Get in touch

Tag: usa

  • Congress keeps kicking surveillance reform down the road

    Gaby Del Valle

    Read original article →

    Concatena says

    Our Take: Congress has kicked the FISA 702 can down the road. Whilst this legal back and forth might feel far away, the way the US sets its surveillance rules has real knock-on effects for UK/EU businesses relying on US cloud and SaaS tools, and for anyone worrying about international data transfers. This is one to watch closely in case future “reforms” either harden surveillance or, more optimistically, edge towards better privacy safeguards that could ease some cross-border risk.

    Your Takeaway: If your business leans on US tech stacks, keep in mind that ongoing FISA 702 wrangling could shift the risk profile of your international data flows overnight. Treat this as a reminder to map which services touch US infrastructure, keep your transfer impact assessments fresh, and be ready to explain to customers and boards why a very American-sounding fight in Congress still matters for their data.

    Congress extended Section 702 of the Foreign Intelligence Surveillance Act for 45 days to allow more time for reform talks. The House passed a version with minor changes but no warrant requirements, causing frustration among some lawmakers. Privacy advocates say the bill does not do enough to protect Americans’ rights.

    Highlights

    “Three weeks is more than enough time to negotiate a reform bill,” Thune said on the Senate floor on Thursday. “That is, if members are serious about negotiating.”

    The House renewed Section 702 with minor reforms on Wednesday evening. The bill didn’t include the hotly debated warrant requirement, but it did feature a provision prohibiting the Federal Reserve from issuing Central Bank Digital Currencies, which Senate Majority Leader John Thune (R-SD) described as a nonstarter.

    Congress has reauthorized Section 702 of the Foreign Intelligence Surveillance Act — but only for another 45 days. The extension is meant to give legislators more time to negotiate reforms to the controversial wiretapping bill. If the past few weeks are any indication of how future debates will go, however, we’re in for a bumpy ride.

  • Utah’s New Law Targeting VPNs Goes Into Effect Next Week

    Rindala Alajaji

    Read original article →

    Concatena says

    Our Take: Internet regulation is hard, and if you don’t take a multi-step view, then you can end up playing whack-a-mole.

    Your Takeaway: If the tech you rely on could be outlawed, how can you plan?

    For the last couple of years, we’ve watched the same predictable cycle play out across the globe: a state (or country) passes a clunky age-verification mandate, and, without fail, Virtual Private Network (VPN) usage surges as residents scramble to maintain their privacy and anonymity. We’ve seen this everywhere—from states like Florida, Missouri, Texas, and Utah, to countries like the United Kingdom, Australia, and Indonesia. 
    Instead of realizing that mass surveillance and age gates aren’t exactly crowd favorites, Utah lawmakers have decided that VPNs themselves are the real issue.
    Next week, on May 6, 2026, Utah will become, to EFF’s knowledge, the first state in the nation to target the use of VPNs to avoid legally mandated age-verification gates. While advocates in states like Wisconsin successfully forced the removal of similar provisions due to constitutional and technical concerns, Utah is proceeding with a mandate that threatens to significantly undermine digital privacy rights. 
    What the Bill Does
    Formally known as the “Online Age Verification Amendments,” Senate Bill 73 (SB 73) was signed by Governor Spencer Cox on March 19, 2026. While the majority of the bill consists of provisions related to a 2% tax on revenues from online adult content that is set to take effect in October, one of the more immediate concerns for EFF is the section regulating VPN access, which goes into effect this coming Wednesday.
    The VPN Provisions
    The new law explicitly addresses VPN use in Section 14, which amends Section 78B-3-1002 of existing Utah statutes in two primary ways:

    Regulation based on physical location: Under the law, an individual is considered to be accessing a website from Utah if they are physically located there, regardless of whether they use a VPN, proxy server, or other means to disguise their geographic location.
    Ban on sharing VPN instructions: Commercial entities that host "a substantial portion of material harmful to minors" are now prohibited from fa…

    Highlights

    Next week, on May 6, 2026, Utah will become, to EFF’s knowledge, the first state in the nation to target the use of VPNs to avoid legally mandated age-verification gates. While advocates in states like Wisconsin successfully forced the removal of similar provisions due to constitutional and technical concerns, Utah is proceeding with a mandate that threatens to significantly undermine digital privacy rights.

    For the last couple of years, we’ve watched the same predictable cycle play out across the globe: a state (or country) passes a clunky age-verification mandate, and, without fail, Virtual Private Network (VPN) usage surges as residents scramble to maintain their privacy and anonymity. We’ve seen this everywhere—from states like Florida, Missouri, Texas, and Utah, to countries like the United Kingdom, Australia, and Indonesia.

    Instead of realizing that mass surveillance and age gates aren’t exactly crowd favorites, Utah lawmakers have decided that VPNs themselves are the real issue.

  • White House presses tech companies for support on AI-driven cyberattacks

    Aaron Mak, John Sakellariadis, Dana Nickel

    Read original article →

    Concatena says

    Our Take: Does the approach taken to law making by governments rely a little too much on input from those who perhaps ought to be restricted by the laws that are made? This is a pivotal moment: policymakers want operational help fast, but firms want clear bounds on data sharing, liability and commercial secrecy.

    Your Takeaway: If you work with or run tech/security businesses, be ready to engage but insist on narrow, well‑justified requests, explicit protections for sensitive operational details, and clarity on how shared information will be used and protected; consider tightening disclosure policies and seeking confidentiality or legal safeguards before responding.

    Tech and cyber companies were sent questions about artificial intelligence-led cybersecurity threats, including those posed by Anthropic’s advanced AI model, Mythos.

    Highlights

    The White House has been taking steps to defuse a monthslong legal battle with Anthropic over the company’s efforts to set ethical limits on government use of AI — a fight that led President Donald Trump in February to ban all federal agencies from using the AI company’s software. Since then, growing awareness of Mythos’ cyber prowess — as well as concerns that unauthorized users might be commandeering technology — has agencies clamoring for access to the tool.

    One list of questions sent by the White House to some tech and cyber firms, obtained by POLITICO, covers a range of technical and policy considerations, including which widely used coding projects should be prioritized and more basic questions about how the public and private sectors can work together on initiatives such as Project Glasswing. One question simply asks: “What is the most effective role for the government?”

    The request for additional, detailed information from these companies reflects the intensifying focus in Washington on the evolving threat that hyper-advanced AI tools may pose to national security and digital infrastructure.

    The questions, from the White House’s Office of the National Cyber Director, focus on how specific sectors in the tech and cybersecurity industries can work with the White House to boost their defenses with AI, these people said. Companies have been asked to respond to them by Friday.

    The White House has asked a group of tech companies to answer a set of questions this week about how to ward off digital attacks that frontier AI tools could soon enable, according to four people with knowledge of discussions between the administration and the tech sector.