CYSE 406

Cyber Law

Course Description

The course consists of two broad themes in the digital world. The first half of the course examines various legal concerns that broadly affect citizens and private entities – from basic cybersecurity, freedom of expression, internet regulations, information-gathering and access to information, privacy, to intellectual property and other topics. The second half of the course examines legal authorities of, and limits imposed on U.S. government organizations and personnel (e.g., domestic law enforcement agencies) involved in cyber investigations. These inquiries encompass the U.S. Constitution and relevant laws, regulations, directives, and policies. The second portion of the course also introduces students to legal and policy concerns that arise in international cyber operations. Course content meets the National Security Agency’s legal requirements for a Center for Cybersecurity Excellence in Operations designation, which ODU now holds.

Course objectives

Students will gain exposure to and a basic understanding of the following topics:

1) Overview of the U.S. legal system, including Article I, Article II and Article III of the U.S. Constitution, and the court system, including the Foreign Intelligence Surveillance Act (FISA) and the Foreign Intelligence Surveillance Court (FISA)                                                                                 

2) Freedom of expression fundamentals in the digital world

3) Overview of internet regulations

4) The role of government in accessing and protecting information in the digital world            

5) Overview of intellectual property in the digital world: copyright, patents, trademarks, and trade secrets                           

6) Privacy, invasion of privacy, banners, and the role of consent                                                        

7) Key laws, terms and processes governing governmental searches and seizures in the cyber world. These include the Fourth (Search and Seizure) and Fourteenth (Due Process) Amendments of the U.S. Constitution; Electronic Communications Privacy Act (18 USC 2510-2522); Stored Communications Act (18 USC 2701-2712); Pen Register/Trap and Trace (18 USC 3123-3127); Foreign Intelligence Surveillance Act (FISA) (50 USC 1801 et seq); key differences between intercepting/obtaining content versus transactional records and data (including metadata); court orders; subpoenas; writs; national security letters, and other terms                     

8) Overview of various substantive crimes that arise in the cyber/computer world, such as those found in Title 18 United States Code (USC), especially the Computer Fraud and Abuse Act (18 USC 1030); Economic Espionage Acts (18 USC 1831-32); national security crimes (18 USC 791-797); and other federal laws                                                       

9) The investigative and operational roles that federal and military agencies play in cyber security (consider various orders (e.g., EO 12333) and directives), with special emphasis on the Domestic Incident Response National Response Framework.                                                                                      

10) Overview of the Communications Assistance for Law Enforcement Act (CALEA)                         

11) Perspectives on investigating and prosecuting cybercrime

12) Basics of International Law and Law of War, including Jus ad bellum, Jus in bello, United Nations Charter/Article S1, and the Hague and Geneva Conventions

13) Overview of the Tallinn Manual, Cyber Attacks, Cyber Vandalism, and Cyber Operations                        

14) National cybersecurity efforts, particularly Einstein 2.0 and later versions that are used to protect civilian unclassified networks in the Executive Branch of the U.S. government

Course Material

Below are two course assignments that were completed within the course. Include at least one, ideally both, assignments, explaining what you did and how these projects helped you engage with the outcomes listed above.

Writing Assignment 1

This assignment was a memorandum for a fictional country about the importance of user data and what the country should do in order to protect said data. This paper was written in lay mans terms in order for someone with no cyber background could understand what was being said and laid out in the memo.

Scenario:

Suppose you (use your real name) are an aide to a hypothetical governor (Governor Karras) in a hypothetical state (the State of Mongo) where no state privacy laws exist to protect personal data. As you know from class material, there are already a handful of federal laws that already protect some types of data, like your medical and certain financial records. That said, many Mongo “constituents” (who include Mongo voters of course) have been calling Governor Karras’ Office and angrily complaining about a lack of protection of their other personal data – the collection and use of which they believe violates their privacy. As it now stands, their personal data is being collected and used by people and organizations without consent. Some constituents have also expressed their anger about the collection and use of their “biometric data”; other constituents mentioned something about “PII” and related concepts; and others called for the need for the State of Mongo to enact laws like the “GDPR”). Governor Karras wants to understand the problem better and perhaps propose legislation. But he needs your help, as he learned that you are taking Cyber Law 406.

Understand that Governor Karras does not know much about privacy and data protection issues, so he orders you to write a memorandum to him answering the questions below in plain English.

The-State-of-Mongo-Memorandum

Writing Assignment 2

This assignment was a background research memo for a fictional House of Representatives member, Tito Canduit. This memo would then be used as a way for Canduit to show his commitment to protecting American citizens from cybersecurity threats through the use of proposed legislation and/or existing legislation.

Scenario:

You work as a legislative research aide for U.S. House of Representative member Tito Canduit in the 26th District (a fake District number) of Virginia, who faces a contested reelection bid in the fall of 2022. As he prepares for his reelection bid (it’s never too early) Rep. Canduit wants to show voters/constituents his commitment to enacting proposed legislation (laws) or highlighting existing legislation that protects the American people from cybersecurity threats from here or abroad (Remember, this is the cyber world, and the U.S. faces all sorts of threats). To do this Rep. Canduit plans to roll out a series of letters to constituents about proposed or existing laws designed to strengthen cybersecurity in the U.S. His hope is that voters will better understand cybersecurity threats and appreciate what has been or is being done about it through the passage of good legislation. Your job is to write a background research memo for him after you have identified one such proposed or existing cybersecurity law. Rep. Canduit (not you) will later use your memo to draft a letter to his constituents (you don’t write his letter – you send him a research memo). See below for more instructions about your memo to him.

In other words, Rep. Canduit will review the research and analysis in your memo to him (but yes, I will read it). Rep. Canduitwill later use your memo to help him later compose his first letter to voters.

IoT-Writing-Assignment-2