Route Fifty - All Content

Anthropic and nonprofit partner to streamline benefits administration with AI

Kaitlyn Levinson — Mon, 11 May 2026 14:02:38 -0400

CHICAGO — The civic tech nonprofit Code for America is partnering with artificial intelligence company Anthropic to develop tools aimed at helping caseworkers enhance public benefits administration across the nation.

The organizations are working together to develop an AI-enabled solution to improve the accuracy and timeliness of benefits service delivery under the Supplemental Nutrition Assistance Program, Jana Rhyu, vice president of product at Code for America, announced Friday at a summit hosted by the organization in Chicago last week.

The SNAP Policy Navigator tool is built on federal regulations, state manual selections, official policy directives and other documents to help caseworkers “quickly and accurately get an answer to [a] very specific policy question” when they are working with clients, said Michael Lai, who leads state and local government AI at Anthropic.

The tool leverages Anthropic’s Claude chatbot and is built on a model context protocol to ensure a secure two-way connection between data sources and AI applications, Rhyu said. A caseworker can input a simple, policy-based question, such as how a client’s change in income or a new federal policy could impact their benefits, and the tool outputs an up-to-date response in plain language with cited sources and suggested next steps.

The user “gets clarity on policy, not a decision on overall eligibility. The decision stays with [them],” she said.

The announcement comes as state and local public benefit agencies scramble to comply with rule changes to the federal food assistance program made last July under President Donald Trump’s “Big, Beautiful Bill.” The law subjects participants to expanded work requirements, shifts administrative costs to states based on their SNAP payment error rates, and requires that the Thrifty Food Plan — the model used to calculate the lowest-cost nutritional meal for a family of four — be cost-neutral to changes in food prices.

Since its passage, SNAP participation has declined by more than 3 million people across 36 states as of January, and further reductions are expected once the new rules are fully implemented, according to the Center on Budget and Policy Priorities.

“Policy is constantly changing, and the complexities of policy implementation are immense, which places an even bigger burden on the caseworkers,” Rhyu said.

That’s why it’s critical for resources like the SNAP Policy Navigator tool to help reduce caseworkers’ administrative burden of sifting through and trying to apply intricate policies to individual cases, she said.

Indeed, the complex rules regarding eligibility and exemptions present common barriers to benefits access and having to explain those to residents who depend on the timely and accurate delivery of public assistance to meet their everyday needs only adds to it, Lai said.

Such challenges are exacerbated by funding uncertainty, workforce shortages and increasing caseloads that many states and localities are grappling with across the U.S.

He pointed to one former caseworker who described their job as “an email inbox that's always full, where each one requires care and attention, but you're constantly getting interrupted as you try to work through the never ending inbox of people to help.”

In addition to the SNAP Policy Navigator, Code for America and Anthropic will develop a suite of Claude-based tools to further assist benefit workers with answering policy questions, reviewing eligibility documents and drafting communications to benefit recipients, Code for America leaders said in an announcement last week.

“We know that caseworkers are really overburdened in general, but especially at this moment with HR 1 as well, and so AI shouldn't be used for AI’s sake,” Lai said. “We want it ultimately to be helping in this human way and trying to make benefits administration more efficient, more accurate and more human centered.”

]]>

More states look to preempt local AI laws, report finds

Chris Teale — Mon, 11 May 2026 13:30:00 -0400

In recent months, much of the attention around preempting laws and regulations on artificial intelligence has focused on the federal government stopping states. But there is evidence that some states are also looking to prevent their local governments from regulating AI.

The Local Solutions Support Center, a group that tracks abusive preemption laws and looks to strengthen local democracy, found that nine states have considered 12 bills designed to limit local governments’ ability to regulate AI. LSSC said those bills largely fall into three categories: ones that restrict engagement with AI from foreign countries; ones that specifically focus on local regulation of AI; and others that look to protect the so-called “right to compute.”

Bills in New Hampshire — which has two — as well as Ohio, South Carolina and Virginia fall into the latter category, with Montana having already signed such legislation last year in its Right to Compute Act. The legislation imposes a very high legal standard on any local government effort to regulate AI, including any law, regulation, ordinance, rule, fee or condition.

LSSC said the bills, which are in various stages of debate in their respective states, appear to be based on a model bill from the conservative American Legislative Exchange Council.

Leslie Zellers, LSSC’s co-Legal Team Lead, said there is no “absolute right to do anything” in this country, as “your right ends when someone else’s right begins,” hence laws like a ban on indoor smoking to protect non-smokers’ health. It is a similar story for AI, she said.

“My right to compute ends when there are legitimate government reasons for regulating access to AI,” Zellers said. “Maybe it's to protect minors, maybe it's to protect senior citizens who may be vulnerable to scams. There are all kinds of legitimate government regulations… We are not guaranteed access to anything in the world on our computer.”

Zellers said it appears that big technology companies and “corporate special interests” have flexed their muscles to get these bills moving through state houses, similar to how they have tried to get the federal government to back off from any kind of regulation.

“You hear the argument a lot that they don't want a patchwork quilt of inconsistent regulation, and so they're trying to —forgive the pun — preemptively go to the state level and say that they want to make sure that their AI services are going to be completely available to anyone in the state without limitation from local governments. Honestly, it's just too hard for them to control what every local government does,” she said.

For its part, ALEC says the right to compute should be protected under a state’s constitution as a “fundamental right to own and make use of technological tools, including computational resources.”

“Any government restrictions on the lawful use of computational resources — including but not limited to hardware, software, algorithms, machine learning, cryptography, platforms, services, and quantum applications — must be narrowly tailored and demonstrably necessary to fulfill a compelling government interest,” the group continued.

Separately, states have explored legislation that would restrict localities from engaging with AI made in foreign countries, including U.S. adversaries. Georgia and Florida, the latter in both chambers of its legislature, have proposed laws in this area. While LSSC recognized “positive aspects” of these bills, including the emphasis on protecting national security and privacy, they also lamented that it still preempts localities from engaging in any way with a foreign-made AI, even if it is safe.

Meanwhile, two states — Illinois and New Hampshire — have attempted to pass bills to explicitly prevent local governments from regulating AI. The latter attempt has already failed, but Zellers said it is part of an effort by tech companies and agreeable politicians to clear the regulatory road ahead so they can have their products be used with no guardrails.

“In this case, in the AI category, I do think it's the corporate special interests trying to get ahead of this and trying to ensure access so that they can build the data centers, and then they can basically sell their product without any limits on it, and get some preemption thrown into the bargain,” Zellers said.

There is a connection between the existing federal preemption effort and this seemingly growing state preemption effort of local AI regulations, Zellers said. She said it shows a “symbiotic relationship” where the federal government wants certain policies but can only effectuate them at the state level, so it recruits willing partners to help them out. That’s the case in other areas like voting rights, the redrawing of district lines, immigration and other policy priorities, she said.

Those efforts, be they in AI or myriad other areas, will continue, Zellers said.

“What we're seeing is a lot more interaction between the states and the federal government, whether that's overt or implicit in their policy agenda,” she said.

]]>

How AI can lead to false arrests and wrongful convictions

Maria Lungu and Steven L. Johnson, The Conversation — Mon, 11 May 2026 12:30:00 -0400

This article was originally published by The Conversation.

In Baltimore on Oct. 20, 2025, a 17-year-old student named Taki Allen was sitting outside his high school after football practice when an artificial intelligence-enhanced surveillance camera falsely identified the Doritos bag in his pocket as a gun. Within moments police cars arrived, officers drew their weapons and Allen was forced to his knees and handcuffed while they searched him. All they found was a crumpled bag of chips. The AI’s misidentification and the human decisions that followed turned a normal evening into a traumatic confrontation.

On Dec. 24, 2025, Angela Lipps, a Tennessee grandmother, was released after spending five months in jail because facial recognition software had incorrectly connected her to fraud crimes in North Dakota, a state she had never visited. Police had arrested her at gunpoint while she was babysitting her four grandchildren.

These are unfortunate examples of how AI can lead to mistreatment of people because of technical flaws as well as misplaced human faith in the technology’s supposed objectivity. These cases involve different tools, but the underlying issue is the same. AI systems produce probabilities, and people treat them as certainties.

We are researchers who study the intersection of technology, law and public administration. In researching how police departments use AI and how digital technologies operate in a democratic society, we have seen how quickly the shift from probabilistic prediction to operational certainty happens in practice.

AI policing tools are used in dozens of U.S. cities, although no public registry tracks the full footprint. The tools ingest historical crime data and score neighborhoods on predicted risk so officers can be routed toward the resulting hot spots. The mechanism is straightforward, but its consequence is not. Once a system signals a possible threat, the question is no longer how certain the prediction is but what to do about it. A statistical output turns into a deployment decision, and the uncertainty that produced it gets lost on the way.

A matter of probabilities

When generative AI models such as ChatGPT or Claude respond to human requests, they are not searching a database and pulling out facts. They are predicting the most likely answer based on patterns in data they have been trained on. When asked, “Who invented the light bulb?” the models do not go to a source or fact-check a finding. They generate a statistically probable answer which is “Thomas Edison.” The reply might be right, but it might not capture the full story – such as Joseph Swan’s parallel invention at the same time as Edison’s. The danger arises when people believe that the model is retrieving truth rather than generating likelihoods.

This distinction matters. The most probable response is not the same as a factually verified answer, complete with context.

This reality can be highly problematic for policing and law. For example, when law enforcement agencies use AI systems trained on geographical data to estimate where criminal activity is likely to occur, the algorithms analyze historical crime data and geographic patterns. These systems generate statistical risk scores or heat maps for locations based on prior incidents. But such predictions may have little bearing on who was involved in a new crime in the area, even if an algorithm generates information that sounds authoritative.

Some researchers have argued that predictive policing systems do not increase the likelihood that racial minorities will be arrested more often relative to traditional policing practices. The broader concern, however, is not limited to measurable disparities in arrest outcomes alone. It is about how probabilistic predictions can become standardized operational decisions absent further verification.

Artificial intelligence researchers caution against using these models in isolation for crime and legal proceedings or decision-making. Research at the University of Virginia’s Digital Technology for Democracy Lab with police chiefs shows that some law enforcement groups follow strict policies that dictate when technology is used in tandem with, or in place of, human discretion, while others have no such policy.

What most users do not realize is that AI systems rarely produce binary answers: yes or no, a positive identification or a negative one. They generate probabilities. Some systems assign scores that assess the system’s confidence in a prediction. In those cases, engineers set a confidence threshold, a level of certainty that determines when the system should trigger an alert about a possible threat. You can think of this threshold as settings on a control knob. A 95% confidence level, for example, indicates that the model considers its interpretation to be highly likely.

A low threshold catches more potential threats but increases false alarms. A high threshold reduces mistakes but risks missing real dangers. Either way, these algorithmic thresholds are often invisible to the public and are set quietly by vendors or agencies, even though they shape when police action begins.

Where to draw the line

In medicine, these kinds of trade-offs are explicit. Diagnostic tools are calibrated on the relative harm of different errors. In infectious disease settings, for instance, systems that detect infections are often designed to accept more false positives to avoid missing contagious individuals. Then medical professionals look into the human cases. And the algorithm-based decisions are subject to professional standards, ethics reviews and regulatory oversight.

In policing, an AI system must balance false positives, where the system flags a threat that does not exist, and false negatives, where it fails to detect a real danger. The trade-off carries significant consequences. A lower threshold may generate more alerts and allow officers to intervene earlier, but it also increases the risk of mistaken identifications, which happened to Angela Lipps, or escalated encounters like the one Taki Allen experienced. A higher threshold may reduce wrongful interventions but could allow legitimate threats to go undetected.

Some law enforcement agencies argue that acting on imperfect signals is preferable to missing serious risks. But lowering the bar for algorithmic alerts based on probabilistic estimates effectively expands the number of people subjected to police attention. It is important to realize that these thresholds are not neutral features of the technology; they are choices embedded by the creators in the model’s code. Decisions about where to draw the line determine when an algorithmic suspicion becomes a real-world police action, even though the public rarely sees or debates how those thresholds are set.

Limits of optimization

Developers often use several methods to determine where to set a confidence threshold. Techniques such as “receiver operating characteristic curve analysis” examine how changing the threshold for an alert alters the balance between correctly identifying real events and mistakenly flagging harmless ones. Precision–recall analysis examines a similar trade-off, asking how accurate the system’s alerts are relative to the number of incidents it successfully detects.

These approaches could help calibrate systems more responsibly by testing how often an algorithm wrongly flags people or locations. Fine-tuning can improve system performance. But the techniques cannot resolve the underlying question of how much algorithmic uncertainty society is willing to tolerate.

In law, legal standards of proof determine how convincing evidence must be before a judge or jury can rule in favor of a plaintiff or defendant. Courts use formal standards of proof depending on the stakes, such as probable cause, preponderance of the evidence and beyond a reasonable doubt. These standards reflect a societal judgment about how much uncertainty is acceptable before exercising legal authority. A court does not accept a guess or a prediction; it follows a process to weigh evidence. Unlike humans, an AI model does not usually say, “I’m not sure.” A model typically has confidence in its reply, even when the answer is incorrect.

Stakes are rising as AI enters the courtroom, law enforcement, the classroom, the doctor’s office and the public sector. It is important for people to understand that AI does not know things the way many assume it does. It does not distinguish between “maybe” and “definitely.” That is up to us. We believe that technologists should design systems that admit uncertainty and need to educate users about how to interpret AI outputs responsibly.

Maria Lungu, Postdoctoral Researcher of Law and Public Administration, University of Virginia and Steven L. Johnson, Associate Professor of Commerce, University of Virginia

]]>

Data center dilemma: Who should decide where they go in North Dakota?

Peyton Haug, North Dakota Monitor — Mon, 11 May 2026 11:30:00 -0400

This story was originally published by the North Dakota Monitor.

Tech corporations are coming to North Dakota farm fields to build massive, resource-intensive computer warehouses that feed artificial intelligence. But with minimal public oversight, residents and local governments are struggling to manage the rapid infrastructure sprawl.

The only approval data center developers in North Dakota have to obtain before building is permitting from local governments, like townships and county commissions. There is no formal environmental review or centralized body in charge of overseeing their developments.

Locals aren’t necessarily looking to relinquish control over that process, nor are state leaders wanting to gain that authority — but both agree planning needs to be more thorough and transparent.

“It came so fast. No one was really talking about data centers until they were actually starting to build,” said Association of Counties Director Aaron Birst.

On one hand, bringing the tech industry to the state helps diversify its economy, providing a heavy tax base and economic development outside of the ag and oil industries. But it is quickly changing the landscape in ways people aren’t used to, said Birst, a lifelong North Dakotan.

Mike Henke, a farmer in Oliver County, argues in favor of a moratorium on data center construction at a county planning and zoning board meeting on Feb. 26, 2026. (Photo by Jacob Orledge/North Dakota Monitor)

At least four western North Dakota counties have placed temporary bans on AI data center projects, though some have since lifted the moratoriums.

While locals want to hold onto authority over where the campuses land, Birst said “there has to be a partnership between the state and the feds with counties” to responsibly do so.

The Public Service Commission evaluates permit applications for siting energy generational facilities, like coal plants and wind farms.

But the commission has virtually no say over where data centers go, said PSC Chair Randy Christmann. AI data center campuses do not power the electric grid; they are merely consumers.

Christmann said he’d favor a process that would allow the PSC to weigh in during the planning process, especially to give advice on projects’ impact to the grid.

“I’m not saying that they (AI data centers) have to be approved by us, but if there was some process that included us, I think we could provide a lot of information that would prove to be beneficial to whoever is going to make the final decisions,” he said.

Jen Neumiller, tax equalization and land use administrator for Mercer County, said state guidance could provide consistency in planning for the projects on the county level.

“It’s just so new, and happening so fast,” she said.

Wes Klein, a Mercer County rancher, wants more transparency on data center development and how these industries benefit from tax breaks. He spoke during a press conference called by Vern Thompson, Democratic nominee for agriculture commissioner, on May 4, 2026. (Photo by Jacob Orledge/North Dakota Monitor)

Wes Klein, a Mercer County rancher, is worried about the impacts of a proposed data center on wildlife and hunting in the area. He suggested during a news conference last week that thorough environmental impact studies be conducted for data centers to minimize those impacts.

Klein also advocated for more public reporting about tax breaks granted to data centers.

During the last legislative session, Rep. Anna Novak, R-Hazen, attempted to pass a bill that would have required data center developers to obtain a certificate of public convenience and necessity before building. The North Dakota Planning Association favored the bill, while the Data Center Coalition of North Dakota, Applied Digital and various electric cooperatives opposed it.

Instead of landing as an enforceable policy, the legislation later passed as a study relating to the “impact of large energy consumers on the state’s electrical grid.”

Terry Effertz, executive director for tech industry advocacy group TechND, said having a set of standard ordinances tailored to individual communities is the ideal approach to planning the projects, not state regulations.

“I don’t think a statewide approach does much other than shut down other possible projects from coming into the state,” she said.

Effertz applauded the League of Cities and Association of Counties for creating a standard ordinance for local governments to use when planning for hyperscale campuses.

On the Grid

If planned well, AI data centers could help alleviate power grid issues.

Data center builder and operator Applied Digital has a campus in Ellendale, for instance, that is positioned to consume power that’s otherwise produced in excess, which has historically contributed to power bill increases.

If planned poorly, however, the campuses can overwhelm the system and spike those bills.

This happened in Williston, when the Atlas Power Data Center’s huge power consumption strained the grid by consuming more power than what was being produced and subsequently contributed to higher energy costs. Its noise levels also spurred a lawsuit.

Public Service Commission Chair Randy Christmann speaks Dec. 21, 2023, during a hearing. (Photo by Kyle Martin/For the North Dakota Monitor)

Christmann said he “cringed” when learned about the facility after it was completed. He knew the region was already experiencing grid congestion issues.

The commission’s understanding of the grid and various power providers could raise alarm to such issues that might end up being problematic, he added.

Mike Swartz lives within 2 miles of Applied Digital’s Harwood site, and said more state oversight could establish a system to monitor the statewide impact of such campuses, particularly when it comes to the grid infrastructure.

“Sure, we have a surplus of energy and costs are low. But in three years time, if all these centers are built, that surplus is gone,” he said. “We are going to be in for a big surprise.”

Secret Contracts

Making the planning process more transparent could help increase public confidence, local government leaders say. Local officials are often asked to sign nondisclosure agreements during planning stages of AI data centers.

The contracts are typically used in land development scenarios when information about a project, if made public, could implicate the negotiation process.

But to Birst, it’s a “balancing act.” Though he said some proprietary information should remain under wraps, disclosing some details tied to the footprint of a hyperscale AI data center campus “doesn’t seem like a competitive disadvantage.”

“It’s completely unfair that public officials can’t say anything about it until the approval process,” he said.

Residents of the greater Harwood area protested when Applied Digital first announced to the public it would be building a campus in the area after local officials and planners had known about the project months before the public did; permitting was already in motion and the groundbreaking was just weeks away.

It’s “shady” and “not fair” to the people, Neumiller said of staffers and elected officials signing the agreements.

Mark Kerkvliet, left, waits his turn to ask a question during a community meeting in Harwood, North Dakota, on Aug. 25, 2025, about a planned data center. (Photo by Jeff Beach/North Dakota Monitor)

Swartz said the act of local governments planning for such large projects under such agreements should be “abolished.”

“By signing an NDA, you are no longer operating in the capacity of your constituents, you’re working for the company,” he said. “City officials come and go. It’s a lot harder for residents to leave their entire life behind or uproot because of a hasty decision that changes the atmosphere of the community you thought you were settling into.”

Birst said he anticipates the Legislature will address the use of nondisclosure agreements in the 2027 session.

In the meantime, TechND is putting together an education coalition to teach landowners about infrastructure, including data centers. Effertz said the group hopes to host town halls in communities with concerns about the technology and its infrastructure.

The controversy tied to hyperscale AI data center campuses is bringing together North Dakotans of varying political beliefs.

Democratic-NPL candidate for agriculture commissioner Vern Thompson said he has been summoned, on multiple occasions, to Republican-dominant farming communities over the matter — including Ellendale, where Applied Digital has a campus.

Thompson doesn’t want to stop the tech industry from doing business in the state, but he said he wants to avoid the land becoming the “wild west.”

“The way things are going, people and property are going to be harmed,” he said. “We have to do it right.”

North Dakota Monitor reporter Jacob Orledge contributed to this report.

Independent journalism for all

As a nonprofit newsroom, our articles are free for everyone to access. Readers like you make that possible. Will you help sustain our watchdog reporting today?

SUPPORT

North Dakota Monitor is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) public charity. North Dakota Monitor maintains editorial independence. Contact Editor Amy Dalrymple for questions: info@northdakotamonitor.com.

]]>

Canvas breach spotlights cybercriminal appetite for student data

David DiMolfetta — Mon, 11 May 2026 10:30:00 -0400

A major cybercrime gang’s hack of Canvas is highlighting how education technology providers have become attractive targets for cybercriminals, whose access to student records, login credentials and other sensitive data can create opportunities for fraud, identity theft, extortion and future intrusions.

ShinyHunters on Thursday claimed responsibility for a hack into Instructure’s Canvas platform that facilitates course materials and class management for thousands of institutions. An extensive document posted by the hackers and obtained by Route Fifty lists some 9,000 customers apparently impacted in the breach, including Georgetown, Harvard and Cornell universities. It’s not clear whether all victims listed were accessed, or what data may have been stolen.

As Instructure worked to restore services, the hackers appeared to launch follow-on attacks, while students flooded social media during final exam season with photos and videos showing compromised Canvas pages appearing upon login. ShinyHunters claims it accessed names, email addresses, student identification and private messages.

The hacking group said Saturday it would not comment further. An extortion message posted on affected sites says that Instructure has until May 12 to reach out to the hackers. ShinyHunters has since removed Instructure from their Pay-or-Leak portal and the company says Canvas functions have been restored.

Route Fifty has asked Instructure if it is negotiating with the group or has paid a ransom to prevent data from being leaked.

The FBI is likely investigating the incident, according to two people familiar with the matter who requested anonymity to communicate their understanding of the government’s response to the breach.

An FBI spokesperson said on Friday that the bureau is aware of the compromise.

“If you are contacted directly by anyone claiming to have your data, we recommend you not send payment or respond to their demands. By receiving a message, that does not necessarily mean your personal information has been compromised,” their statement said.

Hackers often exaggerate or fabricate their access to sensitive or personal information to prompt payment from victims, the FBI spokesperson added. “We encourage individuals to be cautious of unsolicited emails, calls, or texts claiming to be from your school, the [Learning Management System] provider, or law enforcement and to verify the contact through known channels before responding.”

Universities are a “treasure trove” of data and ransomware hackers know this, said Cynthia Kaiser, a former senior FBI cyber official. “At the same time, the openness that defines higher education can make these institutions more exposed than many other organizations.”

Kaiser, now vice president of the Ransomware Research Center at Halcyon, said that criminal hacker groups frequently obtain credentials from other intrusions and use them to carry out other hacks.

“You have to remember that groups like ShinyHunters, Lapsus$ and Scattered Spider often log in rather than hack in,” she said, referring to a slew of major criminal hacker gangs that have made headlines for their intrusions over the years.

Any stolen data wouldn’t enable immediate financial theft, though it’s highly valuable for targeted phishing and social-engineering attacks, said Adam Marrè, a former FBI special agent and Chief Information Security Officer at Arctic Wolf.

“The biggest risk after incidents like this is not instant identity theft but scams that surface weeks or months later and appear legitimate. Students, parents, and educators should stay alert for unexpected or urgent messages, avoid clicking unverified links, enable multi-factor authentication on email accounts and be cautious with any request for personal information,” he said.

The House Homeland Security Committee is investigating the matter, according to a letter sent Monday to Instructure CEO Steve Daly from Rep. Andrew Garbarino, R-N.Y., the panel’s chairman. He asked company executives to brief lawmakers and staff by May 21.

Instructure said in a blog post that the unauthorized access involved information like usernames, email addresses, course names, enrollment information and messages. The company also “identified a vulnerability regarding support tickets in our Free for Teacher environment that was exploited.”

It’s not known how long it took for the hackers to craft the plan for the intrusion, but the fact that they carried it out during final exams “shows the level of planning that went into this attack,” said Damien Skeeles, a senior manager at Filigran, which sells open-source cybersecurity solutions.

“You wonder how much more planning went into it, and how many more acts there are to follow,” he said.

]]>

How Mississippi’s revenue department optimized tech without cloud

Chris Teale — Fri, 08 May 2026 13:00:00 -0400

Unlike similar agencies, the Mississippi Department of Revenue has a peculiar mission with three separate and specific lines of business.

One is expected, as it is responsible for taking in taxes. But the DOR also provides software as a service for the state’s county governments, including for motor vehicles’ titles and tags, as well as serving as the state’s alcoholic beverage control division, which now includes medical marijuana. All told, it collects more than $10 billion in revenue each year.

Having the technology to manage all those disparate business functions and processes could be a headache, especially as some mainframes the state relies on are decades old. But Mississippi has taken various steps to make its tech offerings more streamlined and centralized, including revamping its data centers to reduce its server footprint by more than 20% and converting its mainframe systems to web apps that DOR administers.

It’s taken a lot of hands-on leadership, said Michael DeHaan, the DOR’s chief technology officer, which in itself has represented a shift from the traditional way of doing things.

“When I moved into the CTO position, it was actually a change for how we wanted to approach leadership,” DeHaan said in a recent interview. “A lot of government agencies, they'll have a CTO in place of a [chief information officer]. We have subverted that. Rather, the CIO is the ownership of the business process, while the CTO is the ownership of the technology stack, meaning I lead from the front, they lead from the back, and we optimize for what it is like for the engineer sitting on the keyboard with how we build our architectures.”

DeHaan said DOR went from a “largely dispersed” agency with its mainframe tag and title system and the tax system that also administers liquor both run by the state’s central IT department. Quickly, DOR converted the mainframe tag and title system into a web application that it could administer itself, then took ownership of tax and liquor too.

In doing so, the agency also unified its data management using a platform from Everpure Fusion, an effort that has saved 39.5 hours a day of staff time due to faster application response times and resulted in no downtime. DeHaan said DOR has “flipped the paradigm” to become an agency that does not rely much on others for its technology provisions while enjoying massive revenue growth. He compared that journey to being in the “front seat of that rocket trip flying through growth.”

Meanwhile, DOR has stayed largely on-prem in its operations and still relies on data centers. But the efficiencies it has found in modernization and revamping its applications mean the state services run just the same as they would if they were in the cloud, DeHaan said.

“The whole race to the cloud of 2019, 2020, 2021, everybody got up there and went, ‘Yikes, this is super expensive,’” he said. “They had already refactored their applications and started hosting applications like cloud apps, regardless of where they live. We've actually already been doing that for a while, so while we are hosting like we're running in cloud land, we are actually predominantly on-prem.”

The effort hasn’t been without its challenges, however. An inventory glitch with a new software system that was not compatible with DOR’s delivery system has meant a backlog of deliveries from the state’s Alcoholic Beverage Control warehouse and led to some businesses in the state running out of alcohol to sell. Lawmakers tried, and failed, to pass an emergency measure to let businesses bypass the state ABC and buy directly from distributors until the problem is fixed.

DeHaan said any issues that DOR faces, whether it be outages at the DMV or anything else, need to be fixed properly, as the trend of “typical government good enough is not good enough.”

“We are stewards of the citizens, but being citizens ourselves, we take that super personal, and that comes down in every dollar of the budget,” he said.

Some Mississippi agencies may be concerned about recent legislation in the state, which mandated that their operations must all be cloud native by 2027, unless there are budgetary reasons for them to not make the switch.

“If that sounds scary, it is,” DeHaan said.

But he noted that, given the amount of modernization work DOR has already done, it will not be too big a lift to move everything fully into the cloud and away from on-prem data centers.

“One of the things that's been great about us is we have put so much effort into modularity and fungibility in our architecture as we've grown up that we can just redeploy over here,” DeHaan said. “I need a lot of money in my budget to be able to accommodate that, but we can have those same service deliveries, whether we're on prem or in the cloud.”

]]>

Florida has a new law regulating AI data centers

Christine Sexton, Florida Phoenix — Fri, 08 May 2026 12:00:00 -0400

This article was originally published by Florida Phoenix.

AI data centers will be required to pay for their own utilities and not shift the costs to customers now that SB 484 is law.

Appearing Thursday in Lakeland with Florida Secretary of Commerce Alex Kelly, Gov. Ron DeSantis thanked the Legislature for passing the bill, even though it was less expansive than what the governor advocated.

“Thanks to the folks in the Legislature for passing this. I think it’s good. I think it’ll make a difference. And I know a lot of people in Florida can breathe a sigh of relief, given what they’ve seen happen in other parts of the country.”

SB 484 does not ban artificial intelligence companies from signing secret nondisclosure agreements with state agencies. The law allows data centers that plan to expand or move in Florida to keep their intentions quiet for a year.

That is contrary to what DeSantis pushed for. The governor championed strict regulations to increase transparency and prevent these companies from taking over Florida’s financial and environmental resources.

And while the Senate was willing to deliver to the governor the bill he coveted, the House was not.

The new law requires the Florida Office of Program Policy Analysis and Government Accountability to study construction and operation of data centers and submit its findings to the governor, Senate president, and House speaker by July 1, 2027.

The law puts an onus on the Florida’s Public Service Commission to ensure that data centers pay for their own utilities, and that those costs aren’t shifted to consumers. The law also continues to allow local governments to regulate land development with respect to data centers.

SB 484 appeared as though it, like so many other bills, would fall victim to what one seasoned Senate Republican described as potentially one of the worst sessions he’s experienced.

But the Senate agreed in the 11th hour of the 2026 session to approve SB 484, rewritten by the House following conversations between the pro-AI White House and state House members, Florida Politics reported.

President Donald Trump, like most Republicans, has embraced expansion of artificial intelligence. The Department of Defense used AI to both capture Venezuelan dictator Nicolas Maduro and to carry out strikes in Iran.

DeSantis, however, is wary of AI and has pushed for strict regulations, making him a standout among the GOP.

]]>

US tech official calls for ‘transformational’ use of AI in scientific discovery

Edward Graham — Fri, 08 May 2026 11:00:00 -0400

The Trump administration sees greater incorporation of artificial intelligence capabilities into the scientific research space as critical for continued U.S. technology leadership, a White House official said on Thursday.

Speaking at the Special Competitive Studies Project’s AI+ Expo, U.S. Chief Technology Officer Ethan Klein said a major focus of this administration “is having better integration and tie-in across the scientific development piece, all the way through tech development, testing, prototyping and scale up.”

Klein said greater adoption of emerging capabilities like agentic AI — autonomous systems capable of executing specific tasks with minimal human oversight — will have a profound impact on scientific research. A Market Connections survey of more than 200 technology executives across government that was released on Tuesday found that 53% of respondents said their agencies were already exploring uses of agentic AI or were planning pilots of the technology.

“Across a broad swath of applications, but specifically for scientific discovery, I think agentic AI will be transformational,” said Klein, who also serves as an associate director of the White House Office of Science and Technology Policy.

Greater use of these capabilities, he said, would help to expand and enhance data collection and transform the types of experiments that can be conducted by researchers.

“I think that if we're able to actually deploy these agentic AI … agents across those workflows, they're going to see a great amount of scientific efficiency,” Klein added. "And that's incredibly important, because that underpins every one of these technologies that we're looking to develop.”

The Trump administration has already taken some steps to enhance nationwide research efforts by leveraging AI. The largest of these is the Genesis Mission, which was launched in November 2025 and seeks to further harness AI for scientific advancement.

Klein said the initiative will help bring “a bit of that muscle [when it comes to] incorporating that into the workflows that we know are going to bring forth this new era of AI-enabled scientific discovery.”

Thursday’s panel, however, was held amid ongoing concerns about how the Trump administration’s push to scale back government operations through layoffs and reductions in force is impacting research efforts.

Just last month, President Donald Trump dismissed all 22 members of the independent advisory board overseeing the National Science Foundation, which supports nationwide science and engineering research. Critics have said the purge — which comes as NSF still lacks a permanent director — will harm continued U.S. scientific leadership.

Editor’s note: Market Connections is a business division of GovExec, the parent company of Nextgov/FCW.

]]>

Why government information gets reassigned by AI — and what that means for public trust

David Rau — Fri, 08 May 2026 10:00:00 -0400

When a resident asks an artificial intelligence system a question about local government — whether a road is closed, a school is operating, or a health advisory is in effect — the expectation is straightforward. The answer should reflect the guidance issued by the responsible local authority.

But that is not always what happens. Instead, answers are sometimes attributed to a different agency, a broader level of government, or a source that is technically related but not authoritative for the situation. A county update may be interpreted alongside state guidance. A municipal advisory may be blended with federal recommendations. In some cases, the correct information appears — but it is assigned to the wrong issuer.

These outcomes are often described as errors. But they follow a consistent pattern, and that pattern points to something more structural. The issue is not simply that AI systems misunderstand government information. It is that, in many cases, they are forced to decide which authority to assign when that authority is not clearly declared in a way machines can interpret.

How Authority Becomes Ambiguous to Machines

Government communication is rich with implicit structure. A public information officer understands the difference between a city department, a county agency and a state office. Jurisdiction, responsibility and scope are part of how information is interpreted.

Traditional publishing formats rely on that understanding. A press release carries a letterhead. A webpage sits within a domain. A PDF reflects an official voice. For human readers, these signals are sufficient. For AI systems, they are not.

When multiple sources address the same topic — for example, public health guidance or emergency response — the system must determine which source represents the relevant authority. If jurisdiction is not explicitly defined in machine-readable form, the system evaluates other signals: frequency, consistency, general applicability and structural clarity.

The result is that authority can shift. A broader or more frequently referenced source may be selected over a more precise local update. A state-level document may override a municipal advisory. A general guideline may be presented as if it were locally issued. The system is not inventing information. It is resolving ambiguity.

Reassignment is Not an Edge Case — It is a Default Behavior

This kind of reassignment is not rare. It is a predictable outcome of how AI systems process information. When authority is implicit, it must be inferred. When it is inferred, it becomes probabilistic. And when multiple plausible sources exist, the system selects the one that appears most stable or broadly applicable.

From a technical perspective, this is efficient. From a public communication perspective, it introduces a subtle but important distortion. The information may be correct, but the authority behind it is not. That distinction matters.

Residents rely on local governments not only for information, but for accountability. Knowing which agency issued a statement determines where questions are directed, how policies are understood and who is responsible for outcomes. When authority is reassigned, that connection weakens.

Why This Problem is Increasing

As AI systems become a primary interface for public information, this issue is becoming more visible. Previously, a resident navigating a website would encounter context alongside content. The structure of the site reinforced the identity of the issuing agency. Now, answers are delivered as summaries, often without the surrounding cues that establish authority.

At the same time, AI systems draw from multiple sources simultaneously. This increases the likelihood that overlapping information will be merged, compared, or substituted. The combination of reduced context and expanded source aggregation makes authority reassignment more likely, not less.

A Shift Toward Explicit Authority Signals

Addressing this issue does not require changing what governments communicate. It requires changing how authority is expressed within those communications. Increasingly, this is being approached through structured, machine-readable records that make attribution explicit. Rather than relying on context, these records declare the issuing entity, jurisdiction and timing in a format that can be consistently interpreted.

This approach is often described as an AI citation registry — a system that translates official communications into citation-grade signals for AI systems. The purpose is not to control how AI generates answers, but to reduce the ambiguity those systems must resolve. When authority is explicit, there is less need for inference. When there is less inference, there is less reassignment.

Preserving Authority in an AI-Mediated Environment

As AI systems take on a greater role in how residents access information, the question for local governments is not whether interpretation will occur, but how much of that interpretation is left to the system. When authority is clearly defined at the point of publication, AI systems can reflect that structure more faithfully. When it is not, authority becomes one of several variables the system must estimate. Over time, that distinction shapes how government communication is understood.

In an environment where answers are increasingly mediated, preserving authority is not only about what is said. It is about whether the system delivering the answer can reliably identify who said it.

David Rau works at the intersection of public-sector communication and emerging technology, focusing on how authority, attribution and trust function as AI systems increasingly mediate public access to government information.

]]>

Feds create controversial bidding portal for E-Rate

Chris Teale — Thu, 07 May 2026 13:00:00 -0400

Schools and libraries wishing to tap federal money to help pay for various connectivity efforts will soon need to apply for funding through a new portal after a Federal Communications Commission vote last week.

The FCC approved various rule changes for its E-Rate program, which helps pay for discounted services, internet access, equipment and maintenance, all to help close the digital divide. Commissioners voted to amend various program rules that they said would “simplify and streamline” some of the processes around the program, and to institute a new portal for the 2028 funding year competitive bidding cycle that begins on July 1, 2027.

In the new portal, prospective service providers would be required to submit bids responding to applicants’ requests for bids, and require those applicants to upload various bidding documentation, including bid evaluations, vendor selection documentation and contracts. The portal will act as a centralized repository, with a consolidated place for information to be provided and stored, and it is meant to reduce the need for applicants to respond to document requests from the FCC and the E-Rate program administrator.

FCC Chair Brendan Carr and Commissioner Olivia Trusty voted in favor of the changes, while Commissioner Anna Gomez voted in favor of some and against others. Carr said the portal is a “common sense step forward” that complies with an FCC Office of Inspector General recommendation to create an online competitive bid repository. He also cited a 2020 report by the Government Accountability Office that warned that E-Rate participants could misrepresent compliance with bidding rules.

“Today, we finally act on those warnings and the Inspector General’s recommendation,” Carr said in a statement. “We do so bringing much needed transparency to the E-Rate bidding process. Instead of continuing to rely on self-certifications, we can rely on verifiable data. And instead of allowing the bidding process to largely happen in the dark, we are bringing light to the back and forth engagement that happens between providers, participants, and other engaged stakeholders.”

E-Rate and similar programs have come under fire from Carr during his chairmanship of the FCC. Commissioners voted last year to end federal funding for bus-based Wi-Fi connectivity and Wi-Fi hotspot library loan programs. And the FCC’s OIG said in a January report that Lifeline, another program that focuses on connectivity for low-income customers, had some states receiving millions in improper payments from the FCC for subscribers who were actually dead.

Those programs and others are paid for through the Universal Service Fund and administered by the Universal Service Administrative Company, which were declared constitutional by the U.S. Supreme Court last year after legal challenges.

Other commissioners warned that a new bidding portal for E-Rate could make applying for funds more complicated, and said it must not make the application process harder for them.

“The communities most at risk of being burdened by a more complex filing process are the same ones E-Rate was built to reach,” Gomez said in a statement. “Small rural libraries. Schools in tribal communities. Underfunded districts without dedicated E-Rate staff or the budget to hire consultants. Those advocating for measured restraint made a compelling case, backed by history, that new USAC system builds have not always gone smoothly, and that the consequences of a rocky rollout fall hardest on the smallest and most underresourced participants. We cannot let this process undermine a program that is working.”

Others have derided the new bidding portal as an unnecessary burden, and pointed to a recent GAO report that found that E-Rate was the only program of five reviewed by the agency to have adopted all recommendations and best practices to ensure its program integrity.

"Today's vote represents a solution in search of a problem," Joey Wender, executive director of the SHLB Coalition, a nonprofit that supports connectivity in community anchor institutions like schools and libraries, said in a statement. "[Despite] that strong track record, the FCC chose to impose a sweeping and unnecessary overhaul that will create new burdens for the schools and libraries that depend on this program. We are particularly concerned about the impact on small and rural schools and libraries, who may lack the capacity to manage these new requirements."

]]>

How a data center derailed $240,000 for affordable housing in rural Maine

Julia Tilton, The Daily Yonder — Thu, 07 May 2026 12:00:00 -0400

This article was originally published by Daily Yonder.

On a crisp afternoon in early April 2026, Richard Davis walked to the end of a boat launch on the Back River, a tidal channel that cuts through Midcoast Maine’s rocky coastline. As the tide swept in, Davis, co-founder of a local group called Protect Wiscasset and an area resident, fixed his attention on the opposite riverbank.

There, a 300-acre parcel of land, mostly covered by evergreen trees, is the subject of a decades-long debate that’s sparked questions about land use, energy, and local control in the town of Wiscasset, a community in Maine’s rural Lincoln County with a year-round population of 4,000 residents.

A recent idea? To build much-needed affordable housing, with initial federal funding from the American Rescue Plan Act (ARPA), a Covid-19 economic relief package passed in 2021.

Yet the land captured public attention in full force when plans to build a $5 billion data center were made public in September of 2025. Davis, who lives along the Back River about a mile and a half from the site, became concerned as soon as he found out about the data center. Protect Wiscasset came together last fall to organize against a development.

But Davis would soon learn that the data center was just part of the story. As the facilities are planned, often without much public transparency, communities also find themselves dealing with the opportunities lost to the possibility of a sprawling data center.

In Midcoast Maine, Wiscasset’s handling of a prospective data center ended with the community losing nearly a quarter of a million dollars of federal funding earmarked for housing.

All of this happened without a data center ever breaking ground. As the data center rush unfolds in small towns, the story is not only about what gets built, but also about what doesn’t.

Blinded by the Data Center Boom

Across rural America, places like Wiscasset are grappling with the data center boom. The data center market in North America is expected to be valued at $135 billion by the end of 2026, and it’s growing rapidly, driven by the needs of artificial intelligence. According to April 2026 findings from the Pew Research Center, two-thirds of new data centers are going to be built in rural places. Along with planned developments come fears about environmental and energy cost effects on host communities.

On Wiscasset’s Old Ferry Road, development plans are nothing new for the property along the Back River. The fate of the land has been an open question for more than two decades, since the Maine Yankee Atomic Power Company decommissioned its nuclear plant and sold hundreds of surrounding acres in the early 2000s. Wiscasset acquired the parcel in 2013, according to Aaron Chrostowsky, the town’s economic development director.

But the sudden, explosive debate over the data center last fall eclipsed federally-backed plans for affordable housing that had been in the works for months. Revelations about the potential data center caused more than just a community uproar.

Over a year ago, Lincoln County rescinded $240,000 in federal housing funds from Wiscasset after the town proposed using the money to scope out the feasibility of a data center, a Daily Yonder analysis of public records found. All of it happened outside of the public’s view.

As of the publishing of this story, the 300 acres on Old Ferry Road remain undeveloped. On March 3, 2026, Lincoln County reallocated Wiscasset’s federal dollars to the neighboring communities of Waldoboro and Newcastle, for their own affordable housing and infrastructure projects. The towns have until December 31, 2026, to spend the money, per federal law.

“They were so enamored by the idea of a $5 billion data center landing in Wiscasset that they kind of got blinded,” said Peter Arnold, a Lincoln County resident and the founder of RePower Wiscasset, about the town’s actions.

An Affordable Housing Crisis

During the Covid-19 pandemic, the Biden administration and U.S. Congress passed ARPA to promote the country’s economic recovery with $1.9 trillion in funding. Those funds were dispersed to businesses, households, and local governments across the U.S.

Maine counties got $261 million in federal ARPA dollars, and Lincoln County received more than $6.7 million, with the responsibility to allocate the money by the end of 2024 and spend it by the end of 2026.

By the spring of 2023, Lincoln County had approved the spending of $4.1 million of its ARPA dollars for emergency services, infrastructure, and other projects. Then, the county identified a need for nearly 900 additional affordable housing units to support community members.

Molly Feeney, executive director of Homeworthy, an area nonprofit working to prevent homelessness in the state’s Midcoast region, said middle and low-income people are being squeezed out of housing and rental markets.

“Particularly in the Midcoast and Lincoln County, there’s a lack of affordability on the entire scale,” said Feeney. “Whether that is subsidized units that we’re lacking inventory on, or just reasonable market rentals, there’s no affordability in any of this.”

This reality prompted Lincoln County commissioners to vote in June 2023 to allocate $1.5 million of their remaining ARPA funds to build affordable housing. Between the spring of 2023 and 2024, the county used ARPA dollars to fund the construction of 220 housing units in the region. By July of 2024, with six months left before the December 31, 2024, ARPA allocation deadline, the county decided its remaining funds would go toward building first responder and municipal workforce housing, citing a shortage of first responders in the region due to a lack of affordable units.

“Teachers, firefighters, police, they can’t afford to live in a lot of Wiscasset,” said Davis, who is a retired university professor. “Their salaries are not high enough to afford the housing.”

A May 2023 assessment and May 2025 follow-up found that the Old Ferry Road property was among several parcels in the town that could accommodate housing, with approximately 200 units possible on the 300 acres.

“Like pretty much every town village, there’s a real dearth of housing,” said Sam Selby, a Wiscasset resident and a member of the Protect Wiscasset group. “We could use all we can get.”

Funding Goes to Wiscasset

Back in July of 2024, Wiscasset discussed the opportunity at a town board meeting. There, Aaron Chrostowsky, Wiscasset economic development director, laid out his vision for a project, which he’d detailed in a memo to Dennis Simmons, the town manager, a few days before.

Chrostowsky described what he called a “Great American Neighborhood” on the Old Ferry Road property. The development would follow the principles of New Urbanism, a movement centered on sustainable design.

Chrostowsky’s memo detailed affordable and market-rate housing types and renewable energy on the property, as well as future energy and technology developments on adjacent parcels of land. The plan also cited the region’s “housing affordability crisis,” mentioning Lincoln County’s May 2023 housing assessment, which had identified a need for 110 homes in Wiscasset.

On November 5, 2024, Lincoln County awarded $240,000 to Wiscasset for the Old Ferry Road property. The town’s submission included plans for a housing feasibility study, with a proposal to build 110 units on the land. The submission also included plans for public engagement to bring residents into the planning process.

While finalizing the details of its ARPA award in October of 2024, Wiscasset also signed an agreement to receive technical assistance from the Maine Community Energy Redevelopment Program (MECERP), an initiative launched by Maine’s Governor, Janet Mills, to support locally-determined revitalization projects at current and former industrial sites. Wiscasset’s Old Ferry Road property, near the former Maine Yankee nuclear plant, was among those selected for economic development planning.

In an October 24, 2024, letter to Wiscasset about the ARPA funding, Lincoln County administrator Carrie Kipfer “strongly recommended” the town coordinate the MECERP technical assistance award with the ARPA funding, since both dealt with the same property on Old Ferry Road but had different aims.

The technical assistance, an agreement with the state, was intended to survey locals about their ideas for development on the property. The ARPA award, an agreement with the county and federal government, was specifically geared toward conducting a feasibility study to determine whether the land could be turned into affordable housing.

A Data Center Enters the Picture

But by November of 2024, a different plan was taking shape in Wiscasset, without the public’s awareness. Chrostowsky became involved in dialogue about developing a data center on town-owned land as early as November 7, 2024, two days after the ARPA agreement was signed by Wiscasset and Lincoln County, according to public records obtained by the Daily Yonder.

A few months later, on February 4, 2025, Chrostowsky told a Lincoln County Regional Planning Commission staffer that he was going to use the ARPA award to “explore the feasibility of developing a data information center,” per a February 13, 2025, memo from Emily Rabbe, executive director of the Lincoln County Regional Planning Commission (LCRPC), obtained by the Daily Yonder.

Chrostowsky told the staffer he’d been working with a man from an unnamed private company interested in developing approximately 200 of the 300 acres for a data center. The man, Chrostowsky later told the Daily Yonder, is a site evaluator from California who heard about the property through MECERP, the state’s energy redevelopment program.

During the February 4, 2025, meeting with the LCRPC staffer, Chrostowsky also “expressed knowledge that the ARPA funding is supposed to be used for housing,” according to the February 13, 2025, memo. The staffer cautioned Chrostowsky to be “extremely careful about misappropriating government funding that has been directed for a specific use.” Chrostowsky then asked the staffer not to tell anyone, per the memo. The staffer later reported the conversation to Rabbe out of an “ethical obligation.”

“We explained to the county our dilemma, so to say that we weren't communicating with the county, that was not the case,” Chrostowsky told the Daily Yonder. He said the town struggled with the fact that it had received a $240,000 award for housing on the same property where interest from an out-of-state site evaluator presented an opportunity to significantly increase the town’s tax base.

Yet for Wiscasset community members, news about a data center wouldn’t emerge for another seven months.

The Community Finds Out

When lifelong Wiscasset resident John Maclaren first heard about the proposed data center last fall, his first reaction was: “Why our town?” But having grown up during what he described as the “heyday” of the Maine Yankee plant’s operation, Maclaren already knew the answer: the power infrastructure.

While in operation between 1972 and 1996, Maine Yankee was Maine’s largest generator of electricity. Since Wiscasset acquired the Old Ferry Road property, a number of energy industry players have eyed the site for its proximity to the nuclear plant’s legacy electricity infrastructure, but no developments have ever materialized.

“All of those wires and substations are still there,” Peter Arnold said. Arnold's RePower Wiscasset is a local group promoting renewable energy and sustainable development on the old Maine Yankee parcel. “We have the capacity to connect with not only the rest of Maine, but all of New England. Wiscasset is sitting on this amazing, valuable, underutilized legacy electricity infrastructure.”

“It’s a prime spot,” Maclaren said. “I understand that. But then again, my question still stands. What benefit is this place going to give the Wiscasset residents?”

While news of the data center became public in September, 2025, there weren’t a lot of details about what a facility would entail, said Jim Stewart, a Wiscasset resident who’s part of the Protect Wiscasset group. Information about how much electricity and water a campus would use was obscured behind a nondisclosure agreement that the town manager, Dennis Simmons, signed on August 19, 2025, with the developer.

Chrostowsky told the Daily Yonder that the town decided to sign the NDA in order to access the site evaluator’s financial information. After months of regular communication with the site evaluator, Chrostowsky said that the idea of a data center “started to get legs” in the summer of 2025, shortly before the NDA was signed.

The agreement prohibits the town from sharing the name of the site evaluator or any technical details about the project with the public.

“That's what really got under our skin – you’re not giving us any answers, you’re not giving us any information, and yet, this thing seems to have a great deal of momentum,” Stewart said about Protect Wiscasset’s efforts to learn more about the data center during town and county meetings last fall.

Maclaren, too, said the plans were secretive. He described the whole thing as “hush hush.” After working on the decommissioning of Maine Yankee in the late 1990s and early 2000s, Maclaren remembers how the town’s tax revenue dried up when the plant was gone. In his opinion, a data center would have to meet or exceed the benefits Wiscasset received during its Maine Yankee days. “When it comes to our tax revenue, I’d say they have to beat it,” Maclaren said.

Chrostowsky told the Daily Yonder that he saw the NDA as a typical development tool to learn more about a potential project while protecting the project’s interests. Yet, after the public backlash that ensued over the data center last fall, Chrostowsky said the decision to sign the NDA is one he’s revisited.

“The NDA is one part of it that I’ve lamented about, and I struggle with. On occasion, we have conversations about that here, whether we do that again,” Chrostowsky said.

Wishy-Washy Plans

Meanwhile, months before the data center became public, Wiscasset had gone back and forth with Lincoln County about the ARPA funds. On March 3, 2025, Lincoln County administrator Carrie Kipfer wrote to Wiscasset’s town selectboard, which functions like a city council, expressing concerns that Wiscasset’s plans for using the federal money had “significantly changed”.

She wrote that using ARPA funds for a data center was “outside the scope of the project that was approved.” On March 24, 2025, in response to Kipfer, Wiscasset town manager Dennis Simmons defended the town’s actions, describing the potential data center as “game-changing, not only for the Town of Wiscasset’s economic development but also for the County as a whole.” Simmons continued that “the potential is such that it would be a grave disservice to our community not to do our due diligence and explore this possibility.”

Wiscasset residents were still completely unaware of talks of a data center in their community at this time.

“I think the opportunity presented itself to try and develop a data center there, and I think that they had the idea that they could use the funding award that we had awarded them to position themselves better for that project,” Evan Goodkowsky, a lifelong Wiscasset resident and one of Lincoln County’s three commissioners, told the Daily Yonder.

At this point last spring, Goodkowsky said, the commissioners weren’t confident that Wiscasset was going to use the ARPA funds they’d been awarded by the December 31, 2026, spending deadline. Goodkowsky described a “wishy-washiness of the plan” in terms of the type of development that the town wanted to pursue.

By March 27, 2025, the county had withheld Wiscasset’s ARPA funding, according to a memo between Kipfer and Lincoln County commissioners. In that memo, Kipfer wrote, “The Town argues that the scope of the project has not changed since their original application; however, a 200-acre data center is not compatible with their vision of a ‘Great American Neighborhood.’”

Kipfer continued on to express concerns about Wiscasset’s actions, including that “it appears the Town is ‘shopping around’ for alternative development opportunities” not necessarily aligned with the county’s housing priorities. She wrote, “The approval was given for $240,000, a sum that is not mere pocket change. The intent of the project approval was to move the housing priorities forward in Lincoln County.”

“We were only concerned with the housing issue, and we weren’t interested in helping a private developer build a multi-million, if not multi-billion, dollar facility,” Goodkowsky said of the commissioners’ decision.

The County Loses Confidence

At the end of May of 2025, Kipfer sent a letter to Wiscasset’s selectboard telling the board the county was rescinding its offer of ARPA funding. The county came to that decision, Kipfer wrote, because the town was still exploring a data center on the Old Ferry Road property that, at 200 acres, was too large to accommodate any housing development on the same parcel.

“This exploration is not a result of a public engagement process, nor a recommendation of the MECERP analysis, but an economic development opportunity misaligned from the housing priorities required in the grant process,” Kipfer wrote.

The MECERP analysis, which had been completed in January of 2025, surveyed the community to see what kinds of development they’d want on town-owned land. At the top of the list were parks and recreation, retail, shopping, and culture and entertainment venues. Technology and light industry, the categories under which data centers are developed, were not on the list of community-determined priorities.

Kipfer concluded the May 29, 2025, letter by saying that the Lincoln County commissioners “no longer have confidence that the funds will be used for the advancement of the development of affordable workforce housing.”

Simmons, the town manager, responded two days later, writing that Wiscasset hadn’t used any ARPA funds and was “choosing to instead invest its own resources in site assessments, surveys, and planning groundwork.” Wiscasset continued to move forward with data center development plans over the summer.

By the fall, the town was also trying to save its ARPA funding.

At the September 16, 2025, county commissioner meeting, Simmons requested to redirect the town’s ARPA funds from the Old Ferry Road property to a different site for housing development. The commissioners raised concerns about that plan, noting that other projects in the county might be better prepared to use the ARPA funds by the 2026 deadline.

Over the next several weeks, Wiscasset communicated with Lincoln County about reapplying for the rescinded $240,000, per correspondence obtained by the Daily Yonder. On October 20, 2025, Kipfer wrote to the town selectboard informing them that Lincoln County would not be entertaining applications for new projects.

Kipfer expressed concerns about Wiscasset’s development plans in relation to U.S. Treasury rules. Any wrongful obligation or spending of federal funds “could have a negative effect on all Lincoln County municipalities,” Kipfer wrote, adding that the county was taking steps necessary to “mitigate that financial risk.”

Empty Land, Declining Trust

In the six months since Wiscasset’s selectboard paused conversations about developing the Old Ferry Road property, little new information has come to light, according to residents.

Around the state, backlash to data center proposals prompted the Maine legislature to take up the issue this spring, sending a bill to the governor’s desk in April. The bill would have imposed an 18-month moratorium on data centers with power loads above 20 megawatts. Governor Mills vetoed that measure on April 24, 2026. In Wiscasset, Chrostowsky said he has not heard from the site evaluator about a data center since the town paused discussions last November.

And housing, at least funded by federal dollars, is also unlikely to be built on the property anytime soon.

“The ARPA funds were certainly what seems like a one-time thing,” said Seth Parker, the director of real estate development at Bath Housing, the local housing authority in the city of Bath, Maine, just south of Wiscasset. Accessing other federal funding sources is tricky, Parker said: “Other funds get parsed out in various ways. It doesn’t create a simple mechanism to develop in rural communities, that’s for sure, or in places like Lincoln County.”

Goodkowsky, who grew up in Wiscasset during and after the decommissioning of Maine Yankee, said the town has a “boom and bust” dynamic. After the loss of the ARPA funds, he doesn’t see the town moving forward on housing developments anytime soon.

“Realistically, I don't see them being a power player in any new housing project in the next handful of years,” Goodkowsky said.

Peter Arnold is working with Aaron Chrostowsky on other opportunities for the town, including developing a strategic energy plan for Wiscasset with help from a U.S. Department of Energy technical assistance program. Three months into that work, Arnold said the data center still “clouds” the field. The handling of the data center proposal did not build the public’s trust in the town government, he said.

In rural America, the story of data center development is not only about technology or infrastructure. It’s also about local governance and decision-making. When a powerful industry comes in and exercises its financial might, it’s often up to local elected leaders to balance attractive economic prospects with a community’s existing needs for other kinds of developments. In Midcoast Maine, a data center stalled.

So did affordable housing in its wake.

As for the land on Old Ferry Road? “Wiscasset is now vulnerable again to development,” Arnold said. “$5 billion can buy a lot of influence.”

]]>

Senator warns CISA election security pullback could leave midterms vulnerable

David DiMolfetta — Thu, 07 May 2026 11:00:00 -0400

Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., is demanding answers from the Department of Homeland Security over what he says is a sharp decline in federal election security support ahead of the 2026 midterms, warning that cuts to the Cybersecurity and Infrastructure Security Agency could leave states more exposed to cyber threats and foreign interference.

In a letter sent Wednesday to DHS Secretary Markwayne Mullin, Warner said state and local officials have reported that CISA is no longer providing the same level of election security training, intelligence sharing and cybersecurity assistance it offered in prior election cycles.

The letter adds to growing criticism over the Trump administration’s handling of CISA and its election security mission, which has faced deep staffing reductions enacted over the last year.

“While the states are taking valiant and expensive measures to protect their elections, it is impossible for states to independently obtain intelligence, subject-matter expertise, and real-time incident reporting, and information at the scale and speed required to protect state elections from physical and cyber threats,” Warner wrote.

After this story was published, a DHS spokesperson said that, under President Joe Biden, CISA “was focused on censorship, branding, and electioneering instead of defending America’s critical infrastructure.”

Under President Donald Trump, the spokesperson said the agency is “committed to delivering timely, actionable cyber threat intelligence, supporting federal, state, and local partners, and defending against both nation-state and criminal cyber threats.”

“CISA’s mission is ensuring state and local election officials are cognizant of and utilize the most capable and timely threat intelligence, expertise, resources they need to defend against risks, and identify critical infrastructure security needs to maintain electoral functions,” the spokesperson added.

Efforts under the Trump administration to scale back CISA and its election security resources have strained relationships with state and local officials and have raised concerns that jurisdictions may be far less prepared to counter threats in November, officials in Michigan and Georgia said late last month.

The administration’s fiscal 2027 budget proposal would eliminate the agency’s election security program funding, including information-sharing efforts and election security advisor positions.

Warner’s letter also cited testimony delivered last week by the head of U.S. Cyber Command and the National Security Agency, who said that foreign adversaries are expected to target the 2026 elections.

The senator asked DHS to explain what CISA is doing to warn state and local officials about malign influence campaigns and cyber threats targeting election infrastructure. He also requested records of election-related training, cybersecurity reviews, incident responses and outreach efforts that have been conducted by the agency since January 2025.

He also asked DHS whether any CISA personnel were involved in an FBI raid tied to election systems in Fulton County, Georgia — where Director of National Intelligence Tulsi Gabbard was publicly seen alongside federal officials — or in her office’s seizure and testing of voting machines in Puerto Rico.

The letter comes as the future of CISA’s election security role has become increasingly uncertain. Republican lawmakers and many Trump allies have long criticized the agency’s election-related activities, particularly after CISA publicly pushed back on false claims surrounding the 2020 election.

Editor's note: This article has been updated to include a statement from CISA.

]]>

Los Angeles County works to modernize its public health data infrastructure

Sheri Doyle — Thu, 07 May 2026 10:00:00 -0400

This article was originally published by The Pew Charitable Trusts.

As part of the CDC Foundation’s Workforce Acceleration Initiative, data engineer Joe Martin is on assignment to the Los Angeles County Department of Public Health, where he is part of the team working to modernize the flow of public health data. The Workforce Acceleration Initiative is one of many federal programs providing critical support to state, Tribal, local, and territorial public health agencies, enabling them to collect and use health data in ways that help people across the U.S.

This interview has been edited for clarity and length.

Give us an overview of your role at the L.A. County Department of Public Health.

So I am a data engineer, and my role has been focusing on modernizing how public health data is received, secured, and shared.

To give an example, currently we’re building ways to efficiently receive lab reports from all across L.A. County and collate them for the CDC so that analysis and outbreak tracking can be done in real time. That’s the goal, anyway.

What’s the Workforce Acceleration Initiative, and how did you become a part of it?

The goal of the Workforce Acceleration Initiative—or WAI—is to place experienced technologists into public health agencies to help modernize our data systems and improve interoperability, the seamless exchange of electronic data among different systems.

Lots of disease surges, like COVID or influenza, have exposed long-standing structural challenges where we have labs reporting from fragmented systems, inconsistent data standards, and inadvertent barriers that have made sharing information across health and other governmental departments really difficult.

So, I joined the initiative because my prior work focused on interoperability and modernized data systems that allow vast amounts of data to be shared quickly and securely. This was a chance to apply my background and experience to the needs of L.A. County and help to improve their data systems and support the decision-making by public health officials.

What does data modernization look like in L.A. County?

Data modernization is really about moving away from one-off, hand-built solutions and toward systems that are designed to be shared, reusable, and potentially more forgiving over time. We saw that these bespoke systems didn’t work very well for sharing data between departments.

For example, in L.A. County, we have a custom system that was built for epidemiologists—the disease detectives who work to figure out how diseases spread and can be prevented—to be able to receive and query lab reports for specific information for case investigations. We’re currently working to update the system by shifting to FHIR (Fast Healthcare Interoperability Resources), a more modern standard for capturing and exchanging health information.

Once FHIR is adopted, the epidemiologists will be able to more easily access and collate these lab reports for analysis. And the system will also be able to seamlessly evolve over time to integrate data and allow for more connections between different data sources without needing to find a specialized developer or a custom solution. Long term, we’re talking years of time saved with this shift to a standardized model.

Can you describe how county-level reporting informs efforts at the state level to prevent and respond to public health threats?

Public health is local. Counties, like L.A., are where most public health data is first generated. And the way the data is structured at the county level has an outsized impact on everything that follows in terms of how that data can be shared and analyzed.

When each county reports data in a slightly different format, the state spends a lot of time translating it before that data can be used. So, by standardizing the county data, we can aggregate this information from across regions much more quickly. And many benefits follow: Trends can be identified more readily, data gaps become easier to spot, and responses can be coordinated faster.

How does data modernization affect people in their everyday lives?

At the everyday level, data modernization shows up in how quickly information moves from the lab to the public health officials who need to act on this information. So, when lab results are received by public health agencies automatically, public health teams can spot patterns sooner, whether that’s an emerging outbreak, a shift in the number of people being tested for a specific condition, or maybe changes in who’s being affected by a pathogen or a disease.

Currently, a lot of systems out there only work because individual people are tracking down information, making phone calls, and reconciling and removing duplicates in spreadsheets from different departments. People are manually doing this work so that they can have structured data to base decisions on. And you can imagine the workload that creates.

When we automate lab reporting, that manual process and the time it takes is eliminated so that public health teams can act and we can make more informed decisions faster.

What are some barriers that have kept public health departments from modernizing their data systems?

There are a lot of challenges. A few of the biggest ones I’d highlight are time-intensive processes, data security, and insufficient funding.

I’ve already talked about the long, exhausting, difficult process typically required to move from bespoke, one-off data systems to standardized solutions. It’s a lot of time, energy, and expense, and that understandably is a barrier.

Similarly, there is risk in making changes to systems that house personally identifiable information. Security considerations are paramount—really, a constant conversation. And while data security is an absolute necessity and priority, security requirements and concerns do also make system changes challenging.

In terms of funding, data modernization is a long-term effort that will pay long-term dividends, but that unfortunately often does not have long-term funding commitments. During my time in L.A. County, we’ve lost contractors due to funding cuts, and that hampered our efforts. I was working closely with an epidemiologist who was just great and super helpful in contextualizing the various types of genetic information and other data we’ve been working to standardize. Unfortunately, the money for her role ran out, and we lost her from the project. That sudden loss of expertise probably cost us months.

How does WAI help to overcome these challenges?

Through WAI, we are building some of the first cloud-based FHIR workflows within our public health infrastructure. We’re at an exciting time, since there is a strong federal push toward FHIR as a common interoperability standard.

Once we build those workflows, outbreak tracking and lab reporting can be deployed much faster. Developers will not be starting from scratch each time, and epidemiologists will receive data in a consistent format that is immediately usable.

WAI’s value is in accelerating that transition. FHIR adoption requires aligning security and programmatic needs across teams with very different responsibilities. IT groups are rightly focused on security, compliance, and operational stability. Epidemiologists are focused on surveillance, investigation, and protecting community health. Both are strong in their domains, but their priorities and constraints do not always naturally intersect.

WAI helps to translate between those domains. Without that embedded support, FHIR adoption would likely move slowly, and data would remain fragmented.

How do data modernization efforts in L.A. County connect with statewide efforts and benefit the rest of California?

L.A. County operates at a scale where data modernization solutions get battle tested very quickly. This hopefully means that when we build a system that works for L.A. County, we’re building a system that can be effectively applied in other counties as well. So, if we can get it right here, we’ve created a reusable model that could be adopted quickly across California without starting from scratch.

Sheri Doyle is senior officer for public health data improvement at The Pew Charitable Trusts.

]]>

Inside North Carolina’s efforts to reduce SNAP payment error rates

Kaitlyn Levinson — Wed, 06 May 2026 17:03:55 -0400

It’s been nearly a year since President Donald Trump signed into law major changes to the Supplemental Nutrition Assistance Program, and many states are still scrambling to implement the new rules. North Carolina has made some progress by addressing a small fix in the state’s SNAP system that could have big impacts on their overall payment error rate, experts said during a recent webinar.

Last July, Trump signed the “Big, Beautiful Bill Act” that established new payment error rules surrounding the food assistance program, which stipulates that states with a payment error rate larger than 6% will receive less financial support from the federal government to maintain the program.

Under the updated payment error rules, approximately 27 states could incur an annual cost shift of $100 million to their SNAP programs, said Maria Reyes-Gaskin, product manager at U.S. Digital Response, during a webinar hosted by the civic nonprofit yesterday.

One major opportunity for states to reduce payment error rates is by implementing targeted tech and process changes that make changes or errors in client data updates easier to identify and address, said Dillon Vrosh, design and research lead at USDR.

A change in someone’s income or housing status has to be reported and logged by a caseworker to adjust the client’s SNAP payment, but staff’s competing priorities and increasing demand on benefit programs mean it’s easy for such updates to go overlooked, Vrosh said.

“This could basically mean that there is an error essentially sitting in a queue,” he said. “The best time to do quality assurance really is before an error becomes an actual error.”

States can, for instance, improve the usability of their eligibility and enrollment systems to ensure the process to input or update clients’ SNAP data is clear and streamlined, Vrosh said. This doesn’t have to be a system overhaul either, he explained, as staff can “[zero] in on one section” of the overall process.

The North Carolina Department of Health and Human Services, for instance, was able to close 2,000 erroneous SNAP cases after reviewing state data and implementing changes to the intake process, said Jill Zimmerman Lawrence, a senior advisor and Chief of Staff at North Carolina's Department of Health and Human Services.

Like many other states, North Carolina’s system changes came from leaders asking themselves, “What are the short-term solutions to our caseload, and then what are the long-term solutions to prevent issues in the future?” Lawrence said.

NCDHHS started by taking a closer look at the state’s quality control data to assess “what that data is telling us about our errors that exist in our sample,” Lawrence said.

Demystifying the state’s SNAP data was a critical component to begin implementing the new rules because, in North Carolina, the assistance program is state-supervised but county-administered, she said. That dynamic can create a disconnect between what state and staff across North Carolina’s 100 different counties know about how determinations are made and what data is available to make those determinations.

NCDHHS began by reviewing its SNAP quality control data to offer county leaders clearer insights on “ what was happening [across all 100 counties] and then specifically what's happening in their county,” Lawrence said.

The analytic team looked at the state’s raw SNAP data and found that there were many cases with multiple shelter deductions reported, which indicated that multiple rents were attached to a singular case that represented one household.

Since SNAP payments are determined by a person’s income minus deductions for certain factors like their shelter status, some recipients were receiving overpayments due to having two or three shelter deductions on their profile, Lawrence explained.

NCDHHS then realized that, while county staff were updating a client’s change in income or rent in the eligibility system, it “wasn’t ending the old rent, it was just applying it forward,” she said.

Officials were able to terminate the process that allowed deductions to accumulate, leading to the closure of more than 2,000 cases that could have otherwise contributed to the state’s payment error rate, Lawrence said. State officials estimate that North Carolina could pay up to $420 million more annually, under the new SNAP rules.

NCDHHS also implemented a system design change that now alerts a caseworker if any additional deductions are detected, prompting staff to confirm if they want to automatically close the previous deduction or if there is a reason why the extra data point exists, Lawrence explained.

“We’ve seen that over 20,000 times, our caseworkers have used the one-click option to close an old shelter deduction,” Lawrence said. The one-click option has also helped reduce county staff’s overall administrative burden by eliminating repetitive or additional steps of the application and determination process.

Ultimately, improving communication about SNAP data to inform new system design and protocol for county staff interacting with clients is one way state and local leaders can together solve “a problem we didn't ask for,” Lawrence said.

]]>

How Broadcom’s VMware buy meant a ‘fundamental shift’ for county tech

Chris Teale — Wed, 06 May 2026 13:00:00 -0400

A major technology infrastructure provider is creating huge headaches for county governments, leaders have said, and they are blaming a recent acquisition for those issues.

Broadcom bought VMware in November 2023. Multiple county technology leaders, as well as experts and observers in the private sector, told Route Fifty that, in the years since, it has set off a scramble as the company has changed licensing requirements, reduced support and raised prices.

The changes have made for difficult decisions for cash-strapped local governments, who must choose to absorb the price hikes, take on additional products under new licenses that they may not need or otherwise shift to a new technology provider altogether. And it shows no signs of slowing down.

“The challenge goes far beyond a slight increase in renewal costs; it’s a fundamental shift in how Broadcom is managing the product roadmap and the client relationship,” one county tech leader told Route Fifty in an email on condition of anonymity to not jeopardize vendor relationships.

“Across the market, public and private alike, the Broadcom acquisition of VMware created a real shockwave,” Olivier Lambert, CEO and co-founder of open-source software company Vates, said in an email.

An Acquisition of Governments’ "Plumbing"

Broadcom began life as a division of Hewlett-Packard, known as HP Associates, in 1961. It focused mostly on semiconductor products then, and has since expanded to a wide variety of products and solutions that includes networking and wireless device connectivity, servers and storage systems and infrastructure software, as well as data centers, mainframes and the cloud.

While the company does not disclose its customers publicly, it is a strong partner of the federal government and earlier this year signed an agreement with the General Services Administration under its OneGov strategy to provide agencies with discounted access to various software products.

The company is similarly embedded in state and local governments’ technology infrastructure. A high-level official at a technology reseller, integrator and deployer, who spoke on condition of anonymity to avoid jeopardizing existing business relationships, said its involvement is as important and longstanding as “plumbing” for many governments.

Similarly, VMware’s products have become heavily embedded in government agencies’ tech stacks, especially at the state and local level. The company offers various cloud computing and virtualization services, and it plays a crucial role for government agencies still reliant on a data center. VMware also offers services like application modernization, cloud management and a zero-trust cybersecurity framework.

At one stage, the technology reseller official estimated, VMware was in use by up to 90% of state and local governments in some form.

Naveen Chhabra, principal analyst for infrastructure, private cloud and infrastructure automation at research and advisory firm Forrester, said in an interview the company’s market penetration was, “in the best of its times” over 80% across all sectors, private and public.

“Over the past two decades, VMware became the default layer running critical workloads, everything from permitting systems to public safety applications and education services,” Lambert said. “Because of that, it’s rarely just a matter of swapping one piece of software for another. Virtualization platforms are connected to backup systems, monitoring tools, automation pipelines, identity services, and disaster recovery processes. Many agencies also built internal expertise and operational procedures around VMware’s ecosystem.”

Broadcom bought VMware in a cash and stock transaction valued at $69 billion, and closed on the deal in November 2023. At the time, Broadcom President and CEO Hock Tan said in a statement the acquisition represented “another important step forward in building the world's leading infrastructure technology company.” County leaders already were curious about the impact of the acquisition on the services they received.

“The questions are always going to arise about, what is that impact going to be?” a second county tech leader said on condition of anonymity to not jeopardize vendor relationships. “Many times, when we see some of these acquisitions, typically there's an integration of personnel, and then some staff get laid off, and customer service sometimes can become a question as well. It's our due diligence as chief information officers to raise those to the forefront and get in front of that to the extent possible.”

Licensing Changes

One major impact on state and local customers was seen almost immediately, and had wide-reaching ramifications as they considered their licensing agreements with VMware and its new parent company.

A month after the deal closed, Broadcom and VMware announced what they described at the time as an effort to “simplify its portfolio and transition from a perpetual to a subscription model.” That simplification, as the companies put it, meant that the VMware Cloud Foundation division portfolio would feature two primary options: VMware Cloud Foundation — or VCF — its flagship offering of hybrid cloud to allow customers to run their applications, and the new VMware vSphere Foundation — or VVF — a simpler offering for smaller and mid-sized customers.

At the time, VMware said its VCF offering’s subscription price would be reduced by half and include higher support levels. Broadcom spokespeople did not respond to repeated inquiries and a detailed list of questions for this article.

But based on conversations with government and industry leaders, the reality on the ground has not been so positive. The first county tech leader said their government relied on the VVF license, which they said, “fully meets our operational needs.” However, that tech official said it took three months just to get a quote on renewing the VVF license, and even then, the government was only granted a one-year renewal.

“This approach has led many of us local governments to speculate that Broadcom’s goal is to eventually kill off the VVF tier and force everyone into VCF, regardless of whether they need that level of complexity,” they said.

That tech leader noted that the VCF offering, in addition to being pricier, has many more features that their local government does not need, meaning that a forced transition would have them paying for superfluous services.

Analysts have previously noted that the trend of Broadcom and VMware focusing on their higher-spending VCF clients goes beyond local governments. In a blog post last year, Chhabra and several other Forrester analysts called it a “seemingly harsh but clearly stated strategy.”

“VMware, before acquisition, had 12 different product lines, each catering to different personas in the IT organization, from infrastructure, to operations, to security, to networking, to applications,” Chhabra said in the interview. “After Broadcom acquired VMware, Broadcom made two different schemes… One is a smaller bundle. The second is the bigger bundle. And Broadcom is trying to push everyone to the bigger bundle, because that costs more. Broadcom is very reluctant in selling a smaller bundle to customers.”

Prices Jump in “Ruthless” Strategy

Despite Broadcom and VMware’s promises, leaders inside and outside of government say prices have jumped dramatically in recent years, creating difficulties for localities that have limited budgets.

Lambert said the disappearance of various programs under the previous a la carte way of buying services has had a dramatic impact.

“Historically, many public institutions benefited from discounted pricing programs,” he said. “In several cases we’ve seen, those programs disappeared, leaving agencies facing renewal costs that were several times higher, sometimes approaching 10 times their previous spend.”

Chhabra said price increases were part of the post-acquisition strategy, in a bid to dramatically increase operating margins and net margins. It’s a strategy that has proven popular with investors as earnings have stayed strong, although Chhabra estimates that even now, the company is only hitting 40% to 50% profit margins, indicating there is more to come.

“I suspect they will be even more ruthless going forward,” he said.

That makes life extremely difficult for governments as they navigate uncertain financial times. Groups like the National Association of State Chief Information Officers have consistently warned of the pressures of managing budgets while trying to modernize or even just maintain their technology offerings.

“Public-sector organizations typically operate with fixed, pre-approved budgets,” Lambert said. “When an infrastructure platform suddenly becomes dramatically more expensive, agencies cannot simply absorb the increase. That forces them into rapid evaluation of alternatives, often under tight timelines and without having planned a migration strategy in advance.”

Given those price hikes, it may be tempting for governments to terminate contracts and licenses quickly in a bid to recoup some of their money. But the tech reseller official warned that is a “nuclear approach” that ends a government’s relationship with Broadcom broadly, not just with its VMware products. Leaders “don’t realize the implications” of severing the relationship, they said.

“It's specifically designed as a lock-in mechanism for large enterprises, which most state and local [governments] are not,” the tech reseller said. “But if you're talking about a consolidated state agency, they don't have a choice. They can't cancel that contract because they still have a mainframe, they still have this other piece of security software, they still have other Broadcom relationships in place. They don't realize the termination is complete separation between their company and Broadcom, not just canceling a line item on a quote.”

Customer Support Drop Off

Multiple government leaders also said they have seen a drop-off in the level of customer support they receive from Broadcom and VMware, especially as the companies have looked to outsource their support systems.

The first county leader said they have seen a “significant decline in the quality of support and general responsiveness from their team.”

Andy Turner, manager for infrastructure and cloud engineering at Chesterfield County, Virginia, said it is a far cry from when VMware was owned by Dell, which meant there was “one throat to choke” in dealing with vendors, support and other issues. Things got much worse after Broadcom bought VMware, he said.

“We weren't getting a response,” Turner said. “Now, we don't need a ton of support from them. But when we do, it's usually something critical, and we just weren't getting any response from them whatsoever. It was days before we would get responses from support.”

The technology reseller official accused Broadcom of discriminating against smaller customers by continuing to maintain good support for their larger enterprise customers.

Making it even more complex from a support standpoint is that much of VMware’s customer support is now outsourced, Chhabra said. That could mean talking to an outsourced employee who is unfamiliar with governments’ specific rules and regulations, which could make those public-sector customers wary.

“People want some security and privacy involved, so they would have less comfort talking to an outsourced agent, outsourced supplier, than talking to the vendor directly,” Chhabra said. “That's an implication for security-focused, security minded government agencies, not as much for the regular enterprises. But it certainly brings the question of support quality into the conversation.”

Migrating Not Just "Flipping a Switch"

The combination of all those issues has many governments looking to transition their tech infrastructure away from Broadcom and VMware, but in many instances, that isn’t an easy transition to make. The second county tech leader said governments “can't just flip a switch and move away from the infrastructure.”

Staff also need reskilling, in many instances, as they are certified and trained in VMware products but may be unfamiliar with competing vendors. The second county tech leader said moving away from VMware requires a “completely different skill set.” While a lot of the knowledge is the same, “it's a completely different learning curve, different certifications.”

“I'm confident in our team's ability to adapt and implement an alternative solution,” Turner said. “The problem is, we've been using it for so long. The average tenure of my staff is probably around 10 years, probably more than that, and it’s years and years of institutional knowledge of VMware. The majority of the staff are certified for VMware; some of them have been using it for 15 years."

Migrating away from VMware can be challenging, especially for large IT organizations. And smaller organizations may have signed long-term contracts already with VMware in the hope of putting off any renewal issues for a few years.

“It requires a year or two, getting ahead of this,” the tech reseller official said. “My customers fall all along a range of proactivity. Some of them are 30-year government folks, where this is very challenging for them to take that step back and get aggressively proactive. Others are very progressive… It comes down to the customers getting ahead of it and getting proactive, because it's a significant change.”

The process of migration can be challenging, although Lambert said it’s “often less complex than many organizations initially assume,” especially for small enterprises that only have a few dozen virtual machines on VMware. Phased migrations are typically the best way to go, as agencies start with non-critical workloads to validate the new platform they are migrating to, then move their core systems once they are confident in what they are moving to.

Agencies still must consider a number of other factors, he said, including making sure that hardware is compatible to avoid replacing servers. Migration plans also should maintain operational continuity, to ensure that backup, disaster recovery and monitoring tools remain functional throughout the transition.

There is hope that migration is possible. The first county tech leader said their government is “actively executing plans” to move entirely away from Broadcom and VMware products. That effort is expected to be more or less completed this summer, and the leader said it will “ensure our long-term stability and cost-predictability.”

Overall, though, the uncertainty has created an environment, experts said, where governments are trying to break free of their current situations, but need to plan further ahead than they are used to if they are to be successful.

“People are fleeing where they can,” the tech reseller official said. “But they can only flee if they get ahead of it by a year or two.”

]]>

CISA unveils CI Fortify to help secure critical infrastructure during conflicts

David DiMolfetta — Wed, 06 May 2026 12:00:00 -0400

The Cybersecurity and Infrastructure Security Agency announced the release of its CI Fortify project on Tuesday, aiming to help critical infrastructure owners and operators defend themselves against hackers and maintain continuity during a geopolitical conflict.

“For planning purposes, operators should assume that in a conflict scenario third-party connections — such as telecommunications, internet, vendors, service providers, and upstream dependencies — will be unreliable and that threat actors will have some access to the [operational technology] network,” a webpage describing the initiative says.

Per guidance, CISA wants critical infrastructure providers to focus on isolation and recovery planning objectives.

“We strongly encourage organizations to review this guidance, implement the recommended actions and collaborate with CISA to strengthen CI defenses against opportunistic threat actors,” agency acting director Nick Andersen said in a prepared statement.

Critical infrastructure — like water treatment plants, financial institutions and electric grids — are a regular target for foreign hackers. U.S. officials have assessed for years that China is burrowing into non-military critical infrastructure networks, preparing to sabotage them should the U.S. enter into a major conflict with the nation, especially involving Chinese interests in Taiwan.

Hackers linked to China, Russia, Iran, North Korea and ransomware groups will continue to pose critical threats to U.S. networks and critical infrastructure, U.S. intelligence agencies assessed this year.

Amid the U.S.-Israel war against Iran, Tehran-backed hackers exploited and disrupted operational technology control systems embedded in multiple U.S. critical infrastructure sectors, targeting equipment manufactured by Rockwell Automation, according to a government advisory issued last month.

Last year, Australia, a Five Eyes partner, launched its own CI Fortify program.

]]>

Pennsylvania sues Character.AI developer, alleging chatbots claimed to be medical professionals

Justin Sweitzer — Wed, 06 May 2026 11:00:00 -0400

Gov. Josh Shapiro’s administration is suing the artificial intelligence chatbot company Character Technologies, Inc., alleging that AI chatbots on its Character.AI platform have unlawfully presented themselves as licensed medical professionals in the commonwealth.

The lawsuit, which was filed in Commonwealth Court, alleges that Character.AI – a platform that allows users to talk with AI characters and personalities – “engages in the unlawful practice of medicine in Pennsylvania” by allowing AI chatbots to present themselves as state-licensed medical professionals, including psychiatrists. The suit asks the court to issue a preliminary injunction and prevent the company from allowing AI chatbots to present themselves as licensed professionals.

According to the suit, a professional conduct investigator with the Pennsylvania Department of State created a Character.AI account and discovered a chatbot by the name of “Emilie” described as a “doctor of psychiatry. ” The investigator engaged in conversations with the chatbot, describing himself as feeling sad, empty and unmotivated. The lawsuit states that the chatbot – Emilie – later offered to schedule a mental health assessment, said she could prescribe medication and even provided an invalid Pennsylvania medical license number.

The administration argues in the suit that Character Technologies violates section 422.38 of the state’s Medical Practice Act, which states that it is “unlawful for any person to practice, or attempt to offer to practice, medicine and surgery” without having a valid license or registration.

In a statement, Shapiro said Pennsylvanians deserve to know whom – or what – they are interacting with online.

“We will not allow companies to deploy AI tools that mislead people into believing they are receiving advice from a licensed medical professional,” the governor said Tuesday in a statement. “My Administration is taking action to protect Pennsylvanians, enforce the law, and make sure new technology is used safely. Pennsylvania will continue leading the way in holding bad actors accountable and setting clear guardrails so people can use new technology responsibly.”

A spokesperson for Character.AI told City & State they do not comment on pending litigation, and that chatbots on the Character.AI site are fictional and designed for entertainment purposes.

“Our highest priority is the safety and well-being of our users,” the spokesperson said in a statement. “The user-created Characters on our site are fictional and intended for entertainment and roleplaying. We have taken robust steps to make that clear, including prominent disclaimers in every chat to remind users that a Character is not a real person and that everything a Character says should be treated as fiction. Also, we add robust disclaimers making it clear that users should not rely on Characters for any type of professional advice.”

“Character.ai prioritizes responsible product development and has robust internal reviews and red-teaming processes in place to assess relevant features,” the statement continued.

Character Technologies and other AI developers have faced scrutiny – and lawsuits – over interactions with AI chatbots, with several families suing Character.AI and Google in the last year, alleging that their chatbots contributed to mental health crises and suicides in young users. Character.AI agreed to settle multiple lawsuits with families in January.

Speaking to City & State last month, Pennsylvania Attorney General Dave Sunday expressed concern about the potential health and safety impacts of chatbot interactions on young people.

“Children are, more and more, turning to chatbots for information about life: how to do schoolwork, for advice on how to deal with circumstances in their young lives,” Sunday said. “We see kids developing very unhealthy relationships with chatbots because the chatbots are sycophantic by design and they tell you what you want to hear. That's very, very dangerous.”

“This is not hyperbole – we’ve seen chatbots essentially root kids on who are contemplating suicide,” Sunday added. “Essentially, you have chatbots that are advising children on issues that no parent would ever want a human advising them on, let alone sycophantic AI technology.”

In March, lawmakers in the Pennsylvania Senate voted 49-1 to approve legislation known as the SAFECHAT Act, which would establish safeguards for the use of AI chatbots by minors, including requiring developers to display “clear and conspicuous” disclosures notifying users that AI companions are not human.

As for chatbots that claim to be licensed in the medical field, Pennsylvania Secretary of State Al Schmidt said in a statement that the department will continue cracking down on people and technologies that misrepresent their credentials.

“Pennsylvania law is clear: You cannot hold yourself out as a licensed medical professional without proper credentials,” Schmidt said. “We will continue to take action to protect the public from misleading or unlawful practices, whether they come from individuals or emerging technologies.”

]]>

Report: How public safety agencies can tap drones to protect major events

Kaitlyn Levinson — Tue, 05 May 2026 15:50:14 -0400

State and local leaders are gearing up for millions of visitors to attend the 2026 FIFA World Cup to kick off next month. The global soccer tournament is anticipated to draw more than 5 million visitors to 11 U.S. cities, presenting a major public safety risk as officials recognize that bad actors could be looking to disrupt the large-scale event with unmanned aerial systems.

With millions of people traveling through local jurisdictions, standing around stadiums and staying at hotels to follow the 48 competing teams, it could be nearly impossible for public safety personnel to monitor everything throughout the event, according to a recent report from the Center for Internet Security.

That’s where unmanned aerial systems like drones and networks emerge as critical tools for state and local agencies to amplify their public safety surveillance and response capabilities, said John Cohen, executive director of CIS.

For bad actors, “UAS presents a unique cyber threat vector by providing proximity-based access to networks and communications systems inside security perimeters that ground-based attackers cannot reach,” the report reads. For instance, the devices “can carry Wi-Fi exploitation tools, [radio frequency] jamming equipment or rogue access points to within meters of venue network infrastructure, stadium operations centers, or broadcast systems, bypassing the physical separation that underpins most venue cybersecurity architectures.”

While drones can be leveraged by bad actors for harmful purposes, state and local leaders can use the same technology and infrastructure to combat such threats, Cohen said.

Indeed, “effective counter-UAS security for large-scale events, and more broadly across the homeland, requires an intelligence-driven, layered and scalable approach,” the report states. “For most state and local agencies, the immediate priority is establishing baseline airspace awareness through widely deployable, cost effective technologies such as remote ID sensors and [radio frequency] detection.”

The Los Angeles Police Department in California, for instance, is looking to leverage nearly $10 million in federal funds to establish a drone detection network in the city “to detect, identify, track and, where authorized, interrupt or neutralize drone activity,” according to a report from the city administrative officer.

The funds, administered under the federal Counter-Unmanned Aircraft Systems grant program, will help the host city’s police department create a network of ground-based tools and interdiction devices for locating and halting illegal drone activity. Such tools include radio frequency sensors that can report a drone’s position, radar technology for detecting drones’ presence and sky-facing cameras that can confirm objects picked up by the sensor and radar devices.

“No single technology is sufficient; resilience requires integrating multiple detection modalities with the threat and operational environment,” the report states.

In fact, “for most state and local agencies, authorities are generally limited to detection, identification, tracking and reporting, while mitigation actions typically require federal authorization or coordination,” the CIS report reads. “Security planners must navigate these legal constraints while maintaining the ability to respond to genuine threats within the seconds-to-minutes timelines that drone incursions demand.”

The New York State Police Department, for instance, plans to leverage drones as a first responder during the World Cup, Gov. Kathy Hochul announced earlier this year. New York will jointly host the World Cup finale at the Metlife Stadium in New Jersey and received more than $17 million in total federal funds for purchasing equipment and systems to manage drone threats. The NYSPD is receiving $5 million of that total to pilot a DFR program that will help staff more effectively prepare for and respond to situations that a DFR device can assess before personnel arrive at the scene, Hochul said.

Cohen also underscored that no one agency with a drone system will be enough to manage large-scale events like the World Cup.

“Whether you're talking about cyber threats, physical threats, or disruptive threats … the security efforts [and] the response capabilities, don't just rely on the capabilities of one single entity,” he said. “If you're a state or local official, [consider] how you are using drones to improve your ability to maintain domain awareness of the location [or] your community that you’re trying to protect.”

The report, for instance, suggests that public agencies develop response plans for not just the venue, but also “fan-specific zones or other watch party areas” by, for instance, “deploying mobile detection assets, establishing observation positions and creating crowd management protocols specific to open-perimeter environments.”

Public safety agencies should also ensure that they collaborate with other departments to inform such response plans. For example, agencies should communicate with 911 call centers, crime centers and other similar entities to develop protocols for staff to address drone-related reports, including how to triage, escalate and dispatch responders to the threat, according to the CIS findings.

Other partners could include the jurisdiction’s IT department, emergency management personnel, venue security teams and others, according to the report. Cohen noted that response plan participants should conduct tabletop exercises and rehearse protocols ahead of any major event to ensure a smoother implementation when an actual threat occurs.

The report findings are particularly relevant for the upcoming World Cup, but Cohen said that state and local leaders should leverage the report’s findings to help inform their approach to future large-scale events where the public’s safety and wellbeing is vulnerable to disruption or harm.

“From a law enforcement and homeland security perspective, we need to be much more adaptive and evolve our operational protocols much more rapidly because, if we don't, then the threat actor is going to win,” Cohen said.

]]>

State CIOs are more change leaders than techies, report says

Chris Teale — Tue, 05 May 2026 13:00:00 -0400

PHILADELPHIA — State chief information officers are now change leaders in their organizations, rather than technologists, according to a report released late last month.

The National Association of State Chief Information Officers said that CIOs now have a dual leadership role of maintaining reliable operations while at the same time driving transformation and modernization. NASCIO said that marks a “fundamental shift” away from being focused on the day-to-day management of technology infrastructure to being a change leader focused on strategy and those dual missions.

“The characteristics we see here build upon but go beyond operating disciplines,” the report says. “There are inherent characteristics in the state CIO role that make it dynamic, engaging and interactive. These interactions are essential to gaining collaboration and support from the state government ecosystem, comprised of agency organizations and their individual cultures.”

It marks a dramatic change from 2017, when NASCIO found that a state CIO must act as a broker of various disparate technology services and marry those with agency needs. That change comes as state CIOs have a heap of issues to worry about, including the growth of artificial intelligence for good and bad uses, limited budgets, an aging workforce and a desire to modernize legacy systems without compromising vital services.

Leading change amid all those competing factors, then, has become critical.

“The strong attributes are being able to effectively communicate the value proposition, being able to lead strategy, being able to have relationships with this ecosystem, beyond just the agencies, it's with their vendors and their corporate partners and with strategic alliances and federal partners,” Doug Robinson, NASCIO’s executive director, said during the organization’s Mid-Year Conference last week in Philadelphia. “It's much broader than simply relationship management with their customer agencies…. [It’s a] strong necessity today, because of this world of disruption and constant churn.”

Robinson said, however, that being a change leader remains an “aspirational journey” reliant primarily on building relationships with agencies and other leaders within a state government. Many have been successful and now have the CIO as a cabinet-level position in their state, while resident expectations mean technology is now at the forefront of decision making.

“Why did the role of state CIO move from the transactional or operational service delivery piece to this more of a strategic advisor?” said Nevada CIO Timothy Galluzi during a panel discussion. “It's really because government has changed, and that's driven by our constituents, our citizens, their expectations of government. They see what kind of services they can get from online marketplaces, and they see how technology is driving that customer relationship management, and they expect it of government.”

Having that extra gravitas as a state CIO was especially critical for Galluzi and his office in the immediate aftermath of a debilitating cyberattack last year that was eventually blamed on a state worker inadvertently downloading malware onto a state machine. Beforehand, Galluzi said the CIO’s office had worked to build relationships and trust with other agencies and had clear lines of communications as they worked to mitigate the damage and protect critical services.

The CIO has been in the governor’s office since 2023, which Galluzi said “opened up a lot of doors” and gave him direct access to agency leaders to hear their pain points and frustrations. Then, when the worst happened, the foundations for a successful response were in place.

“It would have been a completely different scenario if they didn't know me from Adam, and I came in and said, ‘All right, you guys need to do this, this, this and this,” and I would get a lot more questions back,” Galluzi said. “I would get a lot more mistrust on what we were doing. They wouldn't have confidence in our level of competency that we were leading through this.”

It means that CIOs must spend a lot less time looking at servers, wiring and other equipment, and instead must focus on using their influence to get people on board with their mission. That can be tricky, given the fear among some employees that AI is coming for their jobs, but it’s then on the CIO to allay those fears.

“There's a lot of fear,” North Dakota CIO Corey Mock said during a separate panel discussion at the NASCIO conference. “We see it in our organization. Fear will lead to that friction. You'll have people seizing. They'll resist. You're going to find yourself fighting against that negative momentum, that resistance, and that's only going to make things more complicated, more difficult, and for that person, it's probably not going to end much better.”

“If influence is helping people to not be scared, then I don't know how anything's more important right now in the AI space, because you have to build that trusted relationship,” Connecticut CIO Mark Raymond said.

]]>

State audit slams NYC schools for lack of student data privacy oversight

Lizzie Walsh — Tue, 05 May 2026 12:00:00 -0400

This story was originally published by Chalkbeat. Sign up for their newsletters at ckbe.at/newsletters.

From student addresses to bus routes, New York City public schools collect and manage large amounts of sensitive personal information on its nearly 900,000 students.

But a new audit released Monday found that the nation’s largest school system “does not have a clear understanding” of the data it collects or the risks it faces. There are major gaps in state-required data security policies and weaknesses in how student information is tracked, secured, and managed, the audit of the city’s student data and privacy operations by state Comptroller Thomas DiNapoli showed.

The report — which spans from 2020 to 2025, and covers five different chancellors — also cites multiple security breaches of data stored in third-party products used by schools. Upon examining those breaches, auditors found that the Education Department does not maintain a complete inventory of software used across schools.

The findings come at a critical moment for city schools: The Education Department’s recently released framework for AI could potentially open the floodgates to schools using more tech in day-to-day operations from lesson planning to translating materials for bilingual learners.

While auditors did not find a direct violation of the federal Family Educational Rights and Privacy Act, which would require reporting a breach to the federal government, the state said the gaps in data policy and process could put the district at risk of noncompliance.

“Protecting the privacy and security of student data is of the utmost importance to NYCPS,” Kevin Moran, deputy chancellor of school operations wrote to DiNapoli in response to the audit. “In the past year alone, NYCPS has made several improvements to its privacy practices and policies.”

The city, for instance, has made a new student privacy webpage to inform families of their privacy rights, and it convened a data privacy working group of school leaders, parents, advocates, and industry experts. And while the city accepted most of the comptroller’s recommendations, saying on Monday that it “will continue strengthening policies, oversight, and training to ensure student information is protected across our schools,” it also took issue with some of the state’s findings.

Data breaches show lack of central oversight, auditors say

New York City’s schools system has fallen victim to a few high-profile cyberattacks in recent years, including a security breach that occurred in Illuminate, a platform used for online grading that affected the personal information of about 820,000 current and former students in the 2021-22 school year. In a 2024 data breach of PowerSchool, a school records program, hackers accessed students’ names and dates of birth. The city’s Education Department did not know about the breach until January 2025, according to the audit.

Affecting over 3,000 students and 317 staffers, the PowerSchool incident revealed that the Education Department has no centralized tracking system for what programs each school uses, auditors said. City officials had to reach out to schools individually to find out which had been affected. Education officials ultimately confirmed that four schools had been part of the breach.

In all, the audit identified 141 data security incidents involving breaches of student and staff information from both third-party vendors or internal Education Department systems between January 2023 to February 2025.

“New York City Public Schools does not have a clear understanding of what third party actually has access to the students’ information,” said Tina Kim, head of the comptroller’s state government accountability division. “If there is a breach at one of these different vendors, they don’t know who to notify, or what school to go to.”

The audit also surveyed whether individual New York City public schools use other electronic reporting systems than the two known central ones (Automate The Schools and STARS). Of the 528 schools that responded, 218 said they used at least 70 different applications, “reflecting decentralized and uncoordinated application usage,” according to the report.

Community members calling for a moratorium on AI voiced concerns about schools’ increasing use of third-party tech programs during last week’s contentious Panel for Educational Policy meeting. Many said they’re concerned that the Education Department doesn’t have sufficient oversight of school educational technology products.

The comptroller’s report “confirms what many NYC advocates have long known,” Leonie Haimson, the executive director for Class Size Matters and a long-time advocate for stricter school privacy controls, said in a statement. “The privacy policies and practices of the NYC Dept. of Education are sloppy, irresponsible and show a lack of concern for keeping students’ personal information safe from breach and misuse.”

She criticized the city’s new AI framework, “given how these tools represent an even greater risk to student privacy and safety.”

In response to the audit’s findings, the Education Department agreed to update its data classification policy and create a process for tracking school-level technology program usage.

But school officials took issue with the audit’s claim that the city “lacks centralized oversight,” saying that schools use a centralized process to vet third-party vendors to ensure only approved products are used.

Auditors, however, said approval through the city’s vendor vetting process isn’t the issue. Even with the current vetting process, the Education Department doesn’t know which individual schools are using which systems and whether those systems contain sensitive student data.

Incomplete staff training and reporting delays highlight compliance failures

The audit also found roughly 25% of the Education Department — nearly 43,000 employees — did not complete annual data privacy training. State rules require the training to ensure the protection of student data. Auditors said the district does not have a system to confirm whether untrained employees can still access sensitive data.

Education Department officials said they would explore ways to increase completion rates but argued that tracking only staff with access to sensitive data is administratively complex.

Nearly half of data incidents were reported to the state Education Department later than the 10 days allotted, and families were notified later than the 60 days deadline in about 11% of cases. The city said these delays came from time-consuming third-party investigations but vowed to improve timeliness. The state comptroller called the delays “unacceptable” and said the Education Department rejected suggested changes to its internal audit process.

Panel for Educational Policy member Naveed Hasan said the findings in the comptroller’s report were “not at all surprising” and that the city lacks staffing and resources to address data privacy issues.

“My ongoing policy recommendation is to reconsider the outsourcing of what should be in-house technology implementation by NYC,” said Hasan, who supports a two-year moratorium on AI use. “We should be building and maintaining infrastructure to better address data security and privacy before they become breaches.”

The state comptroller’s office said they will conduct a follow-up audit of the city’s progress after one year.

Lizzie Walsh is a Data Fellow at Chalkbeat New York. She reports on New York City education and produces data-driven stories across Chalkbeat’s national network. Contact her at ewalsh@chalkbeat.org.

Chalkbeat is a nonprofit news site covering educational change in public schools.

]]>

New bill would narrow scope of Colorado’s landmark 2024 AI law

Chase Woodruff, Colorado Newsline — Tue, 05 May 2026 11:00:00 -0400

This article was originally published by Colorado Newsline.

After months of closed-door negotiations over changes to a 2024 law that aims to protect consumers from discrimination by artificial intelligence systems, top Democrats in the Colorado Legislature in the final days of the legislative session are backing a proposal to dramatically narrow the law’s scope.

Senate Bill 26-189, introduced Friday evening, closely resembles a draft measure released earlier this year by an AI policy group convened by Gov. Jared Polis on the recommendation of the Colorado Chamber of Commerce.

It would largely scrap the legal framework of Senate Bill 24-205, a first-in-the-nation set of regulations that aims to protect consumers from bias in AI-powered decisions relating to employment, housing, healthcare, insurance and more. SB-205’s provisions, which are set to take effect in June, require AI companies and businesses that deploy their technology to conduct risk assessments, take reasonable steps to protect users from discrimination, and publish detailed information about how AI is used in their decision-making processes.

SB-189 would repeal and rewrite the law almost entirely, replacing SB-205’s broad references to “high-risk artificial intelligence systems” and “algorithmic discrimination” with a new definition of “automated decision-making technology,” or ADMT. The affirmative “duties” placed on AI developers and businesses to take steps to prevent such discrimination would be scrapped.

Businesses deploying AI technology for “consequential decisions” would no longer be required to provide upfront disclosure of detailed information about the purpose of the AI-powered system or the “nature, source and extent” of the personal information being processed.

Instead, SB-189 would require a simple disclosure that ADMT is being used, while requiring deployers to provide more detailed information only if requested by a consumer within 30 days of a “consequential decision that results in an adverse outcome.” In such cases, businesses would also be required to provide, on request, information pertaining to an appeals process, including the opportunity to correct inaccurate personal data and obtain “meaningful human review … to the extent commercially reasonable.”

In a press release late Friday, Colorado Senate President James Coleman, a Denver Democrat, said SB-189 “reflects years of work to find the right policy framework.” Coleman is sponsoring the bill alongside Senate Majority Leader Robert Rodriguez, a Denver Democrat, who sponsored SB-205 two years ago.

“If someone is denied housing or a job, loses their healthcare, or sees their insurance rates mysteriously skyrocket at the hands of automated technology, they deserve to know what criteria went into that decision and to have an opportunity to correct mistakes,” Rodriguez said in a statement. “This bill strikes an appropriate balance of protecting consumers while not being onerous on developers or the businesses who use AI technology.”

Task Force Recommendations

AI companies and Colorado’s business community have have bitterly opposed SB-205 since its inception, and Colorado Attorney General Phil Weiser agreed last month to suspend its enforcement as a result of a lawsuit brought against the law by Elon Musk’s xAI and the U.S. Department of Justice.

Polis signed the bill into law in May 2024, but issued a signing statement at the time expressing “reservations” about the law’s potential “to tamper innovation and deter competition in an open market.”

The bill was initially set to take effect in February 2026. But after negotiations on revisions to the law broke down a year ago, Polis, Weiser and four other top Colorado Democrats — U.S. Sen. Michael Bennet, U.S. Reps. Joe Neguse and Brittany Pettersen, and Denver Mayor Mike Johnston — successfully pressured the Legislature into delaying the law’s effective date to June.

In October 2025, Polis appointed an 18-member task force to draft recommendations for revising the law. Its meetings were not fully open to the public, and its format was similar to one previously proposed by the Colorado Chamber of Commerce, The Denver Post reported last year. When the group released its proposal in March, the governor applauded the group’s “unanimous agreement on AI policy to protect consumers and support innovation in our state.”

“I look forward to supporting the recommended framework as legislation moves through the process, and commend the Colorado AI Policy Work Group for their efforts to get us here,” Polis said at the time.

The People’s Alliance for Responsible Technology, a coalition of progressive and labor groups, said in a statement Friday that it was “cautiously optimistic” about the compromise bill.

“We’ll keep our eye on required disclosures to workers, patients and consumers to make sure that they’re protected when AI makes important decisions about their future,” Dennis Dougherty, a PART member and director of the Colorado AFL-CIO. “Coloradans deserve transparency and accountability when Big Tech affects our lives.”

SB-189 will be heard first by the Senate Business, Labor and Technology Committee on Tuesday. The General Assembly is scheduled to conclude its 120-day legislative session on May 13.

]]>

State cyber officials’ confidence is down, survey finds

Chris Teale — Mon, 04 May 2026 13:00:00 -0400

PHILADELPHIA — State cybersecurity officials appear less confident they can protect themselves against threats to their systems and assets, according to a survey released last week.

The survey by the National Association of State Chief Information Officers and Deloitte found that just 26% of state chief information security officers say they are “extremely” or “very” confident that they can protect themselves from cyber threats. That’s a reduction from the 2022 edition of this survey, when 48% said they were confident of protecting themselves.

Experts put that dramatic drop in confidence down to the continued growth of artificial intelligence, which is already being exploited by bad actors and hackers connected to nation-states. And while AI’s defensive capabilities are already being used, keeping up with threat actors will be a constantly moving target.

“The thing with AI is that the fundamentals of cyber have not changed,” Kansas CISO John Godfrey said during a panel discussion at NASCIO’s Mid-Year Conference in Philadelphia last week. “The issue is really just about the speed by which we don't take action. Part of the challenge we have is that if we had a tech gap before, then that gap is growing even more to the extent to which we continue to face machine speed threats as humans. Part of the challenge here is how do we continue to evolve, adapt and improve our abilities to catch up with that level of velocity that we need?”

One aspect of CISOs’ work that has shifted in recent years is around metrics reporting, with 49% saying it is one of their state’s top cybersecurity priorities. That is a major jump from the 25% that said so in 2024 and 15% in 2022, and it’s a trend that NASCIO said shows that CISOs are being asked to track the effectiveness of cybersecurity spending, although that in itself is tricky. Metrics like incident response time and the click rate on a phishing email are two ways CISOs can show a return on the investment, NASCIO said.

However, the financial aspect of cybersecurity professionals’ roles appears to be weighing heavily, as 16%of CISOs reported their budget had been cut, compared to zero who reported such reductions in 2024. And while the majority said their cybersecurity budgets had either stayed stable or increased — with 10% of those surveyed reporting an increase of 10% or more — the report said the findings “paint a grim picture.”

NASCIO said the funding challenges could be blamed on several factors, including the growing pressure on states’ general funds; the expiration of one-time federal funding from COVID-19 and the years immediately following; and reduced federal support from the likes of the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center.

The group also pointed to continuing uncertainty around the future of the State and Local Cybersecurity Grant Program, which has received a reauthorization vote in the House, but is yet to receive one in the Senate and still lacks additional appropriations.

NASCIO Director of Government Affairs Alex Whitaker said during a briefing at the conference that the group has requested an appropriation of $300 million for the program in FY 2027, although he acknowledged being “reluctant” to offer a specific dollar amount for an effort that will take years and need billions of dollars.

“I also view it as a starting point,” Whitaker said. “SLCGP is not a silver bullet. It is addressing some low hanging fruit in cybersecurity, but it's something that I think that hopefully we can build on to make sure that folks in Congress understand that states need more support on this, local governments as well.”

CISOs’ jobs are likely to get more complex, too. The vast majority (94%) said they are involved in developing policies for their state’s use of generative AI, while 84% are responsible for forming strategy on the technology’s use.

Meanwhile, the growth of whole-of-state cybersecurity strategies is also presenting headaches for state CISOs. Just over 60% said they are “not very confident” in the ability of their local governments and higher education institutions to secure public data, a significant rise from 2022’s figure of 35%.

It won’t be easy, observers warned, given the budgetary concerns states face.

“This is where the resource crunch becomes most acute,” Tim Miller, global field chief technology officer and chief cybersecurity strategist at software company Dataminr, wrote in a blog post. “States are being asked to extend protection downward — to county governments, school districts, municipalities that have no dedicated security staff — with budgets that are, in many cases, flat or declining.”

With a whole-of-state strategy requiring more information sharing, a shared response to threats and better coordination, the finding suggests CISOs are concerned about the cybersecurity postures of other governmental units and keen to adopt a whole-of-state approach.

“Government and industry partnership is essential to navigating the modern, AI-enabled cyber threat landscape — as the report underscores, a whole-of-state approach becomes a force multiplier when supported by an open platform that integrates data from any source, and enables real-time threat detection, investigation and response across diverse environments,” Bobby Suber, senior manager for solutions architecture for state, local and education at tech company Elastic, said in an email.

]]>

In rural Wisconsin, a town pushes aside a plan to build a massive data center

Bennet Goldstein, Wisconsin Watch — Mon, 04 May 2026 12:00:00 -0400

This story was originally published by Wisconsin Watch.

An attorney read from a laptop propped atop a snowplow.

To his left was a Caterpillar street grader, and to his right, a dusty workbench. A disheveled American flag hung next to a red toolbox in the center of the impromptu stage.

Dozens of southwest Wisconsin residents recently forsook part of the local high school’s track-and-field meet so they could cast their votes inside the town of Cassville’s garage. The attorney had been retained by the town’s elected leaders to read the soon-to-be-newest regulation.

The unanimous outcome — 44 ballots in favor of banning data centers, none against — reflected a hostile backlash to unwelcome big tech incursions into rural spaces.

Residents instructed their town board to put a stop to the billion-dollar proposal by an anonymous developer after learning their community was on the short list.

Even promises of 50 jobs and more than $5.5 million in annual property tax revenue weren’t enough to make up for the loss of about 500 acres of Wisconsin’s Driftless area.

The pastoral landscape — known for rolling bluffs that straddle the locks and dams of the nation’s upper Mississippi River — possesses a bountiful aquifer, a temperate climate and few land regulations.

The Latest Move Against Data Centers

Cassville’s ordinance is the latest move by a Midwestern community seeking to protect the qualities that make life so appealing to people — and data centers.

Pushback over the power-hungry facilities that make the cloud run are occurring across the country, as companies expand in states like Mississippi and Tennessee.

Residents in Port Washington, Wisconsin, were the first in the nation to pass a referendum that would prevent their city from offering generous tax incentives without first obtaining voter approval.

Wisconsin lawmakers — some of whom previously supported a state sales tax exemption for new data centers — sponsored bills that would prevent developers from using confidential nondisclosure agreements when prospecting for new sites.

And in Clayton County, Iowa, directly across the river from Cassville, officials are considering zoning, setback and size restrictions.

Cassville residents fear data centers will devalue their properties, contaminate their wells and increase their electric bills.

“This is the Driftless area for Christ’s sakes,” said John Hawn, who retired to the area several years ago. “I suppose they didn't expect any problems coming into a small town.”

‘There’s No Information’

The Cassville project has been shrouded in secrecy. That includes the proposed location and what company will use it, leaving residents to fill in the vacuum with a frenzy of social media engagement.

“I don't know really what to think about it because there's no information,” town Supervisor Scott Riedl said.

Ron Brisbois, executive director of the Grant County Economic Development Corp., has met with a developer but to date declined to identify the company that is scouting for locations so as not to jeopardize the project.

In an interview after Cassville’s vote, he said the town’s appeal is its proximity to electricity, specifically the high-voltage Cardinal-Hickory Creek transmission line that entered service in September 2024.

Brisbois estimated the data center would require 400 to 500 megawatts of power — a lot, even by the new transmission line’s standards.

But the town’s attorney, Eric Hagen, said if Cassville can make it inconvenient, the data center developer may look elsewhere. The company also is considering sites in Indiana and North Dakota.

“My read of the situation right now: They're looking for the lowest-hanging fruit with the least amount of regulations,” Hagen said.

Cassville’s new ordinance prohibits data centers in the town for up to two years and prevents land use changes, such as constructing a residence on a farm field, without the town board’s approval. And the county cannot preempt local zoning authority in the town’s case, Hagen said.

“We can beat them to the punch.”

Data Centers Raise Ire

Days after the town’s vote, Brisbois fielded questions from a concerned public at J&J's Sandbar, a Cassville restaurant, over chicken and ham, mashed potatoes with gravy and macaroni salad.

He wonders whether the objections reflect data centers’ tarnished image more than concerns over actual water and power use. If a battery or farm equipment manufacturer were to move in and consume more of each, would residents even notice?

Brisbois said the developer has remained quiet for the past month, which he attributes to the lack of local tax incentives for the project rather than community unease.

“I'm looking forward to a bit quieter days,” he said, “where all I have to worry about with townships is housing and maybe an ag or a farm expansion.”

This article first appeared on Wisconsin Watch and is republished here under a Creative Commons Attribution-NoDerivatives 4.0 International License.

]]>

Future of Nebraska Broadband Office unclear following reduction in federal BEAD funds

Erin Bamer, Nebraska Examiner — Mon, 04 May 2026 11:00:00 -0400

This article was originally published by Nebraska Examiner.

LINCOLN — In the wake of federal pressure for states to use less in allocated funds, and now without a permanent director, the future of Nebraska’s Broadband Office is murky.

Gov. Jim Pillen established the office as one of his first acts as governor in January 2023, which he tasked with overseeing the $405 million awarded to Nebraska through the federal Broadband Equity, Access and Deployment (BEAD) Program. The goal of the office was to coordinate broadband deployment for parts of the state that remained unserved and underserved.

However, Nebraska only received about $44.5 million of that initial award in late 2025. This followed the Pillen administration’s Broadband Office seeking to spend less, roughly $43.8 million to expand rural broadband, drawing criticism from people concerned about whether Nebraska would still be able to hold onto the rest of the original allocation.

The leftover funds remain in limbo, with U.S. Sen. Deb Fischer, R-Neb., working in D.C. to preserve the $340 million she says is still unallocated. On April 22, Fischer pressed Commerce Secretary Howard Lutnick about his plans, noting that Nebraska saw one of the most dramatic reductions in BEAD allocations nationally.

“Nebraskans need guidance on how they may use those dollars to further the goals of the BEAD program in my state,” Fischer said. “More than a month after (the National Telecommunications and Information Administration) delayed releasing guidance for how states may use these dollars, that guidance has still not been released.”

Lutnick said the U.S. Department of Commerce and NTIA conducted a listening tour and are working on a new program they expect to release within the next two months.

Vicki Kramer, director of Nebraska’s Department of Transportation and current interim director of the Broadband Office, claimed that “no funds have been ‘pulled back’ from Nebraska.” She said state officials await NTIA guidance on the remainder of the full funding allocation for “non-deployment purposes.” Kramer said she has not heard specifics on what sorts of projects might be eligible for non-deployment funds.

The $44.5 million awarded reflects reforms to the BEAD program under the Trump administration’s Benefit of the Bargain initiative, Kramer said. She said the funds are set to be distributed to various providers to deploy internet to the final 14,032 locations in Nebraska that the state’s BEAD application identified as unserved and underserved.

Some local Nebraskans involved in broadband access have expressed doubts over the feasibility of this plan. In an October column in the Examiner, Gage County farmer Emily Haxby said the Broadband Office’s plan would connect fewer than 1,300 locations to fiber broadband — often described as the “gold standard” for internet access. The remaining locations would be connected through less reliable means, including fixed wireless and satellite.

“If there were a trophy for squandering opportunity, Nebraska would already have it on the shelf,” Haxby wrote.

Months after these changes, on April 8, Pillen announced that Patrick Haggerty would be leaving his position as director of the Broadband Office. His last day was Friday.

While Pillen’s initial announcement did not specify the reason for Haggerty’s departure, records obtained through the Governor’s Office showed Haggerty voluntarily stepped down, though his resignation letter offered no reason for his departure. He did not return a reporter’s message left with the office.

Pillen has not given any word that he is accepting applications to replace Haggerty, and Kramer said she wasn’t sure if the governor is planning to fill the post.

The Broadband Office was set to be funded primarily through BEAD, leaving the future of the office in question. Kramer said state officials are not currently pursuing any other funding sources for the office, but they are hoping to keep the remaining BEAD dollars in-state, and are open to other potential funding options.

“We are keeping up-to-date with developments on the federal level, and if any are made available, we will explore them,” Kramer said.

While Pillen spokeswoman Laura Strimple said it’s likely too early to say what the future looks like for the Broadband Office, Kramer said the office will remain operational regardless of how much BEAD funding is allocated to the state.

]]>

Beyond 99.9%: Why public safety can’t afford 'standard' uptime

Ben Ernst — Mon, 04 May 2026 10:00:00 -0400

In the world of emergency response, the margin for error is nonexistent. When someone dials 911, they aren't just relying on telecommunicators and responders in the field; they are relying on a complex web of technology. Computer-aided dispatch, law enforcement records and mobile data need to work together seamlessly to protect callers in their greatest moments of need.

Yet, for many public safety agencies, the responsibility of keeping these mission-critical systems running 24/7/365 is becoming increasingly difficult to meet as tech continues to evolve and workforce challenges persist.

The sheer pace of technological change means maintaining a modern public safety tech stack requires a recurring cycle of upgrades and security updates to stay current with patches and improvements while also trying to keep ahead of bad actors. It also requires a highly specialized workforce — database experts, network managers and cybersecurity professionals — who are in high demand across every industry.

For many municipalities, and nearly all industries and companies, the cost of retaining skilled resources is becoming more and more difficult.

For agencies overwhelmed by these challenges, managed services can be a lifeline for serving their communities. By partnering with third-party experts to handle core technical responsibilities, public safety agencies can move closer to an aspirational goal: systems that truly never go down.

The Myth of “Good Enough” Uptime

In many IT environments, 99% uptime is considered a great success. In public safety, that 1% gap represents over 80 hours of downtime a year. Even 99.9% results in nearly 48 minutes of downtime annually — a lifetime when seconds count during a structure fire or a medical emergency.

When these systems must go down for maintenance or disaster recovery sites don’t kick in, agencies are forced to go “old school” with pen, paper and radio.

Not only does this slow response times, but it also creates a massive administrative burden once the system returns, as calls must be backlogged manually if the agency doesn’t have an automated process within their CAD system.

The Proactive Resilience of Managed Services

Achieving true resilience requires a shift in philosophy from reactive to proactive. Here is how managed services bridge the gap between “standard” IT and public safety’s “never go down” requirement.

1. Constant monitoring. The key to achieving “never go down” status lies in moving to a proactive monitoring strategy. Constant monitoring is about more than just checking if a server is on; it's about getting ahead of an issue before it becomes a real problem.

By setting specific thresholds for database consumption, RAM, network health and other factors, managed services teams can identify potential failures in their infancy. For example, if memory usage hits 80%, a proactive alert allows technicians to intervene before the system crashes. This constant vigilance ensures that fixes happen behind the scenes, often before the agency even realizes there was a potential problem.

2. Upgrades without interruption. One of the primary fears in public safety is that a necessary upgrade will cause an unnecessary outage. Managed services mitigate this through rigorous planning and advanced technical maneuvers.

Standard practices include scheduling maintenance during lowest-call volumes — say, 3 a.m. on a Tuesday — and utilizing forced failovers. In a failover scenario, an agency can upgrade a secondary site and then transition operations to it while the primary site is updated, ensuring that dispatchers never lose their connection to the field.

3. Expert staffing. With bad actors constantly evolving their tactics, staying current with the latest cybersecurity approaches and technologies is a daunting task. It requires high-demand tech experts who are routinely getting certified on the latest trends and ensuring the latest upgrades are in place.

It’s simply unreasonable to expect individual municipalities that provide a wide range of resident services to keep up with the fast pace of change in this space. Managed services include expert staff who can ensure that systems are always protected by the latest defenses.

In some cases, this partnership even goes as far as having tech experts work directly inside the agency's facility. This provides the best of both worlds — the resources of a dedicated tech company and the expertise embedded directly into the daily operations of the command center.

Focusing on the Mission, Not the Servers

Ultimately, the value of managed services is that it allows public safety professionals to focus exclusively on their core mission: protecting communities. By offloading the burden of technical maintenance to partners who have been evolving inside the industry for decades, agencies can ensure they have the most resilient, secure and modern tools available.

Ben Ernst is vice president for global public safety at Octave.

]]>