Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,850 words, this briefing is about an 8-minute read.
At a Glance.
- Justice Department requests Google break-up.
- OPM is reviewing DOGE’s access to sensitive systems.
The Department of Justice requests Google’s break-up in court filing.
The News.
On Friday, the Department of Justice (DOJ) submitted a request that would aim to break up Google by forcing the company to sell Chrome. In its filing, the DOJ stated that “Google’s illegal conduct has created an economic goliath, one that wreaks havoc over the marketplace to ensure that -no matter what occurs - Google always wins.” Furthermore, the filing also stated that “the American people thus are forced to accept the unbridled demands and shifting, ideological preferences of an economic leviathan in return for a search engine the public may enjoy.” Google filed a counterposition in response to the DOJ that maintains the company’s position that Google does not need to change much to address the court’s concerns and that it intends to appeal the antitrust ruling. Google’s President of Global Affairs, Kent Walker, originally commented on the recommendation, stating that the “DOJ’s wildly overbroad proposal goes miles beyond the court’s decisions[, and that] it would break a range of Google products.”
For context, these filings come in response to a 2023 antitrust case in which Google was found guilty of monopolistic practices regarding the company’s search engine services. Outside of this case, Google is facing a second antitrust lawsuit from 2024 that is examining whether the company has also engaged in monopolistic behaviors related to its advertising business.
The Knowledge.
With the DOJ reaffirming its request to break up Google, the Trump administration is looking to pursue an outcome originally set forth under the Biden administration which marks a potential shift in Trump’s antitrust policy. During the first Trump administration, the DOJ actively pursued numerous antitrust cases against major technology companies, like Google; however, despite pursuing these cases President Trump also signaled that he was not aiming to break up these companies. In October, President Trump reaffirmed this stance when commenting on the case’s ruling emphasizing his unwillingness to break up the company. At the time President Trump asked, “if you do that, are you going to destroy the company?” President Trump then stated, “what you can do without breaking it up is make sure it’s more fair.” However, with this request, it appears that the Trump administration has shifted its policy stance to now actively aiming to pursue Google’s break up.
However, despite both the previous Biden and current Trump administrations looking to achieve this breakup, experts are skeptical that this outcome is feasible. Doug Melamed, a visiting fellow at Stanford Law School commented on this goal stating that it is “going to be an uphill climb for the government.” Outside of Melamed, legal experts have already cast doubts on the likelihood of the government successfully breaking up Google as these efforts have been attempted before in 2000. For context, in 2000 the DOJ attempted to break up Microsoft, but their efforts were cut short after an appeals court overturned the effort. Given that these efforts failed in 2000, it is possible that Judge Mehta would be more inclined to enforce more conventional punishments rather than force a break-up to avoid a similar situation as seen in Microsoft’s case.
The Impact.
While the court is set to hear arguments this spring and will likely issue a ruling sometime over the summer, this ruling has the potential to significantly impact how Google operates, how users interact with its services, and the overall landscape of the search engine business. If the company were forced to divest from Chrome, it could mean that Google would face significant service disruptions, as well as competitors, could rapidly pass Google in the competitive landscape. Additionally, if Google were forced to sell Chrome, it would also likely mean that many of its ongoing contracts with companies like Apple and Mozilla would be terminated creating potential service disruptions for users across multiple device platforms.
However, even if these changes were imposed, they would likely not be implemented overnight giving both users and organizations time to find alternative solutions and services to Google. For now, people who rely on Chrome’s services should be aware of this case and follow it for updates to remain informed on what developments are occurring and how those developments could impact day-to-day operations. By remaining informed, people can take appropriate action and mitigate any potential risks to their operations.
OPM reviewing DOGE’s access to sensitive federal systems.
The News.
On Monday, the Office of Personnel Management (OPM) announced that it would begin reviewing the access granted to the Department of Government Efficiency (DOGE) after its efforts to cut federal spending and gain access to sensitive systems. The OPM announced this investigation after Norbert Vint, the deputy inspector general at OPM, sent a letter to the House Oversight and Government Reform Committee, in which he pledged that the Office would take action to address concerns regarding unauthorized access. In this letter, Vint wrote that the agency would look at “specific emerging risks at OPM that are related to issues raised” and assess the risks “associated with new and modified information systems at OPM.” Lastly, Vint wrote that “we believe that, ultimately, our new engagement will broadly address many of your questions related to the integrity of OPM systems.”
This letter comes after the House Oversight and Government Reform Committee sent their letter to the OPM a few weeks ago where they expressed their concerns related to DOGE’s access to various sensitive systems and information. In their letter, ranking member Gerry Connolly wrote that “we are deeply concerned that unauthorized system access could be occurring across the federal government and could pose a major threat to the personal privacy of all Americas and to the national security of our nation.”
The Knowledge.
Since its creation, DOGE has been working its way through the vast majority of federal agencies reviewing both their personnel and programs under the premise of cutting down on excessive government spending. However, since DOGE began these efforts, the new government entity has been embroiled in controversy as security experts and government officials have routinely expressed concerns about DOGE’s sudden and largely unmonitored access. Some of the most controversial access has included DOGE’s access to the Treasury Department and Social Security systems.
However, despite DOGE gaining rapid access to many systems, efforts have been made to curb its influence, implement safeguards, and improve transparency. For example, a federal judge blocked DOGE’s access to sensitive Education Department and OPM information at the end of February. In this instance, Judge Bardman blocked DOGE’s efforts to access personally identifiable information (PII) by placing a temporary restraining order that prevented workers from giving student aid records to DOGE employees. Additionally, another federal judge ruled that DOGE needed to comply with transparency laws and release its internal documents. In their decision, Judge Cooper wrote that “the authority exercised by USDS across the federal government and the dramatic cuts it has apparently made with no congressional input appear to be unprecedented.” While these efforts have worked to curb DOGE’s influence, stakeholders and citizens alike remain concerned regarding this access and how little transparency has been provided to the general public.
The Impact.
DOGE’s sudden and largely unprecedented access to various systems across the federal government has routinely raised concerns, which have largely gone unanswered by the Trump administration. While legal challenges have slowed and halted some of these efforts, the OPM’s review process marks the first notable form of risk analysis regarding DOGE’s access.
Even though it is unclear when this internal audit will be completed, the OPM’s analysis should provide greater clarity and insight into what DOGE has been accessing and how sensitive systems and data have been handled.
As US citizens and lawmakers await the results of this audit, people should expect it to provide greater transparency and accountability regarding how personal data has been handled and what vulnerabilities may have been introduced by this access. Furthermore, by identifying potential risks, DOGE workers and other agencies will be able to better account for and mitigate these impacts to prevent unnecessary incidents and unauthorized access. People who may have been negatively impacted by DOGE’s access should continue to monitor their personal information and understand the results of this audit to ensure that they are taking all the necessary steps to protect themselves and their sensitive data.
Highlighting key conversations.
In this week’s Caveat Podcast, our team held its third Policy Deep Dive conversation where we focused on examining the current state of children’s safety online. During this conversation, we examined the ongoing federal efforts to pass comprehensive legislation, the intense debate on what these bills should empower the government to do, and what state efforts have been implemented to address this topic.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
New York sues Allstate for data breach.
What: The New York Attorney General filed a lawsuit against Allstate alleging that the company failed to report a data breach.
Why: On Monday, New York Attorney General Letitia James filed a lawsuit against Allstate claiming that the company failed to report a breach that exposed sensitive information. In the lawsuit, James claimed that hackers breached the company in 2020 and 2021, which resulted in over 165,000 New Yorkers and nearly 200,000 people in total having their driver’s license numbers exposed. Furthermore, the lawsuit alleges that the company did not notify drivers or state agencies about the first breach. Currently, the lawsuit is seeking civil fines of $5,000 per violation among other remedies.
With this lawsuit, James stated that “National General’s weak cybersecurity emboldened hackers to steal New Yorkers personal data, not once but twice[, and] it is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft.”
Trump signs executive order to create Bitcoin reserve.
What: President Trump signed an executive order to create a federal reserve of Bitcoin along with other digital assets.
Why: Last Thursday, President Trump signed a new executive order, which mandates the creation of a new federal reserve dedicated to storing digital assets. With this order, President Trump has mandated David Sacks, the administration’s crypto and artificial intelligence czar, conduct a “full accounting” of the government’s digital assets holdings, which are estimated to be around 200,000 Bitcoins. Aside from an internal audit, the order also creates a digital asset stockpile, which will consist of digital assets other than Bitcoin, and the order empowers both the Treasury and Commerce Departments to “develop budget-neutral strategies for acquiring additional Bitcoin.”
With this order, Sacks stated that “the US will not sell any Bitcoin deposited into the Reserve[, and] it will be kept as a store of value.”