Crossroads Blog | CYBER SECURITY LAW AND POLICY

Uncategorized

About the Course

A 2009 report of the American Bar Association concluded:

What will be the enduring image of this cyber era?  Will it be one of a darkened city, whose electric grid has failed?  Will it be a picture from Second Life or the image of a computing cloud?  Or will it be a picture of cybercriminals led off to jail for their attempted offenses, having been caught in the act?  Only time will tell.  We are, however, convinced that we stand at the crossroads – the decisions we make today will help determine the defining images of tomorrow.

The 2009 White House Cyberspace Policy Review states:

The United States needs to conduct a national dialogue on cybersecurity to develop more public awareness of the threat and risks and to ensure an integrated approach toward the Nation’s need for security and the national commitment to privacy rights and civil liberties guaranteed by the Constitution and law.

Some cyber law already exists, such as the federal anti-hacking statute, 18 U.S.C. §1030, and the Economic Espionage Act, 18 U.S.C. §§1831-39.  Other laws of long standing present issues of applicability or adaptability to the cyber realm.  Examples of this sort include the law of armed conflict.  Many proposals remain in Congressional committees, such as the Rockefeller-Snowe Bill that would mandate security measures for all entities receiving federal money, establish a federal certification for technicians serving computer networks of entities receiving federal money, and provide the President with authority to “pull the plug” on national Internet connectivity in times of emergency.


This course is premised on the belief that much policy and law to implement it will be made in the next few years to institute a national policy to protect U.S. interests in cyberspace.  If an interdisciplinary approach is not used to develop this law, then either security will not be obtained or the cost to civil rights will be very high.


This course is a one-semester, three-credit seminar.  The entire grade will be 25 page final paper.


Meetings Times:


The class will meet on Monday evenings from 4:00 to 6:30 p.m., August 23 through November 29, 2010, in Room 101 MacNaughton Hall (The College of Law).


Proposed Syllabus Topics















































Week 1.


The Nature Of Cyberspace


 The Nature Of The Threats To National Security In Cyberspace


Possible sources:


Week 2.


Cyber Exploitation


· The Economic Espionage Act, Title 18, United States Code, Sections 1831-39.


· The Computer Fraud and Abuse Act, Title 18, United States Code, Section 1030.


Week 3.


Cyber Jihad Or Other Uses Of Cyber For Recruitment, Propaganda, And Fundraising


Possible sources: Gohel, The Internet and its Role in Terrorist Recruitment and Operational Planning, (CTC Sentinel, Vol, 2, Iss. 12).


Week 4.


Cyber Attack


· Definitional problems


· When is a cyber attack a “use of armed force” under international law?


Possible sources: Graham Todd, Armed Attack in Cyberspace: Deterring Asymmetric Warfare with an Asymmetric Definition, 64 A.F. L. REV. 65 (2009); James Terry, The Lawfulness of Attacking Computer Networks in Armed Conflcit and in Self-Defense in Periods Short of Armed Conflict, 169 MIL. L. REV. 70 (2001).


Week 5.


Cyber warfare


Possible sources: The National Military Strategy for Cyberspace Operations (2006).


Week 6.


Deterrence


Possible sources: Libicki, Cyberdeterence and Cyberwar, (Rand, 2009)


Week 7.


Does The Law Of Armed Conflict Apply To Cyber Attacks (Or Cyber Warfare)?


· Authority and legitimacy


· Can it adapt to a context in which attribution, discrimination, and proportionality of response are unknowable?


Possible sources: Owens, et al., Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, (National Academies Press, 2009).


Week 8.


Identity Management (Authentication)


· Is it possible?


· Is it wise, given the risks to privacy and free speech?


· Authentication of users, or devices, or processes?


Possible sources: Chapter Five: Identity Management for Cybersecurity from James Andrew Lewis, Securing Cyberspace for the 44th Presidency:  A Report of the CSIS Commission on Cybersecurity for the 44th Presidency, (2008).


Week 9.


The Role Of Sovereign Government In Regulation Cyber Space


· Can a territorially based government affect a realm that knows no borders?


Possible sources: Jack Goldsmith, Who Controls the Internet? Illusions of a Borderless World, (Oxford, 2006).


Week 10.


The Role Of Intermediaries In Regulating To Achieve Cyber Security


· Internet service providers


· Financial institutions


· The domain name system (control of root files)


· Information intermediaries (search engines and directories)


Week 11.


The Role Of Government Money In Regulating To Achieve Cyber Security


· The Rockefeller-Snowe Bill


Week 12.


Education of Cyber Actors As A Policy Tool To Achieve Cyber Security


Possible sources: Internet Security Alliance, The Cyber Security Social Contract, (2008).


Week 13.


The Role Of Law Enforcement In Cyber Security


· The patchwork of procedural laws in international investigations.


Possible sources:


Chapter Six: Modernize Authorities from James Andrew Lewis, Securing Cyberspace for the 44th Presidency:  A Report of the CSIS Commission on Cybersecurity for the 44th Presidency, (2008);


 Council of Europe Convention on Cybercrime (10 July 2001) and FAQ sheet, http://www.cybercrime.gov/intl.html#Va;


Lewis, J. CSIS Paper on COE Cybercrime Convention, (January 2004).


See also, http://cyber.federalcriminalaw.info .


Week 14.


The United States Administration’s Strategy for Cyber Security


Possible sources: Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, (May 2009).