Episode Overview

Title: Navigating AI Policy: Challenges in Privacy, Governance, and Regulation with Shane Tews
Podcast: To The Point – Cybersecurity
Date: November 4, 2025
Host: Rachael Lyon
Co-Host: Jonathan Knepher
Guest: Shane Tews, Senior Fellow at the American Enterprise Institute (AEI) and president of Logan Circle Strategies

This episode dives into the complexities and nuances of AI policy, especially in privacy, governance, digital trust, and regulatory frameworks. Shane Tews—AI, cybersecurity, and digital economy expert—joins Rachael and Jonathan to dissect evolving technology policy, effective data protection, digital sovereignty, and the challenges of state vs. federal approaches in the United States. The conversation blends high-level policy perspectives with practical, on-the-ground cybersecurity concerns relevant to business leaders and policymakers.

Key Discussion Points and Insights

1. The Evolution of Technology and Policy ([02:25]–[05:35])

• Rapid AI Adoption and its Ubiquity
  • Shane reflects humorously on “everything’s AI now, even my new golf clubs!” to illustrate the pervasiveness—and sometimes marketing overuse—of AI in products.
  • Quote ([02:55], Shane):
    “Everybody’s in on it, including Callaway. To me, it’s a little bit of a redoubt… [AI] is an adjacent discussion to the ones I’ve had for years.”
• Parallels to Early Internet Policy
  • Her early work was trying to explain to regulators how the Internet would work “across state borders and then international waters.”
  • Internet governance (ICANN, IGF) set important precedents for global technology challenges now playing out in AI.

2. Regulating AI: Innovation vs. Compliance ([05:35]–[08:51])

• US vs. Europe: Different Approaches
  • Europe is seen as a regulation pioneer but lags in profitable AI application compared with the US, which benefits from risk-taking VC culture.
  • Quote ([06:34], Shane): “The European system’s not designed for [tech innovation]. They end up coming to the US… that’s good for us, but not for global balance.”
• Digital Sovereignty and the “Ally Stack”
  • There’s increasing pressure for more localized, homegrown capabilities (e.g., European digital sovereignty).
  • US wants to broaden “the ally stack,” working with Europe to share technological benefits without stifling innovation.
  • Notable Context ([08:51], Shane):
    “I realize… digital sovereignty is really big now. People want to feel they have some homegrown stake… but we need to help them build that.”

3. State vs. Federal Regulation in the US ([08:51]–[10:42])

• Applicability of Existing Laws
  • Shane emphasizes that many digital harms are already illegal, and enforcing existing laws is more productive than continually passing new ones.
  • Quote ([09:25], Shane):
    “If there’s already a law in place…that law applies. We don’t need brand new laws for artificial intelligence.”
• Need for Nuanced Updates
  • When analog laws don’t map perfectly to digital realities, targeted updates should be enacted rather than sweeping new regulation.

4. Persistent Challenges: Technical vs. Policy Hurdles ([10:42]–[12:49])

• Acceleration of Information and Risks
  • Greater connectivity (“devices in people’s hands”) exacerbates privacy and safety challenges (e.g., child online safety, parental controls).
  • Numerous tools for data management exist, but consumer education and effective use lag behind.
  • Data Collection Dilemma:
    • Protecting children online often means collecting more personal data—ironically increasing risk.
    • Quote ([11:30], Shane):
      “You have to gather more information to know less information. And as we know about data, once you gather it, you’ve got it.”

5. The Privacy Problem: Perception, Policy, and Reality ([12:49]–[14:30])

• Public Data, Personal Exposure
  • Even basic searches can yield sensitive, outdated, or fabricated data publicly. The lines between privacy, data protection, and publicly accessible information are increasingly blurred.
  • Quote ([13:13], Shane):
    “I believe in data privacy. I don’t… Privacy is a challenge for me. I think privacy is a feeling and it’s hard to regulate privacy. Data protection, I am all for.”
• Push for a US National Data Protection Bill
  • US lacks comprehensive, uniform data protection law (“California is becoming our de facto data protection bill”), and Europe’s uneven regulatory influence is problematic.

6. Trade-offs: Convenience vs. Security ([14:30]–[17:54])

• Everyday Exposure
  • Both hosts and guest share anecdotes about surprising personal data availability (“the last time you Googled yourself… my name, phone number, date of birth, my address, my age”).
  • Personal convenience (e.g., “find my friends” features) frequently trumps privacy concerns for younger generations.
  • Quote ([17:04], Shane):
    “They all just put themselves on their Find My on Friday night so they can find each other at bars… they don’t seem to [mind].”
• Intergenerational Perspectives
  • Younger users are more permissive with data, while older generations are more cautious. Policies must reflect this diversity without turning databases into honeypots for malicious actors.

7. Encryption and Backdoors ([17:54]–[20:26])

• Firm Stance Against Government Backdoors
  • Any government-mandated backdoor creates universal vulnerability—once it exists, attackers will find and exploit it.
  • Quote ([18:25], Shane):
    “The idea of a government backdoor is insane… once it’s there, all the bad guys are just going to hammer on it until they can open it.”
• Encryption as a Baseline Protection
  • Encryption of data—by default in messaging platforms—is essential for privacy, safety, and trust.
  • Quote ([20:26], Shane):
    “We need to really think about that. So I have very strong feelings about encryption, John.”

Notable Quotes & Memorable Moments

• “Everybody’s in on [AI] including Callaway. So…it’s just an adjacent discussion to discussions I’ve had in the past.” – Shane ([02:55])
• “You need to regulate towards an outcome, not the tech.” – Shane ([04:12])
• “Europe is a global pioneer in regulating AI. Meanwhile, other regions are world leaders in the development and profitable application of AI…” – Rachael ([06:09])
• “I believe in data privacy… Privacy is a feeling and it’s hard to regulate privacy. Data protection, I am all for.” – Shane ([13:13])
• “The idea of a government backdoor is insane… once it’s there, all the bad guys are just going to hammer on it until they can open it.” – Shane ([18:25])
• “Encryption is your friend.” – Shane ([20:29])

Important Segment Timestamps

• [02:25] – Shane Tews’ Background & Early Tech Policy Experience
• [05:35] – The Europe vs. US Innovation-Regulation Divide
• [08:51] – State vs. Federal Regulation in the US
• [12:49] – Data Privacy, Child Safety, and Policy Implications
• [14:30] – Personal Data Exposure & Privacy Attitudes
• [17:54] – Encryption: Policy, Practice, and Strong Opinions

Conclusion

This episode is a compelling primer on the state of AI policy and cybersecurity regulation, packed with practical insights, pointed critiques, and grounded optimism for leveraging technology responsibly. Shane Tews illustrates the need for outcome-driven regulation, meaningful data protection laws, and staunch defense of strong encryption. The conversation underscores the importance of understanding both human and technical dimensions of privacy—emboldening both policymakers and practitioners to thoughtfully navigate complex digital landscapes.