Q&A: Tufts University Program Instills Solid Technical Background for Future Policymakers

 

EDTECH: It’s incredible how little common knowledge there is around these areas. How do these concepts touch everyday people?

LANDAU: It affects every aspect of their lives. They probably don’t have a solid understanding of the Fourth Amendment. The problem is that the technology has moved so quickly.

In my research role, I’m working on the Internet of Things at home. If you think about the fact that you can’t buy a TV that’s not a smart TV, which sends back data on what you’re watching, all of that reveals a fair bit about you. I have a smart TV at home, but it is not connected to the internet.

When I founded the master’s degree in cybersecurity and public policy, I wanted students to take away an ability to look at a technical problem and see the policy implications and the technical implications, and be able to explain it cogently to both sides. In the past, we’ve placed students to do cybersecurity policy internships in the summer. We weren’t successful this year, but in the past, they went to The Citizen Lab in Toronto, the Electronic Privacy Information Center, Lawfare, R Street Institute, the Aspen Institute and many others. One who went to the Aspen Institute ended up following his boss to the National Governors Association, which advises the governors of the 50 states, where he did cyber work.

It’s an unusual thing that Tufts has: We have the only tech-informed cybersecurity policy program with an international focus.

EDTECH: From a policy standpoint, is there still a wide gap between those who understand the technology at hand and those who are making laws around it?

LANDAU: Our students either have a technical background, such as an undergraduate degree in computer science or maybe IT, or students with backgrounds economics, history or political science. All students have to take a course in international cyber conflict, a course in privacy in the digital age, and then they have a choice of cyber law and cyber policy or cyber in the civil sector.

The latter, of course, emphasizes why it’s hard to create cybersecurity. There are societal issues and context that makes it difficult: criminal activities, regulatory problems. On the technical side, if somebody comes in with a computer science degree, they skip the courses on how systems work or fail. We have a third technical course, “Cyber for Future Policymakers,” which looks at how the internet works, how encryption works and how encryption is used across the web. That’s not encryption policy, which is covered in cyber law, but where is encryption used to authenticate a person? Looking at applications, we look at digital identity management, quantum computing. And each of those is very brief, but we give them a flavor of the kinds of issues that policymakers ask about.

KEEP READING: How one college student is bringing Gen Z into the cybersecurity conversation.

We’re mixing students with policy backgrounds and students with technical backgrounds, and I have a lot of fun. Once, in international cyber conflict class, somebody gave an explanation and someone else said, “That’s all Greek to me.” There was a military student there who said, “Well, I studied Greek, but it’s certainly Latin to me.” I had the technical student explain it again, three or four times, before the military student could understand the explanation. This was to teach the technical student how to explain things to nontechnical people. They do group projects; we always pair nontechnical and technical students because they learn from and teach each other.