CYSE 406

Cyber Law

Course description

The course consists of two broad themes in the digital world. The first half of the course examines various legal concerns that broadly affect citizens and private entities – from basic cybersecurity, freedom of expression, internet regulations, information-gathering and access to information, privacy, to intellectual property and other topics. The second half of the course examines legal authorities of, and limits imposed on U.S. government organizations and personnel (e.g., domestic law enforcement agencies) involved in cyber investigations. These inquiries encompass the U.S. Constitution and relevant laws, regulations, directives, and policies. The second portion of the course also introduces students to legal and policy concerns that arise in international cyber operations. Course content meets the National Security Agency’s legal requirements for a Center for Cybersecurity Excellence in Operations designation, which ODU now holds.

Course objectives

Students will gain exposure to and a basic understanding of the following topics:

1) Overview of the U.S. legal system, including Article I, Article II and Article III of the U.S. Constitution, and the court system, including the Foreign Intelligence Surveillance Act (FISA) and the Foreign Intelligence Surveillance Court (FISA)                                                                                  

2) Freedom of expression fundamentals in the digital world

3) Overview of internet regulations

4) The role of government in accessing and protecting information in the digital world            

5) Overview of intellectual property in the digital world: copyright, patents, trademarks, and trade secrets                           

6) Privacy, invasion of privacy, banners, and the role of consent                                                        

7) Key laws, terms and processes governing governmental searches and seizures in the cyber world. These include the Fourth (Search and Seizure) and Fourteenth (Due Process) Amendments of the U.S. Constitution; Electronic Communications Privacy Act (18 USC 2510-2522); Stored Communications Act (18 USC 2701-2712); Pen Register/Trap and Trace (18 USC 3123-3127); Foreign Intelligence Surveillance Act (FISA) (50 USC 1801 et seq); key differences between intercepting/obtaining content versus transactional records and data (including metadata); court orders; subpoenas; writs; national security letters, and other terms                     

8) Overview of various substantive crimes that arise in the cyber/computer world, such as those found in Title 18 United States Code (USC), especially the Computer Fraud and Abuse Act (18 USC 1030); Economic Espionage Acts (18 USC 1831-32); national security crimes (18 USC 791-797); and other federal laws                                                       

9) The investigative and operational roles that federal and military agencies play in cyber security (consider various orders (e.g., EO 12333) and directives), with special emphasis on the Domestic Incident Response National Response Framework.                                                                                       

10) Overview of the Communications Assistance for Law Enforcement Act (CALEA)                         

11) Perspectives on investigating and prosecuting cybercrime

12) Basics of International Law and Law of War, including Jus ad bellum, Jus in bello, United Nations Charter/Article S1, and the Hague and Geneva Conventions

13) Overview of the Tallinn Manual, Cyber Attacks, Cyber Vandalism, and Cyber Operations                        

14) National cybersecurity efforts, particularly Einstein 2.0 and later versions that are used to protect civilian unclassified networks in the Executive Branch of the U.S. government

Course Outcome

CYSE 406: Cyber Law was a pivotal course that deepened my understanding of the complex legal landscape shaping cybersecurity practice. This course not only expanded my knowledge of U.S. and international cyber law, but also gave me practical skills I applied during my internship and will continue to use in my career.

Cyber Law gave me a strong foundation in the legal and policy issues that shape cybersecurity. The course covered both private-sector and government perspectives, including U.S. constitutional law, privacy, intellectual property, cybercrime, and the legal roles of government agencies in cyber investigations.

Key Learning Outcomes and Engagement

  • Understanding U.S. Legal Frameworks:
    I analyzed how the Constitution, federal statutes (like FISA and the CFAA), and court systems govern digital investigations. Assignments included legal case studies and policy briefs, helping me see how legal requirements impact cybersecurity practice.

  • Balancing Privacy, Security, and Free Expression:
    I explored the tension between privacy rights and government authority, and examined First Amendment issues in the digital world. This included debates and research on internet regulations and digital privacy laws.

  • Intellectual Property and Cybercrime:
    I studied how copyright, patents, and trade secrets apply online, and reviewed real cybercrime cases under federal law. Mock investigations helped me understand the legal process for prosecuting cyber offenses.

  • International Law and Government Operations:
    The course introduced me to international frameworks like the Tallinn Manual and the Law of War as they relate to cyber operations, as well as the roles of U.S. federal and military agencies in national cybersecurity.

Applying Knowledge

I applied what I learned directly during my internship, reviewing policies for legal compliance and contributing to discussions on digital privacy and incident response. The legal knowledge from this course will be essential as I move into a cybersecurity career, ensuring my work aligns with legal and ethical standards.

 

 

Writing Assignment One

Suppose you (use your real name) are an aide to a hypothetical governor (Governor Karras) in a hypothetical state (the State of Mongo) where no state privacy laws exist to protect personal data. As you know from class material, there are already a handful of federal laws that already protect some types of data, like your medical and certain financial records. That said, many Mongo “constituents” (who include Mongo voters of course) have been calling Governor Karras’ Office and angrily complaining about a lack of protection of their other personal data – the collection and use of which they believe violates their privacy. As it now stands, their personal data is being collected and used by people and organizations without consent. Some constituents have also expressed their anger about the collection and use of their “biometric data”; other constituents mentioned something about “PII” and related concepts; and others called for the need for the State of Mongo to enact laws like the “GDPR”). Governor Karras wants to understand the problem better and perhaps propose legislation. But he needs your help, as he learned that you are taking Cyber Law 406.

Understand that Governor Karras does not know much about privacy and data protection issues, so he orders you to write a memorandum to him answering the questions below in plain English. Be sure to first review chapter 12 of the textbook, related course materials, and conduct some of your own additional research. Then answer these questions in your memorandum to him.

1. In general, what are data protection and privacy issues/concerns all about? Why are they important — why should constituents care? (Why should you care?)

2. Define and give examples of some of the terms that constituents used above, like biometric data, PII, the GDPR  and other significant privacy and data protection terms.

3. Based on your review of course material and research, identify and explain what specific types of personal data the State of Mongo legislature might enact in addition to data not already protected by federal law. In your memorandum, be sure to provide an informed opinion to Governor Karras whether laws like the GDPR are feasible (identify and consider pros and cons).

CYSE406-Writing-Assignment-1Download

Writing Assignment Two

You work as a legislative research aide for U.S. House of Representative member Tito Canduit in the 26th District (a fake District number) of Virginia, who faces a contested reelection bid in the fall of 2022. As he prepares for his reelection bid (it’s never too early) Rep. Canduit wants to show voters/constituents his commitment to enacting proposed legislation (laws) or highlighting existing legislation that protects the American people from cybersecurity threats from here or abroad (Remember, this is the cyber world, and the U.S. faces all sorts of threats). To do this Rep. Canduit plans to roll out a series of letters to constituents about proposed or existing laws designed to strengthen cybersecurity in the U.S. His hope is that voters will better understand cybersecurity threats and appreciate what has been or is being done about it through the passage of good legislation. Your job is to write a background research memo for him after you have identified one such proposed or existing cybersecurity law. Rep. Canduit (not you) will later use your memo to draft a letter to his constituents (you don’t write his letter – you send him a research memo). See below for more instructions about your memo to him.

In other words, Rep. Canduit will review the research and analysis in your memo to him (but yes, I will read it). Rep. Canduit will later use your memo to help him later compose his first letter to voters.

There are many fairly recently passed or proposed U.S. laws (e.g. the Cyber Intelligence Sharing and Protection Act; the Defend Trade Secrets Act of 2016; IOT Cybersecurity Improvement Act of 2017; or check out https://www.csoonline.com/article/3512043/2020-outlook-for-cybersecurity-legislation.htmlLinks to an external site.). There are other very accessible ways to find such legislation too in search engines. 

Instructions:

1. In your research, review existing (within past 6 years) and proposed U.S. or individual state (that might be a good model for federal legislation) cybersecurity laws and then identify one such law that you think is important. 

2. Then write a memo. In doing so:

     a. Cite it (preferably link it for me) and be clear about the law itself — is it under consideration or has it been enacted into law? 

     b. Summarize the law as clearly as possible.  

     c. Describe the problem the law is trying to fix. Give some background, context and/or history. Perhaps you can wrap in current events.

     d. Does the law fix the problem? Can the law be improved, and if so, how?

     e. Any other observations? Remember, Rep. Canduit is your boss, he needs your help, and he’s not a cybersecurity expert. Use your imagination. For example, is there any provision(s) in the law that voters will relate to and might be emphasized in Rep. Canduit’s letter?

3. Your memo to Representative Canduit must be a minimum of 600 words. .

4. When writing your memo, use multiple credible sources, including credible Web resources, your textbook and other resources more fully described below. List your sources at the end of the memo.

5. Submit your memo on Canvas. You should be able to view your “Turnitin” report.

cyse406-writing-assignment-2-1Download