Difference between revisions of "Soctech seminar, Winter 2005"

From PublicWiki
Jump to: navigation, search
m (Reverted edit of 204.182.125.140, changed back to last version by 128.208.3.71)
 
(64 intermediate revisions by 10 users not shown)
Line 1: Line 1:
'''[[Society and technology]] seminar planning'''
+
'''[[Society and technology]] seminar: CSE 590 SO, Tue 12:30-1:20, [http://www.washington.edu/students/maps/map.cgi?CSE CSE] 403'''
  
 +
'''Winter 2005: Computer security: legal and technical perspectives'''
  
'''[[Society and technology]] seminar ideas'''
+
In recent years, the insecurity of networked computers has emerged as a major issue on the national stage.  Software security flaws regularly make headlines, and incur tremendous social costs in money, time, privacy, and peace of mind.  Why isn't software secure?  What can be done to make it secure?  The answers to these questions require an understanding of both technological issues, and the universe of social and legal issues that surround the technology.  This course aims to bring together people from law, computer science, and other backgrounds, so that both groups can bring their expertise to bear on the problem.  Enrollment is open to all students, and no prior expertise in law or computer science is expected.
  
At the [[Soctech:Meeting of 2004-08-06|August 6 meeting]] we resolved to plan a seminar (in CSE lingo, a "590", after the course number under which irregular seminars are listed) for Fall 2004 or Winter 2005.
+
The course will be divided into two segments:
 +
#In the first half, we will provide an overview of the technology issues to people with non-computer science backgrounds, and an overview of the law to people with non-legal backgrounds.  The goal of these sessions will be to provide a foundation of shared knowledge to all students, so that later discussions can build on that knowledge.
 +
#In the second half, students will lead/facilitate discussion on a number of targeted topics where the law and technology interact.  Enrolled students will work with course organizers to prepare their presentation.  Classes in the second half will be discussion-driven to the extent possible.
  
The topic for the first offering will be the cluster of issues surrounding [[intellectual property]] law and open source software.  We've heard some noises to the effect that there's a Technology & Law Society in the law school that's interested in talking to people in technology fields. Assuming, for the moment, that the Tech & Law people get on board, then the purpose of this seminar would be to get cross-disciplinary dialogue between those two fields in particular.
+
==Administrative info==
 +
Winter quarter course registration SLN is 9266; see the [http://www.washington.edu/students/timeschd/WIN2005/cse.html CSE winter quarter time schedule] for details.
 +
 
 +
Course grading and credit-load policies: Subject to change, but variable credits are available to meet differing levels of participation:
 +
*Sign up for 1 credit if you plan to attend, do the readings, and participate in discussions.
 +
*Sign up for 2 credits if you wish to lead a discussion/present, OR write a short paper.
 +
*Sign up for 3 credits if you wish to either (a) lead a discussion/present, AND write a short paper, or (b) write one long paper.
 +
The course is listed on the schedule as credit/no-credit, but we are investigating a graded option as well; if you want to take the course as a graded course, then enroll so we can get an accurate head count, and ''email Ben (brd at u.washington.edu), Caroline (cmbenner at u.washington.edu), or Keunwoo (klee at cs.washington.edu) so that we can notify you if/when the graded option becomes available.''
  
 
==Schedule overview==
 
==Schedule overview==
# intro: what do computer scientists and programmers do when they work?
+
* '''4 Jan''' tech intro: thinking about security (presenter: Keunwoo)
# intro: how do lawyers think about IP law?
+
::Reading: Lessig ch. 7
# ?
+
::Keunwoo's presentation slides: [http://www.cs.washington.edu/education/courses/cse590so/05wi/presentations/cse590so-lecture1.pdf PDF], [http://www.cs.washington.edu/education/courses/cse590so/05wi/presentations/cse590so-lecture1.ppt PowerPoint]
# ?
+
* '''11 Jan''' tech intro: basic concepts of computer systems, from a security perspective (presenter: Keunwoo)
# ?
+
::Reading: Schneier ch. 8-10, 13 (in-class handout; contact Keunwoo if you need this)
# ?
+
::Keunwoo's presentation slides: [http://www.cs.washington.edu/education/courses/cse590so/05wi/presentations/cse590so-lecture2.pdf PDF], [http://www.cs.washington.edu/education/courses/cse590so/05wi/presentations/cse590so-lecture2.ppt PowerPoint]
# ?
+
* '''18 Jan''' technical aspects of improving computer systems (presenter: Keunwoo)
# ?
+
::Reading: Parnas, [http://doi.acm.org/10.1145/214956.214961 Software Aspects of Strategic Defense Systems]
# ?
+
::Keunwoo's presentation slides: [http://www.cs.washington.edu/education/courses/cse590so/05wi/presentations/cse590so-lecture3.pdf PDF], [http://www.cs.washington.edu/education/courses/cse590so/05wi/presentations/cse590so-lecture3.ppt PowerPoint]
# ?
+
* '''25 Jan''' Law intro: property rules & liability rules (presenter: Ben Dugan)
 
+
::Reading: Polinsky, ''An Introduction to Law and Economics'', Chapters 3, 4, 6.
===Assorted possible topics not yet scheduled===
+
::Presentation slides (next 3 sessions): [http://www.cs.washington.edu/homes/dugan/law-boot-camp.pdf PDF]
 
+
* '''1 Feb''' Law intro: understanding negligence, strict liability, products liability (presenter: Ben Dugan)
See also [[soctech:Topics]] for general topics of interest to computer scientists.
+
::Reading: Polinsky, Chapters 10, 12, 13.
 
+
* '''8 Feb''' Vendor Liability (presenter: Prof. Jane Winn (Law))
* Typical proprietary software licenses
+
::Reading: HIPAA Security Rule Overview [http://www.hipaadvisory.com/regs/securityoverview.htm], Gramm-Leach-Bliley Safeguards Rule [http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm]
** Users click through these agreements all the time.  Most users don't know what's in them; I certainly don't.
+
* '''15 Feb''' certification processes: products, processes, people (presenter: Erika, David)
** What goes into them?  What do they mean?
+
::Reading:
** Perhaps we read a software license (yes, an actual license) and have some law types explain it to us, and then we talk about it.
+
::*Schneier, [http://www.schneier.com/essay-024.html A Cyber Underwriter's Lab?]
** The obvious comparison is to OSS licenses.
+
::*[http://www.acm.org/serving/se_policy/selep_main.html USACM position paper on licensing software engineers]
 
+
::*Voas, [http://www.stsc.hill.af.mil/crosstalk/1998/11/voas.pdf The Software Quality Certification Triangle]
* Standards bodies
+
* '''22 Feb''' security processes in the real world (presenter: Ira)
** What happens to society when infrastructural standards (e.g., audio interchange formats) become encumbered with IP claims?
+
::Reading: Recently released FDA document: [http://www.fda.gov/cdrh/comp/guidance/1553.html
** Conversely, there must be costs to ensuring that infrastructural standards are unencumbered...?
+
Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software], also [http://www.fda.gov/cdrh/consumer/geninfo.html General info on FDA regulation of medical devices]
 
+
* '''1 Mar''' discussion
* Case study: Accessibility technology
+
::Homework: Watch Lazowska 12/02/04 lecture on cybersecurity, linked from [http://www.cs.washington.edu/education/courses/csep590tu/04au/lectures/ CSE 590 PTU 2004 lecture archive]
** Kate has been working w/ accessibility technologies, and mentioned at a couple of meetings that she's run into problems due to IP. A rundown of these problems, plus some discussion of the Skylarov case?
+
* '''8 Mar''' criminal law (presenters: Floyd Short (law), Charlie Reis (CS))
 +
'''More in-depth planning and notes on the items above: see [[Software security seminar]]'''
  
* Issues for developing economies
+
==Mailing list==
** Developing countries often cannot afford to buy technology that is encumbered by heavy IP restrictions at First World prices and on First World terms.
+
Visit
** Also, developing countries often have rudimentary IP law frameworks.
+
:https://mailman.cs.washington.edu/mailman/listinfo/cse590so
** Companies like MS are working out special pricing/licensing arrangements; what is happening there?
+
to sign up for the course mailing list.  You will need a UW NetID. Contact Keunwoo if you have any difficulty signing up.
  
* Historical perspectives
+
==Notes and discussion==
** The Free Software Foundation claims that, historically, open source is simply how software was written, and that it was only later (in the 80's?) that IP protection started to be important to software in a serious way.
+
*[[Topics the seminar could cover]]
** What is the background behind this claim?
+
**Winter 2005: [[Software security]]
** What happened in the 80's, from a technological perspective?  From a legal perspective?
+
**Spring 2005: [[Ebook seminar]]
 +
*[[Seminar planning--general discussion area]]
 +
*[[Action items]]
 +
*[[Agenda for upcoming meetings]]
  
* '''IP hacks''': When intellectual property law meets creative programming...
 
** Hypothesis: Broadly defined IP law outlaws too many things; conversely, computer scientists can defeat most narrowly defined IP law by creative programming.
 
*** For example, imagine an IP law scheme where quoting a few seconds of a song is considered "fair use".  Now consider a data distribution protocol whereby many tiny samples of a song are distributed onto thousands of nodes on the network; users of the network reassemble the samples on demand.  The copying of each individual sample can be considered "fair use", but the network as a whole can be used to distribute arbitrary amounts of copyrighted data.
 
** Hypothesis: the above hypothesis does not occur to most lawmakers.
 
** It would be illuminating to have a session wherein we
 
*** bring up examples of IP law
 
*** have the CS people brainstorm ''technical'' ways to circumvent the spirit of that law while obeying its letter.
 
*** have the law people consider how law can be reconceived to defeat these attacks, while preserving the worthy uses of the underlying technology.
 
*** Hopefully, at the end of one or two sessions, we consolidate some principles for tech law from this exercise.
 
  
==Sources==
+
[[Category:Society and technology]]
* One or more chapters from Lessig's various books
 
* The GNU manifestoes
 
* [http://www.wipo.int/ WIPO] white papers?
 
* papers from various [http://www.law.duke.edu/cspd/ Duke CPSD] conferences
 
* [http://www.negativland.com/intprop.html Artices by the band Negativland]
 
* [http://www.eff.org/IP/ EFF IP documents]
 
* '''United States government sites:'''
 
** [http://www.copyright.gov/help/faq/ US Copyright FAQ]
 
** [http://www.uspto.gov/main/policy.htm US PTO public policy page]
 
* ACM public policy sources:
 
** [http://www.acm.org/pubs/property/ Intellectual Property in the Age of Universal Access]
 
** [http://www.acm.org/usacm/IP/ USACM documents]: current topics include copyright, DMCA, UCITA, databases, reverse engineering, and peer-to-peer networking
 
** [http://www.google.com/search?q=site%3Aacm.org%20intellectual%20property&ie=UTF-8&oe=UTF-8 Google search for '''site:acm.org intellectual property''']
 
* IEEE policy sources:
 
** [http://standards.ieee.org/board/pat/index.html IEEE standards board patent committee]
 

Latest revision as of 01:05, 31 October 2005

Society and technology seminar: CSE 590 SO, Tue 12:30-1:20, CSE 403

Winter 2005: Computer security: legal and technical perspectives

In recent years, the insecurity of networked computers has emerged as a major issue on the national stage. Software security flaws regularly make headlines, and incur tremendous social costs in money, time, privacy, and peace of mind. Why isn't software secure? What can be done to make it secure? The answers to these questions require an understanding of both technological issues, and the universe of social and legal issues that surround the technology. This course aims to bring together people from law, computer science, and other backgrounds, so that both groups can bring their expertise to bear on the problem. Enrollment is open to all students, and no prior expertise in law or computer science is expected.

The course will be divided into two segments:

  1. In the first half, we will provide an overview of the technology issues to people with non-computer science backgrounds, and an overview of the law to people with non-legal backgrounds. The goal of these sessions will be to provide a foundation of shared knowledge to all students, so that later discussions can build on that knowledge.
  2. In the second half, students will lead/facilitate discussion on a number of targeted topics where the law and technology interact. Enrolled students will work with course organizers to prepare their presentation. Classes in the second half will be discussion-driven to the extent possible.

Administrative info

Winter quarter course registration SLN is 9266; see the CSE winter quarter time schedule for details.

Course grading and credit-load policies: Subject to change, but variable credits are available to meet differing levels of participation:

  • Sign up for 1 credit if you plan to attend, do the readings, and participate in discussions.
  • Sign up for 2 credits if you wish to lead a discussion/present, OR write a short paper.
  • Sign up for 3 credits if you wish to either (a) lead a discussion/present, AND write a short paper, or (b) write one long paper.

The course is listed on the schedule as credit/no-credit, but we are investigating a graded option as well; if you want to take the course as a graded course, then enroll so we can get an accurate head count, and email Ben (brd at u.washington.edu), Caroline (cmbenner at u.washington.edu), or Keunwoo (klee at cs.washington.edu) so that we can notify you if/when the graded option becomes available.

Schedule overview

  • 4 Jan tech intro: thinking about security (presenter: Keunwoo)
Reading: Lessig ch. 7
Keunwoo's presentation slides: PDF, PowerPoint
  • 11 Jan tech intro: basic concepts of computer systems, from a security perspective (presenter: Keunwoo)
Reading: Schneier ch. 8-10, 13 (in-class handout; contact Keunwoo if you need this)
Keunwoo's presentation slides: PDF, PowerPoint
  • 18 Jan technical aspects of improving computer systems (presenter: Keunwoo)
Reading: Parnas, Software Aspects of Strategic Defense Systems
Keunwoo's presentation slides: PDF, PowerPoint
  • 25 Jan Law intro: property rules & liability rules (presenter: Ben Dugan)
Reading: Polinsky, An Introduction to Law and Economics, Chapters 3, 4, 6.
Presentation slides (next 3 sessions): PDF
  • 1 Feb Law intro: understanding negligence, strict liability, products liability (presenter: Ben Dugan)
Reading: Polinsky, Chapters 10, 12, 13.
  • 8 Feb Vendor Liability (presenter: Prof. Jane Winn (Law))
Reading: HIPAA Security Rule Overview [1], Gramm-Leach-Bliley Safeguards Rule [2]
  • 15 Feb certification processes: products, processes, people (presenter: Erika, David)
Reading:
  • 22 Feb security processes in the real world (presenter: Ira)
Reading: Recently released FDA document: [http://www.fda.gov/cdrh/comp/guidance/1553.html

Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software], also General info on FDA regulation of medical devices

  • 1 Mar discussion
Homework: Watch Lazowska 12/02/04 lecture on cybersecurity, linked from CSE 590 PTU 2004 lecture archive
  • 8 Mar criminal law (presenters: Floyd Short (law), Charlie Reis (CS))

More in-depth planning and notes on the items above: see Software security seminar

Mailing list

Visit

https://mailman.cs.washington.edu/mailman/listinfo/cse590so

to sign up for the course mailing list. You will need a UW NetID. Contact Keunwoo if you have any difficulty signing up.

Notes and discussion

Retrieved from "http://abstract.cs.washington.edu/wiki/index.php?title=Soctech_seminar,_Winter_2005&oldid=4428"