Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,500 words, this briefing is about a 6-minute read.
At a glance.
- Supreme Court upholds internet service fund.
- Texas's age-verification law is supported by the Supreme Court.
Supreme Court upholds $8 billion internet and phone service fund.
The news.
On Friday, the Supreme Court ruled that the $8 billion fund that provides both telephone and internet services is constitutional. In a 6-3 ruling, the justices found that Congress had properly granted the Federal Communications Commission (FCC) discretion to collect money from telecommunications companies to pay for the Universal Service Fund (USF).
For greater insight, the USF was established under the 1996 Telecommunications Act. The Fund aims to provide phone and web connections to remote communities, rural hospitals, schools, and libraries.
This lawsuit was filed by Consumers’ Research, along with individual consumers and a telecommunications carrier, arguing that Congress did not have the authority to give the FCC the power to levy a tax. Furthermore, Consumer Research argued that this issue was further compounded as the FCC had created a nonprofit company to administer the fund. In their filing, the group argued:
“In essence, a private company is taxing Americans in amounts that total billions of dollars every year, under penalty of law, without true governmental accountability.”
When this case was filed last year, former Solicitor General Elizabeth Prelogar argued that this practice satisfied the “intelligible principle” writing:
“The Act, in short, provides comprehensive guidance to the FCC on how to implement Congress’s universal service policy.”
The knowledge.
While this case was originally brought to the Supreme Court under the former Biden administration, both the former and current administrations have defended the FCC’s position to fund this program. However, despite both administrations defending the FCC’s authority, this ruling still came as something of a surprise.
Given how the Supreme Court overturned the Chevron doctrine in 2024, a precedent which had been established for forty years, many expected the Court to similarly limit the FCC’s authority. For context, the Chevron Doctrine allowed federal agencies to administer ambiguous federal laws through reasonable interpretations. Since it was established in 1984, the doctrine has been a key tool for federal agencies to defend regulations in a multitude of different sectors, and its overturning was a significant reduction in federal authority.
In addition to overturning the Chevron doctrine, the Supreme Court has been consistently rolling back federal regulatory powers, such as when the Court struck down the Securities and Exchange Commission’s in-house tribunals. This consistent scaling back of federal powers is what made this latest ruling unexpected.
The impact.
The Supreme Court’s decision to uphold the USF is a notable departure from its established pattern of scaling back federal regulatory power in recent years.
For now, the decision ensures continued funding for critical communication infrastructure across the nation. However, there are still questions regarding whether the Supreme Court is willing it dismantle other long-standing precedents that give the federal government its powers. As other cases related to regulatory powers are heard over the coming years, this instance could prove to be a sign of shifting stances or may only be a notable exception.
Supreme Court upholds Texas age-check law.
The news.
On Friday, the Supreme Court ruled in favor of a controversial Texas law. HB 1181 is a Texas state law that requires pornographic websites to verify the age of their users before permitting access to the site. More specifically, the law requires websites whose content is “harmful to minors” to have all users submit personally identifiable information (PII) that verifies they are at least eighteen.
In their 6-3 ruling, the Supreme Court upheld a lower court’s decision to allow the 2023 Texas law stating that it did not violate the First Amendment. Justice Clarence Thomas wrote the majority opinion and concluded that “the power to require age verification is within a State’s authority to prevent children from accessing sexually explicit content.” Furthermore, Justice Thomas wrote:
“Adults have no First Amendment right to avoid age verification, and the statute can readily be understood as an effort to restrict minors’ access. Any burden experienced by adults is therefore only incidental to the statute’s regulation of activity that is not protected by the First Amendment.”
A coalition of companies challenging the bill argued that the law unlawfully stifled the free speech rights of adults and exposed users to risks such as identity theft, data breaches, and extortion.
The knowledge.
This Texas law is one of twenty-four similar bills passed nationwide, with some already in effect and others set to come into effect in the coming months. Collectively, these laws represent a growing trend toward regulating minors’ access to explicit or harmful content online.
At the federal level, the Kids Online Safety Act (KOSA) similarly seeks to protect minors. For context, KOSA empowers the Federal Trade Commission (FTC) to enforce regulations for online content that is deemed detrimental to minors. While in principle the law promotes a safer internet, critics have expressed several concerns.
The Electronic Frontier Foundation (EFF) analyzed the law noting the bill’s vague “duty of care” requirement. The EFF noted that this provision could cover a “broad swath of online services and [require] them to mitigate specific harms based on the content of online speech or face regulatory punishments.” Meaning, the EFF expressed concern that this vague requirement could have impacts on free speech and could lead to regulatory overreach.
When discussing securing minors online, many of these bills have drawn intense support from parents and other impacted parties. However, critics have expressed numerous concerns about many of these bills. These concerns include:
- Free speech infringements.
- Definitions that are vague and vulnerable to political manipulation.
- Privacy risks associated with the collection of PII for age verification.
While the courts have begun to rule on these issues, it is unclear whether many of these laws will survive in the long term.
The impact.
The Supreme Court’s ruling provides early legal support for these age-verification laws. This ruling could represent a major shift in the debate over online safety and free expression. While more legal challenges are likely to emerge, this decision could embolden similar legislation across the country.
Parents may feel reassured by these additional protections, whereas online companies must now consider the legal risks of non-compliance. Those operating in states with these laws will need to assess whether or not to adopt age-verification tools or exit markets with restrictive laws. As legal frameworks evolve, both users and companies should remain informed on these laws and how they could both impact the digital ecosystem and their rights.
Highlighting key conversations.
In this week’s Caveat Podcast, our team discusses the recent Supreme Court decisions that were ruled on last Friday. Alongside discussing the implications of these decisions, our team also discussed a story where a license plate reading company is scaling back access to its collected information, citing concerns about potentially oversharing information.
Like what you read, and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
US government warns about Iran-linked hackers.
What: The US government issues a statement warning organizations that Iranian-affiliated hackers may target US companies and operators.
Why: On Monday, the numerous federal agencies released a statement warning of potential Iranian hacking attempts. In their advisory, the agencies wrote:
“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity.”
While cybersecurity researchers have noted seeing little Iranian-linked cyber activity since tensions escalated, critical infrastructure operators and defense organizations should remain vigilant.
Judge won’t block DOGE’s access to sensitive data.
What: A federal judge ruled that the Department of Government Efficiency (DOGE) can continue to access sensitive information from the Department of Labor and the Department of Health and Human Services.
Why: On Friday, Judge John Bates declined to grant the plaintiffs a preliminary injunction that would have stopped DOGE’s access to sensitive information. In his ruling, Judge Bates emphasized that the plaintiffs did not demonstrate sufficient evidence of harm that would merit an injunction. More specifically, Judge Bates wrote:
“Absent evidence [that] those personnel will imminently misuse or publicly disclose that information, the Court cannot say that irreparable harm will clearly occur before the Court can make a final determination on the merits. And without irreparable harm, a preliminary injunction cannot [be issued].”
However, Judge Bates did note that there were some concerns. Judge Bates commented that “DOGE Affiliates have their hands on some of the most personal information individuals entrust to the government.”