Election Cybersecurity Fall 2018

Strengthening election cybersecurity is essential for safeguarding democracy. Attacks against recent elections in the U.S. and Europe demonstrate that cybercriminals and nation-state actors are becoming more aggressive, even as campaigning and voting become increasingly reliant on vulnerable computer and networks.

This new special topics course will provide a deep examination of the past, present, and future of elections, informed by perspectives from computer security, tech policy, human factors, and more. We'll cover vulnerabilities and safeguards for election infrastructure; the rise of digital information warfare against political campaigns; legal and regulatory structures that impact election security at federal, state, and local levels; and efforts to change technology and policy to strengthen security. Our weekly discussions will be informed by current events surrounding the 2018 mid-term elections. See the schedule for details.

Election cybersecurity raises complex challenges at the intersection of computer science, law and public policy, politics, and international affairs. Students from across these disciplines are encouraged to join the course.


Professor
Prerequisites EECS 388 or instructor permission. Non-EECS students are encouraged to enroll; we will arrange for alternative assignments appropriate to your major.
Seminar Mon. 1:00–4:00, 1690 Beyster   (4 credits; ULCS credit for CSE majors)
Lab Section Wed. 2:00-3:00, 1690 Beyster
GSI
Communication We'll use Piazza for announcements, discussion, and questions about assignments and other course material. For administrative issues, email electionsec-staff@umich.edu to contact the course staff.
Text Book
Broken Ballots: Will Your Vote Count?  Douglas W. Jones and Barbara Simons, Univ. of Chicago Press, 2012.
Additional reading assignments will be posted on the course schedule.

Grading

We'll determine your course grade based on these components:
Participation 10% Attend class and make thoughtful intellectual contributions to our discussions.
Homework Exercises 25% Occasional homework exercises that you will complete working alone.
Course Project 40% A group-based research project on a technical or tech-policy topic related to election cybersecurity.
Final Exam 25% A take-home exam covering all material from the course, due Friday, December 14.

Ethics, Law, and University Policies Warning

To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our class policy is that you must respect legal and ethical boundaries of vulnerability testing at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several federal and state laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the university’s policy on Responsible Use of Information Resources for guidelines concerning proper use of information technology at U-M, as well as the Engineering Honor Code. As members of the university, you are required to abide by these policies.