-------------------------
D.  Intellectual property
-------------------------
D1.  IP violation and YouTube
For user-driven sites such as YouTube, comment on what limits
should be in place for protecting intellectual property.  what
is deep-linking?  Describe what is fair-use on the Internet and
describe whether common techniques such as deep-linking and
excerpting fall under the policy.  Describe actual cases where
this has been an issue for indexing sites such as Google News.
Describe the German government's action against Google for its
"snippets" in March 2012.

D2.  Pirate Bay (Benjamin Stafford)
Describe the service that Pirate Bay provides.  Describe its legal
history and what the founders have done to circumvent prosecution.
What are trackers and magnet links and how do they relate to Pirate Bay?
What specifically did Pirate Bay do that got them into trouble and
how did they address this in their service?  What is the current stance
on the legality of Pirate Bay under US, EU, and international law?
Is this stance now compatible with freedom of speech?  Describe MegaUpload
and how it worked.  What were its legal issues?  What are similarities
and differences in the MegaUpload and PirateBay cases?  Describe
how the new Mega service works.  How does it avoid the legal issues
MegaUpload faced?

D3.  DMCA
Describe the Digital Millenium Copyright Act its application towards
taking down content on P2P networks and popular sites such as Youtube.
Describe cases where it has been misused by copyright holders.
Are software vendors liable for distributing code that breaks laws?
Are users liable for running code that can be used to break laws?
http://dmca.cs.washington.edu/
http://www.freedom-to-tinker.com.nyud.net/blog/mfreed

D4.  SOPA/PIPA/CISPA
Describe the history of the proposed SOPA/PIPA/CISPA copyright bills.  What
are some of the important provisions of these acts?  Why are they "needed"
to address piracy facilitated by sites such as ThePirateBay?  Which groups
are behind this bill and why do they support it?  Which groups are
opposed to this bill?  What is the Internet `death penalty' described
in these bills?  How does it work?  What is the proposed impact
of this mechanism on the deployment of DNSSEC?

D5. Open-source software (Matthew Stenson)
What is open-source software and describe its history and the
motivation behind it.  How has open-source and open ideas contributed
to the development of the Internet as it exists today.  What role
did it have in TCP/IP software distribution and Unix?  What are specific
instances of open source code that have had transformative effects on the
Internet?  What are some common proprietary protocols that
are prevalently used on the Internet?  Describe some similarities and
differences between the GPL and BSD licenses.

D6.  Google Books
Describe the controversy associated with Google's massive effort to
scan all of the books in selected libraries.  Were their efforts illegal
under copyright law that limits reproduction of work?  How were they
able to continue this effort?  Describe the court case and the settlement
agreement.  Do book authors opt-in or opt-out of the agreement?  Is the
settlement in the best interests of the authors?  What percentage of
revenue can Google obtain from monetizing access to these books?

D7.  Clickwrap
What are clickwrap agreements?  How do they differ from "shrink
wrap contracts" commonly used for software purchases?  What are browse-wrap
agreements/licenses?  How can such agreements be abused?  What are some
examples of EULAs that have been controversial?  What parts of the iTunes
EULA have been problematic in terms of accepting future terms and in ownership
of content?  Are Sony and Electronic Arts EULAs that ban law suits legal?
What does the Facebook EULA say about privacy of user information?

---------------------------
E.  Internet administration
---------------------------
E1.  ICANN management
Describe the power that ICANN has over the Internet.  Describe
some of the conflicts that have led other countries to seek
its independence from the US.  Describe China's proposal for a
split DNS system and problems it may cause.  Describe the problems
a split DNS system might cause.  Describe what the UN Internet
Treaty of December 2012 contained, who supported it, who opposed
it, and what ultimately happened with it.

E2.  IP address allocation
How are IPv4 addresses assigned and allocated?  Which entities control
them?  How are IPv6 addresses assigned and allocated?  What is the
controversy surrounding allocation of IPv6 addresses?  What were IPv6
days about?  Describe the impact that blocklists such as Spamhaus must
contend with when considering IPv6 deployment.  How have they handled
this issue?

E3.  DNS name squatting
What is DNS name squatting?  What are famous examples of it?  How does
trademark law impact this practice?  What are provisions of the
Anti-cybersquatting Consumer Protection Act?  Has this act ever been
enforced?  What is ICANN's policy for such disputes (UDRP)?  What are
example cases that have been mediated via the UDRP?  How does the UDRP
impact gTLD names such as the ".sun" domain?

E4. Net Neutrality
What is net neutrality?  Explain the two different types of net neutrality
(application and destination).  Describe the events that led to the push
for net neutrality.  Give specific examples of how this principle has
been violated by service providers such as Comcast.  Argue both sides of the
net neutrality issue and argue what the impact to the consumer would
be.  Describe the net neutrality rules that the FCC currently has.  What
is their status?  Explain the motivation behind Google moving to become
an ISP and Comcast moving to become a content provider which may make
Net Neutrality a moot point. Describe AT&T's paid prioritization and
sponsored data programs.  Describe the Netflix deal with Comcast in
2/2014 and how it has impacted Net Neutrality.

----------------------
F.  Crime
----------------------
F1.  Internet gambling (Wumingkun Wei)
What kinds of gambling sites are available across the Internet.
Are they legal?  In which jurisdictions can gambling sites set
up?  How is gambling on-line controlled and regulated via the Federal
Wire Act?  What are provisions of the Unlawful Internet Gambling Enforcement
Act?  Describe recent state efforts to legalize Internet gambling and what has
motivated them.

F2.  Internet and cell-phone money laundering
Describe the issue of money laundering in general and why it is being
done.  How has this activity changed with improved technology? How is
it done via pre-paid credit cards?  How is it done via pre-paid cell-phones
and SMS?  How easy is it to perform?  How significant is the activity?
What can be done to limit it?  Describe the methods in which PayPal
prevents its service from being used to launder money.

F3.  Bitcoin (Patrick Costa)
Describe how Bitcoin works after reading the following:
http://cacm.acm.org/magazines/2015/9/191170-bitcoin/pdf
Aviv Zohar, "Bitcoin: Under the Hood"
Communications of the ACM, Vol. 58 No. 9, Pages 104-113.
What are people using Bitcoins for?  What are potential issues with Bitcoin
as a currency?  How does Bitcoin ensure anonymity and privacy?  How has the
value of a Bitcoin fluctuated over the last 5 years?  What are some examples
of altcoins.  How do they differ from Bitcoin?

F4. Silk Road
Describe Silk Road and how it operated.  How was the service shut down?  How
did Silk Road impact the value of Bitcoins?  How did its demise impact Bitcoin?
What was Mt. Gox?  Explain what happened to it and its impact on Bitcoin.
What has replaced Silk Road in the "dark web"?

F5.  Liability in web communities
Describe the mechanisms and successes that the Internet has brought
to support communities for those with mental and physical disabilities.
Give examples of such communities that have formed using web forums,
on-line chat rooms, and immersive environments such as Second Life.
Describe specific instances where these communities have been used
to save lives.  Describe some of the problems associated with on-line
support communities such as deindividuation and lack of moderation.
Give specific instances where it has harmed individuals.  What laws
apply towards running such sites?  Who is liable for the content posted
on them?  Who is liable for criminal activity on such sites?  Describe
Section 230 of the Communications Decency Act from the Telecommunications
Reform Act of 1996.  How critical has this provision been as the Internet
has evolved?

-------------
G. Technology
-------------
G1.  PageRank
Examine the PageRank algorithm Google developed.  How does it work?
How could it be subverted?  Explain what Google bombing and
spamdexing are.  Explain what the Panda algorithm adds to Google's search.
What has Panda's impact been on specific web sites?  How has Google modified
its search ranking algorithms recently to adapt to changing device technology?

G2.  Content distribution networks (Shuo Yan)
Describe what a Content Distribution Network is.  How do such networks
improve the performance of the web?  How do such networks reduce
the cost of providing content?  Give some examples of how
they are used in practice.

G3. Cloud computing (Jeannie Buss)
Describe the motivation behind cloud computing.  What are some of the
popular commercial versions of this for storage?  What are some of the popular
commercial versions of this for computing?  How are security issues handled
for such services?  Give a case study of a cloud computing service such as
Amazon's EC2.  How does it work?  How much does it cost?

G4.  HTML5
What is HTML5?  In what ways does it improve HTML (canvas, 2D/3D vector
graphics, forms support, local storage, audio/video)?  How does it compete
with and differ from Adobe's Flash for delivering video content?  What
are underlying issues with HTML5's proprietary codecs (e.g. H.264)?
Which companies are pushing HTML5 and H.264?  What is Google attempting
to do with Ogg and HTML5?  What are the trade-offs in one approach versus
the other for consumers?

G5.  Search Engine Optimization (Yavuz Sefunc)
What is the purpose of SEO?  Enumerate the common techniques for
applying SEO to web sites.  For a given web site, which techniques
would you recommend using to improve search visibility?  How have
these techniques changed over time?  What is a content farm?
Who are some of the major players in the SEO industry?  How has
their effectiveness been impacted by changes in Google's search over
the last several years.

G6.  SPDY and Quic
What are the drawbacks of HTTP and TCP that have led Google to
develop SPDY?  How does SPDY overcome these drawbacks?  What
is the status of SPDY?  What is DASH (Dynamic Adaptive Streaming
over HTTP) and who uses it?  Can SPDY be used in conjunction with
DASH?  What is Quic protocol developed by Google?  What problem
does it address on the Internet?

G7.  Google Wallet (Patrick Salinas)
How does Google Wallet work?  What kinds of attacks have there been
on the service?  How does it compare with mobile payments via
PayPal?  Why did Google require a near-field communication chip
with a secure element in order for its application to be installed
on smartphones?  How have traditional credit card companies such
as Visa and MasterCard responded?  What have been the biggest obstacles
to the adoption of mobile payments via smartphone?  Compare the state
of mobile payments in the US versus Asia and Europe.

G8.  Guns (Ryan Hoover)
Describe the different ``smart guns'' that have been developed to
reduce the number of gun deaths in the country.  Perform an ethical
analysis for mandating such guns in the US.  Describe the issue of
3D-printing of guns.  Perform an ethical analysis for banning
the ``print files'' for such guns.  How would this be similar to
bomb making sites?

-----------
H. Security
-----------
H1.  Identity establishment
What are the ways that one can establish identity in real life?
What are the ways that one can do this on the Internet?  How
do web sites authenticate themselves to users?  That is, how
do we know a web site is legitimate?  What are ways in which
web sites, especially e-commerce ones, authenticate users on-line?
Why can't a user's IP address be used to establish identity?
Describe a range of two-factor authentication systems being used
today by banks and web portals.  What is Facebook's novel two-factor
authentication scheme?

H2. Web security
What are SSL and TLS?  Why are they needed?  How do browsers ensure
remote web sites are who they say they are?  Are they secure even over
an insecure wireless network?  What is Firesheep?  What does it
enable the attacker to do?  How does SSL and TLS address this attack?

H3.  Certificate infrastructure
What is a certificate?  What is a certificate authority?  What are the
consequences of a CA being breached?  Describe the compromise of Comodo
and the issuing of bogus SSL certificates.  Discuss the incident of
fraudulent certificates and DigiNotar.  How do browsers deal with fraudulent
certificates?  What is the Convergence model of using user-selected notaries
to replace the Certificate Authority model of SSL/TLS.

H4.  Phishing (Michael Sayer)
What is a phishing attack?  What are prominent examples of
actual phishing attacks and how they worked.  What are ways that
phishing attacks can be avoided?  What are services that help one
identify phishing.  Explain how Spear phishing attacks and e-mail
reputation hijacking work?  Give real examples of such attacks.
How can one identify them from legitimate messages.  How prevalent
have these attacks become over the last two years?

H5.  DNS block lists
Describe what DNS-based block lists are and how they work.
Describe the components of the Composite Block List managed
by Spamhaus and how they can be used to stop spam sources.
Describe URL block lists and how they are used to identify and
stop spam.  Describe the DShield service and how it can be used
to make the Internet more secure.  Describe the accusations
against Spamhaus of censorship in November 2011.  Are they
legitimate?

H6.  Spam and the law
Describe the motivation and history of the CAN-SPAM act.  What are the
specific provisions of this act?  What are some of the penalties for
violating these provisions?  Describe some of the act's successes (i.e.
successful prosecutions) and its failures.  Discuss how spammers avoid
prosecution under this act.

H7.  Spam and DomainKeys
What are Domain Keys and how do they prevent spam from being
transmitted?  What are SPF DNS records and how do they prevent
spam from being transmitted?  Are there ways to circumvent these
techniques.  What problems do these techniques cause for legitimate
usage.

H8. CAPTCHAs
What is a Turing test?  What is a CAPTCHA?  What is its motivation?
Give example applications  of how they are used.  Describe how human
solvers are used to bypass CAPTCHAs for things such as concert ticket
purchasing.  Describe how automated solvers (PWNtcha) do the same.
Why is reCAPTCHA different than most CAPTCHAs?  What are potential
alternatives?  What is DeCAPTCHA?

H9. Cross-site scripting
Explain what cross-site scripting is.  How does it work and why is it
a problem?  How has been cross-site scripting been exploited to compromise
a user's machine?  What is NoScript?  Describe alternative ways that the
problem can be fixed.

H10. Spyware
*WARNING* Researching this topic may be detrimental to your computer.
Use a disposable virtual machine or a PSU computer to do your research.
Describe the problem of Spyware.  Give prominent examples of spyware.
What are methods (if any) that can be used to mitigate this threat?
Describe the provisions of the proposed I-SPY prevention act.  What
is the current status of laws for detering spyware?  Describe Blizzard's
anti-cheating system called Warden for World of Warcraft.  What does
it do on a client's computer?  Should this be considered spyware?

H11. Scareware and Ransomware
*WARNING* Researching this topic may be detrimental to your computer.
Use a disposable virtual machine or a PSU computer to do your research.
Describe the problem of scareware and ransomware.  Give prominent
examples of scareware and how they trick users into running software.
Give prominent examples of ransomware and how they work.  What are
CryptoLocker and Cryptowall?  How was it used against Hollywood
Presbyterian Medical Center in 2016?  What are methods (if any) that
are used to mitigate this threat?

H12. Software downloads
What is the danger of downloading software from the Internet?
How do adversaries trick users into installing malicious software?
Describe how software delivered over the network can be trusted.
What is the process employed by Apple's AppStore, Google's
Android market, CNET's download.com, etc. for identifying malicious
software?  How effective are these mechanisms?  How do operating system
vendors and open-source distributions prevent malicious software from
being delivered to a user machine

H13. IP address spoofing
Who is responsible for filling in the source IP address.
What is IP spoofing?  Describe attacks that use IP spoofing
to work including TCP connection hijacking, spoofed rsh/rlogin
authentication, TCP SYN reflection, BGP spoofed resets, and
DNS poisoning.  Describe ways that IP spoofing be combatted
(NAT, filters, encryption, etc.).  What is the Spoofer project?
What are their results?

H14. Cross-site request forging
What is cross-site request forgery?  Describe
incidents in which attackers have successfully used this
technique to compromise users.  What are techniques to prevent
such problems.

H15. Ethical disclosure of vulnerabilities
Describe the ethical issues surrounding the disclosure of
vulnerabilities by security professionals.  Should they
be disclosed to the vendor first before the public?  Should they
be discloded to the public if the vendor is either
slow or unwilling to fix the vulnerability?  What are the
ethics behind ``good viruses'' that patch known vulnerabilities?

H16. DNS poisoning
Describe the problem of DNS poisoning.  How does DNSSEC address security
problems with DNS?  Describe the state of DNSSEC deployment.  What are some
of the biggest problems in deploying it?  How prevalent is its usage?
Describe Yahoo!'s sign-in seal and how it can address DNS poisoning
attacks.  What are some alternatives that also prevent such attacks?

H17. Safe browsing
Describe how McAfee's SiteAdvisor and Google's SafeBrowsing work.
What are some of the similarities between the two?  What are some
differences?  How effective and easy-to-use are these tools?

H18. 802.11 security
Describe different ways of securing wireless networks including WEP and
WPA.  How was WEP broken?  What are the different flavors of WPA?
What is a WiFi Pineapple (Kitchen 2012)?

H19. Car security
Describe security issues with technology that is embedded in cars.
What is done to protect cars from malicious external attacks?
Describe the March 2010 incident in Austin, TX that allowed
someone to shut down cars remotely.  What are some demonstrated
vulnerabilities in cars exposed in 2010 by researchers at the
University of Washington?  What is the on-board diagnostics port and
how might it be used to compromise a car?  How is this issue being
tackled?  Explain the Jeep hijacking demonstration vy Miller and Valasek
in 2015.  What did this lead to?

H20. Driverless cars (Trevor Williams)
Describe Google's driverless car.  What are legal issues
associated with cars driving themselves?  How might this car be
vulnerable to attack?  Describe the issue of GPS spoofing and how
it might apply.  Describe the driverless car approach taken by
this talk:
https://www.usenix.org/conference/enigma2016/speaker-or-organizer/george-hotz-geohot
https://www.youtube.com/watch?v=KTrgRYa2wbI

H21. Social engineering attacks (Elias Santos)
What is social engineering?  Describe specific examples of this type
of attack.  Who was Kevin Mitnick?  What did he do?  How did he use
social engineering to gain access to systems?   How are spammers
using social engineering attacks to their advantage?  Explain how
Ubiquiti networks lost $39 million to a social engineering attack.

H22. Windows Update
What is Windows Update?  What software is it used for?
How are updates protected?  How has this service been attacked in
the past?  Describe the impact on users if the service is subverted.
Describe how an MD5 collision was able to hijack the service
in the case of Flame.

H23. UEFI
Survey a variety of mechanisms for securing the boot process of operating
systems from malware.  What do Intel's TrustedBoot and authenticating
bootloaders do?  How can such mechanisms be subverted?  What is UEFI?
How does it ensure proper booting?  What is its conflict with Linux?
How do Google Chromebooks ensure proper booting?

H24. DRM
What is meant by the term Digital Rights Management (DRM)?
What does it try to prevent?  What are some historical examples and
how did they work (or fail)?  What was DeCSS?  What are Warez?  What
are the fundamental challenges / problems with trying to do DRM?  How
did Apple's iTunes DRM system work?  Why was it abandoned for music in
2009?  What DRM is in place to protect digital copies of movies being
distributed?  How does DRM in video games work?  What is Steam's
Fairplay system?  What is the difference between media ownership and
media licensing?

H25. SQL injection
What is SQL and its role in web sites?  Give an example of a simple
SQL query.  What is SQL injection?   Give an example of a simple
SQL injection attack.  Explain this comic strip: http://bobby-tables.com/
Describe cases in which a SQL injection attack has been used to compromise
vulnerable web sites.  Describe methods for protecting against such attacks.

H26. Passwords (Mary Shaffer)
What makes a good password and why?  What are methods for storing passwords
at a server?  What are methods that adversaries use to obtain your password?
Why is it a really bad idea to re-use passwords across sites?  Explain
how user passwords were compromised in Yahoo!'s Voices in 2012.  Are there
other high-profile examples of sites whose passwords have been breached?
How many users were affected?  How good are people at choosing good
passwords?  What are some tools to help manage your accounts and passwords?

H27. Hacktivism and Vigilantism (Arella Yi)
Describe Mentor's Hacker's Manifesto and what it was meant to do.  Give
a brief history of hacktivism activity since then.  What is doxing?
What is Anonymous?  How does it operate?  What are some of the causes they
stand for and the activities they've undertaken to support them?  What is
LulzSec?  What have they done to gain notoreity?  How have these groups
gain access to the systems that they penetrated?  Explain the details
around the Stratfor Attack and its resolution.

H28. Stuxnet / Flame / MiniFlame
Describe the situation around Stuxnet.  What did it attempt to do?  How
successful was it?  How did it spread?  Describe Flame and what its
payload did.  What was novel in the language it was written in?
How did they abuse digital certificates?  Who is believed responsible
for these pieces of malware?  Discuss the Obama administration's
secret cyberwarfare efforts as exposed in a June 1, 2012 article in
the NYTimes.  Describe "Mini Flame" and the Shamoon/Aramco attack.  Who
is suspected to be responsible for each?  Why are such instances so
difficult to catch?  Describe the cyber-weapons that the U.S. might
have used against Iran without the nuclear agreement that was reached.
http://nyti.ms/1onEgPp

H29. Nation-based cyber-warfare
Describe the cyberwar initiated by Russia on Georgia.  What are
other examples of nation-based cyber attacks?  What was the RSA
compromise related to SecurID?  Who is suspected of having done it?
What (or who) is the Advanced Persistent Threat?  How does the APT operate?
Is the US vulnerable to a potential "cyber Pearl Harbor" or a cyber 9/11"?
Describe some cyber warfare scenarios proposed by Scott Borg and
Richard Clarke.  What is the motivation of the "Internet Kill Switch"
proposed by Lieberman?  What are provisions of the Cybersecurity Act of
2012?  Describe how Obama's Presidential Policy Directive 20 for tackling
the problem of cyberattacks (Nov. 14, 2012) fits with this act.

H30. Botnets
What is a botnet?  How are they created?  How are they managed?
Describe the Torpig botnet and how it worked.  Give other examples of
the kinds of attacks botnets have been used for.

H31.  Email encryption (Damas Gakwasi)
How protected or private are the contents of our emails?
What options are there for encrypting and/or signing your email?
Why does nobody use them?  (Or do they?) If more people used signed email,
what problems would that help to alleviate?  What problems would it exacerbate?
Describe the process Edward Snowden was forced to undertake in order to
be able to e-mail information securely to Glenn Greenwald via PGP.

H32. Cheating in on-line games (Xihan Bian)
Describe the problem of cheating in on-line games.  Explain what the common
cheats are in first-person shooters are including wall-hacking, aim-bots, and
skywalking.  Explain what the common cheats are in real-time strategy
games.  Explain what the common cheats are in MMORPGs.  Describe some of
the techniques game companies use to detect cheaters.  Describe some of
the techniques cheat software developers use to evade detection.  How
similar are these techniques to those used in detecting malware.