I thought this was an interesting update
Emerging technologies shape every aspect of day-to-day life, and the amount of personal data that is stored on computers and servers around the world has rapidly increased. This raises important legal questions: Should you legally own your data, or should an institution? What should companies and organizations be legally responsible for if they have your data, but it’s lost or stolen? What type of regulations should apply to government-related activities that are now digitized and in cyberspace?
Indiana University leadership and faculty were asking these questions in the late 1990s. At the time, IU Maurer School of Law privacy law professor Fred Cate collaborated with experts across what is now the Luddy School of Informatics, Computing and Engineering and Kelley School of Business to form what later became the Center for Applied Cybersecurity Research.
Cate was the founding director and began teaching cybersecurity law, making Maurer the first law school to teach a stand-alone cybersecurity course. The class has since expanded to a program where students can earn a juris doctor degree and master’s in cybersecurity risk management or a graduate certificate in cybersecurity law and policy.
“What makes our program stand out is the amazing connection between law, technology, business and organizational behavior,” Cate said. “While many universities have great technical cybersecurity programs, not all of them have law schools. We are addressing that interdisciplinary sweet spot around how to create the right incentives for organizations and people to behave in ways that enhance security. The challenge in cybersecurity is not going to be technological; it is going to be behavioral.”
Tanner Wilburn, a joint J.D. and M.S. student, is graduating in May and is ready to address those interdisciplinary questions at a position he secured with a law firm in Washington, D.C. He worked in cybersecurity before graduate school and became interested in the legal aspects after listening to a podcast.
“When I started to explore graduate programs, the joint J.D./M.S. at IU was the perfect fit,” he said. “It’s one of the best programs out there, and the faculty are pioneers in this field.”
Wilburn is currently a student fellow at the Center for Applied Cybersecurity Research and an intern at the Atlantic Council’s Cyber Statecraft Initiative. Before that, he interned with the National Security Cyber Section of the National Security Division at the U.S. Department of Justice and served as president of Maurer’s Cybersecurity and Privacy Law Association.
Wilburn was well prepared to take advantage of these opportunities. Asaf Lubin, associate professor of law, ensures that students have the chance to apply their knowledge and skills to real-world cases.
“Lawyers, legal professionals and academics are constantly being asked to advise on issues of law and technology where policy is constantly evolving,” Lubin said. “We regularly put our students at the forefront of those policy conversations, involving them in conferences, amicus brief writings and dialogues with regulators. These are the people who are designing these policies in real-time. That is what this program is about.”
Students advised the U.S. federal government, sovereign nations and Fortune 500 companies. Lubin’s students advised the Balkan state of Kosovo on the development of its national cybersecurity legislation in fall 2024 through the IU Cybersecurity Clinic created by cybersecurity risk expert Scott Shackelford.
Additionally, through the IU Diplomacy Lab, six students under the guidance of Lubin prepared an extensive report for the U.S. Department of State’s Bureau of Democracy, Human Rights and Labor. The report covered the potential human rights benefits and risks of 19 emerging technologies, including artificial intelligence, autonomous vehicles, and autonomous cyber defense and offense.
Lubin’s research explores how technological advancements create new legal challenges in the areas of national security and international law. His work draws on his prior experience as a former intelligence analyst with the Israeli Defense Forces Intelligence Branch, a fellow with Privacy International, an expert contributor to the United Nations Office on Drugs and Crime, and other academic and governmental positions. He said he was drawn to the Maurer School by the university’s leadership in the cybersecurity field.
“By being one of the first law schools in the country to develop such a robust curriculum around cybersecurity, data privacy, intellectual property, and law and technology, Maurer’s program became nationally renowned and recognized,” he said. “With IU’s designation as a National Security Agency and Department of Homeland Security-certified Center of Academic Excellence, the university continues to ensure that its graduates are prepared to enter a fast-growing and developing cybersecurity job market.”
Students acquire more experience in risk management, which prepares them for jobs in the public or commercial sector straight from law school, instead of starting at a firm like most law grads. That was the case for Amanda Craig Deckard, who secured a position at Microsoft upon graduation and is now a senior director in the Office of Responsible AI. Her team partners with internal engineers, researchers and policy experts on how to secure the benefits of AI and guard against its risks, including through effective guardrails, operational risk management and governance.
“My time at IU Maurer School of Law allowed me to build up the substantive knowledge and skills necessary to navigate this path,” she said. “The breadth of coursework with faculty leading in the information privacy, cybersecurity, digital IP and broader tech policy fields was foundational.”
“The real differentiators for me were opportunities to work with such faculty, like Fred Cate, on questions they were pursuing in their own research; to practice leadership and problem-solving in forming new initiatives. I’m incredibly grateful for these experiences, which are all linked to the high-quality faculty that make me confident Maurer will continue to ensure students have opportunities to get ready for a rather dynamic tech industry.”
The classes also attract M.S. cybersecurity students, like Chimdera Ezeani, who are not pursuing a J.D. but appreciate how the evolving legal landscape will impact the ways in which they apply technology.
“I got my undergraduate degree in computer science and was always interested in cybersecurity,” Ezeani said. “When I saw the cybersecurity law classes and looked at the Maurer faculty and their experience, I was like, yes! This is exactly where I need to be.”
Source: https://news.iu.edu/live/news/43709-students-in-nations-first-cybersecurity-law
