Strengthening election cybersecurity is essential for safeguarding democracy. Attacks against recent elections in the U.S. and Europe demonstrate that cybercriminals and nation-state actors are becoming more aggressive, even as campaigning and voting become increasingly reliant on vulnerable computer and networks.
This new special topics course will provide a deep examination of the past, present, and future of elections, informed by perspectives from computer security, tech policy, human factors, and more. We'll cover vulnerabilities and safeguards for election infrastructure; the rise of digital information warfare against political campaigns; legal and regulatory structures that impact election security at federal, state, and local levels; and efforts to change technology and policy to strengthen security. Our weekly discussions will be informed by current events surrounding the 2018 mid-term elections. See the schedule for details.
Election cybersecurity raises complex challenges at the intersection of computer science, law and public policy, politics, and international affairs. Students from across these disciplines are encouraged to join the course.
|Prerequisites||EECS 388 or instructor permission. Non-EECS students are encouraged to enroll; we will arrange for alternative assignments appropriate to your major.|
|Seminar||Mon. 1:00–4:00, 1690 Beyster (4 credits; ULCS credit for CSE majors)|
|Lab Section||Wed. 2:00-3:00, 1690 Beyster|
|Communication||We'll use Piazza for announcements, discussion, and questions about assignments and other course material. For administrative issues, email email@example.com to contact the course staff.|
|Participation||10%||Attend class and make thoughtful intellectual contributions to our discussions.|
|Homework Exercises||25%||Occasional homework exercises that you will complete working alone.|
|Course Project||40%||A group-based research project on a technical or tech-policy topic related to election cybersecurity.|
|Final Exam||25%||A take-home exam covering all material from the course, due Friday, December 14.|
To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our class policy is that you must respect legal and ethical boundaries of vulnerability testing at all times, or else you will fail the course.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several federal and state laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.
Please review the university’s policy on Responsible Use of Information Resources for guidelines concerning proper use of information technology at U-M, as well as the Engineering Honor Code. As members of the university, you are required to abide by these policies.