Tim Starks (13:45)

Good to be with you, Dave.

Ben Yellen (13:46)

We just finished up our Supreme Court term here for the year and there's some cases here that caught your eye that are worth sharing with our audience here. What do you got?

Tim Starks (13:57)

There are really two cases that caught my eye. One applies very generally and that means it does apply to a lot of the topics you cover on the daily podcast and over on Caveat. And one I think is more specific to the world of cyber world of data privacy. So I'll talk about the general one first. This is a case that has to do with what are called universal injunctions. So it's the ability of individual federal district court judges to issue holdings that don't only apply to the parties in that case, whether that party is an individual plaintiff or something like a state, but applies across the country. So this has been a phenomenon going back 20, 25 years. We've had a lot of these so called universal injunctions. This case was about one or a few of them actually relating to a Trump administration executive order on birthright citizenship. So that executive order narrowed the definition of birthright citizenship in the United States. Some individual plaintiffs as well as states brought litigation saying that this new policy violates the 14th Amendment, which says that anybody born in the United States and subject to the jurisdiction of the United States is a citizen of the United States.

Ben Yellen (15:07)

Okay?

Tim Starks (15:08)

And those parties obtained universal injunctions. So court said, not only am I ruling out or forbidding enforcement of this policy against the plaintiffs in this case, but I am prohibiting the enforcement of this policy across the entire country. And in a 6, 3 decision, the Supreme Court said, that is no longer acceptable. It is not within the traditions of our judicial system. It's not well grounded in the Constitution or in the Judiciary act of 1789, which governs a lot of how our judicial branch works. So what that means in practice is even if you as a plaintiff think that a executive action, whether it's a bill that's signed or whether it's an executive order, if you think that's blatantly unconstitutional, you're gonna have to go court by court across the country with a class of plaintiffs that meet standing requirements to get specific injunctions that apply to a bunch of plaintiffs. You're no longer gonna have this out where you just have to find one plaintiff in one district and you can get the entire policy struck down across the country. So now, the one way you would get that type of universal applicability would be to do a class action lawsuit, and you'd have to establish a really large class. And that's a very difficult, cumbersome process. So it's going to be much harder to obtain universal nationwide relief, judicial relief from some of these policies. And I think that could have wide reaching implications in all spheres of the law.

Ben Yellen (16:47)

So, for example, for our cyber concerns, you could see if someone brought a case where they thought there was some unconstitutional privacy concern, for example, it would not be allowed to be paused nationwide.

Tim Starks (17:03)

Exactly. So let's say you had a bunch of plaintiffs in the state of Maryland, where we are, they could sue in a federal district court in Maryland. Whatever decision that court came up with, if they issued an injunction against enforcement of that policy, that injunction could only apply to that class of plaintiffs in the state of Maryland. It can only apply to the litigants in this case. Now, incidentally, if it applies to the plaintiffs in Maryland, then it will probably end up applying to almost everybody in Maryland. Like, if it's some type of privacy policy, it will apply to everybody within that jurisdiction, but it wouldn't apply to people across the country that are subject to the jurisdiction of other federal district courts. So that's just a tool that's now out of the toolbox. You can't obtain these nationwide injunctions. And we've seen a lot of them not only during the Trump administration, but also the Biden administration on the other side. A lot of people in the conservative legal community were going to a single district court judge in Texas during the Biden administration to try to obtain these universal injunctions against policies they didn't agree with. And they were successful. And that's no longer a tool that's going to be available to them next time we have a Democratic president.

Ben Yellen (18:22)

Interesting. All right, well, the next one is a little more directly related.

Tim Starks (18:26)

Yeah. So this one comes from the state of Texas. This is a case called Free Speech Coalition Incorporated v. Paxton, who is the Attorney General of Texas. So Texas passed a statute requiring age verification for accessing pornographic websites. The rationale of course, being that they don't want children to access this type of pornographic material, which is self explanatory. Seems very reasonable.

Ben Yellen (18:53)

Yeah.

Tim Starks (18:54)

Free Speech Coalition is a group of free speech advocates. They were joined by representatives of many of these pornographic websites in suing the state of Texas, saying that this is a violation of adults First Amendment rights. So the thinking is, even though this policy is designed to prevent children from accessing these websites, it will have an impact on adults who have First Amendment associational rights to view this type of pornographic material. By having required age verification, it might burden adults ability to view this material.

Ben Yellen (19:29)

Right.

Tim Starks (19:29)

So the Supreme Court in this case, another 6:3 decision along ideological lines, upheld the constitutionality of this Texas law. A big question was what level of scrutiny would apply to the statute. Generally, when you have a restriction on speech based on its content, courts will apply what's called strict scrutiny, which is the highest level of scrutiny, which in normal parlance just means you better have a darn good reason to do what you're doing.

Ben Yellen (19:58)

Right.

Tim Starks (20:00)

And the dissent was adamant in saying that strict scrutiny should apply here. And even though Texas does have a compelling interest in preventing children from accessing pornographic material, they are not using the least restrictive means of achieving that objective. There are other ways that you could stop children from accessing these websites without having what they consider to be burdensome procedures for age verification, which might include things like submitting personally identifiable information that then go on the Internet that are sold on the dark web potentially.

Ben Yellen (20:35)

Right, right. You have leaks and things.

Tim Starks (20:36)

Exactly. The majority opinion said that strict scrutiny should not apply that in cases where there is no facial prohibition on adults accessing these websites, it's only an incidental burden. And really the policy is intended to keep children from accessing this website, then only intermediate scrutiny, which is kind of the middle level of scrutiny, should apply. And as long as the government has an important interest here, which Texas does, and the means of achieving that interest is substantially related to that interest, then the law is constitutionally permissible. And what the Supreme Court is saying here is Texas made a reasonable judgment that the best way to achieve the objective of keeping kids away from pornographic material is to have age verification procedures. That that is constitutionally acceptable. They don't have to find the least restrictive means of achieving that objective as long as they're using means that are pretty closely related to achieving those legislative ends. So as a result, I think we're gonna see a lot more laws across the country with age verification requirements for pornographic websites. Now, the Supreme Court has said that requiring people to submit proof of age beyond just, hey, click this box if you're 18. But let's you upload a government issued ID or there are some other procedures that send people to party third. Third party sites where they have to upload their id. Yeah, that. That type of requirement is now deemed constitutional according to our Supreme Court. So I think that's going to impact regulations on access to these websites in a whole bunch of different states.

Ben Yellen (22:23)

Yeah. Interesting. All right, well, Ben Yellen is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, thank you for joining us and explaining it.

Tim Starks (22:33)

Always good to be with you, Dave.

Ben Yellen (22:49)

Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Sempras created Purple Night, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempras.com purple-knight that's sempress.com purple-night.

Dave Buettner (23:26)

With a venmo debit card, you can Venmo more than just your friends. You can use your balance in so many ways. You can Venmo everything. Need gas? You can Venmo this. How about snacks? You can Venmo that. Your favorite band's merch. You can Venmo this or their next show. You can Venmo that. Visit Venmo Me Debit to learn more. The Venmo MasterCard is issued by the Bancorp bank, and a pursuant to license, my MasterCard International Incorporated card may be used everywhere MasterCard is accepted. Venmo purchase restrictions apply.

Ben Yellen (24:00)

And finally, our Ransom Shenanigans desk tells us that Digital Mint, a company that negotiates with ransomware hackers on behalf of victims, is now investigating one of its own. The former employee allegedly struck side deals with hackers to pocket some extra crypto because apparently salary negotiations weren't enough excitement. Digital Mint swiftly fired the employee, who remains unnamed and is cooperating with the Justice Department's probe. CEO Jonathan Solomon assured clients they acted swiftly, while President Mark Grenz touted transparency as Digital Mint's cultural backbone. Meanwhile, cybersecurity experts dryly note that ransomware negotiators aren't exactly incentivized to lower demands if their profits scale with payment size. As ever, analysts caution that paying ransoms only emboldens attackers. In short, even ransomware negotiators may need their own negotiators, preferably ones without side hustles. And that's the Cyber Wire or links to all of today's stories. Check out our daily briefing@thecyberwire.com a programming note that we will not be publishing tomorrow, July 4th. In observation of Independence Day here in the US we plan to share some programming from across the N2K CyberWire network for you to enjoy. Have a safe holiday. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through August 31st. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester, with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Buettner. Thanks for listening. We'll see you back here next week. Hey, everybody, Dave here. I've talked about Deleteme before, and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it. Peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.