Maryland becomes first state to use NYU Tandon-developed technology to secure regulations from cyberattacks
Cryptographic system detects tampering and preserves historical versions of legal documents, marking milestone in NSF-funded project to protect democracy's digital infrastructure
Maryland has become the first state to publish its regulations online with cryptographically secure technology developed at NYU Tandon that protects against cyberattacks and ensures long-term digital preservation. This implementation marks a major milestone in a National Science Foundation (NSF)-funded project
The state is using The Archive Framework (TAF), first introduced in 2019 by NYU Tandon's Justin Cappos in collaboration with the Open Law Library, a non-profit that helps governments publish laws and regulations online. TAF builds upon The Update Framework (TUF), Cappos' earlier technology that protects software updates and is now used by tech giants including Microsoft, Google, and Amazon.
In 2023, the NSF awarded a grant to Cappos — leading a team from NYU Tandon, the Open Law Library, and University of Wisconsin Law School — to develop TAF further and expand its applications beyond initial municipal deployments in jurisdictions like the District of Columbia, San Mateo, and the City of Baltimore.
"Think of TAF like a high-security bank vault for legal documents," said Cappos, a professor in the Computer Science and Engineering Department and faculty member of the NYU Center for Cybersecurity. "Traditional legal websites are like file cabinets, and anyone with the key can change what's inside without leaving a trace. TAF not only makes any attempts to change the law visible so that bad actions can be detected, but also stops bad actors from changing the law in the first place. This matters because in a democracy, citizens need absolute confidence that the laws they're reading are authentic and haven't been secretly altered by hackers or malicious insiders."
As the first state-wide TAF deployment, Maryland put its Code of Maryland Regulations (COMAR) — the official compilation of all administrative regulations issued by state agencies — on a dynamic, fully versioned digital platform at regs.maryland.gov.
“The Moore-Miller Administration wants through this modernization to make our state regulations easier for citizens, businesses, and public servants to access, while utilizing a smarter, more cost-effective approach to government,” said Secretary of State Susan C. Lee. “The new platform upholds Governor Moore’s mandate to streamline internal workflows, reduce manual processes, and by doing so, saves taxpayer dollars while increasing transparency and efficiency.”
Previously, because Maryland's regulations were available in difficult-to-use HTML, citizens, lawyers, and researchers who needed to know what regulations said at specific points in time — crucial for litigation and legal compliance — had no reliable way to access that information online.
“That kind of historical access is not just a convenience, but critical for ensuring people can rely on the system,” said BJ Ard, University of Wisconsin Law School professor and member of the grant team. “People need to be able to verify exactly what the law said on a given date. The system makes that possible in a way that is newly secure and accessible.”
“The launch of the new COMAR platform is the first of many major state platform overhauls being led by the Maryland Digital Service,” said Maryland Department of Information Technology Secretary Katie Savage. “This new and improved platform will not only make it easier for Marylanders to understand how their government works—it was also built from the ground up to be machine-readable, leaving the door open for the integration of Generative AI in the future.”
The system creates a "single source of truth" that is fully versioned and cryptographically authenticated. Every regulation change is tracked, timestamped, and secured using advanced cryptographic techniques.
"This is about making the laws that govern use more accessible to people who can't afford expensive commercial database subscriptions," said David Greisen, founder and CEO of the Open Law Library. "We're providing every single version of regulations at any point in time, fully authenticated and secure. This system isn’t just more secure, it also makes maintaining these documents much more cost effective for governments using it.”
“In the print era, official legal publications had a physical permanence that people could trust. What we’re doing here is bringing that same reliability to the digital age so that users can have confidence in the authenticity and availability of the law,” said Ard.
The new system publishes regulations in computer-readable XML and human-readable HTML formats while maintaining PDF versions for printing. The entire code is available on GitHub under a Creative Commons license and accessible via API, making it ready for AI and other emerging technologies.
During implementation, the Open Law Library and Maryland staff fixed over 400 formatting errors in COMAR, some dating back to the 1970s, while significantly reducing workload on state staff through automation.
"We realized that if we combined Git version control — the same technology programmers use to track every change in software code — with TUF's authentication capabilities, we could solve the long-standing problem of how to publish legal materials in a UELMA-compliant way," said Greisen, referring to the Uniform Electronic Legal Material Act that requires official digital laws to be authenticatable, preservable, and accessible in perpetuity.
The successful Maryland implementation paves the way for broader adoption across the United States. The research team is actively seeking additional state and local government partners while also working to engage with educational institutions and libraries.
"We've built software that we think a lot of other state and local governments would find incredibly useful," said Cappos.
