I330: Legal and Social Aspects of Security

INFO-I 400 / 590
Tuesday Thursday 4:00pm - 5:15pm
Info West 107

Course Description

This course examines that set of ethical and legal problems most tightly bound to the issues of information control. The interaction and technology changes, but the core issues have remained: privacy, intellectual property, Internet law, concepts of jurisdiction, speech anonymity versus accountability, and ethical decision making in the network environment.


Prof. Kami Vaniea
Info West 301
Office Hours: Tuesday 2-3pm

Assistant Instructor

Gianpaolo Russo


  1. 13/15 January Discussion: Introduction to class and email security
    Read for class: No reading for this week
    News: News:
  2. 20/22 January Discussion: Web tracking
    Optional: Optional: Optional: Optional: News: News: News:
    Link from lecture:
  3. 27/29 January Discussion: Intro to Legal Aspects of Security
    Read for class: Read for class: Read for class: Read for class: News: Link from Lecture:
  4. 3/5 Febuary Discussion: Policy and Regulation
    Read for class: Read for class: Read for class: Read for class: Read for class: Read for class:
    News: News:
  5. 10/12 Febuary Discussion: Data Brokers
    Read for class: Read for class: Read for class: Optional: News: News: News:
  6. 17/19 Febuary Discussion: Threat Modeling
    Read for class: Read for class: Read for class: Optional: Optional:
  7. 24/26 Febuary Discussion: Psychology of Security
    Read for class: Optional: News: News:


Labs and Quizzes20%

Grades will be given out as follows:


Readings and Quizes

Students will be assigned readings every week which they are expected to do before class. These readings come from a variety of sources and will be provided via Canvas. There is no assigned book for this course. Quizzes will be administered each Tuesday to ensure students have been reading the material.


There are two lab sections to the course, you must be signed up for one of them. Labs will involve hands-on activities designed to help you better understand the material. Labs are due at the beginning of class Tuesday.


The class project is a term paper where you will be analysing a public security breach from three angles: technical, legal, and social. The goal is to  get an in-depth understanding of what a single security breach looks like, what causes it, and how the ramifications of the breach play out. There will be four milestones:

Summarize the breach

Pick a breach that you think is interesting and provide a high level summation of what happened. The goal of this milestone is to give the Professor and the  AI a chance to comment on your choice and provide feedback.

Technical analysis

Provide a technical analysis of what happened. Describe whole attack at a high level. Select one technical aspect of the attack and describe the attacked technical component in detail. For example, in the attack on Target ActiveX is a likely way the attacker gained access, so you might provide a detailed description of what ActiveX is, how it relates to security, and how it might have played a role in this attack.

Legal/policy/regulatory analysis

Provide an analysis of the legal, policy, and regulatory impact of the breach. Provide summaries of the legal cases brought against the company, any regulations involved, what agencies investigated, and any industry certifications that the breach put in jeopardy. Select one of these and describe it in depth.

Social analysis

Provide an analysis of the human component of the breach. Most breaches have a human component somewhere. Even if no end user was involved, system administrators are people too and cannot do everything at once. What organizational pressures, or social limitations might have resulted in this breach? Unfortunately, human factors of security are rarely published in breach analysis.