Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,650 words, this briefing is about a 6-minute read.
At a Glance.
- Meta's antitrust lawsuit goes to trial.
- Whistleblower complaint attributed a “significant” data breach to DOGE.
FTC's antitrust lawsuit against Meta begins.
The news.
On Monday, the Federal Trade Commission (FTC) formally started its lawsuit accusing Meta, Facebook’s parent company, of creating a monopoly. With this accusation, the FTC alleges that Meta created this monopoly by buying start-ups, such as Instagram and WhatsApp, as a part of a “buy-or-bury strategy.”
The FTC’s lead litigator, Daniel Matheson, stated, “for more than 100 years, American public policy has insisted firms must compete if they want to succeed.” Matheson continued, stating that the reason this lawsuit was filed was because Meta “decided that competition was too hard and it would be easier to buy out their rivals than to compete with them.” Meta has responded to this case by denying the allegations and stating that the company faces plenty of competition from other social media companies, such as TikTok. Mark Hansen, the company’s litigator, stated that “this case is a grab bag of FTC theories at war with fact and at war with the law.”
With both parties making their opening arguments Monday, the government is set to call its witnesses next, including witnesses from Meta, competitors, venture capitalists, economists, and media industry executives. Some key witnesses expected to testify this week include Mark Zuckerberg and Kevin Systrom.
The knowledge.
With this major lawsuit kicking off this week, experts have expressed reservations about how successful the FTC will be. Gene Kimmelman, a former senior official during the Obama administration’s Department of Justice, stated that “one of the most difficult things for antitrust laws to deal with is when industry leaders purchase small potential competitors.” This difficulty is due to the FTC needing to prove that Meta would not have been able to achieve its present success without these acquisitions over the years. Furthermore, outside of it being difficult to prove this, experts also noted that it is rare for courts to try and undo mergers that were approved many years ago.
Outside of this major case, the Trump administration is also actively pursuing another significant antitrust case against Google. For context, in August 2024, Judge Amit P. Mehta ruled that Google was a monopoly in the online search market. In his ruling, Judge Mehta stated that “Google is a monopolist, and it has acted as one to maintain its monopoly,” and that Google has violated Section 2 of the Sherman Act. While this case was ruled on last year, the case is currently undergoing a follow-up sentencing trial, which will determine the appropriate remediation solutions. This sentencing trial is particularly relevant as the Trump administration reaffirmed the previous administration’s goal to pursue a break-up of Google, forcing it to divest from Chrome.
As both of these cases play themselves out, these two moves are likely indicative of the Trump administration’s goals to continue pursuing a more aggressive antitrust policy, especially against major technology companies.
The impact.
When considering both of these cases, it marks a clear pattern emerging within the Trump administration to curb the technology sector’s influence. As both the Google and Meta lawsuits continue, it is unlikely that these cases will be resolved soon, and it is unclear what their outcomes will be.
Regardless, if these cases result in either company being broken up, it will result in significant impacts on the market, both from a competitive perspective as well as for users. For users and organizations that rely on these company services, people should take time to understand these lawsuits and the outcomes that the government is pursuing, as they do have the potential to cause significant disruptions. By understanding these cases, people will be able to plan accordingly and minimize potential disruptions.
Potential significant cyber breach at US labor watchdog.
The news.
On Tuesday, a formal whistleblower complaint was filed stating that Department of Government Efficiency (DOGE) members may have been responsible for a “significant cybersecurity breach” at a federal labor watchdog. The complaint, which is addressed to Senate Intelligence Committee Chairman Tom Cotton and Senator Mark Warner, cites concerns at the National Labor Relations Board (NLRB). For context, the NLRB is a federal agency that is tasked with protecting workers’ rights to organize and join unions.
In the complaint, the whistleblower refers to Daniel Berulis’s testimony, which stated that he has evidence that DOGE staffers were given significant access to the NLRB’s systems, including access to sensitive case files. According to this testimony, Berulis stated that since March, he had found that logging protocols used to audit users had been tampered with and that he had found that ten gigabytes worth of data had been removed from the agency's network. In Berulis’s affidavit, he stated that “that kind of spike is extremely unusual because data almost never directly leaves NLRB’s databases.” Furthermore, Berulis stated that as he attempted to investigate and alert the proper federal agencies, he and his colleagues were disrupted by higher-ups, and he was subject to intimidation efforts.
Outside of submitting this complaint, Berulis reported that “unlike any other time previously, there is this fear to speak out because of reprisal…[and] the people that are saying no, they’re being removed one by one.”
The knowledge.
This whistleblower complaint’s allegations reprise some of the larger complaints that have surrounded DOGE since its inception. While this whistleblower complaint is certainly one of the most concerning instances related to reporting on DOGE’s activities, many other agencies and federal officials have noted how unprecedented DOGE’s access is to sensitive information and how little oversight there has been in granting and monitoring this access. For example, in February, federal judge Jeannette A. Vargas ruled against DOGE after nineteen state attorneys general filed a lawsuit aiming to block DOGE staffers from being able to access the Treasury Department’s sensitive information, such as bank account information and Social Security data. At the time, Judge Vargas stated that the plaintiffs had “established that there is a realistic danger that confidential financial information will be disclosed” if she did not halt DOGE’s access. While Judge Vargas revised this order last Friday to grant access to only one DOGE staffer, she mandated that they must complete hands-on training “typically required of other Treasury employees granted commensurate access.”
Outside of this case, there have been dozens of other lawsuits emerging that have been attempting to curb DOGE’s access to various sensitive federal systems. One of the largest concerns surrounding this access is related to who is accessing these systems, why access is needed, and questions related to how sensitive data is being handled. District Judge Ellen Lipton Hollander commented on one of these concerns in an order writing that the administration “never identified or articulated even a single reason for which the DOGE Team needs unlimited access to SSA’s entire record systems, thereby exposing personal, confidential, sensitive, and privileged information that millions of Americans entrusted to their government.”
The impact.
Since beginning its federal reduction efforts, DOGE has been one of the most controversial efforts started by the Trump administration. While a full investigation will most likely be needed to determine the validity of this whistleblower complaint, this complaint represents a significant privacy and ethical concern, which experts have been concerned about for weeks. If the investigation finds evidence that supports the complaint’s allegations, this development could have significant implications both for the data handled at the NLRB and the other sensitive systems examined by DOGE staffers.
Given the severity of these allegations, people who are connected to sensitive systems examined by DOGE should continue to monitor their data and ensure that necessary safety precautions are taken.
Highlighting key conversations.
In this week’s Caveat Podcast, our team held its fourth Policy Deep Dive conversation. During this conversation, our team focused on US cybersecurity policies, discussing the latest moves made at both the domestic and international levels.
Like what you read, and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
Irish Regulator Investigating X Regarding Use of EU Personal Data.
What: Ireland’s Data Protection Commission (DPC) has opened an investigation into X regarding the potential use of personal data to train Grok.
Why: On Friday, the DPC opened its investigation into X and how it trained its artificial intelligence (AI) model, Grok. Through the investigation, the DPC is looking to assess if the company misused European Union (EU) citizens’ private data for training. More specifically, the DPC looks at the “processing of personal data composed in publicly-accessible posts posted on the X social media platform by EU users, for the purposes of training generative [AI] models.”
If found violating EU law, the DPC could fine X up to four percent of the company’s global revenue.
House Seeks Testimony From 23andMe Co-Founder.
What: The US House Committee on Oversight and Government Reform has requested that Anne Wojcicki testify next month.
Why: On Tuesday, the House Committee requested that Anne Wojcicki testify on 23andMe’s bankruptcy. This testimony is part of an investigation into the potential risk that would be created from the company’s genetic data being transferred to potential buyers during the company’s bankruptcy proceedings.
Currently, the House is seeking her testimony on May 6th as well as relevant documents related to the bankruptcy.