The lectures and readings listed here are subject to change, including in response to current events (i.e., major news items).
- Orin S. Kerr. How to read a legal opinion: A guide for new law students. The Green Bag, 11(1), Autumn 2007. Second series. (Optional reading). [ http ]
- Barry M Leiner, Vinton G Cerf, David D Clark, Robert E Kahn, Leonard Kleinrock, Daniel C Lynch, Jon Postel, Larry G Roberts, and Stephen Wolff. A brief history of the internet. ACM SIGCOMM Computer Communication Review, 39(5):22–31, 2009. [ http ]
- Jason Faulkner. Online security: Breaking down the anatomy of a phishing email. How-to Geek, April 13 2011. [ http ]
- Brian Krebs. Tools for a safer pc. Krebs on Security, 2012. [ http ]
- Oscar Celestino Angelo Abendan ll. Gateways to infection: Exploiting software vulnerabilities. TrendMicro Threat Encyclopedia, September 3, 2012. [ http ]
- Neil DuPaul. Common malware types: Cybersecurity 101. Veracode Security News, October 12, 2012. [ http ]
- Paul Tero. A comprehensive guide to firewalls. Smashing Magazine, January 30, 2013. [ http ]
- Andrew Tarantola. VPNs: What they do, how they work, and why you're dumb for not using one. Gizmodo, March 26, 2013. [ http ]
- Kim Zetter. Hacker lexicon: What is a zero day? Wired, November 11, 2014. [ http ]
- Gregory Krieg and Tal Kopan. Is this the email that hacked John Podesta's account? CNN, October 30, 2016. [ http ]
- How Computers Work: The CPU and Memory
- A Glossary of Common Cybersecurity Terminology
- Rus Shuler, How Does the Internet Work?, 2002
- The Internet Backbone
- What are DDoS Attacks? DDoS Explained, 2012
- Notable attacks throughout history
- What is a firewall?, 2013
- The Dark Web, Explained, 2013
- Intrusion Detection System (IDS)
- Understanding Intrusion Detection Systems
- What is cryptography?
- Symmetric and public key cryptography
- Public key infrastructure, certificates, and digital signatures
- The role of bugs in computer (in)security
- Whitfield Diffie and Martin E. Hellman. Exhaustive cryptanalysis of the NBS data encryption standard. Computer, 10(6):74–84, June 1977. [ http ]
- R. M. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, December 1978. [ http ]
- Whitfield Diffie and Susan Landau. Privacy on the Line: the Politics of Wiretapping and Encryption. MIT Press, Cambridge, MA, second edition, 2007. Chapters 2–7. [ http ]
- Katz v. United States, 389 U.S. 347 (1967). Read all five opinions.
- United States v. United States District Court, 407 U.S. 297 (1972)
- Smith v. Maryland, 442 U.S. 735 (1979).
- United States v. Truong Dinh Hung, 629 F.2d 908 (4th Cir. 1980)
- United States v. Jones, 132 S. Ct. 945 (2012). Read all three opinions.
- International law on espionage
- Mutual Legal Assistance Treaties
- PCLOB reports on Sections 215 and 702
- Vassilis Prevelakis and Diomidis Spinellis. The Athens affair. IEEE Spectrum, 44(7):26–33, July 2007. [ http ]
- Privacy and Civil Liberties Oversight Board. Report on the telephone records program conducted under Section 215 of the USA PATRIOT Act and on the operations of the Foreign Intelligence Surveillance Court, January 23, 2014. Parts 1-3 only. [ .pdf ]
- Privacy and Civil Liberties Oversight Board. Report on the surveillance program operated pursuant to Section 702 of the foreign intelligence surveillance act, July 14, 2014. Parts 1-3 only. [ .pdf ]
- Ellen Nakashima and Andrea Peterson. The British want to come to America—with wiretap orders and search warrants. Washington Post, February 4, 2016. [ .html ]
- How to obtain a warrant
- Technical mechanisms
- Network Investigative Techniques
- Bob Sullivan. FBI software cracks encryption wall. November 20, 2001. [ http ]
- Micah Sherr, Eric Cronin, Sandy Clark, and Matt Blaze. Signaling vulnerabilities in wiretapping systems. IEEE Security and Privacy, November/December 2005. [ .pdf ]
- Declan McCullagh. FBI turns to broad new wiretap method. CNET, January 30, 2007. [ http ]
- Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. Going bright: Wiretapping without weakening communications infrastructure. IEEE Security & Privacy, 11(1):62–72, January–February 2013. [ DOI | .pdf ]
- Kevin Poulsen. Visit the wrong website, and the FBI could end up in your computer. Wired, August 5, 2014. [ http ]
- Charlie Savage. N.S.A. halts collection of Americans' emails about foreign targets. New York Times, April 28, 2017. [ .html ]
- Ken White. We interrupt this grand jury lawsplainer for a search warrant lawsplainer. Popehat, August 9, 2017. (Optional). [ http ]
- United States v. Jones, 132 S. Ct. 945 (2012).
- Minimization (Redacted FISA court order)
- A pen register order (Redacted FISA court order)
- Limitations on metadata (Redacted FISA court order)
- Post cut-through dialed digits (Redacted FISA court order)
- Yahoo v. U.S. PRISM documents (extremely optional; for people who really want the legal details surrounding a FISA court order that was challenged)
- Electronic Surveillance Manual: Procedures and Case Law Forms (start at page number 56)
- What rights and responsibilities do law enforcement have to devices and communications?
- What rights and responsibilities do individual citizens have?
- How will this be affected by new technologies?
- What are the trade-offs between computer security and societal security? How do these choices affect privacy and innovation?
- What is the "right" mix? Can there be one?
- Matt Blaze. My life as an international arms courier, January 1995. [ .txt ]
- Robert Post. Encryption source code and the First Amendment. Berkeley Technology Law Journal, 15(2):713–723, 2000. [ http ]
- Whitfield Diffie and Susan Landau. Privacy on the Line: the Politics of Wiretapping and Encryption. MIT Press, Cambridge, MA, second edition, 2007. Chapter 9. [ http ]
- James B. Comey and Sally Quillian Yates. Going dark: Encryption, technology, and the balances between public safety and privacy. Statement before the Senate Judiciary Committee, July 8, 2015. [ http ]
- Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael A. Specter, and Daniel J. Weitzner. Keys under doormats: Mandating insecurity by requiring government access to all data and communications. Journal of Cybersecurity, 1(1), September 2015. [ DOI | http ]
- Report of the Manhattan District Attorney's Office on smartphone encryption and public safety, November 2016. [ .pdf ]
- House Judiciary Committee & House Energy and Commerce Committee. Encryption working group year — end report, December 20, 2016. [ .pdf ]
- Matthew Kahn. Deputy Attorney General Rod Rosenstein remarks on encryption. October 10, 2017. [ http ]
- United States v. Bernstein (opinion withdrawn, 192 F.3d 1308 (9th Cir. 1999))
- Proposed rule change: "Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items"
- Gregory Krieg and Tal Kopan. Is this the email that hacked John Podesta's account? CNN, October 30, 2016. [ http ]
- Eric Lipton, David E. Sanger, and Scott Shane. The perfect weapon: How Russian cyberpower invaded the U.S. New York Times, December 13, 2016. [ .html ]
- Matt Jones. The spy who pwned me. Limn, February 2017. [ http ]
- Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret MacAlpine, and Jeff Moss. Defcon 25 voting machine hacking village, September 2017. Optional. [ .pdf ]
- Eugene Kiely. Timeline of Russia investigation. FactChek.org, September 14, 2017. [ http ]
- Susan Landau. Russia's hybrid warriors got the White House. now they're coming for America's town halls. Lawfare, September 26, 2017. [ http ]
- Josh Dawsey. Russian-funded facebook ads backed Stein, Sanders and Trump. Politico, September 26, 2017. [ http ]
- Michael McFaul. Enough is enough: How to stop Russia's cyber-interference. Washington Post, September 28, 2017. [ http ]
- Jeff Stein. Russians still have an open path to U.S. election subversion. Newsweek, October 7, 2017. [ http ]
- Matea Gold and Elizabeth Dwoskin. Trump campaign's embrace of Facebook shows company's growing reach in elections. Washington Post, October 8, 2017. [ http ]
- Nicholas Confessore and Daisuke Wakabayashi. How Russia harvested American rage to reshape U.S. politics. New York Times, October 9, 2017. [ .html ]
- Celeste Katz. Hack-vulnerable voting machines a `national security threat', experts warn. October 10, 2017. [ http ]
- Guccifer 2.0, Vice Motherboard, collected stories. Optional.
- Steven M. Bellovin, Renée M. Hutchins, Tony Jebara, and Sebastian Zimmeck. When enough is enough: Location tracking, mosaic theory, and machine learning. NYU Journal of Law and Liberty, 8(2):555–628, 2014. Part II only (pp. 589-595). [ .pdf ]
- Tom Simonite. Amazon and the CIA want to teach AI to watch from space. MIT Technology Review, August 25, 2016. [ http ]
- Bernard Marr. What is the difference between artificial intelligence and machine learning? Forbes, December 6, 2016. [ http ]
- Marcus Weisgerber. The Pentagon's new algorithmic warfare cell gets its first mission: Hunt ISIS. Defense One, May 14, 2017. [ http ]
- Greg Allen and Taniel Chan. Artificial intelligence and national security. Belfer Center Study, July 2017. Executive summary only. [ .pdf ]
- Johannes Petrat. How to do machine learning on satellite images. Cap Gemini, August 11, 2017. [ http ]
- Jiawei Su, Danilo Vasconcellos Vargas, and Sakurai Kouichi. One pixel attack for fooling deep neural networks, October 24, 2017. Optional. [ http ]
- Richard B. Gasparre. The Israeli 'E-tack' on Syria–Part I. Air Force Technology.com, March 9, 2008. [ http ]
- Richard B. Gasparre. The Israeli 'E-tack' on Syria–Part II. Air Force Technology.com, March 10, 2008. [ http ]
- Mandiant. Apt1: Exposing one of China's cyber espionage units. White paper, 2013. [ .pdf ]
- Ralph Langner. To kill a centrifuge: A technical analysis of what Stuxnet's creators tried to achieve, November 2013. [ .pdf ]
- Jason Healey. Learn cyber conflict history, or doom yourself to repeat it. Armed Forces Journal, December 17, 2013. [ http ]
- Phil Muncaster. ICS-CERT three year BlackEnergy attack on industrial control systems. Infosecurity Magazine, October 29, 2014. [ http ]
- Department of Defense. The DoD cyber strategy, April 2015. [ .pdf ]
- Kelly Jackson Higgins. Lessons from the Ukraine electric grid hack. Information Week, March 18, 2016. [ http ]
- Project CameraShy: Closing the Aperture on China's Unit 78020
- From UK NCSC:
- Scoping paper (Group paper)
- Harold Hongju Koh. International law in cyberspace. Faculty Scholarship Series, 2012. Paper 4854. [ http ]
- Matthew C. Waxman. Self-defensive force against cyber attacks: Legal, strategic and political dimensions. International Law Studies, 89:109–122, 2013. [ http ]
- Jason Healey and A.J. Wilson. Cyber conflict and the War Powers Resolution: Congressional oversight of hostilities in the fifth domain. Georgetown Journal of International Affairs, July 2015. [ .pdf ]
- Jason Healey and Tim Maurer. What it'll take to forge peace in cyberspace. New Dimensions in Cybersecurity, March 2017. [ http ]
- Budapest Convention (optional)
- Indictments of Chinese PLA, Iranian, and Russian officials
- Kim Zetter. A unprecedented look at Stuxnet, the world's first digital weapon. Wired, November 3, 2014. [ http ]
- Joseph S. Nye, Jr. Deterrence and dissuasion in cyberspace. International Security, 41:44–71, Winter 2016. [ http ]
- Steven M. Bellovin, Susan Landau, and Herbert S. Lin. Limiting the undesired impact of cyber weapons: Technical requirements and policy implications. Journal of Cybersecurity, 3(1), 2017. [ http ]
- Defense Science Board Task Force. Final report on cyber deterrence, February 2017. [ .pdf ]
- David E. Sanger and William J. Broad. Trump inherits a secret cyberwar against North Korean missiles. New York Times, March 4, 2017. [ .html ]
- Jason Healey. Cyber deterrence is working—so far. The Cipher Brief, July 23, 2017. [ http ]
- James Miller and Richard Fontaine. Cyber and space weapons are making nuclear deterrence trickier. Defense One, November 26, 2017. [ http ]
- Final paper (Group paper)
Cybersecurity: Technology, Policy and Law
How the Internet Works
Concepts: Introduction to computer security and the perspectives of the problems and solutions seen from technology, policy, and law.
Software and its Discontents
Introcution to Cryptography
Concepts: Concepts to cover: More detailed conversation to ensure a common knowledge amongst the students on deeper topics including:
Concepts: Basic 4th Amendment doctrine and constitutional limits on government surveillance
How Does Electronic Surveillance Work Legally?
How to Wiretap
Concepts: This class will be set aside for a deeper discussion on the topics and especially how they relate to each group project.
Guest speaker: Herb Lin, Stanford Center for International Security and Cooperation
Concepts: This class will cover some history of cyber conflict and important topics such as attribution and the advantages and dangers of cyber conflict.
Cyber Conflict: International Law and Norms
Concepts: Law and norms
Concepts: Deterrence and escalation