CSE 291 (C00): Security, Privacy, and US Law

CSE 291-C

Schedule: Lecture:TTh 12:30-1:50 (via Zoom)

Instructor: Stefan Savage
Office hours: TBD (via Zoom)


This course will explore the intersection of the technical and the legal around issues of computer security and privacy, as they manifest in the contemporary US legal system. The goal of the course is multifold: First, to provide a better understanding of how key portions of the US legal system operate in the context of electronic communications, storage and services. Second, to provide a pragmatic foundation for understanding some of the common legal liabilities associated with empirical security research (particularly laws such as the DMCA, ECPA and CFAA, as well as some understanding of contracts and how they apply to topics such as "reverse engineering"). Third, we will explore how changes in technology and law co-evolve and how this this process is highlighted in current legal and policy "fault lines".

There are no required pre-requisites but we are going to assume you understand enough about the technical aspects of security and privacy (e.g., such as having taking an undergraduate class in security) that we, at most, only need to do cursory reviews of any technical material.

This will very much uch be a readings and discussion class, so be prepared to enage if you sign up.


Due to the coronavirus pandemic, all lectures and office hours, review sessions, etc will be carried out using Zoom. Regularly scheduled lectures will appear on Canvas associated with this course. Note: we will be recording most lectures to allow students who have disperse to different time zones or with irregular access to the Internet to watch when they are able. However, some guest lectures may not be recorded.