Welcome to CyberFocus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I'm your host, Frank Cilluffo, and this week I have the privilege to sit down with Eric Geller. Eric is a prominent top flight reporter on cybersecurity, has been on the beat for a long time. He's written for Politico, he's a regular with Wired, with the Record, with Cipher Brief. Pretty much anywhere that's
writing about cyber you can find, Eric is nearby. Really excited to sit down with him today. We're going to go deep on four recent stories he wrote, two for Wired magazine and two for the Record, and looking forward to the conversation. Eric, thanks for joining us today. Thank you for having me. Great to be here. Thank you. And I thought we'd start with piece you recently wrote for Wired magazine and it was looking at what cyber could look like in a new administration, in the Trump
administration. And it'd be great to hear some of your thoughts in terms of what you unearthed there. Sure. So the big things I found were there's going to be
no surprise here, less regulation. But particularly as we think about what we've seen recently from Salt Typhoon in the telecom sector, what we know is still out there in the healthcare sector and others, these are efforts that the Biden administration has really been pushing on to try to get some rules in place for sectors that previously really
didn't have them or didn't have strong ones, didn't have modern ones. We are not going to see, based on what my sources have told me, any real interest from the Trump administration in continuing to put those rules in place. Now, their platform does say we're going to have minimum security standards for critical infrastructure. What that looks like is very unclear. And basically all the folks I talked to said don't expect this to be this kind of robust effort like we saw with TSA in the pipeline
sector after Colonial under the Biden administration. They do not anticipate seeing that. We're also going to see less focus on election security, countering mis and disinformation. We're probably going to see changes to the cisa kind of secure by design corporate accountability work that's being done to try to say those companies that have responsibility for this infrastructure also have responsibility for, for protecting this infrastructure. Those are sort of a few areas where
I think we're gonna see perhaps. A step back and I wanna pull a thread
on a couple of those issues. But let's start with Salt Typhoon. This is a Story that will probably be with us for a few months. Right. And I'm not sure people have a sense of the gravity of the issue here. Anything you'd like to share on that? Well, it's hard to have a sense of it because first
of all, the public knows very little. But also even investigators right now are still not sure the full extent of this campaign. So I think even. Yeah, exactly. It's one of the broadest campaigns that the US Government has ever seen. And it's hard when you're not a victim of it and you don't get a call from the FBI telling you China listen to your phone calls to know how broad and how deep this access is, because you're not necessarily getting that call telling you you were
hacked. And there have been some initiatives recently and Some efforts and PSAs, even by
CIS, FBI and others in terms of how to use their. Use your phones a little more safely. I just have a more than a strong feeling that we'll be talking about this for a few months and the full extent is unknown, but I think it's pretty severe. Yeah, let's look to. And along those lines, I think one thing you may also see and you highlighted in your piece, is a little more proactive approach in terms of focusing on adversaries. What are your thoughts there? Yeah, so
under Biden, this was true. Under Obama as well. There's been a real reluctance to do anything that could sort of make things complicated for State Department diplomats who are trying to work with other countries on other aspects of our foreign policy. If Cyber Command goes out there and starts hacking foreign servers, they might end up with some third countries in the crossfire. They're trying to get Russia. They might end up taking
down a server in Moldova that is supporting civilian infrastructure as well. That's sort of an example of one of the worst case scenarios. It's not always that dire. But under Trump in the first term, and I think under Trump in the second term, you're gonna see less concern about the kind of collateral damage, more of an interest in a muscular cyber policy. He elevated Cyber Command to a full command. He's probably gonna be faced with the question of whether to create a cyber force. We don't
know exactly. What are your thoughts on that, by the way? Look, I'm not enough to say that. I'm just asking your opinion on the. Military side of things, whether a full service is necessary there or whether the existing services want to continue supplying forces the way they do now. But he's going to approach this with a more kind of chest thumping. We're going to come get you if you try to hurt Americans and sort of damn the consequences. Whereas Biden and Obama have been a little
bit more cautious about collateral damage. You know, I may have a little nuanced disagreement
there because I think both under Trump and then under Biden, you did see a little the defend forward concept was grasped and there have been some actions. We don't talk about all of them, but I think there has been some activity under the two previous administrations on this. And I would argue more is needed, done smartly. We don't need cowboys, but. Right. And we should say that Trump changed the rules a
little bit to make it easier for the military to launch some of these attacks. And excuse me, and Biden did not reverse that. That has continued under Biden. And so I think that becomes the new norm is the military has a little bit more of a free hand to do these things. And the State Department, the Commerce Department can't come in and say slow your roll or at least, you know, not as easily as they might have in the past. I'm glad you I was going
to bring up NSBN 13. So yeah, I didn't want to use any buzzwords here,
but this is an audience where I can use those. You can get away with
some of them. And that is that has lived through different administrations. What do you think this means for allies? I think allies are going to want to see the
US Continue to take the leading role in fighting back against some of this stuff. I also think that if Trump gives cyber command the ability to move forward out of US Networks in a way that Biden was restraining them, that can be good. Some of our allies might not want to shoulder as much of that burden. As I said before, you can also have some collateral damage. And I think allies are going to want to see a calibrated approach. And one of the things that makes
cyber unique from conventional once you use a means or a technique or a tactic, it can often be reverse engineered and it does have the potential blowback concerns and considerations. But I would also argue business as usual ain't cutting it, is it? So figuring out what that right balance and mix is is going to be important. What do you think it means for critical infrastructure? And you talked regulatory and I don't
disagree with your assessment and evaluation there. But do you think it's going to have implications across all sectors of our critical infrastructure, so called 16 I'd love to see space designated as a critical infrastructure. A lot of discussion around cloud. But do you think that changes in nature and does it impact and affect that partnership that we've all been striving to get to? I think the voluntary side will continue to be
strong because these companies know they're in trouble and they know they need help. The question with Trump too is does some of the funding for the services that CISA provides continue to stay at the current level? Does it go up, does it go down? You know, a lot of hospitals out there just can't afford to even do multi factor authentication, as silly as that might sound to some of us sitting here. They need help from the federal government. Does that help continue to come? Do some
of those budgets for services like that get cut? I don't know the answer to that. But I do think as you're looking at a cost cutting environment, we know that Elon Musk is coming in with Doge, trying to increase the accountability and efficiency in the government. Does he look at things like the state and local cybersecurity grant fund, for example, that $1 billion program, and say, we don't need this anymore. You
know, state and local is a sector of critical infrastructure or government facilities. I should say, does that funding continue? Does that support continue? I think that's an interesting area to look at. And when I look at this holistically, ultimately small, medium sized businesses,
state, local, tribal, territorial, those are the underbellies. We need to do more. And they face the exact same risk the feds do. And they don't have the resources, the capacity and the, and the women and men to be able to fight back. So I, I do hope that there's recognition on the importance of empowering those on the front lines and not only inside the beltway, and we'll see where that goes. That's a great point. And I do think state, local is essential. You also recently had
a piece around artificial intelligence in Wired magazine and what that could mean. And guardrails, no guardrails. What should we be thinking there? Well, AI is an interesting space because
take Elon Musk. He has said it's an existential threat. He has called for regulation, but he's also said that some of the rules or expectations that the government is trying to encourage about things like preventing misinformation, preventing harm bias, he's saying essentially that goes too far. It's not the role of the government to try to prevent AI
from being biased against people of color, for example. So the tech industry really needs to figure out where it stands on how much regulation it wants the incumbents, the folks like OpenAI, they're in favor of things like we've seen from the Biden administration of trying to create sort of a code of conduct for protecting your models, protecting
your code. That's the kind of thing that's going to make it difficult for startups to enter the field if they've got to do all this work to, for example, turn over reports about their testing, their security testing to the government. Those are some of the things in the president's AI order. And my story essentially says Trump is not interested in that stuff. The people talking to him do not want the government
trying to prevent AI bias and AI misinformation. And when you, when you look at some of the commentary we've seen, you know, Senator Ted Cruz, for example, was talking about the nist National Institute of Standards and Technology AI guidance, and he called it woke AI safety guidance. You are seeing from conservatives a bit of an effort to kind of frame this as the government's trying to woke ify your AI. They're trying
to make it left wing and trying to censor conservative ideas. This, of course, goes back to what we saw in 2020 and this year in terms of election content. That's the kind of thing Trump's not interested in. He does not want the government saying, you must prevent bias in your AI. Biden's order has that in spades. So the question is, what does Trump do with that? I think some of that gets scaled back significantly. I think that's what my sources are saying. And when you look
at the AI sets of questions, I mean, there is also another argument that innovation, efficiency and others could either be improved or curtailed. What do you hear from. Yes,
there. So, so that's the other side of the coin is that, you know, it's great to say we want the government to be in the loop when these companies are testing their models, but that's hard to do. And speed don't often go in
the same sentence. Yeah. And when you're a smaller company, you don't have the staff
necessarily to comply with some of the things in this order. And so does that lock out new entrants into the market? Does it mean that OpenAI cements its dominance? That's certainly an argument that we've heard from some of the folks who are critical of this order. And I guess the other question is, I spoke to one person who said this is sort of the camel's nose under the tent. They're starting with, you have to report your test results. To us. But that is going to turn
into, you have to develop AI in this way. It has to have these parameters specifically. So what are your thoughts? How do we get our arms around this issue?
Because I think it's still early from a technology standpoint to fully appreciate the potential implications and impact, but I think we all know it's happening already. So what do you, what do you think that looks like? If you were, if you were king for the day, National Cyber Director, what would you be recommending right now? Boy, that's
a tough one. I will say that Nate Fick, who's the cyber ambassador for the US Government, has talked about how when he goes around the world and talks to people about the US tech sector, what they say is almost uniformly you essentially drop the ball with your social media companies. And he has said that, he said this basically to the head of Meta, that this is sort of the biggest disinformation factory
in the world because all that kind of stuff can run rampant. And we've essentially said we're giving up on any effort to hold these companies to account as providers of essential services in America and in the world. So now when we think about AI, the question that Nate Fik and others have raised is do we approach it
differently? Do we take more of a hands on approach without harming innovation? Do we say you are providing essential services that have everything, that touch everything from student loans to home loans to job applications, you have a responsibility to not taint that process.
And there's a whole nother set of questions here that autocratic regimes who don't play by any rules can also manipulate this. Yes. I mean, do you see an AI versus AI kind of set of issues, Democracies versus autocracies? Obviously within both, within democracies, there's a lot of discussion on what that looks like. But I'm worried about maybe the People's Republic of China and the Communist Party of China and some of the
ways that they can manipulate AI and are manipulating AI. So I'd be curious what your thoughts are there because I think that gets lost in the discussion. We do a lot of navel gazing, looking at our own, but. But the truth is, is there's something bigger out there. Yeah. And one of the goals, I should say, for
the, the Biden AI executive order is if our AI systems have vulnerabilities that China could exploit, we want to know about them and we want the companies to find out about them, which is why they're incentivizing reporting your test results. So some of that is actually with an eye toward making it harder for foreign adversaries to get
in. You raised the question of AI versus AI. I do think if you're in China and the Chinese government says you can only use an AI that's trained on data from China, you're not going to ever be able to hear about Tiananmen Square here. What is the value of that model? Does that model actually serve your interest as a citizen of China? Do you get what you want from that, or do
you try to get around the great firewall and use OpenAI? I think some of those walled garden questions about closing our doors and building just a Russian AI system, how useful is that when it doesn't have information about history? Yeah, that's actually a
very thoughtful and. And conversation that's worthy of an episode in itself. But the reality is they're already, and some would argue in my community that a lot of these breaches are also from China and others are basically used to train AI models. It's not only for the value of the information they're exploiting at that time, but it's for the value of training some of these large models. Have you heard that? Absolutely.
I mean, think back to opm, right? They have the data and now they have the ability to analyze it. And again, what gets lost, even in the OPM discussion,
which both of us know very well, we sometimes forget that it's in your SF86, is you're writing foreign contacts. If you're living in Beijing and you had a foreign contact, that's who I'm most concerned and worried about. And then it's also manipulating the US side and others that could be of concern. Lots more to discuss there. We're not going to have time to get through it all today because I do want to get to another story you wrote, and it's a particular sector that I think
is of great interest, often underappreciated, and it's looking at agriculture and cybersecurity. And you wrote this for the record, when I look at our economy, when I look at our health and safety of our food supply in the United States, this is a big issue and it takes on so many facets and implications. What were your findings here? And I'm not going to lead the witness. I'll try to opine less on this one. But I'd be curious what you're thinking is here. Well, one thing that
was the top finding is that the US Government is not postured to help the sector the way that the sector wants it to. So the Agriculture Department, which is supposed to be in charge of this along with the fda, is not positioned in terms of budget or staffing to actually provide the services that you expect from a sector risk management agency. So if you think about what the Energy Department does or even the TSA for the sectors under their purviews, they have robust support, especially at
tsa, they're building up the ability to offer help. USDA doesn't have that. And one of the things that's interesting about that is think about how the federal government interacts with agriculture across the country. You know, there are these offices all over the country, in rural areas especially, that exist. They're extension offices. Their one job is to be the arm of the federal government saying, let us help you plant your crops, fertilize
your crops, harvest your crops. We've got experts, you've got crops, we will help you.
And Auburn is a land grant university, so very near and dear to those as well. Yep. There is no cybersecurity component to that work right now. I spoke to
a person who said, I go into my local extension office regularly. I don't see cybersecurity guidance, brochures, any of that stuff. If you want to learn how to plant a crop, you can almost certainly find a brochure for that in there. There's nothing about multi factor authentication and. That has to change. And how would you go about
changing that? Because I think it's just wide open. Yes. Yeah. Some of this and then there's some of the machinery as well. So it's not only. It's got many facets to it. Yeah. I mean, I didn't even talk about, you know, precision agriculture
now involves GPS connected tractors. We're talking about agricult. But there's also meat packing plants get instructions from computers about what kinds of chemicals and processing to put into our poultry. I mean, all these things could be hacked. And right now it's almost just a matter of luck that some of them haven't been. And the answer is funding. It's boring, it's not sexy. But more money for USDA from what my sources are
saying would be a way to help them help the sector. What do you think
RFK would think in this space? You know, I've looked around for any evidence that
he's thought about this. I don't have any sign of that. I do think that. But starting with funding and voluntary assistance as opposed to regulation, getting the sector to the point where it can comply with regulation would be a Way to go. I think, I don't see any reason to think that he would be opposed to more funding for some of these communities. I should also say, just in terms of sort of crass politics, a lot of these communities are in red communities, are in Trump
supporting communities. They would really like the federal government to step in and offer them support for this problem that is only just kind of emerging over the horizon for some of them. And they've had their wake up call. I mean, jb, you've seen
incidents. Why didn't you see more activity coming out of that? I think part of
it is that if you can't get gas, there's something very visceral about seeing those long lines, seeing people put gas in plastic bags. We didn't see that with jbs and I don't know why, I'm not an expert on that supply chain, but we didn't see that with jbs. Now, were there people who went to the supermarket and they couldn't get whatever poultry or meat they wanted that day? I'm sure there were, but you didn't see the 6:00 news covering it that way. So part of it
is just policymakers react to a perceived social crisis. And we had a social crisis with Colonial, we didn't have that with jbs. And I think the results speak for the same. And as someone who would be on the other side, that makes a
whole lot of sense. But you were writing about this and it just didn't. And you were writing early on. I know you spoke with a bunch of my colleagues and others because that's an area we spent some time and for transparency or doing work in. But, but all things said and done, I hope we don't need to hit that snooze button after the next crisis du jour. Because the reality is is
there's, it's become so just in time. There's not a whole lot of, not a whole lot of time and space between what could become catastrophic in this particular sector.
Absolutely. And inventory and everything else is pretty tight. And that's a good thing from
an efficiency standpoint. But if it's exploited for really bad day, it could become a compounded into a really, really bad day. And our viewers and listeners largely know what the SRMAs are, the Sector Risk Management Agencies and NSM22. And is USDA the right sector? I think it is. But I'd be curious what your thoughts are there. Is it just that it hasn't been prioritized at the secretarial level or Congress needs to
do more. Where do you think? And post Chevron deference world, maybe you will see Congress legislate a little stronger there. But I'd be curious what some of your thoughts are. Yeah. So talking to sources, I sort of hear both. Right. Congress needs to
step in with funding and with a sense of this is your mission, this is part of your mission. And then USDA has to sort of take that in and make it a culture for them in the same way that TSA readily admits that it needs to be on cybersecurity of pipelines, just like physical security. Right now, when I talk to my sources, what they're saying is you don't see the Secretary of Agriculture talk about cybersecurity. You don't see them focus on this as part of their
agency culture. And that's an intangible thing that's hard to change with legislation or even with more money. But it is something that my sources. Say needs to change and
culturally is important. And I think you put your finger on something very important through the extension programs. And rather than creating something unique, only to cyber, to integrate it into what is already being done at the very local level. Because this is a very local issue. Yeah. And. And this is a way that the government can demonstrate
that it actually is here to help. These are offices that have relationships with farmers. The farmers trust them in most cases more than anyone else from the federal government. So integrating cyber into that is sort of a no friction. Well, it's a low friction way to do that. Yeah. And Also organizations like 4H and others that play
important roles in. In all of this, I think are essential as well to build that culture. And, and I say this and I get in trouble. We are a land grant, and of course agriculture is essential to our economy and our health and safety. But if we were to build schools of ag today, land grants today, they'd be cyber. Right. And to me, they're sort of. It's the combination and the integration
of where the two come together that's so important. But just to. And one last point on agriculture and cyber here before we jump to yet another important story you had. Have you written about how much money is devoted by USDA and how many FTEs are actually responsible for this at the, at the SRMA level? Yeah. I wish
I had the exact number. It's in the story. Small, right? It's a very, very small number. I know. I compared it to the Energy Department having an entire wing for cyber and emergency response. Even TSA is getting more money These days, agriculture, it's a tiny sliver. It's just a tiny, tiny fraction. And I should say the office that does, it does other things too. So you don't have that clarity of mission on cyber. Yeah. So that is a start. I think that we need to get
more bodies, more awareness and more resources to ultimately get things done. Anything else USDA ought to prioritize from a readiness standpoint? I think just getting the talent to actually
be able to provide the assistance. And maybe it's just partnering with cisa. Maybe USDA doesn't have to have an entire core of cyber experts, but they have to have processes to deploy CISA experts if that's what they're going to do. Exactly. Let's go
to another. And this is an issue that we have been discussing since you, I'm sure started reporting and me because I'm a lot older, even way before that. Let's talk software liability. And you had, I think, a very important piece that called it a very, very, very, very hard problem. For the record, tell me what your findings were in this particular article. Yes, so I wanted to do this because the Solarium
Commission had a big report, a lot of which was implemented. I am biased as
a commissioner. Absolutely. Full disclosure there. But big things that wasn't implemented was moving forward
on liability. And what I found was basically you have had a carve out on liability for the software industry for a long time that has essentially given them the ability to say this isn't right for us, it's never been right for us. And look, Congress recognized that decades ago. Even if you didn't have that though, there'd still be really big questions about how do you create a liability model? What is too
insecure to be legally acceptable? What is an innocent mistake that nobody could have prevented? The fact. Which is very different. Yeah, absolutely. The fact that we have nation state actors who are trying to break our software and hurt us is different from a lot of other industries where we have liability, where it's, it's basically accidents and negligence as opposed to deliberate attempts to hurt people. And this may be trite and it
may be an awful metaphor, but would you fly a plane if it were literally the same approach that software has to be able to get a product out? I think speed, speed, speed, speed, speed has been priority one. Yes, absolutely. And the industry
has been very savvy about sort of toting the benefits to lawmakers of prioritizing speed and innovation as opposed to security. Security is a cost center. Right. It's a cost Center. It's something you have to do. It's not something you want to do. You may say you want to do it, but in reality it costs money and it's something you have to do. And until that has teeth to it where people say, I can sue you if your product hurts me, no company is going to prioritize
that the way they prioritize speed and shiny features. And that's. And again, you wouldn't
fly a plane if those were the rules to just get it out first. Right, Right. But we have a culture of aviation. Safety, even if we're not exactly right. Yeah. We have expectations that our planes will be safe. That's what I'm saying. Because
they can kill us. That's what I'm really saying. And they will. So I think
that, again, not the perfect metaphor, but. But there is some there there that we ought to be thinking about. So what do you think the biggest impediments and obstacles are around some of these issues? The folks I talk to say inertia is the
biggest one. It's been this way for a long time. It's quote unquote, worked fairly well. Why would we want to rock the boat at sort of the industry position?
There've been some wake up calls this year alone though, right? Absolutely. Crowdstrike, Microsoft, others.
Yes. The other issue is how do you design this to be fair to all parties involved so that I can get. Get recompense for a grievous harm. But you don't have the cyber equivalent of ambulance chasers. Right. Where you're just trying to get to bleed the company dry for a mistake that reasonable people would say they could not have prevented. How do you scope that? That's a big, big, big challenge. How
do you scope that? What are your thoughts there? Well, that is, that is exactly. You don't want this to be a cigarette wrapped in asbestos. Right. The flip side is you need to have some guidelines. Right, Right. You need, you need innovation. What do you think? That. And you also don't want to skew it toward the mega companies because a lot of the software companies are small, medium sized. They don't have the resources, or at least they haven't accounted for the resources there. But they've got
big responsibility if it becomes big. Right. So I'd be curious what your thoughts are. How does that scoping look like and who should be convening this? The big thing
I heard is create a standard of care where if you do the basics that we all know you should be doing, you may either be fully immunized or it may be very, very difficult to break that immunity. If you can show you did everything that you reasonably could, that's gonna go a long way toward eliminating the negligence argument that you just really didn't try. You just didn't care. If you can say, in fact, I did care, and here's the evidence of that. I met the NIST
standards, I met CISA's recommendations. That is sort of a duty of care argument for let's not hurt them financially or legally because they did everything they could be doing. Right. That's, you know, I mentioned we have nation state adversaries here. Sometimes doing everything you can is just not enough. That's not really true in a lot of other
industries. Not to say that they're perfect. Just to say that if you do everything you can to build a safe car, it is very unlikely that you're going to see the kind of damage from, you know, an accident that you would see from software where it was, you know, designed poorly. We recently had an episode on automobiles
and that sector and they're basically computers on wheels now anyway, so. And the amount of code that goes in and out is sort of mind boggling just in the past 10, 15 years. And that ain't slowing down. That's probably going to go faster. But you bring up a good point. It's sort of of. We talk cyber hygiene a lot. This is taking it the next level on a medical with this, with the duty of care standard of care. That's actually hopefully something that gets a little
traction. And I just don't know who the quarterback should this be, the National Cyber Director driving this discussion? Is it beyond even the cyber discussion? Because it is in some ways. I just don't know how we take it from the nouns into the verbs and get stuff done. And do you have any thoughts as to who should be convening this? Well, the National Cyber Director is currently. Taking the lead, doing some
really good work there. Right. Convening experts to understand how this would work. The question
for me is, does Trump continue that based on who his National Cyber Director is? Do they even want to explore this? This was something to go back to my first story. People do not expect this to be a priority under Trump, but if it does continue, what happens in the next stage? So the National Cyber Director says, we're proposing this approach. We've met with experts. Let's do it this way. Now the ball's in Congress is court. One thing we haven't talked about yet is Software is
technically a service. It is not a product. So product liability, which is a legal standard, legally does not apply. So Congress would have to step in and say we are declaring software to be a product, which unlocks some legal avenues for further work.
And we recently had a discussion on with some folks from the insurance sector. Do you think the insurance sector plays a role in software liability? Definitely. I mean, if
you can get a policy based on showing that you are meeting certain baselines and that it's going to be harder for a company to sue you, that will encourage you to meet the baselines. Absolutely. And that is a less government regulatory, more private
sector driven solution set. So finding out what that right balance is and how to calibrate it I think is important. But that's where I might see some activity I think, going forward. Eric, we covered a lot. You cover this space a lot and have been doing so for a long time. What big stories should we be thinking about that we're not? So I think telecom regulation, as we move past the initial
shock phase of Salt Typhoon, what is the expectation that the government sets for how telecoms have to protect themselves? Some of these networks are built for mergers over decades. Do they require telecoms to essentially break those down and start fresh? I don't know how you would do that, but what I hear is unless you do that, you're not kicking out the Chinese government. Related to that, I would say encryption. So we've
had US Officials this week warning Americans to use encryption. Yeah, well, the FBI is not so thrilled about that, as we know. I've written about the crypto wars for a decade now. Do we see a change in US Government messaging on encryption because of what has been revealed here with Salt Typhoon? And what do you think that
means in a Trump administrative? I'm not, not to put you on the spot or to put you in someone else's shoes, but. But I think there may be some activity there now. No, absolutely. I think, you know, we, we've seen with Trump a
very interesting focus on law and order generally. And in cyber. That means, you know, the going dark debate that we saw Director Comey at the FBI kind of champion. They were very much leaning into that. The Deputy Attorney General, Rod Rosenstein, was basically
taking up the mantle from Comey on. We cannot have unbreakable encryption. I think we will see a return to that messaging, but it will be in tension with what we're seeing from CISA about use encrypted apps so that China can't spy on you.
Eric, thank you for joining us today. Keep fighting the good fight. Keep illuminating and bringing an important spotlight on the big issues facing Americans here and now. And really appreciate your time. So thank you, thank you. Thank you for joining us for this episode of Cyberfocus. If you liked what you heard, please consider subscribing your ratings and reviews. Help us reach more listeners. Drop us a line if you have any ideas
in terms of topics, themes or individuals you'd like for us to host. Until next time, stay safe, stay informed, and stay curious.