Cyber Law
Clm
Member Posts: 444 ■■■■□□□□□□
So I have been throwing around the Ideal of going to Law school. I want to specialize in cyber law and technology. I feel like there will be a need for the Cyber professional that can go to court. My only concern is that i enjoy online classes and all online law schools are not ABA accredited so outside of Cali you realy cant take the bar.
What are your opinions on cyber lawyers
What are your opinions on cyber lawyers
I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig
Comments
-
Chinook Member Posts: 206If you follow the world of hacking you'll see there are a few very well known names who defend the hackers, constitution, etc. From what I understand they do it because they believe in the adage "innocent until proven guilty" and they're not getting rich.
Beyond that, I think that overall it's a great choice. Computer security laws are ages old and need to be re-written. There is a cyber war going on out there and legal advice makes a great deal of sense even if just for the pen-testing community. -
Clm Member Posts: 444 ■■■■□□□□□□If you follow the world of hacking you'll see there are a few very well known names who defend the hackers, constitution, etc. From what I understand they do it because they believe in the adage "innocent until proven guilty" and they're not getting rich.
Beyond that, I think that overall it's a great choice. Computer security laws are ages old and need to be re-written. There is a cyber war going on out there and legal advice makes a great deal of sense even if just for the pen-testing community.
A lot of the studying I have done when cyber law comes around one of the biggest caveats speaks about how cyber laws are old and written by people who don't know much about cyber or is really business driven. I'm really considering saving the money i was going to use for my masters and using it towards a law Degree.I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
TranceSoulBrother Member Posts: 215I've tossed around the idea of Law School in my head too and what I've read is that yes, online law school qualifies you for the CA bar only but also for other states' bar depending on specific conditions like apprenticeship with a local lawyer or additional classes. State requirements will vary and you will have to check them individually.
Cyber law is more than just defending hackers. You could get into policy or lobbying or in-house council for companies (although few would hire from online law school grads unless you have other qualifications). Just my opinion.
Which school are you thinking about? -
dmoore44 Member Posts: 646One thing that's always put me off from pursuing a similar route is that, unlike a MS program, a JD program doesn't really offer the opportunity to specialize in cyber - you'll be studying the same foundation material as everyone else; however, your existing experience and background should allow for an easy/easier transition in to cyber-related law.
If you decide to pursue a law degree, please keep us updated here - I'd like to read about your journey.
Best of luck!Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow -
beads Member Posts: 1,533 ■■■■■■■■■□@Clm;
If you broadened your legal horizons to include investigative legal services I think you'd find a much larger audience. Most large, if not all global, legal practices have investigative lawyers working for forensics experts and such. These people do tend to spend a great deal of time doing two things: preparing to go to court and sitting in court. The general rule is 8 hours of preparation for every 1 hour in court. For the forensics examiner its generally two weeks of investigation, one week of report writing and one hour in court - per case.
I have done this type of forensic work in the past and really enjoy it. Where I cannot make a steady diet of was working with a global legal firm. The perks were incredible, like late night gourmet food delivery type perks. Downside? Gum stuck on my shoe would get more respect if I were in a partners office explaining the intricacies of a particular finding s/he didn't like. Not that I am indicating play for play but you get what you pay for as well.
In a major metropolitan city I am absolutely sure you could start a practice and eventually hire a forensics person or team and make quite the living in boutique firm. The demand is there and growing but most lawyer types are generally pretty clueless about technology - to include the 'Y's and millennials.
- b/eads -
Clm Member Posts: 444 ■■■■□□□□□□@Clm;
If you broadened your legal horizons to include investigative legal services I think you'd find a much larger audience. Most large, if not all global, legal practices have investigative lawyers working for forensics experts and such. These people do tend to spend a great deal of time doing two things: preparing to go to court and sitting in court. The general rule is 8 hours of preparation for every 1 hour in court. For the forensics examiner it’s generally two weeks of investigation, one week of report writing and one hour in court - per case.
I have done this type of forensic work in the past and really enjoy it. Where I cannot make a steady diet of was working with a global legal firm. The perks were incredible, like late night gourmet food delivery type perks. Downside? Gum stuck on my shoe would get more respect if I were in a partner’s office explaining the intricacies of a particular finding s/he didn't like. Not that I am indicating play for play but you get what you pay for as well.
In a major metropolitan city I am absolutely sure you could start a practice and eventually hire a forensics person or team and make quite the living in boutique firm. The demand is there and growing but most lawyer types are generally pretty clueless about technology - to include the 'Y's and millennials.
- b/eads
I would love to have an open and broad practice to help in all aspects of cyber/technical law. I agree after a few years I could start my own firm cause like you said most lawyers are clueless when it comes to technology.One thing that's always put me off from pursuing a similar route is that, unlike a MS program, a JD program doesn't really offer the opportunity to specialize in cyber - you'll be studying the same foundation material as everyone else; however, your existing experience and background should allow for an easy/easier transition in to cyber-related law.
If you decide to pursue a law degree, please keep us updated here - I'd like to read about your journey.
Best of luck!TranceSoulBrother wrote: »I've tossed around the idea of Law School in my head too and what I've read is that yes, online law school qualifies you for the CA bar only but also for other states' bar depending on specific conditions like apprenticeship with a local lawyer or additional classes. State requirements will vary and you will have to check them individually.
Cyber law is more than just defending hackers. You could get into policy or lobbying or in-house council for companies (although few would hire from online law school grads unless you have other qualifications). Just my opinion.
Which school are you thinking about?
If I do go the online route I was thinking St Francis or concord they are two biggest names. But I might be moving to Georgia next year and would be considering a school thereI find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
xXxKrisxXx Member Posts: 80 ■■■■□□□□□□Hey OP,
Throwing these out there as additional resources:
Five Things Every Pen Tester Should Know About Working with Lawyers
GLEG Certification -
Chinook Member Posts: 206What you might want to do is look up who defended guys like Jeremy Hammond, Weev, Lulzsec, etc and reach out to their lawyers expressing your interested in Cyber Law. Who knows, they might answer or direct you where to start in life.
@Beads. The whole cyber "law" is so outdated it's embarrassing and it's always been that way. Look at Mitnick and what he went through. The judge thought he might whistle in a phone and launch a nuclear warhead. In the trials against other hackers much the same has happened. I keep reading about guys who point out vulnerabilities & then get arrested. Technically, if you left your PC open and had your username and password saved & I came along and logged in, I could be arrested & tossed in prison for that. The computer law, at least in the US, was created in like the 80's. Further, while I don't condone hacking (I'm a white hat with some smears in the hat) I also don't agree with guys going to prison for 30 years because they DDOS'd a website and took it offline for 40 minutes.
And what really needs to be done is someone to take up the case of legally pursuing these companies who do not secure their networks. Clearly giving them advice doesn't work. Nor does them being hacked on a near daily basis. So I guess the only way to harden networks is the make companies liable for lost data & breeches. "Did they knowingly ignore the potential security risks"? I don't know if that's legally possible, but I can see it becoming a major issue in the future. -
636-555-3226 Member Posts: 975 ■■■■■□□□□□Any specialized law practice is a good niche to be in, esp. an up and coming one in cyber. A few warnings:
Law jobs are very hard to get nowadays, so you'll really want to make sure cyber is where you want to go. Most cyber attorney jobs are held by big firms and companies, and to get into those size of companies you need to be top 10% of your class. You'll need to make sure you're top of your class not just in cyberlaw classes but also in the rest of your classes. This is going to take a lot of work/time. Obviously you'll want to find a law school that has a good cyber/ip/contract program.
Law school is also very expensive. Unless you get that good cyberlaw job coming out, you're going to have a lot of debt and probably won't make as much in, say, criminal alw as you would staying in infosec.
I'd avoid cheap or generic or online law schools. Mostly because you're going to need to fight to get into a big firm/org and they're going to be predisposed to taking excellent people from top-tier schools. Reputation and name brand means a lot for some of these big firms.
Another person mentioned SANS/GIAC GLEG. Good for non-lawyers, not so great for lawyers. Don't spend your money on it if you're looking to go into law school. -
Clm Member Posts: 444 ■■■■□□□□□□636-555-3226 wrote: »Any specialized law practice is a good niche to be in, esp. an up and coming one in cyber. A few warnings:
Law jobs are very hard to get nowadays, so you'll really want to make sure cyber is where you want to go. Most cyber attorney jobs are held by big firms and companies, and to get into those size of companies you need to be top 10% of your class. You'll need to make sure you're top of your class not just in cyberlaw classes but also in the rest of your classes. This is going to take a lot of work/time. Obviously you'll want to find a law school that has a good cyber/ip/contract program.
Law school is also very expensive. Unless you get that good cyberlaw job coming out, you're going to have a lot of debt and probably won't make as much in, say, criminal alw as you would staying in infosec.
I'd avoid cheap or generic or online law schools. Mostly because you're going to need to fight to get into a big firm/org and they're going to be predisposed to taking excellent people from top-tier schools. Reputation and name brand means a lot for some of these big firms.
Another person mentioned SANS/GIAC GLEG. Good for non-lawyers, not so great for lawyers. Don't spend your money on it if you're looking to go into law school.
I was Planing to do part time law school. and pay for most of it with my GI BILL. I don't want to be a lawyer who knows Information security I want to be a Information Security Professional who knows how to apply the law. This would allow me to build my law experience up with out starving. and then eventually I could open a law office or consulting firm. If that makes since lol it sounds good in my head.I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
Gess Member Posts: 144 ■■■□□□□□□□I applied for, and am anxiously waiting to hear if I got into a Hybrid JD program. You go for one/two weeks per semester and the rest is online. ABA accredited and qualifies you to sit for the bar in every state except New York. There are other Hybrid JD programs coming online next year, I know of Syracuse off of the top of my head.
I'm lucky enough that I happen to live two hours from the campus so the travel isn't a burden, but people fly in from all over the country for this program:
Hybrid J.D. Program
The Coast Guard is actively recruiting cyber law attorneys right now, as are many other government entities. If my plan to become a JAG falls through I may play the CISSP (and my experience) to create some kind of small consulting firm as discussed above. We'll see, the future is bright.
Unrelated to to the program above, but if you do get a JD you can go back to law school and certify in cyber law with more instruction. I'm sure other schools have it as well, but the school I linked to above offers this certificate:
Cybersecurity and Privacy Law
Unfortunately they don't seem to offer anything cyber specific during the actual JD program. However, since you have a say in how you do your externships you might be able to work a few weeks shadowing an attorney that specializes in cyber law.
If I'm accepted I'm using the GI Bill. If I can get a 20% scholarship, which should be pretty easy, it'll be fully covered. -
Clm Member Posts: 444 ■■■■□□□□□□I applied for, and am anxiously waiting to hear if I got into a Hybrid JD program. You go for one/two weeks per semester and the rest is online. ABA accredited and qualifies you to sit for the bar in every state except New York. There are other Hybrid JD programs coming online next year, I know of Syracuse off of the top of my head.
I'm lucky enough that I happen to live two hours from the campus so the travel isn't a burden, but people fly in from all over the country for this program:
Hybrid J.D. Program
The Coast Guard is actively recruiting cyber law attorneys right now, as are many other government entities. If my plan to become a JAG falls through I may play the CISSP (and my experience) to create some kind of small consulting firm as discussed above. We'll see, the future is bright.
Unrelated to to the program above, but if you do get a JD you can go back to law school and certify in cyber law with more instruction. I'm sure other schools have it as well, but the school I linked to above offers this certificate:
Cybersecurity and Privacy Law
Unfortunately they don't seem to offer anything cyber specific during the actual JD program. However, since you have a say in how you do your externships you might be able to work a few weeks shadowing an attorney that specializes in cyber law.
If I'm accepted I'm using the GI Bill. If I can get a 20% scholarship, which should be pretty easy, it'll be fully covered.I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Ah, where do I begin?
First, read this article as it will help you tremendously:
https://www.buzzfeed.com/josephbernstein/meet-the-maserati-driving-deadhead-lawyer-who-stands-between?utm_term=.mp6NjA9Mk#.mhx7X083v
Cliff notes Jay Leiderman has worked on 50 of the 100 cases that have been charged through the CFAA thus making him the expert. I won't get into the philosophical debate in regards to whether the laws are too broad (though when you look at a law that has been in existence since 1984 and only has been used to charge people federally 100 times I don't think you can argue too much in the way of it being too broad).
I am in a Legal Studies program at Drexel Law School. I cannot practice law with the degree, but I do get the same education first year law students receive. As part of my program I get to choose a specialization (Criminal Law in my case) and in turn I have the option for two electives. I am fortunate in that the Law School allows non-JD students to take approved courses with the JD students. Currently I am taking CyberCrime and it is quite literally a course on the Computer Fraud and Abuse Act (plus a few laws they typically get applied to CyberCrime such as child pornography laws and stalking). My professor is really good because for four of the weeks (8 week course with an online component) he brought in speakers who currently work in the Cyber Law realm. I've heard from a lawyer who deals in cyber security/compliance law, a lawyer who specializes in cyber insurance, a former US Attorney who dealt with child pornography and now practices data security and privacy law, and this week was the Assistant US Attorney for the Eastern District of Pennsylvania who heads up the CyberCrimes Unit and spoke about use of the CFAA.
The interesting part is that the AUSA said that he cannot find people interested in Cyber Law. He and one other attorney are the only ones who prosecute the cases in his district and both are in their 60's at this point with no one to take the reins upon their retirement. Why? Because no one wants to take cases where there is a very good chance you will lose and requires a lot of education on the part of the lawyer (if you don't know technology and can't explain it you need to learn those things). The attorney who spoke about cyber insurance put it best, as a new attorney there aren't many areas where you can become an expert of the law in just a few months. There will be literally hundreds if not thousands of lawyers who have been practicing longer than you have and you simply will never catch up. But in the case of Cyber Law, in six months you could read all the case law and begin practicing.
Law school is changing and you can specialize if you would like too. It is correct, you take all the same law classes as anyone else, but you are given electives. Each of the law schools in my area allow you to specialize and then utilize your electives to achieve that specialization. Typically those with a technology background go for Intellectual Property Law and make big bucks. As an example, Drexel offers concentrations in Criminal Law, Business Law, Health Law, and Intellectual Property.
I highly suggest that you stay away from online law schools. It's not a reflection on the quality of the education they supply, merely a fact that you won't be able to practice law or it would be extremely difficult to do so. Also, there are a ton of traditional law school graduates who cannot get jobs so you are now competing with their traditional degree versus your online degree (also they probably have taken and passed the bar, something you most likely will be unable to do or will have incredible difficult in doing).
As for law school be sure that you want to actually practice law and are prepared for a commitment like none other in your life. Just in my CyberCrimes class I have 100 to 200 pages of reading a week on top of presentations, discussion boards, and papers. Also, we had to read a 250 page book on Cyber Hate Crimes. All of that was for one course and I'm taking another on top of that requiring 50 to 100 pages of reading per week, a discussion board post (of some quality not just "yes I agree"), and a weekly legal brief on a topic chosen by the instructor. Now take that and double it because that is what a law student is doing whether they are part time or full time. Also, if you aren't a public speaker become one or do not bother. We spend three hours and 15 minutes a week literally arguing points of a case. It's the Socratic method thus even if you professor agrees with you, he or she will throw something at you and question your position.
In my CyberCrime course I am literally the oldest student (at 30). It plays out in my favor because having been in the private and public sector I have experience in making a point of view, where as my classmates are mostly fresh out of college graduates thus they aren't quite use to speaking up as much (though many make arguments better than I do and points that I would not have considered). On the other side I am the only person who deals in technology so in a class of 8 I am very rare. I've spoken with each of the presenters in the class and from what they say technology people would do well in the field.
I've tossed around the idea of law school as currently I have a 3.93 GPA so I know I could definitely do it (especially having completed this actual law course compared to just the legal studies versions). For me you really have to love the law if you are going to do it because the devil is in the details and you have to make clear and convincing arguments. If you are going to practice on the criminal side, you are working to convince 12 people, who most likely need assistance to turn their computer on, that the other sides case is deficient and lacks the strength to establish guilt. This fight isn't about true guilt or innocence, it's about beyond a reasonable doubt and if the prosecution can prove that.
“The odds of a plaintiff’s lawyer winning in civil court are two to one against. Think about that for a second. Your odds of surviving a game of Russian roulette are better than winning a case at trial. 12 times better.” - Jan Schlichtmann - A Civil Action
"It’s that every now and again—not often, but occasionally—you get to be a part of justice being done. That really is quite a thrill when that happens." - Andrew Beckett - Philadelphia
"It's the first rule of being a lawyer. What we think doesn’t matter." - Bobby - Double JeopardyWIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
TranceSoulBrother Member Posts: 215If I do go the online route I was thinking St Francis or concord they are two biggest names. But I might be moving to Georgia next year and would be considering a school there
St Francis and Concord are the more attractive of the bunch. St Francis is more restrictive in admissions.
There's not much outside CA for online law. A user on Quora was from GA and was applying to St Francis but got rejected. Apparently, some law schools can accept transfers like UA Birmingham if you pass the CA Baby Bar but again everything is on a case by case basis.
For my own purposes, a legal degree would not be to solely legislate in court. I would use it as an added benefit for corporate or boutique work along with other qualifications like forensics if ever I go down that route. I recognize you can get more qualifications with a SANS cert but a legal credential can have its own weight. -
Gess Member Posts: 144 ■■■□□□□□□□Awesome i was looking at this school i just cant imaging being gone for two weeks every semester i wish i could.
Yeah, of the 8 semesters two of them require two weeks, the rest you just come for a week towards the end. So 10 weeks over two years.
An interesting hook is that since it's a resident program, the GI Bill pays the full BAH. So you'll get ~$1,500 per month for housing during the semester if you're at the 100% level of the Post 9/11 GI Bill. That's about $33,000 in housing allowance over 4 years. Nice perk. -
beads Member Posts: 1,533 ■■■■■■■■■□What you might want to do is look up who defended guys like Jeremy Hammond, Weev, Lulzsec, etc and reach out to their lawyers expressing your interested in Cyber Law. Who knows, they might answer or direct you where to start in life.
@Beads. The whole cyber "law" is so outdated it's embarrassing and it's always been that way. Look at Mitnick and what he went through. The judge thought he might whistle in a phone and launch a nuclear warhead. In the trials against other hackers much the same has happened. I keep reading about guys who point out vulnerabilities & then get arrested. Technically, if you left your PC open and had your username and password saved & I came along and logged in, I could be arrested & tossed in prison for that. The computer law, at least in the US, was created in like the 80's. Further, while I don't condone hacking (I'm a white hat with some smears in the hat) I also don't agree with guys going to prison for 30 years because they DDOS'd a website and took it offline for 40 minutes.
And what really needs to be done is someone to take up the case of legally pursuing these companies who do not secure their networks. Clearly giving them advice doesn't work. Nor does them being hacked on a near daily basis. So I guess the only way to harden networks is the make companies liable for lost data & breeches. "Did they knowingly ignore the potential security risks"? I don't know if that's legally possible, but I can see it becoming a major issue in the future.
And here I thought I was being called out for something I said - Whew! No, understand and completely agree wholeheartedly, Chinook. What little law we have is nearly useless, outdated and in too many cases, misused to the point of being unrecognizable from the intent. Please add to that I seriously dislike the non-Latin root: "cyber". Phonetically sounds too close to cryo or cold. I know the term came from some obscure SF book back in the day etc and we have no other word like "computer" to replace such a aberration.
- b/eads -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■<step onto soapbox>
I'd argue that the CFAA is not overly broad and that the courts have (for the most part) kept it in line. People love to rattle off the "30 year prison sentence" as if anyone has actually received such a sentence. Being able to get a max of 30 years and actually getting it are two very different things. You use the example of exposing a flaw in a company. How did you expose it? If you exploited it first then you committed a crime. It's no different than finding a flaw in a bank, exploiting it, and when you come out with the money saying "oh I was just showing the flaw existed". The vast majority of prosecutors use everything besides the CFAA to prosecute cyber crimes.
The fact is the IT industry as a whole lacks ethics and in cases such as that the law steps in to fix it. I find it very telling that as many industries are moving towards ethics courses the IT industry has not. Going to be a doctor? You take a course in medical ethics. Going to be a lawyer? You take at least one course in ethics. Becoming a nurse? You take a course in medical ethics. In business? You guessed it a course in business ethics. While you could argue you either have ethics or you don't it doesn't mean it shouldn't be taught.
If you read the cases you see the courts actually do a really good job of analyzing the situation. Are they as well versed in the technology as we are? No. But for people who haven't grown up with it, haven't been taught it, and barely use it they are surprisingly accurate. You'll also find that a lot of the cases involving the CFAA are civil in nature because it is used so infrequently in criminal cases.
Also the technology is changing so quickly that to attempt to be specific would be ineffective. As an example, we had a regulation that specifically stated "in order to remotely connect to any system a dial-up modem must be used". A dial-up modem. That was written in the mid 90's by the early 2000's no company was consistently using a dial-up modem. So do you stifle innovation or do you get rid of the reg replacing it with something broad such as "any remote connection to a system must be secured as approved by <agency>". Broad, but fixes your issue and allows for whatever might appear in the future.
100 cases since 1984 (32 years), if you don't take into account the amendments from 1986 (30 years). For a law that was so overly broad and "abused" (as some people try to state) one might find it very odd that there isn't a flood of cases involving the CFAA.
Finally, I also think people get hung up because of the term "hacking". We're IT people and we know what real hacking is. So when we read an article where it says "Former employee hacks into company and deletes all their backups" only to find out they used someone else's account for access or had setup a second account we get riled up because in our sense it isn't hacking. But read the CFAA and show me how many times the word "hacking" or "hack" comes up. It uses the phrase "unauthorized access" and there is a purpose behind that. You were once authorized to do any number of tasks and now you're not. It's not the method you used to regain access that is the question, it's the fact that you were no longer authorized to do so. So in the example of "you stayed logged in and I went onto the computer so now that's hacking" isn't correct. The question is were you authorized to use the computer? If I went to a federal prosecutor and said, "I stayed logged in and he used the computer under my name that's unauthorized" are they going to say, "yup I'll have him arrested and we're going to get him 30 years for that". No. They're going to say "you shouldn't stay logged in and we're not bogging the system down with this".
As an example, you get fired from a job and they take your access card. You just happen to either have a second card (not associated with you) or you borrow a friend's then reenter the building. Are you trespassing? Of course. You were authorized, but were fired and they removed your access. Yet here you are. Is the trespassing law overly broad? Is it up to the company to make sure that any method you might use to get back into the building is closed? No they make it clear you are no longer welcome (by firing you) and if you show up the law takes over.
<step off soapbox>WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Gess Member Posts: 144 ■■■□□□□□□□It may be of some interest to someone reading this tread down the line. The school I linked to above (and will be attending this fall) may be including a Cyber Law & Privacy track. It's current under review by the school. They just added a Healthcare track a few months ago and I'm hoping they add the CL*P track by next year when I'll be ready to take those courses.
-
LAWYER2 Member Posts: 37 ■■■□□□□□□□Is anyone hear a practicing attorney with GLEG certs? I'm interesting in pursuing this avenue of specialty but have found very few attorneys who do it.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I don't know of any attorneys who have taken the GLEG course or certification. My experience has been if they have any certification it is the CIPP.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff