LAW4004 and CS203:
Computer security, a Legal and Technical Perspective

Computer security: a Legal and Technical Perspective

Spring 2017

This class will use the case method to teach basic computer, network, and information security from a technology, law, and policy perspective. Using recent security incidents from the news, we will discuss the technical aspects of the incident, the legal and policy aspects of the problem, and business approaches to managing breaches.

Students taking the class will learn about the techniques attackers use, applicable legal prohibitions, rights, and remedies, and approaches to managing the risk and aftermath of an attack. This course aims to give students the tools necessary to understand technological, legal and policy issues in current cybersecurity debates.


Instructors: Dan Boneh and Jennifer Granick
TA: Si Shen
Lectures: Tuesday 4:15-6:15,   Law 190


Grades will be based on class participation (20%), four reflection papers (20%), and on a student term paper explaining the technical and legal concepts relevant to a recent cybersecurity breach of the student’s choice, with instructor approval (60%). Reflection paper topics are listed at the bottom of this page.

Course schedule:
   The four reflection papers are due on  Apr. 10,  Apr. 17,  May 1,  May 15.
   The term paper is due on May 26.


Lecture 1:
4/ 4/17
Why is computer security difficult?
Lecture 2:
Economics of computer security
Lecture 3:
Computer Fraud and Abuse Act: Social engineering and credential theft
Lecture 4:
Technical Assistance: Access to plaintext and encryption back doors
  • Apple v. FBI: Order Compelling Apple, Inc. to Assist Agents in Search, Feb. 16, 2016
  • Government’s Motion to Compel Apple Inc. to Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, Feb. 19, 2016 (Skim)
  • Apple Inc.’s Motion to Vacate Order Compelling Apple Inc. to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, Feb. 25, 2016
Lecture 5:
5/ 2/17
Government Hacking: Dual role of government: as protector and hacker
Lecture 6:
5/ 9/17
Vulnerability Information Sharing
Lecture 7:
DMCA and security researchers
  • 17 USC 1201 et seq
  • Petition for Proposed Exemption Under 17 U.S.C. § 1201 by Prof. Steven M. Bellovin (Columbia University), Prof. Matt Blaze (University of Pennsylvania), Prof. Edward W. Felten (Princeton University), Prof. J. Alex Halderman (University of Michigan), and Prof. Nadia Heninger (University of Pennsylvania) (the “Submitters”).
Lecture 8:
Nation state attacks and cyberwar
Lecture 9:
Privacy enhancing technologies (5/26/17 12:30 - 14:30 in 190)

Reflection paper topics

The first reflection paper (two pages) must be one one of the topics listed below. Subsequent papers can be on topics of your choice.

To submit your reflection paper, please use this submission form.

  • Are passwords good for cybersecurity, or obsolete?
  • What policies could incentivize better cybersecurity?
  • What role should government play in ensuring cybersecurity? What pushback will your proposal receive?
  • What does encryption do? Do the risks outweigh the rewards?
  • Scott McNealy famously said privacy is dead, get over it. Is there such a thing as privacy on the Internet?
  • What concerns do you have about applying the law of war to cyberspace?