{ computing as literacy }

  • Introducing Computer Science via Online Security: An Experience Report

    Last weekend I spent two hours teaching an informal introduction to online security to an audience of political activists. I wound up teaching a fair bit of computer science in the process and I’m writing up this experience report because I think it’s a valuable way to teach introductory computer science.

    Before I put together my lesson plan I spent a fair bit of time looking at other people’s introductions. Broadly, they fell into two categories:
    1. Introductions for CS students, which would include things like how to write your own HTTPS server or proofs about why RSA works (too advanced for my audience)
    2. Instructions for what software you should download to stay secure.

    I’m a member of the political organization from which my audience came. People regularly post articles which fall into category 2 on the online community for the group. And not unsurprisingly, these articles have had limited effects on getting people to change their behaviour. This was why I’d volunteered to teach the workshop. I’d initially planned it to be all about the software to install to stay safe.

    As I put together my lesson plan I had a change of idea for the goal of the workshop. In my experience teaching introductory programming, students struggle for the first few weeks because they don’t understand why they should be learning this or what it gets them. I started to think something similar might be going on here: a typical article telling you to install Signal and HTTPS Everywhere doesn’t sufficiently motivate why it’s necessary and what’s going on technically.

    Computer scientists like myself think of the internet in a very different way than my activist friends. My activist friends see the internet as a mystical black box.

    My learning goal for the workshop hence became: to demystify the internet.

    What I taught

    I gave some homework to my “class”: to watch this series of videos from code.org on how the internet works. I’d spent some time on youtube watching videos on how the internet works and conclude those were the best out there.

    The videos are quite lovely and well-produced. They, however, do something I don’t like: they talk about data as being mystical 1s and 0s. So I started the workshop with demystifying how data is stored.

    Files and Encodings

    I went over character encoding. We talked about ASCII, unicode, and encodings for languages other than English. I talked about how this entire setup was America-centric, and the pains that non-English writers have had as a result.

    From there we talked about other file encodings. I walked through an extremely simplified bmp encoding. We then talked about compression and encodings like jpg. I hadn’t expected to bring compression into the mix but it came up in the questions.

    I then asked the group, “so what is a file?” I got the same blank looks I get from my first year computer science students when I introduce file I/O. Most computer scientists tend not to realize how much difficulty novices have with the concept of a file.

    In our group discussion about files I wound up explaining what virtual memory is and some basics about file systems. This was another piece of computer science that came up through class discussion that I hadn’t expected would come up (but was excited to see!)

    We then talked about metadata and, from there, how much information you can get from somebody’s metadata.

    Networking 

    I then shifted gears to talk about “suppose we want to share a file”. From the videos my audience already had seen the notion of a packet. We talked about how a file (and any other information) will be broken into packets to be sent over a network.

    I then talked about pre-internet networks. I talked about hubs and routers and in retrospect I should have left out hubs. I think hubs added confusion.

    We then walked through an example of how UDP works.

    Internetworking

    Then I started talking about internetworking, and how the internet is a network of networks. I explained what a LAN is, then a WAN. Everybody had heard of an ISP before but was kind of fuzzy on what they do.

    The code.org videos didn’t go into what ISPs do or how data is shared between ISP. I talked about IXPs, the internet backbone, and the landing stations for intercontinental cable/fibre lines — and how those are common targets for government eavesdropping (see: Diebert’s “Black Code”).

    In retrospect I wish I’d spent even more time on that part, and talked about tiers of ISPs, as well as net neutrality. I wish I’d also shown a couple examples of traceroutes and how data sent from a computer in Toronto to a computer in Vancouver will most likely go through the USA, which undermines legislation trying to keep sensitive data on Canadian servers.

    Once we’d covered how the internet is structured, we talked about TCP then IP. We talked about IP. Again we returned to how the internet has been structured in an America-centric fashion: how IPv4 addresses were allocated.

    Were I to do this part again I’d spend more time on it and talk about RIRs and how they’re governed.

    From IP addresses we talked about DNS. Again, more American neocolonialism was discussed with how TLDs were setup. We talked ICANN. My audience was fascinated by learning about ICANN and similar governance bodies and we would up on a tangent about how FOSS works and how to get involved in FOSS projects.

    We then talked about HTTP, and the protocol stack. We talked about some other applications such as SMTP, IMAP, XMPP, etc.

    I talked about ports and sockets and regretted it because I don’t think I did a good job of it. I don’t think it added much to their understanding either.

    At this point we’d been going for a bit over an hour and I figured this was a good place to stop and see if they had any questions about how networks work. One participant made an observation that the internet doesn’t seem to have been designed to be secure (yep) and we talked about this in more detail. Another participant asked about VPNs so we talked about those, but probably not in a satisfactory level of detail. I mentioned TOR in this discussion but didn’t do a very good job of explaining how TOR works — were I to do this again I would spend more time there.

    Cryptography

    After all this network talk, I shifted gears to talk about cryptography. I went over symmetric key encryption. As I went through it I wish I’d actually done this before talking about encoding, because there was confusion about whether the text or the encoding is what encrypted/decrypted.

    I talked about how the key is often the weakest link in symmetric key encryption and then started talking about Whitfield-Diffie. I gave a high level overview of asymmetric key encryption. At this this point I was running kind of behind where I expected to be so I rushed this, which was a shame. There was a fair bit of confusion about public vs. private keys, which is fairly confusing for novices (especially if you aren’t shown the underlying mathematics.)

    I talked about why asymmetric key encryption was necessary for the internet to work as we know it. Had I more time I would have loved to get into talking about P ?= NP.

    Secure Networking

    We then got back to networking. I talked about SSL and HTTPS, and what it means when something is end-to-end-encrypted. I did not talk about certificate authorities due to time constraints but I wish I had.

    I then gave them this link to tools for security, and mentioned a few of my favourites. I explained that security is a process, not an end-result, and one of my participants asked, “so how do we keep up to date on what’s secure?” and I still wish I had a good response for him. Most ways I keep up to date on these things are written for a tech-savvy audience.

    Finally we talked about human factors in security. This xkcd came up. We talked about the DNC email leaks.

    We then wrapped up. People told me I’d done a lot to demystify the internet for them. Heartingly, a bunch of people at the seminar have since installed many of the tools I told them about.

    Discussion

    One thing I really liked about teaching this workshop was how much the students could talk about what’s going on. When I introduce CS via programming, it’s much harder to teach it in a student-directed fashion because the students have very little idea where to go next. With “how does the internet work?” my students had so many questions.

    I’d gone into the workshop with a lesson plan but then wound up covering things in different order because a somebody would ask a question and we’d go that direction. It was quite exciting for me to teach CS this way.

    Another nice thing about introducing CS via the internet vs. via programming is that this way we show the history of CS. CS is shown as a human endeavour that builds upon itself. You don’t really get to show this in the process of teaching programming to novices.

    How I’d Teach It Again

    If I were to do the workshop again, I’d take four hours (two felt too rushed), with some breaks in there. I’d order it as:

    • what is an algorithm?
    • symmetric key crypto
    • files and encoding
    • computer networking
    • internetworking
    • asymmetric key crypto
    • how to keep safe

    But better yet I’d love to teach this as a 12-week university course. There was so much in there that could be used to introduce computer science and garner interest from new communities. This course would complement any intro-to-programming class and they could be taken at the same time.

    I’ve written up what I’d cover in the 12 weeks here.

    I think a student taking such a course would walk out with a better sense of what CS is about than if they’d taken an introductory programming class. Certainly programming is a useful skill that many people benefit from learning (not just CS people), but many people walk out of their first CS class with the misconception that CS = programming.

    The material in this course is useful to a broad segment of society. Everybody uses the internet, but few people understand how it works. With internet security playing an increasing role in politics, this knowledge has become even more important in a democratic society.

  • Computer Science for Future Leaders

    There’s a great physics course out there called Physics for Future Presidents. For some time I’ve been mulling over what a Computer Science for Future Presidents (and Prime Ministers) would look like.

    Last week I taught an introduction to online safety to a group of political activists (experience report here). Along the way I taught a lot of introductory computer science and saw opportunities to cover even more.

    I’ve taught a number of introductory CS classes that are introductions to programming. Like a lot of computer scientists I appreciate coding as an important tool in CS, but don’t like how so many students walk out of their first (and potentially only) CS class with the idea that CS == programming. Computational thinking classes make for a good step away from this misconception but still don’t cover all the things I’d want future world leaders to know.

    The internet and cybersecurity makes a great way to introduce computing — and to cover what future world leaders need to know about computer science.

    This is what I’d cover in a 12 week course. This course would complement an introduction to programming and the two could be taken concurrently.

    ###
    Computer Science for Future Leaders

    1. Introduction to the course. Searching and sorting, and big O notation. I’d introduce binary and linear search, and insertion, selection, and merge sorts. Motivate searching/sorting as necessary for internet computing (indeed, 25% of the world’s CPU time is estimated to be spent on sorting tasks.) Quick review of logarithms.2. Symmetric key encryption. How to encrypt, some approaches for breaking encryption (build on searching/sorting from last week). Big-O of encryption/decryption algorithms.
    2. Graph theory. Define edges/vertices. How to find a shortest path over a network, minimum spanning trees. Talk about costs on networks, congestion, resilience/redundancy. Talk about where you’d want to eavesdrop on a network for maximum coverage. Big-O of relevant graph algorithms.4. Early communication networks. Talk about how telegraphs worked, how data was encoded. Talk about pre-wireless phone networks and how that data is encoded. Introduce some coding theory: error detection and correction over networks.5. What is a file? Character encoding, numerical representation, file encodings. Code lives in files too: HTML as example. What is a file system?
    3. Midterm. What is a computer? Early computers; command-line interfaces.7. Pre-internet computer networks. Talk about packets, packet routing, packet switching. How routers work.
    4. Internetworking: how we can connect networks together. Internet infrastructure (ISPs, IXPs, etc), TCP/IP, DNS. Who governs the various components of the internet (ICANN, RIRs, etc).
    5. Asymmetric key cryptography. Why it was necessary for the internet to grow in popularity. Whitfield-Diffie, RSA, PGP. P and NP.
    6. Secure internetworking. SSL, HTTPS, TOR, VPNs, etc. Cookies. How internet surveillance and censorship work. Cyberwarfare. Dangers of online/computerized voting.
    7. Social networking. How social network websites work. What is their business model? AI and machine learning on the internet, filter bubbles and other biases resulting from machine learning.
    8. HCI of the internet. Usability issues on the internet. HCI approach to security: who is in your personal network and how can you stay safe?
      The whole course covers a lot of computer science: algorithms, theory of computation, systems, networking, crypto, security, HCI, AI. You could add in a bit on databases if you wanted, too.

    Some big advantages of this approach to introducing computer science are:

    • Students get a more accurate feel for what computer science is and what it’s about than in an introductory programming course.
    • Students see computer science as a human endeavour. It’s history is exposed, as well as motivations for the major stages in its development.
    • Similarly, students see how CS is not value neutral. We discuss topics like neocolonialism in technology development, the role of the military in advancing computer science, how the internet is governed, and how the internet affects politics.* Students learn about computer security and the internet that is useful to their daily lives in a way that empowers them. 
    • Improving the state of our democracy. We need leaders and community members to understand these issues to make informed decisions.
  • On Paulo Freire, and seeing computing as literacy

    Paulo Freire was a Brazilian educator, best known for his book Pedagogy of the Oppressed. Indeed, it’s the most commonly assigned reading in education classes which isn’t a textbook. His ideas have been used for teaching many topics, such as health and African American studies. And yet, most people in CS education circles aren’t familiar with Freire. In this post I’ll provide a short introduction to Freire and why his work is relevant to computing education.

    To Freire, education is an inherently political act. Education can be a tool of empowerment, and it can also be a tool of oppression. Freire refered to traditional education as the “banking model”: the teacher deposits coins of knowledge into the bank accounts of the students. _”Instead of communicating, the teacher issues communiques and makes deposits which the students patiently receive, memorize, and repeat. This is the “banking” concept of education, in which the scope of action allowed to students extends only as far as receiving, filing, and storing the deposits.” _(Freire, 1968)

    This model ignores what the student already may know. It fails to give the students a sense of ownership over their knowledge, and fails to stimulate critical thinking. He argued this reinforces oppression. For education to be empowering, students need to be active agents in their own learning.

    Problem Posing Education

    As an educator, Freire focused on literacy education. He and his colleagues ran community-based literacy education projects for Brazil’s poor, focusing on adult education. He championed what he called problem-posing education, which focuses on “listening, dialogue, and action”.

    As his teams implemented education, they first spent time observing what their students do in their everyday. What written words the students encountered but could not read. What texts the members of the community would observe. They listened, observed, and tailored their curricula around what the people of that community would benefit from learning.

    Teaching was done as a dialogue. Not just in a Socratic fashion, but also as sharing between teacher and student. To Freire, _”authentic education is not carried on by “A” for “B” or by “A” about “B,” but rather by “A” with “B.”” (Indeed, _one of the reasons I enjoy teaching is how much I learn from my students.)

    Education didn’t end with the lesson: the goal of teaching is to empower the learner to action. His students could now read the news and understand local politics. They could now vote in a society where literacy was required for suffrage. They could now organize and advocate for their own interests. Freire didn’t consider his job done unless his students had acted using what they had learnt.

    Computing as Literacy

    The view of computing as being like literacy has recently caught on. After all, computing is a sort of language, and it unlocks a level of literacy in society. Arguing that computational thinking is a form of literacy can be persuasive in policy circles.

    I don’t think the parallel between literacy and computing should end there. For example, Sally Fincher recently wrote a CACM piece drawing parallels on literacy education and computing education, which I think was quite insightful. We can learn from the lessons of literacy education.

    I think that like literacy, computing is incredibly empowering. In the age of the the computer, those of us with computer science knowledge have power that others do not.

    Our society has come to accept that universal literacy should be a right, and that everybody is capable of basic literacy. CS educators still aren’t there yet: there are still plenty who believe not everybody has the “Geek Gene” to understand computing.

    People used to think similar things about literacy. But as literacy education improved its methods, and learnt how to diagnose and teach people with disabilities, it became accepted that anybody can learn to read. Mark Guzdial has argued that the reason the Geek Gene hypothesis is so popular is because we fundamentally don’t understand how to teach computer science.

    Learning from Freire

    Most of the efforts trying to view computing as literacy have been focusing on k-12 education, trying to inculcate a new generation. A Freirean approach would instead focus on adult education: we can’t leave adults behind. And if we teach the parents, the parents can teach the children.

    There’s some evidence that girls realize they don’t “belong” at the computer from watching their mothers’ lack of confidence at the computer (Margolis and Fisher, 2002). Teaching parents means teaching children.

    Talking to people trying to get CS into k-12, often the barriers are a lack of adult education. Teachers and principals don’t know about CS. Deans of education schools don’t know about CS.

    Sometimes I worry our goals in computing education are too often determined by industry. Industry wants young people to learn to code, so they grow up to work in industry. Teaching adults less clearly benefits industry. It does benefit democratic society. We need adults to be well informed of computational issues as legislators draft laws affecting internet privacy and security. 

    I think end-user computer science education can learn a lot from Freire. I’ve long taken an interest in teaching scientists to program. Problem-posing education strikes me as incredibly useful here: first, we as educators observe how scientists do their work. What computational problems do they encounter (and fail to solve)? We then tailor a curriculum around listening to our audience. Then we share it with our students, using active and/or participatory learning techniques, having a dialogue_ _with our students. Finally, we empower our students to go out and act: they can solve their scientific problems with code.

    Mark Guzdial recently wrote a book about teaching CS to everybody, which I recommend. He describes different curricula tailored for different audiences, and promotes active learning methods. My one complaint is he never cites Freire! (Since it’s a literature review of the CS education literature, and the CS education literature doesn’t cite Freire, this is to be expected.)

    Different communities in our society will have different needs for computing education. We as educators should listen to their different needs, dialogue with them, and empower them to action. Too often we use the banking model to teach computer science: we impose a curriculum on our learners without regard for whey would benefit from learning or for empowering our students.

    If we want universal computer science education, the banking model will fail us: there is no single perfect curriculum, and mere transmission of knowledge will not foster empowerment nor critical thinking. And while there’s validity in the  economic arguments for teaching everybody to code, it’s to our detriment as educators to forget the socio-political part of our work.

    References:

    Freire, P. 1968. Pedagogy of the Oppressed.
    Margolis, J. and Fisher, A. 2002. Unlocking the Clubhouse.