In October 2015, hackers infiltrated the accounts of 15 million T-Mobile customers, stealing social security numbers, names and birth dates. Last September, Yahoo revealed that 500 million user accounts were compromised in a massive data breach. At roughly the same time, Sony Corp. agreed to pay as much as $8 million to settle employee claims over theft of personal information in a computer hack.
With such alarming, wide-scale breaches, corporations and government institutions alike are turning increased attention to internet security issues. The demand for lawyers who are well-versed in cybersecurity law is intense right now,” says Orin Kerr, director of George Washington University’s newly-founded cybersecurity initiative.
“Companies are all facing cybersecurity problems, and there are very few lawyers who know this area of law.”
Cybersecurity: Not just for IT guys anymore
Law schools have been slow on the uptake, however; only a few offer focused LL.M.s specializing in the field, and most of these have only just launched. The University of Maryland’s Francis King Carey School of Law offers a one-year LL.M. that covers topics including internet governance and jurisdiction, cybercrime, data breach, as well as current and proposed legislation, policies, and regulations.
“We recognized a few years ago that cybersecurity wasn’t just an issue for the IT guys anymore,” says Program Manager Markus Rauschecker. While the university began incorporating cybersecurity courses five years ago, the actual specialization was launched just this year. The LL.M. has 25 students, with a handful specializing in cybersecurity.
“In general we see that technologists and the lawyers and policy makers don’t speak the same language,” Rauschecker says. “There’s a real need to develop translators, if you will, who can bridge the gap—to understand where each side is coming from, and reconcile all of that.”
Loyola Law School in Los Angeles also just created a one-year LL.M. in Cybersecurity & Data Privacy Law last spring, which covers compliance, computer network security systems, incident response and investigation, systems engineers approach to internet security, and white-collar crime. Aaron Ghirardelli, the program director, says that the LL.M. focuses on training students to understand two fundamental issues: what to do before an attack, and what to do afterward. For lawyers, there are many steps to take before a breach even happens: establishing coordination, knowing which authorities to report to, and how to prepare a company’s systems. In the event of one, counsel will have to quickly determine how to protect customer or client information, and how and when to give notice to customers and authorities.
Given the global nature of internet security, schools are also devoting a cornerstone of their curriculum to understanding differences in various jurisdictions.
“We live in a globalized market; as soon as data is online, suddenly you’re subject to rules everywhere in the world,” Ghirardelli notes. “If you’re a company in the U.S. and you have the data of an EU citizen, suddenly you’re subject to European regulations. So you really have to know the comprehensive rules in play.”
While George Washington University doesn’t yet have a specific cybersecurity LL.M., its Cybersecurity Initiative will host regular events on law and technology open to students as well as the public, in hopes that it will “provide a focal point for more events and more interdisciplinary work in the field,” Kerr says. Currently GW offers two LL.M.s: a general one that allows a student to specialize in any field; and a National Security LL.M., which can include cybersecurity coursework. Kerr says GW is considering a formal degree in cybersecurity law in the future if it finds sufficient interest from students.
A few other law schools offer cybersecurity curriculum as a part of broader LL.M. programs; Seattle University School of Law, for instance, offers an LL.M. in Innovation and Technology Law that places particular emphasis on privacy, cybersecurity, digital commerce, and financial technology. Stanford University also offers an LL.M. in Law, Science & Technology, while Berkeley Law School offers an LL.M. Law & Technology Certificate, a specialized program for LL.M. students that recognizes a course of study focused on technology law.
The job market for LL.M.s with cybersecurity skills
Organizations are expected to increase spending on IT security by almost 9% by 2018, according to BBC Research. The global cyber security market is slated to increase from $85.3 billion in 2016 to $187.1 billion in 2021, implying a worldwide boom for jobs in the space.
Demand for legal expertise is indeed on the rise; Kerr says that in the last few years, almost every major law firm in Washington, D.C. has established a cybersecurity law practice. But the demand is there in almost every sector, and graduates of LL.M. program could find themselves employed across a wide range of industries: as consultants, chief security officers for businesses, as well as government jobs. The Obama administration had sought a $5 billion increase in spending on cybersecurity for the 2017 fiscal year, budgeting $19 billion, and President Donald Trump’s chosen cybersecurity adviser, Rudy Giuliani, looks to be bullish on spending.
But ultimately, the jury will still be out on how much a cybersecurity LL.M. would bolster the chances for a better job.
“We don't yet know how much market advantage it would offer graduates a degree with a formal label of an LLM in cybersecurity law,” says Kerr. “It's the knowledge you gain that counts, of course; the courses you take and the professors you have. Education is about what you learn, not what the piece of paper says.”
Photo Image: System Lock by Yuri Samoilov / CC BY 2.0 (cropped)