States and Cities Tackle a Multitude of Cybersecurity Concerns

The pandemic has generated another round of work by states to craft some kind of tracking app that doesn’t violate privacy rules. Meanwhile, policymakers have turned their attention to cybercrimes and surveillance.

Rhode Island Gov. Gina Raimondo has defended how the state has designed privacy into its contact tracing app. (The Providence Journal / David DelPoio)
Welcome to the latest issue of the Future of Security newsletter. Let’s get started:

Last week, the Ohio state Legislature almost unanimously passed legislation that would create a new group of state-level penalties for illegal hacking and other cybercrimes. Backers of House Bill 368, which now heads to the Senate, say the changes are needed because Ohio law right now only criminalizes successful computer hacks, not attempts.

Current state law also bases the severity of the offense on the damages suffered by the victim, which bill proponents say is an outdated way to measure the harm done by a cyberattack or an attempted computer breach.


Government apps designed to help authorities track and slow the spread of COVID-19 are struggling to accomplish their goals because of restrictions on data collection built into smartphones by Apple Inc. and Google.

That’s leaving public health officials with few options but to use a system designed by Apple and Google themselves. The tech companies say their tools preserve privacy and work seamlessly on devices used by some 3 billion people.

But that approach has limitations for states and localities. Those same privacy features lock authorities out of collecting information they can use to track the broader spread of the virus, spot larger patterns and plan reopenings.


That’s the problem Rhode Island faces as it looks to reopen. The government's ambitious COVID-19 contact tracing app has raised concerns about privacy and civil liberty infringements, but Gov. Gina Raimondo says privacy is a key part of the project's design. 

Rhode Island recently contracted with Salesforce to develop an app that would help infected residents share important information, including daily location data, with the state's Department of Health (RIDH). The contract, which is for a six-month period, will allow Salesforce to set up and provide support to the application, which the company is doing for no charge

"Privacy and data protection are paramount," Raimondo told the Washington Post. "First of all, I believe in them as values and second of all everything is about giving people confidence...we want voluntary compliance. Nobody is going to be forced to do this... Which means I need to give you confidence that if you opt-in your data is safe." 


Texas courts shut down websites and disabled servers two weeks ago in response to a ransomware attack, according to the Office of Court Administration.

System administrators discovered that hackers had taken over at least a portion of the statewide court network and demanded something in return for restoring control. The administration runs the information technology services for Texas appellate courts and state judicial agencies, including the Texas courts website. The court system is working with state law enforcement to investigate the breach and vowed not to pay any ransom. 


Boston is the latest city to consider passing a municipal ban on the use of facial recognition technology because of its potential to violate civil liberties and misidentify members of the public, especially people of color.

City Councilors introduced an ordinance restricting the government from using the technology, according to a statement from the American Civil Liberties Union of Massachusetts. The ACLU claimed passing the ordinance is particularly time-sensitive. The organization, citing public records it obtained, said the city of Boston’s surveillance camera network, run by BriefCam since at least 2017, may be in for a big update soon.

Tod is the managing editor of Governing and the contributing editor of our sister publication, Government Technology. He was previously the editor of Public CIO, e.Republic’s award-winning publication for IT executives in the public sector, and is the author of several books on information management.