276.1S sec. 001 - Cybersecurity Law Fundamentals (Summer 2025)
Instructor: James Xavier Dempsey (view instructor's teaching evaluations - degree students only | profile)
View all teaching evaluations for this course - degree students only
Units: 1
Grading Designation: Credit Only
Mode of Instruction: In-Person
Meeting:
TuTh 2:00 PM - 5:10 PM
Location: Law 12
From May 20, 2025
To May 29, 2025
Class Number: Click to show Class Number
Enrollment info:
Enrolled: 0
Waitlisted: 0
Enroll Limit: 35
As of: 11/28 08:14 AM
Corporations, government agencies, and other institutions are under constant cyberattack, threatening personal privacy, corporate trade secrets, critical infrastructure, national security, and democratic processes. In response, what role does the law play? Starting with the question of what is cybersecurity, this survey course will explore the range of legal and policy questions posed when a cyberattack occurs and will consider how the law can be deployed to improve cybersecurity. It will examine how the law of cybersecurity in the U.S. is a patchwork, including criminal law, data breach notification, tort law and other common law theories of civil liability, barriers to cybersecurity litigation, administrative agency regulation and enforcement, and national security law. It will examine how standards of care are being defined for cybersecurity, including for critical infrastructure. Looking forward, it will identify major trends in U.S. cybersecurity law and explore the relationship between artificial intelligence and cybersecurity. It will seek to offer insights on governance and risk management relevant to in-house counsel, private attorneys, and government officials. Given the complexity and rapid change that characterizes the field, the focus will be on U.S. law and policy. The class will meet over four days; attendance at each session is mandatory to receive credit. Each day will feature an interactive exercise, with a number of students pre-assigned to respond. Readings will be drawn from original sources (statutes, regulations, judicial opinions, administrative agency rulings, and new articles). All materials will be made available electronically on bCourses.
Jim Dempsey has been a leading expert on privacy and Internet policy for three decades. From January 2015 through May 2021, he was executive director of the Berkeley Center for Law & Technology (BCLT), where he helped maintain Berkeley’s #1 rating in IP law. Prior to that, he was at the Center for Democracy & Technology, where he held a number of leadership positions, including Executive Director (2003 to 2005) and head of CDT West (2005 to 2014). Currently, in addition to teaching a course on cybersecurity law in the LLM executive track program at Berkeley, Jim is Senior Policy Advisor to the Program on Geopolitics, Technology, and Governance at the Stanford Cyber Policy Center.
In August 2012, after Senate confirmation, Jim was appointed by President Obama as a part-time member of the Privacy and Civil Liberties Oversight Board (PCLOB), an independent federal agency charged with advising senior policymakers and overseeing the nation’s counterterrorism programs. He served in that position until January 2017, while also leading BCLT.
Prior to joining CDT, Dempsey served as Deputy Director of the non-profit Center for National Security Studies and Special Counsel to the National Security Archive. From 1985 to 1995, Jim was Assistant Counsel to the House Judiciary Committee’s Subcommittee on Civil and Constitutional Rights. He practiced law as an associate at Arnold & Porter, in Washington, DC, and clerked for Judge Robert Braucher of the Massachusetts Supreme Judicial Court.
Jim is the author of Cybersecurity Law Fundamentals (IAPP, 2021), a comprehensive survey of cybersecurity law for practitioners. He is also author or co-author of articles in law reviews and other journals, including “Breaking the Privacy Gridlock: A Broader Look at Remedies” (2021) (with Chris Jay Hoofnagle, Ira S. Rubinstein, and Katherine J. Strandburg); “The Path to ECPA Reform and the Implications of United States v. Jones,” Univ. of San Francisco L. Rev. (2012), and “Privacy as an Enabler, Not an Impediment: Building Trust into Health Information Exchange,” Health Affairs, (2009); co-author of the book Terrorism & the Constitution: Sacrificing Civil Liberties in the Name of National Security (New Press, Third edition, 2006) (with Prof. David Cole of Georgetown); and co-editor of Bulk Collection: Systematic Government Access to Private-Sector Data (Oxford, 2017) (with Fred H. Cate). He writes on cybersecurity policy issues at Lawfareblog.com
Exam Notes: (TH) Take-home examination
(Subject to change by faculty member only through the first two weeks of instruction)
Course Category: Intellectual Property and Technology Law
This course is listed in the following sub-categories:
AI Law and Regulation
If you are the instructor or their FSU, you may add a file like a syllabus or a first assignment to this page.
Readers:
No reader.
Books:
Instructor has not yet confirmed their textbook order, please check back later.