NYU Tandon School of Engineering researchers will develop new technologies to secure the “digital legal supply chain” — the processes by which official laws and legal information are recorded, stored, updated and distributed electronically — thanks to a $1.2 million grant just awarded by the National Science Foundation (NSF).
Justin Cappos, associate professor in the Computer Science and Engineering department at NYU Tandon, heads up the four-year NSF project, “Defending the Supply Chain of Democracy: Towards a Cryptographically Verified and Authenticated Network of Laws.” His team includes faculty from University of Wisconsin Law School and staff from the Open Law Library.
In the early 2010s, Cappos built The Update Framework (TUF), an open-source technology that secures software system updates and is now used by companies including Microsoft, Google and Amazon.
In 2019, Cappos began collaborating with the non-profit Open Law Library — a digital platform for governments to publish laws online — to create The Archive Framework (TAF). A variation of TUF, TAF is specifically designed to enhance the security of legal materials published by Open Law Library, protecting them from cyberattacks and potential threats from within.
Seven U.S. jurisdictions, including the District of Columbia and the City of San Mateo, currently use TAF through partnerships with Open Law Library, with another four jurisdictions pending.
Under the new NSF grant, Cappos’ research team will introduce improvements within TAF. Team members will focus on finding long-term solutions for securely distributing, archiving, and accessing authenticatable laws. Additionally, they plan to integrate authentication systems into the legislative process, providing auditable assurances that passed laws align with the intentions of elected officials.
“In a democracy, it’s crucial to have a fair and transparent system for making and sharing laws, but cyberattacks and people with malicious intentions can tamper with or hide legal information, undermining trust in digital legal systems,” said Cappos. “Our aim is to create tools that will help protect and authenticate laws and other legal information from the moment they’re introduced in the legislative process all the way to their public distribution.”
Cappos’ research team will also develop tools for releasing authenticatable redacted documents and work on refining the user experience of these systems, making them suitable for adoption by governments of all sizes and capacities.
“Securing digital laws and processes is particularly vital, as the pandemic accelerated the transition of government processes to digital-only with no official paper trail, ” said David Greisen, founder and CEO of Open Law Library.
For its role in the project, University of Wisconsin Law School will collaborate with Open Law Library to expand TAF’s real-world usage. UW Law has worked closely with the Open Law Library on an award-winning pilot program to make American Indian tribal laws — the majority of which had been unpublished — accessible on library websites. UW Law’s focus for the newly funded project will be overcoming obstacles to the adoption and ease-of-use of TAF and the authentication systems in development.
“We’re working toward the ambitious goal of creating systems sophisticated enough to resist attacks by nation-state actors but accessible to non-technical users,” said BJ Ard, associate professor at UW Law School. “These efforts have the potential to revolutionize the way millions of lawyers, lawmakers and citizens worldwide engage with the legal system.”
This NSF project advances NYU Tandon’s commitment to cybersecurity research, one of the School’s seven “Areas of Excellence,” the interdisciplinary fields that frame research priorities. The project is the 12th NSF-granted project spearheaded by Cappos, with his previous work addressing topics such as software supply chain security, making software harder to attack, and studying why security flaws occur in software. Amongst other things, his prior grants have led to a standard for supply chain security which is widely used across industry, a new security architecture adopted by the most widely used version control system, and an over the air updater used to protect major automakers and millions of non-automotive IoT devices.
About New York University Tandon School of Engineering
The NYU Tandon School of Engineering is home to a community of renowned faculty, undergraduate and graduate students united in a mission to understand and create technology that powers cities, enables worldwide communication, fights climate change, and builds healthier, safer, and more equitable real and digital worlds. The school’s culture centers on encouraging rigorous, interdisciplinary collaboration and research; fostering inclusivity, entrepreneurial thinking, and diverse perspectives; and creating innovative and accessible pathways for lifelong learning in STEM. NYU Tandon dates back to 1854, the founding year of both the New York University School of Civil Engineering and Architecture and the Brooklyn Collegiate and Polytechnic Institute. Located in the heart of Brooklyn, NYU Tandon is a vital part of New York University and its unparalleled global network. For more information, visit engineering.nyu.edu.