Fall 2020

Fall 2020 Syllabus

Cybersecurity in Context

Cybersecurity has become instrumental to economic activity and human rights alike. But as digital technologies penetrate deeply into almost every aspect of human experience, a broad range of social-political-economic-legal-ethical-military and other considerations have come to envelop the cybersecurity landscape. Cybersecurity in Context will explore the most important elements that shape the playing field on which cybersecurity problems emerge and are managed. The course will emphasize how ethical, legal, and economic frameworks enable and constrain security technologies and policies. It will introduce some of the most important macro-elements (such as national security considerations and the interests of nation-states) and micro-elements (such as behavioral economic insights into how people understand and interact with security features). Specific topics include policymaking (on the national, international, and organizational level), business models, legal frameworks (including duties of security, privacy issues, law enforcement access issues, computer hacking, and economic/military espionage), standards making, and the roles of users, government, and industry.
Open to law students and graduate students, and undergraduates by permission.

Fall 2020 Syllabus

Spring 2021

Spring 2020 Syllabus

Future of Cybersecurity Reading Group (FCRG)

We discuss cybersecurity policy among a group of graduate, professional, and undergraduate students. In Spring 2020, we will focus on four topics: 1) Laura DeNardis’ new book, The Internet in Everything. Professor DeNardis is a giant in internet governance and policy. Her new book has met with glowing review. It will be released on January 7th. 2) Richard A. Clarke and Robert K. Knake’s recently-published book, The Fifth Domain. This is a popular book but it makes an argument important for theory surrounding whether the offense or the defense has the upper hand in cyber. 3) Professor Hoofnagle’s in-progress book with Simson Garfinkel on quantum technologies, Law and Policy for the Quantum Age, is forthcoming from Cambridge University Press and is relevant to cybersecurity. 4) A series of policy reports and papers we have identified.

This course is open to law students, graduate students, and undergraduates (with permission). Undergraduates should be prepared to read and engage at a level commensurate with your graduate school peers–there’s no “back benching” this seminar.

Previous syllabi (Spring 2020, Spring 2019, Spring 2018, Fall 2017, Spring 2017)

Spring 2020 Syllabus

Courses in active rotation

Spring 2019 Syllabus

Privacy Law for Technologists

Information privacy law profoundly shapes how internet-enabled services may work. Privacy Law for Technologists will translate the regulatory demands flowing from the growing field of privacy, information security, and consumer law to those who are creating interesting and transformative internet-enabled services. The course will meet twice a week, with the first session focusing on the formal requirements of the law, and the second on how technology might accommodate regulatory demands and goals. Topics include: Computer Fraud and Abuse Act (reverse engineering, scraping, computer attacks), unfair/deceptive trade practices, ECPA, children’s privacy, big data and discrimination (FCRA, ECOA), DMCA, intermediary liability issues, the anti-marketing laws, the GDPR, and new for 2019, the California Consumer Privacy Act.
Also offered Fall 2017, Fall 2016

Spring 2019 Syllabus

Inactive courses

Spring 2018 Syllabus

Privacy & Security Lab

There is a burgeoning market for technologists and lawyers who can understand the application and implementation of privacy and security rules to network connected services. Privacy and Security Lab is a new course designed to promote the development of such “privacy technologists.” Students will meet twice a week, once in discussion, and the second time in a computer lab to gain hands-on skills in privacy and security analysis. The course will explore the concepts, regulations, technologies, and business practices in privacy and security, including how different definitions of “privacy” may shape technical implementation of information-intensive services; the nature of privacy and security enhancing services; and how one might technically evaluate the privacy and security claims made by service providers. There are no prerequisites and enrollment is open to law students to encourage cross-disciplinary exchanges.

Also offered Spring 2017

Spring 2018 Syllabus
Spring 2017 Syllabus

Technology Policy Reading Group (AI & ML; Free Speech: Private Regulation of Speech; CRISPR)

A tremendous amount of writing is being generated by lawyers in order to influence public policy on technology issues. The Technology Policy Reading Group will focus on both substance and strategy of this writing. Students will evaluate the quality of this work, attempt to understand the dynamics of the policy conversation, and how such dialogue fits into the larger strategy to influence government technology policy. These procedural questions have become more important in light of recent reporting concerning payola at well-respected Washington think tanks. Students will be encouraged to view the policy tussles through different lenses: markets, organizational behavior, behavioral economics, policymaker interests, competing factions in the technology industry (e.g. intermediaries, content producers, etc), international stakeholders, military, etc. Finally, students will be encouraged to consider how law school has affected their substantive viewpoints and their approach to analyzing policy questions.

The course will focus on 2–3 overarching issues identified and selected by students. For instance, if held in spring 2016, the topics might have included: network neutrality and the reclassification of information services, questions of innovation policy and government funding, the internet of things, the issues raised by advancements in intelligent machines, or the proposed amendments to the computer hacking statutes (including encryption backdoors).

Spring 2017 Syllabus
Fall 2017 Syllabus

Problem-Based Learning: The Future of Digital Consumer Protection

Digital technologies have brought consumers many benefits, including new products and services, yet at the same time, these technologies offer affordances that alter the balance of power among companies and consumers. Technology makes it easier to deny consumers access to the courts; to restrict well-established customs and rights, such as fair use and the reselling of goods; to manipulate digital fora that provide reviews of products and services; to retaliate against and/or monitor or even extort consumers who criticize them; to engage in differential pricing; to “brick” or turn off devices remotely, to cause systemic insecurity by failing to patch products; and to impose transaction costs in order to shape consumer behavior.

Fundamentally, the move to digital turns many products into services. While the law has long comprehensively regulated products under the Uniform Commercial Code and products liability regimes, artifacts and services with embedded software present new challenges. European governments are moving aggressively to establish comprehensive regulations for digital goods. But no such agenda is on the horizon in the United States.

Problem Based Learning

This course will employ a problem-based learning method (PBL). Based on cognitive and learning theories, the main principle of PBL is to present students with real-world tasks that mimic the experiences they will have in their professional careers.  Throughout the seminar, students will develop learning objectives (LOs) to deepen their understanding of relevant aspects of each issue.  For each issue, students will prepare an LO report.  LO reports are brief (2-4 pages), informal (formal citations are not required but a reference list should be included) explorations of the selected issue. The emphasis for these reports is content over form. By studying the smallest researchable sub issues of the course, we will develop a high level conception of consumer protection and its goals. We will then explore its fit in the digital realm. Some of the high-level questions we could probe include:

-What are the highest-level principles (e.g. competition, fairness, power balance, interoperability) that should guide digital consumer protection efforts?

-On a highest level, what are the sources, contours, and protections offered by of existing consumer law in the U.S.? Are these existing approaches adaptable to the digital world?

-Software-embedded products make it possible to have a continuous transaction with the consumer. How will the interests of the consumer and the business diverge over time?

-What do consumers expect and hope to expect of products in the digital marketplace?

-What new problems will arise from digital products? Are these problems really novel or simply different articulations of offline problems?

-What case studies could elucidate the contours of the benefits and challenges of the digital marketplace?

-Existing consumer laws emphasize the most important purchases in life—homes, cars, financial services. What will be the most important consumer purchases in a digital economy?

-What can be learned from previous incidents of failure or manipulation from software-embedded systems, such as the Therac-25, e-voting machines, the Three Mile Island accident, and the Volkswagen emissions scandal?

-Consumer advocates are effective when they can make anecdotes of problems readily available. What are the anecdotes that crisply capture problems in the digital marketplace?

-How is consumer protection in alignment or misalignment with other important public policy goals, such as environmental protection?

-To what extent should consumer protection be concerned about “repairability” or a “right to repair.”?

-What will the digital marketplace mean for the management of reputation, credit standing, and identity?

-As products increasingly have embedded software, what are the duties of businesses and consumers to keep this software up to date for cybersecurity and product liability/safety purposes?

-In what situations is it appropriate for a business to “brick” a software-embedded product?

-What will product “recalls” look like for software-embedded products? In what situations should voluntary recalls be escalated and become mandatory, government-administered ones?

-In what situations is it appropriate for a business to prohibit or otherwise frustrate consumer self-repair of products?

-What institutional characteristics among governmental, self-regulatory, advocacy, and dispute resolution bodies are needed to ensure dynamism and attention to digital consumer protection?

-How will advertising, marketing, and consumer disclosures change in the digital economy?

-What role will warranties play in products with embedded software?

-How can consumer remedies be tailored to be meaningful in the digital marketplace? What remedies should businesses have for non-payment or other consumer non-compliance?

-Does a consumer protection lens that imposes duties of “reasonableness” suffice, or should regulators take a products liability approach?

-How should rights and responsibilities be allocated among businesses, governments, and consumers themselves to promote digital consumer protection?

The seminar will include graduate students from several different disciplines and backgrounds. Students will work alone or in small groups to generate hypotheses, learning issues, and learning objectives for each issue. The primary aim is to work together in interdisciplinary teams to integrate understanding across different approaches. The discussions will include not only current knowledge of consumer protection but also consideration of research to advance understanding. Students will then develop short presentations on these learning objectives to create group learning and discussion.  For the culmination of the course, students will prepare a short research paper that guides decision makers on key issues in digital consumer protection.

Fall 2017 Syllabus
Spring 2016 Syllabus

Problem-Based Learning: EdTech

This seminar will explore the educational technology (Edtech) sector from policy, design, and legal lenses. Edtech is among the most exciting fields for personalization because such tools may enhance learning. But in practice, Edtech is often poorly implemented. An OECD report recently found that “student performance is mixed at best” from the incorporation of internet and communication technologies in the classroom. At least four different privacy regulatory regimes touch Edtech, yet enthusiasm for the field remains high, with venture funding now reaching almost $2b for the sector. This seminar, following a problem-based learning approach, will explore the Edtech field in depth. What can we realistically expect from Edtech? How can Edtech be used most efficaciously? How do we regulate student privacy and why? How can technology serve the regulatory requirements and ends of policy?

Spring 2016 Syllabus
Fall 2015 Syllabus

Computer Crime Law

“Computer crime” has been with us since the 1960s, but our society’s dependence upon, and the evolution of, networked communications has changed computer crime dramatically in recent decades. With the aid of a computer, individuals now can levy sophisticated attacks at a scale typically available to organized crime rings or governments. As a result, all 50 states and the federal government have enacted laws prohibiting unauthorized use of computers, and in recent years, governments have tried to harmonize these laws internationally.

A computer can be the means, target of, or the source of information about a crime, and increasingly, those interested in all aspects of criminal law must have some working knowledge of computer crime to effectively investigate, prosecute, and defend cases. This course will explore the policy and law of computer crime and consider how “cybercrimes” are different from and similar to transgressive behavior in physical space. Topics will include the Fourth Amendment, forensics, electronic surveillance, cyberbullying, identity theft, computer hacking and cracking, espionage, cyberterrorism, privacy, the era of “forced disclosure,” and the challenge of cross-jurisdiction enforcement.

This course has a take-home exam and all enrolled JD students will give a short in-class presentation on some topic relevant to computer crime.

Please note, about 60% of reported computer crime cases concern prosecution of child predators. Federal defenders and prosecutors now have significant child pornography/luring dockets, and as a result, a significant amount of class time concerns this difficult, odious topic. These crimes are shocking in their depravity. Care is taken to discuss it with sensitivity, but students should be prepared to engage this material in order to develop a competent understanding of these crimes.

Also offered Fall 2014, Fall 2013, Fall 2012, Fall 2011

Fall 2015 Syllabus

Older Courses

I have also taught:

  • FTC Privacy Seminar (Spring 2015, Spring 2010)
  • Internet Law (Spring 2013)
  • Information Privacy Law (Spring 2012, Spring 2009)
  • Samuelson Law, Technology & Public Policy Clinic (Fall 2014, Spring 2014, Fall 2013, Spring 2011, Fall 2010, Fall 2009)

Syllabi available upon request.