Governance, Legislation, and Geostrategies

Leveraging International Standards to Protect U.S. Consumers Online, No Congress Required

(Anna Lenhart – Just Security – 9 April 2025) For decades, the U.S. Congress has been unable to pass comprehensive online platform regulation. While Congress has stalled, the European Union (EU) and U.S. states have charged ahead. The EU has enacted comprehensive regulatory frameworks such as the Artificial Intelligence Act (AIA), the Digital Services Act (DSA), and the Digital Markets Act (DMA), and U.S. states have introduced issue-specific regulations. The EU2States pathway proposed here leverages international standards (loosely defined as a document or technical protocol written and maintained by a multistakeholder organization), the EU’s market size and propensity to center fundamental rights, and the global nature of the internet to protect consumers in the U.S. The path begins with provisions of Europe’s laws well suited for standardization informing the work of international standards organizations, and ends with U.S. state laws and regulations referencing those international standards. The specifics for each standard (risk assessments, ad libraries, transparency reporting, photo sharing portability APIs, researcher APIs, etc.) will vary. They will also face a range of challenges, but close monitoring, engagement and encouragement from civil society, academics, and funders could lead to thoughtful platform regulation in the United States. Specifically, the EU2States pathway offers ways for U.S. states to move beyond today’s narrow regulations, which are often centered on child safety protection, non-consensual sexual imagery, and political deepfakes. State-level efforts to implement comprehensive mandates are constrained by the absence of well-resourced agencies to regulate the technology sector. States lack capacities to continually conduct audits, review risk assessments, and update requirements and guidance as technology changes—and as they try, their processes will continue to be overrun with companies, as civil society and consumer advocates do not have the capacity to contribute to 50-plus  separate stakeholder engagement processes. However, U.S. states can delegate the maintenance of requirements to international standards bodies, which are continuously evolving to align with Europe’s broader regulations and human rights considerations. – https://www.justsecurity.org/110127/international-standards-consumers-online/

As spyware market continues to expand, diplomatic Pall Mall Process hits a pivot point

(Alexander Martin – The Record – 9 April 2025) A year on from its launch and days after the Pall Mall Process held its second diplomatic conference, this time in Paris, participants are concerned that the initiative may struggle to surmount the next hurdle facing the effort to reform the spyware and commercial hacking market: getting buy-in from the market itself. That market for what are formally called commercial cyber intrusion capabilities (CCICs) is growing, as the conference organizers announced earlier this year. Those participating in the Pall Mall Process say that left unaddressed, this growth will produce more abuses of the technology targeting “journalists, human rights activists, political dissidents and opponents and foreign government officials,” as British intelligence warned in 2023. – https://therecord.media/pall-mall-process-commercial-spyware-hacking-paris-diplomacy

Data privacy regulators lobby lawmakers to not draft federal legislation preempting state laws

(Suzanne Smalley – The Record – 9 April 2025) Two powerful state regulators are pushing a congressional working group crafting data privacy legislation to not draft a bill that would override existing state regulations. The working group, which includes only Republican members of the House Energy and Commerce Committee, has been soliciting input from “stakeholders” since February on how to shape federal data privacy legislation. Previous efforts to enact federal data privacy legislation have failed in large part due to arguments about “preemption,” which would allow a federal bill to wipe out regulations in the nearly 20 existing state data privacy laws. Some of those existing laws are tough on industry — likely more so than federal legislation would end up being, particularly in this Republican-controlled Congress. – https://therecord.media/data-privacy-law-state-lobby-congress

Australia’s cyber strategy needs a vulnerability disclosure upgrade

(Adam Dobell, Ilona Cohen – The Strategist – 9 April 2025) Australia is in a race against time. Cyber adversaries are exploiting vulnerabilities faster than we can identify and patch them. Both national security and economic considerations demand policy action. According to IBM’s Data Breach Report, the average cost of a data breach in Australia reached a record $4.26 million in 2024. By contrast, identifying vulnerabilities through ethical hackers costs on average $1670, according to HackerOne’s annual security report. The equation is simple: preventing breaches through the disclosure of vulnerabilities is far cheaper than dealing with the fallout of a successful attack. – https://www.aspistrategist.org.au/australias-cyber-strategy-needs-a-vulnerability-disclosure-upgrade/

The cloud needs water: How big tech’s data centers are fueling the global water crisis

(Interesting Engineering – 9 April 2025) Amazon, Microsoft, and Google’s push to create data centers in some of the world’s driest areas threatens to deepen a looming water crisis. An investigation by SourceMaterial and The Guardian found that tech giants are using vast amounts of water to run data centers—often in water-scarce regions—and are rapidly expanding in these vulnerable areas. Backed by political support, including from US President Donald Trump, the tech giants are forging ahead with plans to build hundreds of data centers across North and South America, Europe, Asia, Africa, and Australia. – https://interestingengineering.com/innovation/data-centres-fuel-water-crisis

Security

Operation Endgame follow-up leads to five detentions and interrogations as well as server takedown

(Europol – 9 April 2025) Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025. In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar’, faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks’. Superstar used his botnet to run a pay-per-install service, enabling customers to gain access to victims’ machines. Customers used the service to deploy malware for their own criminal activities. Investigations revealed that botnet access was purchased for a range of purposes, including keylogging, webcam access, ransomware deployment, cryptomining and more. Law enforcement tracked down the customers as they were registered in a database seized during Operation Endgame. – https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-follow-leads-to-five-detentions-and-interrogations-well-server-takedowns

Industrial tech manufacturer Sensata says ransomware attack is impacting production

(Jonathan Greig – The Record – 9 April 2025) A ransomware attack on Massachusetts-based manufacturer Sensata Technologies last weekend has seriously disrupted the company’s systems. The company, which has sites in about a dozen countries, notified the U.S. Securities and Exchange Commission (SEC) of the incident on Wednesday, warning investors that the ransomware attack forced officials to take its network offline. The incident began on Sunday and prompted the company to contact law enforcement. – https://therecord.media/sensata-technologies-ransomware-attack

Defense, Intelligence, and Warfare

China unleashes world’s first 16-barrel gun to rain hellfire on enemy missiles, drones

(Interesting Engineering – 9 April 2025) To improve its anti-drone warfare and neutralize low-flying rockets, missiles, and helicopters, China has developed a new weapon system that equips a 16-barrel gun. According to China’s state-run Global Times, the first-of-its-kind weapon system can also effectively counter drone swarms. This new air defense system is known as the anti-drone swarm and anti-missile barrage weapon system. – https://interestingengineering.com/military/worlds-first-16-barrel-gun-kill-drones

Frontiers

UMD Establishes Maryland Institute for Quantum Applications to Advance Defense and Intelligence Technologies

(Quantum Insider – 9 April 2025) The University of Maryland has launched the Maryland Institute for Quantum Applications under ARLIS to develop quantum computing, networking, and sensing tools for national defense and intelligence operations. MIQA builds on ARLIS’s applied research capabilities and nearly $25 million in recent quantum-related funding, aligning with Maryland’s broader “Capital of Quantum” initiative to attract $1 billion in investment. The institute intends to strengthen the national security workforce through programs like the Research for Intelligence & Security Challenges internship, which connects students to real-world government problems. Located in UMD’s Discovery District, MIQA will collaborate with nearby research entities and continue ARLIS’s role in evaluating commercial quantum technologies for government integration. – https://thequantuminsider.com/2025/04/09/umd-establishes-maryland-institute-for-quantum-applications-to-advance-defense-and-intelligence-technologies/

Google, NVIDIA enable Agentic AI to fix IT issues and detect enterprise threats

(Interesting Engineering – 9 April 2025) Google Cloud and NVIDIA have announced a significant collaboration that aims to reshape how enterprises deploy and scale artificial intelligence. The companies unveiled plans to bring agentic AI capabilities to highly regulated industries by allowing enterprises to run Google’s Gemini language models locally on NVIDIA-powered infrastructure. The announcement, made at Google Cloud Next 2025, centers on enabling enterprises to securely deploy AI models on-premises using Google Distributed Cloud and NVIDIA’s latest Blackwell architecture. – https://interestingengineering.com/innovation/nvidia-google-enable-agentic-ai-for-enterprises

Samsung and Google team up to bring AI-powered Ballie robot into your living room

(Interesting Engineering – 9 April 2025) Samsung Electronics is teaming up with Google to launch Ballie, a charming robotic ball butler created by the South Korean tech giant that can even project videos onto walls. Bright yellow and powered by a pair of streamlined wheels, Ballie (pronounced “Ball-E”) comes with a bank of sensors and other devices that undeniably make it a valuable asset to any tech enthusiast. Since its first unveiling in 2020, Ballie has been billed as a domestic helper robot “to help users intelligently navigate their lives.” However, the South Korean tech giant has said that the robot is a “completely new Ballie”, with one of the most significant upgrades being the collaboration with Google Cloud. – https://interestingengineering.com/innovation/samsung-taps-ai-for-ballie-robot

South Korean Researchers Use Crystal Trick to Control Quantum Light

(Quantum Insider – 9 April 2025) South Korean researchers have demonstrated a method to control polaritons using ferroelectricity in a perovskite crystal, offering a new approach to scalable quantum devices. The team modulated the Rabi oscillation frequency of polaritons by up to 20% and increased oscillator strength by 44% through phase-induced changes in the crystal structure. The study, published in Advanced Science and supported by the Samsung Science and Technology Foundation, shows potential for room-temperature quantum technologies without complex external equipment. – https://thequantuminsider.com/2025/04/09/south-korean-researchers-use-crystal-trick-to-control-quantum-light/