When lawmaker Kevin Kiley was tapped to serve as vice chair of the Assembly Privacy Committee, he knew he had much to learn. A former high school teacher and state deputy attorney general, Kiley doesn’t come from a tech background.
But technology, he says, is key to his desire to help modernize state government and make it more transparent. He is also taking time to educate himself, seniors and small-business owners in his suburban district outside of Sacramento about how to protect themselves from cybercrime.
In his first year in office, Kiley, R-Rocklin, introduced legislation, AB 786, to allow entrepreneurs to file business records online with the Secretary of State’s Office — something only large corporations could do. The Secretary of State’s Office this year made the change before lawmakers approved the bill. And he is a co-author of legislation, AB 6, that would put all state expenditures online in a searchable format.
The freshman lawmaker says he will continue to push for more government transparency and to support efforts to beef up cybersecurity both in the public and private sectors. Following is an interview Kiley gave to Techwire last week.
Why did you think it was important that LLCs be allowed to file documents online?
I’m a huge advocate for modernizing government and this seemed like pretty low-hanging fruit, a relatively minor change that could have a meaningful impact for California businesses. We don’t always make life easy on our businesses. This was a little something that we could do.
The administration argues its large FI$Cal project will make state spending more transparent. Why do you think there needs to be specific legislation that requires detailed, online state spending?
Basically, every other state in the country already does this — has a digitized state budget that anyone can look at, line item by line item. I think a lot of times when you seek this sort of change, you have agencies say, “Oh, we’re doing this already by the end of 2080.” I think the technology is there and we just need to supply the political will. That’s something we’ll continue to work on.
Do you have any specific ideas about how to address the shortfall of cybersecurity jobs?
We just don’t have the pipeline that we need. We’re going to be experiencing more and more shortfalls in this area as the needs grow. As we’ve seen from recent events — whether it’s Equifax or Uber or other breaches that have gotten a lot of public attention — there’s a growing need to ensure cybersecurity in the private sector and public sector as well.
I think that we should look at where programs are succeeding and try to replicate those and expand them. We’ve seen some innovative things done in other states. Virginia has a program where they train veterans in cybersecurity, and that’s gotten some promising results. These folks, a lot of times, already have security clearances. So, I think we need to be thinking creatively like that.
There’s no reason that we can’t have this training as part of career technical educational programs and teach these skills. I think there are a lot of students who would really gravitate toward that. Also, expanding opportunities at the community college level and in higher education.
Is cybersecurity and information technology something that needs to be put into the K-12 curriculum or mandated as course offerings at universities?
I think it would be a great idea to provide at least incentives for coding, computer science, for IT and cybersecurity to be more readily available at the K-12 level. One thing that other states have done, for example, is that you fulfill your foreign language requirement by learning a coding language. Those sort of outside-the-box solutions that recognize the increased relevance and value of that skill set are something worth exploring.
Do you think that California has the right cybersecurity infrastructure in place or do you think there needs to be an enhancement?
I think we have certainly the foundation for ensuring there are adequate protections. I personally would like to see the Legislature take a little more active role in making sure, for example, that the governor’s cybersecurity task force has all hands on deck. It’s not exactly clear what role they are currently playing.
I hesitate to give an all-encompassing assessment of our state of readiness. I do think there have been steps in the right direction, but this is going to be something that is going to be an ongoing effort that we are going to continue to need as a Legislature to say, “OK, we’re creating this task force or investing this much money or directing agencies to coordinate.” We’re going to need to make sure we are vigilant in our oversight role so that the resources that are available and the mandate continues to keep up with the nature of the threat.
Do you think the California Cybersecurity Integration Center should be codified into statute?
I think so. Then it’s not as vulnerable to the whims of whoever the governor is at any given time and provides some sort of durability.
What points do you make to the private sector when you talk to them about cybersecurity?
Small businesses are uniquely vulnerable to cyberattacks, and when they hit small businesses, they can be devastating. Sixty percent of small businesses that experience a data breach go out of business within six months. I found that truly staggering. The average cost of a breach is $52,000. And 50 percent of all cyberattacks target businesses with fewer than 2,500 employees. I think that the Legislature can take steps to provide added protections but also to raise awareness.
The Notice of Breach Act — California is a leader in this area. It’s undergone a lot of revisions since it was first introduced. I expect you will probably see some activity around that given what happened with Equifax, with some people believing the notifications were inadequate. I can’t tell you what form that will take, but I think there will be an effort to revisit the Notice of Breach Act and see whether it's providing adequate protection for consumers.
Why did you push for a bill that would allow citizens to watch and interact with meetings held by the California Environmental Protection Agency and the California Natural Resources Agency?
I think that would have been a good measure to increase access to some government agencies that make pretty significant, far-reaching policy and that most Californians don’t have any access to because you have to go and show up at the meeting. I thought this would have been a really good, common-sense way to use technology to improve access and transparency.
I was disappointed to see that get held up in appropriations. I was surprised by the cost estimate they gave. I can walk in right now with my phone and Facebook Live to give this functionality, and yet when the state does it, we’re talking millions and millions of dollars and a process that is really complicated. I understand there are, of course, security measures that need to be taken that would make it so you couldn’t literally do a Facebook Live, but it does go to show you how resistant government can be to technology, to modernization, to making use of practices that are very common in business, yet we seem incapable of changing at times. And that’s unfortunate because it keeps government slow, it ossifies outdated practices and it makes our state government less responsive to the people of California and to the needs of the state.
An effort to develop a small-cell network in California stalled this year. Do you think the Legislature has a role in regulating this technology?
I do think the technology has tremendous potential to increase access, improve performance and lower costs. Given the fact that the locations of these are limited to public infrastructure, there is some role for the state in setting appropriate parameters as far as access to that infrastructure, but that does need to be balanced with the ability of local communities to control how that happens. If this bill does come back, I look forward to being an advocate for striking that balance the right way.
What are some ideas you have for tech-related legislation?
One area of interest for me is empowering educators to make effective use of technology in the classroom. This is something we’re going to see more and more of as technology advances. A lot of schools are doing really interesting and exciting things that allow teachers to reach students more effectively and to advance student achievement for students of all types. I’m very interested in how we can appropriately leverage advances in technology to provide better individualized instruction to students, and I think there’s tremendous promise in this area to really accelerate student performance, to close achievement gaps to make our education system more egalitarian and to empower teachers across the state.
