Tracy Mitrano's blog

Tragedies in Texas and Buffalo

With the tragic events in Texas and New York, we are once again thrown into a national conversation about how to address domestic terrorism. At least five principal issues come up in the wake of these events: public health concerns reflected in firearm laws; the effective applicability of “red flag” laws; mental illness; the loneliness and feelings of dispossession on the part of young white men who predominate in the demographics of shooters; ideologies and theories based on white supremacy; the safety of Black, brown and Indigenous communities, as well as our children; and, not least, the role that the internet and social media play in this complicated mix. For the sake of brevity, let us focus on the last point.

Content-moderation policies and practices have risen to the fore of debate in the United States. Suffice it to say that neither Democrats nor Republicans have hit the right mark, as evidenced by these discussions veering into extremes and becoming paralyzed as matters of new law in Congress. But for the bipartisan divide that afflicts the U.S., it does not have to be that difficult. A simple and clear law should be available for discussion among citizens and ready acceptance on the part of social media companies, notwithstanding their knee-jerk allergy to any form of government regulation. How about this draft?

  • All platforms must comply with existing First Amendment law, including the reporting of posts that pose a “clear and present danger” to the health and safety of the individual or community, including persons as well as physical property.
  • All platforms must have a clearly identified and functional link on the homepage of their business to which users can report illegal activity.
  • All provisions of this law are in keeping with section 230 of the Communications Decency Act of 1996.

Three main points illuminate these provisions. The first is the clear and present danger exception to First Amendment law. That exception is settled law, along with federal and state prohibitions against child pornography and obscene materials. Private companies apart from this proposed law are not bound by the First Amendment, but neither are they exempt from existing law. This provision makes that point crystal clear.

In keeping with that point, creating an obligation whereby users can report such activity offers the community an opportunity to participate in communication with social media companies. The helpless mess that many experience with security lapses and privacy violations can begin to be addressed with this basic and essential ability to streamline a complaint.

Moreover, this method has antecedents. The Digital Millennium Copyright Act of 1998 established a similar path for content owners to notify internet service providers of potential infringements. It would be quite simple for lawmakers to take a page out of the DMCA book. Nothing in these provisions obviates section 230 of the CDA. In fact, one could make the argument that because these rules are merely about the compliance of social media companies with existing law, this proposed law is extraneous. Indeed, the same could be said about the Stop Enabling Sex Traffickers Act and the Allow States and Victims to Fight Online Sex Trafficking Act. Congress passed those laws in 2018 nonetheless, indicating that in some cases it is important to enshrine in law that which should be obvious but is not, or that which, like content moderation, is so caught up in culture war discourse a clear statement seems to belie lawmakers as well as law enforcement.

By the same token, nothing in this proposed law inhibits a platform from establishing their own policy for content management. The law is the floor of expectations that our government sets below which no company is entitled to go without redress. Policy, stemming from the ancient Greek term for citizens, establishes a higher level of expectations for users of the community that the platform sets. Once one hits the Accept button on terms and conditions to a site, the user has effectively become a member of that community.

Much remains to be done in the United States to address domestic terrorism. Let’s begin with the low-hanging fruit: common sense law on content moderation according to the laws we already have in place.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Wednesday, May 25, 2022
Diversity Newsletter publication date: 
Wednesday, May 25, 2022

Get Off Twitter Now!

I have been waiting, along with millions of others, to learn some specifics about what Elon Musk wants to do with Twitter. First Amendment cant does not impress me very much. Zuckerberg has been using it for years, apparently not understanding that the First Amendment does not apply to Facebook/Meta because it is a private company, not a government. (The First Amendment only applies to the government entities.) And notwithstanding his more recent correction to a culture of freedom of expression, his “community standards” do not comport with First Amendment jurisprudence.

Musk is both smarter and more intentional about mapping the policy of Twitter on First Amendment law. Nothing else evidences that fact more than his declaration that he is going to reinstate Donald Trump.

My objection to Trump is not policy based—it is his total inability to speak from evidence and to manufacture only those points that serve his warped mental processes. I ran for Congress because as a cybersecurity policy specialist, I could not tolerate his rejection of Russian interference in our elections. Fast-forward, and according to The Guardian, 40 percent of people believe our 2020 election was stolen. Myriad articles have recently come out revealing how that whole notion took shape—read, for one, ProPublica’s “Building the ‘Big Lie:’ Inside the Creation of Trump’s Stolen Election Myth.” I am opposed to having Trump back on Twitter because as a person of such influence, he is a menace to our democratic republic.

I know that the transition to Musk has not occurred yet. But we cannot wait to show our resistance. I will have to write something thoughtful for Twitter, which might take a day or two, but I can tell you core of the message right now. I am getting off in protest.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Tuesday, May 10, 2022
Diversity Newsletter publication date: 
Tuesday, May 10, 2022

Privacy Is Really Dead Now

The ability, and indeed the right, to have a legal and safe abortion in the United States is on the chopping block of the Supreme Court. That concern deserves front and center attention, as many women and families struggle with the implications of this decision in their lives, especially in states with restrictive or trigger antiabortion laws already on the books.

Privacy as a legal and cultural concept also hangs in the balance.

This elusive yet meaningful concept once defined for two generations at least a legal right throughout the United States. It is worth revisiting what that right was all about, and what will be lost, not only for abortion rights but for something dear to all of us in a democratic republic.

Numerous historians and legal observers have noted that as both the market and technologies increasingly encroached on traditional cultural norms of privacy as understood by mostly the middle class from the 19th into the 20th century, advocates sought to enshrine privacy as a legal right. “The right to be let alone,” as Louis Brandeis viewed it, or, as the legal scholar Prosser articulates, torts such as “public disclosure of private facts,” or “false light.” As state law, these torts had varying degrees of success throughout the first half of the 20th century but nonetheless contributed to a swelling of generalized privacy concerns that reached an apogee in the 1960s and early 1970s.

Two Supreme Court cases represent that height: the 1967 U.S. v. Katz, about privacy in electronic communications, and Roe v. Wade. In the first case, the Court overruled a 1928 decision that found no right to privacy in telephone communications. That right not only defined a “reasonable expectation of privacy” in electronic communications but bequeathed the 1968 Omnibus Crime Control and Safe Streets Act, commonly known as the first federal wiretapping act, memorialized in thousands of television and movie procedurals of carefully crafted rules about how law enforcement must use courts and protocols for listening to people’s telephone conversations.

Six years later, the Court grounded its decision in Roe in the same right. That legal hook has been both the decision’s strength and weakness. Stretching from contraception cases in the mid-’60s, a right to privacy held real meaning for people who did not want “police in their bedrooms,” just as they did not want the police to have unlimited potential to listen to their telephone conversations. For originalists, the failure of the Constitution to have the word “privacy” explicitly stated in it became a rallying cry to overrule it. For most people, something still rang true to the concept: a zone of personal experience and agency unencumbered by the government.

We are now witnesses to the evisceration of those rights. In 1986, Congress updated the wiretapping law and created the Electronic Communications Privacy Act, a law whose protections of U.S. persons the U.S.A. Patriot Act deteriorated, and both technology and the market (read: internet companies such as Google and Meta/Facebook) have rendered all but meaningless. A decision to overrule Roe will have the same result for reproductive freedom, effectively ending a “right to privacy” in matters of family planning and, and possibly, its progeny in same-sex marriage. (It will remain to be seen whether the additional constitutional hook of equal protection that the 1992 Casey case introduced will stand up to this court’s onslaught.)

The adverse impact on our lives can’t be missed. In virtually every area of American life, bedroom to boardroom, telephone to internet, little stands in the way of either the government or the market to surveil, intrude and encroach on both the intimate and the mundane. Government and data marts have comprehensive perspectives of us as persons and as consumers, lending to the adage that they know more about us through predictive algorithms than we know about ourselves. Whatever our founding fathers thought about “privacy,” a cursory understanding of the Bill of Rights stands as evidence that it was not that. While pro-choice advocates reorganize a legal approach to legal and medically safe abortion, might we also take this moment to review where we are without virtually any privacy rights in almost all walks of our lives. It is time for a very serious reassessment of what privacy means, or should mean, in a democratic republic for our personal experiences as well as voting and commerce. Let this crisis be the opportunity to revisit and update electronic communications, consumer laws and, yes, reproductive freedoms and personal agency. “Privacy” may be a rose by any other name—but whatever you want to call it, we need it to live a democratic life. I shudder to think what my children’s and grandchildren’s lives will be like in the next two generations without it.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Sunday, May 8, 2022
Diversity Newsletter publication date: 
Sunday, May 8, 2022

Cybersecurity in War and Peace

Last week I gave a videoconferencing talk on cybersecurity for CAPE, an emeritus professors group, which is now publicly available if anyone wants to watch it.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Friday, February 25, 2022
Diversity Newsletter publication date: 
Friday, February 25, 2022

Good News on the Cyber Front

Yesterday brought two important pieces of good news on cybersecurity.

First is the hire of a White House cybersecurity czar, Chris Inglis. The Washington Post has this to say about his position:

Inglis has rejected the idea that his office should be fully in charge of cybersecurity—a responsibility that’s mostly split among his office, U.S. Cyber Command, the FBI and the Cybersecurity and Infrastructure Security Agency. But he’s described his job as equivalent to a football coach—making big picture decisions about what the team should be prioritizing.

Having long advocated for more coordination at the top, I salute the Biden administration for making this move. What to watch out for: in the medieval turf of inside-the-Beltway politics, the football coach may be a good metaphor, one that will not ruffle the feathers of those in command distributed throughout the federal government. In practice, our national defense needs may require more authority. Remember the advantage that both Russia and China have on us structurally by comparison—a centralized internet agency integrated with defense. We are still trying to shoehorn a 21st-century global technology that has implications about everything from military to the economy in an antiquated, early-20th-century federal government structure.

Second, Governor Kathy Hochul announces $60-plus-million investment into New York cybersecurity. New York’s ABCNews7 had this to say about it:

The collaboration will bring together cybersecurity teams from several state entities like Division of Homeland Security, NYPD, MTA, Port Authority as well as federal agencies.

There will also be a $30 million “shared services” program that will help local governments deploy high-quality cyberdefenses.

Per my post yesterday, I guess dreams do come true! I did not know this move was in the works when I dreamed about it last Saturday! Be that what it may, here is what to watch for going forward. Make sure the “shared services” are on par with the big hitters of Buffalo, Rochester, Syracuse, Albany, Yonkers, Brooklyn, New York, etc.—n.b., there is not a single metro center in either the old or the new 23rd Congressional District in which I ran, not Elmira, not Corning, not Olean. I know—believe me, I know—that it is the Republican giveaway. But it should not have been overlooked for this initial investment, not least given the significance of Corning Inc. (Ithaca, now, BTW, is in the new 22nd District, which includes Syracuse, an obvious Democratic seat +4 Biden.)

And here is where there is room yet to dream: cyber should not be separated from other aspects of the entire broadband rollout. In previous posts I have written about how I see this matter unfolding, with layers of representation from the local to state level. Let me repeat the message: don’t silo cyber! Integrate it with technical hardware and right on up the stack to legal, intelligence and critical use of the internet, guided by a hierarchy of representation from the grassroots to Albany.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Wednesday, February 23, 2022
Diversity Newsletter publication date: 
Wednesday, February 23, 2022

Lessons Learned

I am undergoing treatment for multiple myeloma. For those of you who knew me then, you might remember I had a 10-hour neurosurgery in 2008 that first brought awareness of an underlying plasma cell disorder. Doctors and I have been watching it all these years. Blood tests back in December suggested a spike. Then, in January, I yanked hard on something and thought I had pulled a chest muscle. Ten days later, I had a two-hour scheduled MRI. The next day, the first thing the doctor said when I went into the office was to ask how my ribs and shoulder were. “How did you know about that?” I asked. “Tracy,” he said, “Your rib is fractured. The cancer is in your bones there. It is time to start treatment.”

So far, it is very tolerable. I am continuing to teach—an information policy applied research course at Cornell—and consult on cybersecurity curriculum with Mitrano and Associates. The treatment is for four months, at which time, I pray, I will be in remission. Cross the bridge of a stem cell transplant then. I am resolved, which is a blessing for me to have a sense of direction and purpose.

Yesterday I had an interesting conversation with the nurse who administrators my infusions twice a week. Over the weekend, when I am off steroids and “crashing”—mostly being very fatigued—I am noticing my dreams. Was in Italy visiting some of my old haunts. Trying to persuade Kathy Hochul’s office to take cyber into account when doling out the abundant monies for broadband in New York State. And I think my mom made a cameo appearance; it was good to see her! “People tell me about their dreams,” the nurse said, which of course piqued my curiosity. When I prompted him to tell me more, the report came more along the lines of conscious thoughts about what they had, or had not, done differently with their lives. “Make up with a friend? Amends with a family member? Not spoken harshly to a child?” No, it turns out it is mostly about not having taken chances or risks in life. In the abstract, there always seemed to be time. Then, boom, a diagnosis! And a timeline, often not enough of one to accommodate those choices.

Did something unknowing prompt me to leave academic information technology in 2017 to run for Congress? Without a definite diagnosis or any timeline, I took the leap against financial, career and personal interest. I have no regrets about 2018, even though I was pretty sure I would not be successful. If I could have predicted the Trump effect, which in NY-23 turned many registered Democrats into effective Republican voters, or COVID-19, I would not have run twice (notwithstanding my promise, and strategy in 2018). On March 13, 2020, returning home from a few weeks on the road out in the western part of the district, I called in the troops due to the pandemic. I knew it was over then. If I could not get out and meet people face-to-face, to demonstrate I was not the injection-site, defund-the-police candidate that my opponent made me out to be, there was no way I was going to make it. But there it is. I am not a bucket-list kind of person—good thing, I guess, because that move was more of one huge dump truck.

What did I learn, you might ask? Lots. First, politics was, in my experience, dirtier than I imagined it to be. For years I took note of Senator Daniel Patrick Moynihan’s adage about academics: they fight so much because there is so little to lose. In our paralytic Congress, I can attest it is even more true in politics, both at the primary and general election level. Second, the campaign playbook used against me was hardly unique. Create a straw man; throw a million dollars of corporate campaign money into lies, histrionics and a fear-mongering attack. Works if you have the demographics, money and corresponding media outlets that demonize politics. Third, social media absolutely played a deleterious role. Name the Russian trick: create fake profiles, use proxies to evade campaign finance, generate gratuitous discord even where none exists—those features were constant and predominated on Facebook. Fourth, given this environment, policy hardly matters in a general election. The last day I recall talking policy was the day of the primary in 2018, June 23. The remainder of the time was the campaign playbook; there was no meaningful discussion of issues or policy in it. And that point leads to the fifth, and ultimately most unfortunate, aspect: Republicans and Democrats, framed by this environment, are almost completely talking around each other at this point. Very, very few people want to take political issues seriously and work through the differences.

On a personal level, I learned something about my limits. I grew up with loving, dedicated and hardworking parents, but not with refinement and with lots of scrap. I thought that background would put me in good stead with a district that mirrors much of that tough Scotch-Irish, Italian immigrant, pull-yourself-up-by-the-bootstraps sensibility. Turns out I have cultivated something of a romantic view of that past. When I felt the pressure of so many people’s hopes and support—including money—I reverted quickly to fight, and some behaviors I long ago left behind to be a good academic. I was not always graceful under pressure in private (and there are other issues, too, ranging from competence of staff to the politics that divided Democrats), although I did retain, I think, a good enough composure in public. Here was the lesson: all these years I thought I was the scrappy Irish-Italian girl from Rochester swathed in academic robes (and I have many!). Turns out those robes—and the dreams, aspirations and ideals of academia that they wrap up—are as real to me now as the passions of a little girl from the other side of the tracks.

Here, then, is my thought to share: if you are tempted by a road not taken, take a calculated risk! One honestly does not always know how much time and health one may have left to do it. You are bound to learn many things, such as business, budgets, politics, technologies, a craft, a trade, an expression of higher beauty or art. The most important lesson, however, is the one that you learn about yourself. I am not afraid to die (sad to miss my family, friends, colleagues and students, but not afraid), which at this point might be too easy for me say, because that is not imminent with my current diagnosis. But in the reflection of an incurable cancer, I am discovering how important it is for me to live with and in grace.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Tuesday, February 22, 2022
Diversity Newsletter publication date: 
Tuesday, February 22, 2022

(Some More) Thoughts on Facebook

It was the fall of 2006 when my desk phone rang. It was an assistant registrar at Cornell University, where I worked.

“Tracy,” she said immediately, “what are you going to do about Facebook?”

I laughed out loud and reminded her that Facebook was, at that time, a private company, only available to Ivy League institutions and not in the bailiwick of the director of information technology at Cornell. She pushed right through my protestations. “Educate the students about the appropriate use of it,” was her message

For a week or so I thought about it, and then one rainy November Saturday morning, I sat down and wrote “Thoughts on Facebook.” This essay is still widely cited today (although I regret that Cornell University, which co-owns it with me, has chosen to remove it from its servers). It is, I believe, the first “user guide” to Facebook. It is not academic. I wrote it in one sitting, just thinking through what I knew and could image about a site that invites disclosure. At the forefront of my thoughts was a story that my friend Steve McDonald told us about a student from Ohio State University.

In the days before MySpace, Friendster or Facebook, people self-disclosed on early, rudimentary electronic bulletin boards. One young man, name fully available, took that opportunity to discuss the dimensions and so forth of his phallus. Some time later, he began to apply for jobs and found he was always getting to the penultimate stage of a hiring process but not beyond … until one day an alum from a hiring committee pulled him aside and said it was because of that post. From that tale, I went on to talk about how not just students had access to Facebook -- if Mom and Dad had a cornell.edu address (or any Ivy League institution), they could see the posts. So did the Cornell police, administrators and faculty. Or an insurance adjuster, a bank lender and yes, employers

Fast-forward to The Wall Street Journal’s “Facebook Files” and the aftermath of countless stories of harm attributed in one degree or another to Facebook. Students in my Culture, Law and Politics of the Internet courses in the later 2000s were already cynical about Zuckerberg’s apologies. Cornell students who went to work for Facebook readily reported to me that the security -- and privacy -- of Facebook was a joke. Sheryl Sandberg underscored Mark Zuckerberg’s avarice. Cambridge Analytica malevolence deepened the plot; its magnitude gave notice to the results of the 2016 election. Myanmar genocide against the Rohingya revealed horrific use of the platform, and the list goes on, including acid burns and gang rape in India. Trump, and then Jan. 6.

Today, through the whistle-blower’s revelations, we contend with the grotesque activities of organized crime, deadly dis-/misinformation about vaccines, global indentured servitude and the vulnerability of youth at risk for mental illness, not to mention individual cases of hate crimes acted out in its vast realm of cyberspace. Against this astonishing set of atrocities, Zuckerberg, who no longer apologizes as he refashions himself as an “innovator,” has his company press on with a potential launch of Instagram for Kids. If you haven’t gotten the memo yet that Facebook is relentlessly interested in “profit over people,” as the whistle-blower has said, and does not really care about the human cost in its adolescent-minded pursuit of success, then perhaps it is time to look inward, my friend. You are missing the most obvious story of contemporary robber baron rapaciousness since Rockefeller, Vanderbilt and Morgan.

Fifteen years after I wrote “Thoughts on Facebook,” I am once again teaching about the law and policy of the internet. Just last week, coincidentally, our class discussed Section 230 liability. Sign me up for Danielle Citron’s suggested “Reasonable Content Moderation” reform -- in fact, having written policies and processes that work similarly (such as for the DMCA violations and safe harbors), I would be happy to help craft a model law. Also, I would happily put my shoulder to the wheel to assist FTC chair Kahn’s antitrust investigations -- and hopeful breakup -- of the company. And then there are the myriad privacy debacles associated with the Big FB. Senator Gillibrand’s proposed new agency devoted to oversight of consumer digital integrity sounds like a start. I hope that we get past debt limit, infrastructure and reconciliation to begin work.

We have come a long way since the best I could do was to suggest that Cornell students hide the red cups when posting on Facebook. It is time to break Facebook up, subject it (and others) to reasonable content moderation practices and make Facebook accountable. Not just to the United States, but to the world. What many may not know is that Facebook is the conduit to the internet in many developing areas of the world, which is how it plays such an outsize role in international affairs such as internal politics of India or the Rohingya tragedy. We, the United States, bequeathed Facebook from the most elite institutions -- Harvard -- of our society and an envied market-driven society that ogled Facebook’s success. In other words, it is not just a matter of making Facebook accountable. We -- American society, including American higher education -- have some accountability of our own in this matter of what we are going to do about Facebook.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Monday, October 4, 2021
Diversity Newsletter publication date: 
Monday, October 4, 2021

Memories of 9/11

I had been at work as director of information technology policy only four months on Sept. 11, 2001. It was an era when people from a wide variety of disciplines found themselves in IT. “Get in the pool and start swimming” was the advice my ex-husband gave me when I told him I had applied for the position. A research electrical engineer, he had originally introduced me to the internet in the early 1990s (together with Professor Peter Martin of Cornell Law School). I sought his counsel after some of my attorney friends laughed at me when I told them I wanted the position. “What do you know about technology!” was the common refrain. Bill said, “None of us grew up learning anything about IT. Go learn it on the job.”

A goal to be an administrator in higher education that I had set when I graduated college in 1981 was achieved! If anyone had told me I would achieve that goal in “IT,” I would have asked, what is it? I pushed forward nonetheless. As I have recounted previously in this blog, my initial workdays went immediately into practice as I accompanied the IT security coordinator to the law school to examine a hack on the Law Information Institute. I worked as hard and as fast as I could reading about internet law and policy while raising my two boys, Sam, 5, and Nikko, 9, at that time. I even took advantage of an employee benefit to take a course. I chose Stuart Davis’s literature course, and after the boys went to bed, I started on Pale Fire by Nabokov. And then, on my way to work on that beautiful late summer day of Sept. 11, I heard about the first plane on the radio.

By the time I parked the car and made my way to the office, the second plane had hit. A group of us in the Computer Communication Center building in the Cornell campus wandered around in a state of suspended shock listening to the broadcasts. I was scheduled to go to the administration building for a photo shoot -- the Cornell Chronicle was going to do a story about my position -- and found the entire building, usually bustling, eerily empty. The photographer brought me into the boardroom and began arranging cameras and lights. I asked if we could put on the television. He maintained focus. I could not. Around 10:30, when the north tower fell, I asked him if we could stop. Just a few more shots. The vice president was not in that day, but I went by the office to share the moment with the administrative staff. Back to CCC in deeper shock. By early afternoon, I called Bill, who had the children that night, and asked if I could please pick them up. After mumbling some “unbelievables” to each other, he agreed, and off I went. I did not have networked television, so that night the boys and I went over to the house of a friend, Nancy Cook, who worked at the law school. Shock gave way to a profound sadness.

By Sunday, sadness gave way to grief. At the end of our church service at St. John’s, we sang “America the Beautiful.” I burst into tears. Embarrassed to be so emotional, and not wanting my children to be alarmed, I tried to explain. Our family tradition almost every holiday was of my father and his four brothers talking about their experiences in the Second World War. Memorial Day marches on Main Street punctuated growing up in Rochester with everyone coming to my parents’ restaurant down South Avenue afterward for a toast. The Pledge of Allegiance every morning after prayer at St. Augustine’s grammar school. Playing “spy” with my friends growing up, and an imaginary game I conjured, “Captain on Wake Island,” with babysitters. The attempt I made to join the military in college until my mother put a stop to it. Sure, I identified as a feminist, and, for my doctorate in American history, I studied under Marxists. (Is that a hammer and a sickle on the cake? my father asked in alarm at one event he attended with me at the home of my mentor, Betsey Fox-Genovese.) But all of that was an academic luxury in a country that allowed for free thought and speech. What, in god’s name, had become of U.S.?

About six weeks later, I was at the annual Educause conference being held in Indianapolis. The president of the association, Brian Hawkins, knew me through Polley McClure, VP of IT at Cornell. President Bush had just signed the U.S.A.-Patriot Act into law. “Would you put together a presentation on the impact of the law on higher education?” he asked, knowing that I was a rare bird among technologists with a law degree. I repaired immediately to my hotel room with two additional computers. On one, I called up the new law, signed Oct. 26, 2001. It read like gobbledy-gook in the parts that mattered, those that amended existing laws such as FERPA, ECPA and FISA, that I accessed with the second computer. I did the translation and analysis, pulling together a deck. Two days later, on the last day of the conference, I shared my thoughts with a room filled with people equally eager to make sense of it.

Almost immediately, I felt myself shot out of a cannon. Colleges and universities, libraries national and local, asked if I would come share thoughts. People poured out to listen and ask questions and wanted to be a part of community understanding what the law said, how it changed in our lives and the manners and mores of a democratic republic with, prior to that point, a reputation for a good balance between privacy and security on matters of government surveillance. There was cause for alarm. Out of fear, and in the name of finding terrorists abroad as well as in our midst, the framers had thrown balance to the wind in favor of disclosure to law enforcement. This disequilibrium exacerbated an already existing challenge whereby internet technologies outpaced the law’s wiretapping acts. A distinction between foreign and domestic surveillance collapsed. The law ripped open “Chinese walls,” or protocols between local law enforcement and the feds, that had been established to protect civil rights. The FBI became a domestic CIA, devoted to intelligence gathering within our own shores, tutored by an agency that had long ago kicked to the curb what was right about the United States in August of 1945 in their exercise of raw will and unchecked power on a global stage in years after armistice. The NSA, a creature of that era, became a monster organ to collect communications no matter between whom or where on the planet.

Edward Snowden would ultimately bear witness to these concerns that we voiced in the months after the U.S.A.-Patriot Act. Candidate Obama inspired us to hope we could reset the balance, stop the torture, terminate secret examination sites, close Guantanamo and end the wars. No revisions of outdated laws -- the Electronic Communications Privacy Act most notably -- were made. The Foreign Intelligence Surveillance Act lives on in infamy; the entire scaffolding of secret warrants and courts should be abolished. The Freedom Act proved a paltry attempt to rein in the unholy alliance that the Bush administration created with telecommunication companies to spy on us -- their legal immunity, acquired through Congress via closed-door meetings while we all slept in ignorance, a capitalist’s boon in the process.

Is it any wonder that people have lost confidence in government? That so many who bore economic and social disappointments simultaneously with these events feel left behind, their expectations of upward mobility and pride in place dashed? Why wouldn’t they find succor in false prophets and be predisposed to believe crazy stuff on the internet considering the incredulousness nestled squarely in existing “facts” and what has traditionally been represented as sources of “truth”? Unable to sort out this witches’ brew of outdated laws, wildly shifting social norms, a rapacious market and technology run amuck, people found scapegoats. The “other” became each one of us. The astonishment with which we looked at Kabul in the last month, I submit, is the long, sorry culmination of a half century or more of gut-wrenching mistakes and the slow acid burn of disappointment.

This very unfortunate historical morass is no wonder to me having spent four years traversing a congressional district the size of New Jersey, trying one on one to make sense of it all with people across vast social and economic chasms. I lost terribly, especially when a false prophet was on the top of the Republican ticket, and in the face of unabashed lies, gross histrionics and base fearmongering supported by a million dollars of corrupt campaign finance money. More than at the 10- or 15-year mark of Sept. 11, we are now in a collective state of remembrance not only for the event itself -- which will always deserve attention and respect -- but because we want to relive a time of greater innocence, to re-experience that moment when almost all of the world was with us, when we still reasonably believed that we could make things right, and that the United States, notwithstanding all of its challenges, could still be a place of possibility and hope. It’s akin to reliving the moment before an accident, when one thinks if only this or that. Twenty years later, time, tide and four years in politics has stripped me of the naivety that informed innocence. But real politique does nothing to assuage the eager patriot and politically passionate. We cannot allow naïveté to spoil us to the point that we too easily give up the effort.

I will, therefore, keep on working to educate our youth. I will urge them to participate in the politics of a magnificent country that has everything to lose by giving in to despair and still so much to gain by aligning our strengths. Yesterday, when I finished the class I teach at Cornell on privacy and surveillance, I wanted to play Ray Charles or Whitney Houston’s versions of “America the Beautiful” for them. I wanted to remind them that even the descendants of slaves find grace in their hearts to love this country, and that there is nothing to be embarrassed about being patriotic, having ideals or harboring hope. But I could not find the dongle to connect the computer, and we ran out of time doing basic course logistics. I drove home with a slightly heavy heart. I did not share my Sept. 11 experience with them, students so young they have no memory of it, and who listen eagerly to understand what it was all about. This morning when I woke up, I decided that that the best thing I could do is to write something. I dedicate this post to my students.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Friday, September 10, 2021
Diversity Newsletter publication date: 
Friday, September 10, 2021

National and State Infrastructure

The infrastructure bill wending its way through Congress and onto the President’s desk is a very exciting development for broadband deployment and other critical areas of the internet. Back when I ran for Congress, the Farm Bill of 2018 allotted about $500 million for broadband. A drop in the bucket, and one that few people that most needed it knew about it to apply for it. In my home county of Yates in the Finger Lakes region of New York, we have a 100% Republican County Legislature, and a Republican congressman. It took the defeated Congressional Democrat – me – to go to the County Legislature and tell them to go get the money. I suspect as pitiful of a number as that Farm Bill appropriation represents, for the failure to communicate adequately with the rural areas in need of it, it is still money unspent. 

Let it be known that in the last COVID bill, the one passed under the Biden Administration, there is also money for broadband. And we might remind each other of the obvious: if one did not understand the need for national, robust broadband before the pandemic, one could not ignore its significance since.  Concerned about global competitiveness with China? We need national, robust broadband access. Want to close the gap between rich and poor? Broadband is not a cure-all, but it will help. (Reconciliation Bill, that promised progressive taxation so that the corporations and the wealthy pay their fair share is the main ticket). Want to better integrate rural and urban areas, and its wealth gaps, broadband is a very big and necessary correction piece. Better education and schooling for youth? Greater opportunities for retooling or career-shifting in mid-life? You know the answer.

I want to couple this issue, about which I have already written so extensively over the years and campaigned for it tirelessly, to some interesting developments we have in New York State. You might have heard that Governor Cuomo is resigning in about two weeks. Our Lt. Gov. Kathy Hochel will fill his seat. I am a huge booster of her. She is well educated, experienced, and capable; she is fair; she embodies the upwardly mobile spirit; she gets New York State outside of New York City, Long Island and Albany; and she is unfailing respectful to supporters and critics alike. From my world view it does not get much better than that. Our state could not be better served under these unusual circumstances.

What then is my point of coupling advocacy of broadband and other critical topics related to the internet and the Albany shift? New York State has an opportunity to be a model in how states can properly deploy the federal money coming their way for the internet. 

  • Step One: Appoint someone to champion the allocation of that money throughout the state. Drop the Cuomo-style grants to ISPs and work with counties to be sure that they are using the approach best suited to their region. Integrating that effort with proven private-public partnerships such as the Southern Tier network tp professionally expedite the effort.  And for heaven sakes, create a realistic map of the state! Along with the exclusive grants to ISPs was a map that served them but not the public. Every household is the measure, not one point on every square. That mapping should work hand in hand with the efforts under way that Acting Chair Jessica Rosenworcel is creating under the Federal Communications Commission. 
  • Step Two: Appoint a cybersecurity czar for the state. Cybersecurity is, to be sure, a critical national issue, and there is much that still needs to be done in that space, about which I have already devoted so many blog posts. My point here is each state needs to integrate with the federal government.  Deputy Anne Neuburger, National Security Council, is promoting a good path of getting the federal government and its may agencies under a unified policy framework (although much remains to be done).  New York State – and all states – should do the same.  Mutual reporting must be brought into the framework with the federal and state government. Following up on President Biden’s recent Executive Order regarding voluntary reporting for corporations, state and federal government should be working seamlessly to bring private business in … especially the financial sector for which New York is the crown jewel. Be a good example for many other businesses across the national landscape and a reminder of our shared interests.
  • Step Three: Education, Education, Education. Appoint a cyber education czar.  So much work needs to be done beginning with simple technological instruction once people can obtain connections either through, or both, physical and financial assistance. Build on the technical with the information education about what it means to use this global network, how to maintain basic privacy and security of our own devices and keep a watchful eye on those with which we interconnect, including, and not least, our major internet businesses in search and social networking. There is nothing essentially new about mis or disinformation (first not intended, the second intended to deceive); it is as old as history. But the means, scope, and amplification of these forces on and through network devices is crippling this country’s effort to arrest the pandemic and create a trusted body politic.  Broadband deployment is just the start, but like any technology it is neither good nor bad, only thinking makes it so. Without the education necessary to integrate critical thinking skill, simple technological access could, conceivably, add fuel to divisive fires.  We must address this challenge, and education is our first and most important defense. Our fundamental democratic values rely on it.
  • Step Four: Create a Cyber Council for New York State. This Council should include all the obvious stakeholders and then some categories of people who are not so obvious. Technology firms, ISP and other telecommunication and internet company interests, privacy, and security experts both technical and policy, as well as educators from K-12 as well as our outstanding colleges and universities in New York State.  Bring in some people on the ground: low income, rural, old, young, marginalized populations – not least of which are our many indigenous communities -- diverse perspectives, upstate, downstate, Central and Western New York. Mission: Make New York the model of how to have this revolutionary technology serve the goals of public interest.  The other three czars should be sitting members.  Can this state-wide council then propagate similar bodies in their regional areas, using, perhaps the same geographic distinctions that served the state in the pandemic?  In other words, it is not just milage to Albany for a select few.  Get local regions and area communities involved until we have a series of council that represent all of New York State.   Library systems might be a wonderful supporter in this effort. 
  • Step Five:  Communicate, Champion, Communicate. Information technology, cybersecurity, and internet policy have for far too long been positioned on the outskirts of more traditional areas of governance. It is obvious that model has not served the public interest whether you look at anti-trust, privacy, cyber, disinformation, fraud, or any other aspect of the internet. There is a lot of money about to come our way, let’s use it very wisely by including good communication and governance in the strategic plan for it. 

Remember, higher education, twenty years ago when every other EDUCAUSE event was about getting a seat at the table of our institutions?Let’s help our governments and American society at large learn from our efforts. This area MUST sit at the big table, and then be part of every New Yorker’s life, education, work, and welfare.NOW is the time to do it!

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Wednesday, August 11, 2021
Diversity Newsletter publication date: 
Wednesday, August 11, 2021

We’re Getting There

In 2013 I made the top fold of The New York Times with an article on cyberattacks in universities. Considering the Biden administration’s new approach to nation-state cyberattacks, I reread the article this morning. Nothing new under the sun, except: (1) professionalization and intensity of the attacks; (2) codification of information-sharing rules between corporations and government; (3) the elevation of this issue to Department of State and higher levels of diplomacy. (If you need a quick primer of this history, you cannot do better than Nicole Perlroth’s article, hyperlinked for point 1, that came out in The New York Times yesterday.)

In my last post, I promised to focus on two topics: broadband expansion and cybersecurity. Today’s piece is on cybersecurity. I purposefully waited a month between posts because the Biden administration is ramping up its profile in this area. No crystal ball needed. After the devastating attack on a major U.S. oil and gas pipeline, surrounded by one ransomware attack after another, we all would have had to rise in protest if the administration did not start to take more decisive action.

Those of us in cyber have been calling for such measures for years. My baptism occurred within days of accepting the position of director of information technology policy at Cornell back in April of 2001. After learning the location of the office building bathrooms (a trope of first things first when you take a new job), off I went to my alma mater law school to learn about how the Chinese had probed a vulnerability in the Legal Information Institute servers and were in the process of sucking everything out: cases, journals, commentary. Major media took a hit in 2013 and finally started to get out the word that cyber was serious. Trump’s failure to accept Russia’s interference in the 2016 so rattled me I left remunerative work to run for Congress in a red district. On that Saturday morning after the 2020 election, around 11:30 Eastern time, when the AP called the election for Biden, I exhaled for the first time in years on this critical national security issue. But only briefly. There was so much more work to be done.

I write today to say that the Biden administration is off to a pretty good start. Biden has spoken sharply to Putin, who has been testing Biden on this subject since the inauguration. Last week REvil went off-line. Please do not assume that the matter is settled with this one move, but it is significant nonetheless. Mere mortals such as you and I do not know what offensive cybersecurity measures the U.S. is currently taking outside the level of Jen Psaki news releases, but to be sure Defense and NSA are in the mix. Putin has blinked.

Russia is a mess. It prioritizes cyberinsecurity with the dangerousness of a very intelligent, disturbed teenager who can and will not get help for him/herself but cannot stand to see anyone else be happy and prosperous. China, on the other hand, is the truly serious, focused rival for global dominance. Peril awaits anyone who underestimates their determination, capability or threat to the U.S. The oldest continuous civilization in the world, China knows well how to play the long game. That said, it is impressive that only 72 years after their revolution, they are now making decisive steps to absorb both Hong Kong and Taiwan as they rise in military, economic and political importance globally. Allow me one quick example: I went to Tanzania in January of 2018. Guess who is building all the continental highways in Africa … connections to raw materials, people and markets? One example amid thousands. During the Trump years, the U.S. slipped on the international front. Exceedingly strategic, China filled in the gaps and has been rising in importance ever since.

Recognition of their prowess is why I now compliment the Biden administration for raising the issue of cybersecurity to the diplomatic level. My heart did a leap when I read that Antony J. Blinken had issued a quote on this subject (“Secretary of State Antony J. Blinken said in a statement on Monday that China’s Ministry of State Security ‘has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.’” Perlroth, The New York Times, July 21, 2021). That signals Department of State awareness together with the promise that more is to come from that office on this topic. The organization of allies to move together on this front deserves another tip of the hat. The U.S. cannot and should not go cyber alone. In fact, this direction is precisely the one we should take: leadership internationally on global internet governance.

Compliments are intended to spur yet more action, not to rest on laurels. Here are some immediate next steps the U.S. should take.

  • Fill the FCC seat with someone who knows both higher education -- which the pandemic demonstrated requires attention on the broadband aspect -- and cybersecurity. Cybersecurity is both a domestic and international issue. The sooner the recognition of this dual nature of cyber, the more we can accomplish. See the next point.
  • Get the Department of Education actively involved in information literacy and cybersecurity education. The sooner the recognition that we must educate youth on “the full stack” (meaning: technical, social, legal and market implications of the internet and cybersecurity) the more, once again, that we can accomplish.
  • Do not leave the FTC or the President’s Economic Council out of the loop. We cannot sacrifice national security via cybersecurity just because the media is hyperfocused on Professors Kahn and Wu's placements in federal government. More than ever the U.S. must integrate its domestic policy about Big Tech with its international national security profile. (Biden administration work with Microsoft, and vice versa, on their most recent breach is a good model, or at least it seems from the perspective of readers of mainstream press.)
  • Bring privacy back to a center seat of national policy. It will properly inform and hopefully balance out the integrity of our constitution with our security, both foreign and domestic.
  • Because I have never been one to shy away from a conflict, I cannot help but add one more point: hello, Congress! Get involved! Bring the federal government’s zero day policy out of the shadows and into public light.

Future posts will cover these five areas. Until then, Biden administration, keep up the good work!

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Tuesday, July 20, 2021
Diversity Newsletter publication date: 
Tuesday, July 20, 2021

Pages

Subscribe to RSS - Tracy Mitrano's blog
Back to Top