CSE 291 (C00): Security, Privacy, and US Law

Syllabus (very much in progress)

Unless explicitly marked as Optional, all readings are considered required.

Jan 5

Kerr, How to Read a Legal Opinion

Jan 7
Criminal process for electronic evidence: Search Warrants

Example Federal Search Warrant application (skim, note requirements: sworn statement made by law enforcement officer before neutral judge or magistrate, establishing probable cause, location to be searched [attachment A], items to be seized [attachment b] and see how that maps onto searching a phone; particularity standard)
[the associated case itself is not important for our discussion of warrants, but if you are curious see: here]

The evolution of what requires a warrant (electronic evidence edition). Read one of the following opinions in full (court's opinion only) and the rest read the Wikipedia summaries:

For reference purposes: Rule 41
Jan 12
Class cancelled
Jan 14
Criminal process for electronic evidence: Subpoenas and the 3rd party doctrine

Carpenter v United States(only responsible for court's opinion, not dissents -- but there is interesting stuff there!)

Kerr, Does Carpenter Revolutionize the Law of Subpoenas?

(Optional background on 3rd party doctrine)

Jan 19
Stored Communications Act (Title II of ECPA)


18 USC 2701
18 USC 2703 (only read through (g), its not long, just painful)
18 USC 2705

Read summaries of:

Read: 2015 CRS Report: Stored Communications Act: Reform of the Electronic Communication Privacy Act (ECPA)

Optional: if you're curious, check out the 2701 section of the DoJ CCIPS Prosecuting Computer Crimes manual (i.e., directions for Federal prosecutors on how to charge computer crimes). Also again, if curious, check out instructions around 2703 in the DoJ CCIPS Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations manual. Note this is 2009 verison, pre-Warshak decision.

Jan 21
US v Microsoft and the CLOUD Act

Read these three lawfare articles:

Read, the summary of the Cloud Act

Optional: if you're curious, check out the full briefs and opinons. Microsoft documents the case up through presentation to the 2nd Circuit here, 2nd Circuit opinion here. Here are the brief's for the Supreme Court: US, Microsoft, all other court documents and Audio and Transcript of Oral arguments.

Text of CLOUD Act.

Jan 26
PRTT and Wiretap

Skim 1-34 and 46-49 of Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping and the Summary of CALEA

Jan 28
Government hacking for law enforcement purposes

Skim 574-589 of Government Hacking. Optional: read more (in particular 594-613)
Skim last Kelihos takedown warrant
Skim US v Michaud's order denying motion to supress and Ars Techinica story about what happened.

Feb 2
US v Apple (San Bernadino iPhone)

Skim: Wikipedia summary
Skim: Lawfare summary of predecessor EDNY case


Read: Chesney's analysis of Apple's motion


Read: Vladeck and Chesney's analysis

Optional: for those interested: the full gamut of documents is here. Also, the eventual Orenstein order in the EDNY case (note AWA analysis) and two short examinations of the Orenstein ruling here and here

Feb 4
Guest speaker: Honorable Mitchell D. Dembin,
Magistrate Judge of the US District for Southern California
Topic: The 5th Amendment and Biometrics (e.g., phone unlock)

Read: Chapter V of Carpe Data: A Guide for 9th Circuit Magistrate Judges when Reviewing Government Applications to Obtain Electronic Information

Read: The Fifth Amendment's Act of Production Doctrine: An Overlooked Shield Against Grand Jury Subpoenas Duces Tecum

Optional: Compelled Decryption and the Privilege Against Self-Incrimination

Feb 9
Computer Fraud And Abuse Act

Skim the 2020 CRS report summarizing the CFAA (in particular, 1-10 and 27-34)
Skim US v Nosal case summary on Wikiedia
Read 9th circuit en banc decision in Nosal I (exceeds authorized access)

Optional: DoJ's Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources (basically, DOJ's directions for security researchers to not break the law with interacting with cyber criminals)

Feb 11
CFAA -- Web scraping (civil)
Read both Wikipedia summaries and one of the full decisions: Facebook v Power Ventures: Wikipedia summary, 9th circuit decision (you can ignore the CAN-SPAM part)
hiQ LAbs v Linkedin: Wikipedia summary, 9th circuit decision

Optional: there is a fun Planet Money podcast on the Power Ventures story.

Feb 16
Class cancelled
Feb 18
Border Search of Electronic Devices
Read: CRS Report Do Warrantless Searches of Electronic Devices at the Border Violate the Fourth Amendment

Read both summaries and skim the 9th circuit opinions:

Feb 23
Common statues used in cybercrime cases: Wire fraud and Access Device fraud
Read: Skim at least one of:
Feb 25
Guest speaker: Norman Barbosa, Assisstant General Counsel, Microsoft

Topic: Case Study (Seleznev) and the Complexities of Managing Demands for Data in a Global Company


  • Chapter 9 from Jennifer Noble's cybercrime casebook on the Seleznev case
  • Jennifer Daskal's article on the Schrems II decision.
Mar 2
Platform liability and Section 230

Read at least through Section 4.3 of the Wikipedia summary on 230.

Read the summaries of three caseas below, and the decision in at least one:

Cubby v Compuserve (Wikipedia Summary)
Stratton Oakmont v Prodigy Services (Wikipedia Summary)
Hassell v Bird (be warned, super long) (Wikipedia Summary)

Mar 4
Reverse Engineering issues: copyright, trade secret and contracts
Read: EFF's Coders Rights Project Reverse Engineering FAQ

Read the Wikipedia summaries below(if you're curious, you can also read the key parts of the decisions):


Mar 9
Guest speaker: Honorable M. Margaret McKeown,
Federal Judge with the US Court of Appeals for the 9th Circuit
Courts and Technology: Playing Catchup

Before class:

  • Review Coterman and Nosal decisions frmo preious class
  • Skim introduction, CIPA and Seizure Beyond the Search Warrant sections of US v Sedaghaty
  • Read story about Facebook settlement over Illinois Biometric law violation
  • Read: Excerpt from Judge McKeown's article re: Europe and the Digital World Two Decades Later.
Mar 11
TBD. Might include:
  • Your idea here
  • Breaches -- civil liability
  • Emerging evidence domains: geofence warrants, IoT/Alex, DNA, 3rd party location (compelled or purchased), cameras/ALPR, biometrics/face recognition