Caveat

On today’s show we are joined by Ron Zayas, CEO of Ironwall by Incogni, to discuss the massive data sharing and privacy risks in the leading Buy Now Pay Later apps. Ben’s got the story of Illinois banning the use of AI in mental health therapy, joining Nevada and Utah in restricting chatbots amid growing concerns about their safety and effectiveness.  Dave's got the story of former President Trump threatening an executive order to ban mail-in voting and voting machines—claims experts say are unconstitutional, since election authority lies with states and Congress, not the White House. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual ⁠⁠⁠⁠audience survey⁠⁠⁠⁠ before August 31. Links to today's stories: The Overlooked Risks of Buy Now, Pay Later Apps: A Data-Privacy Perspective Illinois bans AI therapy as some states begin to scrutinize chatbots ⁠Trump threatens executive order on elections, claims states must obey ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠ covers he Supreme Court’s decision not to block a Mississippi law requiring all users to verify their ages before accessing social media platforms like Facebook, Instagram, and YouTube. The law, broader than a recent Texas ruling on explicit content sites, is being challenged by NetChoice as unconstitutional, but for now it will remain in effect while the case continues. ⁠⁠⁠⁠⁠Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week on Caveat, Dave and Ben welcome back N2K’s own ⁠⁠⁠Ethan Cook⁠⁠⁠ for our latest policy deep dive segment. As our lead analyst, Ethan shares his knowledge of law, privacy, and surveillance on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual ⁠⁠audience survey⁠⁠ before August 31. Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolves around cyber operations policy. Throughout this conversation, we break down the global shift where governments are taking a more offensive-oriented cyber mindset. While this trend has been developing over several years, the Trump administration has been looking to dramatically accelerate these efforts since taking office. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠ members on ⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ covers President Trump’s suggestion to allow Nvidia to sell a scaled-down version of its next-generation Blackwell AI chip in China, along with a rare agreement requiring Nvidia and AMD to give the U.S. government 15% of revenue from certain chip sales to the country. While the administration insists the move won’t compromise national security, critics warn it could still give Beijing enough computing power to accelerate its AI capabilities and close the technology gap with the U.S. Curious about the details? Head over to the ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

On today’s show Ben’s got the story of how the UK’s new Online Safety Act, billed as a way to protect children, may actually end up doing more harm than good—with mandatory age checks, privacy concerns, and a growing backlash from users. Dave’s got the story of how Flock Safety is expanding its controversial license plate surveillance network into schools—raising serious concerns from privacy advocates about student monitoring, data use, and the growing reach of law enforcement tech on campus. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual ⁠⁠⁠audience survey⁠⁠⁠ before August 31. Links to today's stories: No, the UK’s Online Safety Act Doesn’t Make Children Safer Online Schools are next for Flock Safety’s automatic license place reader cameras ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ covers a call from Senate Democrats for an investigation into the Department of Justice’s settlement allowing Hewlett Packard Enterprise’s $14 billion acquisition of Juniper Networks, raising concerns about political interference and the firing of key antitrust officials. The senators allege that HPE’s use of lobbyists with ties to the Trump administration, along with reported pressure from intelligence officials to approve the deal, signals potential politicization and improper influence over the DOJ’s merger enforcement process. ⁠⁠⁠Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

While Ben is on vacation this week, Dave welcomes back Ethan Cook to the show. On today’s episode, Ethan breaks down former President Trump’s recently released AI action plan, highlighting key priorities and what it could mean for the future of U.S. tech policy. Dave takes a closer look at the growing bipartisan support for AI regulation in Congress, exploring how lawmakers from both parties are approaching concerns around transparency, accountability, and national security as AI capabilities continue to evolve. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual ⁠⁠⁠audience survey⁠⁠⁠ before August 31. Links to today's stories: ⁠AIGOV president donald j. trump Trump administration to supercharge AI sales to allies, loosen environmental rules Poll finds bipartisan agreement on a key issue: Regulating AI ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ covers the Trump administration’s newly released AI blueprint, which aims to supercharge U.S. AI exports to allies, fast-track data center construction by loosening environmental rules, and establish a single federal regulatory standard. The plan, which replaces Biden-era restrictions, is designed to maintain America’s edge over China in the AI arms race and includes executive orders targeting export controls, environmental regulations, and perceived political bias in AI systems.Ask ChatGPT ⁠⁠⁠Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Ben's story is on the looming expiration of the Cybersecurity Information Sharing Act (CISA 2015), a widely supported but currently stalled law that enables cyber threat data sharing between the private sector and government, now at risk of lapsing by September 30 due to congressional inaction and conflicting priorities. Dave’s got the story of how a Georgia court's AI-fueled legal blunder has sparked growing concern that overworked judges nationwide could increasingly miss fake citations generated by AI, prompting urgent calls for better tech training, oversight, and ethical guidance to safeguard the integrity of the U.S. justice system. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual ⁠⁠audience survey⁠⁠ before August 31. Links to today's stories: Time’s running out on a key cyber info-sharing law It’s “frighteningly likely” many US courts will overlook AI errors, expert says ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠Caveat Briefing⁠⁠⁠ covers a major cyber espionage campaign exploiting a zero-day flaw in Microsoft’s SharePoint server software, compromising about 100 organizations—mostly in the U.S. and Germany—including government entities. Researchers warn that thousands more servers could be at risk, and while Microsoft has issued patches, experts stress that full remediation requires more than just updating software, as a China-linked threat actor may be behind the ongoing intrusions. ⁠Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Gary Barlet, former Federal CIO and Air Force Cyber Operations Officer and current Public Sector CTO at Illumio, to discuss how this approach to cybersecurity leaves some states much more at risk than others. Ben has the story of a Virginia case relating to reverse key word searches. Dave's got a highly unusual move by the DOJ against Maryland’s district courts. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual ⁠audience survey⁠ before August 31. Links to today's stories: ⁠EFF Tells Virginia Court That Constitutional Privacy Protections Forbid Cops from Finding out Everyone Who Searched for a Keyword DOJ launches unusual lawsuit against entire federal district court in Maryland ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠Caveat Briefing⁠⁠ covers BNPL apps and the privacy issues they found associated with them. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week on Caveat, Dave and Ben welcome back N2K’s own ⁠⁠Ethan Cook⁠⁠ for our latest policy deep dive segment. As our lead analyst, Ethan shares his knowledge of law, privacy, and surveillance on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual ⁠audience survey⁠ before August 31. Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolve around preemption. Recently, Congress attempted to use preemption as a justification to pass a moratorium that would have overridden all current state AI legislation and prevented any new state AI bills from being passed. While the measure failed, this action is representative of a growing debate over how the government should regulate AI. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠Caveat Briefing⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠N2K Pro⁠⁠⁠ members on ⁠⁠⁠N2K CyberWire's⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week’s ⁠⁠⁠Caveat Briefing⁠⁠⁠ covers how the U.S. SEC has issued new guidance on crypto-based exchange-traded products, signaling the start of a broader regulatory framework that could accelerate the approval of dozens of crypto ETFs, including those tied to Solana, XRP, and even meme coins. While full rule changes are still in development, the guidance marks a shift in the agency’s stance under Republican leadership and could significantly streamline the listing process for new crypto products. Curious about the details? Head over to the ⁠⁠⁠Caveat Briefing⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Ben discusses some major Supreme Court decisions from the just concluded 2025 term. Dave's got the story of a license plate reader company dialing back access after media reports reveal potential oversharing. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Complete our annual audience survey before August 31. Links to today's stories: CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE FIFTH CIRCUIT TRUMP, PRESIDENT OF THE UNITED STATES, ET AL. v. CASA, INC., ET AL. ON APPLICATION FOR PARTIAL STAY Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠Caveat Briefing⁠ covers two major U.S. Supreme Court rulings that may shape the future of digital policy. The Court upheld both the FCC’s authority to fund the Universal Service Fund—preserving billions for internet access in underserved communities—and a Texas law requiring age verification for adult content, sparking renewed debate over online privacy, free speech, and regulatory reach. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week on Caveat, Dave and Ben sit down with Andy Boyd, former Director of the CIA’s Center for Cyber Intelligence (CCI) and now an operating partner at AE Industrial Partners, a private equity firm focused on national security and aerospace. With decades of experience leading cyber operations at one of the most secretive U.S. intelligence agencies, Andy shares candid insights on the state of offensive cyber operations in the United States. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers a contentious move in Congress as the Senate parliamentarian ruled that a provision banning state regulation of AI for 10 years can remain in President Trump’s tax and spending bill. The decision allows the measure—which ties AI regulation to federal broadband funding access—to proceed under budget reconciliation, despite bipartisan skepticism and growing concerns over federal overreach into states' rights. Curious about the details? Head over to the ⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Caveat. Camille Stewart Gloster, Former Deputy National Cyber Director at the White House, is sharing a retrospective of her public service career. Ben discusses a new lawsuit in Illinois challenging automatic license plate readers. Dave's got the story of an AI hotline between the US and China. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to the stories: ⁠Illinois' use of cameras that read license plates amounts to 'dragnet surveillance,' lawsuit alleges⁠ ⁠The U.S. and China Need an AI Incidents Hotline⁠ Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to ⁠caveat@thecyberwire.com⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices