Assignment 8, due May 2

Part of the homework for 22C:169, Spring 2005
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated, and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

For those taking the course by video link, assignments may be submitted electronically by E-mail to Rajiv Raman. Please do not use obscure attachment formats! Plaintext E-mail is preferred to HTML, Word, RTF or other even more obscure formats!

  1. The University of Iowa has a FERPA web page (most universities have these). See One document on this web site is the Registrar's FERPA Handbook for Faculty and Staff.

    Read this handbook critically, and write a concise report on the weaknesses it contains. To motivate your reading, consider this question: How might an adversary exploit the advice in this handbook in order to obtain a copy of your educational records?

  2. Take a look at the Iowa Code, Chapter 714E.1 Restrictions on use of electronic mail - damages - exceptions. The 2005 Iowa Code is on-line at

    a) Look at the definitions used in this statute. Defective definitions are common where law and technology intersect, and can lead to odd consequences. Report briefly on the defects in these definitions.

    b) This law is a fairly strong anti-spam law. Why is it, then, that we all continue to receive so much spam? What is the defect in this law that renders it ineffective?

  3. Consider this electronic vote tabulation scheme, designed for the election of 2004. The electronic ballot box is a text file containing letters, one per ballot cast. B means Bush, K means Kerry. A computer program to tabulate the votes in this file can be quite trivial:
    int counters[256];
    int main()
    	int i;
            for (i = 0; i < 256; i++) counters[i] = 0; 
            while (getchar(i) != EOF) counters[ i & 0xFF ]++;
            for (i = 0; i < 256; i++) {
    		if (counters[i] != 0) {
    			printf( "%c %d\n", i, counters[i] );

    Note that a source code audit of this tabulation program is very simple! Suppose you have been hired by the Imperialist Party to help them take over the country. Their tool of choice is to attack the election system. Can you propose how to attack this vote tabulation software? Suggestion: This code has no comments; indeed, it has been written with complete disregard to most of the standard admonitions of sofware engineering.