A growing number of faculty are offering cybersecurity courses at Cal. Consider taking:

• The Center for Security in Politics offers a graduate certificate in security policy. Many of the electives are open to undergraduates. They include
  • GSPP PP 155/255 Introduction to Security Policy (Professors Janet Napolitano and Daniel Sargent)
  • PPC285 and NUCENG 285C Nuclear Security: The Nexus Between Policy and Technology (Professors Karl Van Bibber and Professor Michael Nacht)
  • INFO 289 Public Interest Cybersecurity: The Citizen Clinic Practicum
• The Berkeley Risk and Security Lab (BRSL) offers several courses in security:
  • INFO 290S War? Politics, Security, and Emerging Technologies (Professor Andrew Reddie)
  • INFO 290 Future of Cybersecurity Working Group
• My new course in cybersecurity is Cybersecurity in Context, starting fall 2024 in Legal Studies. More details below.

Technology for Lawyers Workshop (TLW) is a self-paced, two-session workshop covering the computer skills most important to success in law school. By working along and doing the exercises, you’ll become a more efficient user of your computer, and in the process, develop Microsoft Word templates you can use for law school assignments.

New course! In fall 2024, I will teach Cybersecurity in Context in the Legal Studies program (LS 190). The course will be based on my new textbook with Golden G. Richard III.

Course Description

Cybersecurity has become instrumental to economic activity and human rights alike. But as digital technologies penetrate almost every aspect of human experience, a broad range of socialpolitical-economic-legal-ethical-military and other considerations have come to envelop the cybersecurity landscape.

Cybersecurity in Context (CiC) explores the most important elements that shape the playing field on which cybersecurity problems emerge and are managed. The course will emphasize how ethical, legal, and economic frameworks enable and constrain security technologies and policies. It will introduce some of the most important macro-elements (such as national security considerations and the interests of nation-states) and micro-elements (such as behavioral economic insights into how people understand and interact with security features). Specific topics include policymaking (on the national, international, and organizational level), business models, legal frameworks (including duties of security, privacy issues, law enforcement access issues, computer hacking, and economic/military espionage), standards making, and the roles of users, government, and industry.

CiC includes a computer major lab component designed to upskill students and expose them to the actual technologies and methods of computer attack, because in order to understand defense, one must be familiar with offense. Lab activities will be accompanied by ethics and legal modules, along with a pledge to refrain from using these techniques for malign purposes.

There are no prerequisites for this course and it is not necessary to have programming or other advanced computer skills.

Welcome to your first year of law school and to torts, a topic as rich as it is traditional in legal education. Torts provides an expansive lens to learn about the American legal system. This course will cover the basics of torts and in the process, the fundamental reasons and principles underlying doctrine.

Learning Goals:

• Learn the black letter rules of torts
• Learn the why of torts: what are the reasons we have a tort system? What are the institutions and social forces and concerns that shape torts’ contours?
• What are the rationales for fault liability and what are their consequences?
• What events “cause” harms? Should damage awards compensate plaintiffs or deter defendants, or both?
• Develop systemic critiques of torts (and the law!): what does tort law assume about people? Does it treat all people equally? What are the potential strategies to use the tort system to promote equity? What are the merits and demerits of alternative systems, such as workers compensation, regulation, and insurance schemes?
• Learn to “think like a lawyer:” what concepts are “legal” concepts and why? What are the principles, policies, and purposes underlying these concepts?
• Learn about the American legal system. Torts, with its wilds ranging from the trial bar to growing statutory regulation, is a great introduction to American law and procedure.

Apologies, I will be on sabbatical Spring 2024, visiting at the Department of War Studies at King’s College London.

Welcome to your first year of law school and to torts, a topic as rich as it is traditional in legal education. Torts provides an expansive lens to learn about the American legal system. This course will cover the basics of torts and in the process, the fundamental reasons and principles underlying doctrine.

Learning Goals:

• Learn the black letter rules of torts
• Learn the why of torts: what are the reasons we have a tort system? What are the institutions and social forces and concerns that shape torts’ contours?
• What are the rationales for fault liability and what are their consequences?
• What events “cause” harms? Should damage awards compensate plaintiffs or deter defendants, or both?
• Develop systemic critiques of torts (and the law!): what does tort law assume about people? Does it treat all people equally? What are the potential strategies to use the tort system to promote equity? What are the merits and demerits of alternative systems, such as workers compensation, regulation, and insurance schemes?
• Learn to “think like a lawyer:” what concepts are “legal” concepts and why? What are the principles, policies, and purposes underlying these concepts?
• Learn about the American legal system. Torts, with its wilds ranging from the trial bar to growing statutory regulation, is a great introduction to American law and procedure.

 We will discuss cybersecurity policy among a group of graduate, professional, and undergraduate students. The FCWG will be led by Andrew Reddie in Fall 2023.

Previous syllabi (Fall 2023, Spring 2023, Fall 2022, Fall 2021, Spring 2021, Spring 2020, Spring 2019, Spring 2018, Fall 2017, Spring 2017)

Clients increasingly want their lawyers to understand their products and services on a technical level. Regulators need to understand how their rules will be implemented in code. Lawyers increasingly need tools to automate the process of collecting, organizing, and making sense of impossibly large troves of information.

Computer Programming for Lawyers introduces law students to the Python programming language with an emphasis on text analysis. For instance, we will use the same tools data scientists employ to “scrape” (collect) data, organize it, clean it, and use it to explore legally-relevant questions. This course will lay the foundation for understanding the basics of how companies leverage software engineering and “big data.” These skills have applications from legal discovery, to deposition preparation, to research into administrative or judicial action.

Computer Programming for Lawyers also acquaints the student with the logic of computer reasoning, and offers opportunities to comptrast it with legal reasoning. How would the procedure and substance of legal decisions change if more of the law were legible to computers and executable by computers?

We will discuss cybersecurity policy among a group of graduate, professional, and undergraduate students.

Previous syllabi (Fall 2021, Spring 2021, Spring 2020, Spring 2019, Spring 2018, Fall 2017, Spring 2017)

Welcome to your first year of law school and to torts, a topic as rich as it is traditional in legal education. Torts provides an expansive lens to learn about the American legal system. This course will cover the basics of torts and in the process, the fundamental reasons and principles underlying doctrine.

Learning Goals:

• Learn the black letter rules of torts
• Learn the why of torts: what are the reasons we have a tort system? What are the institutions and social forces and concerns that shape torts’ contours?
• What are the rationales for fault liability and what are their consequences?
• What events “cause” harms? Should damage awards compensate plaintiffs or deter defendants, or both?
• Develop systemic critiques of torts (and the law!): what does tort law assume about people? Does it treat all people equally? What are the potential strategies to use the tort system to promote equity? What are the merits and demerits of alternative systems, such as workers compensation, regulation, and insurance schemes?
• Learn to “think like a lawyer:” what concepts are “legal” concepts and why? What are the principles, policies, and purposes underlying these concepts?
• Learn about the American legal system. Torts, with its wilds ranging from the trial bar to growing statutory regulation, is a great introduction to American law and procedure.

We will discuss cybersecurity policy among a group of graduate, professional, and undergraduate students.

Previous syllabi (Fall 2021, Spring 2021, Spring 2020, Spring 2019, Spring 2018, Fall 2017, Spring 2017)

Clients increasingly want their lawyers to understand their products and services on a technical level. Regulators need to understand how their rules will be implemented in code. Lawyers increasingly need tools to automate the process of collecting, organizing, and making sense of impossibly large troves of information.

Computer Programming for Lawyers introduces law students to the Python programming language with an emphasis on text analysis. For instance, we will use the same tools data scientists employ to “scrape” (collect) data, organize it, clean it, and use it to explore legally-relevant questions. This course will lay the foundation for understanding the basics of how companies leverage software engineering and “big data.” These skills have applications from legal discovery, to deposition preparation, to research into administrative or judicial action.

Computer Programming for Lawyers also acquaints the student with the logic of computer reasoning, and offers opportunities to comptrast it with legal reasoning. How would the procedure and substance of legal decisions change if more of the law were legible to computers and executable by computers?

Apologies, because my focus will be on working with the Center for Long Term Cybersecurity, I cannot offer FCRG in 2022. Nor can my longtime colleague Jennifer Urban, as she is the chair of the California Privacy Protection Agency. Please see entries below for previous syllabi. Also, I do plan to have a regular CLTC research meeting and this may expand into a new kind of FCRG focused on active research instead of the available literature in the field.

Welcome to your first year of law school and to torts, a topic as rich as it is traditional in legal education. Torts provides an expansive lens to learn about the American legal system. This course will cover the basics of torts and in the process, the fundamental reasons and principles underlying doctrine.

Learning Goals:

• Learn the black letter rules of torts
• Learn the why of torts: what are the reasons we have a tort system? What are the institutions and social forces and concerns that shape torts’ contours?
• What are the rationales for fault liability and what are their consequences?
• What events “cause” harms? Should damage awards compensate plaintiffs or deter defendants, or both?
• Develop systemic critiques of torts (and the law!): what does tort law assume about people? Does it treat all people equally? What are the potential strategies to use the tort system to promote equity? What are the merits and demerits of alternative systems, such as workers compensation, regulation, and insurance schemes?
• Learn to “think like a lawyer:” what concepts are “legal” concepts and why? What are the principles, policies, and purposes underlying these concepts?
• Learn about the American legal system. Torts, with its wilds ranging from the trial bar to growing statutory regulation, is a great introduction to American law and procedure.

Clients increasingly want their lawyers to understand their products and services on a technical level. Regulators need to understand how their rules will be implemented in code. Lawyers increasingly need tools to automate the process of collecting, organizing, and making sense of impossibly large troves of information.

Computer Programming for Lawyers introduces law students to the Python programming language with an emphasis on text analysis. For instance, we will use the same tools data scientists employ to “scrape” (collect) data, organize it, clean it, and use it to explore legally-relevant questions. This course will lay the foundation for understanding the basics of how companies leverage software engineering and “big data.” These skills have applications from legal discovery, to deposition preparation, to research into administrative or judicial action.

Computer Programming for Lawyers also acquaints the student with the logic of computer reasoning, and offers opportunities to comptrast it with legal reasoning. How would the procedure and substance of legal decisions change if more of the law were legible to computers and executable by computers?

We will discuss cybersecurity policy among a group of graduate, professional, and undergraduate students. In Spring 2021, we will focus on two topics:

• cybersecurity and nation-state hacking through the lens of International Relations theory (Buchanan)
• cybersecurity and the concept of anti-racism (Benjamin)

Ben Buchanan’s new book, the Hacker and the State, contains detailed and careful case studies on recent state-involved cyber offensive activity. We will use Buchanan’s book, which is written from a political science/international relations lens, to discuss legal and policy approaches to address computer and network security.

Ruha Benjamin’s new book, Race After Technology, will provide a framework and sounding board for an issue that is not developed in the cybersecurity literature: what would it mean to promote security online in a way that is not merely race-neutral, but also anti-racist?

If there is time, we will focus on Hoofnagle’s new book with Simson Garfinkel, Law and Policy for the Quantum Age.

This course is open to law students, graduate students, and undergraduates (with permission). Undergraduates should be prepared to read and engage at a level commensurate with your graduate school peers–there’s no “back benching” this seminar.

Previous syllabi (Spring 2020, Spring 2019, Spring 2018, Fall 2017, Spring 2017)

Cybersecurity has become instrumental to economic activity and human rights alike. But as digital technologies penetrate deeply into almost every aspect of human experience, a broad range of social-political-economic-legal-ethical-military and other considerations have come to envelop the cybersecurity landscape. Cybersecurity in Context will explore the most important elements that shape the playing field on which cybersecurity problems emerge and are managed. The course will emphasize how ethical, legal, and economic frameworks enable and constrain security technologies and policies. It will introduce some of the most important macro-elements (such as national security considerations and the interests of nation-states) and micro-elements (such as behavioral economic insights into how people understand and interact with security features). Specific topics include policymaking (on the national, international, and organizational level), business models, legal frameworks (including duties of security, privacy issues, law enforcement access issues, computer hacking, and economic/military espionage), standards making, and the roles of users, government, and industry.
Open to law students and graduate students, and undergraduates by permission.

We discuss cybersecurity policy among a group of graduate, professional, and undergraduate students. In Spring 2020, we will focus on four topics: 1) Laura DeNardis’ new book, The Internet in Everything. Professor DeNardis is a giant in internet governance and policy. Her new book has met with glowing review. It will be released on January 7th. 2) Richard A. Clarke and Robert K. Knake’s recently-published book, The Fifth Domain. This is a popular book but it makes an argument important for theory surrounding whether the offense or the defense has the upper hand in cyber. 3) Professor Hoofnagle’s in-progress book with Simson Garfinkel on quantum technologies, Law and Policy for the Quantum Age, is forthcoming from Cambridge University Press and is relevant to cybersecurity. 4) A series of policy reports and papers we have identified.

This course is open to law students, graduate students, and undergraduates (with permission). Undergraduates should be prepared to read and engage at a level commensurate with your graduate school peers–there’s no “back benching” this seminar.

Previous syllabi (Spring 2020, Spring 2019, Spring 2018, Fall 2017, Spring 2017)

Information privacy law profoundly shapes how internet-enabled services may work. Privacy Law for Technologists will translate the regulatory demands flowing from the growing field of privacy, information security, and consumer law to those who are creating interesting and transformative internet-enabled services. The course will meet twice a week, with the first session focusing on the formal requirements of the law, and the second on how technology might accommodate regulatory demands and goals. Topics include: Computer Fraud and Abuse Act (reverse engineering, scraping, computer attacks), unfair/deceptive trade practices, ECPA, children’s privacy, big data and discrimination (FCRA, ECOA), DMCA, intermediary liability issues, the anti-marketing laws, the GDPR, and new for 2019, the California Consumer Privacy Act.
Also offered Fall 2017, Fall 2016

There is a burgeoning market for technologists and lawyers who can understand the application and implementation of privacy and security rules to network connected services. Privacy and Security Lab is a new course designed to promote the development of such “privacy technologists.” Students will meet twice a week, once in discussion, and the second time in a computer lab to gain hands-on skills in privacy and security analysis. The course will explore the concepts, regulations, technologies, and business practices in privacy and security, including how different definitions of “privacy” may shape technical implementation of information-intensive services; the nature of privacy and security enhancing services; and how one might technically evaluate the privacy and security claims made by service providers. There are no prerequisites and enrollment is open to law students to encourage cross-disciplinary exchanges.

Also offered Spring 2017

A tremendous amount of writing is being generated by lawyers in order to influence public policy on technology issues. The Technology Policy Reading Group will focus on both substance and strategy of this writing. Students will evaluate the quality of this work, attempt to understand the dynamics of the policy conversation, and how such dialogue fits into the larger strategy to influence government technology policy. These procedural questions have become more important in light of recent reporting concerning payola at well-respected Washington think tanks. Students will be encouraged to view the policy tussles through different lenses: markets, organizational behavior, behavioral economics, policymaker interests, competing factions in the technology industry (e.g. intermediaries, content producers, etc), international stakeholders, military, etc. Finally, students will be encouraged to consider how law school has affected their substantive viewpoints and their approach to analyzing policy questions.

The course will focus on 2–3 overarching issues identified and selected by students. For instance, if held in spring 2016, the topics might have included: network neutrality and the reclassification of information services, questions of innovation policy and government funding, the internet of things, the issues raised by advancements in intelligent machines, or the proposed amendments to the computer hacking statutes (including encryption backdoors).

Digital technologies have brought consumers many benefits, including new products and services, yet at the same time, these technologies offer affordances that alter the balance of power among companies and consumers. Technology makes it easier to deny consumers access to the courts; to restrict well-established customs and rights, such as fair use and the reselling of goods; to manipulate digital fora that provide reviews of products and services; to retaliate against and/or monitor or even extort consumers who criticize them; to engage in differential pricing; to “brick” or turn off devices remotely, to cause systemic insecurity by failing to patch products; and to impose transaction costs in order to shape consumer behavior.

Fundamentally, the move to digital turns many products into services. While the law has long comprehensively regulated products under the Uniform Commercial Code and products liability regimes, artifacts and services with embedded software present new challenges. European governments are moving aggressively to establish comprehensive regulations for digital goods. But no such agenda is on the horizon in the United States.

Problem Based Learning

This course will employ a problem-based learning method (PBL). Based on cognitive and learning theories, the main principle of PBL is to present students with real-world tasks that mimic the experiences they will have in their professional careers.  Throughout the seminar, students will develop learning objectives (LOs) to deepen their understanding of relevant aspects of each issue.  For each issue, students will prepare an LO report.  LO reports are brief (2-4 pages), informal (formal citations are not required but a reference list should be included) explorations of the selected issue. The emphasis for these reports is content over form. By studying the smallest researchable sub issues of the course, we will develop a high level conception of consumer protection and its goals. We will then explore its fit in the digital realm. Some of the high-level questions we could probe include:

-What are the highest-level principles (e.g. competition, fairness, power balance, interoperability) that should guide digital consumer protection efforts?

-On a highest level, what are the sources, contours, and protections offered by of existing consumer law in the U.S.? Are these existing approaches adaptable to the digital world?

-Software-embedded products make it possible to have a continuous transaction with the consumer. How will the interests of the consumer and the business diverge over time?

-What do consumers expect and hope to expect of products in the digital marketplace?

-What new problems will arise from digital products? Are these problems really novel or simply different articulations of offline problems?

-What case studies could elucidate the contours of the benefits and challenges of the digital marketplace?

-Existing consumer laws emphasize the most important purchases in life—homes, cars, financial services. What will be the most important consumer purchases in a digital economy?

-What can be learned from previous incidents of failure or manipulation from software-embedded systems, such as the Therac-25, e-voting machines, the Three Mile Island accident, and the Volkswagen emissions scandal?

-Consumer advocates are effective when they can make anecdotes of problems readily available. What are the anecdotes that crisply capture problems in the digital marketplace?

-How is consumer protection in alignment or misalignment with other important public policy goals, such as environmental protection?

-To what extent should consumer protection be concerned about “repairability” or a “right to repair.”?

-What will the digital marketplace mean for the management of reputation, credit standing, and identity?

-As products increasingly have embedded software, what are the duties of businesses and consumers to keep this software up to date for cybersecurity and product liability/safety purposes?

-In what situations is it appropriate for a business to “brick” a software-embedded product?

-What will product “recalls” look like for software-embedded products? In what situations should voluntary recalls be escalated and become mandatory, government-administered ones?

-In what situations is it appropriate for a business to prohibit or otherwise frustrate consumer self-repair of products?

-What institutional characteristics among governmental, self-regulatory, advocacy, and dispute resolution bodies are needed to ensure dynamism and attention to digital consumer protection?

-How will advertising, marketing, and consumer disclosures change in the digital economy?

-What role will warranties play in products with embedded software?

-How can consumer remedies be tailored to be meaningful in the digital marketplace? What remedies should businesses have for non-payment or other consumer non-compliance?

-Does a consumer protection lens that imposes duties of “reasonableness” suffice, or should regulators take a products liability approach?

-How should rights and responsibilities be allocated among businesses, governments, and consumers themselves to promote digital consumer protection?

The seminar will include graduate students from several different disciplines and backgrounds. Students will work alone or in small groups to generate hypotheses, learning issues, and learning objectives for each issue. The primary aim is to work together in interdisciplinary teams to integrate understanding across different approaches. The discussions will include not only current knowledge of consumer protection but also consideration of research to advance understanding. Students will then develop short presentations on these learning objectives to create group learning and discussion.  For the culmination of the course, students will prepare a short research paper that guides decision makers on key issues in digital consumer protection.

This seminar will explore the educational technology (Edtech) sector from policy, design, and legal lenses. Edtech is among the most exciting fields for personalization because such tools may enhance learning. But in practice, Edtech is often poorly implemented. An OECD report recently found that “student performance is mixed at best” from the incorporation of internet and communication technologies in the classroom. At least four different privacy regulatory regimes touch Edtech, yet enthusiasm for the field remains high, with venture funding now reaching almost $2b for the sector. This seminar, following a problem-based learning approach, will explore the Edtech field in depth. What can we realistically expect from Edtech? How can Edtech be used most efficaciously? How do we regulate student privacy and why? How can technology serve the regulatory requirements and ends of policy?

“Computer crime” has been with us since the 1960s, but our society’s dependence upon, and the evolution of, networked communications has changed computer crime dramatically in recent decades. With the aid of a computer, individuals now can levy sophisticated attacks at a scale typically available to organized crime rings or governments. As a result, all 50 states and the federal government have enacted laws prohibiting unauthorized use of computers, and in recent years, governments have tried to harmonize these laws internationally.

A computer can be the means, target of, or the source of information about a crime, and increasingly, those interested in all aspects of criminal law must have some working knowledge of computer crime to effectively investigate, prosecute, and defend cases. This course will explore the policy and law of computer crime and consider how “cybercrimes” are different from and similar to transgressive behavior in physical space. Topics will include the Fourth Amendment, forensics, electronic surveillance, cyberbullying, identity theft, computer hacking and cracking, espionage, cyberterrorism, privacy, the era of “forced disclosure,” and the challenge of cross-jurisdiction enforcement.

This course has a take-home exam and all enrolled JD students will give a short in-class presentation on some topic relevant to computer crime.

Please note, about 60% of reported computer crime cases concern prosecution of child predators. Federal defenders and prosecutors now have significant child pornography/luring dockets, and as a result, a significant amount of class time concerns this difficult, odious topic. These crimes are shocking in their depravity. Care is taken to discuss it with sensitivity, but students should be prepared to engage this material in order to develop a competent understanding of these crimes.

Also offered Fall 2014, Fall 2013, Fall 2012, Fall 2011

I have also taught:

• FTC Privacy Seminar (Spring 2015, Spring 2010)
• Internet Law (Spring 2013)
• Information Privacy Law (Spring 2012, Spring 2009)
• Samuelson Law, Technology & Public Policy Clinic (Fall 2014, Spring 2014, Fall 2013, Spring 2011, Fall 2010, Fall 2009)

Syllabi available upon request.