Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,750 words, this briefing is about a 7-minute read.
At a Glance.
- Trump revokes Biden’s executive order centered on AI risks.
- Prince Harry and Murdoch Newspapers settle lawsuit.
Trump signs new executive order to undo Biden’s efforts to manage AI risks.
The News.
On Monday, President Trump signed a multitude of new executive orders (EOs), as is normal for an incoming administration. One of these orders centered around undoing an EO signed by former President Biden, which focused on addressing artificial intelligence (AI) risks. For greater context, Biden’s EO was originally signed in 2023 and aimed to reduce the risks that AI systems posed to both national security and American citizens. In this EO, Biden directed the various federal agencies to set standards that effectively addressed AI’s risks after federal lawmakers were unable to pass any federal legislation that addressed the matter.
President Trump’s revocation of this executive order was rooted in a belief that Biden’s order hindered AI innovation. However, outside of revoking this specific EO, the Trump administration has not made any clear comment on how it intends to address Biden’s other AI-related EOs or Biden’s highly restrictive AI exportation policies.
The Knowledge.
Over the past four years, the Biden administration’s AI policies were rooted in providing funding to emerging technology companies, minimizing the risks AI posed, and ensuring that the US’s AI industry continued to grow and remain competitive on a global scale. Biden accomplished these various goals largely through executive actions, such as the EO outlined previously as well as through crafting preliminary deals with private companies, such as Micron and Intel, and by establishing restrictive trade policies that greatly limited what technologies were allowed to be exported. However, with President Trump rescinding this EO, it is clear that the incoming administration is going to take a different approach that promotes more private innovation.
Additionally, the Trump administration announced that it is preparing to invest several billion dollars in support of the building of AI infrastructure in the United States (US). With this investment, the Trump administration aims to help fund a new joint venture called Stargate, which OpenAI, SoftBank, and Oracle back. With this initiative, the Trump administration has committed up to $500 billion in AI infrastructure efforts to create over 100,000 jobs. During this announcement, President Trump stated that this initiative “will ensure the future of technology, [and] we want to keep it in this country.”
The Impact.
Having been sworn into office earlier this week, the Trump administration has already begun to make substantial efforts to enact new policies. Given AI’s continued proliferation and growth, it is not surprising that this policy area was one of the first matters that the new administration targeted. As this new administration evaluates policies, people involved in developing, exporting, deploying, and utilizing AI technologies and systems should closely monitor the Trump administration over the next several months as these initial policies will likely establish how the administration plans to address AI policies over the coming years.
Prince Harry Settles Lawsuit with Murdoch Newspapers.
The News.
On Wednesday, Prince Harry and Murdoch’s United Kingdom (UK) Newspaper Group settled a 2019 lawsuit with the paper making a public apology and agreeing to pay substantial damages. For context, this lawsuit involved Prince Harry suing the News Group Newspapers (NGN) alleging that these publications had illegally obtained private information about him over fifteen years as well as committed perjury by deleting over thirty million emails and other records. With this settlement, NGN offered a “full and unequivocal apology” and released the following statement:
“NGN further apologizes to the Duke for the impact on him of the extensive coverage and serious intrusion into his private life as well as the private life of Diana, Princess of Wales, his late mother, in particular during his younger years.”
With this settlement, Prince Harry and his co-claimant, Tom Watson, stated that “in a monumental victory today, News UK have admitted that The Sun, the flagship title for Rupert Murdoch’s UK media empire, has indeed engaged in illegal practices.” The two claimants’ lawyer, David Sherborne, also stated that “today proves that no one stands above the law, [and] the time for accountability has arrived.”
The Knowledge.
Despite this case being formally settled, both Prince Harry and Tom Watson called on both the police and parliament “to investigate not only the unlawful activity now finally admitted, but the perjury and cover-ups along the way.” Aside from this high-profile case, NGN has already paid hundreds of millions of pounds to victims of its phone hacking and other unlawful information-gathering efforts in over 1,300 lawsuits involving politicians, sports figures, celebrities, and other citizens. However, these lawsuits are reflective of a larger tension that has not been fully resolved within the UK involving privacy and data protection.
Outside of these cases, the UK’s privacy laws have continued to fall under greater scrutiny with critics emphasizing the need for more defined legislation. While Parliament did attempt to address these issues in 2024 with a privacy bill known as “the Data (Use and Access) Bill” these efforts fell short. For context, this bill was introduced to parliament to revise the nation’s privacy laws and signaled a departure from how the rest of Europe has handled data protection. More specifically, this bill introduced several changes regarding how the UK would address data subjects’ rights and how automated decision-making tools were allowed to be utilized. More specifically, some of the key aspects of this law included the following:
- Allowing the Secretary of State to create new special data categories for personal data and create rules related to those new categories.
- Imposing new personal data transfer restrictions requiring risk assessments and adequate safeguards in place.
- Adjusting e-privacy rules to allow for enforcement actions to be taken against website publishers rather than advertisers regarding how online cookies are handled.
- Updating legal terms regarding “legitimate interests” to make it easier for data controllers to understand if their data processing cases would be considered legitimate by the government.
- Give more clarity on how automated decision-making tools can be utilized and further define what meaningful human involvement entails when overseeing these tools.
While this latest data protection bill has not been signed into law at this time, the bill is still in Parliament being debated and will likely be a key topic of conversation during the early months of 2025.
The Impact.
With Prince Harry and NGN’s settlement, this case opens the door to a key topic of conversation within the UK regarding how privacy is handled and what improvements can be made. While this settlement will not directly impact the average UK citizen, the topic surrounding improving privacy and data protection laws will. As 2025 begins, both UK citizens and businesses operating in the UK should monitor the Data (Use and Access) Bill to understand what new rights the bill would give citizens, how it would change existing regulations, and what new requirements would be implemented within the UK. While it may take some time for this law or another privacy bill to be passed, momentum is growing within the UK to address these issues, which will likely result in some form of legislation being implemented in 2025.
Highlighting Key Conversations.
In this week’s Caveat Podcast, our team sat down with Joe Gillespie, the Senior Vice President at Booz Allen Hamilton, to discuss Cyber AI. During this conversation, our team discussed the existing challenges the US government is facing when it comes to managing the sheer volume of cybersecurity alerts and effectively sifting through all the noise. Additionally, this conversation centered around how AI could address many of these existing issues and help defenders keep pace with evolving threats.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other Noteworthy Stories.
US Treasury Department imposes sanctions on companies connected to Salt Typhoon.
What: The Treasury Department has sanctioned a hacker and a company connected to the infamous Salt Typhoon hacking campaign.
Why: On Friday, the Treasury Department imposed sanctions on Sichuan Juxinhe Network Technology Co., a Chinese security company, and Yin Kecheng, an alleged hacker, for their connections to the Salt Typhoon hacking campaign. The Treasury Department stated that the company has strong connections to China’s Ministry of State Security and that the hacker was based in Shanghai and had ties to the same agency.
For context, the Salt Typhoon hack was an attack on the US telecommunications network that targeted several of the largest telecommunications providers and enabled the hackers to record calls and access specific data about specific individuals.
Trump Signs Executive Order to Delay TikTok Ban for Seventy-Five Days.
What: President Trump has signed an EO that will give TikTok an additional seventy-five days before the infamous law “banning” TikTok becomes enforced.
Why: On Monday, President Trump signed a new EO that will give the popular social media platform an additional seventy-five days to find a solution before the law that would ban it would come into effect. With this EO, President Trump instructed his Attorney General not to enforce the law so his administration could “determine the appropriate course forward in an orderly way that protects national security while avoiding an abrupt shutdown of a communications platform used by millions of Americans.”
While signing the order, President Trump stated that “TikTok is worthless if I don’t approve it, it has to close, I learned that from the people that own it.”
SEC Forms a Cryptocurrency Task Force.
What: The US Securities and Exchange Commission (SEC) announced that it will form a new task force aimed at better addressing and managing cryptocurrency.
Why: On Tuesday, the SEC said it would form a new task force tasked with “developing a comprehensive and clear regulatory framework for crypto assets.” The SEC also announced that this task force will “help the Commission draw clear regulatory lines, provide realistic paths to registration, craft sensible disclosure frameworks, and deploy enforcement resources judiciously.” With this announcement, the SEC did not state any further details about the task force.