Two weeks ago, the Supreme Court ruled that ISP giant Cox Communications couldn’t be held liable for a billion-dollar judgment over music piracy in a case brought by Sony. On Monday, by sending another case back to a circuit court involving Grande Communications and music companies, including Sony, for reconsideration, the court seems to be reinforcing the idea that internet service providers can’t be held liable for their customers’ copyright infringement.

The Supreme Court relied on the precedent from the first case to send the second back, reinforcing the earlier decision. 

Grande Communications is a Texas-based subsidiary of Astound Business Solutions.

A Sony Music representative didn’t immediately respond to a request for comment.  

The two cases back-to-back appear to suggest that copyright owners, like music companies, can’t expect to be compensated by broadband providers (including, presumably, wireless companies such as AT&T and Verizon) that have customers who engage in intellectual property theft across their networks. 

What this means for ISPs and customers

Eric Goldman, an associate dean for research and professor at Santa Clara University School of Law, says these decisions buck prior cases. 

“The Cox ruling upended decades of fairly well-settled precedent without any clear explanation of why the Supreme Court chose to reset the rules,” he said. “At minimum, the Supreme Court made clear that copyright owners have overreached with their copyright claims against ISPs for user-caused infringement. Thus, the Supreme Court’s message to copyright owners is that they need to be more reasonable and less demanding in their dealings with ISPs.”

Goldman said he doesn’t expect the case to have much impact on internet customers. In the face of less resistance, it’s likely ISPs will maintain their current policies and restrictions on piracy, although another legal expert, David B. Hoppe, founder of Gamma Law, said some might reduce the resources they spend on identifying or terminating accounts of content pirates.

“However, the decision does not reduce the liability exposure of websites that facilitate or encourage infringement, and probably does not affect the ability of copyright owners to cause hosting providers to terminate websites that are facilitating or encouraging infringement,” Hoppe said.

The court, he said, drew a clear distinction between passive ISPs who serve as intermediaries of content and those who actively facilitate or encourage piracy or show intent to engage in copyright infringement. 

Something that remains to be seen is whether the Supreme Court’s judgment favoring ISPs also extends to web hosts that facilitate sites that engage in mass-scale piracy of material such as music, movies and video games.

“Already, we’ve seen one lower court imply that the Supreme Court holding only applies to ISPs and not web hosts, even though the Supreme Court opinion did not make that distinction,” Goldman said.

The U.S. government is warning that Iran-backed hackers are escalating their tactics by targeting American critical infrastructure systems with the aim of causing disruption.

In a joint advisory published Tuesday, the FBI, the National Security Agency, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Department of Energy collectively warned that Iranian government hackers have been exploiting internet-facing systems used across a range of sectors. These include water and wastewater utilities, as well as energy and local government facilities. The agencies did not specifically name any of the targets but said that the hacks were aimed at causing “disruptive effects within the United States” and had already resulted in “operational disruption and financial loss.”

The hackers targeted programmable logic controllers and supervisory control and data acquisition (SCADA) products, which are used to control and manage industrial equipment and systems in critical infrastructure operations, the agencies said. The agencies said that the hackers were able to manipulate information displayed on these devices and maliciously interact with project files that store important device configurations.

The agencies said that the hacks targeting critical infrastructure are a marked escalation in tactics by Iranian hackers, likely in response to the U.S.-Israel war with Iran, which began on February 28 with air strikes that killed the country’s leader. 

The advisory also comes shortly after U.S. president Donald Trump threatened Iran in a social media post earlier on Tuesday, writing, “A whole civilization will die tonight” if Iran does not capitulate to a deal with the United States to open the Strait of Hormuz, a key chokepoint for global shipping traffic, by end of day.

Since the start of the war, an Iranian government-backed hacking group called Handala has been linked to several high-profile cyberattacks, including a disruptive breach at U.S. medical tech giant Stryker, which saw the hackers remotely wipe thousands of employee devices using the company’s own security tools. 

The FBI recently blamed the Handala hackers for leaking the partial contents of FBI director Kash Patel’s private email account. 

Iran has also hit several U.S.-owned and operated data centers across the region with missiles and air strikes, causing instability and disruption to cloud services across the region.

In short: The Trump administration’s FY2027 budget proposes cutting $707 million from CISA, eliminating the agency’s election security programme entirely and shedding 860 positions, a dramatic escalation that would reduce the country’s primary civilian cybersecurity agency to a $2 billion operation after a year already defined by DOGE-driven layoffs and mass departures.

The United States’ central civilian cybersecurity agency has lost roughly a third of its workforce over the past 14 months. Its red team has been dissolved. Scores of staff working on election security, incident response, and continuous monitoring were fired by the Department of Government Efficiency in early 2025, then partially reinstated under court order, then placed on paid leave in legal limbo. Against that backdrop, the Trump administration released its FY2027 budget request on 7 April 2026, proposing to cut a further $707 million from the Cybersecurity and Infrastructure Security Agency, a reduction the White House frames as a long-overdue refocusing on the agency’s core mission and critics describe as an act of deliberate dismantlement.

The proposed cuts amount to approximately $700 million in programme eliminations, producing a net reduction of around $360 million once internal transfers and targeted new hires are factored in. If enacted, CISA’s operating budget would fall to roughly $2 billion, down from the approximately $3 billion it received when the current administration took office. The budget also projects eliminating around 867 positions, partially offset by transfers into the agency, for a net workforce reduction of approximately 860 roles.

What would disappear

The most politically conspicuous cut is the outright elimination of CISA’s election security programme. The proposal would end CISA’s funding for the Elections Infrastructure Information Sharing and Analysis Center, known as EI-ISAC, which serves as the primary hub for sharing cyber threat intelligence, ransomware alerts, and incident response resources with state and local election offices. It would also remove dedicated election security advisors stationed across the country and terminate the information-sharing support CISA has provided to state and local election officials since the agency’s founding in 2018. Those advisors have been the first point of contact for county clerks and election administrators facing phishing attacks, foreign probing of registration databases, and disinformation campaigns targeting election infrastructure.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Beyond elections, the proposal would substantially scale back CISA’s stakeholder engagement function, eliminating offices responsible for coordinating with private-sector infrastructure operators and managing the agency’s international affairs partnerships. Workforce development programmes and what the budget characterises as “duplicative” state and local cyber funding streams would also be cut. The proposal shifts more responsibility for certain infrastructure security and emergency communications programmes directly to state and local governments, though it does not specify additional funding to those governments to absorb the transfer.

The White House’s argument

The administration’s budget justification is pointed in its language. The document states that “CISA was more focused on censorship than on protecting the nation’s critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion.” The proposed reductions, it argues, “refocus CISA on its core mission” of securing the federal civilian network and helping critical infrastructure operators defend against cyberattacks and physical threats.

The censorship framing refers primarily to CISA’s now-disbanded counter-disinformation work, including a unit that coordinated with social media companies on election-related content moderation during the 2020 and 2022 election cycles. That work was shut down after Republican criticism and subsequent litigation. Sean Plankey, Trump’s nominee to lead CISA, addressed the issue directly during his confirmation hearings. “It is not CISA’s job, and nor is it in its authorities, to censor or determine the truths,” Plankey said, adding that the agency would not pursue such work under his leadership. Plankey also pledged to “rebuild and refocus” CISA, emphasising that his goal would be to “empower the operators to operate“, referring to the private sector entities responsible for critical infrastructure. Plankey has not yet been confirmed by the Senate.

A year already defined by cuts

The FY27 proposal lands on an agency that has spent the past year contracting sharply. When Trump returned to office in January 2025, CISA had approximately 3,300 employees. By December 2025, that figure had fallen to roughly 2,400, a loss of nearly 900 people. The departures came through a combination of voluntary exits during the deferred resignation programme, probationary staff terminations, and direct DOGE action. In late February and early March 2025, DOGE terminated contracts and fired staff in waves that eliminated CISA’s entire red team, more than 80 employees working on continuous monitoring, and between 30 and 50 incident response staff. A federal judge subsequently ordered the reinstatement of probationary employees, but reinstated staff were placed on paid administrative leave rather than returned to active duties.

The red team cuts drew particular alarm from security professionals, since red-team exercises, in which agency staff simulate real-world attacks against government networks to identify vulnerabilities before adversaries do, are among the most operationally consequential work any cybersecurity organisation undertakes. Removing that capability does not just reduce CISA’s headcount; it eliminates a specific function that cannot simply be assumed by the remaining staff. The governance of AI-assisted cybersecurity tools across critical infrastructure has become a defining challenge for 2026, and the debate about CISA’s role sits at its centre: the agency was positioned to set standards and share threat intelligence precisely as those questions become most consequential.

Congressional pushback, and its limits

The proposed $707 million cut represents a sharp escalation from the administration’s FY26 request, which sought approximately $490 million in reductions. Congressional resistance at that stage, including from Republican committee members who considered the cuts excessive, ultimately narrowed the actual reductions to somewhere between $130 million and $300 million. Whether that resistance holds in the current budget environment is uncertain.

The sharpest opposition came from the Democratic side of the aisle. Representative Bennie Thompson, Democrat of Mississippi and the ranking member on the House Homeland Security Committee, rejected both the scale of the proposed cuts and the administration’s framing. “Like the President’s cyber strategy, the President’s CISA budget reflects his utter lack of understanding of the urgency of the cyber threats we face and how to mobilize the government to help confront them,” Thompson said in a statement. Citing the threat environment that has intensified in recent months, Thompson added: “There is nothing that justifies a reckless $700 million cut to CISA, particularly at a time of heightened tensions with Iran and an increasingly aggressive China.”

Thompson said he was “committed to working with colleagues to push back against these cuts” and to ensuring the government can protect federal and critical infrastructure networks. Separately, bipartisan legislation introduced earlier in 2026 would require CISA to maintain “sufficient” staffing levels, though the bill has not advanced to a vote.

What $2 billion buys, and what it doesn’t

The cuts do not eliminate CISA. Under the proposed budget, the agency would retain its core federal network security functions, its role supporting critical infrastructure operators, and some capacity for coordination with the private sector. The Einstein intrusion detection system and the Continuous Diagnostics and Mitigation programme for federal civilian networks are expected to survive. What the budget removes is the outward-facing, partnership-intensive layer of CISA’s operations: the work with state and local governments, the election security apparatus, the international engagement, and the stakeholder advisory infrastructure that has grown since the agency’s founding.

The commercial cybersecurity sector is watching closely. CISA has historically been a significant source of free threat intelligence, vulnerability advisories, and incident response support for smaller organisations and local governments that cannot afford enterprise-grade security tools. As the AI-driven expansion of the threat landscape accelerated through 2025, the agency’s advisories on vulnerabilities in industrial control systems and critical infrastructure became more, not less, relied upon by the operators responsible for power grids, water systems, and financial networks. The proposed cuts do not formally end that advisory function, but an agency operating at $2 billion with 860 fewer staff will inevitably produce fewer advisories, respond to fewer incidents, and reach fewer of the operators it was designed to support.

The budget is a proposal, not a law. Congress must still appropriate the funds, and the FY26 experience suggests that the final number will likely be lower than requested. What has already happened at CISA, however, does not require a vote to reverse: a third of the workforce is gone, the red team no longer exists, and election security advisors have been standing down since early 2025. The budget fight now is largely about whether what remains gets smaller still.

Nahla Davies examines what constitutes an appropriate data integrity framework, and how inadequate frameworks damage data quality.

If you asked most companies whether they have a data integrity framework, they’d say yes without hesitation. They’d point you to a shared drive, maybe a Confluence page, possibly a colour-coded spreadsheet with tabs labelled ‘Validation Rules’ and ‘Ownership Matrix’. It looks official. It’s got a logo on it. Someone even added conditional formatting.

But here’s the thing: looking like a framework and actually functioning as one are two wildly different realities. Across industries, organisations are confusing documentation with governance, and the gap between those two things is where data quality quietly falls apart. The problem isn’t that teams don’t care. It’s that they’ve convinced themselves the spreadsheet is enough.

The spreadsheet trap is more common than anyone admits

There’s a pattern that plays out in nearly every mid-size org that’s undergone some kind of digital transformation push in the last five years. Someone in data engineering or analytics gets tasked with ‘building a data integrity framework’. They do their research, pull together some best practices, and create a document. Maybe it lives in Google Sheets, maybe it’s a Notion database, maybe it’s an actual PDF that got emailed around once and then forgotten about. Whatever form it takes, it checks a box. Leadership sees it and feels reassured.

The trouble starts when that document has to survive contact with reality. Data pipelines change. New sources get added. Team members rotate. And that spreadsheet? It doesn’t update itself. It doesn’t send alerts when a schema shifts or when a critical field starts returning nulls at twice the usual rate. It just sits there, frozen in the moment it was created, slowly becoming a historical artifact rather than an operational tool.

What’s worse is that people keep referencing it as though it’s still accurate. Decisions get made based on validation rules that haven’t been reviewed in months. Ownership columns list people who’ve left the company. It’s the organisational equivalent of navigating with a map from 2019 and wondering why you keep hitting dead ends.

And it’s not a niche problem. A 2023 Gartner survey found that poor data quality costs organisations an average of $12.9m per year. That number doesn’t come from dramatic, headline-grabbing breaches. It comes from the slow, invisible accumulation of bad records, missed anomalies, and unchecked assumptions that a static document simply can’t catch.

What a real framework actually looks like

So what separates a functioning data integrity framework from a well-formatted spreadsheet? It comes down to whether the thing can operate without someone manually babysitting it. A real framework is embedded in your infrastructure. It’s automated, observable and responsive.

That means validation checks run as part of your data pipelines, not as a quarterly audit someone remembers to do in the last week of the quarter. It means the data is correctly annotated and that there’s monitoring in place that flags anomalies in real time, whether that’s a sudden spike in null values or a mismatch between source and destination row counts. Tools like Great Expectations, Monte Carlo and dbt tests exist specifically to bring this kind of rigor into the workflow.

It also means ownership is enforced through tooling, not just documented in a tab. When a data asset has a registered owner in a data catalogue, and that catalogue integrates with your alerting system, accountability becomes structural. It stops being something you have to chase people about in Slack.

There’s a cultural component here, too. Organisations with mature data integrity practices treat data quality as a product concern and are better prepared to establish proper AI governance. Product managers care about it. Analysts flag issues proactively instead of working around them. Engineers write tests for data the same way they write tests for code. That kind of culture doesn’t emerge from a spreadsheet. It emerges from leadership, making it clear that data integrity is a priority, not a side project someone handles when things are slow.

The companies getting this right tend to share a few traits. They’ve invested in observability across their data stack. They treat schema changes as events that require review, not things that just happen silently. And they’ve moved past the idea that documentation alone equals governance.

Why it matters more now than it did five years ago

The stakes around data integrity have shifted significantly. Five years ago, a bad record in a reporting dashboard was annoying but manageable. Today, that same bad record might be feeding a machine learning model that’s making automated decisions about credit, hiring or patient care. The blast radius of poor data quality has expanded because the systems consuming that data have become more autonomous and more consequential.

Regulatory pressure is also mounting. Frameworks like the EU’s AI Act and evolving data privacy regulations are putting more scrutiny on how organisations manage the data that powers their products. It’s getting harder to shrug off data quality issues as ‘technical debt we’ll get to eventually’. Regulators want to see evidence of governance, and a spreadsheet with last year’s date on it won’t cut it.

There’s also the competitive angle. Companies that can trust their data move faster. They make decisions with more confidence. They spend less time reconciling conflicting reports and more time actually acting on insights. Data integrity isn’t glamorous, but it’s one of those foundational things that quietly determines whether an organisation can execute on its strategy or just talk about it.

Final thoughts

The uncomfortable truth is that most data integrity frameworks weren’t built to be frameworks at all. They were built to satisfy a request, to check a compliance box, or to give someone something to present in a meeting.

And that’s fine as a starting point. Every mature system started somewhere. But if your ‘framework’ is still a spreadsheet that no one’s touched in six months, it’s time to be honest about what you actually have.

Real integrity requires automation, observability and cultural buy-in. The spreadsheet was never the destination. Treat it as the rough draft it always was, and start building something that can actually keep up with your data.

By Nahla Davies

Nahla Davies is a software developer and tech writer. Before devoting her work full time to technical writing, she managed – among other intriguing things – to serve as a lead programmer at an Inc. 5,000 experiential branding organisation, where clients include Samsung, Time Warner, Netflix and Sony.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Elon Musk is still taking OpenAI to court over its transition to a for-profit company, but today he amended the complaint so that he won’t personally get any of the $150 billion in damages he’s pushing for. The Wall Street Journal reported that if Musk wins in his upcoming trial, he wants any damages should be awarded to the OpenAI nonprofit branch. He’s also seeking OpenAI CEO Sam Altman’s removal from the nonprofit’s board of directors if his suit succeeds.

Musk launched a lawsuit against OpenAI in 2024, claiming that the business had become a “closed-source de facto subsidiary” of Microsoft when it dropped its nonprofit designation. He claims that, as a co-chair of the OpenAI founding group, the change to a for-profit operation defrauded him as a donor. As a result, he’s now claiming that he, or apparently the remaining nonprofit side of OpenAI, deserve a portion of the company’s current valuation.

Considering the reputation Musk, Altman and their various business endeavors have for creating spicy PR situations, it seems likely that the exchanges between the two camps will get more heated as the trial date approaches.

• Storm enables session hijacking that bypasses passwords and multi-factor authentication
• Attackers can restore stolen sessions remotely without triggering standard security alerts
• Malware operates server-side to process encrypted browser credentials for stealthy exploitation

A new strain of infostealer malware dubbed Storm is changing how account compromise works, experts have warned.

New findings from Varonis Threat Labs have outlined how this strain moves away from passwords and focuses on session cookies that keep users logged in.

Japanese musicians commemorated Wikipedia’s 25th anniversary with a unique composition made up entirely of Wikipedia entries. Open Reel Ensemble produced the song as part of a virtual birthday celebration, and it’s a true journey because it’s totally made up of ancient reel-to-reel equipment that also function as instruments. Every sound is produced by physically moving the tape over the heads, with no artificial samples added after the fact.

The video shows the trio jamming at a table surrounded by recorders. Snippets of Wikipedia material appear on screen, and the lads are completely freestyling their way through them; grab an entry on how a term is defined, and the machines come to life. One of them is rewinding quickly to fit the description, producing a wonderful smooth swooshing sound across the speakers. Another one goes into fast-forward mode whenever the text flashes by, raising the pitch and adding a little of edge to the beat.

Each one flows seamlessly into the next, and the overall effect just seems natural Pitch control slows down for deeper tones and speeds up for brighter ones. Loops take small pieces and repeat them to create these steady rhythms below, while vibrato puts in some wavey portions by slowly changing the pace. Tremolo reduces the loudness in these rapid little pulses, and when they scratch the tape edges, they make these sharp little snappy noises. Then there are the wow effects, which are simply natural wobbles that go up and down in the same rhythm as your breathing.

The layers just develop as the devices interact with one another; definition after definition for reel-to-reel recording, tension, cut-up technique, and even magnetic punk all appear on screen, activating their corresponding action. The music remains techno and dance-friendly throughout, but it is all anchored in the mechanical slapping and hissing of the tape. The moniker “Cyklepedia” refers to the entire cycle of information that repeats itself through these physical rotations. Masaru Yoshida composed the song, Haruka Yoshida was in charge of the camera and editing, and the entire group collaborated to bring the performance to life, with even Wikipedia getting in on the action, with the anniversary event playing a role.
[Source]