Caveat 11.16.23
Ep 195 | 11.16.23

Bolstering economic security.

Transcript

Kathleen Hyde: The easiest way to describe the strategy is to say that it is composed of four pillars. Those four pillars are to equip every American with foundational cyber skills, transform cyber education, expand and enhance America's cyber workforce, and strengthen the federal cyber workforce, that it's really a strategy that is dealing with how do we solve this cybersecurity education problem that we have.

Dave Bittner: Hello, everyone, and welcome to "Caveat," the CyberWire's privacy, surveillance, law, and policy podcast. I'm Dave Bittner. And joining me is my cohost, Ben Yelin, from the University of Maryland Center for Health and Homeland Security. Hello, Ben.

Ben Yelin: Hello, Dave.

Dave Bittner: Today Ben has an update on the reauthorization of Section 702 of the FISA Amendments Act. I've got the story of a Virginia game warden confiscating a trail camera without a warrant. And later on the show, Kathleen Hyde of Champlain College Online is here to discuss President Biden's national cyber workforce and education strategy and its potential to scale up the cyber workforce and bolster economic security. While this show covers legal topics and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. All right, Ben. We've got some interesting stuff to cover this week. Why don't you kick things off for us here.

Ben Yelin: So we're back. An update on Section 702, the FISA Amendments Act. I was thinking about it, Dave. I believe this is the first thing we ever talked about on the CyberWire Daily podcast as a guest --

Dave Bittner: Is that right.

Ben Yelin: -- way back in the day. So this has been going on for a long time, and I've probably given this intro many times. But, for our new listeners, this is the law that was passed back in 2008. And the contents and details of the law were largely revealed in the Edward Snowden disclosures. The way Section 702 works, it's a surveillance program aimed at non-US persons living or reasonably believed to be outside of the United States. The government can collect various types of online communications, either through service providers themselves or in what's called upstream collection over the internet backbone. The collection itself is warrantless. Now, a lot of people would say what's in it for me? I don't care if we're surveilling non-US persons reasonably believed to be outside of the United States. The big problem here is incidental collection. So if you, Dave Bittner, are talking to an overseas target, under Section 702, that all goes into a giant database. The database currently in most circumstances is searchable without a warrant. So it's kind of a backdoor search mechanism. This was last reauthorized in January 2018 and is up for reauthorization at the end of this year. So we have about two months left to get Section 702 across the finish line.

Dave Bittner: Now, if it doesn't go across the finish line, does it sunset automatically?

Ben Yelin: It sunsets. It expires. So something has to happen.

Dave Bittner: Right.

Ben Yelin: The backdrop around all of this, is that basically every intelligence official from every presidential administration says that this is the crown jewel of our foreign intelligence apparatus. We need Section 702, they say, for everything from counterterrorism to cybercrime to ransomware. It's just an invaluable tool in countering all of these threats. Even like the Privacy Civil Liberties Oversight Board within the Executive Branch has done research on this extensively. They put out two reports. And, despite some major compliance failures, Section 702 they say is still extremely valuable. And in the few cases where -- federal cases where it's come up, the searches have been upheld as constitutional, even despite this incidental collection of US person's data.

Dave Bittner: So what's the problem here, Ben?

Ben Yelin: I know. That's a lot of background. Get to the point. So we have a bicameral bipartisan proposal in Congress that would introduce a warrant requirement to Section 702. Sponsors in the Senate, Ron Wyden, a Democrat of Oregon; Mike Lee, a Republican of Utah in the House; Warren Davidson, Republican of Ohio; and Zoe Lofgren, Democrat of California. This would be the Government Surveillance Reform Act.

Dave Bittner: So no Elizabeth Warren?

Ben Yelin: I'm surprised that she wasn't on this.

Dave Bittner: Was it her day off?

Ben Yelin: She might sign on. I'm sure she'll sign on as a cosponsor.

Dave Bittner: All right.

Ben Yelin: So this would, first and foremost, reauthorize Section 702 for four years. It would explicitly prohibit the collection of US-based communications. And, most importantly, it would institute a warrant requirement for searches of US persons in the Section 702 database. So there are a number of exceptions to this warrant requirement in the proposed bill. If there is an imminent threat of death or serious physical harm to others, then the federal government would be able to conduct a search of that database without a warrant. An interesting exception, when a third party legally consents on behalf of the person that the query is about. So we've had a couple instances where members of Congress have been victims of cyberattacks, and some information about who attacked them might be contained in that Section 702 database. So, if they consent to a search of the database of their name because they believe themselves to be the victim, then that would be another exception.

Dave Bittner: Oh.

Ben Yelin: But this is really the big solution to this warrantless surveillance issue, that we have this database where our federal law enforcement agencies can search, and the FBI does, without a warrant for evidence of criminal activity from US persons. Now, if there's an outstanding criminal warrant to get information on somebody, you could still search the Section 702 database. But, without a warrant, you have to obtain a warrant, if that makes sense. So it all seems good, right? We have bicameral, bipartisan sponsors. The Biden administration kind of subtly said that they don't support this at this point because they think it's too burdensome and not workable. But they also admitted that they hadn't read the details of the proposal. And I think, when push comes to shove, if they are forced to accept something like this, they probably would.

Dave Bittner: Okay.

Ben Yelin: Here's the issue: time and Congress that moves as quickly as molasses. So you'd think that this December 31 deadline would give Congress an impetus to actually act and pass these reforms. Given that it's bipartisan, bicameral, you'd think that this would sail through both chambers. But Congress has a lot of stuff that's been piling up over the past year that they have to get done prior to December 31. First and foremost, we have the federal budget.

Dave Bittner: Oh, that.

Ben Yelin: Yeah. That whole thing. So we have to avoid a government shutdown. That's this week. And then you have to pass a budget that goes all the way through the next fiscal year. That's going to take a while. There are all different types of legislation in other areas of the law that are expiring that they're going to have to focus on. Then the legislative priorities of the new Republican House Speaker, Mike Johnson. So there's just a lot of uncertainty about whether they can get Section 702 across the finish line. Johnson, the House Speaker, has been not very committed on this issue. He said that Section 702 is ripe for reform. I think he agrees with most Republicans that our foreign intelligence surveillance apparatus needs to be reformed, but he hasn't committed to putting this bill on the floor. So I'm just hopeful that Congress can break through the stasis. This has been a long time coming to establish this warrant requirement. It's been proposed in the past and not enacted. I think the alternative, if this doesn't get enacted, is to temporarily extend the program as it is maybe for six more months, maybe for another year while Congress considers reform legislation, but just given the broad support here, I just think that would be a bad outcome.

Dave Bittner: Now, the reports I've seen have said that there's some legislators who are threatening I guess is too large -- too strong a word but trying to roll this into the larger budget itself so that it'll just slip in with the passing of the budget.

Ben Yelin: Yeah. You do a little log rolling. That is a favorite pastime of members of Congress. A lot of actually really important laws get rolled into year-end budget agreements. We had one last year that reformed how we count electoral votes that was included in the must pass budget. So that is certainly a possibility.

Dave Bittner: Yeah.

Ben Yelin: I think it's more of a possibility considering that the organized opposition has yet to really materialize yet. Now, I think it will materialize, at least to a certain degree. There are members of both parties who have defended the status quo of Section 702 vigorously, not just within administrations but senators like Lindsey Graham, who are national security focused. On the Democratic side, even progressives like Adam Schiff in the House have been supportive of the intelligence value of Section 702. So there might be a little pushback on that. And there might be a pushback from other members who don't want this included in a year-end budget agreement because they want a chance to vote on amendments and consider alternatives, and you'd be doing an end around of that whole process. So it has a better chance than I think a lot of legislation of being log rolled into that final budget agreement. But it's still unclear to me as of now whether that's going to be possible.

Dave Bittner: Help me understand -- and let me just sort of suss this out for my own mind, my own understanding here. And correct me where and if, if and when, and probably with great certainty the things where I am wrong. So Section 702 was never intended to gather information about US citizens, correct?

Ben Yelin: Sure. Yes.

Dave Bittner: Okay. The collection of information about US citizens has been a happy accident side effect of 702 as far as law enforcement is concerned.

Ben Yelin: I don't know if I would necessarily call it a happy accident.

Dave Bittner: Okay.

Ben Yelin: I mean, we're taking advantage of the fact that the US controls most of our communication, the world's communications infrastructure. So we had this issue prior to Section 702 where people's electronic communications were literally held within the United States, but we'd have to obtain a warrant to retrieve them.

Dave Bittner: Right.

Ben Yelin: And we -- at least from a policy perspective, we didn't want to have to obtain a warrant as it related to non-US persons.

Dave Bittner: Right.

Ben Yelin: I think that there was an understanding that there would still be this incidental collection and that this would be a useful way to figure out if US persons were talking to terrorists.

Dave Bittner: Yeah.

Ben Yelin: So I'm not entirely sure. Maybe they would have said at the time this is not intended to apply to US persons. But I think there was always a tacit understanding that a real benefit of this is finding out which US persons are communicating with overseas targets.

Dave Bittner: Right. So the reform on this intends to only make the warrant requirement -- we will still collect all of the information, but you will need a warrant to search that database of collected information if a US citizen is involved.

Ben Yelin: Exactly. So the warrant requirement would apply to search queries. There would be no requirement for the original search under Section 702, as long as it was properly predicated.

Dave Bittner: Yeah.

Ben Yelin: Now, Section 702 has to be authorized every year by the Foreign Intelligence Surveillance Court.

Dave Bittner: Right.

Ben Yelin: They have this funny pattern of writing these, like, 50-page reports on all these compliance incidents and how the FBI and the NSA have been sloppy with data, et cetera, et cetera. But, yes, we're going to reauthorize the program for another year.

Dave Bittner: I see. It just doesn't strike me as being that -- a terrible burden. And, of course, now -- you know, I'm not -- I'm not in the game here, so I don't know what it's like to be the law enforcement folks who are making use of this. But if the intention was never to gather information about US citizens, doesn't seem to me to be that much of a burden to require a warrant when you are specifically targeting US citizens that are in the database.

Ben Yelin: Yeah. I mean, I think what officials with the administration would say is that any sort of action that would constrain the ability to quickly search that database, for instance, if you're not sure if somebody is a US person under the definition of the law or you're not sure whether an overseas target has moved into the United States, that's where there might be uncertainty as to whether the warrant requirement would apply; and that might hinder our efforts to confront terrorism. I think that's a relatively small price to pay. But, like you, I am not in the industry. I have never done a Section 702 search query. I've just talked about it a lot.

Dave Bittner: Is there any opportunity to put the warrant requirement farther down the line? In other words, I don't know, the ability for the judge or a prosecutor or somebody to later throw out the evidence that was collected this way after the fact.

Ben Yelin: That mechanism already exists. So, under FISA, the prosecuting party in a criminal case, the government would -- has to reveal that any evidence derived from Section 702 came from Section 702 surveillance. And then the defense can seek to suppress that evidence. That's generally what's happened.

Dave Bittner: I see.

Ben Yelin: The issue is that information on the US person has already been collected. And, from a legal perspective, what courts have said is, this is basically equivalent to incidental overhear. So let's say in a different context you and I are mob members.

Dave Bittner: Yes.

Ben Yelin: And the government has put a wiretap on you. They had probable cause. That was a fake -- you know, got a proper predicate to wiretap your phone, and you and I have a phone conversation.

Dave Bittner: Sure.

Ben Yelin: And they hear me saying something incriminating. Because they had probable cause to search you and got a warrant to search you, the fact that they overheard me admitting that I committed a crime, that is incidental overhear. They don't need a separate warrant to surveil me. That is admissible in a criminal case against me. That makes sense.

Dave Bittner: Right?

Ben Yelin: That's the analogy here, and that's what courts have used. And this is incidental overhear. The search of the overseas target under Section 702 is properly predicated, so whatever happens in that communication is eligible for collection and criminal prosecution. So the way it currently works, it really is a backdoor search mechanism because you can start by searching that US person, see whom they've been communicating overseas. And because that search presumably was properly predicated because you're searching that overseas target, whatever happens in that communication is eligible for collection and eligible for introduction at a subsequent criminal trial.

Dave Bittner: All right.

Ben Yelin: Sorry. That was a lot of legalese there. Forgive me.

Dave Bittner: Yeah. I mean, I suppose in some ways it reminds me of, you know, you talk to your local law enforcement, you know, your local cop, right, your beat, your neighborhood police officer who says, you know, if I want to pull somebody over, I will just follow them around long enough. They're going to do something wrong, you know. So it strikes me as being that kind of thing. You know, if I -- I'll just keep -- I just keep looking for, you know, what I'm looking for; and I'll find the thing I need to justify what I want to do.

Ben Yelin: Yeah. I mean, we have mechanisms in our normal criminal justice system that allow law enforcement to do that. I mean, the fact that you can pull somebody over for a broken taillight means, hey. If you pull that person over and collect their license and see that they have outstanding warrants or smell the scent of marijuana, you can arrest them. You can search them incident to that car stop. So we have a system that's already set up like that, and you can understand why it's set up like that.

Dave Bittner: Sure.

Ben Yelin: Like, we want to nab criminals. And so kind of we'll take any proper predication that we can get, whether it's Section 702 or whether it's a broken taillight.

Dave Bittner: Yeah.

Ben Yelin: We want to get evidence that people have committed crimes.

Dave Bittner: Yeah. All right. Well, we will have a link to the story in the show notes. My story is not entirely unrelated to our conversation here. This is from the folks at the -- at the 404, 404 Media. This is written by Jason Kobler. If you have not checked out 404 Media, I highly recommend it. It's a group of journalists who spun off from a previous organization they were with, and they're doing some really interesting work here.

Ben Yelin: Yeah. They are a part of my regular news consumption diet now.

Dave Bittner: Yeah. So we'll have a link to this story in the show notes. But the headline here is, Cops sneak onto man's property, confiscate surveillance camera without a warrant. So this gentleman, Joshua Highlander, who owns 30 acres in Virginia, set up a game camera on his property. So, you know, a camera that takes pictures of deer and birds and turkeys and raccoons and all that kind of stuff, an automatic camera. Says it has a motion detector. Something walks by, snaps a picture. Some game wardens dress themselves up in camo, went onto Mr. Highlander's property without a warrant, despite Mr. Highlander having no trespassing signs clearly posted, and I'm sure we'll get to that. They confiscate this surveillance camera, download its contents, leave his property, and subsequently get a warrant to look through the photos. Reading through this article, Ben, I thought this was absolutely bonkers that law enforcement, in this case, game wardens could enter my property, my private property that I have posted no trespassing signs on, take my stuff, right, take my property and steal it, and then do what they want with it. Then I learned in this article about the Open Fields Doctrine, which was new to me.

Ben Yelin: Yeah.

Dave Bittner: So unpack this for us, Ben. What's going on?

Ben Yelin: There's a lot going on here. This is a fascinating case. So, basically, anything that law enforcement can see in, quote, open fields is eligible for warrantless collection. It really comes down to what the definition is of a person's property. The federal definition is a little bit more expansive than the definition in Virginia state law, which only applies to what's called the curtilage. That's like the bare area around your house. So the curtilage, just to make things simple, is like whatever part of your house is fenced in or is kind of -- the grass that's right next to your house, your front yard and your backyard.

Dave Bittner: The area surrounded by the white picket fence.

Ben Yelin: Exactly.

Dave Bittner: Okay.

Ben Yelin: In all of our fairy tales.

Dave Bittner: Right.

Ben Yelin: Everybody has a white picket fence. So that gets complicated when we're talking about somebody with a 30-acre piece of property. What law enforcement's argument is here, what the game warden's argument is -- I feel weird even calling them law enforcement. I mean, I guess they are enforcing laws.

Dave Bittner: Yeah, yeah.

Ben Yelin: But what their argument is here is that the collection was not within the curtilage. It was in -- it was on somebody's property, but it was in an open field, meaning under Virginia law that's eligible to be collected without a warrant. So it's just this dispute between what counts as the curtilages of somebody's property or what is an open field. And I don't know if there's a very good dividing line. Like, when does something stop becoming your curtilage and start becoming an open field? I do think what the law enforcement did here was probably ill-advised, stepping onto somebody's property in camo, especially somebody who that day was hunting turkeys.

Dave Bittner: Right.

Ben Yelin: I'm not sure it was illegal. I kind of think that law enforcement has the better argument here. And I'm kind of reluctant to say that because, to a layperson, it's like, if you just went onto somebody's property and stole their stuff --

Dave Bittner: Right.

Ben Yelin: -- seems very illegal.

Dave Bittner: What if I parked my car in the middle of my cornfield, right, for whatever reason, you know. I just washed my car. I want it to dry off quickly, so I go park it in the middle of my cornfield. Can law enforcement come and take my car and it not be grand theft auto?

Ben Yelin: That's a good question. I mean, I guess the issue here is they thought they might have evidence if he was violating whatever game law, hunting law in Virginia.

Dave Bittner: Right.

Ben Yelin: And so because they had that at least indicia of suspicion, they were justified in taking that camera, searching it, trying to download all of the data, look for it for any -- look at it for any illegal activity, and then give it back to the individual. I'm not sure how that would ever apply to taking somebody's car. I mean, I think this is very fact-specific.

Dave Bittner: Right.

Ben Yelin: Maybe, though, like, let's say your car's in an open field, and there's evidence that you have contraband in that car, then, yeah. I think through the Open Fields Doctrine, for applying it in the same way that we're applying it in this case, then I think you could search it, for sure.

Dave Bittner: Well, so let's put it back in the department of the game wardens. Let's say I had a pickup truck parked in the middle of my cornfield, and there's a carcass of a deer in the back of the pickup truck.

Ben Yelin: It would stink probably.

Dave Bittner: Yeah. Right. But -- so the game wardens would say that they were justified in entering my property, perhaps confiscating the truck and/or the deer on the possibility that I had shot that deer illegally. Like, it's out of -- out of hunting season or whatever, you know.

Ben Yelin: Right.

Dave Bittner: Like -- and that would be okay. Because of this Open Fields Doctrine, it's within their right to come on my property and confiscate things.

Ben Yelin: Yes. Now, what the defense here -- or, actually, there is no case. They're not really the defense. I think they're -- this individual is trying to sue the government in a civil case.

Dave Bittner: Right.

Ben Yelin: But what the guy and his attorneys are saying here is they're challenging the Open Fields Doctrine altogether. So this is kind of a head-on attack against the Open Fields Doctrine that I think they're hoping makes its way to the Supreme Court.

Dave Bittner: Right.

Ben Yelin: And I can kind of understand the rationale there. If you look at the way we interpret Fourth Amendment searches, it's about having a reasonable expectation of privacy. Open Fields, I think the reason that has not been held, that has been sort of a exception to that requirement is that you can't have a reasonable expectation of privacy on kind of publicly viewable fields that just happen to be part of your property. But what this guy is saying here is we expect privacy here. This is an area that is ours. We put up a no trespassing sign.

Dave Bittner: Right.

Ben Yelin: And we'll get to that in a moment. We use this property. My kids and I go hunting all the time. We hunted that day. And we should have a reasonable expectation of privacy in that space. Therefore, this open fields doctrine just is not compliant or not commensurate with how we understand Fourth Amendment searches.

Dave Bittner: Yeah.

Ben Yelin: I don't know the Supreme Court is going to take a second look at this. This is based on a pretty old case. I believe it's Hester v. United States, not friend of the show, Katie, for Hester, for Hester. But, yeah. I mean, I think this is a pretty good case if you want to throw a facial challenge at the Open Fields Doctrine generally. Then there's this question about the no trespassing sign. Hightower is relying on the fact that he posted this no trespassing sign as evidence that he had a reasonable expectation of property -- of privacy on his property.

Dave Bittner: Right.

Ben Yelin: That doesn't really do anything in a legal sense. Putting up a no trespassing sign doesn't eliminate the Open Fields Doctrine. Otherwise, everybody would just be putting up No Trespassing signs in every corner of their property as some type of get out of jail free card for crimes that were happening in plain view of law enforcement on open fields.

Dave Bittner: Well, but couldn't this be used to establish -- what -- what was the fancy word you used? Curtilage?

Ben Yelin: Curtilage? Yeah.

Dave Bittner: Couldn't -- couldn't you have the no trespassing signs establish your curtilage?

Ben Yelin: So curtilage is defined as an area of land around a house and forming one enclosure with it. So it's really the white picket fence thing. And I think that's a clear enough definition that it wouldn't apply to any 30-acre property open fields.

Dave Bittner: Yeah.

Ben Yelin: I think that's just the nature of that definition. That definition comes from common law. It's been around for hundreds of years. And I think it would take a lot to change how we define curtilage.

Dave Bittner: Right.

Ben Yelin: I think it would be much easier to just attack the Open Fields Doctrine as being a misapplication of the Fourth Amendment.

Dave Bittner: So let me ask you this. Part of this story is that Mr. Highlander says that one of his children and his wife witnessed the game wardens leaving the property, and they were frightened because you have these folks -- the family was frightened, not the game wardens. You have these folks --

Ben Yelin: The wardens probably should have been frightened to be on there.

Dave Bittner: Well, so that's where I'm going with it.

Ben Yelin: Yeah.

Dave Bittner: The game wardens are dressed in camouflage, right, not just, you know, camo pattern stuff. They're wearing leafy jackets, so they don't they don't want to be seen. They're sneaking around. What happens if Joshua Highlander shoots one of them?

Ben Yelin: That's going to be really problematic.

Dave Bittner: Is he standing his ground?

Ben Yelin: I don't know what Virginia's stand your ground law is.

Dave Bittner: Right. Let's say he was in Florida.

Ben Yelin: Yeah. Florida, as we know, would be fine. Yes.

Dave Bittner: We know Florida has it. Yeah, yeah.

Ben Yelin: I mean, that's a very complicated question. I don't know the answer to it. I think, first of all, I think you could get away with shooting it if you reasonably believed that this was somebody, not law enforcement, trespassing on your property.

Dave Bittner: All I know is somebody came on my property, and they're stealing my stuff. That's all the information I have, right? Someone is trying to disguise themselves. They have snuck themselves onto my property, and I witnessed them stealing my stuff.

Ben Yelin: It really depends on what the state law is. I'm not familiar with what Virginia state law as I know, generally, in most states, maybe not Florida, to respond with deadly force, you have to have a reasonable fear of deadly force --

Dave Bittner: Right.

Ben Yelin: -- even if it's on your own property.

Dave Bittner: Okay.

Ben Yelin: Now, there are states where, within the -- there's this sort of thing called the castle doctrine where, within your castle, which is within your curtilage, you don't have to fear for imminent death or imminent bodily injury in order to defend your property.

Dave Bittner: Right.

Ben Yelin: That's also a common law concept. But, as we said, the issue here is that this was not in their curtilage. So I think they still might be in trouble, depending on what the state law is around this. And it seems like Virginia's law is not very friendly to large property owners, relative to laws in the other 49 states. It seems to me like that person would still be in trouble if they shot the gun. And that's, you know, kind of seems like an unjust outcome, given that I think in most circumstances, if you saw somebody in camo on your property stealing your stuff, you'd certainly feel justified in shooting them.

Dave Bittner: Right.

Ben Yelin: So, yeah. I just -- I think it's a very difficult legal question.

Dave Bittner: Now, this only applies -- the Open Fields Doctrine only applies to law enforcement. Like, I can't just go traipsing across someone's field without their permission, with no consequences. That would still be trespassing, right?

Ben Yelin: That would still be trespassing. Yeah. So that is a tort of trespassing. Law enforcement uses the Open Fields Doctrine -- it really comes down to evidence in criminal or civil cases. So anything that they see in the open fields of your property they can observe, they can take without a warrant. And that's really what this exemption comes down to.

Dave Bittner: And my understanding is that the UK has a whole different attitude towards this, that they very much are for people being able to take long walks. And so you can walk across someone's field or property, And that is a protected thing. That's -- have a loose understanding of that. I think Carole Theriault told me about that once.

Ben Yelin: Yeah. I mean, they're just much nicer there, you know.

Dave Bittner: That's right, that's right.

Ben Yelin: I will tell you a quick personal story to illustrate this.

Dave Bittner: Yeah.

Ben Yelin: One time -- you can walk across our neighbor's yard to get to the sidewalk. And one time my wife did that very briefly. She probably took about three steps on this person's lawn because she saw somebody that she knew, and she wanted to say hello. The next day, this homeowner put up a no trespassing sign that only faces our house that nobody else can see. So I respect private property rights. But I also respect the don't be an a hole principle living next to other people. So just my two cents on that, aside from this very interesting legal hypothetical here.

Dave Bittner: Yeah. All right. Well, we will have a link to that story in the show notes. Really interesting stuff. And, of course, we'd love to hear from you. If there's something you'd like us to consider for the show. You can email us. It's caveat@n2k.com. Ben, I recently had the pleasure of speaking with Kathleen Hyde. She is from Champlain College Online. And we're discussing President Biden's national cyber workforce and education strategy and its potential to scale up the cyber workforce and bolster economic security. Here's my conversation with Kathleen Hyde.

Kathleen Hyde: Well, I would say the easiest way to describe the strategy is to say that it is composed of four pillars. Those four pillars are to equip every American with foundational cyber skills, transform cyber education, expand and enhance America's cyber workforce, and strengthen the federal cyber workforce. So that's really the highest level overview I can provide is that it's really a strategy that is dealing with how do we solve this cybersecurity education problem that we have? And then have those people who are educated come into the cybersecurity workforce, both private as well as government sectors.

Dave Bittner: And so, for folks like you who are at Champlain College Online, what sort of opportunity does this open up for you?

Kathleen Hyde: Well, I think that, looking at the strategy, when you look at what it is saying and what it contains, it's really driving down into academia becoming a partner with private enterprise and with public entities so that we are working together in an ecosystem to be able to solve the cybersecurity workforce problem that we have. And where I see that being specific to my organization is it really gives me a line of growth for us, for me to go to industry and say, Listen. There's this strategy. And I want to have conversations with you so that we can build programs that are going to not only meet your needs but meet the needs of cyber workforce, in general.

Dave Bittner: Can you give us some insights as to how that process works? I mean, as you and your colleagues there are designing the curriculum and the programs that you offer, how much interaction has there historically been with folks in industry?

Kathleen Hyde: We're a little bit different in that Champlain College Online has been doing this for a long period of time. We've been in online education for decades, and we've been working with industry for decades, specifically with our cybersecurity program. And what we do is we go out to the large employers and the small employers and we say, What do you need? What are you looking for? What are those skills that you need in your employees so that they can do the jobs that you need them to do? So for a significant amount of time what we've been doing is working with the employers to identify those upskilling needs that they have in cybersecurity. So you have a employee who has been working with an organization for -- you know, a big company for a long period of time, sometimes several decades. They've got technology that's becoming obsolete, and that employee is not yet at retirement age. So how do you move them into a different position? Well, you upskill them. So we've been working with employers for quite some time to identify what those needs are and then developing the curriculum so that we can meet those needs. Then what we also do is we look at the needs of industry, in general. That's by attending conferences, talking with industry partners there, and looking to the federal government with a NICE framework with cyberseek.org and assessing what the knowledge and skills are that are needed by cybersecurity professionals today and then also looking to tomorrow. And so then we look at what we have in our portfolio, and we develop new programs to meet those needs, whether those are certificate programs or they're bachelor's programs or they're master's programs.

Dave Bittner: Are there offerings out there for folks who may not be cybersecurity professionals but are still, you know, seeking to improve their knowledge in that particular area?

Kathleen Hyde: There are a lot of different offerings, you know, and that's one of the things about cyber is that not everybody goes and obtains an academic degree so that they can become a cybersecurity professional or they can become cybersecurity aware. And so there are courses that you can take that are online that are free. There are also boot camps that you can take. Those are not necessarily free, but those are things that you can take to learn more about a specific area of cyber. Very helpful if you want to become a cybersecurity professional. You're looking to maintain your learning because we all have to be lifelong learners in cybersecurity. And then there -- of course, there are the academic degrees, and then there are industry certifications where you could take courses to study for industry certifications. And you don't necessarily have to take the exam. So a lot of people find that all of those work well for them to continue their cybersecurity education. And some people are just curious. So they may take a course here and there or attend a webinar to learn more about cyber.

Dave Bittner: You know, more and more I'm hearing cybersecurity professionals, the folks who are out there doing the hiring, saying that, you know, as they're trying to fill so many of these positions, they're looking at nontraditional folks, you know, that you don't have to have a four-year degree in computer science to be considered for these types of jobs necessarily anymore. And it seems to me like the types of things that you all are offering here really fit right into that strategy.

Kathleen Hyde: They do fit right into the strategy. And I actually want to come back to the strategy for the national cyber workforce and education strategy because that's one of the things that this talks about and speaks to is the fact that, for us to fill the cybersecurity positions that are available, not just now but the ones that will be available tomorrow and next year and in five years, we need to be looking at all of the different ways that someone can come into cybersecurity. We also need to be looking at all of the different types of people who come into cybersecurity. You know, we have people who work in HR that move into cybersecurity, or they're working in the mental health field and they move into cybersecurity. And that's because cybersecurity touches so much of what we do, not just in our daily lives but in organizations. So it really becomes important for us to look at all of those different ways to come in. And that includes people who are career changers. And it includes people who don't take the path of going and getting a two-year or four-year degree and then getting a master's degree, that maybe they attend a boot camp or maybe they go to an internship. Maybe they go to an employer sponsored program to upskill and then move into cybersecurity with their existing employer or add a new employer who is offering that ability to do an internship and then come into a position with the firm.

Dave Bittner: What's your advice for those students who are coming up and seeking employment here? I've heard frustration from some of them saying that, as they go around and present their resumes to employers, that a lot of employers are -- they're looking for folks who are what they describe as being fully baked, you know, people who have a decade or more of experience and that there's a shortage of these entry level positions. Any insights on how folks who are starting out or switching can get themselves noticed?

Kathleen Hyde: Well, I think the first thing to say is that that's a pain point in the industry is that for -- you know, there must be a repository somewhere on the internet of these job descriptions. And they all say, you know, you need XYZ industry certifications, and you need to have 10 years of experience minimum.

Dave Bittner: Right, right.

Kathleen Hyde: And they're all cutting and pasting. So one of those things that I usually counsel my students and anybody who's talking to me about cybersecurity, I counsel people who are not my students but they're thinking about cybersecurity. And I always say to them, don't self select. You know, if you look at that position, and it says 10 years of experience, and you say, Well, I'm not going to apply, you have self-selected out. You have opted out. And I would say the first thing that you need to do is not do that. Let the hiring manager decide that you are not the right person for that position because not everybody in HR understands cybersecurity. And that's one of the things that the NCWES also speaks to is talent management. And I think that, when we see that happening more on the federal level where they're changing that understanding of cybersecurity in the workforce and what it takes to advertise, we're also going to see that carry through to private industry. But getting back to your question about, you know, what can somebody do, I think you have to be realistic that, if you are coming into cyber, that having one credential is not going to be sufficient. You're going to need to present yourself as someone who is well-rounded. And that doesn't mean that you just have the technical skills because more and more what I'm seeing in industry is that they are looking for what are called soft skills, what I heard earlier at a conference referred to as power skills. And that's really the ability to problem solve and troubleshoot because, if you can do that, you can use the technology to assist you to get to the end goal. But if you don't have those basic skills and you don't know how to utilize them in a virtual setting, working on a team, having good communication, it's going to be very, very difficult for you to work in industry. And that's because they really are looking for a package. They want to see that you have knowledge. They want to see that you have some skills. They want to see that you have those power skills, and they want to see that you are interested in acquiring new skills.

Dave Bittner: Ben, what do you think?

Ben Yelin: Yeah. Really interesting interview. I think the development of a national cyber workforce is going to be needed, as there's been a precipitous increase in cyberthreats and vulnerabilities, both domestically and internationally. It's important for our economic security, and it could be a major engine for job growth. And it's good to see the Biden administration tackling this issue.

Dave Bittner: Yeah.

Ben Yelin: I know we've tackled it or at least we've attempted to tackle it in Maryland, leveraging all of our universities where we're producing really smart people who have technical expertise in cybersecurity. And I think it'll be excellent to scale that up on a national level.

Dave Bittner: Yeah. You know, my hope here is that this can remain something that has bipartisan support and that the very fact that President Biden is championing -- championing this doesn't automatically make his opposition come up against it just because they don't want to give him the air quotes win, you know.

Ben Yelin: Yeah. I mean, part of it is, if you want to invest in anything, you have to spend money.

Dave Bittner: Right.

Ben Yelin: And there are people who are ideologically opposed to spending money on -- or increasing funding for domestic spending items. But I don't think there's a lot of opposition, per se, to enhancing the cyber workforce. And I think there are ways we can do that, that don't require a lot of domestic spending.

Dave Bittner: Yes.

Ben Yelin: It's strategic investments in our institutions of higher education. And, you know, I think that's something that we can do not on the cheap but in a way that doesn't expend a lot of government resources.

Dave Bittner: Right. All right. Well, again, our thanks to Kathleen Hyde from Champlain College Online for joining us. We do appreciate her taking the time. That is our show. We want to thank all of you for listening. A quick reminder that N2K strategic workforce intelligence optimizes the value of your biggest investment: your people. We make you smarter about your team while making your team smarter. Learn more at n2k.com. Our senior producer is Jennifer Eiben. This show is edited by Eliot Peltzman. Our executive editor is Peter Kilpe. I'm Dave Bittner.

Ben Yelin: And I'm Ben Yelin.

Dave Bittner: Thanks for listening.