I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

According to the recent Meta/YouTube verdict, the plaintiff started using YouTube at age 6 and Instagram at age 9. The jury deliberated 43 hours, answered "yes" to every negligence question, and found evidence of malice. Then Meta's stock went up 0.7%. 🤔 That gap tells you everything. 📊

The $6 million award is basically a rounding error for companies pulling in $350 billion in combined annual revenue. What actually matters is the 2,000 pending lawsuits this verdict just handed a roadmap to, and the federal trial coming in Oakland this summer. This is the first domino. The tobacco industry had the same "we're being scapegoated" defense in 1994, and that argument eventually cost them $206 billion.

Here's what I keep thinking about as a guy who teaches about the legal, ethical, and social issues of information technology: the products we build have consequences we're responsible for, whether we want to admit it or not. The jury didn't care that Meta said Kaley's home life was complicated. They cared that the autoplay kept going anyway. 🔁

Two things can both be true: teen mental health is complex, and a notification engine designed to override a kid's ability to stop scrolling is a design choice someone made.

https://www.latimes.com/california/story/2026-03-25/social-media-lawsuit-trial-meta-google-verdict
#ChildSafety #BigTech #Leadership #Accountability #SocialMedia #Ethics #DePaulUniversity #DePaulU @depaulu

Here's the thing about the X advertising lawsuit: Musk didn't lose because of bad lawyers. He lost because antitrust law isn't designed to protect you from the consequences of your own decisions. The judge literally wrote she had "no qualm" dismissing it.

Ad revenue on X dropped by more than 50% after he gutted the content moderation team and disbanded the Trust and Safety Council. Then he sued Mars, CVS, Colgate, and a dozen others, claiming their decision to stop buying ads was an illegal conspiracy. The court said no. Choosing not to buy from someone isn't a crime. It's just a Tuesday. This is about how leaders respond when the market sends a signal. 📊

🚪 Advertisers didn't abandon X because of a coordinated plot; they left because the product stopped meeting their needs
📜 GARM, the brand safety group at the center of this, dissolved itself in August 2024 under pressure from the lawsuit, and X still lost anyway

When your customers leave, the first question shouldn't be "who do I sue?" It should be "what did I do that made leaving feel like the right call?"

https://arstechnica.com/tech-policy/2026/03/elon-musk-loses-big-in-court-x-boycott-perfectly-legal/
#Leadership #BusinessStrategy #X #Advertising #Accountability

Congress banned federal agencies from collecting bulk data on Americans in 2015. So some of them just started buying it from data brokers instead. 😳 ICE signed a contract with a company whose tool can track mobile phone movements or locate phones that have visited specific locations. No warrant. Taxpayer money. Done. One privacy attorney put it plainly: it's like the police paying your landlord $100 for a spare key and walking through your house without a warrant.

Now add AI to that picture. Anthropic's CEO Dario Amodei warned that records the government can purchase can be used by AI to assemble "a comprehensive picture of any person's life automatically and at a massive scale." That's not hypothetical. That's now. And the window to close this through FISA reauthorization closes April 20!

The business angle nobody's talking about: the same data brokers selling to ICE are selling data your employees, customers, and executives generate every day. You have no control over what happens to it after it leaves your app or browser. That should be in your risk conversation, not just your privacy policy.

🏛️ This is bipartisan; Republicans and Democrats are co-sponsoring the fix
📅 April 20 is the deadline

https://www.npr.org/2026/03/25/nx-s1-5752369/ice-surveillance-data-brokers-congress-anthropic
#Privacy #AI #Leadership #Cybersecurity #security #cloud #infosec #surveillance

Oh boy. Stanford researchers scanned 10 million web pages and found API keys just sitting in the public-facing code. That's 1,748 active credentials from major providers exposed in live website code, mostly inside JavaScript files. Not in old test environments. Not in a forgotten repo. In the live, running site. Banks. Healthcare providers. "Not just small companies, but some very large companies," according to the lead researcher. And some of those credentials had been sitting there for years. Not the first time I've seen something like this. 🤦🏻‍♂️

The thing is that most orgs are scanning their source code but not their deployed sites. 😳 Those are two different things, and most leaks originate during the build process. A key gets baked in somewhere between development and production, and nobody catches it because the scan already ran upstream. Meanwhile, GitGuardian counted over 28 million new hardcoded secrets exposed in public GitHub commits in 2025 alone. This isn't a one-time research finding it's a systemic habit that needs to change.

🔍 When did your team last scan the live site, not just the codebase?
🏦 If you're in a regulated industry, that question just became a compliance question too

https://www.newscientist.com/article/2520143-security-credentials-inadvertently-leaked-on-thousands-of-websites/
#Cybersecurity #AppSec #Leadership #security #privacy #cloud #infosec

For many people, there's Simply No Need For @microsoft Office anymore. Microsoft raised prices in January 2025 and added Copilot to every plan. Correlation isn't always causation, but come on. A Reddit comment calling it an "active impediment to workflow" got over 2,000 upvotes. That's not a fringe opinion, that's a signal. When your users are that vocal about the AI you forced on them, making things worse, you've got a product problem dressed up as a progress story. Remember #MicroSlop?

The part nobody wants to address at work: your company is probably still paying for 365 because switching feels hard, not because it's the best tool. Google's top-tier plan — 2TB of storage plus Gemini's paid features — costs the same $9.99 a month as Microsoft's lowest 365 tier. That math is hard to ignore if you're actually looking at it.

🔒 The real lock-in isn't the software anymore, it's inertia
📊 If your org hasn't audited this spend recently, now's a good time.

https://www.bgr.com/2130087/why-no-one-needs-microsoft-office-anymore/
#Microsoft #Leadership #Productivity #security #privacy #cloud #infosec #cybersecurity

The properties we built blockchain to have are now working against us. No central server. Immutable. Distributed across thousands of nodes globally. Those were supposed to be features. Now North Korean 🇰🇵 hackers figured out they're also a perfect place to park malware where nobody can pull the plug. The attack starts with a fake LinkedIn job offer, drops malicious code into a smart contract on Ethereum or BNB Smart Chain, and waits. There's no command-and-control server to raid. No hosting provider to call. No kill switch. One group alone has already hit roughly 14,000 WordPress sites this way. 🎯 The worst part isn't the technique. It's that your standard incident response playbook assumes there's something to take down. Here, there isn't.

🔐 Your defenders need to know this changes the containment math
📋 Your board needs to hear that "we took down the server" may not be an option anymore

https://www.pcmag.com/news/malware-is-sleeping-on-the-blockchain-and-its-already-infected-dozens-of
#Cybersecurity #Blockchain #InfoSec #security #privacy #cloud

A 20-year-old from Chico, California, accomplished what Senate hearings, congressional subcommittees, and parent groups have tried and failed to do for years. She persuaded a jury that Instagram and YouTube were designed to keep kids hooked, and that this was done on purpose. The jury awarded $6 million in damages, with Meta responsible for 70%. What really changed the case was internal emails showing the company knew what it was doing and kept going. That is the most troubling part, not just the verdict.

There is something important that has not been said clearly enough: this case was not about content. It was about design. The algorithm, the endless scroll, and the timing of notifications were at the center. For 30 years, Section 230 has protected these companies by treating them as neutral pipes. Now, this jury decided the pipe itself is the problem.

Hundreds of similar lawsuits are waiting in line. The first federal trial is set for June in San Francisco. For the first time, Zuckerberg took the stand, which probably means we will see more moments like this. Meanwhile, the plaintiff’s attorney used a jar of M&Ms to show the jury what $415 billion looks like. Was it corny? Maybe. But the jury got the point.

Tech companies have survived every regulatory threat by waiting them out. But juries are not as easy to influence.

https://www.latimes.com/california/story/2026-03-25/social-media-lawsuit-trial-meta-google-verdict
#SocialMedia #BigTech #Cybersecurity #DigitalSafety #Meta

Your brain runs on 15 watts, less than most light bulbs, and claims 20% of everything you eat. One fiftieth of your body weight. One fifth of your daily energy budget. SFI Professor David Wolpert calls it "off-the-charts fitness cost." Nothing in biology comes close.

Last month, 15 neuroscientists, evolutionary biologists, and physicists sat down to ask the question nobody had rigorously modeled: what survival advantage does intelligence actually return on that investment? The group hit a wall immediately. Energy and evolution were easy to define. Intelligence wasn't. Is it uniquely human? Or is it better described as the ability to do nonrandom things in your environment to capture more energy? They found enough common ground to move forward, but the sharpest constraint turned out to be time. You can be remarkably efficient if you have unlimited time to think. You don't.

They're now drafting a perspective paper and building a mathematical foundation. One researcher emailed Wolpert after saying he couldn't sleep all week, too many ideas percolating.

🔬 The ROI of having a brain is still an open equation, and the people who can finally model it are now in the same room.
⚡ 20% of your energy, 2% of your mass. Where the math works out has real implications for how we build and evaluate AI.

https://www.santafe.edu/news-center/news/working-group-asks-whats-the-benefit-of-a-brain
#Neuroscience #AI #Leadership #Evolution