Legal Code: In new seminar, law and engineering students solve cybersecurity challenges requiring both legal and technical know-how

It was anything but a typical law school assignment: In 1,000 words, design a secure email system consistent with a new draft law on encryption. For students in NYU Law’s new Cybersecurity Law and Technology Seminar, however, the assignment was yet another opportunity to grapple with policymaking and technology in an interdisciplinary fashion—just as cybersecurity experts do outside of academia.  

As the threat of cybercrime becomes more prominent and rises rapidly on a global scale, this kind of collaboration provides not only the foundation of a solid defense against individual incidents, but is also critical in formulating policy initiatives. Alone, neither legal nor technological approaches can solve today’s cybersecurity challenges.

In response to this changing security landscape, the Law School, in collaboration with NYU Tandon School of Engineering and other NYU schools and departments, launched a pioneered interdisciplinary research institute, the NYU Center for Cybersecurity (CCS). One of the first institutes of its kind at an academic institution, CCS allows NYU Law scholars to conduct cybersecurity research with computer scientists. Similarly, law and engineering students work together in a new seminar to address both the legal and technological dimensions of a cybersecurity issue.

Randal Milch ’85, former general counsel of Verizon and now a distinguished fellow at the Law School’s Center on Law and Security (CLS) and CCS and a member of NYU Law’s Board of Trustees, co-teaches the seminar with two CCS cofounders: Zachary Goldman ’09, executive director of CLS, and Nasir Memon, professor of computer science and engineering at NYU Tandon.

The seminar examines germane topics that include national security, cybercrime, and cybersecurity regulation, and devotes equal time in each session to law and engineering issues. The goal, says Goldman, is to develop a sophisticated understanding of the ways in which law and technology are deeply interdependent. Throughout the course of the semester, engineering students gain a deeper insight into how policies are developed, such as the reasoning behind why public policy might call for companies to share information about how they were hacked. Concurrently, the burgeoning lawyers learn why the Internet is inherently unsafe and what implications this has for cybersecurity.

“Our students will be better lawyers because they understand the technology,” argues Goldman. “They will be able to identify legal issues, spot legal risk, and figure out ways to manage legal risk in a way that’s sensitive to the technology and sensitive to the commercial or policy environment in which their clients are operating.”

Emulating the rapid pace of cybersecurity developments, the seminar requires engagement with real-world, late-breaking material. In the Fall semester, for instance, students were assigned a report from President Obama’s Commission on Enhancing National Cybersecurity, based partly on testimony from Milch, that was released days before the final class. “Every class is great because something new has happened in the last week, and we figure out a way to address it, whether it’s on the syllabus or not,” Milch attests.

Caroline Alewaerts LLM ’17 came to NYU Law to focus on IP and information law. She sought out the cybersecurity seminar because her prior work as an associate at Baker & McKenzie in Brussels frequently involved privacy and cybersecurity issues. “Knowing the law is not enough,” Alewaerts asserts. “You have to understand the underlying technology if you want to give good advice.”

Working with students from varied academic and professional backgrounds was crucial in understanding the scope of the subject, says Alewaerts. “As lawyers, we would discuss for hours whether some encryption mechanism worked. And the engineer would say, ‘There are 10 types of encryption. What kind are we talking about?’”

Likewise, Liming Luo, a computer science PhD student at Tandon, remarked that she didn’t realize the extent of difficulty in lawyering prior to engaging in legal readings, but relished classroom discussions where students from each discipline helped each other understand thorny technical issues.

Appreciation across disciplines also flourished among the professors, who met and prepared extensively before each class. “What impressed me and opened my eyes was how masterfully my two [Law] colleagues carried the discussions through,” says Memon, noting that engineering courses typically follow a strict lecture format. Goldman, too, remarks that he has benefited from an expanded perspective. “Nasir [Memon] constantly pushed me to examine fundamental assumptions about the way law and cybersecurity work and how we’ve come to various policy outcomes,” he says. “And I think he pushed our students to do that as well.”

As cybersecurity concerns grow more relevant across countries, the topical and collaborative nature of the CCS seminar serves as a mirror to prepare students in both fields for what they will likely encounter in their professional careers. “In the real world, cybersecurity problems are fixed by engineers and lawyers working together,” Milch states. “It was important to see if they could complement one another.”

Posted January 23, 2017