About
Attorney, former Secretary of Information Technology for the State of Maryland, and author of the Fiduciary Commons legislative framework.
I am an attorney and a former state Chief Information Officer. Those two identities are not sequential — I did not practice law and then move into technology, or run technology and then return to law. They developed in parallel across more than two decades of work at the intersection of government, law, and digital infrastructure, and the framework on this site is a direct product of holding both at the same time.
My legal career crossed sectors in ways that are unusual. I began as a regulatory attorney at the Federal Trade Commission, where enforcement work gave me an early and concrete education in how legal frameworks fail when technology outpaces the assumptions they were built on. I moved into private practice as a partner handling privacy law, licensing, and government relations, representing technology vendors, universities, and national retailers including Walmart. I served as City Attorney for Annapolis, Maryland, as Policy and Legal Advisor to the Anne Arundel County Executive, and in several other government and advisory roles before joining the Governor's Cabinet in Annapolis. Along the way I also worked in capital markets at MBNA, where I structured securitizations under regulatory oversight, and led public-private partnership development at Koch Industries. I hold a J.D. from Franklin Pierce Law Center with a focus on intellectual property and administrative law, and completed post-graduate studies in securities, food and drug, and taxation law at Georgetown University Law Center. I am a Certified Information Privacy Professional through the IAPP.
What that career path produced, practically, is a person who has seen government digital systems from the legal side, the enforcement side, the vendor side, the municipal government side, and ultimately the cabinet side — and who has therefore had repeated occasion to observe the same structural problem from multiple vantage points. The legal frameworks governing what government does with the data it collects have not kept pace with what government can now do with that data. That gap is not an oversight. It is a structural feature of how technology procurement works, and closing it requires intervention at the architectural level, not the policy level.
Secretary of Information Technology, State of MarylandFrom 2017 to 2023, I served as Maryland's Secretary of Information Technology — the state's Chief Information Officer — as a member of the Governor's Cabinet. I led a team of more than 300 staff, oversaw a budget exceeding $160 million, and held direct responsibility for the state's IT infrastructure, data privacy policy, and cybersecurity posture across all executive branch agencies.
The scale of that responsibility is relevant to this work in a specific way. Managing enterprise-level government technology means making decisions, constantly and under real constraints, about what data to collect, how to store it, who can access it, and what systems to buy from vendors who have their own views about what architecture should look like. I spent six years making those decisions and watching others make them, and I came away with two conclusions that the framework on this site is designed to address.
The first is that government technology procurement, as it is currently structured, systematically purchases surveillance architecture without calling it that. The procurement process evaluates functionality, cost, and compliance with existing statutory requirements. It does not evaluate whether the architecture being purchased is constitutionally defensible. Those are different questions, and the gap between them is where centralized databases, persistent identifiers, and discretionary access regimes get built into the fabric of government digital infrastructure — not through malice, but through a procurement framework that was never designed to ask the right questions.
The second is that digital identity is the load-bearing element of the entire structure. How a government authenticates citizens for digital services determines what data it collects, how that data persists, what can be inferred from it, and who can access it. I oversaw the launch of the Maryland One Stop Portal for licensing and permitting and MDThink, a next-generation human services digital platform — both of which forced concrete decisions about identity architecture that existing law provided no useful guidance on. I served as President of NASCIO, the National Association of State Chief Information Officers, in 2021 and 2022, and co-chaired its Privacy and Data Protection Working Group, which gave me a national view of how states were approaching — and mostly not approaching — these questions.
The Fiduciary Commons framework is my attempt to supply what was missing: a legal architecture that asks the right questions at the point of procurement, before the surveillance infrastructure is built, rather than attempting to regulate it after the fact. I am currently Vice President for National IT Strategy at Government Sourcing Solutions, advising state governments and private-sector leaders on procurement modernization, privacy law, and digital governance. I also serve on the ABA Model Procurement Act Revision Commission and the T-Mobile State and Local Government Advisory Board.
I came to this work not through an academic institution but through years of watching government digital systems accumulate the exact architecture that the founding generation recognized as tyranny: perpetual records, universal scope, discretionary access, and delegable authority. James Otis identified those characteristics in 1761 as the hallmarks of general warrants. The Fourth Amendment was ratified to prohibit them. Modern integrated government databases possess all four, and existing law has no adequate response.
My legal training told me that was a constitutional problem. My experience as a CIO told me it was also a practical one. Government technology procurement rarely asks whether the architecture being purchased is constitutionally defensible. It asks whether it is functional and whether it meets current statutory requirements. Those are different questions, and the gap between them is where the surveillance architecture gets built.
The framework this site presents began as an attempt to close that gap from the constitutional end. Two law review articles establish the argument: that the Fourth Amendment does not merely prohibit specific search practices but establishes a fiduciary relationship between government and citizens regarding information, one from which determinate legal obligations follow as a matter of constitutional structure. Three companion statutes translate those obligations into enforceable legislation. The Topics section of this site situates that work within the broader fields of digital identity, data governance, AI accountability, government procurement, and comparative policy — the domains where the framework needs to be tested and, where necessary, revised.
This is a working project, not a finished one. I am publishing it in this form because the work needs critique from people who know more than I do about its constituent fields, and because the problems it addresses are not waiting for the work to be finished before getting worse.
Fiduciary Commons is a project operating under my name as a working title. It is not a legal entity. The name reflects the two foundational commitments of the work: the fiduciary commitment to the constitutional and legal framework at its core, and the commons commitment to the theory of personal data that underlies the Personal Data Trusteeship Act, namely that personal information constitutes a commons of facts that no government or private actor can own in any legally cognizable sense.
The site serves three purposes. First, it is a document library for the framework: the draft legislation, the constitutional essays, the supporting white papers, and the videos are all available here for download or by request. Second, it is a reference hub for the six subject areas the framework addresses: each topic section contains both my own relevant work and curated external resources with commentary explaining how they bear on the framework's arguments. Third, it is a point of discussion: the blog carries my ongoing analysis of developments in these fields, and the contact page is a genuine invitation to engage.
If you encounter something on this site that you believe is wrong, analytically flawed, or missing a dimension your expertise would supply, please tell me. That is the point.