Syllabus: Cybersecurity Law Seminar. George Mason University Antonin Scalia Law School Spring 2018 Professors Kiran S. Raj & Scott Ferber

Transcription

1 Brief Course Description: Syllabus: Cybersecurity Law Seminar George Mason University Antonin Scalia Law School Spring 2018 Professors Kiran S. Raj & Scott Ferber This seminar course will provide students exposure to the key legal and policy issues related to cybersecurity, including the legal authorities and obligations of both the government and the private sector with respect to protecting computer systems and networks, as well as the national security aspects of the cyber domain including authorities related to offensive activities in cyberspace. The course will include a survey of federal laws, executive orders, regulations, and cases related to surveillance, cyber intrusions by private and nation-state actors, data breaches, and privacy and civil liberties matters, among other things. The course will also explore the legislative and technology landscape in this dynamic area and will provide students with opportunities to discuss cutting-edge issues at the intersection of law, technology, and policy. Class Format: Seminar of students; two credits; one two-hour class per week. Active participation in class discussions is required and students are expected to be fully prepared for each class session. Grading: Substantive grades will be based on class participation (15%) and student s successful completion of a page paper on cybersecurity law (85%). Paper Due Date: TBD ** Please note that late papers will receive a 1/3 grade deduction for every day the paper is late beyond the due date established in class (i.e., an A- paper that is turned in late would receive a B+. If it is two days late, it would receive a B, etc.). Please turn papers in on time. ** Class Details: Mondays: 8:00 pm 9:50 pm. Office Hours: By appointment. Faculty Contact Information: Kiran Raj: kraj@gmu.edu Scott Ferber: scott.ferber@gmail.com 1

2 Course Materials: The bulk of the course materials are cases or articles available on Westlaw or Lexis-Nexis or materials posted on TWEN. Materials posted on TWEN are indicated below. We have also provided links to information that is easily accessible on the Internet. ** Given the developing nature of this area of law, it is likely that the syllabus and readings will be updated over the course of the semester; therefore, please regularly check your and TWEN for updates to the syllabus and readings. ** Course Assignments: Week 1 Introduction to Computer Networks and Cyber Threats 1. Leiner, Cerf, et. al., A Brief History of the Internet 2. Verizon, 2017 Data Breach Investigations Report pp Dan Coats, Worldwide Threat Assessment of the US Intelligence Community (May 2017) pp. 1-5 Week 2 Vulnerabilities, Federal Cybersecurity, and the Applicable Federal Laws 1. Harvard National Security Law Research Group, Cloud Computing and National Security Law pp. 3-5, 9-14 & Office of Management and Budget, Annual Report to Congress: The Federal Information Security Management Act (Feb. 27, 2015) pp. 1-12, Congressional Research Service, Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions (March 2013) pp. 1 20, 22-24, Week 3: Economics of Cyber Threats 1. Nicole Perlroth & David Sanger, Nation s Buying As Hackers Sell Flaws In Computer Code (July 13, 2013) pp The White House, Heartbleed: Understanding Why We Disclose Cyber Vulnerabilities (Apr. 28, 2014) pp Vulnerabilities Equities Policy and Process for the United States Government 4. Ross Anderson, Why Information Security Is Hard An Economic Perspective (2001) pp Andrew Updegrove, Cyber Security and the Vulnerability of the Networks: Why We Need to Rethink Our Cyber Defenses Now (2011) pp Week 4 Anonymity, Privacy, and Data Mining 1. The White House, Big Data: Seizing Opportunities, Preserving Values (May 1, 2014) pp

3 2. Daniel Solove, Nothing to Hide (Yale Univ. Press 2010) pp Google v. Spanish Data Protection Agency, European Court of Justice Opinion (June 25, 2013) pp EU Schems decision (Opinion of Advocate General): Week 5: Protecting the Internet: Encryption and Interception 1. Peter Swire, From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud (Apr. 12, 2012) pp Economist, Cryptography for Dummies (Nov. 29, 2014) pp Statement for the Record: Deputy Attorney General & FBI Director testimony before the Senate Judiciary Committee (July 2015): 4. In Re: Grand Jury Subpoena, 670 F.3d 1335 (11th Cir. 2012) (Westlaw/LEXIS) Week 6: Electronic Surveillance: Background Legal Principles 1. Katz v. United States, 389 US 347 (1967) (Westlaw/LEXIS) 2. Smith v. Maryland, 442 U.S. 735 (1979) (Westlaw/LEXIS) 3. United States v. McLaren, 957 F. Supp. 215 (M.D. Fla. 1997) (Westlaw/LEXIS) 4. United States v. Warshak, 631 F.3d 266, (6th Cir. 2010) (Westlaw/LEXIS) 5. Paul Rosenzweig, The Evolution of Wiretapping, Engage pp (Sept. 2011) Week 7: Electronic Surveillance & Technological Advances 1. In re: Google Street View Electronic Communications Litigation, 794 F.Supp.2d 1067 (N.D. Cal. 2011) (Westlaw/LEXIS) 2. United States v. Jones, 132 S.Ct. 945 (2012) (Westlaw/LEXIS) 3. United States v. Davis, 785 F.3d 498 (11 th Cir. 2015) 4. Carpenter v. United States, 819 F.3d 880 (6th Cir. 2016), cert. granted, 137 S.Ct (June 5, 2017) (Westlaw/LEXIS); see also Supreme Court oral argument transcript NOTE: PRELIMINARY PAPER TOPICS DUE BEFORE WEEK 8 CLASS Week 8: CALEA, Metadata, and Foreign Intelligence 1. FCC, Communications Assistance for Law Enforcement Act (CALEA) Introduction and Basic Information pp CALEA, 47 USC Klayman v. Obama, 2013 WL (D.D.C. Dec. 16, 2013) (Westlaw/LEXIS) 4. ACLU v. Clapper, 959 F.Supp.2d 724 (SDNY 2013) (Westlaw/LEXIS) 5. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702, Executive Summary pp (July 2014) **(Note: Only print pp of the PDF; file is very long)** 3

4 Week 9: Cyber Security and the Fourth Amendment 1. Legal Issues relating to the Testing, Use and Deployment of an Intrusion Detection System (Einstein 2.0) to Protect Unclassified Computer Networks in the Executive Branch, DOJ Office of Legal Counsel (Jan. 9, 2009) pp Legality of Intrusion Detection System to Protect Unclassified Computer Networks in the Executive Branch, DOJ Office of Legal Counsel (August 2009) pp U.S. Department of Homeland Security, Privacy Impact Statement for Einstein 3.0 Program (April 2013) pp In re: Yahoo Mail Litigation, 7 F.Supp.3d 1016 (N.D. Cal. 2014) (Westlaw/LEXIS) 5. Matter of Warrant to Search a Certain Account Controlled and Maintained by Microsoft, 829 F.3d 197 (2d Cir. 2016), rehearing en banc denied, 855 F.3d 53 (2d. Cir. 2017), cert. granted, S.Ct. (Oct. 16, 2017) (Westlaw/LEXIS) amendments to Fed. R. Crim. P. 41(b)(6) (Westlaw/LEXIS) NOTE: FINAL PAPER TOPICS DUE THIS WEEK Week 10: Protecting the Private Sector: Introduction to Information Sharing 1. Bipartisan Policy Center, Cyber Security Task Force: Public-Private Information Sharing (July 2012) 2. Bellovin, et al., Can It Really Work? Problems with Extending EINSTEIN 3.0 to Critical Infrastructure, 3 Harv. Nat l Sec. J. 1 (2011) 3. National Institute on Standards and Technology, NIST Framework on Cybersecurity (Feb. 12, 2014) pp. 1-9 ** (Note: Only print pp of the PDF; file is long) ** 4. Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing (Feb. 13, 2015) pp. 1-6 Week 11: Information Sharing: Congressional and Administration Efforts 1. Executive Order 13636, Improving Critical Infrastructure Cybersecurity (Feb. 2, 2013) pp Cybersecurity Information Sharing Act (CISA) Week 12: Hacking and Data Breaches 1. Computer Fraud and Abuse Act (CFAA) 2. FTC v. Wyndham Worldwide, (3 rd Cir. Aug 24, 2015) available at 3. Executive Order 13694, Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities (Apr. 1, 2015) 4

5 4. Executive Order 13757, Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities (Dec. 28, 2016) 5. Cyber sanctions under Executive Orders and Week 13: Securing Critical Infrastructure: Case Studies of Key Industries 1. Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 11, 2017) 2. TBD Week 14: Offensive Cyber Activities and International Law 1. Jack Goldsmith, Cybersecurity Treaties: A Skeptical View (Feb. 2011) pp Stewart Baker, Testimony Before the Senate Judiciary Committee Subcommittee on Crime and Terrorism, The Attribution Revolution: Raising the Costs for Hackers and Their Customers (May 8, 2013) p