Montana has enacted SB 282, becoming the first state to prohibit law enforcement from purchasing personal data they would otherwise need a warrant to obtain. The landmark legislation closes what privacy advocates call the "data broker loophole," which previously allowed police to buy geolocation data, electronic communications, and other sensitive information from third-party vendors without judicial oversight.

The new law specifically restricts government access to precise geolocation data, communications content, electronic funds transfers, and "sensitive data" including health status, religious affiliation, and biometric information. Police can still access this information through traditional means: warrants, investigative subpoenas, or device owner consent.

The FBI has issued a warning that cybercriminals have started using AI-generated voice deepfakes in phishing attacks impersonating senior U.S. officials. These attacks, involving smishing and vishing tactics, aim to compromise personal accounts and contacts for further social engineering and financial fraud. BleepingComputer reports: "Since April 2025, malicious actors have impersonated senior U.S. officials to target individuals, many of whom are current or former senior U.S. federal or state government officials and their contacts. If you receive a message claiming to be from a senior U.S. official, do not assume it is authentic," the FBI warned. "The malicious actors have sent text messages and AI-generated voice messages -- techniques known as smishing and vishing, respectively -- that claim to come from a senior U.S. official in an effort to establish rapport before gaining access to personal accounts."

The attackers can gain access to the accounts of U.S. officials by sending malicious links disguised as links designed to move the discussion to another messaging platform. By compromising their accounts, the threat actors can gain access to other government officials' contact information. Next, they can use social engineering to impersonate the compromised U.S. officials to steal further sensitive information and trick targeted contacts into transferring funds. Today's PSA follows a March 2021 FBI Private Industry Notification (PIN) [PDF] warning that deepfakes (including AI-generated or manipulated audio, text, images, or video) would likely be widely employed in "cyber and foreign influence operations" after becoming increasingly sophisticated.

Cryptocurrency exchange Coinbase said Thursday it is offering a $20 million reward for information leading to the arrest and conviction of criminals who attempted to extort the company for the same amount after stealing customer data.

The criminals bribed customer support agents in overseas markets to access records containing addresses, phone numbers, government IDs, and partial bank and Social Security details of more than 80,000 customers. "It sucks but when we see a problem like this we want to own it and make it right," Coinbase Chief Security Officer Philip Martin told Fortune.

The company will reimburse customers who fell victim to subsequent social engineering scams. No login credentials or wallet access were compromised in the breach. The extortionists had threatened to publish the stolen information unless paid $20 million in Bitcoin.

Apple's smartphone shipments in China plunged nearly 50% year-over-year in March 2025, as domestic brands like Huawei and Vivo surged ahead -- now controlling 92% of the market. MacRumors reports: The steep decline saw shipments fall to just 1.89 million units, down from 3.75 million during the same period last year. That shrinks Apple's share of the Chinese market to approximately 8%, while domestic brands now control 92% of smartphone shipments. For the entire first quarter, non-Chinese brand shipments declined over 25%, while total smartphone shipments in China actually increased by 3.3%.

Apple's struggles come as domestic competitors have gained ground. Counterpoint Research reports Huawei now leads with a 19.4% share, followed by Vivo (17%), Xiaomi (16.6%), and Oppo (14.6%). Apple has slipped to fifth place with 14.1%. Several factors are driving Apple's declining fortunes. The company faces competition from rejuvenated local brands like Huawei, which has rebounded with proprietary chips and its HarmonyOS Next software. Chinese government policies appear to be playing a role too. Under government subsidies, consumers of electronics get a 15% refund of products that are priced under 6,000 yuan ($820). Apple's standard iPhone 16 starts at 5,999 yuan.

Qatar is gifting Trump a $400 million luxury 747 to serve as a temporary Air Force One, but experts warn that retrofitting it to meet presidential security standards could take years, cost hundreds of millions more, and risk national security due to potential embedded surveillance. The Register's Iain Thomson reports: The current VC-25s aren't just repainted 747s. They're a pair of flying fortresses that must be capable of allowing the president to run the country, survive wartime conditions (even nuclear), and be totally secure from outside influence or intrusion. While the precise details of the current airframe are a tightly guarded secret, some details are included on government fact sheets or have been revealed in various media reports. For a start, it must have an in-flight refueling capability so the president can go anywhere in the world and stay up as long as needed. Retrofitting this to an existing 747 would be very expensive, as the feds would need to strengthen portions of the hull to handle the refueling system and reconfigure the fuel tanks to handle trim issues.

Then there's the hull, which is known to be armored, and the windows are also thicker than you'd find on a normal flight. The government would also need to build in weapons systems like the chaff rockets used against radar-guided missiles, flares against heat seekers, and AN/ALQ-204 Matador Infrared Countermeasure systems, or similar to try and confuse incoming missiles. Next up, the engines and electrical systems would have to be replaced. The electronics in the current VC-25s are hardened as much as possible against an electromagnetic pulse that would be generated by a nuclear detonation. There are also claims that the aircraft have extra shielding in the engines to help against missile fragments should a physical attack happen.

Next up are communications. Air Force One has air-to-ground, air-to-air, and satellite comms systems that are thought to be the equal of what's in the White House. There are at least two separate internal phone systems - one open and the other highly secure - that would need to be installed and checked as well. Then there are incidentals. Contrary to what films will tell you, there is no escape capsule on the current Air Force One, nor a rear parachute ramp, but there is a medical suite with emergency equipment and space for a physician which would already need to be installed, as well as a secured cargo area designed to prevent tampering or unauthorized access. As for the threat of embedded surveillance devices, Richard Aboulafia, managing director of aircraft consultancy AeroDynamic Advisory, said: "You'd have to take it apart piece by piece to stop a professional operator putting in lots of equipment to confuse things, like spare sensors and wiring."

"It wouldn't be in the air before 2030 at the earliest, long after he's left office and probably later than the existing planned replacements," said Aboulafia. "It makes no sense on any level, except that he wants a free 747 for himself. Nothing else makes any sense."

"What's sort of annoying about the whole thing is I'm not sure what's wrong with the current Air Force One," Aboulafia said. "Maybe if they gave it a gold makeover, he'd like it more."

According to Rest of the World, a major confrontation between Meta and the local authorities in Nigeria is currently taking place: "Local authorities have fined Meta $290 million for regulatory breaches, prompting the social media giant to threaten pulling Facebook and Instagram from the country." Techdirt reports: As with earlier EU fines imposed on the company, the sticking point is Meta's refusal to comply with local privacy laws [...]. The fine itself is small change for Meta, which had a net income of $62 billion on a turnover of $165 billion in 2024, and a market capitalization of $1.5 trillion. Meta's current revenues in Nigeria are relatively small, but its market shares are high: "According to social media performance tracker Napoleoncat, Meta has a massive presence in the country, with Facebook alone reaching about 51.2 million users as of May 2024, more than a fifth of the population. Instagram had 12.6 million Nigerian users as of November 2023, while WhatsApp had about 51 million users, making Nigeria the 10th largest market globally for the messaging app."

Since many Nigerians depend on Meta's platforms, the company might be hoping that there will be public pressure on the government not to impose the fine in order to avoid a shutdown of its services there. But it is hard to see Meta carrying out its threat to walk away from a country expected to be the third most populous nation in the world by 2050. In 2100, the population of Nigeria could reach 541 million according to current projections.

Over 400 prominent UK media and arts figures -- including Paul McCartney, Elton John, and Ian McKellen -- have urged the prime minister to support an amendment to the Data Bill that would require AI companies to disclose which copyrighted works they use for training. The Register reports: The UK government proposes to allow exceptions to copyright rules in the case of text and data mining needed for AI training, with an opt-out option for content producers. "Government amendments requiring an economic impact assessment and reports on the feasibility of an 'opt-out' copyright regime and transparency requirements do not meet the moment, but simply leave creators open to years of copyright theft," the letter says.

The group -- which also includes Kate Bush, Robbie Williams, Tom Stoppard, and Russell T Davies -- said the amendments tabled for the Lords debate would create a requirement for AI firms to tell copyright owners which individual works they have ingested. "Copyright law is not broken, but you can't enforce the law if you can't see the crime taking place. Transparency requirements would make the risk of infringement too great for AI firms to continue to break the law," the letter states. Baroness Kidron, who proposed the amendment, said: "How AI is developed and who it benefits are two of the most important questions of our time. The UK creative industries reflect our national stories, drive tourism, create wealth for the nation, and provide 2.4 million jobs across our four nations. They must not be sacrificed to the interests of a handful of US tech companies." Baroness Kidron added: "The UK is in a unique position to take its place as a global player in the international AI supply chain, but to grasp that opportunity requires the transparency provided for in my amendments, which are essential to create a vibrant licensing market."

The letter was also signed by a number of media organizations, including the Financial Times, the Daily Mail, and the National Union of Journalists.

Business Insider tells the story in three bullet points:

- Big Tech companies depend on content made by others to train their AI models.

- Some of those creators say using their work to train AI is copyright infringement.

- The U.S. Copyright Office just published a report that indicates it may agree.

The office released on Friday its latest in a series of reports exploring copyright laws and artificial intelligence. The report addresses whether the copyrighted content AI companies use to train their AI models qualifies under the fair use doctrine. AI companies are probably not going to like what they read...

AI execs argue they haven't violated copyright laws because the training falls under fair use. According to the U.S. Copyright Office's new report, however, it's not that simple. "Although it is not possible to prejudge the result in any particular case, precedent supports the following general observations," the office said. "Various uses of copyrighted works in AI training are likely to be transformative. The extent to which they are fair, however, will depend on what works were used, from what source, for what purpose, and with what controls on the outputs — all of which can affect the market."

The office made a distinction between AI models for research and commercial AI models. "When a model is deployed for purposes such as analysis or research — the types of uses that are critical to international competitiveness — the outputs are unlikely to substitute for expressive works used in training," the office said. "But making commercial use of vast troves of copyrighted works to produce expressive content that competes with them in existing markets, especially where this is accomplished through illegal access, goes beyond established fair use boundaries."
The report says outputs "substantially similar to copyrighted works in the dataset" are less likely to be considered transformative than when the purpose "is to deploy it for research, or in a closed system that constrains it to a non-substitutive task."

Business Insider adds that "A day after the office released the report, President Donald Trump fired its director, Shira Perlmutter, a spokesperson told Business Insider."

"A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver," reports The Hacker News: Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework. According to [SAP cybersecurity firm] Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations. Onapsis said it observed reconnaissance activity that involved "testing with specific payloads against this vulnerability" against its honeypots as far back as January 20, 2025. Successful compromises in deploying web shells were observed between March 14 and March 31.
"In recent days, multiple threat actors are said to have jumped aboard the exploitation bandwagon to opportunistically target vulnerable systems to deploy web shells and even mine cryptocurrency..."



Thanks to Slashdot reader bleedingobvious for sharing the news.

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years." As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Thanks to Slashdot reader gkelley for sharing the news.

An anonymous reader shared this repost from the Washington Post: It's becoming standard practice at a growing number of U.S. airports: When you reach the front of the security line, an agent asks you to step up to a machine that scans your face to check whether it matches the face on your identification card. Travelers have the right to opt out of the face scan and have the agent do a visual check instead — but many don't realize that's an option.

Sens. Jeff Merkley (D-Oregon) and John Neely Kennedy (R-Louisiana) think it should be the other way around. They plan to introduce a bipartisan bill that would make human ID checks the default, among other restrictions on how the Transportation Security Administration can use facial recognition technology. The Traveler Privacy Protection Act, shared with the Tech Brief on Wednesday ahead of its introduction, is a narrower version of a 2023 bill by the same name that would have banned the TSA's use of facial recognition altogether. This one would allow the agency to continue scanning travelers' faces, but only if they opt in, and would bar the technology's use for any purpose other than verifying people's identities. It would also require the agency to immediately delete the scans of general boarding passengers once the check is complete.

"Facial recognition is incredibly powerful, and it is being used as an instrument of oppression around the world to track dissidents whose opinion governments don't like," Merkley said in a phone interview Wednesday, citing China's use of the technology on the country's Uyghur minority. "It really creates a surveillance state," he went on. "That is a massive threat to freedom and privacy here in America, and I don't think we should trust any government with that power...."

[The TSA] began testing face scans as an option for people enrolled in "trusted traveler" programs, such as TSA PreCheck, in 2021. By 2022, the program quietly began rolling out to general boarding passengers. It is now active in at least 84 airports, according to the TSA's website, with plans to bring it to more than 400 airports in the coming years. The agency says the technology has proved more efficient and accurate than human identity checks. It assures the public that travelers' face scans are not stored or saved once a match has been made, except in limited tests to evaluate the technology's effectiveness.
The bill would also bar the TSA from providing worse treatment to passengers who refuse not to participate, according to FedScoop, and would also forbid the agency from using face-scanning technology to target people or conduct mass surveillance: "Folks don't want a national surveillance state, but that's exactly what the TSA's unchecked expansion of facial recognition technology is leading us to," Sen. Jeff Merkley, D-Ore., a co-sponsor of the bill and a longtime critic of the government's facial recognition program, said in a statement...

Earlier this year, the Department of Homeland Security inspector general initiated an audit of TSA's facial recognition program. Merkley had previously led a letter from a bipartisan group of senators calling for the watchdog to open an investigation into TSA's facial recognition plans, noting that the technology is not foolproof and effective alternatives were already in use.

joshuark shares a report from Axios: Bill Gates, once the richest man in the world, vowed to give away "virtually all" of his wealth through the Gates Foundation over the next two decades. Then, the foundation will close its doors on Dec. 31, 2045. [...] Gates wrote in a Thursday Gates Notes essay that the original plan was to sunset the foundation several decades after he and his then-wife died. Now, Gates believes that a "shorter timeline" is feasible.

Gates pledged three "key aspirations" to guide the foundation's funding over the next two decades, which center on promoting child and maternal health and fighting infectious diseases and poverty. He emphasized that progress is not possible without government cooperation, as the U.S. and other nations slash their foreign aid budgets. "The reality is, we will not eradicate polio without funding from the United States," Gates wrote. It's unclear whether the world's richest countries will continue to stand up for its poorest people," Gates wrote. He added, "But the one thing we can guarantee is that, in all of our work, the Gates Foundation will support efforts to help people and countries pull themselves out of poverty."

Mexico has filed a lawsuit against Google for changing the name of the Gulf of Mexico to "Gulf of America" for U.S. users on Google Maps, following a Republican-led House vote on Thursday to codify the name change. President Claudia Sheinbaum argues the U.S. only has authority to rename its portion of the continental shelf and warned of legal action unless Google reversed the change. The Guardian reports: "All we want is for the decree issued by the US government to be complied with," Sheinbaum said. "The US government only calls the portion of the US continental shelf the Gulf of America, not the entire gulf, because it wouldn't have the authority to name the entire gulf," she added. In response to Trump, Sheinbaum has cheekily suggested calling the United States "America Mexicana" -- Mexican America, pointing to a map dating back to before 1848, when one-third of her country was seized by the United States.

schwit1 shares a report from Behind The Black: Almost immediately after India's government issued this week new tightened regulations for allowing private satellite constellations to sell their services in India, it also apparently completed negotiations with SpaceX to allow it to sell Starlink in India based on these rules. Business Today reports: "According to sources, the DoT [Department of Transportation] granted the LoI [Letter of Intent] after Starlink accepted 29 strict security conditions, including requirements for real-time terminal tracking, mandatory local data processing, legal interception capabilities, and localisation of at least 20% of its ground segment infrastructure within the first few years of operation.

Starlink's nod came amid heightened national security sensitivities, coinciding with India's pre-dawn Operation Sindoor strikes on terror camps across the border in response to the Pahalgam massacre. However, DoT officials clarified that the decision to approve Starlink was independent of these military developments." At the moment SpaceX's chief competitors, OneWeb and Amazon's Kuiper constellation, have not yet obtained the same permissions. This allows SpaceX to grab a large portion of the market share in India before either of these other companies.

An anonymous reader quotes a report from CNN: The National Oceanic and Atmospheric Administration announced Thursday its well-known "billion-dollar weather and climate disasters" database "will be retired," a move that will make it next to impossible for the public to track the cost of extreme weather and climate events. The weather, climate and oceans agency is also ending other products, it has recently announced, due in large part to staffing reductions. NOAA is narrowing the array of services it provides, with climate-related programs scrutinized especially closely.

The disasters database, which will be archived but no longer updated beyond 2024, has allowed taxpayers, media and researchers to track the cost of natural disasters -- spanning extreme events from hurricanes to hailstorms -- since 1980. Its discontinuation is another Trump-administration blow to the public's view into how fossil fuel pollution is changing the world around them and making extreme weather more costly. [...]

The database vacuums loss information from throughout the insurance industry, among other public and private sources. According to the database, there were 403 weather and climate disasters totally at least $1 billion in the United States since 1980, totaling more than $2.945 trillion. As of April 8, there had not been any confirmed billion-dollar disasters so far in 2025, but it lists four events as having the potential to make the tally, including the Los Angeles-area wildfires in January. Between 1980 and 2024, there were nine such disasters on average each year, though in the past five years, that annual average has jumped to 24. The record for one year was 28 events in 2023. "What makes this resource uniquely valuable is not just its standardized methodology across decades, but the fact that it draws from proprietary and non-public data sources (such as reinsurance loss estimates, localized government reports, and private claims databases) that are otherwise inaccessible to most researchers," Jeremy Porter, head of climate implications for and co-founder of First Street, a climate risk financial modeling firm, told CNN via email.

"Without it, replicating or extending damage trend analyses, especially at regional scales or across hazard types, is nearly impossible without significant funding or institutional access to commercial catastrophe models."

After gaining attention from Neowin and DistroWatch last week, the sole maintainer behind AnduinOS 1.3 -- a Linux distribution styled to resemble Windows 11 -- decided to reveal himself. He turns out to be Anduin Xue, a Microsoft software engineer, who has been working on the project as a personal, non-commercial endeavor built on Ubuntu. Neowin reports: As a Software Engineer 2 at Microsoft (he doesn't work on Windows), Anduin Xue says he's financially stable and sees no need to commercialize AnduinOS. Explaining the financial aspects of the project, he said: "Many have asked why I don't accept donations, how I profit, and if I plan to commercialize AnduinOS. Truthfully, I haven't thoroughly considered these issues. It's not my main job, and I don't plan to rely on it for a living. Each month, I dedicate only a few hours to maintaining it. Perhaps in the future, I might consider providing enterprise solutions based on AnduinOS, but I won't compromise its original simplicity. It has always been about providing myself with a comfortably themed Ubuntu."

In our coverage of the AnduinOS 1.3 release last week, one commenter pointed out that the distro is from China. For some, this will raise issues, but Anduin Xue addressed this in his blog post, too, saying that the source code is available to the public. For this reason, he told lacing the operating system with backdoors for the Chinese government would be "irrational and easily exposed." For those worried that the distribution may be abandoned, Anduin Xue said that he intends to continue supporting it and may even maintain it full-time if sponsorship or corporate cooperation emerges.

Wikipedia is taking legal action against the UK's new Online Safety Act regulations it says could threaten the safety of its volunteer editors and their ability to keep harmful content off the site. From a report: The Wikimedia Foundation -- the non-profit which supports the online encyclopaedia -- is seeking a judicial review of rules which could mean Wikipedia is subjected to the toughest duties required of websites under the act.

Lead counsel Phil Bradley-Schmieg said it was "unfortunate that we must now defend the privacy and safety of Wikipedia's volunteer editors from flawed legislation." The government told the BBC it was committed to implementing the act but could not comment on ongoing legal proceedings. It's thought this is the first judicial review to be brought against the new online safety laws - albeit a narrow part of them - but experts say it may not be the last.

"The Online Safety Act is vast in scope and incredibly complex," Ben Packer, a partner at law firm Linklaters, told the BBC. The law would inevitably have impacts on UK citizens' freedom of expression and other human rights, so as more of it comes into force "we can expect that more challenges may be forthcoming," he told the BBC.

Switzerland will hold a national referendum on the introduction of electronic identity cards after opponents of the legislation secured enough signatures to force a public vote. The Federal Chancellery confirmed Wednesday that 55,344 valid signatures were submitted against the Federal Act on Electronic Identity passed last December.

The proposed e-ID would enable citizens to apply online for criminal record extracts, driving licenses, and age verification when purchasing alcohol. This marks the second referendum on e-ID implementation, after voters rejected a previous version in 2021. The government has revised its approach, making the new system free, optional, and fully state-operated rather than privately managed. If approved, the e-ID would come into force no earlier than 2026, though the collection effort suggests privacy concerns remain paramount for many Swiss voters.

An anonymous reader quotes a report from TechCrunch: The U.S. Federal Trade Commission (FTC) on Monday released new documentation detailing its new "Rule on Unfair or Deceptive Fees." The rule, set to take effect on May 12, prohibits hidden fees for live events, hotels, and short-term rentals. It also bans practices such as "bait-and-switch pricing" and any actions that conceal or misrepresent total prices and fees.

In a newly published FAQ, the FTC offers a guide for these types of businesses, providing detailed information about pricing transparency. The rule will impact businesses, including live-event ticket sellers and short-term lodging providers, like hotels, motels, Airbnb, or VRBO. Third-party platforms, resellers, and travel agents are also covered by the new regulation. (Airbnb already updated its service in advance of this new regulation to show users the total cost of their stay upfront.) [...]

Also included in the FTC's new FAQ are the types of fees that can be excluded, such as taxes or government fees, shipping charges, and charges for optional goods or services people may select to buy as part of the same transaction. (Note that handling charges aren't on this list.) However, the FTC notes that businesses must disclose that it has excluded charges from the total price before asking for payment. For example, if a business excludes shipping charges from the advertised price, it's required to clearly state the amount and purpose of those charges.

President Trump's proposed 2026 budget seeks to cut nearly $500 million from CISA, accusing the agency of prioritizing censorship over cybersecurity and election protection. "The proposed cuts -- which are largely symbolic at this stage as they need to be approved by Congress -- are framed as a purge of the so-called 'censorship industrial complex,' a term the White House uses to describe CISA's work countering misinformation," reports The Register. From the report: In its fiscal 2024 budget request, the agency had asked [PDF] for a total of just over $3 billion to safeguard the nation's online security across both government and private sectors. The enacted budget that year was about $34 million lower than the previous year's. Now, a deep cut has been proposed [PDF], as the Trump administration decries the agency's past work tackling the spread of misinformation on the web by America's enemies, as well as the agency's efforts safeguarding election security. [...]

"The budget eliminates programs focused on so-called misinformation and propaganda as well as external engagement offices such as international affairs," it reads [PDF]. "These programs and offices were used as a hub in the censorship industrial complex to violate the First Amendment, target Americans for protected speech, and target the President. CISA was more focused on censorship than on protecting the nation's critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion."