Tracy Mitrano's blog

Memories of 9/11

I had been at work as director of information technology policy only four months on Sept. 11, 2001. It was an era when people from a wide variety of disciplines found themselves in IT. “Get in the pool and start swimming” was the advice my ex-husband gave me when I told him I had applied for the position. A research electrical engineer, he had originally introduced me to the internet in the early 1990s (together with Professor Peter Martin of Cornell Law School). I sought his counsel after some of my attorney friends laughed at me when I told them I wanted the position. “What do you know about technology!” was the common refrain. Bill said, “None of us grew up learning anything about IT. Go learn it on the job.”

A goal to be an administrator in higher education that I had set when I graduated college in 1981 was achieved! If anyone had told me I would achieve that goal in “IT,” I would have asked, what is it? I pushed forward nonetheless. As I have recounted previously in this blog, my initial workdays went immediately into practice as I accompanied the IT security coordinator to the law school to examine a hack on the Law Information Institute. I worked as hard and as fast as I could reading about internet law and policy while raising my two boys, Sam, 5, and Nikko, 9, at that time. I even took advantage of an employee benefit to take a course. I chose Stuart Davis’s literature course, and after the boys went to bed, I started on Pale Fire by Nabokov. And then, on my way to work on that beautiful late summer day of Sept. 11, I heard about the first plane on the radio.

By the time I parked the car and made my way to the office, the second plane had hit. A group of us in the Computer Communication Center building in the Cornell campus wandered around in a state of suspended shock listening to the broadcasts. I was scheduled to go to the administration building for a photo shoot -- the Cornell Chronicle was going to do a story about my position -- and found the entire building, usually bustling, eerily empty. The photographer brought me into the boardroom and began arranging cameras and lights. I asked if we could put on the television. He maintained focus. I could not. Around 10:30, when the north tower fell, I asked him if we could stop. Just a few more shots. The vice president was not in that day, but I went by the office to share the moment with the administrative staff. Back to CCC in deeper shock. By early afternoon, I called Bill, who had the children that night, and asked if I could please pick them up. After mumbling some “unbelievables” to each other, he agreed, and off I went. I did not have networked television, so that night the boys and I went over to the house of a friend, Nancy Cook, who worked at the law school. Shock gave way to a profound sadness.

By Sunday, sadness gave way to grief. At the end of our church service at St. John’s, we sang “America the Beautiful.” I burst into tears. Embarrassed to be so emotional, and not wanting my children to be alarmed, I tried to explain. Our family tradition almost every holiday was of my father and his four brothers talking about their experiences in the Second World War. Memorial Day marches on Main Street punctuated growing up in Rochester with everyone coming to my parents’ restaurant down South Avenue afterward for a toast. The Pledge of Allegiance every morning after prayer at St. Augustine’s grammar school. Playing “spy” with my friends growing up, and an imaginary game I conjured, “Captain on Wake Island,” with babysitters. The attempt I made to join the military in college until my mother put a stop to it. Sure, I identified as a feminist, and, for my doctorate in American history, I studied under Marxists. (Is that a hammer and a sickle on the cake? my father asked in alarm at one event he attended with me at the home of my mentor, Betsey Fox-Genovese.) But all of that was an academic luxury in a country that allowed for free thought and speech. What, in god’s name, had become of U.S.?

About six weeks later, I was at the annual Educause conference being held in Indianapolis. The president of the association, Brian Hawkins, knew me through Polley McClure, VP of IT at Cornell. President Bush had just signed the U.S.A.-Patriot Act into law. “Would you put together a presentation on the impact of the law on higher education?” he asked, knowing that I was a rare bird among technologists with a law degree. I repaired immediately to my hotel room with two additional computers. On one, I called up the new law, signed Oct. 26, 2001. It read like gobbledy-gook in the parts that mattered, those that amended existing laws such as FERPA, ECPA and FISA, that I accessed with the second computer. I did the translation and analysis, pulling together a deck. Two days later, on the last day of the conference, I shared my thoughts with a room filled with people equally eager to make sense of it.

Almost immediately, I felt myself shot out of a cannon. Colleges and universities, libraries national and local, asked if I would come share thoughts. People poured out to listen and ask questions and wanted to be a part of community understanding what the law said, how it changed in our lives and the manners and mores of a democratic republic with, prior to that point, a reputation for a good balance between privacy and security on matters of government surveillance. There was cause for alarm. Out of fear, and in the name of finding terrorists abroad as well as in our midst, the framers had thrown balance to the wind in favor of disclosure to law enforcement. This disequilibrium exacerbated an already existing challenge whereby internet technologies outpaced the law’s wiretapping acts. A distinction between foreign and domestic surveillance collapsed. The law ripped open “Chinese walls,” or protocols between local law enforcement and the feds, that had been established to protect civil rights. The FBI became a domestic CIA, devoted to intelligence gathering within our own shores, tutored by an agency that had long ago kicked to the curb what was right about the United States in August of 1945 in their exercise of raw will and unchecked power on a global stage in years after armistice. The NSA, a creature of that era, became a monster organ to collect communications no matter between whom or where on the planet.

Edward Snowden would ultimately bear witness to these concerns that we voiced in the months after the U.S.A.-Patriot Act. Candidate Obama inspired us to hope we could reset the balance, stop the torture, terminate secret examination sites, close Guantanamo and end the wars. No revisions of outdated laws -- the Electronic Communications Privacy Act most notably -- were made. The Foreign Intelligence Surveillance Act lives on in infamy; the entire scaffolding of secret warrants and courts should be abolished. The Freedom Act proved a paltry attempt to rein in the unholy alliance that the Bush administration created with telecommunication companies to spy on us -- their legal immunity, acquired through Congress via closed-door meetings while we all slept in ignorance, a capitalist’s boon in the process.

Is it any wonder that people have lost confidence in government? That so many who bore economic and social disappointments simultaneously with these events feel left behind, their expectations of upward mobility and pride in place dashed? Why wouldn’t they find succor in false prophets and be predisposed to believe crazy stuff on the internet considering the incredulousness nestled squarely in existing “facts” and what has traditionally been represented as sources of “truth”? Unable to sort out this witches’ brew of outdated laws, wildly shifting social norms, a rapacious market and technology run amuck, people found scapegoats. The “other” became each one of us. The astonishment with which we looked at Kabul in the last month, I submit, is the long, sorry culmination of a half century or more of gut-wrenching mistakes and the slow acid burn of disappointment.

This very unfortunate historical morass is no wonder to me having spent four years traversing a congressional district the size of New Jersey, trying one on one to make sense of it all with people across vast social and economic chasms. I lost terribly, especially when a false prophet was on the top of the Republican ticket, and in the face of unabashed lies, gross histrionics and base fearmongering supported by a million dollars of corrupt campaign finance money. More than at the 10- or 15-year mark of Sept. 11, we are now in a collective state of remembrance not only for the event itself -- which will always deserve attention and respect -- but because we want to relive a time of greater innocence, to re-experience that moment when almost all of the world was with us, when we still reasonably believed that we could make things right, and that the United States, notwithstanding all of its challenges, could still be a place of possibility and hope. It’s akin to reliving the moment before an accident, when one thinks if only this or that. Twenty years later, time, tide and four years in politics has stripped me of the naivety that informed innocence. But real politique does nothing to assuage the eager patriot and politically passionate. We cannot allow naïveté to spoil us to the point that we too easily give up the effort.

I will, therefore, keep on working to educate our youth. I will urge them to participate in the politics of a magnificent country that has everything to lose by giving in to despair and still so much to gain by aligning our strengths. Yesterday, when I finished the class I teach at Cornell on privacy and surveillance, I wanted to play Ray Charles or Whitney Houston’s versions of “America the Beautiful” for them. I wanted to remind them that even the descendants of slaves find grace in their hearts to love this country, and that there is nothing to be embarrassed about being patriotic, having ideals or harboring hope. But I could not find the dongle to connect the computer, and we ran out of time doing basic course logistics. I drove home with a slightly heavy heart. I did not share my Sept. 11 experience with them, students so young they have no memory of it, and who listen eagerly to understand what it was all about. This morning when I woke up, I decided that that the best thing I could do is to write something. I dedicate this post to my students.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Friday, September 10, 2021
Diversity Newsletter publication date: 
Friday, September 10, 2021

National and State Infrastructure

The infrastructure bill wending its way through Congress and onto the President’s desk is a very exciting development for broadband deployment and other critical areas of the internet. Back when I ran for Congress, the Farm Bill of 2018 allotted about $500 million for broadband. A drop in the bucket, and one that few people that most needed it knew about it to apply for it. In my home county of Yates in the Finger Lakes region of New York, we have a 100% Republican County Legislature, and a Republican congressman. It took the defeated Congressional Democrat – me – to go to the County Legislature and tell them to go get the money. I suspect as pitiful of a number as that Farm Bill appropriation represents, for the failure to communicate adequately with the rural areas in need of it, it is still money unspent. 

Let it be known that in the last COVID bill, the one passed under the Biden Administration, there is also money for broadband. And we might remind each other of the obvious: if one did not understand the need for national, robust broadband before the pandemic, one could not ignore its significance since.  Concerned about global competitiveness with China? We need national, robust broadband access. Want to close the gap between rich and poor? Broadband is not a cure-all, but it will help. (Reconciliation Bill, that promised progressive taxation so that the corporations and the wealthy pay their fair share is the main ticket). Want to better integrate rural and urban areas, and its wealth gaps, broadband is a very big and necessary correction piece. Better education and schooling for youth? Greater opportunities for retooling or career-shifting in mid-life? You know the answer.

I want to couple this issue, about which I have already written so extensively over the years and campaigned for it tirelessly, to some interesting developments we have in New York State. You might have heard that Governor Cuomo is resigning in about two weeks. Our Lt. Gov. Kathy Hochel will fill his seat. I am a huge booster of her. She is well educated, experienced, and capable; she is fair; she embodies the upwardly mobile spirit; she gets New York State outside of New York City, Long Island and Albany; and she is unfailing respectful to supporters and critics alike. From my world view it does not get much better than that. Our state could not be better served under these unusual circumstances.

What then is my point of coupling advocacy of broadband and other critical topics related to the internet and the Albany shift? New York State has an opportunity to be a model in how states can properly deploy the federal money coming their way for the internet. 

  • Step One: Appoint someone to champion the allocation of that money throughout the state. Drop the Cuomo-style grants to ISPs and work with counties to be sure that they are using the approach best suited to their region. Integrating that effort with proven private-public partnerships such as the Southern Tier network tp professionally expedite the effort.  And for heaven sakes, create a realistic map of the state! Along with the exclusive grants to ISPs was a map that served them but not the public. Every household is the measure, not one point on every square. That mapping should work hand in hand with the efforts under way that Acting Chair Jessica Rosenworcel is creating under the Federal Communications Commission. 
  • Step Two: Appoint a cybersecurity czar for the state. Cybersecurity is, to be sure, a critical national issue, and there is much that still needs to be done in that space, about which I have already devoted so many blog posts. My point here is each state needs to integrate with the federal government.  Deputy Anne Neuburger, National Security Council, is promoting a good path of getting the federal government and its may agencies under a unified policy framework (although much remains to be done).  New York State – and all states – should do the same.  Mutual reporting must be brought into the framework with the federal and state government. Following up on President Biden’s recent Executive Order regarding voluntary reporting for corporations, state and federal government should be working seamlessly to bring private business in … especially the financial sector for which New York is the crown jewel. Be a good example for many other businesses across the national landscape and a reminder of our shared interests.
  • Step Three: Education, Education, Education. Appoint a cyber education czar.  So much work needs to be done beginning with simple technological instruction once people can obtain connections either through, or both, physical and financial assistance. Build on the technical with the information education about what it means to use this global network, how to maintain basic privacy and security of our own devices and keep a watchful eye on those with which we interconnect, including, and not least, our major internet businesses in search and social networking. There is nothing essentially new about mis or disinformation (first not intended, the second intended to deceive); it is as old as history. But the means, scope, and amplification of these forces on and through network devices is crippling this country’s effort to arrest the pandemic and create a trusted body politic.  Broadband deployment is just the start, but like any technology it is neither good nor bad, only thinking makes it so. Without the education necessary to integrate critical thinking skill, simple technological access could, conceivably, add fuel to divisive fires.  We must address this challenge, and education is our first and most important defense. Our fundamental democratic values rely on it.
  • Step Four: Create a Cyber Council for New York State. This Council should include all the obvious stakeholders and then some categories of people who are not so obvious. Technology firms, ISP and other telecommunication and internet company interests, privacy, and security experts both technical and policy, as well as educators from K-12 as well as our outstanding colleges and universities in New York State.  Bring in some people on the ground: low income, rural, old, young, marginalized populations – not least of which are our many indigenous communities -- diverse perspectives, upstate, downstate, Central and Western New York. Mission: Make New York the model of how to have this revolutionary technology serve the goals of public interest.  The other three czars should be sitting members.  Can this state-wide council then propagate similar bodies in their regional areas, using, perhaps the same geographic distinctions that served the state in the pandemic?  In other words, it is not just milage to Albany for a select few.  Get local regions and area communities involved until we have a series of council that represent all of New York State.   Library systems might be a wonderful supporter in this effort. 
  • Step Five:  Communicate, Champion, Communicate. Information technology, cybersecurity, and internet policy have for far too long been positioned on the outskirts of more traditional areas of governance. It is obvious that model has not served the public interest whether you look at anti-trust, privacy, cyber, disinformation, fraud, or any other aspect of the internet. There is a lot of money about to come our way, let’s use it very wisely by including good communication and governance in the strategic plan for it. 

Remember, higher education, twenty years ago when every other EDUCAUSE event was about getting a seat at the table of our institutions?Let’s help our governments and American society at large learn from our efforts. This area MUST sit at the big table, and then be part of every New Yorker’s life, education, work, and welfare.NOW is the time to do it!

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Wednesday, August 11, 2021
Diversity Newsletter publication date: 
Wednesday, August 11, 2021

We’re Getting There

In 2013 I made the top fold of The New York Times with an article on cyberattacks in universities. Considering the Biden administration’s new approach to nation-state cyberattacks, I reread the article this morning. Nothing new under the sun, except: (1) professionalization and intensity of the attacks; (2) codification of information-sharing rules between corporations and government; (3) the elevation of this issue to Department of State and higher levels of diplomacy. (If you need a quick primer of this history, you cannot do better than Nicole Perlroth’s article, hyperlinked for point 1, that came out in The New York Times yesterday.)

In my last post, I promised to focus on two topics: broadband expansion and cybersecurity. Today’s piece is on cybersecurity. I purposefully waited a month between posts because the Biden administration is ramping up its profile in this area. No crystal ball needed. After the devastating attack on a major U.S. oil and gas pipeline, surrounded by one ransomware attack after another, we all would have had to rise in protest if the administration did not start to take more decisive action.

Those of us in cyber have been calling for such measures for years. My baptism occurred within days of accepting the position of director of information technology policy at Cornell back in April of 2001. After learning the location of the office building bathrooms (a trope of first things first when you take a new job), off I went to my alma mater law school to learn about how the Chinese had probed a vulnerability in the Legal Information Institute servers and were in the process of sucking everything out: cases, journals, commentary. Major media took a hit in 2013 and finally started to get out the word that cyber was serious. Trump’s failure to accept Russia’s interference in the 2016 so rattled me I left remunerative work to run for Congress in a red district. On that Saturday morning after the 2020 election, around 11:30 Eastern time, when the AP called the election for Biden, I exhaled for the first time in years on this critical national security issue. But only briefly. There was so much more work to be done.

I write today to say that the Biden administration is off to a pretty good start. Biden has spoken sharply to Putin, who has been testing Biden on this subject since the inauguration. Last week REvil went off-line. Please do not assume that the matter is settled with this one move, but it is significant nonetheless. Mere mortals such as you and I do not know what offensive cybersecurity measures the U.S. is currently taking outside the level of Jen Psaki news releases, but to be sure Defense and NSA are in the mix. Putin has blinked.

Russia is a mess. It prioritizes cyberinsecurity with the dangerousness of a very intelligent, disturbed teenager who can and will not get help for him/herself but cannot stand to see anyone else be happy and prosperous. China, on the other hand, is the truly serious, focused rival for global dominance. Peril awaits anyone who underestimates their determination, capability or threat to the U.S. The oldest continuous civilization in the world, China knows well how to play the long game. That said, it is impressive that only 72 years after their revolution, they are now making decisive steps to absorb both Hong Kong and Taiwan as they rise in military, economic and political importance globally. Allow me one quick example: I went to Tanzania in January of 2018. Guess who is building all the continental highways in Africa … connections to raw materials, people and markets? One example amid thousands. During the Trump years, the U.S. slipped on the international front. Exceedingly strategic, China filled in the gaps and has been rising in importance ever since.

Recognition of their prowess is why I now compliment the Biden administration for raising the issue of cybersecurity to the diplomatic level. My heart did a leap when I read that Antony J. Blinken had issued a quote on this subject (“Secretary of State Antony J. Blinken said in a statement on Monday that China’s Ministry of State Security ‘has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.’” Perlroth, The New York Times, July 21, 2021). That signals Department of State awareness together with the promise that more is to come from that office on this topic. The organization of allies to move together on this front deserves another tip of the hat. The U.S. cannot and should not go cyber alone. In fact, this direction is precisely the one we should take: leadership internationally on global internet governance.

Compliments are intended to spur yet more action, not to rest on laurels. Here are some immediate next steps the U.S. should take.

  • Fill the FCC seat with someone who knows both higher education -- which the pandemic demonstrated requires attention on the broadband aspect -- and cybersecurity. Cybersecurity is both a domestic and international issue. The sooner the recognition of this dual nature of cyber, the more we can accomplish. See the next point.
  • Get the Department of Education actively involved in information literacy and cybersecurity education. The sooner the recognition that we must educate youth on “the full stack” (meaning: technical, social, legal and market implications of the internet and cybersecurity) the more, once again, that we can accomplish.
  • Do not leave the FTC or the President’s Economic Council out of the loop. We cannot sacrifice national security via cybersecurity just because the media is hyperfocused on Professors Kahn and Wu's placements in federal government. More than ever the U.S. must integrate its domestic policy about Big Tech with its international national security profile. (Biden administration work with Microsoft, and vice versa, on their most recent breach is a good model, or at least it seems from the perspective of readers of mainstream press.)
  • Bring privacy back to a center seat of national policy. It will properly inform and hopefully balance out the integrity of our constitution with our security, both foreign and domestic.
  • Because I have never been one to shy away from a conflict, I cannot help but add one more point: hello, Congress! Get involved! Bring the federal government’s zero day policy out of the shadows and into public light.

Future posts will cover these five areas. Until then, Biden administration, keep up the good work!

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Tuesday, July 20, 2021
Diversity Newsletter publication date: 
Tuesday, July 20, 2021

Taking Stock

Since returning to academia from politics, I have focused my remarks on two areas of internet policy: broadband deployment and cybersecurity. It soon may be time to broaden the scope, but for now, and until we get to a more secure place on these two subjects, I retain the focus. Let’s take stock of where we are on those two subjects under a new administration and some developments. Today I will address broadband issues. Next installment: cyber.

Broadband

Because I have lived my entire adult life in the Finger Lakes and Southern Tier region of New York State, I did not need the pandemic and close of schools to recognize the significance of broadband deployment. When I ran for Congress in 2018 and 2020, it was my No. 1 issue, not only because it has been part and parcel of my professional life for the last 20 years but because my platform of economic development for the region, improvement of K-12 education and even environmental improvement hinged on that foundational infrastructure. I fully recognize that in urban areas such as where I grew up -- the city of Rochester in western New York -- and in this district such as Jamestown, Elmira and Olean, financial accessibility complemented the otherwise rural challenge of getting the backbone laid and connection to schools, farms and homes. The size of New Jersey, this district needed both economic and infrastructure support. Once the pandemic broke out and schools closed, this gap became obvious to everyone. It is no wonder, then, that now I hear even Republicans talking about it!

The 2018 Farm Act, the most comprehensive of agricultural legislation whose legacy goes back to the New Deal, includes money for rural broadband deployment. In the 1950s the USDA took responsibility for rural electrification, and rural electrification is the model for broadband deployment policy. Consequently, in January of 2019 I went to my county’s Legislature, Yates, to advocate for taking advantage of it. Yates County has since been the recipient of $12 million to lay a backbone onto which commercial telecommunication companies can piggyback for subscription service.

N.B. how important it was for the Farm Act to provide funds to regional government. The fly in the ointment to state initiatives -- giving grants only to commercial providers -- may have helped urban areas where the population supports the effort but failed rural ones. Local government, when proactive, can fill the gap with the assistance of organizations such as the Southern Tier Network (SNI), a not-for-profit that facilitates broadband development.

COVID acts have increased opportunity for more funds to go into infrastructure relief. And the one-year option for low-economy individuals and families to receive support to afford a subscription helps both rural (where abundant poverty exists) and urban dwellers. Therefore, three main challenges remain.

First, the FCC should initiate the drawing of a realistic, national broadband map. That map should not use the same method that has held us back to date: maps drawn largely by telecommunication companies that divide landscapes into squares and declare an entire area covered if even only a single connection is made in that geographic space. (Part of what has kept NYS lawmakers from understanding rural plight. Maps drawn by telecommunication companies keep dollars flowing to commercial providers at the expense of rural populations. It is time for that pattern to stop, and we need elected state officials to stand up against the lobbying pressure of it.). Let’s get an accurate picture of who has physical connectivity and who does not.

Second, the FCC could and should do a thorough evaluation of what monies are available from which pieces of legislation, how much has been spent, how much is left and how much more is needed to accomplish this feat. Even among specialists, I have heard that there is confusion on this front. The FCC can and must begin with a schedule and make sure that schedule is widely shared with the public so people, governments and entities such as SNI can use it as an ongoing, constantly refreshed resource. The infrastructure bill, should it be passed, will absolutely require that we know where we are at this point with multiple pieces of legislation and pots of money to keep track of and be efficient with federal funding.

Third, and finally, the FCC should champion what remains to be accomplished on both the low-income and geographic broadband role out, set a date for completion (2025?) and stay on it -- no matter who is in the White House. The congressional district where I live is a microcosm of so many areas around the country that require this kind of development. So much potential exists where I live (and it has water!), but it is held back for the lack of connectivity.

Let’s be as smart as President Roosevelt when he called for rural electrification. Knowing that U.S. involvement with the war was only a matter of time, he knew he had to bring less productive areas of the country, then the Southeast especially, up to par to support the agriculture that would support industry that would support a war economy. If the name of the game in the 21st century is global competition, and with the People’s Republic of China especially, broadband deployment and the unleashing of so much economic power is a necessary step the U.S. must take. I have just laid out three necessary moves that our federal government, including Congress, guided by the FCC, should make to accomplish this goal and get our footing straight to take advantage of so much the U.S. has to offer its people and the world.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Friday, June 18, 2021
Diversity Newsletter publication date: 
Friday, June 18, 2021

Cybersecurity, at Last

This week, President Biden signed an executive order on improving the nation’s cybersecurity to move cybersecurity efforts along. None too soon. The United States remains the principal target of aggressive nation-states, organized cybercrime and garden-variety criminals around the world. This executive order is a critical first step.

About a month ago, I stopped writing essentially the same blog post repeatedly calling for federal action. I resume today because at last we have some concrete progress. This bill, as reported by The New York Times, creates an industry report card and cyber review board. OK, good starts. It will require more information sharing between government and industry … nice, but the devil will be in the details. Perhaps most important of all, it initiates a shift in federal commitment from its NSA Hollywood style, nontransparent offensive posture (think zero days) to a more transparent defensive posture (needed to wed industry, government and education, not to mention consumers in the protective net). That shift, psychological as much as it is material, is a critical one for the maturing of our government’s ability to manage this immensely complex issue, one that relies on diplomacy as much, if at this point not more, as technology.

Speaking of education, we still have a woeful lack of adequately credentialed people to fill the number of positions currently open in cybersecurity in all sectors of American society. This statistic first became apparent to me when I was the academic dean of a cybersecurity certificate program at UMass Amherst. Since my foray into politics -- inspired by no less than the former president’s egregious failure to recognize the Russian threat on our elections -- that gap has grown from the two positions for every qualified candidate to an even higher imbalance. With this legislation, it is bound to increase more greatly. In the meantime, I have built a content moderation curriculum from a small liberal arts college that does not have a computer science department. Currently, I am helping a community college that has a solid technical degree program resulting in an applied associate of science degree in cybersecurity raise its profile to keep pace with technical, market, compliance and workplace developments.

N.B. If you are an academic administrator reading this blog post, and you do not have some form of content moderation, cybersecurity concentration, certificate, major or otherwise credentialed program, do not pass the proverbial Go. Step up your game -- time to build one! And yes, this is for you, too, liberal arts institutions, former or existing women’s colleges (says the author of a doctoral dissertation on Catholic women’s higher education). Your country needs you to get into the business of educating people for jobs of national significance and ones in which a properly credentialed student can find ready employment in this vital field. It is not all about just computer science and programming, or a technical certificate in Linux or Windows. Cybersecurity is about the entire stack, from chips to content. Just ask Mark Zuckerberg, who has hired over 50,000 content moderators, a far greater growth than software developers, in the last few years.

Back to politics. Why did Biden issue an executive order? Because our money-driven, self-interested, media-obsessed, hyperpartisan Congress so resoundingly rebuffed the Obama administration’s attempt to get us to a better place that President Biden recognized this matter is too serious to risk immediate congressional self-adjustment. Congress must, however, get its head out of dark places and follow up promptly in a resolute bipartisan and focused matter on this order to bolster protective, defensive technical and policy measures and to right the course of the United States in this perilous global environment of cyber-insecurity. State Department, are you listening? You are a critical part of the solution.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Friday, May 14, 2021
Diversity Newsletter publication date: 
Friday, May 14, 2021

Going Forward

Acting FCC chair Jessica Rosenworcel is going into her work with all guns blazing. As she should. The forward movement of the FCC under Tom Wheeler and the Obama administration went into retrograde under Chairman Pai and Trump. Our country must now move forward assiduously to make up time, and there is no time to waste given the intersection between 21st-century developments in communications and global economic competitiveness. Expanded access to low-income individuals, rollout of broadband especially in low-population/rural areas, information literacy programs and the calling out of security risks with Chinese electronics are prodigious moves that Rosenworcel has made in a short period of time since her ascension to acting chair.

Five points outlined below draw on these developments for next steps. As will be apparent, the overall theme is working together with other offices and agencies to prepare the foundation of a more unified federal approach to the internet. Many moons ago I wrote a blog in this series on the advantage that the PRC has in a single government agency dedicated to the internet, the prism through which it designs strategic, military, economic, social, political and cultural actions. Designed over 100 years ago as silos, our administrative structure divides responsibilities for the internet into many different agencies. Radical transformation of that structure is not feasible -- there is too much substantively to do right now. But we must not allow ourselves to get stuck in that structure’s archaic constrains. Here’s how we can begin to transcend them to move effectively and efficiently going forward.

  1. The Biden administration should finalize Rosenworcel’s appointment -- she absolutely deserves it! -- and free up another seat for a Democratic appointment.
  2. The FCC should work intentionally and purposefully with the FTC (a reconstituted FTC -- have you read how George Mason University and its Scalia Center have been shaping the FTC under Trump? It explains a lot …). Antitrust and privacy are the big issues now. Soon it will be spectrum allocation and corporate consolidation. And then there are über issues of regulation of the internet, a topic that touches everything from taxes to content moderation. If these agencies do not work in alignment, expect corporate players to play one agency off the other. The people of this country will not be served by that path.
  3. The FCC should work in tandem with other federal agencies, Homeland Security especially, to strengthen internal federal security and privacy policies, procedures and practices, from the physical layer right on up to applications. In last week’s blog post, I advocated for centralization of institutional IT policy organized by a White House appointment. Rosenworcel and the FCC should exercise leadership in getting that plan going. Do we have to wait for another “OMG, we’ve been hacked!” Expect pushback from CERT. Distinguish IT policy internal to the federal government to that outside of it. And while you are at it, tell the NSA and CERT to shift gears from offensive to defensive measures if they don’t get the point.
  4. The FCC should work with the State Department to guide diplomatic efforts for global internet governance. Technical advisement not least, but hitting the right balance with international stakeholders about the role the U.S. plays in that effort is a subject that will require input from more than just inside State. Too much of a life? Think of the task this way: no diplomacy, no peace on the internet.
  5. The FCC should work with the Department of Education to create the principles of and a high-level curriculum for digital and information literacy to become a standard component of K-12 education. This country’s experience with the virulent outbreak of misinformation is reason enough. Add to that fact that this country must begin to prepare its youth for work in a global, competitive economy and you have reason enough for both agencies to work on it. Maybe even Congress could be persuaded to get over the culture wars long enough to throw that effort a few bucks.

The internet was never a luxury. It has always been a critical utility and an essential component of our country’s infrastructure. What makes this night different from those in the past is that many more people, including Republicans, are finally willing to acknowledge that fact -- although as we saw last week, they may not vote for what they claim to value. With politics as they may be, our government must “work up the stack,” from the physical layer to the internet’s cultural components. You know the phrase “think out of the box”? We must think outside the silos of our administrative structures to align this critical infrastructure with strategic goals. Right now there is no other agency with the chops or insight to lead that effort than the FCC under Rosenworcel. Let’s get to it.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Monday, March 15, 2021
Diversity Newsletter publication date: 
Monday, March 15, 2021

What to Do About Cybersecurity

Here we go again! With the news that the People’s Republic of China has penetrated Microsoft before we have figured out what to do with Russia’s SolarWinds attack, we roil in more hysterical media coverage, more OMGs from “experts,” more ideas about what should be done.

To which I will earnestly add mine that centers not on legislation or regulation for the society but on what our federal government should do immediately to address this sorry state of our nation’s national security posture.

On the domestic front, the White House should establish not an internet “czar” but a coordinator. A White House coordinator. That individual should designate a single point of contact in every federal agency with the same fundamental responsibilities for privacy and security institutional policies, reporting processes, and technical practices across the board.

This comprehensive approach would address two fundamental problems with the current configuration for internet privacy and security in our federal government: the absence of a single point of contact in the White House for the president and an uneven and poorly connected defensive cybersecurity structure within the federal government.

A White House coordinator should be the person to whom the president looks immediately for information about attacks and steps forward to establish a comprehensive defensive posture across the federal government. A person/role in Homeland Security, which is the current fallback position, is insufficient. Authority for the “internet” is spread out among almost 20 different federal agencies. That fact alone is a prescription for very mess we are in defensively on matters of cybersecurity. Too many sous cooks who each think in their domain they are the boss and no master chef to set the rules, roles and responsibilities in the kitchen. The chronic absence of this basic structure explains why the United States repeatedly demonstrates such extraordinary ineptitude in keeping its own agencies safe. Burying this critical role in one agency, even if it is Homeland Security, misses the point. White House coordination is absolutely necessary to get the job done. That coordination is best achieved not by stitching together a patchwork quilt across the federal government but by creating the quality of structure and process that clearly for everyone to see raises the priority of this matter throughout our federal government and concretely addresses the very significant cybersecurity challenges that our government must face.

How am I so sure that this is the way to go? Because I and we did it, at Cornell, and then throughout higher education, 20 years ago to protect large Research-1 universities. Is it perfect? No, because nothing in cybersecurity is perfect nor does any one state of being rest long enough to allocate vacuous awards. But the challenge is as serious a national security threat as our country has faced since the Second World War. We will only begin to rectify the problem when we genuinely understand that reality and bring to its fix the same quality of purpose, direction and energy that our country gave in that massive endeavor. Tested in smaller scales of large universities, this basic structure and process has proved to be good practice and the most practical of starts that can be exported to scale in our federal government.

On the international stage, the president must engage our diplomatic corps in the work of global internet governance. President Biden should delegate the heavy lifting to the State Department. The State Department should take the lead in crafting an approach that incorporates global stakeholders into responsible mechanisms that bring a rule of law to international challenges of cybersecurity specifically and global internet governance generally. That will mean dealing with the National Security Administration’s addiction to covert actions. It will very likely signal the termination of the NSA’s zero-day policy approach, one inefficiently and ineffectively mimicked by agencies throughout our federal government. Let’s also be clear that this approach was not thoughtfully taken by a presidential administration, or Congress, and discussed with the American people so that we could understand its implications or receive the benefit of expertise outside the NSA itself. Our country has functionally adopted it without a vote and without democratic process. It is failing us miserably but because it is not really transparent, because it is not understood by most people in the United States, and it is exceedingly difficult to get out of it.

The zero-day conundrum arises out of a cultural hubris. Hubris impedes recognition of the gravity of our challenges and the need to shift our current cyberorientation away from sotto voce offensive actions and toward an aboveboard defensive posture. So long as we continue to fashion ourselves as the biggest cowboys of the internet’s wild west, we will be unable to act in the ways that will protect our country best or to reassert the quality of global leadership we once exercised on the international stage with an earned measure of pride.

Again, I take history as my guide. In the aftermath of the Second World War, the United States not only led the Nuremberg trials with dignity, but by that very process our country infused humanity back into a world so largely devoid of it under the Nazi regime. The Marshall Plan turned enemies into friends and lifted millions of people within our own county to a better place materially that also allowed for a flourishing of everything from an expansion of civil rights to a flourishing of art and culture among us. The notion that the U.S. is the unequivocal leader in internet war games was a fleeting, momentary glory of the past. Now the United States is the target. International diplomacy is the only card the United States has left to play with any strength. And it is the one to play that is in fact not a game but would be an expression of values that made us truly, and not foolishly or superficially, a great nation.

We can make these critical shifts both domestically and internationally. We must make them if we want to lead again with respect and not just incremental blips of power punches matched by the death of a thousand cuts. We owe it to the generations before us who fought with everything they had to give us the opportunities they would not want us now to squander but to regenerate for those who come after us.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Monday, March 8, 2021
Diversity Newsletter publication date: 
Monday, March 8, 2021

Books to Read

In the final moments of the 2018 general election, in which I was the Democratic candidate for New York's 23rd district, we -- I and my opponent, Tom Reed -- were in a debate in Olean, in the far southwestern corner of the state. I do not even recall the full context in which I mentioned the national security needs for Congress to address our country’s cybersecurity posture when a man jumped up from my opponent’s section of the audience (almost as if on cue) and screamed, “It never happened!” He referred to the Russian interference in the 2016 presidential elections, the ultimate reason why I left my work at UMass Amherst and entered politics. I wasn’t even talking about that specific issue. In fact, I went to say that in my years at Cornell, I watched Chinese hackers, almost certainly from the military and government, suck whatever they could out of our networks: intellectual property, expensive subscription journals and research data. It didn’t matter. The point was to obfuscate my point with Republican playbook histrionics. “It never happened,” he kept yelling, and he returned to it at the end of the debate, when he made a beeline to me, breaking through a crowd of supporters, to disruptively make his point.

It happened. Rational people knew it happened then, and they know for sure now. Reported on many times over, I am in mind of it again having just finished Nicole Perlroth’s This Is How They Tell Me the World Is Going to End. Eminently readable, this book should be read, talked about and dealt with in government, education and corporate America. This post is not so much a book review. For that, there are many examples, and if one wants to really get the picture with Solarwinds in it -- because it was published just before that huge event -- Terry Gross’s subsequent interview with Perlroth would be a good amendment. Bruce Schneier’s Click Here to Kill Everybody is a fine complement. David Sanger’s The Perfect Weapon is also a must-read of recent books that take on this subject. In other words, it is happening. Republicans, denying it is tantamount to opening the gates.

Here is the point of this post: Diplomacy. Authors circle around it. Perlroth tells a better story that anyone about how Presidents Obama and Xi shook hands and brought down Chinese interference measurably until the Trump administration revived it. Many authors inevitably say something about the need for “rules” in cyberspace. Laura DeNardis's The Global War for Internet Governance brings governance squarely to light. Add her new book on cybersecurity, internet governance and human rights to the list: The Internet in Everything: Freedom and Security in a World With No Off Switch. Shake. Stir. Ice to taste. At the end of the day, we will not address what needs to be accomplished in the challenges of global cyber(in)security until we build diplomacy into it.

I hope that the Biden administration takes note.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Sunday, February 14, 2021
Diversity Newsletter publication date: 
Sunday, February 14, 2021

Surveillance Capitalism and the FCC

The title is a bit misleading! It suggests that this post is about a connection. There is a little bit of one, to be sure, and more of an argument could be made for a concrete one between surveillance capitalism and the FCC. But that is not what this post is about. Simply, I want to point out two different issues.

The first is about the work of Shoshana Zuboff of Harvard Business School, who wrote a must-read piece for The New York Times this week: "The Coup We Are Not Talking About." If you have not read it, you should. It frames the issues brilliantly. If you are not familiar with the concept of surveillance capitalism that she coined, then you must read this piece. As someone who has trucked in internet policy now for 20 years, I propose that one cannot grasp the context of the issues we face in this arena without the insights that she offers.

The second note I want to strike is to put a vote of support in for President Biden’s naming of Jessica Rosenworcel as acting chair of the FCC. Excellent choice, and I hope and expect that the Biden administration will bring her name in short order to Congress for confirmation as chair. Everything about Acting Chair Rosenworcel’s record and statements is right on the mark for what must be done in telecommunications to place the United States in a better position domestically and globally. It begins with a bold plan for broadband deployment nationally. Having already addressed this issue in the “I’m Back!” from campaigning post, I won’t repeat myself. Here I am suggesting that the Biden administration steers full speed ahead with this direction and get something accomplished on a front that will make a very big difference to rural communities all across America.

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Tuesday, February 2, 2021
Diversity Newsletter publication date: 
Tuesday, February 2, 2021

Section 230

Long ago but not so far away, Cornell University used to host an annual conference first named Computer Policy and Law and later renamed (working together with Educause) Institute for Computer Policy and Law, started by Steve Worona and Margie Hodges-Shaw. I had the privilege of working with it for about 15 years. In that time, Steve McDonald unfailingly offered a seminal session on internet liability. Since President Trump has brought the issue of Section 230 front and center of our attention, I have thought of Steve every time I read about it again now. Expertly, he would take us through the history of Anglo-American law from common carrier through publishers to the cases, mainly Cubby, Inc. v. CompuServe Inc. and Stratton Oakmont, Inc. v. Prodigy Services Co. that brought us to the instantiation of Section 230 in the Communications Decency Act of 1996.

I have followed but not fully analyzed the many pronouncements that have recently emerged in the wake of President Trump’s fury. President-elect Biden rashly suggested that it be repealed. (Rash, because that is not a well-thought-through position and should not be accepted reflexively.) I am not sure I can fully capture exactly what Trump wants a revised Section 230 to say, but of course we all know that the goal is for him to be able to say whatever he wants no matter what or when. Right-wingers pile on with the claim that social networking sites suppress their speech. And when I was the director of IT Policy at Cornell, I can attest to the many young men and women, but mostly women, who sat in my office (and whose parents often called, too) completely flummoxed that a law kept them bringing a claim against repulsive gossip sites such as Juicy Campus and CollegeABC.

About a week now after both Twitter and Facebook have barred the president from using their services, we learn that misinformation on the internet has been reduced significantly. I don’t know about you, but I breathed a big sigh of relief when I read that article. I know it will be temporary. Not unlike cybersecurity, we will likely be playing a game of whack-a-mole with new sites that will inevitably crop up. The “dark net” will probably get darker, and tracking capabilities to find the real people behind remarks will become more opaque. The issue of what the law can do, or not, or should do, how and in what ways is clearly not off the table. We will and must come back to that issue.

I repeat, I have not thought through this issue entirely yet. I do plan on incorporating into the class I am teaching at Cornell this semester. I look forward to the students and our simulated product management experience to teach me more about this important point. In the name of conversation, I would like to throw an idea or two out just to gather more thought. Here are some straw men to swat and questions with which to swat them:

  • What if federal law, i.e. a revised Section 230, let’s say, assumed all of the existing liabilities and immunities for print media?
  • Is the internet really any different than print media (or is it Mark Zuckerberg who does not want to assume the administrative burden that even this limited liability would create?)
  • What if the Biden administration reclassifies the internet as a utility (see last week’s post in which I advocate for that shift), which assumes more regulation than its current posture under the label “information service,” including as a common carrier, and the FCC and the courts, inevitably, have to settle the question of the automatic conflict that raises between that classification and immunity under Section 230?
  • N.B. Perhaps I missed something, but in the time that the Obama administration reclassified the internet as a utility before President Trump had FCC chairman Pai switch it back, but I don’t remember this issue coming up. Maybe I am mistaken, but isn’t there a potential conflict?
  • Okay, let’s go with President-elect Biden’s idea just for a minute -- let’s repeal it!
  • Are we willing to accept the jostling in the courts of what this repeal would bring about? It might be a longer, more interesting and yet more tortured route to get to the same place that the first straw man question posed, or not, depending on whether someone can make a compelling case that this issue disproves the Law of the Horse -- that technology really is special and deserves law separate and distinct from what exists already in physical space.

It is really fun to revisit, as Steve would say, old wine in new bottles! Inside Higher Ed no longer allows for comments, so I invite you to jump over to my Facebook site to offer your thoughts!

Show on Jobs site: 
Disable left side advertisement?: 
Is this diversity newsletter?: 
Is this Career Advice newsletter?: 
Advice Newsletter publication dates: 
Monday, January 18, 2021
Diversity Newsletter publication date: 
Monday, January 18, 2021

Pages

Subscribe to RSS - Tracy Mitrano's blog
Back to Top