Privacy Tip #446 – Department of Motor Vehicles Warns Drivers About Smishing Text Surge
Smishing schemes involving Departments of Motor Vehicles nationwide have increased. Scammers are sending SMS text messages falsely claiming to be from the DMV that “are designed to deceive recipients into clicking malicious links and submitting personal and/or financial information under false threats of license suspension, fines and credit score or legal penalties.”
The Rhode Island Division of Motor Vehicles (RIDMV) issued an alert to the public indicating that one of the smishing messages sent to drivers was a “final notice” from the DMV that states that if the driver doesn’t pay an unpaid traffic violation that enforcement penalties, including license suspension will begin imminently. The DMV warned drivers that the text message cites “fictitious legal code and link to fraudulent websites.”
The DMV warned drivers that the messages are not from the DMV and that it does “NOT send payment demands or threats via text message, and we strongly urge the public to avoid clicking on any suspicious links or engaging with these messages. Clicking any links may expose individuals to identity theft, malware, or financial fraud.”
The RIDMV provides these tips to avoid smishing scams:
Do NOT click on any links or reply to suspicious text messages.
Do NOT provide personal or financial information.
Be aware that DMV related information is sent via mail, not text messages.
Report fraudulent messages to the FBI’s Internet Crime Complaint Center (www.ic3.gov) or forward. them to 7726 (SPAM) to notify your mobile provider.
Report the message to the FTC.
These tips apply to all drivers. No state DMV is sending a text message to drivers, so if you get one, it is surely a scam. Do not be lured into clicking on links in text messages for fear of license suspension or other actions by the DMV. If you get a text purporting to be from DMV alleging your license is at risk, don’t click on the link—it’s a smishing scam.
FLIP OUT: New Complaint Against Humans, Inc. Demonstrates the Risk to App Publishers that Push SMS To Contact Lists
We are always on the lookout for the latest trends in TCPA litigation here at TCPAWorld.com.
Obviously the biggest trend right now is a massive increase in TCPA class actions– up over 100% year over year.
Also seeing a BIG increase in revocation suits.
But one type of case that has ALWAYS been with us, albeit without much fanfare, are suits arising out of app publishers that push SMS messages to contacts in consumer phones.
To highlight just how not new this phenomenon is, it was a central issue in the FCC’s omnibus ruling way back in 2015.
There the Commission held companies like GroupMe (who?) that automatically synch to a users contact list at the push of a button and send messages inviting them to join the app were potentially liable for TCPA violations caused by their users. In those cases GroupMe was viewed as the “initiator” of the message as they were so intertwined with the message’s sending that they could be fairly said to have made it themselves.
On the other hand, companies like YouMail that merely invited users to find contacts of their own to send messages to were deemed to not be the initiator of the texts– even though the texts promoted the YouMail product–because the consumer had selected the contacts to send messages to.
Fast forward to today and we see Humans, Inc. has developed a new app called Flip.
I know nothing about Flip, or Humans, or apps generally, or humans generally– but I DO know TCPA. And it looks to me like Flip may have been violating the TCPA– at least as alleged in a new complaint.
A person named YAHNI PEDIGREE (not sure if that’s a boy’s name or a girl’s name) sued Humans alleging receipt of unwanted messages.
The first message readL
93 people in your community joined Flip today. Refer friends nowwhile invite rewards are up 48%. https://flip.shop/invite-couponsStop2Quit
Uh oh.
See that “refer friends” note suggests Humans is inviting trouble.
Now perhaps this app is set up like YouMail where the user has to select who to invite to join the little Flip community. Ok fine. But wait, there’s more.
Plaintiff allegedly responded “stop” to end the messages but another message came hot on its heels:
Flip: Want $35?Share Flip with friends to claim! Tap to invitehttps://l.flip.shop/a/J6xYi
Not good.
Couple of things could be going on here.
Plaintiff could just be lying (always an option);
Flip could just be really bad at honoring stop notifications; or
(And I think this is the one) Flip has multiple users hitting consumers with invite at the same time.
Now if it is 3. that is a serious problem. It is akin to a real estate brokerage allowing individual agents to message consumers and then not honoring stops by preventing all agents from sending messages to that consumer.
Because Flip is identified as the sender here, it has the responsibility to assure that all “friends” doing the referring are prevented from messaging the same consumer after they say stop. How that is done is not my problem– but it is their problem, and they need to solve it because if these allegations are true it is bad news bears town.
Anyhoo, very interesting one here.
Plaintiff has plead this ONLY as an internal DNC class case– which is very weak– as apparently he/she did not have a number on the national DNC list. Given the weakness of the claim Humans might skirt this issue in this one– but it should definitely wise up to revocation needs (again, if the claims are true.)
Delay! Delay! Delay! FCC Commissioners Starks and Simington Announce Departure from FCC, Leaving FCC Without a Quorum
Federal Communications Commission Commissioners Geoffrey Starks and Nathan Simington have each announced that they are departing from the FCC on Friday, June 6. Effective with their departures, the FCC will be down to only two commissioners.
Bottom Line: Departures of FCC Commissioners Starks and Simington will leave the Commission with only two commissioners. Until an additional commissioner is confirmed by the Senate, the Commission cannot take Commission-level actions. As a result, Chairman Carr will temporarily be stymied in advancing his policy agenda and the Commission will be unable to rule on major merger transactions. While much of the FCC’s routine work will remain “business as usual,” these handicaps are likely to push the Senate to confirm a third commissioner sooner than originally anticipated.
Background
Commissioner Starks, a Democrat who was nominated by President Trump in his first term, has been a commissioner since 2019. Commissioner Simington, a Republican who was also nominated by President Trump during his first term, has been in office since December 2020.
On February 11, President Trump officially nominated Olivia Trusty, a former Senate Armed Services Committee Republican staffer, for the commissioner seat vacated by former FCC Chairwoman Jessica Rosenworcel. On April 9, the Senate Committee on Commerce, Science, and Transportation (Commerce Committee) held a hearing on Trusty’s nomination. On April 30, Trusty’s nomination was advanced through the Commerce Committee. A full Senate confirmation vote has not yet been scheduled partly due to a desire to wait to give her a full term rather than merely filling out the remaining portion of former Chairwoman Jessica Rosenworcel’s term. Thus, prior to these departure announcements, a full Senate vote on Trusty’s confirmation was deemed unlikely to happen before the July Fourth recess (the Senate returns from the July Fourth recess on July 7).
FCC Operations
The departures of Commissioners Starks and Simington will leave the FCC with only two commissioners, Republican FCC Chairman Brendan Carr, and Democratic FCC Commissioner Anna Gomez, until Olivia Trusty, is confirmed by the Senate.
Without at least three commissioners, the FCC would lack a quorum, which would deprive it of the ability to take Commission-level actions. This could mean removing all items from the agenda for the FCC’s June 26 Open Meeting as the Commission would not be able to hold formal votes on various items, including proposed rules and regulations and enforcement-related matters. Additionally, the Commission would not be able to act on requests for reconsideration of certain FCC actions taken under delegated authority.
While the FCC would temporarily not have its full regulatory functions, Commission staff would still be able to act under delegated authority. Pursuant to the Communications Act of 1934, as amended, the Commission has delegated authority to its staff to act on certain matters. Officials to whom authority is delegated are authorized to perform certain functions, such as issuing orders pursuant to such delegated authority. For example, the Chief of the FCC’s Wireless Telecommunications Bureau has been delegated authority to perform all functions of the Bureau, subject to certain limitations set forth in the FCC’s rules. As such, the Chief of the Bureau will still have the authority to issue and adopt routine licensing decisions.
Given that Commissioner Simington has announced that he is resigning June 6, Republicans will not have the 2-1 commissioner majority that they expected to when Commissioner Starks announced his forthcoming resignation on March 18. As such, there will likely be more pressure on Senate Republicans to hold a full Senate vote on Olivia Trusty’s confirmation prior to the FCC’s scheduled June 26 Open Meeting. Some Democrats, however, have committed to blocking her confirmation unless it is paired with a nomination of another Democratic commissioner.
This is likely to delay action on the proposed T-Mobile acquisition of UScellular as well as the contingent sale of other UScellular spectrum to AT&T and Verizon. The petition for reconsideration seeking to reverse EchoStar’s build out extension and the satellite spectrum proceeding is also on hold. Action on all rulemakings is paused and should the Supreme Court issue an adverse universal service decision, the FCC could be paralyzed and unable to take any necessary action. As far as the elimination of a host of FCC rules teed up from the Delete! Delete! Delete! Proceeding, it will be Delay! Delay! Delay!
As Chairman Carr noted in his blog today – Stay tuned!
U.S. Enacts Take It Down Act
On May 19, 2025, President Trump signed into law the Take It Down Act (“Act”), which bans the nonconsensual online publication of sexually explicit images and videos that are both authentic and computer-generated, and includes notice and takedown obligations for covered online platforms.
Below is a summary of key aspects of the Act.
Authentic Imagery and Digital Forgeries
Authentic Imagery. With respect to intimate visual depictions that are authentic and involve adults, the Act makes it unlawful for any person to use an interactive computer service to knowingly publish a depiction of an “identifiable” adult (e.g., based on a distinguishing characteristic such as a birthmark or recognizable feature) if: (1) it was obtained or created under circumstances in which the person knew or reasonably should have known the adult had a reasonable expectation of privacy; (2) what is depicted was not voluntarily exposed by the adult in a public or commercial setting; (3) what is depicted is not a matter of public concern; and (4) publication of the depiction is intended to cause harm or causes harm, including psychological, financial or reputational harm, to the identifiable individual. Regarding minors, the Act makes it unlawful for any person to use an interactive computer service to knowingly publish an intimate visual depiction of an identifiable individual minor with intent to abuse, humiliate, harass or degrade the minor or arouse or gratify the sexual desire of any person.
Digital Forgeries. The Act also makes it unlawful for any person to use an interactive computer service to knowingly publish a digital forgery of an identifiable adult if (1) the digital forgery was published without the consent of the adult; (2) what is depicted was not voluntarily exposed by the identifiable individual in a public or commercial setting; (3) what is depicted is not a matter of public concern; and (4) publication of the digital forgery is intended to cause harm, or causes harm, including psychological, financial or reputational harm, to the adult. Regarding minors, the Act makes it unlawful for any person to use an interactive computer service to knowingly publish a digital forgery of an identifiable minor with intent to abuse, humiliate, harass or degrade the minor, or arouse or gratify the sexual desire of any person.
Threats. The Act also makes unlawful certain threats to commit the unlawful offenses described above.
Exceptions. The Act contains certain exceptions, such as for a lawfully authorized investigative, protective or intelligence activity of government law enforcement and intelligence agencies; a disclosure made reasonably and in good faith to law enforcement, as part of a legal proceeding, for a legitimate medical, scientific or education purpose, in the reporting of unlawful content or unsolicited or unwelcome conduct, or to seek support with respect to the receipt of an unsolicited depiction; a disclosure reasonably intended to assist the identifiable individual; a person who possesses or publishes an intimate visual depiction of himself or herself engaged in nudity or sexually explicit conduct; or the publication of an intimate visual depiction that constitutes child pornography (as defined in 18 U.S.C. § 2256) or a visual depiction relating to obscene visual representations of the sexual abuse of children (as defined in 18 U.S.C. § 1466A).
Notice and Takedown Provisions
The Act also requires “covered platforms” (including certain websites, online services, online applications and mobile applications) to establish a process whereby an individual (or an authorized person acting on their behalf) may notify the covered platform of an intimate visual depiction published on the covered platform that includes the individual and was published without the individual’s consent to request removal of the depiction. Upon receiving a valid removal request, covered platforms must, within 48 hours of receiving the request, remove the intimate visual depiction and make reasonable efforts to identify and remove any known identical copies of the depiction. The Act provides that these provisions will be enforced by the Federal Trade Commission.
Penalties
Remedies for noncompliance with the Act include restitution and criminal penalties including fines and imprisonment not more than two years (or three years for offenses involving minors).
PHMSA Requests Comments on Repealing or Amending Pipeline Safety Regulations and Hazardous Materials Regulations to Eliminate Undue Burdens and Improve Government Efficiency
On June 4, 2025, the Pipeline and Hazardous Materials Safety Administration (PHMSA) issued two Advance Notices of Proposed Rulemaking (ANPRM) requesting comments whether to repeal or eliminate requirements in the federal pipeline safety regulations (PSR) and the federal hazardous materials transportation regulations (HMR) in order “to eliminate undue burdens on the identification, development, and use of domestic energy resources and to improve government efficiency.” The ANPRMs also request feedback on whether any related guidance documents, letters of interpretation, or materials implementing these regulations should be amended or eliminated. In addition, with respect to the HMR, PHMSA requests input on whether any widely-used hazardous materials special permits with established safety records should be converted into deregulatory provisions so that they have broader applicability.
Comments on both ANPRMs are due August 4, 2025.
The ANPRMs do not propose to amend any existing regulations. The purpose of the ANPRMs is to gather information from stakeholders to inform future notices of proposed rulemakings that will request comment on specific proposed regulatory changes. After receiving comments PHMSA has indicated that it may convene public meetings to supplement or clarify comments and materials received.
The ANPRMs are important because they reflect PHMSA’s ongoing initiative to comprehensively review current pipeline safety regulations and the regulations governing the safe transportation of hazardous materials to ensure that they are cost effective while achieving their safety and environmental objectives. Other related initiatives include PHMSA’s ANPRM seeking comments on repair criteria for gas transmission, hazardous liquid and carbon dioxide pipelines and PHMSA’s ANPRM requesting input on opportunities to amend existing safety regulations governing liquefied natural gas facilities. The ANPRMs provide industry stakeholders a valuable opportunity to inform the regulatory process and influence regulatory amendments that PHMSA is expected to propose in the coming months.
Background The ANPRMs explain that PHMSA has an obligation to ensure that the burdens imposed on stakeholders by the PSR and HMR are necessary to serve the public interest. PHMSA states that, while it has conducted numerous regulatory reviews over the years and that the costs of many, if not most, of the PSR and HMR are justified by their benefits, additional improvements can be made to reduce regulatory burdens and costs. The ANPRMs note that many provisions of the PSR and HMR have been in place for decades without undergoing a comprehensive cost-benefit review. The Pipeline Safety Act did not require cost-benefit analyses for new regulations until 1996, and the Hazardous Materials Transportation Act does not contain the requirement. In addition, federal courts have questioned the rigor of PHMSA’s cost-benefit analyses to support some provisions in recent pipeline safety regulations and the cost-benefit analyses for proposed amendments to the HMR have been questioned by stakeholders and by Congress.
PHMSA also explains that the ANPRMs respond to multiple Executive Orders issued by President Trump requiring that agency heads alleviate unnecessary regulatory compliance burdens and promote the integrity and expansion of U.S. energy infrastructure.
PHMSA is requesting input on whether to repeal or eliminate requirements in the federal PSR (49 C.F.R. Parts 190 – 199), as well as in any related guidance, letters of interpretation, and materials implementing regulatory requirements to achieve the objectives of recent Executive Orders. PHMSA also seeks comments on whether the PSR should contain provisions mandating periodic regulatory reviews.
To inform PHMSA’s initiative to ensure that the benefits of the PSR outweigh their burdens and costs, the PSR ANPRM requests feedback on the following “key topics:”
Identification of regulatory provisions of the pipeline safety regulations, including any implementing guidance, such as letters of interpretation, “that could impose an undue burden on identification, development, and use of domestic energy resources, or that are examples of government inefficiency insofar as they impose outsized compliance burdens for comparatively small safety benefits or limit technological innovation;”
“The nature and magnitude of those burdens, including identification of the regulated entities – i.e., the specific categories of gas and hazardous liquid pipeline facilities – burdened, as well as the compliance costs and implementation challenges experienced by those entities;”
Potential amendments to, or rescission of, those regulatory provisions;
“The incremental compliance costs and benefits (including benefits pertaining to avoided compliance costs, safety harms, and environmental harms) anticipated from those amendments;” and
“The technical feasibility, reasonableness, cost-effectiveness, and practicability of those potential amendments.”
In addition, the PSR ANPRM poses 18 questions focused on procedural regulations and actions and specific pipeline safety regulations, including requirements pertaining to reporting and notification; consensus industry standards; material, design, testing, construction, or corrosion control; operating and maintenance; personnel qualification and training; integrity management; siting of LNG facilities; and drug and alcohol testing.
With respect to incremental cost and benefit information, PHMSA requests “per-unit, aggregate, and programmatic (both one-time implementing and recurring) data.” PHMSA also requests that stakeholders explain the bases or methodologies used in generating both cost and benefit data, including data sources and calculations so that PHMSA can explain its support for any estimates it provides with a proposed rule and so that other commentors may address the validity and accuracy of such data.
ANPRM on Hazardous Materials Program Procedures and Hazardous Materials Regulations the HMR ANPRM poses a total of 34 specific questions related to procedural regulations and actions, hazardous materials program procedures (49 C.F.R. Part 107), and the HMR (49 C.F.R. Parts 171-180). The HMR ANPRM also requests stakeholder feedback on the following “key points:”
Identification of specific regulatory provision in the HMR, along with implementing guidance or interpretations, that may impose an undue burden on identification, development, and use of domestic energy resources. The ANPRM seeks “examples of government inefficiency, where compliance requirements impose significant burdens relative to minimal safety benefits or hinder technological innovation;”
“The nature and magnitude of these burdens, including the specific categories and number of regulated entities affected, as well as the compliance costs and implementation challenges experienced by those entities;”
“Suggestions for potential amendments (including any rescissions) to those regulatory provisions;”
“An assessment of the increased compliance costs and benefits (including benefits pertaining to avoided compliance costs, safety harms, and environmental harm anticipated from those amendments;”
“The safety consequences of any proposed amendments.”
With respect to incremental cost and benefit information, PHMSA requests “per-unit, aggregate, and programmatic (both one-time implementing and recurring) data.” PHMSA also requests that stakeholders explain the bases or methodologies used in generating both cost and benefit data, including data sources and calculations so that PHMSA can explain its support for any estimates it provides with a proposed rule and so that other commentors may address the validity and accuracy of such data.
Oklahoma Expands its Security Breach Notification Law
The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The Amendment includes new definitions, mandates reporting to the state Attorney General, clarifies compliance with similar laws, and provides revised penalty provisions, including affirmative defenses.
Definitions
The Amendment provides clearer definitions related to security breaches, specifying what constitutes “personal information” and “reasonable safeguards.”
Personal Information: The existing definition for “Personal Information” was expanded to also include (1) a unique electronic identifier or routing code in combination with any required security code, access code, or password that would permit access to an individual’s financial account and (2) unique biometric data such as a fingerprint, retina or iris image, or other unique physical or digital representation of biometric data to authenticate a specific individual.
Reasonable Safeguards: The Amendment provides an affirmative defense in a civil action under the law for individuals or entities that have “Reasonable safeguards” in place, which are defined as “policies and practices that ensure personal information is secure, taking into consideration an entity’s size and the type and amount of personal information. The term includes, but is not limited to, conducting risk assessments, implementing technical and physical layered defenses, employee training on handling personal information, and establishing an incident response plan”.
Mandated Reporting and Exceptions
In the new year, entities required to provide notice to impacted individuals under the law in case of a breach will also be required to notify the Attorney General. The notification must include specific details including, but not limited to, the type of personal information impacted the nature of the breach, the number of impacted individuals, the estimated monetary impact of the breach to the extent such can be determined, and any reasonable safeguards the entity employs. The notification to the Attorney General must occur no more than 60 days after notifying affected residents.
However, breaches affecting fewer than 500 residents, or fewer than 1,000 residents in the case of credit bureaus, are exempt from the requirement to notify the Attorney General.
In addition, an exception from individual notification is provided for entities that comply with notification requirements under the Oklahoma Hospital Cybersecurity Protection Act of 2023 or the Health Insurance Portability and Accountability Act of 1996 (HIPAA) if such entities provide the requisite notice to the Attorney General.
What Entities Should Do Now
Inventory data. Conduct an inventory to determine what personal information is collected given the newly covered data elements.
Review and update policies and practices. Reevaluate and update current information security policies and procedures to ensure proper reasonable safeguards are in place. Moreover, to ensure that an entity’s policies and procedures remain reasonably designed, they should be periodically reviewed and updated.
Quantum Computer Hardware: How Quantum Computers Are Implemented
In the previous article titled “The Basics: How Quantum Computers Work and Where the Technology is Heading,” we provided an overview of foundational quantum computing concepts, including qubits (quantum bits), superposition, and entanglement. Building on these principles, in this article we will provide an overview of how qubits are implemented in real, physical systems to make quantum computing possible. There are many leading approaches to quantum hardware design, each with different techniques for maintaining qubit stability and minimizing decoherence. Among them, promising approaches include (1) neutral atom quantum computers, (2) trapped ion quantum computers, (3) superconducting quantum computers, and (4) spin qubit quantum computers. We explore the underlying physical systems of each approach, discussing their advantages and trade-offs, while recognizing that the development of each creates different implications.
Neutral Atom Quantum Computers
Neutral atom quantum computers operate using lasers or electromagnetic fields to trap neutral atoms in a localized region. In such systems, neutral atoms serve as qubits by storing quantum information in the energy levels of the atoms’ electrons or hyperfine states of the atoms. The internal states of the neutral atoms serve as the logical |0⟩ and |1⟩ states of the qubits.
Precisely controlled laser or electromagnetic pulses are used to manipulate the neutral atoms to initialize the qubits, carry out quantum operations, and perform measurements of their quantum states. Single-qubit operations can be achieved by applying tuned laser or electromagnetic pulses to couple two selected internal energy levels of a single atom. The duration, frequency, and intensity of the pulses can be adjusted to change the qubit’s state from |0⟩ or |1⟩, or any superposition in between, to perform different gates with the single atom.
Neutral atom quantum computers can implement two-qubit gates by leveraging the “Rydberg blockade” effect. To do so, lasers or electromagnetic pulses are used to excite a qubit to a high-energy state known as the “Rydberg state.” When shifting to this high-energy state, the excited atom shifts the energy levels of neighboring atoms, preventing those neighboring atoms from being excited to similar energy states. The Rydberg blockade effect can be used to establish superposition between two neighboring atoms, producing multi-qubit gates.
Advantages of neutral atom quantum computers include high scalability and uniform qubit characteristics through large arrays of common atoms. Laser and electromagnetic pulses also provide precise control over qubit states. However, trapping and stabilizing neutral atoms is challenging because minor misalignments or power changes in the laser beams can cause atoms to drift or escape. Additionally, all neutral atoms must be maintained in a controlled vacuum environment to prevent decoherence due to collisions with background gases.
Trapped Ion Quantum Computers
In contrast to neutral atom quantum computers, trapped ion quantum computers confine (e.g., immobilize) charged atomic particles (ions) in free space using electromagnetic fields. Motion of each trapped ion is mitigated by laser-cooling the ions to near their ground state. Like neutral atom quantum computers, each atom in a trapped ion system operates as a qubit that encodes quantum information in the electronic or hyperfine states of each ion (e.g., using laser or microwave pulses).
Multi-qubit operations are realized in trapped ion quantum computers by coupling the ions’ internal qubit states to shared vibrational modes between proximate ions. As the ions are trapped within the electromagnetic field, any vibrational motion of one ion (e.g., induced via laser pulses) causes multiple ions to exhibit quantized motion through Coulomb interactions (i.e., electromagnetic repulsion between the charged ions). With precisely controlled laser or electromagnetic pulses, the induced vibrations can cause selected ions to become entangled, allowing for various multi-qubit gates and quantum operations.
Trapped ion quantum computers have several advantages, including low error rates with long coherence times, high-fidelity quantum gates, extensive possible arrangements of entangled particles (i.e., with each ion in a trap capable of being entangled with any other ion in the trap), along with well-understood and standardized gate schemes that facilitate straightforward implementation of quantum algorithms.
However, these systems typically involve slower processing times compared with systems that use solid-state qubits (e.g., superconducting circuits or silicon-based qubits). Additionally, trapped ion systems typically require complex laser and electromagnetic infrastructure to achieve useful results. Like neutral atom systems, trapped ion systems require controlled vacuum conditions to prevent decoherence due to collisions with background gases or other particles.
Superconducting Quantum Computers
Superconducting quantum computers leverage the properties of superconducting materials to create and control qubits. Superconducting materials, or “superconductors” are materials that can conduct electricity with no resistance or energy loss. Superconductors operate at extremely low temperatures, typically within a few kelvins of absolute zero (e.g., 1 to 20 K or -272 to -253°C). Superconducting quantum computers use a superconductor structure called “Josephson junction” to implement superconducting qubits (e.g., superconducting electronic circuits).
Josephson junctions are thin, insulating barriers positioned between superconducting materials, which can be used to create a variety of different qubits, including transmon qubits and flux qubits. Transmon qubits are created by connecting a Josephson junction in parallel with a relatively large capacitor. This creates a non-linear LC oscillator, which enables the creation of discrete energy levels to implement quantum computing. Quantum information can be encoded in the energy states of transmon qubits using microwave pulses, which induce transitions between the discrete energy levels of the qubit. Transmon qubits can be entangled using capacitive coupling or inductive coupling of adjacent qubits, or through coupling to a common resonator, such as a microwave cavity or transmission line.
On the other hand, flux qubits are formed using a “superconducting loop,” or current path, that includes one or more Josephson junctions. Flux qubits encode quantum information in the magnetic flux of each qubit, mediated by the direction of current through the superconducting loop. The current directions (e.g., clockwise or counterclockwise) serve as the logical |0⟩ and |1⟩ states of the qubits. Flux qubits are controlled using a combination of external magnetic flux tuning and electromagnetic pulses. More specifically, the pulses and magnetic flux can be used to externally adjust the state of the qubit, inducing transitions between |0⟩ and |1⟩ states and implementing single-qubit gates. Multi-qubit gates can be achieved through entangling flux qubits via inductive coupling of adjacent qubits, shared Josephson junctions, or coupling to common resonators.
Implementing quantum computers using superconductors has a number of benefits, including very fast gate operations and the ability to manufacture such systems using lithographic techniques that are similar to those used to manufacture conventional semiconductor circuits. Superconducting quantum computers are also easy to scale due to their ease in manufacturing, and benefit from a well-established research community. However, superconducting suffers from limited coherence times and can only operate at ultracold temperatures. Such systems are also susceptible to noise, particularly from crosstalk produced from electromagnetic pulses used to control individual qubits.
Spin Qubit Quantum Computers
Spin qubit quantum computers implement spin qubits, which encode quantum information within the spin of charge carriers (e.g., electrons) in semiconductor materials. Spin is a quantum property of subatomic particles that can be in a superposition of up or down, which can respectively represent the logical |0⟩ and |1⟩ states of the qubits. Quantum information of each electron (e.g., spin-up and spin-down states) can be controlled by rotating the spin of an electron in “quantum dots.” Quantum dots are regions within the semiconductor material that confine electrons in all three spatial dimensions. In some systems, donor atoms implanted in semiconductor material, such as atoms of phosphorous implanted within a silicon substrate, can be used to isolate the spin of electrons.
Spin qubits can be controlled using a variety of optical, electromagnetic, or thermal techniques. In some systems, single-qubit gates can be implemented by controlling the state through the application of an oscillating magnetic field tuned to the frequency of the target qubit. Oscillating electric fields may also be used to transition the spin of one or more qubits to a desired state.
Multi-qubit gates can be implemented by providing a tunnel barrier between two quantum dots or donor atoms. The interaction between spins causes the two adjacent electrons to become entangled, which can be used to create gates. The multi-qubit gates can be controlled by applying a voltage across the gate, which affects how the spins of the adjacent electrons interact.
Spin qubit quantum computers have a number of advantages, including long coherence times, small footprint, and compatibility with existing semiconductor manufacturing processes. However, such approaches still require extremely low temperatures to operate (e.g., near absolute zero). Additionally, spin qubit quantum computers suffer from poor scalability due to complex circuitry required to precisely route high-frequency voltage signals to each qubit within the system.
Nitrogen-Vacant Qubits
A promising new paradigm in quantum computing leverages nitrogen-vacancy (NV) centers in diamond to create robust, room-temperature qubits. NV centers are atomic-scale defects in the diamond lattice, consisting of a nitrogen atom adjacent to a vacancy, which exhibit spin-dependent photoluminescence and exceptionally long spin coherence times. These properties allow the NV centers to function as potentially highly stable qubits that can be initialized, manipulated, and read out optically or through microwave fields. Unlike many other quantum systems that require extreme cooling, NV center qubits maintain quantum coherence even at room temperature, opening the door to more practical and scalable quantum devices. Additionally, their sensitivity to magnetic, electric, and thermal environments enables advanced quantum sensing applications alongside quantum computation. This diamond-based approach combines biocompatibility, durability, and potential for integration with existing semiconductor technology, making it a strong candidate for the next generation of quantum technologies.
The Implications
These quantum computing approaches or implementations have different technological advantages, timelines for maturity and commercial readiness, supply chains, potential strategic partnerships, use cases, product impacts, costs, etc., as suggested. Understanding the various implications will be important for assessing impact, strategic and otherwise. As the race for quantum supremacy and for consumer-grade quantum computing intensifies, it will shape investments, strategic decisions, business timelines, and risk analysis. While it is too early to ascertain which approach(es) may achieve dominance, now is the time for strategists, analysts, and decision-makers to become familiar with the candidates.
SB 690 – THE CIPA AMENDMENT WE HAVE ALL BEEN WAITING FOR – UNANIMOUSLY PASSES SENATE! The Bill Could Allow Online Tracking Technologies If Used For A “Commercial Business Purpose”
In a decisive 32-0 vote on June 03, 2025, the California State Senate cleared SB 690, signaling its support for an amendment that would drastically alter the state’s wiretapping statue. The Senate had until June 6, 2025 to approve SB 690 and refer it to the California State Assembly.
As we reported earlier this week (https://cipaworld.com/2025/06/02/cookie-cutter-solution-senate-bill-690s-commercial-business-purpose-exemption-could-crumble-cipa-lawsuits/), SB 690 seeks to exempt the use of website tracking technologies – such as pixels, cookies, and session replays – from the California Invasion of Privacy Act (“CIPA”) if these technologies are deployed for a “commercial business purpose.”
Proponents of SB 690 have emphasized the need to curb aggressive and often frivolous CIPA lawsuits arising out of the use of website tracking tools in recent years. Given the unanimous vote, there appears to be bipartisan momentum to reform one of the most heavily litigated state privacy statutes. However, as SB 690 moves to the Assembly, the debate is likely to sharpen around efforts to harmonise CIPA with California’s data privacy law – the California Consumer Privacy Act (“CCPA”). Critics have already pointed out that the CCPA does not let consumers file lawsuits for most privacy violations, leading to concerns that SB 690 may weaken meaningful protection.
What’s clear is that SB 690 is on a fast track to reshape California’s privacy litigation and enforcement landscape.
COMMISSION GUTTED?: Rumors and Withdrawals Suggest FCC May Soon Be Unable to Act
So it is being reported by Communications Daily that FCC Republican Commissioner Nathan Simington is expected to either leave the agency or announce his imminent departure this week.
That’s fascinating and unexpected- at least by me. Simington has proven a good friend to business and one of the sharpest defenders of small business– at least when it comes to TCPA issues. And he was the anti-230 crusader (I thought, at least) and there is still a ton of work to be done with Big Tech.
But nonetheless it seems like Simington may be headed out, which makes things very tricky for the FCC.
Specifically, we know Democratic Commissioner Geoffrey Starks has already announced he is leaving the FCC before the FCC June 26 Open Meeting. Plus we know former Chairwoman Rosenworcel has already stepped down.
That means the FCC is operating with four Commissioners currently– and soon to be three when Starks walks away.
Now three is an important number because that still qualifies as a quorum and so the FCC can theoretically continue passing items even if Starks leaves.
But if Simington’s departure is imminent– unclear on timing– the FCC might be left with just two Commissioners– Republican Chairman Carr and Democrat Anna Gomez until Trump’s Republican nominee Olivia Trusty is confirmed by the Senate.
Trusty is widely expected to go sailing through approvals but with the Senate tied up with BBB chaos it seems as if Trusty’s nomination may slip past the July 4 break (don’t know that, but havent heard otherwise.)
With just two Commissioners installed the FCC would not be able to take any action whatsoever. Presumably Simington has this in mind as he ponders his departure but one never knows.
I’m already on record saying I am not interested in an FCC commissionership– I was apparently under consideration during Trump’s first term– so the nation will have to turn its lonely eyes elsewhere for FCC assistance. I have broader political ambitions at this moment.
KOSA is Back and Still Controversial
On May 14, 2025, the Kids Online Safety Act (KOSA), SB 1748, was reintroduced for the fourth time by original sponsor Marsha Blackburn (R-TN), joined by Senators Richard Blumenthal (D-CT), John Thune (R-SD), and Chuck Schumer (D-NY). First introduced in 2022, and then again in 2023 and 2024, KOSA imposes a duty of care on online platforms (including online gaming, messaging applications, and video streaming services) to minimize harms to minors. The history of various iterations of KOSA is of interest as it reflects the ongoing debate about platform obligations and First Amendment rights of platforms and consumers.
As originally introduced, KOSA mandated that platforms “prevent and mitigate the heightened risks of physical, emotional, developmental, or material harms to minors posed by materials on, or engagement with, the platform.” Business associations, members of Congress, and privacy advocates expressed concern that this standard would violate the First Amendment. In 2024, KOSA was amended to clarify that platforms must exercise reasonable care to mitigate harm to minors in the creation and implementation of design features rather than content. The 2024 version of KOSA also raised the age threshold of the Children’s Online Privacy Protection Act (COPPA) from 13 to 17 by folding into its provisions COPPA’s potential successor, the proposed Children and Teens’ Privacy Protection Act (COPPA 2.0), which also banned targeted advertising to minors under 17. Then renamed The Kids Online Safety and Privacy Act (KOSPA), the bill passed the Senate overwhelmingly in 2024 with bipartisan support.
In September 2024, a House Energy and Commerce Committee markup amended KOSPA by narrowing the bill’s “duty of care” provisions and list of potential online harms. Nonetheless, these changes were insufficient to convert some members of Congress who remained concerned that KOSPA’s “duty of care” language still violated the First Amendment. An eleventh-hour revision drafted with input from X owner Elon Musk (December 2024 draft) included new language clarifying that KOSPA would not require platforms to “prevent or preclude” minors from conducting independent research or requesting information on prevention or mitigation of harms such as depression, compulsive behavior, addiction, and sexual abuse. In addition, it barred government entities from censoring, limiting, or removing any content from the internet “based upon the viewpoint of users expressed by or through any speech, expression, or information protected by the First Amendment to the Constitution of the United States.” However, the bill did not pass in the House.
SB 1748, again called “KOSA,” reverts to the Senate version as amended by the December 2024 draft, but with a key difference: the COPPA 2.0 provisions were stripped out in their entirety. (COPPA 2.0 was reintroduced as a standalone bill, SB 836, in March this year). Notably, the duty of care language in SB 1748 remains untouched from the December 2024 draft and KOSA’s broad definition of “covered platform” – defined as “an online platform, online video game, messaging application, or video streaming service that connects to the internet and that is used, or is reasonably likely to be used, by a minor” – was left intact.
New Federal Trade Commission (FTC or Commission) Chair Andrew Ferguson has indicated that children’s privacy and protection online is a chief priority for the Commission this year. And, indeed, the FTC seems to be moving in that direction. On January 16, 2025, the Commission announced finalization of the long-awaited update to the COPPA Rule. While subject to the Executive Order requiring a review of rules, the final COPPA Rule was subsequently published in the Federal Register on April 22, 2025. The new COPPA Rule will come into effect on June 23, 2025. Meanwhile, the FTC has scheduled a June 4 workshop, The Attention Economy: How Big Tech Firms Exploit Children and Hurt Families | Federal Trade Commission, which may shed more light on current FTC thinking on issues that KOSA seeks to address.
The revisions included in SB 1748 do not necessarily resolve concerns about impingement on First Amendment rights, among other issues, and the relatively weak conflict preemption clause of KOSA will not result in the withdrawal or elimination of state age-appropriate design code acts and similar laws. Technology industry organizations have challenged state bills that impose similar restrictions and requirements on platforms that KOSA seeks to address with some success. If KOSA does become law, we can expect further legal challenges to be filed.
Cyber Liability Insurance: Is It Worth It?
Cybersecurity incidents and cybercrime are on the rise in every sector of industry and against businesses and organizations of all sizes.
In connection with the increase in the number of incidents and attacks, the scope and impact of the incidents and attacks are also growing. With the rise in frequency and impact of cybersecurity incidents and cybercrimes, many companies are left wondering when (not if) they will be targeted and how large of a cost it will be. Costs associated with investigating, mitigating, remediating, and notifying of a cybersecurity incident or cybercrime can be substantial, and most businesses do not have the operational funds available to cover such costs when they suddenly arise. In order to hedge their bets, these companies are looking to cyber liability insurance policies to transfer these costs, and the risks they pose, from themselves to their insurance carriers.
Similar to traditional types of insurance, cyber liability insurance is intended to provide relief in the event of a loss or liability event. In the context of cyber liability insurance, the loss or liability event is often a cybersecurity incident or cybercrime. Cyber liability insurance policies often consist of first-party coverage, protection for the company from losses that directly impact the company, and third-party coverage, protection for losses suffered by other companies and individuals due to having a relationship with the impacted company.
Cyber liability insurance policies tend to vary depending on the provider and the policy, but generally, cyber liability insurance covers or has the potential to cover the following:
Incident Investigation: Following discovery of a cybersecurity incident, companies need to engage a firm that can conduct a forensics investigation to determine what happened, how the threat actor was able to access the systems, and what data was accessed or exfiltrated. Cyber liability insurance helps businesses pay for the investigation, which can amount to a significant cost depending on the complexity of the systems, size of the organization, amount of data involved, and the sophistication of the incident or attack.
Ransom demands: Ransomware attacks are becoming more common and usually involve a threat actor demanding a fee to unlock, return, or not publicly disclose sensitive or confidential data. Such ransom demands can range from tens of thousands to millions of dollars. While there is a difficult decision to be made regarding whether to pay the ransom or not, if a company chooses to pay the ransom, its cyber liability insurance coverage can help the company cover the costs of the ransom demands.
Customer notifications: Businesses are usually required to notify impacted parties of a data breach, especially if it involves the loss or theft of personally identifiable information (PII). Cyber liability insurance can help businesses pay for this process.
Mitigating impacts to personal identities: Cyber liability insurance can help businesses provide credit or identity monitoring services to impacted individuals, which helps businesses show that they are doing all they can to help mitigate the impact for individuals who trusted them with personal information following a cybersecurity incident.
Data recovery: To the extent possible, cyber liability insurance policies generally cover the cost of recovery of any data compromised by an attack.
System damage repair: Similarly, cyber liability insurance can cover the costs of restoring a business’s systems from a backup or rebuilding an impacted system to allow the business to return to full operational capacity.
Costs associated with Data breaches: Cyber liability insurance can help businesses pay for certain other costs associated with a security incident or data breach, including legal fees and fees for information technology teams.
In addition to being aware of what a cyber liability insurance policy covers, it is also important for businesses who have or who are contemplating procuring cyber liability insurance to be aware of common exclusions featured in cyber liability insurance policies. Often excluded from these policies are issues caused by or due to human error or negligence, such as:
Poor security processes: If a cybersecurity incident resulted from the company implementing and maintaining outdated, ineffective, or inappropriate security measures, the cyber liability insurance policy may not cover the incident.
Prior Security Incidents: Security incidents that occurred before the business purchased the insurance policy are typically excluded.
Human error: A security incident caused by human error of the company’s employees is often excluded.
Insider attacks: A security incident that an employee of the company was responsible for or carried out is typically excluded.
Preexisting vulnerabilities: If a security incident was caused by a vulnerability that was known to the company, which was not remedied, the incident may not be covered.
Technology system improvements: Costs related to upgrading or improving the company’s systems and networks are not covered under cyber liability policies.
Cyber liability insurance is effective to manage and reduce the financial impact to a company in the event of a cybersecurity incident or cybercrime; however, it is not a substitute for having appropriate safeguards, policies, and practices in place to protect against a cybersecurity incident. And having such measures in place can improve the coverage available to a company—both in terms of scope and affordability—as cyber liability insurance carriers evaluate a company’s cybersecurity efforts when considering whether to bind a particular policy (i.e. as part of their underwriting and policy issuance decision-making process).
When looking to obtain a cyber liability insurance policy, there are several important considerations to ensure the policy covers the types of threats and costs the company may face due to a cybersecurity incident.
Certain industries and companies may be more likely to be a target of certain types of cyber-attacks. For instance, hospitals and law firms typically handle and store sensitive and confidential information. A hospital or law firm may likely be a target of a ransomware attack where a threat actor infiltrates the company’s systems to exfiltrate and encrypt the valuable sensitive data held by the company, threatening to publicly disseminate the information unless the company pays a substantial ransom amount. A utility company, on the other hand, may not have significant sensitive or confidential information of its customers and thus be less likely to be a target of ransomware attacks, but may be more likely to be a target of a distributed denial of service (DDoS) attack or cyber-attack that shuts down the services provided by the utility company, massively impacting a large number of people or entire geographic areas.
Similarly, depending on the industry and sensitivity of data typically handled by the industry, the costs associated with a cybersecurity incident may vary. The damages resulting from a cybersecurity incident involving sensitive data in the medical or financial industry can be significantly higher than a data breach of contact or shipping information in the logistics or courier industries.
Accordingly, businesses should carefully consider the sensitivity of the data they process, the risks of handling such data, the types of cybersecurity incidents and attacks they may be susceptible to, and the nature and scale of damages that can arise from a breach of the data they are entrusted with in considering a cyber liability insurance policy to ensure the types of cyber security incidents or attacks it may face, and the amount of damages it can expect are adequately covered under the cyber liability insurance policy.
State Department Halts New Student Visa Interviews, Expands Social Media Vetting
Takeaways
New student visa interviews are temporarily paused as of 05.27.25 to implement enhanced social media and security screening.
Applicants with existing appointments are likely not affected, but new applicants will face delays.
Consular officers are instructed to scrutinize applicants’ online presence, including private or limited social media accounts or the lack of any online presence.
The U.S. Department of State (DOS) has temporarily paused the scheduling of new visa interviews for international students and exchange visitors applying for F, M and J visas. This directive, effective May 27, 2025, is part of a broader national security initiative to expand social media and security vetting for nonimmigrant visa applicants.
Applicants who have already secured interview appointments are likely not affected by this suspension and should proceed as scheduled. However, new applicants may experience delays until further guidance is issued.
Pursuant to Executive Order 14161, “Protecting the United States from Foreign Terrorists and Other National Security,” and Executive Order 14188, “Public Safety Threats and Additional Measures to Combat Anti-Semitism,” DOS has taken a series of actions to escalate security efforts, including launching their AI-driven “Catch and Revoke” program and announcing plans to “aggressively” revoke visas issued to certain Chinese students. The latest halt in scheduling visa appointments signals a further escalation in scrutiny of nonimmigrant visa applicants.
In a May 30 cable, Secretary of State Marco Rubio instructed consular officers to:
Apply “extra vigilance” in screening visa applicants for possible threats to U.S. national security.
Consider limited or private social media accounts as potential red flags that reflect “evasiveness and call into question the applicant’s credibility.”
Refuse visas if an applicant’s credibility cannot be confirmed.
Although the cable initially focused on applicants traveling to Harvard University, the enhanced vetting is expected to expand to all international students. DOS may announce similar measures for other groups of visa applicants.
International students currently in the U.S. on F-1 status who have been selected in the FY2026 H-1B lottery and have a pending or approved H-1B petition should exercise caution when considering international travel on F-1 status. If such students depart the U.S. without a valid F-1 visa stamp, they may face challenges in obtaining a new visa because of the current pause in interview scheduling. This could result in delays in returning to the U.S.
This policy shift could delay the arrival of new international students for the upcoming academic year and complicate travel plans for current students. Universities and employers should prepare for increased uncertainty in visa processing timelines and advise students accordingly.