Caveat

This week on Caveat, Dave and Ben welcome back N2K’s own ⁠⁠⁠⁠⁠Ethan Cook⁠⁠⁠⁠⁠ for our latest policy deep dive segment. As our lead analyst, Ethan shares his knowledge of law, privacy, and surveillance on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revisit AI. Throughout this conversation, we look at how AI has evolved within the US over 2025. As AI policy has continued to expand at the state level, the Trump administration has begun to outline its overall AI strategy. However, while states have continued to expand their regulatory AI regimes, the Trump administration is looking to pull back on regulatory burdens, creating a tension point between the two. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ covers India considering a telecom industry proposal that would require smartphones to have always-on satellite location tracking, a move opposed by Apple, Google, and Samsung over privacy and security concerns. Experts warn the measure would make phones function like dedicated surveillance devices, a step with no precedent globally. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Ben Yelin discusses the new California Opt Me Out Act that requires web browsers to offer a one-click “opt-out” setting that stops companies from selling or sharing your data. Dave Bittner bring the story about the Supreme Court of the United States weighing whether internet service providers must cut off users who repeatedly pirate content — a ruling that could transform how online piracy is policed and overhaul liability for ISPs. Ben and Dave are joined by Daniel Woods, Principal Security Researcher at Coalition, to discuss the rise of cyber insurance exclusions and the consequences of this trend. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to today's stories: California law regulating web browsers could have national data privacy impact, experts say Supreme Court hears case that could trigger big crackdown on Internet piracy Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠⁠This week’s ⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠ covers South Korea’s biggest e-commerce company Coupang that is under investigation after police confirmed a massive data breach that exposed personal information (names, emails, phone numbers, addresses, and order history) for over 33 million customers. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Caveat. This week, we are joined by ⁠Michele Kellerman⁠, Cybersecurity Engineer for Air and Missile Defense at ⁠Johns Hopkins University Applied Physics Lab⁠ discussing Women's health apps and the legal grey zone that they create with HIPAA. Ben has the story of the potential sale of TikTok to U.S. investors. Dave's got the story of a looming deadline on renewal of a key cybersecurity information sharing bill. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to today's stories: ⁠Trump turns Biden’s TikTok law into a big win⁠ ⁠Cyber threat information law hurtles toward expiration, with poor prospects for renewal⁠ ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ covers ⁠⁠⁠⁠⁠the ⁠Trump administration’s⁠ approval of a long-awaited deal for ByteDance to divest from TikTok, transferring majority ownership — and control of its recommendation algorithm — to a U.S.-led group including Oracle, Silver Lake, and Andreessen Horowitz. The Department of Justice also kicked off its major antitrust case against Google’s ad tech business, seeking a forced divestiture of its AdX exchange and potential structural changes to restore competition in the online advertising market. ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Ethan Cook, N2K lead analyst and editor of the Caveat newsletter joins Dave and Ben with a rapid-fire download from Public Sector Ignite — from CISA’s strategic pivot to the evolving threat landscape across China, Russia, Iran, and North Korea. He teases major takeaways on quantum risk and the ticking clock to “Q-Day,” why telecoms remain a soft underbelly, and how AI is turbocharging both defenders and attackers. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠⁠This week’s ⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠ covers Europe’s unexpected shift toward loosening its once-aggressive tech rules, as policymakers move to simplify GDPR, delay parts of the A.I. Act, and ease data-use restrictions to boost competitiveness. The move signals a major tone change in Brussels, raising questions about whether scaling back oversight will spark innovation — or weaken one of the world’s strongest digital privacy regimes. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Caveat. This week, we are joined by ⁠Max Shier⁠, ⁠Optiv⁠'s CISO, to discuss the newly-released CMMC 2.0, Cybersecurity Maturity Model Certification, and how to ensure compliance. Ben discusses a federal court’s decision holding warrantless queries of the Section 702 database unconstitutional. Dave looks at a murder case in Cleveland that’s been derailed by the prosecution’s use of AI. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Please take a moment to fill out an ⁠audience survey⁠! Let us know how we are doing! Links to the stories: ⁠VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional⁠ ⁠Cleveland police used AI to justify a search warrant. It has derailed a murder case⁠ Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠Caveat Briefing⁠, a weekly newsletter available exclusively to ⁠N2K Pro⁠ members on ⁠N2K CyberWire's⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠Caveat Briefing⁠ covers the story of President Trump revoking a 2023 executive order by Joe Biden that mandated AI developers to share safety test results for high-risk systems with the U.S. government before public release, citing it as a hindrance to innovation. While Biden’s order aimed to address national security and public safety risks associated with AI, Trump left intact a separate Biden order supporting energy needs for AI data centers. Curious about the details? Head over to the ⁠Caveat Briefing⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠caveat@thecyberwire.com⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital, discussing "10 Years of Cybersecurity Progress & What Comes Next." Ben talks about a couple of instances of AI companies reigning in their chatbots. Dave's got the story of ICE’s controversial facial recognition operations. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠⁠This week’s ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ covers This week’s briefing covers federal agencies considering a ban on TP-Link routers over national security concerns, Getty Images losing most of its UK lawsuit against Stability AI in a setback for copyright protections, and other global developments including Microsoft’s AI investments in the UAE, new EU efforts to counter hybrid threats, Meta’s rejection of a French watchdog ruling, and a new US-UAE agreement on AI and energy collaboration. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Next week, California will hold a major election on Tuesday, November 4, amid heightened cyber risk and increased exposure to potential attacks. With the ongoing government shutdown and reduced grant funding for local counties overseeing the elections, vulnerabilities are growing. Sanny Liao, Co-Founder and CTO of Fable Security, joins to discuss the biggest cyber threats to this election, how attackers could exploit phishing or other tactics to gain access, and where counties should focus training to detect and prevent malicious activity. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ covers the U.S. Department of Energy’s $1 billion partnership with AMD to build two supercomputers, Lux and Discovery, aimed at fusion energy, cancer research, and national security. Lux, using AMD’s MI355X AI chips, will come online in six months and deliver three times the AI capacity of current supercomputers. Discovery, built with AMD’s MI430 chips, is expected to be operational by 2029, highlighting a major DOE-private industry collaboration to accelerate scientific breakthroughs. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, host Kim Jones is joined by Ethan Cook, N2K’s lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading — and why it matters. Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about Meter. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week on Caveat, Dave and Ben welcome back N2K’s own ⁠⁠⁠⁠⁠Ethan Cook⁠⁠⁠⁠⁠ for our latest policy deep dive segment. As our lead analyst, Ethan shares his knowledge of law, privacy, and surveillance on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolve around North Korean hacking. Throughout this conversation, we break down how North Korea has transformed itself into one of the largest nation-state hackers today. We dive into what types of attacks they perform, how they have evolved these attacks over time, and how they use their ill-gotten gains to support their economy and evade sanctions. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ covers major developments in cybersecurity and digital policy, including a US court permanently barring NSO Group from targeting WhatsApp while reducing damages from $167.3 million to $4 million, highlighting growing oversight against spyware abuse. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Regulation is a double-edged sword. While it helps create structure, establish accountability, and set standards, it also creates unnecessary hurdles, slower response times, and overly rigid systems. With every administration, policy goals and subsequently regulatory stances change, which can have major impacts on business operations. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ben Yelin, from the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the current state of regulation. Throughout the conversation, Ben and Kim discuss how the current administration views regulations and the future role of the federal government. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠⁠blog post⁠⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices