IT 848: Computer Crime, Information Warfare, and Economic Espionage

Last updated 1/8/2002

This course will address issues of computer crime, information warfare, and economic espionage. The computer crime elements of this course will include issues such as computer intrusions, on-line fraud, "electronic stalking," and theft of service. The information warfare aspects will encompass infrastructure security, "hacktivism" and other such issues. Economic espionage will include the protection of proprietary information and how to legally, technically and socially protect sensitive data.

The class meets Monday nights from 6:00-8:00, with a few exceptions noted below.

Grading: The grade will be based on class participation and a series of small assignments. There is no final exam, but I reserve the right to use pop quizes. Class participation accounts for 25% of the grade, and the three assignments each constitute 25% of the grade (any pop quizes fit under the participation grade). The final grade is determined by adding up total points and then allocating grades on a curve applied to the whole class. Certain classes of students (such as MS students) may receive a curve-adjustment equal to all other similarly-situated students, but are otherwise measured on the same curve. Any curve adjustment will only be made at the end of the semester based on the perceived performance level difference. ABA and John Marshall rules require substantial class attendance. Three absences of any kind are allowed. Additional absences will result in a decrease of one grade per additional absence (a B+ becomes a B, etc.). Of course, not showing up for class makes it tough to get points for participation. The written assignments will be in the form of memos giving advice on a particular hypothetical legal problem. The grading is based on factors such as: depth and appropriateness of research, the analytical quality of the written product, how well the written piece addresses the question asked in the assignment, overall readability, and mechanics (grammar, spelling, proper citations, etc.). Do yourself a favor--proofread your assignment before turning it in. For the mechanics portion of the grade, I take off more points for carelessness than for cluelessness. I prefer papers be submitted on paper, but I will accept electronic copies-- HOWEVER, if I cannot read or do not receive an electronic copy it is treated as late. One point is deducted for every day an assignment is late, with no exceptions.

Readings: We will be using the book "Information Warfare and Security" by Dorothy Denning as a text, available on line here [$] or in the bookstore, as well as a case book/supplement. The case book/supplement can be obtained from the Center for Information Technology & Privacy Law on the 16th floor of the CBA building on CD-ROM for free, or you may order a copy from the Center in print for the approximate cost of reproduction and binding. Additional readings may be added during the semester if merited by current events. Please note that not all readings may be in order, as some topics may be moved to accommodate guest speakers. A supplemental book that may be of interest is Networks and Netwars: The Future of Terror, Crime and Militancy, by John Arquilla; David F. Ronfeldt, available here [$], in the bookstore, or for free on-line at http://www.rand.org/publications/MR/MR1382/.

Prerequisite: At least marginal familiarity with computers and electronic communication. Some of the topics and readings get somewhat technical-- please do not hesitate to ask for clarification if topics or terminology are unfamiliar.

I do not have formal office hours, but I am usually in the Center offices every week day from 9-5. I am available to discuss class-related issues by phone in my office at (312) 987-1445, by e-mail at 6Loundy@jmls.edu, or in person by appointment, or you can drop in and see if I am available.

January 14 - Introduction and overview

Reading:

Denning, Chapter 1
Denning, Chapter 2
Denning, pp. 56-59
Denning, pp. 60-61
Denning, pp. 406-409
Information Security is Information Security

January 21- Computer intrusions and attacks

Guest Speaker - ????

Reading:

Denning, pp. 203-209
Denning, pp. 221-226
Denning, pp. 227-239
NIST CSL Bulletin: Computer Attacks: What They Are and How to Defend Against Them
People v. Lawton, 56 Cal. Rptr. 2d 521
People v. Rowell
People v. Versaggi, 629 N.E.2D 103, (Court of Appeals of New York, 1994).
People v. Angeles, 687 N.Y.S.2d 884 (1999)
State of Washington v. Olson, 735 P.2d 1362 (1987)
eBay v. Bidder's Edge

January 28- Theft of service

Guest Speaker - ???

Reading:

Denning, pp. 177-183
People v. Tansey
U.S. v. Ashe, 1995 WL 46415 (6th Cir. Feb. 8, 1995)
AT&T v. The New York City Human Resources Administration, 833 F.Supp. 962 (S.D.N.Y. 1993)
State v. McGraw, 480 N.E.2d 552, 554 (In. 1985)

February 4 - Electronic Stalking

CASE STUDY ASSIGNMENT 1 DUE

Reading:

Denning, pp. 116-120
1999 Report on Cyberstalking: A New Challenge for Law Enforcement and Industry
Koch, Cyberstalking Hype, Inter@ctive Week, May 26, 2000

February 11 - Interception of Electronic Communications

Guest Speaker - David Glockner, Assistant U.S. Attorney & Chief of Criminal Division, U.S. Attorney's Office, Chicago

Reading:

Denning, pp. 164-177
Denning, pp. 184-185
Denning, pp. 189-190
Steve Jackson Games v. United States Secret Service, 36 F.3d 457, (5th. Cir. 1994)
U.S. v. Seidlitz, 589 F.2d 152 (4th Cir., 1978)
Bohach v. City of Reno, 932 F.Supp. 1232 (D. Nev. 1996)
Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F. Supp. 2d 817 (D. Mich. 2000)

February 18 - Computer Viruses, Time Bombs, Trojans and Malicious Code

Reading:

Denning, pp. 269-281
United States v. Morris, 928 F.2d 504 (2d Cir. 1991)
State v. Corcoran, 522 N.W.2d 226 (1994)
Werner, Zaroff, Slotnick, Stern & Askenazy v. Lewis, 588 N.Y.S.2d 960 (1992)
North Texas Preventative Imaging v. Eisenberg, (C.D. CA, Aug. 1996)
Mahru v. The Superior Court of Los Angeles County, 237 Cal. Rptr. 298 (1987)
Shaw v. Toshiba America Information Systems

February 25 - Online Fraud

CASE STUDY ASSIGNMENT 2 DUE

Guest Speaker - Steve Wernikoff, Esq., Staff Attorney, Federal Trade Commission

Reading:

Denning, pp. 54-56
Denning, pp. 150-152
Denning, pp. 262-265
Statement of the Federal Trade Commission
Copyright Infringement as Wire Fraud
Virgin Atlantic Consent Order 95-11-37
U.S. v. Mullins, 992 F.2d 1472 (9th Cir., 1993)
Letter from FTC re: Internic Software, Pty
Internic Poser to Pay Up (Wired News article)
People v. Lipsitz, Supreme Court, IA Part 8, New York, June 1997
Commonwealth v. Murgallis, 2000 PA Super 167 (2000)
People v. Gentry, 234 Cal. App. 3d 131 (1991)
S.E.C. v. Cherif, 933 F.2d 403 (7th Cir. 1991)

March 4 - Social Engineering & Employee Training

Guest Speaker - Matt Caston, Director, Program Management Practice, META Security Group, Inc.

Reading:

Denning, pp. 101-108
Denning, pp. 155-160
Social Engineering: examples and countermeasures from the real world
FTC v. Rapp complaint
NIST CSL Bulletin-People: An Important Asset in Computer Security
NIST CSL Bulletin-An Introduction to Role Based Access Controls
Employees' Guide to Security Responsibilities (Excerpts)

March 11 - NO CLASS - SPRING BREAK

March 18 - Infrastructure Security

Guest Speaker - Mike Scher, Esq., Director, Neohapsis Labs

Reading:

Denning, pp. 193-201
White Paper on Presidential Decision Directive 63 (skim only)
NIST CSL Bulletin-Preparing for Contingencies and Disasters
Cyber Threat Trends and US Network Security
STOA Report on Echelon: Interception Capabilities 2000, available on the Internet at http://www.gn.apc.org/duncan/stoa.htm (intro) and http://www.cyber-rights.org/interception/stoa/ic2kreport.htm (report proper) (skim)

March 25 - Technical means of protecting Information

Guest Speaker - Mike Scher, Esq., Director, Neohapsis Labs

Reading:

Denning, pp. 303-319
Denning, pp. 338-344
Denning, pp. 349-352 (optional)
Denning, pp. 352-354
Denning, pp. 360-363
State v. Moran, 784 P.2d 730 (1989)
NIST CSL Bulletin-Audit Trails
Introduction to Cryptography
Everything You Need to Know About Biometrics
Skim reserved reading in library (penetration test report)

April 1- "Hacktivism"

Guest Speaker - Lew Koch, Investigative Reporter

Reading:

Denning, pp. 43-52
Denning, pp. 68-74
Denning, pp. 254-255
Denning (article in supplement (edited) or in "Networks and Netwars" book (unedited)), "Activism, Hacktivism, and Cyberterroism: The Internet as a Tool for Influencing Foreign Policy."

April 8- Trade Secrets

Guest Speaker - R. Mark Halligan, Esq., Partner, Welsh & Katz

Reading:

Denning, pp. 52-54
Denning, pp. 135-149
Ford Motor Company v. Lane, 67 F.Supp.2d 745 (E.D. Mich. 1999)
Vermont Microsystems, Inc. v. Autodesk, Inc., 88 F.3d 142 (2nd Cir. 1996)
EarthWeb, Inc. v. Schlack, 71 F.Supp.2d 299 (S.D.N.Y. 1999)

April 15 - National Security

Guest Speakers - Mr. Brian Snow, Information Assurance Technical Director, National Security Agency and [???]

CASE STUDY ASSIGNMENT 3 DUE

Reading:

Denning, pp. 62-67
Denning, pp. 132-135
U.S. v. Snepp, 444 U.S. 507 (1980)
U.S. v. Heine
Phillippi v. Central Intelligence Agency
Statement of the Director of Central Intelligence on the Clandestine Services and the Damage Caused by Aldrich Ames, Dec. 7, 1995
Commercial Satelites: Future Threats or Allies?

April 22 - Economic Espionage Act

Reading:

Economic Espionage Act of 1996
U.S. v. Krumrei
U.S. v. Hsu, 155 F.3d 189 (1989)
U.S. v. Martin
Annual Report to Congress on Foreign Economic Collection and Industrial Espionage 1998
April 29 - International Computer Crime/Overflow

Reading:

International Review of Criminal Policy: United Nations Manual on the Prevention and Control of Computer Crime
Convention on Cybercrime (ETS No. 185)