Navigating State Systems: A Technology & Security Evolution

Tyler Podcast Episode 85, Transcript

Our Tyler Technologies podcast explores a wide range of complex, timely, and important issues facing communities and the public sector. Expect approachable tech talk mixed with insights from subject matter experts and a bit of fun. Each episode highlights the people, places, and technology making a difference. Give the podcast a listen today and subscribe.

Episode Summary

In this episode, we explore how technology in state systems has evolved over time, the importance of fraud monitoring and prevention, strategies for navigating the current landscape of security threats, and recommendations for the future. The episode features Tyler's Vice President of Digital Government Policy & Advocacy and former Kansas Secretary of State, Ron Thornburgh.

Transcript

Ron Thornburgh: I think the most important elements that an incoming secretary of state or a long-term secretary of state have to understand regarding security and monitoring and fraud prevention are A: you've got a lot of great resources that you can call upon. You don't have to solve the problem yourself. And that could come from within the state system with your CIO.

It may come from a variety of other sources around this state. So, A: you're not in this by yourself. B: there are opportunities to engage as long as you, as long as you understand the parameters at which decisions have to be made.

Josh Henderson: From Tyler Technologies, it's The Tyler Tech Podcast. Your source for insightful conversations with thought leaders addressing the pressing issues in our communities.

I'm Josh Henderson, and I'm on the corporate marketing team here at Tyler. Thanks for joining us.

In each episode, we dive into the essential topics shaping our society and shed light on the individuals, places, and technologies empowering the public sector. If you like what you hear, please consider giving us a five-star rating and review, subscribing on Apple, Spotify, or wherever you listen to podcasts, and recommending the show to others. On today's episode, we’re talking with former Kansas Secretary of State and current Vice president of Digital Government Policy & Advocacy at Tyler Technologies, Ron Thornburgh.

He joins us to discuss the evolution of technology in state systems, the importance of fraud monitoring and prevention, strategies for navigating the current landscape of security threats, and recommendations for the future. We're also extremely excited to share that Ron has an issue paper related to this conversation on the way. It's called ‘Securing the Future: Strategies for Fraud Monitoring and Prevention’, and it'll be available to download next month at tylertech.com. Now, onto our conversation with Ron Thornburgh. We hope you enjoy.

Josh Henderson: Ron, welcome to The Tyler Tech Podcast, and thanks for joining us today.

Ron Thornburgh: Thank you. It's great to be here.

Josh Henderson: You're now at Tyler as a VP of Digital Government Policy and Advocacy, but you also have 15 years of experience as the Kansas Secretary of State.

So, could you start by telling your listeners, you know, a bit about your ground in your journey from being a secretary of state to now working with a public sector software provider like Tyler.

Ron Thornburgh: That whole journey has really been a lot of fun. And the reason I say that is I started in the Kansas secretary of state's office the summer after my sophomore year in college, working in the mail room. Worked my way up through the ranks. Got elected, ultimately, in 1994.

The key to that is that’s the time period that state government was just learning how we move things off of paper files into a digital government. My first job was alphabetizing corporate annual reports so we could put them on microfilm so people could make copies of them. And now, we look at what we're doing with digital government today, and it's night and day.

Josh Henderson: It's really such a unique journey and a really unique vantage point, you know, having seen the evolution of technology in state systems from both inside and outside the government. How has your experience as a state secretary sort of shaped your views on technology and security in government?

Ron Thornburgh: What I really think the view boils down to, when we look at public records and we look at digital government in particular, the fundamentals still remain exactly the same. What is the purpose of that public record? And so, if you've got a document that's being filed, is the information contained within that document required for the public record? So that's the first thing you have to look at is, are we actually capturing the right thing as a government official?

And if not, we should stop capturing it, because that's where a lot of the danger comes into play. The second piece is, how do we create as much public access to that as we possibly can without crossing the line of security or without endangering the security of that document and the filers of that document? And that's the balance that goes back and forth every single day, every single filing, every single decision.

Josh Henderson: Now that you're, you know, over a decade removed from office, from holding government office, since serving as secretary of state, what are some of the specific ways you've seen security and fraud threats sort of change or evolve over time? So, like, in other words, what does a threat look like now compared to say, you know, 15 years ago?

Ron Thornburgh: You know, I think the biggest change that I've seen is, at the dawn of the digital age. And man, I've got to tell you, Josh, the longer I say this, it sounds like I'm really old. The way we've, you know, I've been doing this a long time. But at the dawn of the digital age, right?

So often when we talked about the security of a particular document or piece of information, you were only concerned about that particular document or that piece of information being taken.

And now, it seems like the volume has increased incredibly. The threat has increased incredibly. Millions and millions of attacks against state government on a daily basis, and being used as threats for ransom or for policy decisions said the bad actors disagree with. And so, I think the threat is much greater today than it's ever been before and honestly, I don't see that diminishing anytime in the near future.

Josh Henderson: Fraud in state systems, especially, you know, regarding business licenses, it's a pressing issue.

From your perspective, what types of fraud are most prevalent? And, you know, why do you think that is?

Ron Thornburgh: The types of fraud that we see that are most prevalent certainly would be someone looking for identity theft. Let's talk specifically about corporate entities, whether they be LLCs or any other variety of a corporate entity.

If someone can obtain what appears to be a transfer of power within that corporation, a transfer of ownership within that corporation.

Then, all of a sudden, they can now go out and get credit cards. They can go out and get credit. They can open bank accounts and start funneling other monies, perhaps laundering money, whatever the case may be, through this artificial piece.

That's an element that while we've seen before, and it's been around for years and years, the threat now is much more viable than it's ever been before. But it really is, all we're trying to do is track the beneficial ownership, trying to track the ownership of that corporate identification.

And if a change is made to that, we need to let the owners know.

And by doing that, we can prevent a lot of problems. And so, for instance, in the state of Arkansas, we do a fraud prevention through the secretary of state's office. And all it means is that, at the time of the annual report filing, the business owner has an opportunity to purchase fraud monitoring for the vast sum of five dollars a year. That's the cheapest insurance you're going to find anywhere, right?

And it simply means that if a change takes place to any information on their corporate filing, you get notified of it. So, if a bad actor comes in and changes something as simple as a P.O. Box or a mailing address or an owner of it, you get notification and appropriate matters can, or appropriate changes, can be taking place.

Josh Henderson: You touched a little bit on the, you know, the real time monitoring, can you dive a little bit deeper into that idea of, you know, how is that system effective, or how can it help strengthen fraud monitoring in in other states?

Ron Thornburgh: I think the easiest way to think about it would be, you monitor your own credit score. You monitor your own identification information. If someone is using your name, if someone's using your driver's license, if someone's using whatever important piece of data that may be. We're doing the very same thing for corporate entities.

And understand, when I say corporate I mean LLCs, I mean Chapter S, or whatever it may be. All the different corporate entities. And so, what we're trying to do is give them, we know that when they file with secretary of state's office, that is the creating authority that allows them to be a corporation to get the legal benefits and legal requirements of that corporate entity, right?

So, there's value in what the government is providing to you for those benefits.

So, a bad actor comes along and steals, essentially steals your company. They steal the ownership by filing a document that says that Ron Thornburgh is no longer the president and chief beneficiary of this corporation. It's now bad actor X. So, all of the information now goes to them. Now they have the ability to open accounts and to steal from your corporate entity.

Through fraud monitoring, if a change happens, then you know about it right now, we can take action to make sure that every, that A: the theft doesn't actually take place and B: that you're not harmed with it. So, there's an enormous preventative measure in there. you know.

One of the things I'd like to see us do, or to pursue, and this is an idea that that's years old, and we've just we've just never quite got anyone to agree to do it yet. But we're not only looking at corporate records. Right now, we're only looking at the corporate filings, I guess, I should say. I think another element that comes into play would be to start using uniform commercial code records, tying it back to the corporate entity on the business services side. And by that, I simply mean, any time an entity obtained to lean against property or whatever for their corporation, then that filing is crafted most often with the secretary of state's office. And then it is updated whenever a change happens to that particular account.

So, let's take the fraud prevention, fraud monitoring that we're looking at within the corporate side of things, and now let's move it to the financial side as well. If someone were to alter that information, it not only impacts your bank relationship, it impacts virtually everything else. And it's the same thing. We're just watching the data. If something happens to the data, we send notification to you, we send notification to the bank and say is this real? Or at least be aware of it, contact us if you have a question. We're not we're not trying to manage it. I don't think our job with that data is to manipulate the data in any way, to make decisions on the data in any way.

The purpose of that public filing is to accept what's been given to you. Not make judgment upon it one way or another. I mean, you have to make sure the boxes are checked and the t's crossed and i's dotted. But we're not there to judge whether or not it's a good business decision or anything along those lines.

However, we do have an obligation to, in my mind, we have an obligation to say, if something happens to the record that we've been entrusted with, you need to know about it to make sure that you're actually the one requesting and requiring that change taking place.

Josh Henderson: Stay tuned, we'll be right back with more of The Tyler Tech Podcast.

Jade Champion: I hope you're enjoying listening to this episode of The Tyler Tech Podcast.

Hey podcast listeners, my name is Jade Champion, and I'm here with Breanna Case to tell you about Tyler's annual user conference, Tyler Connect. Breanna, tell our listeners why they shouldn't miss Connect 2024.

Breanna Case: Well, Jade, Connect is back in the beautiful city of Indianapolis, Indiana, and we have so much planned! From product training and networking opportunities, to influential speakers, this year's conference has it all.

Jade Champion: I hear there's an awesome keynote speaker as well. What can you tell us about that?

Breanna Case: Yes! We're excited to announce Lisa Bodell as this year's keynote speaker. Lisa is a best-selling author and the CEO of FutureThink, and she's all about eliminating complexity and boosting productivity and innovation in the workplace. Get ready to feel inspired, fuel your curiosity, unleash your creativity, and most importantly do meaningful work.

Jade Champion: Be sure to mark your calendars for Tyler Connect 2024 from May 19th to May 22nd, and you can still take advantage of early bird pricing right now, which saves you $250 if you register before March 22nd at tylertech.com/connect or by clicking the link in our show notes. We hope to see you in Indy as we continue transforming for tomorrow. Now, let's get back to The Tyler Tech Podcast.

Josh Henderson: What do you see, sort of, as the primary challenges and benefits of integrating advanced technology into state systems? Is it time constraints? Is it just kind of people not being able to get on the same page? What would you what would you say those are?

Ron Thornburgh: How much time do you have?

It kind of depends on what we're talking about, because there are, there are, sometimes you can overcome the challenges of, you know, it's hard.

Sometimes you can overcome the challenges of, it costs a little bit more money than you thought it was going to be. But I think where the greatest challenge lies most of the time, when we're trying to do the significant changes where you're bringing elements from, not only from the private sector, but you may be bringing together three or four state government agencies and some local agencies reporting in there, and you have a lot of decision makers all throughout that process.

Getting everyone to play well in the sandbox, is really, really difficult. Because they're each going to be held individually accountable for it, and they need to make sure that you know, as much as we all want to play nice with each other, I think their first obligation is I want to be protected.

I want to make sure that this works and I'm going to make it, I'm not making it difficult for the sake of making it difficult, but I am going to absolutely make sure that I'm not hung out to dry. Now that sounds like a very selfish thing, and I really don't mean it in that way. What it simply means is, they have an obligation as an elected official to make sure that they are providing the service, providing the security, and doing what they have sworn to uphold when they took that oath of office. Sometimes we get caught up in, this is the right thing to do, and we can do it. And, yes, it's going to be challenging, but let's move forward.

They have an obligation as an elected official to make sure that they are providing the service, providing the security, and doing what they have sworn to uphold when they took that oath of office.

Ron Thornburgh

Vice President, Digital Government Policy & Advocacy

Meanwhile, they've taken an oath that said, I'm going to do this. I think we have to understand and appreciate what that means to them, what it means to their staff, and how we move forward with that. So that ability to bring multiple people, multiple agencies in this case, into the mix, we have to spend a lot more time upfront explaining why it's better and why it's more effective. Because ultimately, I think what we're all trying to, what we're all trying to accomplish, is, how do we do it faster, better, and cheaper?

And now, it used to be easy, faster, better, cheaper, and now you have to say more secure as well. So how can we accomplish all four of those things? The beautiful thing is that we have the technology to do that time and time and time and time again.

Josh Henderson: Obviously, AI, automation, those two things get thrown around a lot. But are there any upcoming tech trends or innovations that states should be, you know, preparing for, in terms of security or helping them with security even?

Ron Thornburgh: You're going to stretch my credibility a little bit here, but I think AI is an absolute game changer in any way you want to think about it. And what the capabilities of AI are, in addition to how in the heck do we regulate this thing?

I think that regulatory side, we are at the cusp of trying to regulate this thing that we really don't know what it is. We really don't know how it's going to be used. We really don't know. We really don't know. We really don't know. But we're going to throw a bunch of bumpers around it and try to figure out how to regulate it. I think that is the single most difficult challenge facing federal, state, local government probably over the next decade would be my guess. Because you never like to be in a regulatory environment where you're responding to what's already happened. That is a no-win situation in almost any scenario.

Something bad has happened, and now you're trying to put ropes around it. So, the difficulty of generating regulation on AI is, in my opinion, I don't think we fully understand the entire capabilities of it and what it could mean. So how do we develop regulatory structure around something that we don't know what it looks like, tastes like, or smells like? I think that's going to be an enormous challenge for us.

Josh Henderson: Now let's shift gears a little bit now to associations.

I wanted to focus specifically on the National Association of Secretaries of State. What are some ways you are seeing sort of current secretaries of state addressing the importance of security and fraud prevention? Because I know they list a bunch of initiatives on their site. I'm just curious to get your take on how they're addressing this, specifically.

Ron Thornburgh: Yeah, so the National Association of Secretaries of State, or NASS, as they're known among all of their peers, they have really done an outstanding job of bringing, they bring secretaries together twice a year. Meet once in the winter, meet once in the summer. But in the meantime, throughout the year, they've got different committees meeting.

I mean, I've got to tell you, I think it's on hardest working organizations out there. A lot of times you'll have organizations that meet that will bring in outside experts or something, and then there's a policy paper written, and we've all washed our hands and walked away. But NASS, they've got working committees, and these secretaries sit on those working committees throughout the year and develop the position papers, develop the recommendations, and then those become resolutions that then becomes the model for what should be happening around the country, or whatever the case may be.

What I have seen Leslie Reynolds, who is Executive Director of NASS, she has done an incredible job of keeping the secretaries at the forefront, both with the federal government, whether it was working with FinCEN on the beneficial ownership legislation, or in what they're doing on the elections field and all the stuff that's going on as we go into an election year now. But really this piece of how we talk about security, how we talk about digital filings. And for them, it not only extends, not only to just corporate filings, but you're also talking about notary public.

How do we do digital notarization? How do we do apostille digitally? All these different elements of all these different filings.

Every single one of them comes into the legality of that particular public document, and the validity of that particular public document.

And Leslie and her team have done a great job of keeping NASS at the forefront of that.

Josh Henderson: I'm curious to get your opinion, in having worked with them throughout your career, on what makes sort of, you know, an organization and association like NASS such an important organization or such an important resource for secretaries of state.

Ron Thornburgh: I'll go back to again, very early in my career. I had a good friend who came into office the same time that I did, and he said Ron, there's one simple thing I think we need to understand, and that is that good minds think great thoughts, and great minds steal them.

That's the purpose of an organization like NASS. You come together and you share your best ideas. You come together and you share your greatest opportunities.

And I think every secretary would tell you, I absolutely attend the NASS conferences so I can steal the best ideas and implement them back in my home state. And then you've got a camaraderie that comes along with that. I know that yeah, I'm confident I stole one or two good ideas, in my time, but I'm also confident that I helped people implement what we were doing in the state of Kansas as well.

Josh Henderson: So, obviously, Ron, we're so appreciative of your time today. The conversation, you know, it's been so insightful, so interesting. I have a couple more questions for you as we start to wrap up here, though.

Ron Thornburgh: Sure.

Josh Henderson: More reflecting questions. So, reflecting on your time as, you know, secretary of state, what are some of the most important lessons that you think you've learned with you know, technology security in government?

Ron Thornburgh: I think the most important elements that an incoming secretary of state or a long-term secretary of state have to understand regarding security and monitoring and fraud prevention are a, you've got a lot of great resources that you can call upon. You don't have to solve the problem yourself. And that could come from within the state system, with your CIO.

It may come from a variety of other sources around the state. So, A: you're not in this by yourself.

B: there are opportunities to engage as long as you, as long as you understand the parameters at which decisions have to be made. And that is, what are we trying to accomplish?

For the secretary, I'm going to limit it to the secretary of state because this thing could go really wide. But when you're talking about secretary of state duties, we have an obligation to receive official documents.

Are we receiving the right information?

Are we handling it in the appropriate way and are we protecting it? Every parameter around each one of those really has to be addressed in the same way. Are we doing this in the way that provides the greatest access and the greatest security possible? And finding that balance between those two.

Josh Henderson: And now just to kind of look ahead a little bit. I'm curious if you have any, you know, predictions or hopes in terms of you know, how you hope secretaries of state or, you know, states look at technology and policy advocacy or state governance just in general, like, how it's going to evolve or how you hope it's going to evolve?

Ron Thornburgh: One of the things that many of us have been working on for years and years and years. And I think we're making strides toward it, but we're not there yet, is the piece that frustrates me about government is, if I want to file something with secretary of state's office, I give him my name, I give him my address, I give him all the pertinent data, and then I have to go to another agency.

And I give them my name and address and all the pertinent information. Then I go to another agency that I didn't know about, and I give them same information.

Most citizens, I regret having to say this, when they have to file documentation, honestly, they may not know if it's a federal state or local filing they're making.

And they don't care.

I think what we have to grow to is that we should not care either.

All they need to know is what I'm trying to accomplish.

We can take care of everything else from there. We had the ability to share data among agencies. We had the ability to share policies among agencies. We have the ability to do these things.

Do we have the fortitude to do them? I think it's one that's going to boil down to. So, my hope for the future is that we can eliminate the citizen scavenger hunt in trying to figure out, how do I do what you're asking me to do? And don't make me come into the office to do it, or offices to do it. So that would be what my hope is. Now having said that, we are so much better today than we've ever been before in accomplishing that.

The distinction is when we built digital government over the last, I'll call it 35, 40 years, whatever it's been, whatever magic number you want to use.

That first iteration of it, we took digital government, and we rebuilt the same silos that have been built with pieces of paper over millennia, right? And now we're starting to merge those a little bit at particular junctures.

It takes elected officials of vision and courage to make that happen, because it is not easy. This is not something that you can just speak, and people will go forth and do it. You've got to continue to encourage them and bring them along and make sure they understand the value and the benefit and the risk and the threat, and everything that else goes along with it.

That's a challenge, but I am confident we're going to get there.

Josh Henderson: Ron, thank you so much for joining this podcast today. Really enjoy chatting with you and hope you can come back sometime soon.

Ron Thornburgh: I look forward to it. Thanks for the time, Josh.

Josh Henderson: Thanks, Ron.

And that's it for today's episode.

Fraud monitoring and prevention strategies are critical to the security of state systems. From capturing and managing digital information to ensuring the privacy of public records, governments will continue to face evolving threats that impact the public daily.

For recommendations on how to prepare for the fight against fraud, check out the links in our show notes for some helpful resources.

Tyler Technologies creates solutions made for the public sector and has experts with government experience ready to support you on this journey.

I hope you're excited about what the future holds, will reach out to us at podcast@tylertech.com to connect with a subject matter expert if you'd like to learn more.

And whether it's fraud prevention in state systems or modern your digital infrastructure or something else entirely, we want to hear from you about what you'd enjoy hearing more of, and how we can make The Tyler Tech Podcast even better. Fill out our audience survey in the show notes today to let us know how you heard about the show and your ideas for future episodes. And don't forget to leave a rating and review wherever you get your podcasts.

For Tyler Technologies, I'm Josh Henderson. Thanks for joining The Tyler Tech Podcast.

Episode Notes

This episode takes looks at how technology in state systems has evolved over time, the importance of fraud monitoring and prevention, strategies for navigating the current landscape of security threats, and recommendations for the future. The episode features Tyler's Vice President of Digital Government Policy & Advocacy and former Kansas Secretary of State, Ron Thornburgh.

We also look ahead to Connect 2024, which will be in Indianapolis, Indiana from May 19th to May 22nd - early registration, which saves you $250, is now open at: https://www.tylertech.com/connect

Learn more about the topics discussed in this episode with these resources:

And you can listen to other episodes of the podcast at this link: https://www.tylertech.com/resources/podcast

Let us know what you think about the Tyler Tech Podcast in this survey!

Related Content