Soctech seminar, Winter 2005
Winter 2005: Computer security: legal and technical perspectives
In recent years, the insecurity of networked computers has emerged as a major issue on the national stage. Software security flaws regularly make headlines, and incur tremendous social costs in money, time, privacy, and peace of mind. Why isn't software secure? What can be done to make it secure? The answers to these questions require an understanding of both technological issues, and the universe of social and legal issues that surround the technology. This course aims to bring together people from law, computer science, and other backgrounds, so that both groups can bring their expertise to bear on the problem. Enrollment is open to all students, and no prior expertise in law or computer science is expected.
The course will be divided into two segments:
- In the first half, we will provide an overview of the technology issues to people with non-computer science backgrounds, and an overview of the law to people with non-legal backgrounds. The goal of these sessions will be to provide a foundation of shared knowledge to all students, so that later discussions can build on that knowledge.
- In the second half, students will lead/facilitate discussion on a number of targeted topics where the law and technology interact. Enrolled students will work with course organizers to prepare their presentation. Classes in the second half will be discussion-driven to the extent possible.
Winter quarter course registration SLN is 9266; see the CSE winter quarter time schedule for details.
Course grading and credit-load policies: Subject to change, but variable credits are available to meet differing levels of participation:
- Sign up for 1 credit if you plan to attend, do the readings, and participate in discussions.
- Sign up for 2 credits if you wish to lead a discussion/present, OR write a short paper.
- Sign up for 3 credits if you wish to either (a) lead a discussion/present, AND write a short paper, or (b) write one long paper.
The course is listed on the schedule as credit/no-credit, but we are investigating a graded option as well; if you want to take the course as a graded course, then enroll so we can get an accurate head count, and email Ben (brd at u.washington.edu), Caroline (cmbenner at u.washington.edu), or Keunwoo (klee at cs.washington.edu) so that we can notify you if/when the graded option becomes available.
- 4 Jan tech intro: thinking about security (presenter: Keunwoo)
- 11 Jan tech intro: basic concepts of computer systems, from a security perspective (presenter: Keunwoo)
- 18 Jan technical aspects of improving computer systems (presenter: Keunwoo)
- 25 Jan Law intro: property rules & liability rules (presenter: Ben Dugan)
- Reading: Polinsky, An Introduction to Law and Economics, Chapters 3, 4, 6.
- Presentation slides (next 3 sessions): PDF
- 1 Feb Law intro: understanding negligence, strict liability, products liability (presenter: Ben Dugan)
- Reading: Polinsky, Chapters 10, 12, 13.
- 8 Feb Vendor Liability (presenter: Prof. Jane Winn (Law))
- 15 Feb certification processes: products, processes, people (presenter: Erika, David)
- 22 Feb security processes in the real world (presenter: Ira)
- Reading: Recently released FDA document: [http://www.fda.gov/cdrh/comp/guidance/1553.html
Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software], also General info on FDA regulation of medical devices
- 1 Mar discussion
- Homework: Watch Lazowska 12/02/04 lecture on cybersecurity, linked from CSE 590 PTU 2004 lecture archive
- 8 Mar criminal law (presenters: Floyd Short (law), Charlie Reis (CS))
More in-depth planning and notes on the items above: see Software security seminar
to sign up for the course mailing list. You will need a UW NetID. Contact Keunwoo if you have any difficulty signing up.