cases/examples.)

This class activity asks students to apply module material on moral rights and values and the value of privacy to the real-world case of Apple and Google’s official statements about the importance of privacy. Apple states that privacy is a human right, while Google explains that privacy is an important value, but that there are other, competing values that are promoted when individuals provide Google with their data. This activity helps students to appreciate that such privacy policies have (differing) philosophical foundations, and to think about the merits of different approaches to privacy.

In conducting the discussion, it is helpful for the Embedded EthiCS TA to emphasize one key point: viewing privacy as a right implies that it cannot be freely traded off against other values, such as national security. This point helps to explain nature of the recent dispute between the FBI and Apple over end-to-end encryption.

Module Assignment: In the follow-up assignment, students collaboratively analyze a detailed case study that asks them to think through the implications of the choice whether to treat privacy as a value or a right for data system design in healthcare. The case study describes a new start-up, Babyscripts, that has developed a mobile app aimed at increasing the quality of care in pregnancy by helping to identify potentially serious complications.

Students review the case study independently and make two posts to a graded discussion forum. In the first, students explain why they think that privacy is a right or a value in the domain of healthcare. In the second, they elaborate on at least one implication of their position on privacy as a right or value for how Babyscripts should design their app’s data storage and transfer system.

Lessons Learned: Student response to this module has been overwhelmingly positive both times it was taught (fall 2017 and fall 2018). A few lessons stand out.

  • The topic of the module directly connects course technical material to an important contemporary social issue. In our experience, students respond favorably to module topics of this kind.
  • Students find the concepts of rights and values extremely helpful in thinking about why privacy is important and how to design privacy protections.
  • The module uses many small-group-based (2-5 student) short active learning exercises to stimulate student engagement. We have found that such exercises help dramatically in keeping students engaged throughout the class session.