It was anything but a typical law school assignment: In 1,000 words, design a secure email system consistent with a new draft law on encryption. For students in Law’s new Cybersecurity Law and Technology Seminar, however, the assignment was yet another opportunity to grapple with policymaking and technology in an interdisciplinary fashion—just as cybersecurity experts do outside of academia.
As the threat of cybercrime becomes more prominent and rises rapidly on a global scale, this kind of collaboration provides not only the foundation of a solid defense against individual incidents, but is also critical in formulating policy initiatives. Alone, neither legal nor technological approaches can solve today’s cybersecurity challenges.
In response to this changing security landscape, the Law School, in collaboration with and other schools and departments, launched a pioneered interdisciplinary research institute, the (CCS). One of the first institutes of its kind at an academic institution, CCS allows Law scholars to conduct cybersecurity research with computer scientists. Similarly, law and engineering students work together in a new seminar to address both the legal and technological dimensions of a cybersecurity issue.
’85, former general counsel of Verizon and now a distinguished fellow at the Law School’s Center on Law and Security (CLS) and CCS and a member of Law’s Board of Trustees, co-teaches the seminar with two CCS cofounders: ’09, executive director of CLS, and , professor of computer science and engineering at Tandon.
The seminar examines germane topics that include national security, cybercrime, and cybersecurity regulation, and devotes equal time in each session to law and engineering issues. The goal, says Goldman, is to develop a sophisticated understanding of the ways in which law and technology are deeply interdependent. Throughout the course of the semester, engineering students gain a deeper insight into how policies are developed, such as the reasoning behind why public policy might call for companies to share information about how they were hacked. Concurrently, the burgeoning lawyers learn why the Internet is inherently unsafe and what implications this has for cybersecurity.
“Our students will be better lawyers because they understand the technology,” argues Goldman. “They will be able to identify legal issues, spot legal risk, and figure out ways to manage legal risk in a way that’s sensitive to the technology and sensitive to the commercial or policy environment in which their clients are operating.”
Emulating the rapid pace of cybersecurity developments, the seminar requires engagement with real-world, late-breaking material. In the Fall semester, for instance, students were assigned a , based partly on testimony from Milch, that was released days before the final class. “Every class is great because something new has happened in the last week, and we figure out a way to address it, whether it’s on the syllabus or not,” Milch attests.
Caroline Alewaerts LLM ’17 came to Law to focus on IP and information law. She sought out the cybersecurity seminar because her prior work as an associate at Baker & McKenzie in Brussels frequently involved privacy and cybersecurity issues. “Knowing the law is not enough,” Alewaerts asserts. “You have to understand the underlying technology if you want to give good advice.”
Working with students from varied academic and professional backgrounds was crucial in understanding the scope of the subject, says Alewaerts. “As lawyers, we would discuss for hours whether some encryption mechanism worked. And the engineer would say, ‘There are 10 types of encryption. What kind are we talking about?’”
Likewise, Liming Luo, a computer science PhD student at Tandon, remarked that she didn’t realize the extent of difficulty in lawyering prior to engaging in legal readings, but relished classroom discussions where students from each discipline helped each other understand thorny technical issues.
Appreciation across disciplines also flourished among the professors, who met and prepared extensively before each class. “What impressed me and opened my eyes was how masterfully my two [Law] colleagues carried the discussions through,” says Memon, noting that engineering courses typically follow a strict lecture format. Goldman, too, remarks that he has benefited from an expanded perspective. “Nasir [Memon] constantly pushed me to examine fundamental assumptions about the way law and cybersecurity work and how we’ve come to various policy outcomes,” he says. “And I think he pushed our students to do that as well.”
As cybersecurity concerns grow more relevant across countries, the topical and collaborative nature of the CCS seminar serves as a mirror to prepare students in both fields for what they will likely encounter in their professional careers. “In the real world, cybersecurity problems are fixed by engineers and lawyers working together,” Milch states. “It was important to see if they could complement one another.”
Posted January 23, 2017