tenlittlebullets

Posted by Josh Richman

https://www.eff.org/deeplinks/2025/07/podcast-episode-finding-joy-digital-security

Many people approach digital security training with furrowed brows, as an obstacle to overcome. But what if learning to keep your tech safe and secure was consistently playful and fun? People react better to learning, and retain more knowledge, when they're having a good time. It doesn’t mean the topic isn’t serious – it’s just about intentionally approaching a serious topic with joy.

Privacy info. This embed will serve content from simplecast.com

(You can also find this episode on the Internet Archive and on YouTube.)

That’s how Helen Andromedon approaches her work as a digital security trainer in East Africa. She teaches human rights defenders how to protect themselves online, creating open and welcoming spaces for activists, journalists, and others at risk to ask hard questions and learn how to protect themselves against online threats. She joins EFF’s Cindy Cohn and Jason Kelley to discuss making digital security less complicated, more relevant, and more joyful to real users, and encouraging all women and girls to take online safety into their own hands so that they can feel fully present and invested in the digital world.

In this episode you’ll learn about:

How the Trump Administration’s shuttering of the United States Agency for International Development (USAID) has led to funding cuts for digital security programs in Africa and around the world, and why she’s still optimistic about the work
The importance of helping women feel safe and confident about using online platforms to create positive change in their communities and countries
Cultivating a mentorship model in digital security training and other training environments
Why diverse input creates training models that are accessible to a wider audience
How one size never fits all in digital security solutions, and how Dungeons & Dragons offers lessons to help people retain what they learn

Helen Andromedon – a moniker she uses to protect her own security – is a digital security trainer in East Africa who helps human rights defenders learn how to protect themselves and their data online and on their devices. She played a key role in developing the Safe Sisters project, which is a digital security training program for women. She’s also a UX researcher and educator who has worked as a consultant for many organizations across Africa, including the Association for Progressive Communications and the African Women’s Development Fund.

Resources:

The Guardian: “Internet shutdowns at record high in Africa as access ‘weaponised’” (March 9, 2025)
Atlantic Council AfricaSource: “Effective cybersecurity in Africa must start with the basics“ (Oct. 7, 2024)
Just Security: “The Next Step for USAID’s New Digital Policy: Account for Conflict Risks and Include Peacebuilding” (Sept. 27, 2024)
Collaboration on International ICT Policy for East and Southern Africa: “How African States Are Undermining the Use of Encryption“ (Oct. 21, 2021)
Security Education Companion

What do you think of “How to Fix the Internet?” Share your feedback here.

Transcript

HELEN ANDROMEDON: I'll say it bluntly. Learning should be fun. Even if I'm learning about your tool, maybe you design a tutorial that is fun for me to read through, to look at. It seems like that helps with knowledge retention.
I've seen people responding to activities and trainings that are playful. And yet we are working on a serious issue. You know, we are developing an advocacy campaign, it's a serious issue, but we are also having fun.

CINDY COHN: That's Helen Andromedan talking about the importance of joy and play in all things, but especially when it comes to digital security training. I'm Cindy Cohn, the executive director of the Electronic Frontier Foundation.

JASON KELLEY: And I'm Jason Kelley, EFF's activism director. This is our podcast, How to Fix the Internet.

CINDY COHN: This show is all about envisioning a better digital world for everyone. Here at EFF, we often specialize in thinking about worst case scenarios and of course, jumping in to help when bad things happen. But the conversations we have here are an opportunity to envision the better world we can build if we start to get things right online.

JASON KELLEY: Our guest today is someone who takes a very active role in helping people take control of their digital lives and experiences.

CINDY COHN: Helen Andromedon - that's a pseudonym by the way, and a great one at that – is a digital security trainer in East Africa. She trains human rights defenders in how to protect themselves digitally. She's also a UX researcher and educator, and she's worked as a consultant for many organizations across Africa, including the Association for Progressive Communications and the African Women's Development Fund.
She also played a key role in developing the Safe Sisters project, which is a digital security training, especially designed for women. Welcome Helen. Thank you so much for joining us.

HELEN ANDROMEDON: Thanks for having me. I've been a huge fan of the tools that came out of EFF and working with Ford Foundation. So yeah, it's such a blast to be here.

CINDY COHN: Wonderful. So we're in a time when a lot of people around the world are thinking more seriously than ever about how to protect their privacy and security. and that's, you know, from companies, but increasingly from governments and many, many other potential bad actors.
You know, there's no one size fits all training, as we know. And the process of determining what you need to protect and from whom you need to protect it is different for everybody. But we're particularly excited to talk to you, Helen, because you know that's what you've been doing for a very long time. And we want to hear how you think about, you know, how to make the resources available to people and make sure that the trainings really fit them. So can you start by explaining what the Safe Sisters project is?

HELEN ANDROMEDON: It's a program that came out of a collaboration amongst friends, but friends who were also working in different organizations and also were doing trainings. In the past, what would have it would be, we would send out an application, Hey, there's a training going on. But there was a different number of women that would actually apply to this fellowship.
It would always be very unequal. So what we decided to do is really kind of like experimenting is say, what if we do a training but only invite, women and people who are activists, people who are journalists, people who are really high risk, and give them a space to ask those hard questions because there are so many different things that come out of suffering online harassment and going through that in your life, you, when you need to share it, sometimes you do need a space where you don't feel judged, where you can kind of feel free to engage in really, really traumatic topics. So this fellowship was created, it had this unique percentage of people that would apply and we started in East Africa.
I think now because of what has happened in the last I, I guess three months, it has halted our ability to run the program in as many. Regions that need it. Um, but Safe Sister, I think what I see, it is a tech community of people who are able to train others or help others solve a problem.
So what problems do, I mean, so for example, I, I think I left my, my phone in the taxi. So what do I do? Um, how do I find my phone? What happens to all my data? Or maybe it could be a case of online harassment where there's some sort of revenge from the other side, from the perpetrator, trying to make the life of the victim really, really difficult at the moment.
So we needed people to be able to have solutions available to talk about and not just say, okay, you are a victim of harassment. What should I do? There's nothing to do, just go offline. No, we need to respond, but many of us don't have the background in ICT, uh, for example, in my region. I think that it is possible now to get a, a good background in IT or ICT related courses, um, up to, um, you know, up to PhD level even.
But sometimes I've, in working with Safe Sister, I've noticed that even such people might not be aware of the dangers that they are facing. Even when they know OPSEC and they're very good at it. They might not necessarily understand the risks. So we decided to keep working on the content each year, every time we can run the program, work on the content: what are the issues, currently, that people are facing? How can we address them through an educational fellowship, which is very, very heavy on mentorship. So mentorship is also a thing that we put a lot of stress on because again, we know that people don't necessarily have the time to take a course or maybe learn about encryption, but they are interested in it. So we want to be able to serve all the different communities and the different threat models that we are seeing.

CINDY COHN: I think that's really great and I, I wanna, um, drill in a couple of things. So first thing you, uh, ICT, internet Communications Technologies. Um, but what I, uh, what I think is really interesting about your approach is the way the fellowship works. You know, you're kind of each one teach one, right?
You're bringing in different people from communities. And if you know, most of us, I think as a, as a model, you know, finding a trusted person who can give you good information is a lot easier than going online and finding information all by yourself. So by kind of seeding these different communities with people who've had your advanced training, you're really kind of able to grow who gets the information. Is that part of the strategy to try to have that?

HELEN ANDROMEDON: It's kind of like two ways. So there is the way where we, we want people to have the information, but also we want people to have the correct information.
Because there is so much available, you can just type in, you know, into your URL and say, is this VPN trusted? And maybe you'll, you'll find a result that isn't necessarily the best one.
We want people to be able to find the resources that are guaranteed by, you know, EFF or by an organization that really cares about digital rights.

CINDY COHN: I mean, that is one of the problems of the current internet. When I started out in the nineties, there just wasn't information. And now really the role of organizations like yours is sifting through the misinformation, the disinformation, just the bad information to really lift up, things that are more trustworthy. It sounds like that's a lot of what you're doing.

HELEN ANDROMEDON: Yeah, absolutely. How I think it's going, I think you, I mean, you mentioned that it's kind of this cascading wave of, you know, knowledge, you know, trickling down into the communities. I do hope that's where it's heading.
I do see people reaching out to me who have been at Safe Sisters, um, asking me, yo Helen, which training should I do? You know, I need content for this. And you can see that they're actively engaging still, even though they went through the fellowship like say four years ago. So that I think is like evidence that maybe it's kind of sustainable, yeah.

CINDY COHN: Yeah. I think so. I wanted to drill down on one other thing you said, which is of course, you mentioned the, what I think of as the funding cuts, right, the Trump administration cutting off money for a lot of the programs like Safe Sisters, around the world. and I know there are other countries in Europe that are also cutting, support for these kind of programs.
Is that what you mean in terms of what's happened in the last few months?

HELEN ANDROMEDON: Yeah. Um, it's really turned around what our expectations for the next couple of years say, yeah, it's really done so, but also there's an opportunity for growth to recreate how, you know, what kind of proposals to develop. It's, yeah, it's always, you know, these things. Sometimes it's always just a way to change.

CINDY COHN: I wanna ask one more question. I really will let Jason ask some at some point, but, um, so what does the world look like if we get it right? Like if your work is successful, and more broadly, the internet is really supporting these kind of communities right now, what does it look like for the kind of women and human rights activists who you work with?

HELEN ANDROMEDON: I think that most of them would feel more confident to use those platforms for their work. So that gives it an extra boost because then they can be creative about their actions. Maybe it's something, maybe they want, you know, uh, they are, they are demonstrating against, uh, an illegal and inhumane act that has passed through parliament.
So online platforms. If they could, if it could be our right and if we could feel like the way we feel, you know, in the real world. So there's a virtual and a real world, you're walking on the road and you know you can touch things.
If we felt ownership of our online spaces so that you feel confident to create something that maybe can change. So in, in that ideal world, it would be that the women can use online spaces to really, really boost change in their communities and have others do so as well because you can teach others and you inspire others to do so. So it's, like, pops up everywhere and really makes things go and change.
I think also for my context, because I've worked with people in very repressive regimes where it is, the internet can be taken away from you. So it's things like the shutdowns, it's just ripped away from you. Uh, you can no longer search, oh, I have this, you know, funny thing on my dog. What should I do? Can I search for the information? Oh, you don't have the internet. What? It's taken away from you. So if we could have a way where the infrastructure of the internet was no longer something that was, like, in the hands of just a few people, then I think – So there's a way to do that, which I've recently learned from speaking to people who work on these things. It's maybe a way of connecting to the internet to go on the main highway, which doesn't require the government, um, the roadblocks and maybe it could be a kind of technology that we could use that could make that possible. So there is a way, and in that ideal world, it would be that, so that you can always find out, uh, what that color is and find out very important things for your life. Because the internet is for that, it's for information.
Online harassment, that one. I, I, yeah, I really would love to see the end of that. Um, just because, so also acknowledging that it's also something that has shown us. As human beings also something that we do, which is not be very kind to others. So it's a difficult thing. What I would like to see is that this future, we have researched it, we have very good data, we know how to avoid it completely. And then we also draw the parameters, so that everybody, when something happens to you, doesn't make you feel good, which is like somebody harassing you that also you are heard, because in some contexts, uh, even when you go to report to the police and you say, look, this happened to me. Sometimes they don't take it seriously, but because of what happens to you after and the trauma, yes, it is important. It is important and we need to recognize that. So it would be a world where you can see it, you can stop it.

CINDY COHN: I hear you and what I hear is that, that the internet should be a place where it's, you know, always available, and not subject to the whims of the government or the companies. There's technologies that can help do that, but we need to make them better and more widely available. That speaking out online is something you can do. And organizing online is something you can do. Um, but also that you have real accountability for harassment that might come as a response. And that could be, you know, technically protecting people, but also I think that sounds more like a policy and legal thing where you actually have resources to fight back if somebody, you know, misuses technology to try to harass you.

HELEN ANDROMEDON: Yeah, absolutely. Because right now the cases get to a point where it seems like depending on the whim of the person in charge, maybe if they go to, to report it, the case can just be dropped or it's not taken seriously. And then people do harm to themselves also, which is on, like, the extreme end and which is something that's really not, uh, nice to happen and should, it shouldn't happen.

CINDY COHN: It shouldn't happen, and I think it is something that disproportionately affects women who are online or marginalized people. Your vision of an internet where people can freely gather together and organize and speak is actually available to a lot of people around the world, but, but some people really don't experience that without tremendous blowback.
And that's, um, you know, that's some of the space that we really need to clear out so that it's a safe space to organize and make your voice heard for everybody, not just, you know, a few people who are already in power or have the, you know, the technical ability to protect themselves.

JASON KELLEY: We really want to, I think, help talk to the people who listen to this podcast and really understand and are building a better future and a better internet. You know, what kind of things you've seen when you train people. What are you thinking about when you're building these resources and these curriculums? What things come up like over and over that maybe people who aren't as familiar with the problems you've seen or the issues you've experienced.

HELEN ANDROMEDON: yeah, I mean the, Hmm, I, maybe they could be a couple of, of reasons that I think, um. What would be my view is, the thing that comes up in trainings is of course, you know, hesitation. there's this new thing and I'm supposed to download it. What is it going to do to my laptop?
My God, I share this laptop. What is it going to do? Now they tell me, do this, do this in 30 minutes, and then we have to break for lunch. So that's not enough time to actually learn because then you have to practice or you could practice, you could throw in a practice of a session, but then you leave this person and that person is as with normal.
Forget very normal. It happens. So the issues sometimes it's that kind of like hesitation to play with the tech toys. And I think that it's, good to be because we are cautious and we want to protect this device that was really expensive to get. Maybe it's borrowed, maybe it's secondhand.
I won't get, you know, like so many things that come up in our day to day because of, of the cost of things.

JASON KELLEY: You mentioned like what do you do when you leave your phone in a taxi? And I'll say that, you know, a few days ago I couldn't find my phone after I went somewhere and I completely freaked out. I know what I'm doing usually, but I was like, okay, how do I turn this thing off?
And I'm wondering like that taxi scenario, is that, is that a common one? Are there, you know, others that people experience there? I, I know you mentioned, you know, internet shutoffs, which happen far too frequently, but a lot of people probably aren't familiar with them. Is that a common scenario? You have to figure out what to do about, like, what are the things that pop up occasionally that, people listening to this might not be as aware of.

HELEN ANDROMEDON: So losing a device or a device malfunctioning is like the top one and internet shutdown is down here because they are not, they're periodic. Usually it's when there's an election cycle, that's when it happens. After that, you know, you sometimes, you have almost a hundred percent back to access. So I think I would put losing a device, destroying a device.
Okay, now what do I do now for the case of the taxi? The phone in the taxi. First of all, the taxi is probably crowded. So you don't think that phone will not be returned most likely.
So maybe there's intimate photos. You know, there's a lot, there's a lot that, you know, can be. So then if this person doesn't have a great password, which is usually the case because there is not so much emphasis when you buy a device. There isn't so much emphasis on, Hey, take time to make a strong password now. Now it's better. Now obviously there are better products available that teach you about device security as you are setting up the phone. But usually you buy it, you switch it on, so you don't really have the knowledge. This is a better password than that. Or maybe don't forget to put a password, for example.
So that person responding to that case would be now asking if they had maybe the find my device app, if we could use that, if that could work, like as you were saying, there's a possibility that it might, uh, bing in another place and be noticed and for sure taken away. So there's, it has to be kind of a backwards, a learning journey to say, let's start from ground zero.

JASON KELLEY: Let's take a quick moment to say thank you to our sponsor. How to Fix The Internet is supported by the Alfred p Sloan Foundation's program in public understanding of science and technology enriching people's lives through a keener appreciation of our increasingly technological world and portraying the complex humanity of scientists, engineers, and mathematicians.
We also wanna thank EFF members and donors. You are the reason we exist.
You can become a member for just $25 and for a little more, you can get some great, very stylish gear. The more members we have, the more power we have in state houses, courthouses and on the streets.
EFF has been fighting for digital rights for decades, and that fight is bigger than ever. So please, if you like what we do, go to ff.org/pod to donate.
We also wanted to share that our friend Cory Doctorow has a new podcast. Listen to this. [Who Broke the Internet trailer]
And now back to our conversation with Helen Andromedon.

CINDY COHN: So how do you find the people who come and do the trainings? How do you identify people who would be good fellows or who need to come in to do the training? Because I think that's its own problem, especially, you know, the Safe Sisters is very spread out among multiple countries.

HELEN ANDROMEDON: Right now it has been a combination of partners saying, Hey, we have an idea, and then seeing where the issues are.
As you know, a fellowship needs resources. So if there is an interest because of the methodology, at least, um, let's say it's a partner in Madagascar who is working on digital rights. They would like to make sure that their community, maybe staff and maybe people that they've given sub-grants to. So that entire community, they want to make sure that it is safe, they can communicate safely. Nothing, you know, is leaked out, they can work well. And they're looking for, how do we do this? We need trainers, we need content. we need somebody who understands also learning separate from the resources. So I think that the Safe Sister Fellowship also is something that, because it's like you can pick it up here and you can design it in, in whatever context you have.
I think that has made it like be stronger. You take it, you make it your own. So it has happened like that. So a partner has an interest. We have the methodology, we have the trainers, and then we have the tools as well. And then that's how it happens.

CINDY COHN: What I'm hearing here is that, you know, there's already a pretty strong network of partners across Africa and the communities you serve. there's groups and, you know, we know this from EFF, 'cause we hear from them as well ,that there are, there are actually a pretty well developed set of groups that are doing digital activism and human rights defenders using technology already across, uh, Africa and the rest of the communities. And that you have this network and you are the go-to people, uh, when people in the network realize they need a higher level of security thinking and training than they had. Does that sound right?

HELEN ANDROMEDON: sound right? Yeah. A higher level of our being aware And usually it comes down to how do we keep this information safe? Because we are having incidents. Yeah.

CINDY COHN: Do you have an incident that you could, you explain?

HELEN ANDROMEDON: Oh, um, queer communities, say, an incident of, executive director being kidnapped. And it was, we think, that it's probably got to do with how influential they were and what kind of message they were sending. So it, it's apparent. And then so shortly after that incident, there's a break-in into the, the office space. Now that one is actually quite common, um, especially in the civic space. So that one then, uh, if they, they were storing maybe case files, um, everything was in a hard copy. All the information was there, receipts, checks, um, payment details. That is very, very tragic in that case.
So in that, what we did, because this incident had happened in multiple places, we decided to run a program for all the staff that was, um, involved in their day to day. So we could do it like that and make sure that as a response to what happened, everybody gets some education. We have some quizzes, we have some tests, we have some community. We keep engaged and maybe. That would help. And yeah, they'll be more prepared in case it happens again.

CINDY COHN: Oh yeah. And this is such an old, old issue. You know, when we were doing the encryption fight in the nineties, we had stories of people in El Salvador and Guatemala where the office gets raided and the information gets in the hands of the government, whoever the opposition is, and then other people start disappearing and getting targeted too, because their identities are revealed in the information that gets seized. And that sounds like the very same pattern that you're still seeing.

HELEN ANDROMEDON: Yeah there's a lot to consider for that case. Uh, cloud saving, um, we have to see if there's somebody that can, there's somebody who can host their server. It's very, yeah, it's, it's interesting for that case.

CINDY COHN: Yeah. I think it's an ongoing issue and there are better tools than we had in the nineties, but people need to know about them and, and actually using them is not, it's not easy. It's, you, you have to actually think about it.

HELEN ANDROMEDON: Yeah, I, I don't know. I've seen a model that works, so if it's a tool, it's great. It's working well. I've seen it, uh, with I think the Tor project, because the, to project, has user communities. What it appears to be doing is engaging people with training, so doing safety trainings and then they get value from, from using your tool. because they get to have all this information, not only about your tool, but of safety. So that's a good model to build user communities and then get your tool used. I think this is also a problem.

CINDY COHN: Yeah. I mean, this is a, another traditional problem is that the trainers will come in and they'll do a training, but then nobody really is trained well enough to continue to use the tool.
And I see you, you know, building networks and building community and also having, you know, enough time for people to get familiar with and use these tools so that they won't just drop it after the training's over. It sounds like you're really thinking hard about that.

HELEN ANDROMEDON: Yeah. Um, yeah, I think that we have many opportunities and because the learning is so difficult to cultivate and we don't have the resources to make it long term. Um, so yes, you do risk having all the information forgotten. Yes.

JASON KELLEY: I wanna just quickly emphasize that some of the scenarios, Cindy, you've talked about, and Helen you just mentioned, I think a lot of: potential break-ins, harassment, kidnapping, and it's, it's really, it's awful, but I think this is one of the things that makes this kind of training so necessary. I know that this seems obvious to many people listening and, and to the folks here, but I think it's, it's really it. I. Just needs emphasized that these are serious issues. That, and that's why you can't make a one size fits all training because these are real problems that, you know, someone might not have to deal with in one country and they might have a regular problem with in another. Is there a kind of difference that you can just clarify about how you would train, for example, groups of women that are experiencing one thing when they, you know, need digital security advice or help versus let's say human rights defenders? Is the training completely different when you do that, or is it just really kind of emphasizing the same things about like protecting your privacy, protecting your data, using certain tools, things like that?

HELEN ANDROMEDON: Yeah. Jason, let me, let me first respond to your first comment about the tools. So one size fits all, obviously is wrong. Maybe get more people of diversity working on that tool and they'll give you their opinion because the development is a process. You don't just develop a tool - you have time to change, modify, test. Do I use that? Like if you had somebody like that in the room, they would tell you if you had two, that would be great because now you have two different points of evidence. And keep mixing. And then, um, I know it's like it's expensive. Like you have to do it one way and then get feedback, then do it another way. But I, I think just do more of that. Um, yeah. Um, how do I train? So the training isn't that different. There are some core concepts that we keep and then, so if it, if I had like five days, I would do like one or two days. The more technical, uh, concepts of digital safety, which everybody has to do, which is, look, this is my device, this is how it works, this is how I keep it safe. This is my account, this is how it works. This is how I keep it safe.
And then when you have more time, you can dive into the personas, let's say it's a journalist, so is there a resource for, and this is how then you pull a resource and then you show it is there a resource which identify specific tools developed for journalists? Oh, maybe there is, there is something that is like a panic button that one they need. So you then you start to put all these things together and in the remaining time you can kind of like hone into those differences.
Now for women, um, it would be … So if it's HRDs and it's mixed, I still would cover cyber harassment because it affects everyone. For women would, would be slightly different because maybe we could go into self-defense, we could go into how to deal, we could really hone into the finer points of responding to online harassment because for their their case, it's more likely because you did a threat model, it's more likely because of their agenda and because of the work that they do. So I think that would be how I would approach the two.

JASON KELLEY: And one, one quick thing that I just, I want to mention that you brought up earlier is, um, shared devices. There's a lot of, uh, solutionism in government, and especially right now with this sort of, assumption that if you just assume everyone has one device, if you just say everyone has their phone, everyone has their computer, you can, let's say, age verify people. You can say, well, kids who use this phone can't go to this website, and adults who use this other phone can go to this website. And this is a regular issue we've seen where there's not an awareness that people are buying secondhand devices a lot, people are sharing devices a lot.

HELEN ANDROMEDON: Yeah, absolutely. Shared devices is the assumption always. And then we do get a few people who have their own devices. So Jason, I just wanted to add one more factor that could be bad. Yeah. For the shared devices, because of the context, and the regions that I'm in, you have also the additional culture and religious norms, which sometimes makes it like you don't have liberty over your devices. So anybody at any one time, if they're your spouse or your parent, they can just take it from you, and demand that you let them in. So it's not necessarily that you could all have your own device, but the access to that device, it can be shared.

CINDY COHN: So as you look at the world of, kind of, tools that are available, where are the gaps? Where would you like to see better tools or different tools or tools at all, um, to help protect and empower the communities you work with?

HELEN ANDROMEDON: We need a solution for the internet shutdowns because, because sometimes it could have an, it could have health repercussions, you could have a need, a serious need, and you don't have access to the internet. So I don't know. We need to figure that one out. Um, the technology is there, as you mentioned earlier, before, but you know, it needs to be, like, more developed and tested. It would be nice to have technology that responds or gives victim advice. Now I've seen interventions. By case. Case by case. So many people are doing them now. Um, you, you know, you, you're right. They verify, then they help you with whatever. But that's a slow process.
Um, you're processing the information. It's very traumatic. So you need good advice. You need to stay calm, think through your options, and then make a plan, and then do the plan. So that's the kind of advice. Now I think there are apps because maybe I'm not using them or I don't, maybe that means they're not well known as of now.
Yeah. But that's technology I would like to see. Um, then also every, every, everything that is available. The good stuff. It's really good. It's really well written. It's getting better – more visuals, more videos, more human, um, more human like interaction, not that text. And mind you, I'm a huge fan of text, um, and like the GitHub text.
That's awesome. Um, but sometimes for just getting into the topic you need a different kind of, uh, ticket. So I don't know if we can invest in that, but the content is really good.
Practice would be nice. So we need practice. How do we get practice? That's a question I would leave to you. How do you practice a tool on your own? It's good for you, how do you practice it on your own? So it's things like that helping the, the person onboard, doing resources to help that transition. You want people to use it at scale.

JASON KELLEY: I wonder if you can talk a bit about that moment when you're training someone and you realize that they really get it. Maybe it's because it's fun, or maybe it's because they just sort of finally understand like, oh, that's how this works. Is that something, you know, I assume it's something you see a lot because you're clearly, you know, an experienced and successful teacher, but it's, it's just such a lovely moment when you're trying to teach someone

HELEN ANDROMEDON: when trying to teach someone something. Yeah, I mean, I can't speak for everybody, but I'll speak to myself. So there are some things that surprise me sitting in a class, in a workshop room, or reading a tutorial or watching how the internet works and reading about the cables, but also reading about electromagnetism. All those things were so different from, what were we talking about? Which is like how internet and civil society, all that stuff. But that thing, the science of it, the way it is, that should, for me, I think that it's enough because it's really great.
But then, um. So say we are, we are doing a session on how the internet works in relation to internet shutdowns. Is it enough to just talk about it? Are we jumping from problem to solution, or can we give some time? So that the person doesn't forget, can we give some time to explain the concept? Almost like moving their face away from the issue for a little bit and like, it's like a deception.
So let's talk about electromagnetism that you won't forget. Maybe you put two and two together about the cyber optic cables. Maybe you answer the correction, the, the right, uh, answer to a question in, at a talk. So it's, it's trying to make connections because we don't have that background. We don't have a tech background.
I just discovered Dungeons and Dragons at my age. So we don't have that tech liking tech, playing with it. We don't really have that, at least in my context. So get us there. Be sneaky, but get us there.

JASON KELLEY: You have to be a really good dungeon master. That's what I'm hearing. That's very good.

HELEN ANDROMEDON: yes.

CINDY COHN: I think that's wonderful and, and I agree with you about, like, bringing the joy, making it fun, and making it interesting on multiple levels, right?
You know, learning about the science as well as, you know, just how to do things that just can add a layer of connection for people that helps keep them engaged and keeps them in it. And also when stuff goes wrong, if you actually understand how it works under the hood, I think you're in a better position to decide what to do next too.
So you've gotta, you know, it not only makes it fun and interesting, it actually gives people a deeper level of understanding that can help 'em down the road.

HELEN ANDROMEDON: Yeah, I agree. Absolutely.

JASON KELLEY: Yeah, Helen, thanks so much for joining us – this has been really helpful and really fun.
Well, that was really fun and really useful for people I think, who are thinking about digital security and people who don't spend much time thinking about digital security, but maybe should start, um, something that she mentioned that, that, that you talked about, the Train the Trainer model, reminded me that we should mention our surveillance self-defense guides that, um, are available@ssd.ff.org.
That we talked about a little bit. They're a great resource as well as the Security Education companion website, which is security education companion.org.
Both of these are great things that came up and that people might want to check out.

CINDY COHN: Yeah, it's wonderful to hear someone like Helen, who's really out there in the field working with people, say that these guides help her. Uh, we try to be kind of the brain trust for people all over the world who are doing these trainings, but also make it easy if. If you're someone who's interested in learning how to do trainings, we have materials that'll help you get started. Um, and as, as we all know, we're in a time when more people are coming to us and other organizations seeking security help than ever before.

JASON KELLEY: Yeah, and unfortunately there's less resources now, so I think we, you know, in terms of funding, right, there's less resources in terms of funding. So it's important that people have access to these kinds of guides, and that was something that we talked about that kind of surprised me. Helen was really, I think, optimistic about the funding cuts, not obviously about them themselves, but about what the opportunities for growth could be because of them.

CINDY COHN: Yeah, I think this really is what resilience sounds like, right? You know, you get handed a situation in which you lose, you know, a lot of the funding support that you're gonna do, and she's used to pivoting and she pivots towards, you know, okay, these are the opportunities for us to grow, for us to, to build new baselines for the work that we do. And I really believe she's gonna do that. The attitude just shines through in the way that she approaches adversity.

JASON KELLEY: Yeah. Yeah. And I really loved, while we're thinking about the, the parts that we're gonna take away from this, I really loved the way she brought up the need for people to feel ownership of the online world. Now, she was talking about infrastructure specifically in that moment, but this is something that's come up quite a bit in our conversations with people.

CINDY COHN: Yeah, her framing of how important the internet is to people all around the world, you know, the work that our friends at Access now and others do with the Keep It On Coalition to try to make sure that the internet doesn't go down. She really gave a feeling for like just how vital and important the internet is, for people all over the world.

JASON KELLEY: Yeah. And even though, you know, some of these conversations were a little bleak in the sense of, you know, protecting yourself from potentially bad things, I was really struck by how she sort of makes it fun in the training and sort of thinking about, you know, how to get people to memorize things. She mentioned magnetism and fiber optics, and just like the science behind it. And it really made me, uh, think more carefully about how I'm gonna talk about certain aspects of security and, and privacy, because she really gets, I think, after years of training what sticks in people's mind.

CINDY COHN: I think that's just so important. I think that people like Helen are this really important kind of connective tissue between the people who are deep in the technology and the people who need it. And you know that this is its own skill and she just, she embodies it. And of course, the joy she brings really makes it alive.

JASON KELLEY: And that's our episode for today. Thanks so much for joining us. If you have feedback or suggestions, we'd love to hear from you. Visit ff.org/podcast and click on listen or feedback. And while you're there, you can become a member and donate, maybe even pick up some of the merch and just see what's happening in digital rights this week and every week.
Our theme music is by Nat Keefe of Beat Mower with Reed Mathis, and How to Fix the Internet is supported by the Alfred Peace Loan Foundation's program and public understanding of science and technology. We'll see you next time. I'm Jason Kelly.

CINDY COHN: And I'm Cindy Cohn.

MUSIC CREDITS: This podcast is licensed creative commons attribution 4.0 international, and includes the following music licensed creative commons attribution 3.0 unported by its creators: Drops of H2O, The Filtered Water Treatment by Jay Lang. Sound design, additional music and theme remixes by Gaetan Harris.

https://www.eff.org/deeplinks/2025/07/podcast-episode-finding-joy-digital-security

apod_feed

https://apod.nasa.gov/apod/ap250715.html

What's happened in Hebes Chasma on Mars?

https://apod.nasa.gov/apod/ap250715.html

techdirt_feed

Posted by Dark Helmet

https://www.techdirt.com/2025/07/15/ross-scott-gets-a-second-chance-for-his-stop-killing-games-crusade/

https://www.techdirt.com/?p=506731&preview=true&preview_id=506731

A little over a year ago we discussed YouTuber Ross Scott’s attempt to build political action around video game preservation. Scott started a campaign and site called Stop Killing Games when Ubisoft shut down support for The Crew, rendering this game that people bought unplayable. The goal of the site was to build political action among gamers by contacting lawmakers in various countries and/or signing petitions for political action based on the following concepts:

The Stop Killing Games’ end goal is that governments will implement legislation to ensure the following:

Games sold must be left in a functional state

Games sold must require no further connection to the publisher or affiliated parties to function

The above also applies to games that have sold microtransactions to customers

The above cannot be superseded by end user license agreements

I was very much a fan of this. As someone who has advocated for greater efforts towards game preservation only to watch everyone do little to nothing about it, this seemed like a real step towards building political action around a framework that is very hard to argue against.

Unfortunately, after its launch, the campaign languished. Adoption was low and slow, which is how you want to cook your smoked ribs, but definitely not what you want for political activity. Scott said as much in a video a couple of weeks ago, in which he attempted to tackle the reason that the campaign didn’t pick up much steam.

In it, Scott laid out why he thought the initiative has run out of steam and was failing, laying no small part of the blame at the feet of fellow YouTuber Jason “Thor” Hall, a former Blizzard developer more commonly known by his indie studio pseudonym Pirate Software. Scott accused Hall of leveraging the latter’s big viewership to misinterpret and spread falsehoods about the “Stop Killing Games” initiative, in part by casting it as naïve and unworkable in the modern gaming landscape where always-online and server-centric releases are flopping all the time.

It wasn’t the first time Scott and Hall went into a tit-for-tat post-and-response spree on YouTube, but it may have been the most beneficial for the “Stop Killing Games” movement. Scott’s video, which elicited a fresh round of debate from Hall, netted over 750,000 views. More importantly, other big names started chiming in. Content personality Charles “Critikal” White Jr. posted about the topic in a June 24 video that hit over 2 million views, with the entire exchange becoming ripe for YouTube’s algorithm-fueled drama industrial complex.

The end result is that Scott is getting a second chance at this. And I am very much hoping that it goes much better this time, because there is obviously a decent amount of interest out there among the gaming public for this sort of thing. This battle of ideas has resulted in over a million signatures for an initiative in the EU, along with other methods for getting involved.

In fact, it was enough that Video Games Europe, a lobbying group there, decided to put out a response to the petition. You can go read the entire thing for yourself if you like, but I really wouldn’t waste your time. It’s the typical lobbying pablum. In fact, it mostly sidesteps the entire idea of fans running their own servers if gaming companies don’t want to bother.

“As rightsholders and economic entities, video games companies must remain free to decide when an online game is no longer commercially viable and to end continued server support for that game. Imposing a legal obligation to continue server support indefinitely, or to develop online video games in a specific technical manner that will allow permanent use, will raise the costs and risks of developing such games,” the lobbying group claims. It also states that companies are already committed to “serious professional efforts to preserve video games.”

It lists companies investing in their own video game collections as one such effort, linking to Embracer’s private archive. What could be more reassuring than leaving the fate of preservation in the hands of one of the most ill-fated, acquisition-fueled gaming conglomerates in the industry?

That’s essentially what we’ve been doing to date and it’s completely failed to achieve anything remotely like real game preservation. So, sorry, but given the bargain that copyright is supposed to be with the public, and the complete negation of that bargain when a company that gets a copyright monopoly can suddenly disallow the game to ever go into the public domain through planned obsolescence, the status quo isn’t going to work.

Now, it’s very easy for me, someone who is not building a political action campaign around this topic, to tell someone like Scott that he needs to do better this time. But I’m going to do it anyway. I want this to work. I want the needle to move faster towards preservation of our gaming culture and towards the fulfillment of the copyright bargain with the public. So, please, let this go better this time around.

https://www.techdirt.com/2025/07/15/ross-scott-gets-a-second-chance-for-his-stop-killing-games-crusade/

https://www.techdirt.com/?p=506731&preview=true&preview_id=506731

lannamichaels

Unruly: The Ridiculous History of England's Kings and Queens by David Mitchell (2023): lirazel posted about the audiobook version of this, which got me to put this on my list, but alas my library only has access to the print version; I feel that the audiobook version is probably superior. There were several parts in the book that were a slog to get through the paragraph, that would be perfectly fine if you were listening to a patented David Mitchell Rant about the subject. In fact, imagining them in David Mitchell's voice is how I got through them. ( Read more... )
Subpar Parks: America's Most Extraordinary National Parks and Their Least Impressed Visitors by Amber Share (2021): A bookified version of a Instagram account I never followed, a copy of which I read at someone's house who was using as a bookmark something that indicated they had gotten it as a gift when it came out and never got past the first fifth of the book. This book would have been fine if it had not decided it was going to fight the one star reviews, and instead just showed the artwork and mentioned how great the park was. As it was, it positioned itself as an argument between the one star reviewers and the author, and the one star reviewers won.( Read more... )

techdirt_feed

Posted by Karl Bode

https://www.techdirt.com/2025/07/15/belkin-bricks-most-wemo-smart-home-devices-again-demonstrating-you-dont-own-what-you-buy/

https://www.techdirt.com/?p=507301&preview=true&preview_id=507301

Belkin is the latest company to painfully demonstrate that you no longer own what you buy, and the whims of corporate executives can very often leave you with expensive paperweights.

In a recent statement to customers, Belkin says that it will no longer be providing support or software updates for the company’s Wemo “smart home” devices starting in the new year. About 27 affected devices, on sale since 2015 or so, will no longer receive security updates, work with smart home assistant services like Alexa, or be controllable via app.

Consumers who bought into the Wemo brand thinking they’d created a “smart home of the future” are instead stuck with a mostly useless (and quite dumb) pile of junk. For what it’s worth, a faceless Belkin communications professional claims to feel bad about it:

“We understand this change may disrupt your routines, and we sincerely apologize for the inconvenience.”

The writing had, at least, been on the wall for observant consumers. Belkin stopped selling most smart home tech in late 2023, shifting its focus to game console accessories. You might have noticed that was going to happen, and you might not have. You might be able to get “partial refunds” for products still under warranty, but you might not. Good stuff! Very innovative!

This tendency toward bricking perfectly functional electronics is fairly terrible for the environment as well, with organizations like iFixit noting that the United States alone disposes of 500 pounds of electronic waste each second, and USPIRG estimating that “a minimum of 130 million pounds of electronic waste has been created by expired software and canceled cloud services since 2014.”

https://www.techdirt.com/2025/07/15/belkin-bricks-most-wemo-smart-home-devices-again-demonstrating-you-dont-own-what-you-buy/

https://www.techdirt.com/?p=507301&preview=true&preview_id=507301

techdirt_feed

Posted by Tim Cushing

https://www.techdirt.com/2025/07/15/dhs-dumps-intel-office-because-actual-intel-keeps-contradicting-trumps-bigoted-narrative/

https://www.techdirt.com/?p=506422&preview=true&preview_id=506422

The Trump administration invoked the Alien Enemies Act to expedite its ejection of anyone not white enough to be considered worthy of citizenship. ICE raids occur daily, performed by masked officers who look more like cartel thugs than US law enforcement officers.

The excuse for evoking a law last used to dump anyone looking vaguely Asian into US internment camps during World War II is this: the Venezuelan government is supposedly encouraging and financially supporting the export of Tren de Aragua gang members to the US for the apparent purpose of… well, no one really knows.

The Trump administration won’t speculate on the alleged goals of this (completely fake) foreign government operation. But it’s more than willing to speculate that literally anyone with tattoos who happens to be more brown than white is probably a gang member. If they’re not MS-13, they’re Tren de Aragua. Either way, they’re getting sent to foreign torture camps and/or war-torn nations the US government doesn’t feel threaten Israel enough to get directly involved.

While the courts have stepped in now and then to prevent this abuse of the Alien Enemies Act by the administration, the greater threat to its AEA-related hallucinations have been intelligence assessments generated by its own intelligence agencies. Every report to date has failed to find any evidence at all linking Tren de Aragua (TdA) to the Venezuelan government.

The administration views these assessments as failures, not because they’re wrong, but because they don’t agree with the narrative being pushed by Trump and DHS head Kristi Noem. And when that happens, people who actually know what they’re doing get fired and replaced with yes men or — especially with DOGE in the mix — don’t get replaced at all.

That’s a big problem, especially for an agency literally named the “Department of HOMELAND SECURITY.” If you’re going to ignore Intel because it doesn’t fit the narrative, you’re actually making the homeland way less secure, as plenty of otherwise pro-Trump entities are making clear now that Kristi Noem has decided to ditch a DHS component that isn’t willing to say what she or Trump wants to hear.

Four major law enforcement groups are sounding the alarm in a letter to Department of Homeland Security Secretary Kristi Noem about potential cuts to the intelligence-gathering arm of her agency.

The Association of State Criminal Investigative Agencies (ASCIA), Major Cities Chiefs Association (MCCA), Major County Sheriffs of America (MCSA) and National Fusion Center Association (NFCA) warn that any potential changes to the DHS Office of Intelligence and Analysis (I&A) current structure could have a negative ripple effect on state and local law enforcement.

This doesn’t sound great! Most cops and cop shops will vote conservative because the right wing never has anything bad to say about cops and is far more willing to help increase law enforcement budgets by consistently claiming it’s never been more dangerous to be an American or an American cop, no matter what crimes stats might actually say.

Occasionally though, cops do want to do their jobs. And this removal of I&A just because it won’t tell Trump what he wants to hear undercuts their ability to assess and defuse actual threats to national security. More cynically, shutting down this intelligence gathering wing of the DHS makes it a bit more difficult to treat anyone remotely “swarthy” as a potential criminal and makes it much harder to treat anti-police violence protesters as threats to the nation.

These concerns are not addressed at all by the DHS’s statement:

“DHS component leads have identified redundant positions and non-critical programs within the Office of Intelligence and Analysis. The Department is actively working to identify other wasteful positions and programs that do not align with DHS’s mission to prioritize American safety and enforce our laws,” the spokesperson said.

This is, of course, just another lie. The real reason DHS’s I&A arm is being severed is because it contributes to reports that undermine administration narratives, like the TdA hallucination that currently serves as the sandy bedrock of Trump’s Alien Enemies Act revival.

This government is so transparently self-interested it should generate revulsion in any true American. Unfortunately, we don’t have as many of those in the United States as we may have previously thought, especially now that the government is removing thousands of people who love America more than those simply lucky enough to be born here in white skin. Too many of those people desire to be tread upon, having converted their Gadsden flags back into doormats now that Trump is back in office.

https://www.techdirt.com/2025/07/15/dhs-dumps-intel-office-because-actual-intel-keeps-contradicting-trumps-bigoted-narrative/

https://www.techdirt.com/?p=506422&preview=true&preview_id=506422

prowlingthunder posting in

fandomcalendar

( You're about to view content that a community administrator has advised should be viewed with discretion. )

case posting in

fandomsecrets

⌈ Secret Post #6766 ⌋

Warning: Some secrets are NOT worksafe and may contain SPOILERS.

01.

( More! )

Notes:

Secrets Left to Post: 01 pages, 23 secrets from Secret Submission Post #968.
Secrets Not Posted: [ 0 - broken links ], [ 0 - not!secrets ], [ 0 - not!fandom ], [ 0 - too big ], [ 0 - repeat ].
Current Secret Submissions Post: here.
Suggestions, comments, and concerns should go here.

techdirt_feed

Posted by Mike Masnick

https://www.techdirt.com/2025/07/15/unitedhealths-response-to-people-cheering-their-ceos-murder-silence-the-critics/

https://www.techdirt.com/?p=507276

When your CEO gets murdered and half the internet celebrates, most companies might pause and ask “why do so many people hate us?”

But UnitedHealth had a different response: hire more lawyers to silence the critics.

The New York Times has an excellent piece by David Enrich detailing UnitedHealth’s ridiculously aggressive campaign to quiet critics through legal threats and takedown demands. The company has targeted journalists, filmmakers, doctors, and activists—all while invoking Brian Thompson’s murder as justification for why criticism of their practices amounts to inciting violence.

In early January, Dr. Elisabeth Potter, a plastic surgeon in Austin, Texas, posted a self-made video on TikTok and Instagram that described how she had interrupted breast-reconstruction surgery to respond to a phone call from UnitedHealth about whether the insurer would cover a patient’s stay at a hospital. The call had come to the operating room’s phone line, leading her to believe it was urgent.

“Insurance is out of control,” Dr. Potter said in the video. “I have no other words.”

The short video was viewed millions of times and attracted hundreds of thousands of “likes” on social media.

About a week later, Dr. Potter received a six-page letter from the law firm Clare Locke, which UnitedHealth had retained as “defamation counsel.” The letter claimed that she had distorted the circumstances of the phone call and that her video was libelous. It noted that some commenters were responding to her posts by celebrating Mr. Thompson’s murder. The letter demanded that she retract her video and apologize.

Let’s review: UnitedHealth’s CEO gets murdered. The internet celebrates. A normal company might think, “Hmm, why do so many people hate us? Maybe we should examine our practices.” But UnitedHealth had a different idea: “The real problem isn’t that we interrupt surgeries of people already under anesthesia with phone calls about insurance coverage—it’s that people are allowed to talk about us interrupting surgeries with phone calls about insurance coverage.”

The weaponization of Thompson’s murder is particularly cynical. Rather than reflecting on why so many Americans felt schadenfreude when a health insurance executive was killed, UnitedHealth is turning the tragedy into a legal cudgel. They’re claiming that harsh criticism of their business practices—like denying coverage or making doctors interrupt surgery to get approval—somehow constitutes a “call to violence.”

But the Dr. Potter case gets even more instructive when you look at what happened next:

She had recently opened her own surgery center and had hired a consultant to help persuade UnitedHealth and other insurers to classify it as an in-network provider. Winning that designation was essential to Dr. Potter’s business plan.

Then Dr. Potter’s video went viral, and UnitedHealth stopped responding to inquiries from her representative, she said.

Blocking her surgery center from taking UnitedHealth patients because she made a video criticizing the way they handled a previous situation is extremely petty.

The fact that UnitedHealth hired Clare Locke should tell you all you need to know about this. We’ve written about them many times, including how they proudly promote how their threat letters get the media to kill stories.

This campaign to silence critics apparently predates the murder but ramped up significantly afterward. Before Thompson’s death, UnitedHealth was already threatening small local newspapers and demanding they destroy audio recordings. But post-murder, the company has gone scorched earth: suing The Guardian over investigative reporting, getting documentaries removed from Amazon Prime and Vimeo, and, as highlighted above, threatening a doctor for a viral video.

In one example the operators of a small chain of pharmacies in Wisconsin created a docuseries to call out the damaging practices of pharmacy benefit managers (PBMs), including Optum Rx, owned by UnitedHealth. And then:

On May 21, Clare Locke wrote again to Amazon’s lawyers. The 16-page letter claimed that the docuseries “spreads a vociferous and false screed in a thinly-veiled call to violence for anyone who is dissatisfied with the American health care system. Recent history and Brian Thompson’s murder demonstrates the devastating and irreversible consequences of ginning up such hatred with false claims designed to inspire violence.”

The letter said the video violated Amazon’s terms of service and should be removed, in part because it “doxxed our clients’ physical address” by showing a street sign for Optum Way in Minnesota.

Within days, the video — which had no more than a few hundred views — had been removed from Prime Video.

[….]

In early June, Ms. Strause received an email from Vimeo, where “Modern Medical Mafia” had also been available for streaming.

“This content was removed due to a complaint Vimeo received concerning defamation,” the email said. “Vimeo is not able to evaluate the truth or falsity of such a claim, and it asks that you resolve the dispute directly with the complainants, Optum Rx and UnitedHealth Group.”

At least for now their docuseries remains available on YouTube, but who knows for how long.

The chilling effect is real. The Guardian postponed publishing a second investigation into the company after UnitedHealth sued over their first piece—filed conveniently the day before the second article was scheduled to run, and right after The Guardian had informed UnitedHealth that it intended to run its new investigation.

Meanwhile, you know how “free speech” absolutists so frequently seem to love to silence their critics? Well, sometimes that appetite for censorship comes back to bite them.

Take Bill Ackman. Last year, he hired Clare Locke to send a ridiculously pathetic threat to Business Insider over reporting on his wife’s alleged plagiarism. He was so pleased with their work that he publicly called Clare Locke “the rock stars of defamation law” and said “they should be your first call” if you face similar criticism.

Clare Locke, it turns out, took that endorsement very seriously. When Ackman shared Dr. Potter’s viral video and suggested investors should bet against UnitedHealth’s stock, guess who came calling?

One of the many people who shared Dr. Potter’s video was the billionaire investor Bill Ackman, who has nearly two million followers on X and regularly wades into controversies. In a post accompanying the video, he suggested that investors should bet against UnitedHealth’s stock and that the Securities and Exchange Commission should investigate the company. The post brought even more attention to Dr. Potter’s video.

Mr. Ackman soon heard from Clare Locke. He already knew the firm. He and his wife, Neri Oxman, had hired Clare Locke to threaten Business Insider after it reported in 2024 that she had plagiarized parts of her doctoral dissertation. (They did not end up suing.)

Now, though, the roles were reversed. One of the firm’s co-founders called an aide to Mr. Ackman and told him that the video included falsehoods. And UnitedHealth contacted the S.E.C. to complain that Mr. Ackman was trying to drive down the company’s stock price.

Calling the SEC to claim that retweeting a video of a surgeon who posted a video about a ridiculous situation caused by UnitedHealth is an attempt to manipulate the stock price is… quite a choice.

Think about the logic here for a moment. UnitedHealth’s business model appears to involve taking people’s money for health insurance and then finding creative ways not to pay for their healthcare. When people point this out—sometimes rudely, granted—UnitedHealth responds by claiming that the real violence is not the denial of medical care to sick people, but rather the people being rude about it on the internet.

It’s true Trumpism: always play the victim.

In Enrich’s article, UnitedHealth spokesperson Eric Hausman defended the campaign by saying “the truth matters” and there’s a difference between criticism and “irresponsibly omitting facts.” But their targets aren’t making things up—they’re documenting real experiences with the company’s practices, often with receipts.

The company’s own annual report reveals the likely real motivation: “Negative publicity may adversely affect our stock price, damage our reputation and expose us to unexpected or unwarranted regulatory scrutiny.” Their stock is down 40% over the past year, and they face multiple federal investigations into potential Medicare fraud and antitrust violations. But rather than addressing the underlying issues that generate negative coverage, UnitedHealth has chosen to wage war on the coverage itself—a strategy that probably isn’t inspiring much investor confidence either.

Of course, the best way to avoid “negative publicity” is to… be better? To maybe take stock of your practices and look at why you’re getting so much bad press.

But that’s not UnitedHealth’s style apparently.

It reveals a deep-seated problem at the company. The management team appears to view the real problem not as their harmful practices, but as people talking about those practices. That’s not a sustainable approach to crisis management—it’s an admission that they can’t defend their actions on the merits.

David Enrich, who wrote the Times piece, explored these tactics extensively in his book Murder the Truth—about the growing industry of lawyers who specialize in using legal threats to silence criticism (including large portions of the book discussing Clare Locke). You may recall that we interviewed him about the book on the Techdirt podcast earlier this year. The title perfectly captures UnitedHealth’s approach: rather than confronting the truth about why their CEO’s murder was met with celebration, they’re trying to murder the truth through legal intimidation.

This approach might silence some critics in the short term, but it won’t change the underlying reality that they act as though their business model depends on denying care to people who need it. And every legal threat just reinforces the public perception that UnitedHealth would rather attack critics than fix the problems critics are highlighting.

If UnitedHealth really wanted to address the problem, they’d focus on being better, not on silencing the people pointing out how bad they are.

https://www.techdirt.com/2025/07/15/unitedhealths-response-to-people-cheering-their-ceos-murder-silence-the-critics/

https://www.techdirt.com/?p=507276

cyberghostface posting in

scans_daily

( Scans under the cut... )

alisx

But here’s what this future, being pitched by the plain language and plain actions of this administration, is. It is very sad and very small. It lacks imagination. It lacks dynamism. Men will not be allowed in women’s spaces and women will not be allowed in men’s spaces. Women will be tradwives and will be paid $5,000 have babies. Those babies will not have parents who can afford to buy them 30 dolls, they will have two dolls instead, and they will like it. The boys will not have any dolls, though. The rich and powerful will stockpile supplies because they know the impacts of their policies. You will not buy breakfast at McDonald’s as a treat. Your friends will be AI chatbots. Your therapist will be a chatbot. You will pay massive tariffs to try food from other countries. You will work in the factory. You will not own the factory. They will own the factory. You will die at the factory. Your kids will learn about AI at the technical college, and then they will work in the factory. Your kids will not own the factory. Their kids will own the factory. Their kids will go on Fox News and tell you that they have created good jobs, patriotic jobs. American jobs, not Chinese jobs. Jobs that your kids and their kids and their kids’ kids can work at until they die. Your kids will repair the air conditioning. Your kids will screw in the screws. Your children’s children will move the robot arms, like their father and grandfather did before them.

On the dystopian American future.

The Pattern Is Clear: Trump Asks, SCOTUS Delivers

As law professor Steve Vladeck pointed out, the statistics are damning:

Since April 4, #SCOTUS has issued 15 rulings on 17 emergency applications filed by Trump (three birthright citizenship apps were consolidated).

It has granted relief to Trump … in all 15 rulings.

It has written majority opinions in only 3.

Today’s order is the 7th with no explanation at all.

Fifteen for fifteen. That’s not jurisprudence—that’s a rubber stamp. By way of comparison, in the 16 years of the George W. Bush and Barack Obama presidencies, the two presidents combined only asked (let alone got) emergency docket relief eight times.

The emergency docket is supposed to be for… emergencies. It’s supposed to preserve the status quo while more fully briefed cases make their way through the courts. Instead, the Court is using it to let Trump implement his most legally dubious policies while avoiding the scrutiny that comes with actually having to explain their reasoning.

And the hypocrisy here is staggering.

Just two years ago, having the Department of Education forgive student loans was supposedly beyond the pale and required extended analysis. But letting Trump fire half the department’s workforce overnight and effectively shut down the agency that Congress created? That gets a rubber stamp with no explanation at all.

Sotomayor’s Righteous Fury

Justice Sotomayor’s 19-page dissent (joined by Justices Kagan and Jackson) is a masterpiece of righteous indignation. She methodically dismantles the majority’s abandonment of constitutional principles:

This case arises out of the President’s unilateral efforts to eliminate a Cabinet-level agency established by Congress nearly half a century ago: the Department of Education. As Congress mandated, the Department plays a vital role in this Nation’s education system, safeguarding equal access to learning and channeling billions of dollars to schools and students across the country each year.

Only Congress has the power to abolish the Department.

She then delivers the key point:

When the Executive publicly announces its intent to break the law, and then executes on that promise, it is the Judiciary’s duty to check that lawlessness, not expedite it.

But the conservative majority couldn’t be bothered to address any of this. They just waved through Trump’s power grab without explanation.

Writing for the Historical Record

Justice Sotomayor’s dissent here follows the path that Justice Ketanji Brown Jackson has blazed recently: writing not just for her colleagues, but for the public and for history. As Jay Willis noted at Balls & Strikes, Justice Jackson has been remarkably willing to call out the Court’s partisan hackery. In case after case, she’s been pointing out that the Court has “demonstrated enthusiasm for green lighting this president’s legally dubious actions in an emergency posture.”

Sotomayor appears to be joining this approach. Rather than maintaining polite judicial fiction, she’s directly calling out the majority’s “willful blindness” and warning about the “grave” threat to our Constitution’s separation of powers. Jackson’s dissents have become a running commentary on the Court’s transformation from a judicial body into a partisan enabler of authoritarian rule. Now Sotomayor is adding her voice to this historical record. As Wills notes, they’re writing for the public, assuring millions of Americans that they’re not wrong to question the good faith of a Republican-controlled Court that keeps siding with a Republican president.

For as long as she remains stuck in the minority, it might also be the most important part of her job: If she cannot persuade her colleagues that the Constitution does not imbue Donald Trump with an inviolate right to ignore it, she can at least use her platform to show the public that the institution is captured, broken, and not to be taken seriously.

This approach has reportedly frustrated some of their colleagues, who seem to think there’s still value in maintaining decorum among justices. But Jackson and (hopefully, now) Sotomayor understand something important: when the Court stops explaining itself, it stops being a court and becomes just another political institution.

Why Explanations Matter

As Vladeck wrote about the human trafficking case, the Court’s refusal to explain itself creates chaos:

The more important point is that this dispute has happened only because the six (or five) justices who voted to stay some of Judge Murphy’s earlier rulings didn’t explain themselves. In that respect, the contretemps in D.V.D. can be directly traced to one of my biggest criticisms of the shadow docket—the justices’ regular refusal, even when granting emergency relief, to explain why they’ve done so. Alas, I’ve been beating this drum for years. But it’s hard to think of a more pointed or compelling example of what can happen when the Court doesn’t write.

Well, now he’s got a second example.

Without explanations, parties and lower courts are left to speculate about what the justices actually meant. That’s particularly problematic when the disputes involve governmental policies affecting millions of people.

More fundamentally, principled explanations are what separate judicial power from raw political power. When the Court stops explaining itself, it stops being a court worthy of respect.

The Broader Assault On The Rule Of Law

This isn’t just about immigration or education policy. It’s about the fundamental principle that government officials must follow court orders until they’re properly overturned. By repeatedly rewarding Trump’s defiance of lower court rulings, the Supreme Court is teaching every future administration that court orders are optional if you have the right political connections.

Well, at least he’s teaching Republican administrations that, as the Biden v. Nebraska case appears to make it clear, this doesn’t apply to Democratic administrations.

The McMahon case is particularly egregious because, as Sotomayor details, the Trump administration openly admitted it was trying to shut down an agency that only Congress can abolish. They fired thousands of employees without any analysis of how this would affect the department’s statutorily mandated functions. When asked during a congressional hearing whether they had conducted such an analysis, McMahon simply said “No.”

This is executive lawlessness, plain and simple. And the Supreme Court is actively enabling it.

What We’re Losing

The Department of Education administers over $120 billion in federal student aid to over 13 million students. It enforces civil rights laws in schools. It provides funding for special education services for more than 7 million students with disabilities. It channels over $100 billion annually to public schools.

It is fundamental infrastructure to the American education system.

All of this is now at risk because six justices couldn’t be bothered to write a few paragraphs explaining why the President can unilaterally dismantle Cabinet-level agencies.

Students with disabilities will lose services. Schools will lose funding. Civil rights protections will disappear. All so Trump can fulfill a campaign promise to “close up the Department of Education” without the inconvenience of actually getting Congress to agree.

The Roberts Court’s True Legacy

Each lawless decision like this makes it clearer that the Roberts Court’s legacy will be the complete destruction of public faith in the judiciary. John Roberts spent years wringing his hands about declining trust in the Court, but he’s presiding over its transformation into a partisan institution that serves power rather than law.

This isn’t just about “declining trust”—that’s already happened. The question now is what comes next when courts stop being courts and become just another political institution competing for legitimacy.

The Court is teaching Americans that the rule of law only applies to those without political connections to the right people. Why should anyone respect judicial decisions when the justices themselves have abandoned any pretense of impartiality?

Justice Sotomayor’s dissent ends with a warning that applies far beyond this case:

The majority is either willfully blind to the implications of its ruling or naive, but either way the threat to our Constitution’s separation of powers is grave.

The conservative majority isn’t naive. They know exactly what they’re doing. They’re systematically dismantling the constraints on executive power, one unexplained shadow docket ruling at a time.

And they’re doing it without even having the decency to explain why.

https://www.techdirt.com/2025/07/15/the-supreme-courts-shadow-docket-has-become-a-lawless-explanation-free-rubber-stamp-for-trumps-authoritarian-agenda/

https://www.techdirt.com/?p=507368

iamrman posting in

scans_daily

Writer: Roy Thomas

Pencils: Gil Kane

Inks: Frank Giacoia

Kravin’ time in the Savage Land!

( Read more... )

techdirt_feed

Posted by Karl Bode

https://www.techdirt.com/2025/07/15/ignorant-and-paranoid-maga-politics-kept-texas-republicans-from-spending-arpa-money-on-weather-warning-systems/

https://www.techdirt.com/?p=507307&preview=true&preview_id=507307

I’ve mentioned more than a few times that the 2021 American Rescue Plan Act (2021) wound up funding a lot of very good things. The very sort of everyday “abundance” a lot of high-profile pundits claimed was no longer possible under American leadership.

ARPA helped shore up infrastructure, housing, and sewage upgrades across countless U.S. communities. It’s helping to build a lot of local community centers. It helped many counties and municipalities improve their climate change resilience. I also talk to a different community every week that has been able to provide residents with cheap gigabit fiber broadband access for the first time ever.

Most people don’t know any of this because functional infrastructure legislation isn’t sexy in a country obsessed with shallow artifice. It’s not helped by the fact that Democrats consistently suck at any sort of modern viral messaging, and the Republican propaganda machine constantly has Americans bickering over candy genders and long-established vaccine science.

ARPA was primarily a Democrat initiative, which aided Republican and Democrat states alike (see, affordable fiber broadband, above). That includes Kerr County Texas, the location of the recent flooding tragedy that killed 130 locals (and counting). Kerr County received $10.2 million in ARPA funding.

ARPA, unlike some other parts of the infrastructure bill, was designed with a lot of flexibility as to how municipalities were allowed to spend the money, because its architects really did want to get this money to communities harmed by COVID as quickly as possible. Many Texas Communities, like Corpus Christi, spent ARPA money to modernize their sewer and storm drain infrastructure.

One local NBC affiliate notes that Kerr County’s board of commissioners had discussed the need for new flood warning systems more than 20 times since 2016. ARPA money provided the perfect opportunity to finally make those warning systems a reality, but a lot of extremist partisan rhetoric resulted in residents and local right wing politicians viewing ARPA funding as somehow toxic:

“I’m here to ask this court today to send this money back to the Biden administration, which I consider to be the most criminal treasonous communist government ever to hold the White House,” one resident told commissioners in April 2022, fearing strings were attached to the money.”

Because we’ve effectively destroyed most useful U.S. journalism (especially local), countless Americans’ information diet consists exclusively of infotainment and right wing propaganda from online or Fox or Sinclair Broadcasting. The result is a public so disoriented and disinformed that they’re willing to repeatedly harm themselves in the belief they’re winning some incoherent ideological war.

After delays caused by paranoia and false claims, Kerr County did ultimately take ARPA funding, but the lion’s share of it went to sheriff’s department “stipends,” raises, and police communications. Outside of a local walking path, little went to climate-proofing the community or infrastructure upgrades. The Texas Tribune notes it’s not clear locals were really informed ARPA could have easily funded the long-needed warning system:

“While much has been made of the ARPA spending, it’s not clear if residents or the commissioners understood at the time they could have applied the funds to a warning system. Kelly, the Kerr County judge, and Thomas have declined repeated requests for interviews. Moser, who is no longer a commissioner, did not immediately respond to a Texas Tribune interview request.”

Kerr County locals seeking answers are now pouring over Kerr County commissioners meetings to see where leadership failed them, and found that a lot of ARPA funding was frozen due to the (false) belief among local leaders that ARPA money came with some weird partisan restrictions (again, the complete opposite of well-documented, objective reality):

“We have an untrustworthy administration,” said Commissioner Belew. “They’ve lied to us numerous times and used the virus to get what they want… I don’t trust them. This money could come with mandates later.”

ARPA fear-mongering by area leaders and Conservative media resulted in locals that weren’t any better informed :

“Accepting the ARPA money and putting our County under existing and future executive orders would federalize us and make us all slaves,” said one 30-year resident.

In many very clear ways, propaganda and disinformation is not only incredibly effective, it’s fatal. It’s a brutal tragedy that these deaths could have been avoided with competent, reality-based leadership, but weren’t. It’s far from clear if anybody will actually learn from the experience.

https://www.techdirt.com/2025/07/15/ignorant-and-paranoid-maga-politics-kept-texas-republicans-from-spending-arpa-money-on-weather-warning-systems/

https://www.techdirt.com/?p=507307&preview=true&preview_id=507307

just_security_feed

Posted by Argyri Panezi

https://www.justsecurity.org/116473/security-stakes-global-quantum-race/?utm_source=rss&utm_medium=rss&utm_campaign=security-stakes-global-quantum-race

https://www.justsecurity.org/?p=116473

The quantum era is around the corner. Major tech companies are announcing impressive breakthroughs in quantum advantage, quantum error correction, and quantum networking. Competing quantum chips are also reaching new heights, from IBM’s Condor breaking the 1,000-qubit barrier in December 2023 signaling the ability to dramatically expand computational power, to Google’s Willow, presented in December 2024, and Microsoft’s Majorana 1 announcement in February 2025 – a breakthrough that remains contested.

The quantum race is international, with competition between major players in the West and the East. Public investments in quantum technologies have surged globally, reaching $42 billion in 2023. China leads with more than $15 billion in investments, followed by Germany, the United Kingdom, the United States, and South Korea. Similar to the global race for AI leadership, quantum technology has geopolitical dimensions. Commentators are drawing comparisons between the quantum race and the earlier, nuclear and space races.

Should policymakers anticipate that the quantum race will pose major security and safety risks, as with nuclear power? If this proves to be the case, then the international community can expect security implications of analogous magnitude. However, by coordinating and acting early, governments have an opportunity to prevent harmful competition, anticipate societal impacts, and build inclusive governance frameworks that support responsible and equitable development and adoption of quantum technologies.

What Security Risks and Benefits Will the Quantum Era Unlock?

Security Risks

Cybersecurity protocols have been reliant on classical computers’ inability to solve complex mathematical problems that underlie cryptography. However, projections indicate that quantum computers will likely threaten to break state-of-the-art public-key cryptography as early as 2030. The National Institute of Standards and Technology (NIST) has warned that this would “seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.” Security experts therefore are working toward transitioning to post-quantum cryptographic solutions for digital networks and infrastructures. For example, NIST is leading a post-quantum cryptography standardization process, selecting cryptographic systems that can secure sensitive information and communications against both quantum and classical computing.

Quantum computers’ impacts on the confidentiality and integrity of information and communications presents both national and global security issues. At the national level, it is crucial for both governments and businesses to prepare transitioning digital systems and communications for post-quantum encryption and prioritize the regulatory requirements for the security of mission-critical operations and critical infrastructure. At a global level, cooperation around this transition is also important given the interdependency of digital infrastructures.

Furthermore, quantum technologies — namely those concerning quantum sensing and metrology, computing, and communications — are dual-use technologies with both civilian and military purposes. In this respect, the quantum race introduces novel global security risks, particularly through military applications of quantum technologies. In addition, quantum technologies’ relevance to national security highlights existing geopolitical tensions and amplifies the need for stronger defense alliances. For instance, quantum may lead to a new arms race between powers like the United States and China, which are developing technologies that will transform military tech, such as radars, compasses, and other detection and navigation tools. As another example, last year NATO announced its first quantum strategy outlining investments in research and development, support for a transatlantic forum for quantum technologies in defence and security, and the promotion of a “Transatlantic Quantum Community” to engage with government, industry and academia. NATO views quantum technologies as a key element of strategic competition, with significant potential for both the Alliance and its adversaries.

Security Benefits

On the other hand, quantum communication can enhance security by leveraging the principles of quantum physics in combination with optical technologies, such as optical cables. For example, quantum physics allows particles transmitting data along optical cables to take on a state of superposition. This enables the secure transmission of highly sensitive information by means of quantum key distribution, a technique for securely sharing encryption keys. In other words, while quantum computers pose a threat to current cryptographic systems, quantum cryptography offers the promise of significantly more secure communication. Furthermore, attempts to interfere with qubits leave detectable traces — as any attempt to intercept with qubits collapses their quantum state, revealing evidence of tampering — effectively making quantum communication resistant to hacking.

In addition, quantum sensing technologies will offer new opportunities to mitigate risks as they improve. Their motion-detecting capabilities can monitor changes in electromagnetic fields and hazards more generally — as with early warning sensors, which can identify chemical or biological agents. Key benefits include strengthening the safety of critical infrastructure that depends on sensors, such as air traffic control systems and water utilities. Moreover, quantum technologies enable more effective monitoring of remote or hard-to-access locations, including underground and underwater environments. This is, however, a double-edge sword, as quantum sensing capabilities will also likely raise privacy concerns through their potential use in surveillance.

Risk Management Lessons

To mitigate quantum’s national and global security risks, policymakers can learn from past experiences of governing novel technologies. The safety and security risks associated with previous scientific breakthroughs, and the challenges currently presented by AI, serve as important lessons. These lessons should urge governments to take quantum security risks seriously and to consider and mitigate them proactively. They also provide a cautionary tale of the security risks that escalate with geopolitical tensions and ease with cross-border collaboration.

It is crucial to identify these risks and implement robust risk management strategies at this formative stage, when the full capabilities of quantum science have yet to materialize and quantum technologies are not yet widely implemented as, for example, AI. Established risk management frameworks from disciplines such as cybersecurity, finance, AI, and even the nuclear sector — which has a long history of mitigating safety and security risks through international norms, oversight, and diplomacy — can provide valuable models for addressing these emerging challenges.

In the context of AI, for instance, regulatory and industry-led efforts — such as the European Union’s AI Act and the Frontier AI Safety Frameworks, respectively — provide comprehensive approaches to risk governance, although these initiatives remain in the early stages of implementation and impact. The AI domain has critically demonstrated that technologists often exhibit a strong bias toward technological innovation, treating risk mitigation as an afterthought. Another important insight is the paradoxical way people perceive the human role in AI systems, tending to underestimate human involvement when systems function smoothly yet overestimate it when they fail. Thus, risk-mitigating approaches for quantum technologies should involve transparency and explainability, human oversight — particularly for high-risk systems — and clear accountability frameworks.

Prioritizing the Public Good to Avoid Race to the Bottom Global Security Scenarios

Thinking beyond security risks and opportunities, scientists, policymakers, and public and private funders must continue to develop agendas and frameworks for responsible quantum research and innovation and in critical societal research.

Furthermore, the international community needs early and more effective communication and collaboration between quantum scientists, their funders, and policymakers at a global level — primarily to avoid “race to the bottom” global security scenarios that could trigger cold-war style overspending and escalation. Such collaboration will serve three key purposes. First, it will address rising concerns about the impact that quantum technologies might have on society, as well as anticipated path dependencies. Second, it can help pre-empt the emergence of a science-industrial complex and redesign innovation pathways for the greater good. Lastly, it will help prevent a global governance gap by strengthening international networks of cooperation.

Analysts agree that collaboration can help mitigate security risks while promoting research and development as well as broader adoption of quantum technologies. Policy analysts, while emphasizing the strategic benefits of early mobilization, highlight the emergence of a robust and collaborative industry network. The network involves both national and cross-national partners from major quantum players, including the United States, the European Union, the United Kingdom, Canada, Australia, South Korea, Japan and others. In contrast, China has pursued a much more inward-looking strategy, marked by significantly fewer international partnerships. Nevertheless, it is essential to acknowledge that these countries belong to a privileged network for research and development exchange. This network only excludes substantial portions of the global community and the Global South, but also poses significant global supply chain challenges in the form of control points by concentrating critical technologies, expertise, and infrastructure within a limited group of nations.

Overall, to avoid a global quantum race to the bottom in security, governments must shift their mindsets from racing against to racing with others. This can reduce risks of fragmentation, isolationism, or a new type of global zoning reminiscent of early Internet governance. At a national level, comprehensive quantum strategies must be developed in tandem with thorough cybersecurity frameworks and sector-specific, risk-based regulations. These integrated approaches will better equip the international community to anticipate and mitigate the emerging security and broader risks of quantum technologies, ensuring that countries are not constrained by unforeseen technological, scientific, or geopolitical challenges.

The post The Security Stakes in the Global Quantum Race appeared first on Just Security.

https://www.justsecurity.org/116473/security-stakes-global-quantum-race/?utm_source=rss&utm_medium=rss&utm_campaign=security-stakes-global-quantum-race

https://www.justsecurity.org/?p=116473

just_security_feed

Posted by Morgan Peirce

https://www.justsecurity.org/116896/what-it-takes-stop-next-salt-typhoon/?utm_source=rss&utm_medium=rss&utm_campaign=what-it-takes-stop-next-salt-typhoon

https://www.justsecurity.org/?p=116896

Nearly a year after U.S. agencies identified one of the most severe cyber breaches of U.S. telecommunications companies, domestic cybersecurity is weaker, not stronger. In September 2024, media reports confirmed that Salt Typhoon, a People’s Republic of China (PRC) state-backed cyber group, infiltrated nine major telecommunications providers, compromising data from thousands of users, including U.S. President Donald Trump, Vice President JD Vance, and associates of former Vice President Kamala Harris.

To date, there is no indication that the intrusion has been fully mitigated. Worse, Homeland Security Secretary Kristi Noem recently testified that the administration “still [does not] necessarily know how to stop the next Salt Typhoon.” As Washington dithers, Beijing is wasting no time probing weaknesses in U.S. critical infrastructure. The Trump administration urgently needs a comprehensive cyber defense strategy to raise the cost of intrusions by PRC-backed hackers.

Undermining U.S. Cyber Defenses

The Trump administration claims it is addressing the PRC cyber threat, even as it moves to implement policies that undermine cyber defenses. In January 2025, the Trump administration dismissed all members of the Cyber Safety Review Board (CSRB) before it completed its investigation into Salt Typhoon, hindering the government’s ability to address systemic cybersecurity vulnerabilities that led to the breaches. The CSRB previously consisted of multi-agency and multi-sectoral experts and was established by a 2021 executive order to investigate major cybersecurity incidents. As of July 2025, there is no indication the Trump administration has reconstituted the members of the CSRB. While the Federal Communications Commission announced in March that its new Council on National Security will launch an investigation into PRC-backed hackers, it will not consist of multi-agency or industry experts, and is not expected to release a public after-action report. Similarly, the FBI’s April 2025 announcement of a $10 million reward for information on individuals linked to Salt Typhoon is a welcome but insufficient step to ensure both the government and public understand the factors that led to the large-scale compromises in the telecommunications sector.

These institutional setbacks are now being compounded by proposed budget cuts that would further erode the federal government’s cyber defense capabilities. On May 30, the Trump administration proposed a 17 percent reduction in the Cybersecurity and Infrastructure Security Agency’s (CISA) budget, including nearly 30 percent of the agency’s positions. The White House claims these cuts will remove duplicative efforts and reduce CISA’s role in combating mis- and disinformation, which many Republicans perceive as “off mission.” However, the budget is proposing to cut substantially beyond these areas, jeopardizing core cybersecurity functions of the agency at the front lines of defending against PRC threat actors in civilian critical infrastructure. The FY26 budget request, for example, proposes a $177.4 million cut to CISA’s “Cyber Operations,” including its Threat Hunting team which provides technical support to local governments and critical infrastructure operators facing sophisticated state-backed cyber threats from China, Russia, and Iran. In 2024, the Chairman of the House Homeland Security Committee praised CISA’s Threat Hunting team for saving “millions of Americans” from a series of cyberattacks carried out by Volt Typhoon that sought to compromise critical infrastructure in the communications, energy, transportation systems, and water and wastewater systems sectors.

The proposed budget also reduces CISA’s cyber threat analytical programs that help the United States stay ahead of state-backed cyber groups as their tactics, techniques, and procedures (TTPs) evolve. This includes a $14 million cut to the Joint Cyber Defense Collaborative (JCDC), a hub for cyber threat intelligence and coordinating public-private cyber incident response. The JCDC has helped analyze and share information to identify PRC-backed hacking campaigns that impacted multiple state, local, and tribal territories. The JCDC also helps update the Known Exploited Vulnerabilities catalog, a national cyber vulnerabilities database, and contributes to cybersecurity advisories. Since 2017, CISA has published 23 alerts and advisories that dissect the TTPs of PRC-backed groups like Volt Typhoon and Salt Typhoon. This enables critical infrastructure providers to quickly identify malicious activity and patch vulnerabilities in their networks, even as the capabilities of sophisticated hacking groups change. Cuts to CISA’s threat hunting operations and cyber threat intelligence programs like JCDC will not streamline cybersecurity. Instead, they will dismantle the capabilities most essential to detecting, analyzing, and responding to the PRC’s most dangerous cyber threats.

In addition to budget cuts, several of the Trump administration’s executive orders roll back important cybersecurity measures. A June 6 executive order removed requirements for federal software vendors to submit proof that their products met secure development standards, and eliminated government mechanisms to verify those claims. Without these guardrails, the government will be more vulnerable to state-backed hackers who could exploit insecure software to steal sensitive information or sabotage critical systems at a time of their choosing.

Similarly, the administration’s March 19 executive order calling to review and revise key federal cybersecurity policies with the intent of empowering “state, local, and individual preparedness” risks harming U.S. cyber resilience. While empowering local authorities is important, this order fails to address the fundamental reasons why states and local governments struggle to implement strong cybersecurity: a lack of resources and qualified personnel. The executive order does not propose new federal grant programs or investments to close this gap. Delegating responsibility to under-resourced states without sufficient support will only deepen the disparity in cyber readiness across the country. It will also undermine comprehensive federal responses to national threats like Salt Typhoon that cross state borders.

These decisions undermine essential cyber defenses at a time when critical infrastructure is increasingly vulnerable. Many U.S. critical infrastructure providers struggle to implement basic cyber defense measures due to outdated IT systems, resource constraints, supply chain issues, and a shortage of cybersecurity professionals. Similarly, state and local governments lack the funds, technical expertise, and operational capacity to address sophisticated state-backed cyber threats on their own. The administration’s cuts to federal cyber defense capabilities risk exacerbating these problems as the PRC cyber threat grows.

Building an Integrated Cyber Defense Strategy

To correct course, the administration must adopt an integrated defense strategy, just as the military uses integrated air and missile defenses. This approach should rest on four pillars:

First, the Trump administration should support congressional efforts to set baseline cybersecurity measures across critical infrastructure sectors. The United States lacks a national law mandating minimum cybersecurity defenses for critical infrastructure, as Congress prefers to leave such regulation to the states. On a national level, there is only the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which mandates cyber incident reporting requirements, and voluntary guidelines such as the NIST Cybersecurity Framework.

This decentralized system has led to uneven cybersecurity readiness across critical infrastructure sectors. While the finance sector has stronger federal cybersecurity requirements, the only federal law addressing the water systems sector is a 2018 Act requiring providers to submit cybersecurity plans, rather than mandate specific cybersecurity measures. Unsurprisingly, a 2024 Environmental Protection Agency assessment found nearly 100 drinking water systems had critical or high-risk cybersecurity vulnerabilities. The PRC is actively exploiting these weaknesses for the purpose of future sabotage, underscored by a March 2025 breach by Volt Typhoon of Littleton Electric Light and Water Department in Massachusetts.

Mandating basic cybersecurity practices like multi-factor authentication (MFA), prompt vulnerability patching, and network segmentation could have significantly blunted Salt Typhoon’s 2024 intrusions. MFA would have blocked PRC access to high-level management accounts, while applying software patches would have forced the PRC hackers to develop new malware. Network segmentation would have restricted lateral movement within the telecommunications systems, limiting the attack’s scope.

Second, the Trump administration can strengthen U.S. cybersecurity by improving federal coordination. Experts note the United States lacks a unified federal operational strategy to respond to cybersecurity incidents in critical infrastructure. While CISA created the JCDC to improve interagency coordination through collaboration, it lacks clear powers to direct interagency response efforts. And while Congress created the Office of the National Cyber Director (ONCD) in the White House in 2021 to improve interagency coordination for cyber incident response, it lacks the operational capacity to respond to threats. As a result, the deployment of federal cyber defense capabilities remains “split between national labs, private industry, and federal entities,” according to congressional testimony by a chief power grid scientist. To address federal coordination challenges, the Trump administration should work with Congress to bolster CISA’s incident response authorities or direct ONCD to reduce overlapping mandates among federal agencies.

Third, the Trump administration should bolster public-private partnerships to move beyond information sharing to focus on operational collaboration in response to cyber threats. While CISA’s Threat Hunt teams and JCDC have improved public-private operational collaboration and have successfully eradicated numerous PRC-backed intrusions, these efforts have not matched the unrelenting tempo of the PRC’s cyber campaigns. More can be done to scale up public-private operational planning, intelligence sharing, capacity-building training, and the deployment of federal incident response resources. The 2023 National Cybersecurity Strategy and its Implementation Plan highlighted public-private operational collaboration as a national priority, tasking ONCD with identifying policies that support it. As the Trump administration fills leadership roles at ONCD, it should ensure this objective remains a central focus.

Finally, one of the most effective steps the Trump administration can take for U.S. cyber defenses is to apply the same principles used in national air and missile defense to cyberspace: assume attackers will get through the first line of defense and focus on mitigating damage. This is the concept behind Zero-Trust Architecture (ZTA)—a cybersecurity framework that verifies every user and device trying to access sensitive information, rather than trusting them just because they are inside the network. On top of a firewall, which defends the perimeter of the network, the framework calls for encryption of traffic, network sensors, as well as data segmentation. While a Biden administration executive order required agencies to adopt ZTA by September 2024, several have not yet completed adoption. Meanwhile, the Defense Department is expected to have implemented about 60 percent of ZTA requirements by 2027. The Trump administration should accelerate efforts to adopt ZTA across the federal government.

Rather than dismantling U.S. cyber defenses, the Trump administration must pursue a robust, forward-looking strategy to counter increasingly sophisticated threats like Salt Typhoon. Failing to do so will leave the United States vulnerable, ceding strategic ground to countries like China that are actively exploiting weaknesses in critical infrastructure.

The post What It Takes to Stop the Next Salt Typhoon appeared first on Just Security.

https://www.justsecurity.org/116896/what-it-takes-stop-next-salt-typhoon/?utm_source=rss&utm_medium=rss&utm_campaign=what-it-takes-stop-next-salt-typhoon

https://www.justsecurity.org/?p=116896

just_security_feed

Posted by Weronika Galka

https://www.justsecurity.org/117061/early-edition-july-15-2025/?utm_source=rss&utm_medium=rss&utm_campaign=early-edition-july-15-2025

https://www.justsecurity.org/?p=117061

Signup to receive the Early Edition in your inbox here.

A curated weekday guide to major news and developments over the past 24 hours. Here’s today’s news:

RUSSIA-UKRAINE WAR — U.S. AND INTERNATIONAL RESPONSE

President Trump yesterday announced the United States would dramatically increase weapons supplies to Ukraine and impose 100% tariffs on Russia and countries that buy Russian oil if Moscow does not agree to a ceasefire in the next 50 days. A source said that under the plan, the United States will sell around $10 billion in weapons to NATO allies in the first wave, who will then send the weapons on to Ukraine. Speaking to BBC News, Trump also said that he is “disappointed but not done” with Russian President Vladimir Putin. Dave Lawler and Barak Ravid report for Axios; Kevin Liptak reports for CNN; Gary O’Donoghue reports.

In a social media post, Ukrainian President Volodymyr Zelenskyy yesterday said that he is “grateful to our team and to the United States, Germany, and Norway for preparing a new decision on Patriots for Ukraine” and added that Kyiv is “working on major defense agreements with America.” Kevin Liptak reports for CNN.

Many details of Trump’s plan to send weapons to Ukraine by selling them to NATO countries are still being worked out, according to Pentagon officials. Michael Crowley, Eric Schmitt, and Julian E. Barnes report for the New York Times.

RUSSIA-UKRAINE WAR

Zelenskyy yesterday announced the start of a major cabinet reshuffle, nominating current Deputy Prime Minister and Minister of Economic Development Yuliia Svyrydenko to lead the Ukrainian government and tapping the current Prime Minister, Denys Shmyhal, as the new defense minister. Veronika Melkozerova reports for POLITICO.

Moscow stock markets rose following Trump’s announcement of U.S. measures against Russia, in what the analysts say may be a sign that investors were expecting Trump to pledge even harsher measures. Will Vernon reports for BBC News.

ISRAEL-HAMAS WAR

The Israeli defense ministry’s proposal to force hundreds of thousands of Palestinians into a contained area in Gaza’s devastated south is threatening to derail ceasefire negotiations, a senior Hamas member said, stating that the proposal “resembles a ghetto” and is a “deliberately obstructive demand.” Former Israeli Prime Minister Ehud Olmert previously described the planned “humanitarian city” as amounting to a “concentration camp.” Israeli legal experts warn the plan would violate international law, and could amount to war crimes or the crime of genocide. Patrick Kingsley and Aaron Boxerman report for the New York Times; Eugenia Yosef and Oren Liebermann report for CNN; Emma Graham-Harrison reports for the Guardian.

Israeli strikes overnight into yesterday killed at least 31 people in Gaza, according to local hospitals. The Israeli military said that three Israeli soldiers were killed in northern Gaza. Separately, U.N. agencies reiterated their joint warning that without more fuel supplies, healthcare, food, and sanitation provision in Gaza would soon shut down. Wafaa Shurafa, Fatma Khaled, and Sally Abou Aljoud report for AP News.

One of Israel’s ultra-Orthodox parties has announced it is quitting Prime Minister Benjamin Netanyahu’s ruling coalition over a dispute concerning conscription exemptions. The move would leave Netanyahu with a razor-thin majority of 61 seats in the 120-seat Knesset. Steven Scheer reports for Reuters.

ISRAEL-HAMAS WAR — AID SUPPLY CRISIS

The flow of aid into Gaza has not increased despite last week’s agreement between Israel and the EU, Egypt’s foreign minister said yesterday. The EU’s High Representative for Foreign Affairs and Security Policy Kaja Kallas yesterday said that while there have been some good signs of more trucks and supplies entering Gaza, the bloc needs to see more improvement on the ground. Reuters reports; Reuters reports.

OTHER GLOBAL DEVELOPMENTS

Sectarian violence between Syria’s Bedouin groups and militias from the Druse religious minority killed at least 50 people in its second day, according to a local health official and the Syrian Observatory for Human Rights monitoring group. The Israeli military also said it had hit tanks deployed to the southern Sweida area by the Syrian government because their presence in there “may pose a threat to the State of Israel.” According to the Syrian defense ministry, at least 18 members of Syria’s security forces were killed yesterday. Raja Abdulrahim and Reham Mourshed report for the New York Times; Reuters reports; Abbie Cheeseman, Suzan Haidamous, and Mohamad El Chamaa report for the Washington Post.

The Rapid Support Forces paramilitary has killed almost 300 people in attacks in Sudan’s North Kordofan state that began on Saturday, the Emergency Lawyers human rights group said in a statement yesterday. Reuters reports.

TECHNOLOGY DEVELOPMENTS

Chip-maker Nvidia yesterday announced that the U.S. government had approved the resumption of sales of AI chips to China, adding that the administration “has assured NVIDIA that [export] licenses will be granted.” Tripp Mickle reports for the New York Times.

The House of Representatives is expected to vote on a sweeping cryptocurrency market structure overhaul and legislation that would ban a central bank digital currency tomorrow, aides say, before taking up the Senate’s stablecoin legislation on Thursday. Jasper Goodman reports POLITICO.

China is set to introduce a government-run digital ID system today that will enable Beijing to see the real identity behind online accounts across a range of sites, centralizing disaggregated information previously held by Chinese internet companies. Katrina Northrop reports for the Washington Post.

Meta will spend hundreds of billions of dollars on building AI data centres in the United States, with the first multi-gigawatt data centre expected to come online in 2026, the social media giant’s founder Mark Zuckerberg has announced. Helen Sullivan reports for BBC News.

U.S. FOREIGN AFFAIRS

In its latest round of staff cuts, the State Department has trimmed personnel and consolidated offices that work on the U.S. response to Beijing’s aggression in the South China Sea and efforts in AI and quantum competition, officials say. Some of those fired were employees actively working on Secretary of State Marco Rubio’s policy engagements during his Asia trip last week, State officials added. Hannah Natanson, Ellen Nakashima, and Cate Cadell report for the Washington Post.

The European Union yesterday circulated the list of new retaliatory tariffs it plans to impose on U.S. goods in case no trade deal is reached by August 1, according to documents seen by the Wall Street Journal. The planned retaliatory tariffs would cover imports valued at roughly $84 billion last year. Separately, the EU’s Trade Commissioner Maros Sefcovic warned that Trump’s latest tariff threat risks upending trans-Atlantic trade. Kim Mackrael reports; Jeanna Smialek reports for the New York Times.

The United States has yet to respond to an offer Brazil made in trade talks in May, Brazil’s Vice President Geraldo Alckmin said yesterday. Reuters reports.

U.S. IMMIGRATION DEVELOPMENTS

ICE Acting Director Todd Lyons told agents that immigrants who arrived in the United States illegally are no longer eligible for a bond hearing as they fight deportation proceedings in court, according to a July memo reviewed by the Washington Post. Proceedings challenging deportation proceedings can take months or years. Maria Sacchetti and Carol D. Leonnig report.

The Trump administration on Friday dismissed 15 immigration judges, adding to the growing list of immigration court personnel let go amid a drive to speed up the immigration crackdown, according to sources and a union that represents immigration judges. Ximena Bustillo reports for NPR.

A magistrate judge in Louisiana yesterday ordered the release of Pouria Pourhosseinhendabad, an Iranian doctoral student arrested following the U.S. bombing of Iranian nuclear facilities last month. The judge also barred officials from trying to deport him, finding that the student had established “a grave risk” of irreparable harm. Chris Cameron reports for the New York Times.

U.S. DOMESTIC DEVELOPMENTS

The Senate yesterday voted 46-42 to confirm Whitney Hermandorfer of Tennessee to a seat on the Cincinnati-based U.S. Court of Appeals, the first Senate confirmation of a federal judge in Trump’s second term. Hermandorfer’s background drew criticism from Democrats, with the ranking Democrat on the Judiciary Committee, Sen. Dick Durbin (IL), suggesting she has a “shocking” lack of experience for such a powerful post and noting that she had ducked questions on whether Trump lost the 2020 election. Carl Hulse reports for the New York Times.

A panel of federal judges yesterday announced they had declined to permanently appoint interim U.S. Attorney John Sarcone to a permanent position, without providing reasons for its decision. Sarcone, appointed by Attorney General Pam Bondi on an interim basis in March, last week told a news outlet that he was being reappointed. Brendan J. Lyons reports for the Times Union.

More than 75 former federal and state judges today called on the Senate Judiciary Committee to reject the nomination of Principal Associate Deputy Attorney General Emil Bove to an appeals court judgeship, citing Bove’s “egregious record of mistreating law enforcement officers, abusing power, and disregarding the law.” Piper Hudspeth Blackburn and Jamie Gangel report for CNN.

Former Gov. Andrew Cuomo yesterday announced he has decided to run in the general election as an independent for New York City Mayor, following his loss to State Assemblyman Zohran Mamdani in the Democratic primary. Jeffery C. Mays and Emma G. Fitzsimmons report for the New York Times.

TRUMP ADMINISTRATION ACTIONS

The Defense Department yesterday announced it would start using xAI’s chatbot Grok under a “Grok for Government” program that allows agencies and federal offices to adopt the chatbot for their specific uses. Apart from xAI, DOD also said it awarded contracts to Anthropic, Google, and OpenAI, with each contract subject to a $200 million ceiling. Grok came under scrutiny last week after numerous antisemitic posts on X, including a post calling itself “MechaHitler.” Faiz Siddiqui reports for the Washington Post; Sareen Habeshian reports for Axios; Lisa Hagen, Huo Jingnan, and Audrey Nguyen report for NPR.

The Defense Department Inspector General’s Office and the Air Force Office of Special Investigations (OSI) are both investigating Ricky Buria, Defense Secretary Pete Hegseth’s senior aide, sources say. The separate investigations are examining Buria’s involvement in bypassing the agency’s security protocols to set up Signal for Hegseth and the potential leaking of information, the sources add. The OSI is also investigating whether Hegseth’s personal attorney and top adviser, Tim Parlatore, attended meetings beyond his clearance level. Daniel Lippman and Jack Detsch report for POLITICO.

The Pentagon yesterday abruptly cancelled its participation in the Aspen Security Forum, a national security and foreign policy conference in Colorado. A Pentagon spokesperson said senior DOD representatives “will no longer be participating in an event that promotes the evil of globalism, disdain for our great country and hatred for the president of the United States.” Eric Schmitt reports for the New York Times.

NASA yesterday announced it aborted plans to house authoritative, peer-reviewed national climate assessments on its websites following their removal from official government websites, stating that it has no legal obligation to host the data. Seth Borenstein reports for AP News.

The Veterans Affairs Department has reported spurious savings to DOGE, claiming credit for canceling contracts that had expired or that had not actually been canceled, according to the New York Times’ review of DOGE’s Wall of Receipts. DOGE then further amplified the alleged value of savings at the agency, the review adds. David A. Fahrenthold, Nicholas Nehamas, and Jeremy Singer-Vine report for the New York Times.

In a May meeting, a DOGE representative told Nuclear Regulatory Commission leaders that the agency will be expected to “rubber stamp” new nuclear reactors approved by the Departments of Energy or Defense, sources say. Francisco “A.J.” Camacho and Peter Behr report for POLITICO.

TRUMP ADMINISTRATION LITIGATION

The Supreme Court yesterday lifted a lower court injunction prohibiting the Trump administration from proceeding with mass firings at the Education Department while proceedings challenging the move’s legality continue. The majority’s brief, unsigned order offered no reasons for the decision. Justice Sonia Sotomayor, joined by Justices Elena Kagan and Ketanji Brown Jackson, dissented, holding that “when the Executive publicly announces its intent to break the law … it is the Judiciary’s duty to check that lawlessness, not expedite it.” Within two hours of the decision being handed down, the Education Department sent notices to employees indicating it was immediately resuming its plans to shrink the department. Josh Gerstein, Juan Perez Jr, and Rebecca Carballo report for POLITICO; Devan Cole, John Fritze, and Sunlen Serfaty report for CNN.

A federal appeals court yesterday issued an administrative order staying the Trump administration’s attempt to terminate deportation protections for thousands of Afghans living in the United States until July 21 while proceedings challenging the move continue. Chris Cameron reports for the New York Times.

A coalition of 24 states and the District of Columbia yesterday filed a lawsuit against the Trump administration’s decision to freeze more than $6 billion in federal education grants for K-12 schools and adult education. Sequoia Carrillo reports for NPR.

Did you miss this? Stay up-to-date with our Litigation Tracker: Legal Challenges to Trump Administration Actions