Creation of CyTech. On May 9, the National Association of Attorneys General (NAAG) announced the creation of the NAAG Center on Cyber and Technology (CyTech), joining a number of other centers focused upon key issues for state attorneys general and the public, including tobacco and public health, ethics and public integrity, and consumer protection.
Purpose: Programming and Resources. The center’s purpose focuses on developing programming and resources to support state attorneys general in “understanding technical aspects of emerging and evolving technologies, conducting cybercrime investigations and prosecutions, and ensuring secure and resilient public and private sector networks and infrastructure.” Specifically, the center will:
- Serve as an information clearinghouse for state attorneys general on trending issues;
- Create a practice-based community to share information;
- Foster strategic partnership with other government agencies, academics, nonprofits, and the private sector;
- Develop a “tech boot camp” and “introductory/101” trainings on technology topics; and
- Create funding pathways for attorney general staff to attend key industry conferences and seek appropriate accreditations.
Contacts and Community. The center will also develop and update contact lists for state attorneys general offices that need connections or subject matter assistance, provide tools and support for technology-related investigations, and create attorney general staff working groups on key issues. To support these functions, NAAG has launched a Cyber and Technology Hub for attorney general staff that provides information, updates, and materials related to cybercrime, cybersecurity, and emerging technologies.
Conferences and Panels. The center follows a number of recent NAAG conferences and panels related to cybersecurity, cybercrime, facial recognition technology, the use of algorithms in business decision-making, and other emerging technologies, including a December 2021 conference on “The Surveillance Economy: How Attorneys General Protect Privacy, Safety, and Equality in the Information Age.”
AG’s Increased Focus on Privacy, Security, and Emerging Technologies. As we previously discussed, state attorneys general have scrutinized emerging technologies as the lead enforcers of data privacy, the right-to-repair movement, hybrid transactions, and machine learning. NAAG concludes that technological advances are dangerously outpacing regulators’ ability to understand and appropriately contend with their societal impact, and the center reflects the need for a holistic and sustained approach to address these complex issues through a technically competent attorney general community.
Background on CyTech Director. NAAG Center on Cyber and Technology Director Faisal Sheikh joined NAAG in 2019 as program counsel for the National Attorneys General Training and Research Institute (NAGTRI) — the programming and training arm for NAAG. Prior to joining NAAG, Sheikh worked as the director of network advancement at the American Constitutional Society and as associate director of the National State Attorneys General Program at Columbia Law School. He previously served as an assistant attorney general in the New York attorney general’s office.
Company Takeaways. While CyTech is designed as educational, resource, and community tools for attorneys general, companies should take the following steps given the advent of CyTech:
- AG-Focused Topics. Companies can pay attention to the CyTech list of topics to gain insight into what attorneys general and their staff are learning and discussing to better anticipate potential areas of scrutiny.
- Enhance Policies, Procedures, and Training in Focus Areas. Companies can leverage the publicly available training and resources designed for attorneys general under CyTech to create new policies, procedures, and training or enhance existing ones on the key topics of interest in CyTech, otherwise being pursued by state attorneys generals, including:
a. Cyber key vulnerabilities and best practices;
b. Trends in malware, ransomware, and other cyberattacks;
c. AdTech and information sharing;
d. Online behavioral advertising;
e. Machine learning, artificial intelligence, and bias and discrimination in databases and applications; and
f. Data uses and transfers (including under potentially Privacy Shield 2.0).