Cybersecurity Law and Policy: Global and Israeli Perspectives
Cybersecurity Law and Policy: Global and Israeli Perspectives
Deborah Housen-Couriel, LL.M., MC-MPA
Course Description: Recent years have seen dramatic and significant developments in the growing field of cybersecurity. While the utilization of cyberspace by nearly 50% of the current world population has brought great benefits in the fields of education, health, commerce and social connection, there are real challenges connected with its widespread use. Issues such as cybercrime, cyber warfare, terrorist use of the internet, the internet of things (IoT) and the internet of everything (IoE), data breaches, internet surveillance by governments and ensuing privacy concerns have all become familiar, yet they are rarely explored in depth in the public discourse.
The course will introduce participants to the history of the internet and humans’ use of cyberspace, review fundamental concepts of law and policy such as state sovereignty and jurisdiction in the cyber context, and examine the legal and policy regimes currently being developed for the governance of cyber activities. The course will focus on the global context of these regimes, as well as Israel’s cybersecurity law and policy within the global context and the Middle East regional context.
The course will include case study exercises (“tabletops”) on cybersecurity issues, and the mid-term paper assignment will encourage participants to focus on cyber law and policy in their countries or region of origin.
Requirements:
- 15% - Class participation, including participation in three case study exercises
- 25 % - Mid-term paper (3 pages)
- 60% - Final take-home exam (5 pages)
|
Class Meeting |
Topic and Readings |
|---|---|
|
|
Relevant web resources for all topics include:
|
|
1 (9 March) |
Introduction I : Cyberspace as a new realm of human activity (1) Jonathan Zittrain, The Future of the Internet and How to Stop It, Yale University Press, 2008, pp. 7-9 (2) Kim Zetter, “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid”, 3 March 2016 (3) Martin Elton and John Carey, “The Prehistory of the Internet and its Traces in the Present: Implications for Defining the Field”, in William Dutton (ed.), The Oxford Handbook of Internet Studies, Oxford, 2013, pp. 27-47 (4) [optional] Reeves Wiedeman, “Envisioning the Hack That Could Take Down New York City”, New York Magazine, June 13, 2016 |
|
2 (9 March) |
Introduction II : The history of the internet and cyberspace and selected fundamental concepts: “cyberspace”, “state sovereignty in cyberspace”, “cyber security”, “data”, “Internet of Things” (1) CCDCOE, “Cyber definitions” (2) David Clark, Thomas Berson and Herbert Lin (ed.’s), At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues, National Academies Press, 2014, pp. 7-17 (Why Care About Cybersecurity?) and pp. 116-125 (Findings and Conclusion) (3) ITU-T Rec. X.1255, “Framework for discovery of identity management information”, pp. 1-5 (through 6.2) |
|
3 (16 March) |
Internet governance and structure (1) J. Wolff, “What we talk about when we talk about cybersecurity: security in internet governance debates”, Internet Policy Review, Vol. 5, Issue 3, 30 September 2016 (2) NETmundial Multistakeholder Statement, April 24, 2014 (3) US Senate Committee on the Judiciary, Hearing on Protecting Internet Freedom: Implications of Ending US Oversight of the Internet, Testimony of Goran Marby, President and CEO of ICANN, September 14, 2016 (4) Laura DeNardis, “the Emerging Field of Internet Governance”, in William Dutton (ed.), The Oxford Handbook of Internet Studies, Oxford University Press, 2013, pp. 555-575 (5) G. Rutkowski, “Selling DONA Snake Oil at the ITU”, Circle ID, October 25, 2016 |
|
4 (16 March) |
Case study exercise #1 |
|
5 (23 March) |
Normative approaches to global cyberspace governance (1) Microsoft, From Articulation to Implementation: Enabling Progress on Cybersecurity Norms, June 2016 (2) Kristen Eichensehr, “The Cyber Law of Nations”, 103 Georgetown Law Journal 317 (2015), pp. 317-380. (3) Kubo Macak, “Is the International Law of Cybersecurity in Crisis?”, in N. Pissanidis, H. Roigas, M. Veenendaal (ed.’s), Cyber Power, CCDCOE and IEEE, June 2016, pp. 127-139 |
|
6 (23 March) |
Current international initiatives for cyberspace governance (1) Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, A/70/174, 22 July 2015 (2) Shanghai Cooperation Organization, International code of conduct for information security, 9 January 2015 (3) NATO, Warsaw Summit Communique, August 3, 2016, #70 and #71 (4) G7, Principles and Actions on Cyber, March 13, 2016 |
|
7 (30 March) |
Cybercrime I: Developments in the criminal use of the internet (1) Philip Kastner and Frederic Megret, “International legal dimensions of cybercrime”, Nicholas Tsagourias and Russell Buchan (ed.’s), Research Handbook on International Law and Cyberspace, Elgar, 2015, pp. 190-207. (2) Symantec, Internet Security Threat Report 2016, pp. 4-9. (3) Melissa Hathaway, Cyber Readiness Index 2.0, Potomac Institute for Policy Studies, 2015. |
|
8 (30 March) |
Cybercrime II: The Convention on Cybercrime (‘The Budapest Convention”) and the implementation of international enforcement mechanisms (1) Council of Europe, Convention on Cybercrime, ETS 185, Budapest, 23 November 2001 (2) Charlie McMurdie (interview), “The cybercrime landscape and our policing response”, Journal of Cyber Policy, Vol. 1, No. 1 (2016), pp. 85-93 (3) EUROPOL Cyber Crime Center, “The Relentless Growth of Cybercrime”, 27 September 2016 |
|
9 (6 April) *Mid-term Paper assignments given |
Freedom of expression, freedom of information and other human rights in cyberspace (1) Viktor Mayer-Schönberger and Teree Foster, “A Regulatory Web: Free Speech and the Global Information Infrastructure”, in Brian Kahin and Charles Nesson (ed.’s), Borders in Cyberspace, MIT Press, 1999, pp. 235-254 (2) Council of Europe, Additional Protocol to the Convention on Cybercrime, ETS 189, Strasbourg, 28 January 2003 (3) Michael N. Schmitt (ed.), Tallinn Manual on State Activity in Cyberspace, Cambridge, 2017 (chapter on human rights) |
|
10 (6 April) |
The balancing of human rights in cyberspace with national security considerations: Wikileaks, Snowden, and beyond Guest lecturer: Col. (ret.) Shay Shabtai (1) David Fidler, “Cyberspace and human rights”, in Nicholas Tsagourias and Russell Buchan (ed.’s), Research Handbook on International Law and Cyberspace, Elgar, 2015, pp. 94-117 (2) WikiLeaks (3) Edward Snowden, “Here’s How We Take Back the Internet”, TEDTalks, March 2014 (4) Richard Ledgett, “The NSA Responds to Edward Snowden’s TED Talk”, March 2014 (5) Bruce Schneier, “Cyber Insecurity”, Time.com, October 13, 2016 |
|
11 (20 April) |
Digital identity, the “internet of things” (IoT) and the “internet of everything” (IoE) (1) Amazon, DeepMind, Google, Facebook, IBM, Microsoft, “Partnership on AI to Benefit People and Society” (2) James Andrew Lewis, Managing Risk for the Internet of Things, CSIS, February 2016 (3) Bruce Schnier, “We Need to Save the Internet from the Internet of Things”, Motherboard, October 26, 2016 |
|
12 (20 April) *Mid-term paper assignments due by midnight |
Case study exercise #2 |
|
13 (27 April) |
Israel’s national law and policy in cyberspace I: from the 2011 National Cyber Initiative until the present Guest lecturer: Mr. Ram Levi, Coordinator of the National Cyber Initiative and founder of Konfidas Digital (1) Government Resolution #3611, “Advancing National Cyberspace Capabilities”, August 7, 2011 (2) National Cyber Bureau, “Background for the Government Resolutions Regarding Advancing the National Preparedness for Cyber Security and Advancing National Regulation and Governmental Leadership in Cyber Security”, 2015 (3) Deborah Housen-Couriel, “National Cyber Security Organization in Israel”, CCDCOE, 2017 |
|
14 (27 April) |
Israel’s national law and policy in cyberspace II: current developments (1) Shmuel Even, David Siman-Tov, Gabi Siboni, Structuring Israel’s Cyber Defense, INSS, Insight #856, September 21, 2016 (2) CERT-IL (Computer Emergency Response Team) (3) CyberSpark – Israeli Cyber Innovation Arena (4) Bank of Israel, “Cyber Defense Management”, Directive 361, March 2015. |
|
15 (4 May) |
The European Union Network Security Directive and its application: a comparative view (1) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (“the Network Security Directive”), OJ L 194, 19/7/2016, pp. 1-30 (2) Deloitte, “Insights-Agreement reached on EU NIS Directive: A first analysis of the security and incident notification requirements for Operators of Essential Services and Digital Service Providers”, January 2016 |
|
16 (4 May) |
The European Union Privacy Directive and “the data wars”: the Schrems case, data localization and data havens (1) Schrems v. Data Protection Commissioner, Judgement (Summary), Case C-362/14, European Court of Human Rights, 6 October 2015 (2) European Commission, Guide to the EU-US Privacy Shield, 2016 (3) European Commission, The EU-US Privacy Shield (website) |
|
17 (11 May) |
International law and the use of force in cyberspace: Tallinn 1.0 (1) Michael N. Schmitt (ed.) The Tallinn Manual on the International Law Applicable to Cyber Warfare, Cambridge, 2013, Rules 1, 2, 6, 11, 13, 30 and accompanying commentary (2) Kristen Eichensehr, “Review of The Tallinn Manual on the International Law Applicable to Cyber Warfare” (Michael N. Schmitt ed., 2013)”, 108 American Journal of International Law 585 (2014) (3) [optional] Michael N. Schmitt, “The Law of Cyber Warfare: Quo Vadis?” Stanford Law and Policy Review, Vol. 25, pp. 269-291 |
|
18 (11 May) |
Case Study Exercise #3 |
|
19 (18 May) |
State activity in cyberspace I (1) Michael N. Schmitt (ed.) The Tallinn Manual on the International Law Applicable to State Activity in Cyberspace, Cambridge, 2017, specific rules and accompanying commentary to be notified |
|
20 (18 May) |
State activity in cyberspace II (1) Michael N. Schmitt (ed.) The Tallinn Manual on the International Law Applicable to State Activity in Cyberspace, Cambridge, 2017, specific rules and accompanying commentary to be notified |
|
1 June – no class |
-- |
|
21 (date to be determined) |
Future trends, Wrap-up, Q&A for final exam (1) Kristen Eichensehr, “Giving Up on Cybersecurity”, UCLA School of Law, Public Law Research Paper No. 16-29 , June 2016 |
