Legislators Face Tech-Heavy Agenda as They Confront the Future: Digital Issues to Watch

Never before have policymakers faced such daunting questions on regulating and legislating the growing impact of digital technology. We pick the most important issues they will grapple with this year.

E-scooters -- part of digital technology's impact on mobility policies.
It’s a common refrain: technology moves at warp speed; policy not so fast. But never before has so much new technology been adopted and put to use by the economy in a relatively short period of time, while raising a litany of concerns about its impact. In just a few years, technologies once considered niche have become mainstream. Just look at how fast artificial intelligence, drones, e-scooters and cryptocurrencies have emerged as major and disruptive players. Compounding this growth is the insatiable need for data. To feed the demand, telcom companies are building bigger and faster networks. Computing power needs to keep pace or stay ahead of the demand from these and other innovations, fueling new generations of automation, robotics and high-performance processing. In government, it has meant multiple hybrids of on-premises and cloud infrastructure even as industry players make competing claims about quantum breakthroughs.

Once again, policymakers are playing catch-up, trying to constrain the worst elements of these new technologies without strangling their innovative and economic impact. Problems with data privacy have taken center stage and tied to it are some key tech elements, such as AI. Exacerbating these issues are the inconsistent, often weak efforts by government to protect everyone’s personal information from hackers and data thieves. And what to do about all those drones in the air and e-scooters on the streets?

To make sense of what is going on with these very big digital issues, we have put together this report to bring some clarity and intelligence to the trends underway and what is happening on the regulatory and legislative fronts. 
-- Tod Newcombe

Artificial Intelligence

Two years ago, the outlook on artificial intelligence was largely optimistic about its impact on productivity in just about every sector of the economy, from farming to health care. Efforts to legislate or regulate AI were practically nonexistent. But as companies and governments have increased their use of AI in the workplace, demands have grown to rein in the technology and are likely to expand in 2020.

The biggest factor is the rapid rise of facial recognition. The technology’s vast capabilities first caught the public’s attention when reports came out of China about its use as a surveillance tool on citizens, especially ethnic minorities. In 2016, Amazon introduced Rekognition, an identification technology available through subscription to law enforcement agencies and private companies. Rekognition and tools like it have spread, thanks to better algorithms that can identify a person’s features, lower tech costs and, most importantly, AI, which makes it possible to sort through vast data sets of images at high speeds to find a match.

Facial recognition’s use of AI and its rapid adoption by law enforcement as a way to identify suspects and bad actors quickly put the technology in the crosshairs of privacy groups. Their chief worry: the implications of a still immature software tool that could run amok without proper constraints. In May 2019, San Francisco passed a ban on the use of facial recognition by police and other city agencies. Since then, at least a dozen local governments have set restrictions on government surveillance broadly, including the use of AI software, according to LexisNexis State Net.

Concerns about AI’s impact on privacy have also led to legislation at the state level. Last year, California enacted AB 1215, which imposed a three-year moratorium on the use of facial recognition software in police body cameras. The state is one of 20 that have introduced legislation in 2019, the majority of which would restrict or ban the use of this particular form of AI.

A bill signed into law in Illinois, and taking effect this year, requires employers to inform job applicants about the use of AI during the hiring process. A growing number of firms are using “interview bots” to evaluate personal characteristics, including facial expressions, body language, word choice and tone of voice, according to Jennifer Betts, an attorney who specializes in labor law. Firms that use the technology must provide applicants with a written explanation of the technology and acquire their prior consent to be assessed by AI.

Writing in the National Law Journal, Betts pointed out that the Illinois law, known as the Artificial Intelligence Video Interview Act, “highlights a myriad of privacy concerns for employers evaluating the costs and benefits of incorporating AI technology into their hiring practices.”

Other states are beginning to address the issue of “deepfakes,” which are AI-altered audio and video, often of celebrities and politicians, that make them appear to say and do things that did not actually happen. Already, several federal bills have been introduced that attack deepfakes, but only a handful of state bills have been introduced — namely in California, Texas and Massachusetts. In Texas, a bill introduced by state Sen. Bryan Hughes would criminalize the creation of such deepfakes meant to “injure a candidate or influence the result of an election.” The bill has been criticized by civil rights groups as an infringement upon free speech rights.  

Last year, on Capitol Hill, congressional Democrats introduced a bill called the Federal Algorithmic Accountability Act, which would provide federal oversight of AI and data privacy, including the regulation of AI systems that make decisions impacting consumers. It would require organizations to audit their AI tools and platforms for bias and discrimination and take corrective action to resolve any issues. Oversight responsibility would be in the hands of the Federal Trade Commission. 

The bill is unlikely to become law, according to Betts. But it could be a harbinger of things to come.

--Tod Newcombe


For state and local governments, 2019 was the year that cybersecurity could no longer be ignored. 

Large, coordinated ransomware attacks in Texas, Florida, Louisiana, and many other states across the country showed the growing power of malicious hackers to wreak havoc on communities big and small through financial pressure and disruption of services. Costing the nation upwards of $7.5 billion in damages last year alone, the attacks targeted organizations that had previously seen little action: One study showed an increase in attacks on schools, while another showed attacks on hospitals rose by an estimated 65 percent.

In spite of this, attempts to ameliorate the problem legislatively have had real shortcomings. A recently introduced bill in Maryland, for instance, has sought to criminalize the possession of ransomware if a person intended to use it, but the law faces an obvious problem: Most hackers use identity cloaking technologies and deploy their attacks from locations greatly removed from their targets. Enforcement of such a law, in many cases, would be impossible.  

If punishment for hackers is mostly a dead end for policymakers, an alternative strategy — and one we’re likely to see more of in the coming year — has been to bolster defenses. Unfortunately, this is more an aspiration than a reality for many governments because of financial constraints: Almost half of states do not have a separate cybersecurity budget and spend a total of 1 to 2 percent of their overall IT budgets on security. Cybersecurity staffing issues have been an obvious problem for states for a long time, and the problem is even more egregious for most cities.  

A workaround for these deficiencies has been to encourage smaller governments to lean on the federal government for assistance in areas like preparedness and best practices, most predominantly from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Agencies like CISA have the expertise, technology and manpower to deliver defenses and intelligence that state and local bodies simply do not possess. Bills seeking to emphasize CISA’s facilitator role include ones like the Cybersecurity State Coordinator Act, which would create CISA cybersecurity liaisons to partner with state and local officials on security and defense. 

Similarly, a bill introduced and passed by the U.S. Senate last year would create a federal Cyber Hunt and Incident Response Team through DHS that would be responsible for assisting entities that have already been hit by a cyberattack of some kind. 

In an attempt to help governments help themselves, a recently introduced bill would create a $400 million fund, administered by CISA, from which communities could apply to receive grant money to shore up their defenses, including areas like staffing, cyberhygiene, and regular testing. At the same time, CISA has also announced its intentions to assist governments across the country with their election security preparations during the 2020 presidential race.

At the end of the day, it’s likely to be an uphill battle either way, but increased partnerships between the state, local and federal levels of government will likely mitigate the costs of cyberattacks in the long run. 

-- Lucas Ropek

Data Privacy

State lawmakers are increasingly concerned about protecting personal data. Agreeing on how to do it at a time when individual information is everywhere remains a huge challenge.

A total of 160 bills addressing consumer privacy have been introduced this year in 26 states, according to the National Conference of State Legislatures. That’s a lot, but roughly the same number of bills were introduced in about the same number of states in 2019. Few of them reached the governor’s desk.

All around the country, legislators are struggling to find the right balance between protecting individuals’ information while not burdening businesses with excessive regulation. They’re not thinking only of Silicon Valley concerns. These days, all kinds of companies collect and use data.

“My concern is that our data is being used in ways that we never could have imagined, that we’re not giving our permission to — monetizing our data, plus straight-up violations of privacy,” says Andrew Zwicker, who is drafting a privacy bill in the New Jersey Assembly. “I’m also working hard to drive New Jersey’s innovation economy.”

Zwicker’s bill will be based on the General Data Protection Regulation, or GDPR, a set of privacy rights enshrined by the European Union in 2018. That same year, California legislators passed their own comprehensive privacy rights law, known as the California Consumer Privacy Act, or CCPA. 

Like GDPR, the California law gives individuals the ability to access data that companies hold on them. California went further than the Europeans in allowing consumers ways of opting out of data collection, particularly children. There are other key differences between the regulatory schemes, especially when it comes to the fine print.

CCPA appears to be the model most states are looking at now, including Massachusetts and New York. “We’ve seen a number of states introduce or reach out for discussion about broad privacy bills like we have in California,” says Hayley Tsukayama, who focuses on state legislation at the Electronic Frontier Foundation, a public interest law firm in San Francisco.

Industry lobbyists are warning legislators, however, that the California model may be unworkable. In fact, they note that the 2-year-old law is itself still very much a work in progress. Although CCPA took effect on Jan. 1, the state attorney general is barred from enforcing its provisions before July. The ultimate scope of its regulation is still under debate.

Meanwhile, Californians for Consumer Privacy, the group behind a 2018 ballot measure that prodded passage of the CCPA in the first place, is now proposing a new initiative for this November’s ballot that would amend that law significantly.

Even as California sorts out its approach, however, other states are acting. Last year, Nevada enacted a law that, like the CCPA, allows consumers to opt out of the sale or use of their personal information, although the Nevada law’s definitions and scope are narrower. The Silver State’s law is now the model for proposed legislation in Florida.

In the meantime, considerable attention is being paid to Washington state. On Feb. 14, the state Senate passed, by a near-unanimous vote, a bill that would give residents the right to access data about themselves and correct or delete information. They could also opt out of having their data used for ad targeting. The Senate version dropped a provision that would have allowed consumers to sue when there are violations. 

A similar bill passed the Washington Senate last year, but died in the state House. Sponsors have only until the scheduled March 12 adjournment date for this year’s short session to win passage in both chambers. Although industry groups like Washington’s legislation better than the CCPA, consumer rights groups complain it isn’t strong enough. “It picks and chooses from GDPR in ways that benefit companies more than consumers,” says Tsukayama.

Even as states wrestle with the privacy question, local governments are pursuing their own policies, notably facial recognition bans that have been put in place in cities including San Francisco and Oakland, Calif., and Somerville and Cambridge, Mass.

All this activity has the tech lobby and other business groups concerned about having to respond to overlapping but contradictory laws and policies across the nation. “The best solution is a comprehensive federal privacy law that empowers people to understand how personal information they share is collected, used and protected,” says Robert Callahan, senior vice president of state government affairs with the Internet Association, a tech industry trade group. “An inconsistent patchwork of privacy protections leads to a false sense of consumer privacy, and it’s on Congress ... to act on a comprehensive federal law that establishes consistent standards for consumers and businesses across all industries.”

There are plenty of draft discussion bills floating around Capitol Hill, but as yet there appears to be no ready consensus in Congress about how to handle privacy concerns. The Uniform Law Commission has started work on model state-level legislation, but it’s not expected to release its template until later in the year or perhaps in 2021.

That means legislators in individual states will continue trying to navigate the tricky currents of privacy policy on their own.

“Look, the federal government is for a variety of different reasons unable to act,” says Zwicker. “I always hear we need a national solution, and I 100 percent agree, but we’re not seeing any federal action, so it’s incumbent on me as a legislator to act.”

-- Alan Greenblatt



Drones, in various forms, have been around since the late 19th century, but have gained widespread popularity in the past decade thanks to rapid advances in technology. The private sector uses these unmanned aerial vehicles (UAV) to monitor powerlines, petrochemical plants and sewage pipes as well as to deliver packages. State and local governments have used drones to assist police in their 911 call responses, count homeless populations and monitor wildfires.

Beginning in 2013, states started introducing various types of legislation for drones, ranging from defining what a drone was to how they could be used in the public and private sectors. By 2017, 38 states had considered some type of drone legislation and 24 had passed laws, according to the National Conference of State Legislatures. On June 21, 2016, the Federal Aviation Administration (FAA) released the first operational rules for routine non-hobby use for drones. 

As drone use continues to grow, so have uncertainties about how they should be regulated. Assistant Professor Pablo Rangel of Texas A&M University, Corpus Christi, thinks that legislators need to team up with researchers to make more informed decisions regarding drones. For successful regulation to occur, there must be “a connection between legislation, the governments, local researchers and private industries” so that the laws are comprehensive and successful, he says. 

One way to do this is to fly drones in a controlled environment. Most states currently require drones to stay within a pilot’s line of sight as a safety precaution. Last November, New York received approval from the FAA to operate a 50-mile corridor that will allow researchers and companies to fly drones without chase planes or maintaining line of sight and develop plans for managing air traffic and long-distance drone technology in a controlled space.

“This is very good, actually, that they’re starting to deal with these kinds of corridors,” explains Professor Rangel, who has conducted studies on drones. “It allows people to work with [the drones]” in a realistic capacity.

The corridors will also build public acceptance, which Rangel believes is one of the main issues with drone technology. Many people have grown increasingly worried about the privacy and safety risks of UAVs. During Superbowl LIV, drones were banned within a 30-mile radius and up to 18,000 feet above Hard Rock Stadium in Miami, Fla., even though the move was precautionary, with no evidence of a credible threat.

This fear of drones concerns Rangel because “if the public isn’t happy with it, then there won’t be any developments” this year or anytime in the future. “It’s the task of researchers, government, media, everyone to try and promote the best parts of [drone technology]” so it can be studied to create regulations and developments can be made to ensure safe drone usage, he says.

Regulating the technology is difficult because every state has a different focus and different perspective when it comes to what should be permitted, according to Rangel. Without some agreement between legislatures, researchers and private companies, drone regulations will be extremely slow to develop, which could increase public fears around safety, privacy and surveillance. “If the industry is selling a product, people are going to buy it, even if there are no regulations of it,” he says. 

If states create laws that constrain drones, then the technology will simply adapt to avoid any mandates that limit their use. If one state decides to make drones illegal but neighboring states allow them, the technology will leapfrog over state lines. If a state bans drones but one of the state’s counties allows them, drones will still fly. The reality that we all face in 2020 is that technologies “don’t disappear,” says Rangel. “They transform into different perspectives.”

-- Zoe Manzanetti

5G and Broadband

Telecom companies are rolling out 5G wireless networks across the country, calling the technology the next evolution of high-speed Internet. With its much higher speeds, this seems to be the case. 5G, however, poses a major infrastructure challenge

A network using 5G technology requires a dense rollout of devices, often mounted on public infrastructure, including utility poles, along rights of way within municipalities. The number of devices will far exceed what is currently installed to run the nation’s existing 4G cellular network. As telecom firms increase their deployment of 5G, questions have been raised concerning the installation of the network hardware, especially around which level of government has the power to regulate approval of where the devices can be installed and how much compensation localities should receive for the use of their rights of way by the telecoms. 

In 2018, the Federal Communications Commission issued its Declaratory Ruling and Third Report and Order, which essentially took the power to regulate 5G rollout out of local government hands by setting up its own set of rules, with the aim of making it easier and faster for telecom companies to install the technology on public infrastructure nationwide. 

In addition to these federal rules — which were unsuccessfully challenged in court by a coalition of local governments — a number of states have taken legislative action to override local government installation rules as well, establishing their own timelines and pricing levels for the use of city-owned property. Jurisdictions ranging from New York City to a coalition of cities in Florida have challenged state-level rulings that remove or curtail local control. While there is a broad consensus that high-speed 5G Internet should be rolled out as expediently as possible, disagreements persist between localities and many states over what exactly should be sacrificed to enable this, with legislative action filling in gaps in some instances.

In terms of broadband, state governments have shifted their thinking away from the traditional view of high-speed Internet as a luxury for some to a utility that all residents need to support vital opportunities such as access to health care, employment and education. This year in Washington, D.C., nearly a dozen state government officials attended an event hosted by Pew Charitable Trusts, and discussed this shift, as well as actions being taken — both executive and legislative — to extend broadband access to residents, along with affordable rates and skills training so that the public at large can take advantage of the technology in meaningful ways.

These officials agreed that there is no easy answer for providing broadband to all residents, rich and poor. They considered giving municipalities more leeway to establish city-owned broadband networks, but found the option viable in some areas and problematic in others. It’s clear, however, that a new momentum for broadband in state government has taken hold, some of which is codified by legislative actions.

At the federal level, progress around speeding up broadband adoption is happening at a slower pace but is also being pushed forward by the idea that broadband access is in the nascent stages of becoming a utility. To this end, the U.S. House of Representatives held its first-ever hearing about digital equity earlier this year, hinting at a sea change in thinking at the federal level as well. 

-- Zack Quaintance


Mixed transit on a busy street in Washington, D.C.


Scaling back car driving, and the greenhouse gases they create, will continue to be a mobility trend in 2020 as policymakers and industry leaders look for opportunities to expand the appeal of public transit, micro-mobility and the electrification of the transportation sector. 

In transit agencies from Houston to Seattle, bus routes have been reimagined to improve their desirability and efficiency through the use of more direct routes, traffic signal priority technologies or bus-rapid-transit lanes. Some systems, like the Kansas City Area Transportation Authority, plan to eliminate fares entirely. 

Meanwhile, expect budding relationships among transit, micro-mobility and other forms of transportation to increase as transit agencies continue to integrate trip-planning with mobility services and systems, and start to close the gap between booking those complete trips and paying for them. Already, transit agencies like MTA in New York and TriMet in Portland have begun to implement contactless payment where riders can use their mobile devices or contactless credit cards for fare payment in one seamless swipe. 

This year could also be the year of micro-mobility 2.0 as scooter providers become more serious players on the urban mobility landscape, forming substantive relationships with cities, becoming advocates for expanded and improved infrastructure and honing a business model with a focus on sustainability. 

Bird released in San Francisco its beefed-up “Bird Two” scooters, which can better handle the rigors of city use with features that include improved batteries, puncture-resistant tires and “self-reporting damage sensors.” Improvements like these make the devices less throwaway and longer lasting. Also, expect some winnowing within the scooter industry as it evolves from a nascent novelty to businesses with a plan for the long term. 

This could lead to a “shakedown in the [scooter] industry,” Quemuel Arroyo, the global head of community at Charge, and a former chief accessibility specialist for the New York City Department of Transportation, told Government Technology in January. “You have too many operators. Too many people doing things. And that wasn’t going to last. And what you’re seeing now is, the heavy hitters, the big operators that have the funds to sustain themselves through the shakedown, will be the ones we’re left with.” 

Several states are considering legislation aimed at regulating various aspects of the micro-mobility business, with legislation introduced in MarylandNew YorkHawaiiNew Jersey  and Virginia. A bill in New York would require cities with a population of more than one million residents to have riders of e-scooters, e-bikes or conventional bikes wear helmets. A bill introduced in New Jersey would require scooters to have “safety flags.”

The march toward electrifying transportation is well underway. Expect to see electric mobility reach more transportation vehicles, including those we don’t often think about: airport cargo movers and forklifts along with more commonly used heavy-duty vehicles like city transit buses. 

The California Air Resources Board (CARB) is moving forward with a landmark rule to require the gradual phasing in of zero-emission buses and trucks in the coming decade. CARB has also launched its new Clean Off-Road Equipment Voucher Incentive Project (CORE) to speed up the adoption of off-road freight equipment. Meanwhile, automakers will introduce more EV models edging into SUVs and trucks, with the price parity narrowing between gas-powered and electric-powered cars. 

-- Skip Descant

Digital Issues on the Horizon

Several digital trends are in the various stages of adoption, making their policy implications less clear. Because of their potential to change, even disrupt, traditional business practices, they are worth following this year.

Blockchain. At its core, blockchain is an open, decentralized ledger that records transactions between two parties in a permanent way without needing third-party authentication. This creates an extremely efficient process that has the potential to dramatically reduce the cost of transactions. 

Blockchain transactions can be permissionless, in which the transactions are open to anyone to view or participate, or they can be permissioned, which limits the transactions to specific groups of users. Blockchain got its start as a way to bring trust to digital currencies. But other uses for blockchain have emerged and include online voting, medical records, insurance policies, property and real estate records, copyrights and licenses and supply chain tracking. 

Twenty-eight states have introduced legislation relating to blockchain in 2019, according the National Conference of State Legislatures, with 27 bills and resolutions enacted or adopted.

Cryptocurrencies. Bitcoin emerged in 2008 as the first digital currency not tied to any legal framework of any state or country. Since then, the cryptocurrency has followed a wild trajectory of popularity, value swings and, at times, outright hostility. What has emerged is a growing realization that some regulation could bring order to the currency and others like it, reducing its role as a favored form of money for criminals and opening up a dialogue on how it can be used in business.

The federal sector has not set any direction around cryptocurrency regulation, leaving the states to handle the matter. So far, they have mainly focused on the use of cryptocurrencies as legal tender in business transactions (including taxation), imposing authority on operations of cryptocurrency exchanges as money transmitters, and the status of smart contracts and ethereum tokens, according to Investopedia.

While few states have taken the regulatory lead on all three aspects of cryptocurrencies, New York and California are further ahead than others. In contrast, Massachusetts and Washington state, hotbeds of tech innovation, have either opposed digital currencies or have not enacted any legislative action.

Edge computing. Today’s technological breakthroughs depend on speed. The faster data can be processed, analyzed and acted on, the better the result. Edge computing is about putting the software that runs the application as close as possible to the data that feeds it and the people who use it. Just about every sector of today’s economy, including government, will benefit from edge computing.

The rise of self-driving, autonomous vehicles and telehealth are two examples. So, too, are chatbots, such as Alexa, which are growing in popularity for personal and retail purposes. In government, edge computing tells transportation departments how much salt to put down on a road, helps police conduct criminal forensics in their patrol cars, allows drones to conduct aerial analysis of wildfires and can even tell public works the best time to pick up garbage.

Edge computing depends on several key technological components, some of which are facing government regulation. High speed, wireless networks is one factor. Another is artificial intelligence. Any legislation or regulatory requirement on these digital issues could impact how quickly and comprehensively edge computing can mature and take hold.

-- Tod Newcombe

Government Technology is a sister site to Governing. Both are divisions of e.Republic.

Alan Greenblatt is a Governing senior staff writer. He can be found on Twitter at @AlanGreenblatt.