Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,650 words, this briefing is about a 6-minute read.
At a Glance.
- Trump fires the head of the NSA.
- Apple plans to appeal the UK’s order to mandate backdoor access.
NSA director fired.
The news.
Last week, President Trump fired General Timothy D. Haugh, the director of the National Security Agency (NSA) and US Cyber Command. This removal reportedly comes after Laura Loomer, a far-right political activist, advocated for the general’s dismissal. With the dismissal of General Haugh, lawmakers on both sides of the political spectrum and security experts are expressing their concerns about how these efforts will impact national security, election security, and other key infrastructure. Senator Mark Warner (Democrat of Virginia) commented on this development, stating, “at a time when the [US] is facing unprecedented cyber threats….how does firing [General Haugh] make Americans any safer.”
For context, General Haugh is a US Air Force general who served as the NSA director from 2024 to 2025 and was a key official in pushing back against Russian interference in elections and cyber attacks.
The knowledge.
With the dismissal of General Haugh, this instance marks another key step to dismantling many of the core cybersecurity structures within the federal government. Outside of this latest effort, the Trump administration has already implemented substantial cuts for the Cybersecurity and Infrastructure Security Agency (CISA). The most notable cuts include funding for two key CISA election security programs. The two initiatives targeted were:
- The Elections Infrastructure Information Sharing and Analysis Center.
- The Multi-State Information Sharing and Analysis Center.
Additionally, the following activities have also lost support:
- Cyber threat intelligence
- Cyber incident response
- State and local government engagement
When making these cuts, the agency stated that reducing these efforts would help “focus CISA’s work on mission critical areas, and eliminate redundancies.”
Furthermore, outside of the cuts already made, reports have emerged that CISA is looking to remove up to a third of its personnel as well as cutting a portion of its contractors from its major threat-hunting team. If these cuts are as large as indicated, these would likely significantly impact the day-to-day operations at CISA and result in higher risks for various aspects of national security. As the Trump administration reduces its funding and support for cyber defense programs, this falls in line with the administration's outlined goals to focus less on defensive measures and more on offensive programs. Michael Waltz, the National Security Adviser, stated that “we’ve been playing a lot of defense, and we keep trying to play better and better defense…[, but] if you’re putting cyber time bombs in our ports and grid…we can do it to you, too.”
The impact.
This internal shift away from traditional cyber defense operations to more offensive ones is a risky proposition given the numerous large-scale hacks over recent years, such as the Salt Typhoon incident in 2024. As many of these defense programs are cut back, it is unclear how this will impact existing vulnerability management strategies as well as how this could impact state and local governments' abilities to secure elections and critical infrastructure.
For security professionals, these cuts will likely result in higher risks and increased opportunities for malicious actors to target the US and various organizations. Furthermore, for US citizens, removing these programs may result in a higher likelihood of large-scale attacks being successful, which could impact the day-to-day operations of key services or result in sensitive data being exposed.
Apple appeals UK backdoor order.
The news.
On Monday, a UK court revealed that Apple is appealing the British government’s order to create a “back door” to its encrypted cloud systems, according to the Investigatory Powers Tribunal (IPT). With this appeal, the courts have rejected the Home Office’s attempts to keep the details of this case private. Apple reiterated that it has never and will never build in backdoor access to any of its encrypted services or devices.
When making these rulings, Judges Rabinder Singh and Jeremy Johnson stated that keeping this case private “would be the most fundamental interference with the principle of open justice.” Furthermore, the judges stated that “it would have been a truly extraordinary step to conduct a hearing entirely in secret without any public revelation of the fact that a hearing was taking place.”
While the British Home Office did not comment on the appeal, it did state that warrants would be required for access to any individual’s data. Furthermore, the Home Office stated that these agencies were still “subject to robust safeguards including judicial authorisations and oversight to protect people’s privacy.” The Home Office also emphasized that “these powers are purely about preventing serious crime and pursuing criminals, and do not affect our commitment to free speech.”
The knowledge.
While there is no set timeline for when this court case will be resolved, this development marks a notable win for Apple now that the Home Office’s bid has been rejected. For context, this case was brought about after the British government issued a “technical capability notice” that would enable the government’s law enforcement agencies to have blanket access to encrypted communications and photos, including for users outside of the country, through the Investigatory Powers Act (IPA). For context, this law was originally passed in 2016, but its scope was noticeably expanded in 2024, granting the government significant powers, such as:
- The right to force technology companies to inform the government of planned encryption improvements and other new security measures.
- The right to halt the implementation of updated security measures indefinitely.
Due to this legal conflict, Apple announced that it was discontinuing its security feature, known as Advanced Data Protection (ADP), within the United Kingdom (UK). ADP is one of Apple’s most advanced security features, which allows users to be able to encrypt nearly all of their iCloud data, such as messages, photos, and backups.
The impact.
As Apple’s and the UK government’s legal battle takes place over the coming months, the outcome has the potential to significantly impact Apple users in the UK. However, with the courts mandating that the case be resolved publicly, it will enable Apple users to better understand the implications of the trial as well as be able to plan accordingly.
Apple users should monitor the trial closely and understand the impacts the ruling could have on their privacy. Furthermore, while Apple still has security features in place for UK users, the company has removed ADP from the region, which results in UK users having a greater risk of privacy breaches for as long as the service is disabled in the country.
Highlighting key conversations.
In this week’s Caveat Podcast, our team attended the FBI and University of Kansas Cybersecurity Conference for a live session of Caveat. During the episode, our team met with Dr. Perry Alexander to discuss the importance of public/private partnerships. Additionally, our team also met with Professor John Symons to speak about the philosophical issues in AI and how those should impact policy decisions.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
TikTok deal halted due to tariffs.
What: ByteDance representatives told White House officials that China would no longer approve a deal due to the newly announced tariffs.
Why: Last week, reports emerged that the long-awaited TikTok deal has been paused indefinitely due to the Trump administration's tariffs. According to sources involved with the deal, the Trump administration was reportedly prepared to sign an Executive Order to approve the sale, but this was halted due to the new strains caused by the tariffs.
Due to the deal falling through, the Trump administration signed a new Executive Order that gives the company an additional seventy-five day extension before it would be banned. With this new Order, the administration stated that while they had made “tremendous progress,” the deal needed “more work to ensure all necessary approvals are signed.”
US Justice Department disbands crypto enforcement team.
What: The US Justice Department announced that it is disbanding the National Cryptocurrency Enforcement Team.
Why: On Tuesday, Deputy Attorney General Todd Blanche sent a memo disbanding this team and ordering prosecutors to narrow its crypto investigations to focus more on drug cartels and terrorist groups. In this memo, Blanche stated that the previous administration pursued a “reckless strategy of regulation by prosecution” of the digital sector. Furthermore, Blanche stated that any ongoing investigations “inconsistent” with this new policy “should be closed,” citing a Trump Executive Order for the basis of this policy change.
Taiwan states China using AI to spread disinformation.
What: The Taiwanese National Security Bureau stated that the Chinese Communist Party (CCP) is using generative artificial intelligence (AI) to “divide” the island’s public.
Why: On Tuesday, the Security Bureau published a report to the island’s parliament that outlined how it detected more than half a million “controversial messages” in 2025 across social media platforms. The Bureau outlined that these messages were a part of China’s goals to launch “cognitive warfare” and stated that these efforts were “designed to create division among our society.” The report continued, stating that “as the application of AI technology becomes more widespread and mature, it has also been found that the [CCP] has been using AI tools to assist in the generation and dissemination of controversial messages.”
Additionally, the report also outlined how the CCP has increased its “grey-zone” tactics alongside a sharp increase in the number of coast guard incursions and air balloons in Taiwan’s water and airspace.