CSE 291: Security, Privacy, and US Law

Syllabus (in progress)

Unless explicitly marked as Optional, all readings are considered required.

Apr 4

Kerr, How to Read a Legal Opinion

Apr 6
Criminal process for electronic evidence: Search Warrants

Example Federal Search Warrant application (skim, note requirements: sworn statement made by law enforcement officer before neutral judge or magistrate, establishing probable cause, location to be searched [attachment A], items to be seized [attachment b] and see how that maps onto searching a phone; particularity standard)
[the associated case itself is not important for our discussion of warrants, but if you are curious see: here]

The evolution of what requires a warrant (electronic evidence edition). Pick one of the following opinions and read it in full (court's opinion only) and the for the rest just read the Wikipedia summaries:

For reference purposes: Rule 41
Apr 11
Criminal process for electronic evidence: Subpoenas and the 3rd party doctrine

Carpenter v United States(only responsible for court's opinion, not dissents -- but there is interesting stuff there!)

Kerr, Does Carpenter Revolutionize the Law of Subpoenas?

(Optional background on 3rd party doctrine)

Apr 13
Stored Communications Act (Title II of ECPA)


18 USC 2701
18 USC 2703 (only read through (g), its not long, just painful)
18 USC 2705

Read summaries of:

Read: 2015 CRS Report: Stored Communications Act: Reform of the Electronic Communication Privacy Act (ECPA)

Optional: if you're curious, check out the 2701 section of the DoJ CCIPS Prosecuting Computer Crimes manual (i.e., directions for Federal prosecutors on how to charge computer crimes). Also again, if curious, check out instructions around 2703 in the DoJ CCIPS Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations manual. Note this is 2009 verison, pre-Warshak decision.

Apr 18
Catch-up on SCA
Apr 20
US v Microsoft and the CLOUD Act

Read these three lawfare articles:

Read, the summary of the Cloud Act

Optional: if you're curious, check out the full briefs and opinons. Microsoft documents the case up through presentation to the 2nd Circuit here, 2nd Circuit opinion here. Here are the brief's for the Supreme Court: US, Microsoft, all other court documents and Audio and Transcript of Oral arguments.

Text of CLOUD Act.

Apr 25
PRTT and Wiretap

Skim 1-34 and 46-49 of Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping and the Summary of CALEA

Apr 27
Government hacking for law enforcement purposes

Skim 574-589 of Government Hacking. Optional: read more (in particular 594-613)
Skim last Kelihos takedown warrant
Skim US v Michaud's order denying motion to supress and Ars Techinica story about what happened.

May 2
Guest speaker: Honorable Mitchell D. Dembin
Magistrate Judge of the US District for Southern California

Topic: The 5th Amendment and Compelled Device Access

Read: Adam Herrera, Biometric Passwords and the Fifth Amendment: How Technology Has Outgrown the Right to Be Free From Self-Incrimination, UCLA Law Review, 66 UCLA L. Rev. 778 (2019).

Neal Harwell, The Act of Production Doctrine, Neat Hardwell blog, 2017.

Optional: Compelled Decryption and the Privilege Against Self-Incrimination

May 4
US v Apple (San Bernadino iPhone)

Skim: Wikipedia summary
Skim: Lawfare summary of predecessor EDNY case


Read: Chesney's analysis of Apple's motion


Read: Vladeck and Chesney's analysis

Optional: for those interested: the full gamut of documents is here. Also, the eventual Orenstein order in the EDNY case (note AWA analysis) and two short examinations of the Orenstein ruling here and here

May 9
Border Search of Electronic Devices
Read: CRS Report Do Warrantless Searches of Electronic Devices at the Border Violate the Fourth Amendment

Read both summaries and skim the 9th circuit opinions:

May 11
Computer Fraud And Abuse Act

Skim the 2020 CRS report summarizing the CFAA (in particular, 1-10 and 27-34)
Skim US v Nosal case summary on Wikiedia
Read 9th circuit en banc decision in Nosal I (exceeds authorized access)
Skim Summary of Oral arguments in Van Buren

Optional: DoJ's Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources (basically, DOJ's directions for security researchers to not break the law with interacting with cyber criminals)

May 16
CFAA -- Web scraping (civil)
Read both Wikipedia summaries and one of the full decisions: Facebook v Power Ventures: Wikipedia summary, 9th circuit decision (you can ignore the CAN-SPAM part)
hiQ LAbs v Linkedin: Wikipedia summary, 9th circuit decision

Optional: there is a fun Planet Money podcast on the Power Ventures story.

May 18
Common statues used in cybercrime cases: Wire fraud and Access Device fraud
Read: Skim at least one of:
May 23
Reverse Engineering issues: copyright, trade secret and contracts
Read: EFF's Coders Rights Project Reverse Engineering FAQ

Read the Wikipedia summaries below(if you're curious, you can also read the key parts of the decisions):


May 25
Platform liability and Section 230

Read at least through Section 4.3 of the Wikipedia summary on 230.

Read the summaries of three caseas below, and the decision in at least one:

Cubby v Compuserve (Wikipedia Summary)
Stratton Oakmont v Prodigy Services (Wikipedia Summary)
Hassell v Bird (be warned, super long) (Wikipedia Summary)

May 30
Data Breaches and CCPA

All Optional:
Data Breach Notification (wikipedia summary)
SB 1386 (wikipedia page)
Data Breach Litigation Involving Consumer Class Actions
Common-Law Path Fro Data Breach Claims Remains Uneven (Bloomberg Law Analysis)
TransUnion v Ramirez
CCPA (wikipedia page)
California Consumer Privacy Laws (Bloomberg Law summary)

June 1
Potpourri: Outstanding 4th amendment stuff (GeoFence, DNA databases), and online abuse issues (CSAM reporting, Cyberstalking, Revenge Porn)

All optional:
Google Data and GeoFfence Warrant Process
US v Rhine decision

Police May Not Need a Warrant to Rummage Through Your Trash, But Warrantless Collection of DNA Is Unconstitutional (EFF blog)
GEDMatch and the Fourth Amendment: No Warrant Required (fedsoc blog)

Federal Stalking statute
The Supreme Court Seems Poised to Decide an Imaginary Case (The Atlanic)

Revenge Porn laws (findlaw summary)
Federal Reporting requirements of providers
The Fourth Amendment and the Internet: Legal Limits on Digital Searches for Child Sexual Abuse Material (CSAM) (CRS report)

Jun 6
Guest speaker: Norman Barbosa, Associate General Counsel, Microsoft

Managing demands for data in a Global Company

PLease read: Two Visions of Digital Sovereignty, Sigur Raman (Lawfare)

Jun 8
FTC and Privacy, Blockchain, and Summary
Optional, read per interest
FTC v Ring (Complaint for Permanent Injunction
FTC v Ring ([Proposed] Stiplated Order for Injuction and Moentary Judgement)
FTC Consent Decrees Are Best Guide to Cybersecurity Policies (BSF News story)

US District Court of DC, Memo on applicability of blockchain analysis for PC
CFTC & SEC: The Wild West of Cryptocurrency Regulation (U of Richmond Law Review