- About Us
- Courses & Workshops
- Projects & Publications
- Cyber Initiative
Past Events 2016–17
Law & Tech: Laura Donohue
Tuesday, September 13, 2016 at 12:00PM - 1:00PM
The Fourth Amendment in a Digital World
Fourth Amendment doctrines created in the 1970s and 1980s no longer reflect how the world works. The formal legal distinctions on which they rely—(a) private versus public space, (b) personal information versus third party data, (c) content versus non-content, and (d) domestic versus international—are failing to protect the privacy interests at stake. Simultaneously, reduced resource constraints are accelerating the loss of rights. The doctrine has yet to catch up with the world in which we live. One potential solution to adapting the Fourth Amendment to the digital age lies in acknowledging the acquisition of uniquely identifiable information as per se a search, and thus presumptively unreasonable absent a warrant. This approach is rooted in the right of the people to be secure in their “persons” as well as “papers” and “effects” against unreasonable search and seizure. The Court’s logic inRiley v. California and interests articulated by the shadow majority in United States v. Jones offer promising ways to evaluate reasonableness by focusing on the type and extent of information being collected, the length of the collection, the combination of the data with other information, and the number of individuals whose privacy is thereby compromised, as weighed against the governmental interests at stake.
Laura K. Donohue is a Professor of Law at Georgetown Law, Director of Georgetown's Center on National Security and the Law, and Director of the Center on Privacy and Technology. She writes on constitutional law, legal history, emerging technologies, and national security law. Her books include The Future of Foreign Intelligence: Privacy and Surveillance in a Digital Age (Oxford University Press, 2016); The Cost of Counterterrorism: Power, Politics, and Liberty (Cambridge University Press, 2008); and Counterterrorist Law and Emergency Law in the United Kingdom 1922-2000 (Irish Academic Press, 2007). Professor Donohue's articles have been published by California Law Review, University of Chicago Law Review, Stanford Law Review, University of Pennsylvania Law Review, Harvard Journal of Law and Public Policy, and elsewhere. In November 2015, the U.S. Foreign Intelligence Surveillance Court appointed her as one of five amici curiae under the 2015 USA FREEDOM Act. Professor Donohue is a Life Member of the Council on Foreign Relations; an Advisory Board Member of the Electronic Privacy Information Center; and a Member of the American Bar Association's Standing Committee on Law and National Security. She also is a Senior Scholar at Georgetown Law's Center for the Constitution. She obtained her AB in Philosophy (with Honors) from Dartmouth College; her MA in Peace Studies (with Distinction) from the University of Ulster, Northern Ireland; her JD (with Distinction) from Stanford Law School; and her PhD in History from the University of Cambridge, England.
Sponsoring Organization(s): GLC, ISP
Hacking the Election
Tuesday, September 20, 2016 at 9:00AM - 1:30PM
In the wake of the DNC hack, there has been a flurry of discussion of how both foreign and domestic actors may use new technologies in the attempt to influence the election, ranging from releasing private information to actively hacking voting machines.
This raises a host of legal and political questions regarding the relationship between advanced technologies and the integrity of political processes.
Panel 1: The DNC Hack 10-11:30 am Room 127 This panel will focus chiefly on the recent exposure of thousands of emails belonging to officials of the Democratic National Committee and this action’s implications for national security law, international law, and foreign affairs. Moderator: Scott Shapiro Confirmed Panelists: Jack Goldsmith, Oona Hathaway, Susan Hennessey
Panel 2: Hacking the Election 12 -1:30 pm Room 128 This panel will explore how the presidential election could be affected by the use of different technologies, including manipulative social media algorithms, voting machines vulnerabilities, and cyberattacks or cyber-enabled disinformation campaigns. Moderator: Jack Balkin Confirmed Panelists: Paul Brewer, Michael Fischer, Heather Gerken
Vivek Mohan: Privacy and Cybersecurity: Legal Issues In Private Practice
Tuesday, October 4, 2016 at 12:00PM - 1:00PM
Vivek is Privacy Counsel at Apple Inc., where he is responsible for privacy and security issues associated with Apple's products, services, and corporate infrastructure. Vivek joined Apple from the Privacy, Data Security, and Information Law group at Sidley Austin LLP, where he counseled clients in the technology, telecommunications, healthcare, and financial services sectors. Vivek is the co-editor and author of the PLI treatise "Cybersecurity: A Practical Guide to the Law of Cyber Risk," published in September 2015. Vivek has worked as an attorney at Microsoft, at the Internet Bureau of the New York State Attorney General (under a special appointment), and at General Electric's corporate headquarters (on secondment). For five years, Vivek was a resident fellow and later a non-resident associate with the Cybersecurity Project at the Harvard Kennedy School. Vivek holds a JD from Columbia Law School and a BA from the University of California, Berkeley.
Sponsoring Organization(s): Information Society Project (ISP), Center for Global Legal Challenges (GLC)
National Security in the Digital Age: A Discussion With Veteran Journalist David Sanger
Monday, October 17, 2016 at 12:10PM - 2:30PM
Cyberwar, mass surveillance, election-related hacks—technology is reshaping the national security landscape. Join us on October 17 for a conversation with The New York Times' David Sanger, a Pulitzer-Prize-winning journalist who first revealed the Stuxnet worm and whose reporting tracks the foreign policy deliberations of the most senior U.S. officials. Sanger will speak about the latest trends in U.S. national security policy and about the process of covering them as a reporter.
David Sanger is National Security Correspondent for The New York Times and one of the newspaper’s senior writers. He is the author of two bestsellers on foreign policy and national security: The Inheritance: The World Obama Confronts and the Challenges to American Power (2009) and Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power (2012).
In his 34-year career, Mr. Sanger has served as the Times’ Tokyo Bureau Chief, Washington Economic Correspondent, White House correspondent during the Clinton and Bush Administrations, and Chief Washington Correspondent. He has twice been a member of Times’ teams that won the Pulitzer Prize, first for the investigation into the causes of the Challenger disaster in 1986, and later for investigations into the struggles within the Clinton administration over controlling technology exports to China. He has also won the Weintal Prize for diplomatic reporting for his coverage of the Iraq and Korea crises, the Aldo Beckman prize for coverage of the Presidency, and, in two separate years, the Merriman Smith Memorial Award, for coverage of national security issues. “Nuclear Jihad,” the documentary that Mr. Sanger reported for Discovery/Times Television, won the DuPont Award for its explanation of the workings of the A.Q. Khan nuclear proliferation network.
A 1982 graduate of Harvard College, Mr. Sanger was the first senior fellow in The Press and National Security at the Harvard’s Belfer Center for Science and International Affairs. With Graham Allison, he co-teaches “Central Challenges in American National Security, Strategy and the Press” at Harvard’s Kennedy School of Government.
Transatlantic Perspectives of Privacy and Cybersecurity: a Proposal
Tuesday, October 25, 2016 at 1:00PM - 1:00PM
The idea that the US and EU have different perceptions about privacy values is widespread. When describing the U.S. view, much scholarship starts from Warren and Brandeis’ Article “The Right to Privacy” which presents a general and undefined "right to be let alone" connected to a principle of excluding private spheres from public view. This view is very different from common European perceptions of privacy, which are based on concepts of generally applicable fundamental rights.
This traditional view, however, is incomplete, because it overlooks a critical commonality between the two regimes – the shared fear of what bad actions the "privacy intruder" will take. Specifically, while each regime fears different actors most – both are concerned about the "chilling effects" on individual freedoms that would result from privacy invasions.
We argue that the common values inherent in both United States and European Union privacy regulation, and in their associated bureaucratic institutions, provide clues to developing a framework for coordinating these two different regulatory regimes in a way that reduces compliance transaction costs.
The resultant approach, which we describe as Supervised Market-Based Regulation (SMBR), allows for an international regulatory framework which both shows respect for national differences in privacy preferences while allowing for harmonized compliance procedures which reduce barriers to free flow of information and discourage compliance-avoidance activities.
Such coordination has many benefits for data flow between the two countries, particularly for the multinational technology companies who face a current patchwork of regulatory compliance procedures which differ from nation to nation. Furthermore, based on the success of a similar framework at regulating healthcare cybersecurity in the United States, we hypothesize that such an approach may have benefits for transnational cybersecurity regulation as well that is strictly connected with privacy.
The idea of a SMBR applied to cybersecurity already has some use both in the US and EU. The EU Directive on Security of Network and Information Systems (NIS Directive) requires that Member States maintain cybersecurity procedures and encourages cybersecurity cooperation, but delegates to the individual States details of implementation. In the US, cybersecurity regulation in the healthcare sector employs a similar approach of specifying areas of focus but delegating implementation details to industry actors under the HIPAA Security Rule.
Additionally, as part of the EU cybersecurity strategy, the European Commission and the European Cyber Security Organisation (ECSO) recently signed a contractual Public-Private Partnership (cPPP) which is expected to drive further market-oriented policy measures in the forthcoming months.
Pierluigi Perri, Ph.D., is a tenured researcher at Law School of University of Milan and Advisor on Cybercrime at the Council of Europe in Strasbourg. His academic interests are focused on Privacy, Information Security, Computer Crimes and Computer Forensics.
Since 2010, he is Associate Research Professor in Advanced Computer Law at the University of Milan, and since 2015 he is Director of the postgraduate Course in Computer forensics and Data protection. He was Visiting Postdoctoral Associate at Information Society Project of Yale Law School (CT), Non-Residential Fellow at the Center for Internet and Society of Stanford University – Faculty of Law and Visiting Researcher at the Legal & Corporate Affairs Department of Microsoft Corp. in Redmond (WA). He is author of two books and numerous scientific papers concerning computer law, privacy and information security.
Sponsoring Organization(s): ISP, GLC
Lunch Talk with Michael Sulmeyer
Monday, October 31, 2016 at 12:00PM - 1:00PM
Baker Hall - A005
Dr. Michael Sulmeyer is the Belfer Center's Cyber Security Project director at the Harvard Kennedy School. He recently concluded several years in the Office of the Secretary of Defense, serving most recently as the Director for Plans and Operations for Cyber Policy. He was also Senior Policy Advisor to the Deputy Assistant Secretary of Defense for Cyber Policy. In these jobs, he worked closely with the Joint Staff and Cyber Command on a variety of efforts to counter malicious cyber activity against U.S. and DoD interests. Previously, he worked on arms control and the maintenance of strategic stability between the United States, Russia, and China.
As a Marshall Scholar, Sulmeyer received his doctorate in Politics from Oxford University, and his dissertation, "Money for Nothing: Understanding the Termination of U.S. Major Defense Acquisition Programs," won the Sir Walter Bagehot Prize for best dissertation in government and public administration. He received his B.A. and J.D. from Stanford University and his M.A. in War Studies from King's College London. In the mid-1990s, he was the System Operator (SysOp) of The Summit BBS in Santa Barbara, California.
Sponsoring Organization(s): Center for Global Legal Challenges, Information Society Project (ISP)
Lunch Talk with Richard Salgado
Tuesday, November 8, 2016 at 12:00PM - 1:00PM
The Center for Global Legal Challenges and the Information Society Project will welcome to campus on Nov. 8, Richard Salgado, Google’s Director for Information Security and Law Enforcement Matters. Salgado is a YLS grad and spent his career lecturing and working in the field of cyber-security.
Richard Salgado serves as Google’s Director for information security and law enforcement matters. Prior to joining Google, Richard was with Yahoo!, focusing on international security and compliance work. He also served as senior counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Richard specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code, and other technology-driven privacy crimes.
In 2005, Richard joined Stanford Law School as a legal lecturer on computer crime and on Internet business legal and policy issues; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School and as a faculty member of the National Judicial College. Richard is a senior instructor with the SANS Institute, teaching on the legal issues in computer forensics and network investigations.
He regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence, and related criminal conduct. Richard graduated magna cum laude from the University of New Mexico and in 1989 received his JD from Yale Law School.
Sponsoring Organization(s): Yale Center for Global Legal Challenges, Information Society Project, TechSoc
The Tallinn Manual Journey: Identifying the International Law Applicable to Cyber Operations with Michael Schmitt
Tuesday, November 15, 2016 at 12:00PM - 1:00PM
Sterling Law Building - Room 128
Michael Schmitt is Chairman & Charles H. Stockton Professor at the US Naval War College’s Stockton center for the Study of International Law and Professor of Public International Law at Exeter Law School in the United Kingdom. He is also the Francis Lieber Distinguished Scholar at West Point’s Lieber Institute for Law and land Warfare and Senior Fellow at the NATO Cooperative Cyber Defence Centre of Excellence and General Editor of International Law Studies. Since 2009 he has directed the Tallinn Manual project, which is examining the intertnational law applicable to cyber operations.
Sponsoring Organization(s): Center for Global Legal Challenges, ISP, TechSoc
Accountability for War Algorithms
Tuesday, January 17, 2017 at 12:10PM - 1:30PM
Sterling Law Building - Room 128
In key respects, power and authority are increasingly expressed algorithmically. War is no exception. Militaries, for instance, are actively incorporating more and more forms of technical autonomy into weapons, logistics, and other systems. In a recent paper, my co-authors and I put forward the concept of “war algorithms.” We define a war algorithm as any algorithm that is expressed in computer code, that is effectuated through a constructed system, and that is capable of operating in relation to armed conflict. Through the war-algorithm lens, we attempt to link international law and related accountability architectures to relevant technologies. We sketch a three-part accountability approach: state responsibility under international law, individual responsibility for international crimes, and a broader notion of “scrutiny governance.” While not exhaustive, the framework highlights traditional (think war reparations and war-crimes prosecutions) and unconventional (think normative design of technical architectures and self-regulation among technologists) accountability avenues.
Bio:Dustin A. Lewis is a Senior Researcher at the Harvard Law School Program on International Law and Armed Conflict (PILAC). With a focus on public international law sources and methodologies, Mr. Lewis leads PILAC research projects on the theoretical underpinnings and application of international norms related to contemporary challenges concerning armed conflict. He explores legal—as well as policy, technical, and ethical—dimensions of such topics as war algorithms; wartime medical care for terrorists; extraterritorial use of lethal force; the goals of war and the end of war; and dilemmas at the intersection of counterterrorism frameworks and principled humanitarian action. Mr. Lewis oversees the Program’s publications, research assistants, and online platforms. And he regularly briefs government officias, United Nations system actors, members of the media, and NGOs.
Sponsoring Organization(s): Center for Global Legal Challenges, ISP
Weaponizing Information: Propaganda to Cyber Conflict
Tuesday, January 24, 2017 at 10:00AM - 1:30PM
SLB 121 10:00 - 12:00; SLB 128 12:10 - 1:30
Information warfare is the use of information to delegitimize rivals and adversaries and/or to push a state’s agenda. The” Weaponizing Information” conference, co-hosted by the Center for Global Legal Challenges and the Information Society Project, will bring together legal, policy, political science, and military experts to discuss the history and future trajectory of information warfare in the internet age. While foreign digital interference raises concerns about the security of our democracy, attempts to use information to delegitimize rivals and adversaries, and/or to push a state’s agenda are not new: rather, they are modern iterations of long-standing information warfare tactics and strategies.
This conference seeks to understand the roots of these practices, as well as asks how today’s technology adds new dimensions. In what ways does cyber conflict change – or reassert – existing information warfare norms? What are the military, legal and policy implications of this evolution? What existing precedents should inform new scholarship and policy orienting principles?
Sponsored by the Oscar M. Ruebhausen Fund
10:00a - Welcome breakfast
10:30a - Panel 1: Manipulation and Misinformation: Propaganda and False News
Moderated by Professor Michael Reisman
Professor Ellen Goodman, Rutgers Law
Professor Jason Stanley, Yale Department of Philosophy
Patrick Tucker, Defense One
12:00p - Panel 2: Information Warfare in the Cyber Era
Moderated by Professor Oona Hathaway
Professor Catherine Lotrionte, Georgetown University
Jacquelyn Scehneider, Naval War College
Dr. Aaron Brantly, United States Military Academy
Sponsoring Organization(s): GLC, ISP, Oscar M. Ruebhausen Fund
Wikimedia Foundation vs. NSA: Fighting against the chilling effects of online surveillance
Tuesday, March 21, 2017 at 12:00PM - 1:00PM
Jim Buatti and Zhou Zhou, attorneys at the Wikimedia Foundation (which hosts Wikipedia and its sister projects), will discuss Wikimedia's lawsuit against the NSA for its mass surveillance of internet communications. They will provide background on the “Upstream” surveillance practices at issue and on Wikimedia's decision to sue the government alongside eight co-plaintiffs and with the assistance of the ACLU. They will walk us through the history of the case, Wikimedia's theories concerning the legality and constitutionality of the NSA's activities, and the government's attempts to dismiss the case. Finally, they will discuss recent developments, the future of the case, and Wikimedia's concerns about government surveillance under the new administration.
Jim Buatti is Associate Counsel at the Wikimedia Foundation. He negotiates and approves the Foundation’s contracts, and advises the legal team on various privacy and intellectual property matters. He first joined the Foundation in early 2015 as a Legal Fellow, and has worked on Wikimedia v. NSA since it was first filed. Prior to joining the Foundation, Jim interned at the Electronic Frontier Foundation and worked as a research assistant to Professor Richard Hasen. Jim is a graduate of the UC Irvine School of Law.
Zhou Zhou is Legal Counsel at the Wikimedia Foundation. In his role, he focuses on providing support for products and technology features at the Foundation. Previously, he was an associate at Gibson, Dunn & Crutcher and graduated from Columbia Law School. Prior to law school, Zhou was a software engineer at Salesforce.com and double majored in electrical engineering and computer sciences as well as bioengineering at the University of California, Berkeley. Zhou has been honored as a Transatlantic Digital Debates fellow and Internet Law & Policy Foundry fellow.
Sponsoring Organization(s): ISP, GLC, TechSoc
Rethinking Internet Freedom in the Age of Cyber Control; Dr. Laura DeNardis
Tuesday, March 28, 2017 at 12:00PM - 2:00PM
Sterling Law Building - 128
Laura DeNardis, M.Eng, Ph.D., is a Professor of Internet architecture and governance and Faculty Director of the Internet Governance Lab at American University in Washington, D.C. With a background in information engineering and a doctorate in Science and Technology Studies, her books include The Global War for Internet Governance (Yale University Press 2014); Opening Standards: The Global Politics of Interoperability (MIT Press 2011); Protocol Politics: The Globalization of Internet Governance (MIT Press 2009); Information Technology in Theory (2007) and a recently published co-edited volume The Turn to Infrastructure in Internet Governance (Palgrave 2016). Dr. DeNardis served as the Director of Research for the Global Commission on Internet Governance and is an Adjunct Senior Research Scholar at Columbia University’s School of International and Public Affairs. She previously served as the Executive Director of the Yale Information Society Project from 2008-2011. Her expertise and scholarship have been featured in Science Magazine, The Economist, National Public Radio, New York Times, ABC news, Bloomberg, Time Magazine, Christian Science Monitor, Slate, Reuters, Forbes, The Atlantic, the Globe and Mail, and the Wall Street Journal. She has more than two decades of experience as an expert consultant in Internet architecture and governance to Fortune 500 companies, foundations, and government agencies and is currently an appointed member of the United States Department of State’s Advisory Committee on International Communications and Information Policy. Dr. DeNardis holds an AB in Engineering Science from Dartmouth College, a Master of Engineering degree from Cornell University, a PhD in Science and Technology Studies from Virginia Tech, and was awarded a postdoctoral fellowship from the Information Society Project at Yale Law School.
Sponsoring Organization(s): Center for Global Legal Challenges, ISP
It’s Too Complicated: How the Internet Upends Katz, Smith, and Electronic Surveillance Law with Susan Landau
Tuesday, April 18, 2017 at 12:00PM - 1:00PM
Susan Landau, Professor of Cybersecurity Policy
Electronic surveillance law seeks to balance protecting the privacy of the people while enabling government's surveillance capabilities. In the US, legal frameworks governing surveillance have, for forty years, drawn a distinction between content and non-content components of communication. The non-content portion of a communication and those aspects of non-content being shared with a third party receive a lower degree of privacy protection than the content shared between two communicating parties. Such protections were developed in an era when public service telephony reigned. Today’s communications systems, particularly on the Internet, are far more complex. In this talk, I show how complexity collapses traditional content/non-content distinctions and disrupts application of the third party doctrine to such an extent that, in many circumstances, they have become too difficult for courts to construe and apply consistently. It's too complicated.
Sponsoring Organization(s): Center for Global Legal Challenges, ISP