LAW4004  /  CS203  /  IPS251:    Computer security,
a Legal and Technical Perspective

Spring 2018

This class will use the case method to teach basic computer, network, and information security from a technology, law, and policy perspective. Using recent security incidents from the news, we will discuss the technical aspects of the incident, the legal and policy aspects of the problem, and business approaches to managing breaches.

Students taking the class will learn about the techniques attackers use, applicable legal prohibitions, rights, and remedies, and approaches to managing the risk and aftermath of an attack. This course aims to give students the tools necessary to understand technological, legal and policy issues in current cybersecurity debates.


Instructors: Dan Boneh and Andrew Grotto and Riana Pfefferkorn
Lectures: Tuesday 4:15-6:15,   Law 190

Students with Documented Disabilities: Students who may need an academic accommodation based on the impact of a disability must initiate the request with the Office of Accessible Education (OAE). Professional staff will evaluate the request with required documentation, recommend reasonable accommodations, and prepare an Accommodation Letter for faculty. Unless the student has a temporary disability, Accommodation letters are issued for the entire academic year. Students should contact the OAE as soon as possible since timely notice is needed to coordinate accommodations. The OAE is located at 563 Salvatierra Walk (phone: 723-1066, URL:


Grades will be based on class participation (20%), two reflection papers (40%), and a one-day take-home exam (40%).

Course schedule:
   The two reflection papers are due on  Apr. 17,  May. 8.
   The one-day take-home exam will be assessed during the week of June 4-8.

Reflection papers:
Reflection papers should be no more than 2 pages. The topic for the first paper is below. Students may choose any topic for the second reflection paper.

Reflection paper #1: Pick one of the following data breach incidents: Yahoo, OPM, RSA dongles, Target, or the Github DDoS. Describe what happened. Describe one or more trade-offs the decision makers had to evaluate. How good of a job did they do? What do you think could have helped to prevent or mitigate this incident?


Lecture 1:
4/ 3/18
Why is computer security difficult?
Lecture 2:
Economics of computer security
Lecture 3:
Cyber conflict
Lecture 4:
Technical Assistance and encryption back doors
Lecture 5:
5/ 1/18
Government Hacking: Dual role of government as protector and hacker
Lecture 6:
5/ 8/18
Computer Fraud and Abuse Act
Lecture 7:
DMCA and security researchers
Lecture 8:
Privacy and surveillance
Lecture 9:
Human Elements