Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,500 words, this briefing is about a 7-minute read.
At a glance.
- The Supreme Court declines to block another age-verification law.
- UK drops Apple backdoor request.
The Supreme Court does not block Mississippi law.
The news.
Last week, the United States (US) Supreme Court declined to block another state law regarding social media age-verification. This Mississippi state law was signed in April 2024 and was set to go into effect in July 2025. The law requires users to verify their ages before being allowed access to social media platforms.
When declining to hear the case, Supreme Court Justice Brett Kavanaugh wrote:
“In short, under this Court’s case law as it currently stands, the Mississippi law is likely unconstitutional. Nonetheless, because NetChoice has not sufficiently demonstrated that the balance of harms and equities favors it at this time, I concur in the Court’s denial of the application for interim relief.”
This case reached the Supreme Court after Federal Judge Sul Ozerden, blocked the law in July. At the time, Judge Ozerdan wrote:
“It is not lost on the Court the seriousness of the issue the legislature was attempting to address, nor does the Court doubt the good intentions behind the enactment of [the law].”
The knowledge.
With the Supreme Court allowing this law to remain in effect, this marks the second instance where the Supreme Court has supported age verification laws. In June 2025, the Supreme Court upheld a controversial 2023 Texas state law, which required state consumers to provide age verification to be able to access any site that had sexually explicit material.
More specifically, the law required every user to provide proof, such as a government-issued identification, to prove that they were at least eighteen years old. This requirement applies to all sites that contain content that is one-third or more of “sexually suggestive” content and content that is harmful to minors.
This court battle is reflective of a larger conversation regarding how governments are increasingly scrutinizing online content, oftentimes arguing for the need to protect minors better. These protections have often taken shape by requiring sites to implement strict age-verification requirements before allowing users to access harmful content.
However, these requirements have raised concerns from privacy and free speech advocates. Privacy advocates have expressed concerns regarding submitting personally identifiable information to sites. While some of these bills bar companies from retaining this information, many are concerned about how this sensitive information is transferred and how it is protected. Regarding free speech advocates, these groups have emphasized how these laws infringe upon people’s rights to access this content by creating additional barriers.
Nonetheless, despite these concerns, governments are continuing to create laws and rule in favor of these regulations. Outside of these two instances, other similar measures include:
- The United Kingdom’s (UK) Online Safety Act.
- Florida’s HB 3.
The impact.
Though Justice Kavanaugh left room open to reassessing this state law’s constitutionality, governments are signaling a continued intent to implement similar legislation and uphold its legality. This broader support signals that the regulatory and compliance burdens are likely to continue growing over the coming months as more laws take effect.
Given this trend, both users and platforms alike should be prepared for a new online reality to take shape where age verification systems become the norm rather than exceptions. By understanding these changes, people can understand how these requirements will impact their privacy.
Britain drops its request for Apple to create a backdoor.
The news.
The UK has formally dropped its request for Apple to create a backdoor for the nation’s law enforcement. Tulsi Gabbard, the US Director of National Intelligence, announced this development, stating:
Britain “agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”
This development occurred after Apple reportedly spent months lobbying officials in Washington for support and announced that it would roll back the company’s advanced storage features in the UK.
The UK government did not confirm this report but did state that they “do not comment on operational matters, including confirming or denying the existence of such notices.”
The knowledge.
The UK’s request, from February 2025, was to give the government’s law enforcement agencies backdoor access to Apple's encrypted cloud data. More specifically, the backdoor would give access to all content stored in the Advanced Data Protection (ADP) service. In response to this request, not only did Apple deny the government, but the company also pulled support for ADP within the UK. When pulling their support, Apple released a statement, writing:
“As we have said many times before, we have never built a back door or master key to any of our products or services, and we never will.”
The UK argued it had the right to access this data under the nation’s Investigatory Powers Act (IPA). While the original version of the act did not grant the government this power, the law was expanded in 2024. When expanding this law, the UK government argued that it was aiming to modernize the law and institute two major policy changes. These changes applied to technology companies operating in the UK and required the following:
- Requiring technology companies, including international ones, to inform the UK of planned improvements in encryption or other enhancements related to privacy and security.
- Allowing the UK government to order a halt to these changes with no time limit.
These changes drew significant criticism from both cybersecurity and privacy advocates. A letter, signed by thirty cyber experts, commented on how these changes could have “disastrous consequences” on user security and create more bureaucratic hurdles to issuing security updates.
The impact.
By rescinding its backdoor access request, the UK government appears to be taking a noticeable step back from its broader push to access encrypted data. However, it is unclear whether or not Apple will reinstate ADP in the UK or if this laxing is a notable exception to the UK’s overall cyber strategy.
In the short term, this policy change could mean greater privacy protections for UK users. UK Apple users should understand these changes and how they may affect their personal data security and privacy. In the long term, UK citizens should understand the implications of the UK government’s initial request and how the government’s expanding purview into privacy technologies will impact their sensitive information.
Highlighting key conversations.
In this week’s Caveat Podcast, our team covered a new state law banning artificial intelligence (AI) therapy. Illinois’s state law aims to disallow the use of AI in mental health therapy. Additionally, our team also covers President Trump announcing an executive order aimed at giving the federal government greater influence over elections. When announcing the executive order, President Trump argued that states must follow presidential direction when administering elections.
Like what you read, and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
Judge blocks FTC Probe into watchdog.
What: A federal judge has blocked the Federal Trade Commission’s (FTC) probe into Media Matters for America.
Why: On Friday, District Judge Sparkle L. Sooknanan blocked the agency’s investigation, arguing the agency is violating the progressive watchdog’s free speech rights. In the Judge’s forty-eight-page ruling, they wrote:
“It should alarm all Americans when the Government retaliates against individuals or organizations for engaging in constitutionally protected public debate. And that alarm should ring even louder when the Government retaliates against those engaged in newsgathering and reporting.”
This probe was originally opened in May over whether or not the watchdog improperly coordinated with advertisers.
New York sues Zelle.
What: New York’s (NY) Attorney General, Letitia James, sued the parent company of Zelle.
Why: Last week, NY sued Early Warning Services, alleging that the company failed to protect users from fraud by not including critical safety features. More specifically, the government wrote that the company failed to include adequate verification processes to prevent scammers from tricking other users into sending money to fake accounts.
When filing this lawsuit, James’ office wrote that it was filed after a “change in the federal administration.” James additionally stated that:
“No one should be left to fend for themselves after falling victim to a scam. I look forward to getting Justice for the New Yorkers who suffered because of Zelle’s security features.”