The lectures and readings listed here are subject to change, including in response to current events (i.e., major news items).

Tuesday, September 05: Introduction
        Cybersecurity: Technology, Policy and Law
        How the Internet Works

Concepts: Introduction to computer security and the perspectives of the problems and solutions seen from technology, policy, and law.

Readings:
Tuesday, September 12: Cryptography Tutorial
        Software and its Discontents
        Stealing Credentials
        Introcution to Cryptography

Concepts: Concepts to cover: More detailed conversation to ensure a common knowledge amongst the students on deeper topics including:
  • What is cryptography?
  • Symmetric and public key cryptography
  • Public key infrastructure, certificates, and digital signatures
  • Authentication
  • The role of bugs in computer (in)security


Readings:
  • Whitfield Diffie and Martin E. Hellman. Exhaustive cryptanalysis of the NBS data encryption standard. Computer, 10(6):74--84, June 1977. [ http ]
  • R. M. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993--999, December 1978. [ http ]
  • Whitfield Diffie and Susan Landau. Privacy on the Line: the Politics of Wiretapping and Encryption. MIT Press, Cambridge, MA, second edition, 2007. Chapters 2--7. [ http ]
Tuesday, September 19: Fourth Amendment and Foundations of Surveillance Law
Concepts: Basic 4th Amendment doctrine and constitutional limits on government surveillance

Readings:
  • Katz v. United States, 389 U.S. 347 (1967). Read all five opinions.
  • United States v. United States District Court, 407 U.S. 297 (1972)
  • Smith v. Maryland, 442 U.S. 735 (1979).
  • United States v. Truong Dinh Hung, 629 F.2d 908 (4th Cir. 1980)
  • United States v. Jones, 132 S. Ct. 945 (2012). Read all three opinions.
Tuesday, September 26: Surveillance: International Policy
Concepts:
  • International law on espionage
  • Mutual Legal Assistance Treaties
  • PCLOB reports on Sections 215 and 702


Readings:
  • Vassilis Prevelakis and Diomidis Spinellis. The Athens affair. IEEE Spectrum, 44(7):26--33, July 2007. [ http ]
  • Privacy and Civil Liberties Oversight Board. Report on the telephone records program conducted under Section 215 of the USA PATRIOT Act and on the operations of the Foreign Intelligence Surveillance Court, January 23, 2014. Parts 1-3 only. [ .pdf ]
  • Privacy and Civil Liberties Oversight Board. Report on the surveillance program operated pursuant to Section 702 of the foreign intelligence surveillance act, July 14, 2014. Parts 1-3 only. [ .pdf ]
  • Ellen Nakashima and Andrea Peterson. The British want to come to America---with wiretap orders and search warrants. Washington Post, February 4, 2016. [ .html ]
Tuesday, October 03: Surveillance: How it's Done
        How Does Electronic Surveillance Work Legally?
        How to Wiretap

Concepts:
  • How to obtain a warrant
  • Technical mechanisms
  • Network Investigative Techniques


Readings:
Tuesday, October 10:
Homework due:

Cryptography and Exceptional Access
        A Brief History of the Crypto Wars
        The Problem with Exceptional Access

Concepts:

  • What rights and responsibilities do law enforcement have to devices and communications?
  • What rights and responsibilities do individual citizens have?
  • How will this be affected by new technologies?
  • What are the trade-offs between computer security and societal security? How do these choices affect privacy and innovation?
  • What is the "right" mix? Can there be one?


Readings:
  • Matt Blaze. My life as an international arms courier, January 1995. [ .txt ]
  • Robert Post. Encryption source code and the First Amendment. Berkeley Technology Law Journal, 15(2):713--723, 2000. [ http ]
  • Whitfield Diffie and Susan Landau. Privacy on the Line: the Politics of Wiretapping and Encryption. MIT Press, Cambridge, MA, second edition, 2007. Chapter 9. [ http ]
  • James B. Comey and Sally Quillian Yates. Going dark: Encryption, technology, and the balances between public safety and privacy. Statement before the Senate Judiciary Committee, July 8, 2015. [ http ]
  • Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael A. Specter, and Daniel J. Weitzner. Keys under doormats: Mandating insecurity by requiring government access to all data and communications. Journal of Cybersecurity, 1(1), September 2015. [ DOI | http ]
  • Report of the Manhattan District Attorney's Office on smartphone encryption and public safety, November 2016. [ .pdf ]
  • House Judiciary Committee & House Energy and Commerce Committee. Encryption working group year --- end report, December 20, 2016. [ .pdf ]
  • Matthew Kahn. Deputy Attorney General Rod Rosenstein remarks on encryption. October 10, 2017. [ http ]
  • United States v. Bernstein (opinion withdrawn, 192 F.3d 1308 (9th Cir. 1999))
  • Proposed rule change: "Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items"
Guest speaker: Prof. Dan Richman
Tuesday, October 17: Information Operations and the 2016 Election
Readings:
  • Gregory Krieg and Tal Kopan. Is this the email that hacked John Podesta's account? CNN, October 30, 2016. [ http ]
  • Eric Lipton, David E. Sanger, and Scott Shane. The perfect weapon: How Russian cyberpower invaded the U.S. New York Times, December 13, 2016. [ .html ]
  • Matt Jones. The spy who pwned me. Limn, February 2017. [ http ]
  • Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret MacAlpine, and Jeff Moss. Defcon 25 voting machine hacking village, September 2017. Optional. [ .pdf ]
  • Eugene Kiely. Timeline of Russia investigation. FactChek.org, September 14, 2017. [ http ]
  • Josh Dawsey. Russian-funded facebook ads backed Stein, Sanders and Trump. Politico, September 26, 2017. [ http ]
  • Susan Landau. Russia's hybrid warriors got the White House. now they're coming for America's town halls. Lawfare, September 26, 2017. [ http ]
  • Michael McFaul. Enough is enough: How to stop Russia's cyber-interference. Washington Post, September 28, 2017. [ http ]
  • Jeff Stein. Russians still have an open path to U.S. election subversion. Newsweek, October 7, 2017. [ http ]
  • Matea Gold and Elizabeth Dwoskin. Trump campaign's embrace of Facebook shows company's growing reach in elections. Washington Post, October 8, 2017. [ http ]
  • Nicholas Confessore and Daisuke Wakabayashi. How Russia harvested American rage to reshape U.S. politics. New York Times, October 9, 2017. [ .html ]
  • Celeste Katz. Hack-vulnerable voting machines a `national security threat', experts warn. October 10, 2017. [ http ]
  • Guccifer 2.0, Vice Motherboard, collected stories. Optional.
Tuesday, October 24: Artificial Intelligence and National Security
Readings:
  • Steven M. Bellovin, Renée M. Hutchins, Tony Jebara, and Sebastian Zimmeck. When enough is enough: Location tracking, mosaic theory, and machine learning. NYU Journal of Law and Liberty, 8(2):555--628, 2014. Part II only (pp. 589-595). [ .pdf ]
  • Tom Simonite. Amazon and the CIA want to teach AI to watch from space. MIT Technology Review, August 25, 2016. [ http ]
  • Bernard Marr. What is the difference between artificial intelligence and machine learning? Forbes, December 6, 2016. [ http ]
  • Marcus Weisgerber. The Pentagon's new algorithmic warfare cell gets its first mission: Hunt ISIS. Defense One, May 14, 2017. [ http ]
  • Greg Allen and Taniel Chan. Artificial intelligence and national security. Belfer Center Study, July 2017. Executive summary only. [ .pdf ]
  • Johannes Petrat. How to do machine learning on satellite images. Cap Gemini, August 11, 2017. [ http ]
  • Jiawei Su, Danilo Vasconcellos Vargas, and Sakurai Kouichi. One pixel attack for fooling deep neural networks, October 24, 2017. Optional. [ http ]
Tuesday, October 31:
Homework due:

Class Discussion
Concepts: This class will be set aside for a deeper discussion on the topics and especially how they relate to each group project.
Guest speaker: Herb Lin, Stanford Center for International Security and Cooperation

Tuesday, November 14: Cyber Conflict: What and Why; Technology
Concepts: This class will cover some history of cyber conflict and important topics such as attribution and the advantages and dangers of cyber conflict.

Readings:
  • Richard B. Gasparre. The Israeli 'E-tack' on Syria--Part I. Air Force Technology.com, March 9, 2008. [ http ]
  • Richard B. Gasparre. The Israeli 'E-tack' on Syria--Part II. Air Force Technology.com, March 10, 2008. [ http ]
  • Mandiant. Apt1: Exposing one of China's cyber espionage units. White paper, 2013. [ .pdf ]
  • Ralph Langner. To kill a centrifuge: A technical analysis of what Stuxnet's creators tried to achieve, November 2013. [ .pdf ]
  • Jason Healey. Learn cyber conflict history, or doom yourself to repeat it. Armed Forces Journal, December 17, 2013. [ http ]
  • Phil Muncaster. ICS-CERT three year BlackEnergy attack on industrial control systems. Infosecurity Magazine, October 29, 2014. [ http ]
  • Department of Defense. The DoD cyber strategy, April 2015. [ .pdf ]
  • Kelly Jackson Higgins. Lessons from the Ukraine electric grid hack. Information Week, March 18, 2016. [ http ]
  • Project CameraShy: Closing the Aperture on China's Unit 78020
  • From UK NCSC:
Tuesday, November 21:
Homework due:
  • Scoping paper (Group paper)

Cyber Conflict: International Law and Norms
Concepts: Law and norms

Readings:

  • Harold Hongju Koh. International law in cyberspace. Faculty Scholarship Series, 2012. Paper 4854. [ http ]
  • Matthew C. Waxman. Self-defensive force against cyber attacks: Legal, strategic and political dimensions. International Law Studies, 89:109--122, 2013. [ http ]
  • Jason Healey and A.J. Wilson. Cyber conflict and the War Powers Resolution: Congressional oversight of hostilities in the fifth domain. Georgetown Journal of International Affairs, July 2015. [ .pdf ]
  • Jason Healey and Tim Maurer. What it'll take to forge peace in cyberspace. New Dimensions in Cybersecurity, March 2017. [ http ]
  • Budapest Convention (optional)
  • Indictments of Chinese PLA, Iranian, and Russian officials
Tuesday, November 28: Waging Cyber War
Concepts: Deterrence and escalation

Readings:
  • Kim Zetter. A unprecedented look at Stuxnet, the world's first digital weapon. Wired, November 3, 2014. [ http ]
  • Joseph S. Nye, Jr. Deterrence and dissuasion in cyberspace. International Security, 41:44--71, Winter 2016. [ http ]
  • Steven M. Bellovin, Susan Landau, and Herbert S. Lin. Limiting the undesired impact of cyber weapons: Technical requirements and policy implications. Journal of Cybersecurity, 3(1), 2017. [ http ]
  • Defense Science Board Task Force. Final report on cyber deterrence, February 2017. [ .pdf ]
  • David E. Sanger and William J. Broad. Trump inherits a secret cyberwar against North Korean missiles. New York Times, March 4, 2017. [ .html ]
  • Jason Healey. Cyber deterrence is working---so far. The Cipher Brief, July 23, 2017. [ http ]
  • James Miller and Richard Fontaine. Cyber and space weapons are making nuclear deterrence trickier. Defense One, November 26, 2017. [ http ]
Tuesday, December 05: Group Presentations
Monday, December 18:
Homework due:
  • Final paper (Group paper)