One of the most important cybersecurity laws in the country quietly expired last October with no sign of reauthorization on the horizon. Instead, the conflation between the 2015 Cybersecurity Information Sharing Act and the Cybersecurity and Infrastructure Security Agency has led to a political standstill that will only have negative impacts on American cybersecurity. What implications will not reauthorizing CISA 2015 have on national security? And how much risk are we taking on by letting protections for information sharing between the private sector and the government lapse?

In this episode, Shane Tews is joined by Caitlin Clarke, Cristin Flynn Goodwin, and James Andrew Lewis. In this conversation, they unpack how confusion between the 2015 information-sharing law and the Cybersecurity and Infrastructure Security Agency (CISA) makes Americans vulnerable to foreign cyberattacks, how rescinded liability and FOIA protections are already slowing down cyber defense, and why speed matters more than ever as AI accelerates malicious actors.

How should we address the governance gap between central banks controlling money and the oversight of cryptocurrency? How can decentralized crypto networks and centralized monetary authorities collaborate? And what’s next for digital finance?

To explore these questions, Shane Tews is joined by Milton Mueller, Karim Farhat, and Vagisha Srivastava from the Jimmy and Rosalynn Carter School of Public Policy at Georgia Tech. Mueller is the cofounder and director of the Internet Governance Project at Georgia Tech, where he specializes in the political economy of the internet. Farhat is the assistant director of the Internet Governance Project, focusing primarily on the digital economy and cybersecurity. Srivastava is a PhD student working on internet fragmentation. They are also joined by Nicoletta Kolpakov, director of the Cirrus Institute. This group’s extensive knowledge makes for an engaging and informative episode.

Section 1033 of the Dodd-Frank Act is the foundation of open banking in the United States—giving individuals the right to access and share their own financial data with services of their choice. This rule seeks to increase consumer control, encourage competition, and make it easier to switch providers or use financial management tools. However, the Consumer Financial Protection Bureau—the agency responsible for implementing this provision—is now reconsidering how (or whether) it should be enforced. In today’s discussion, we explore why Section 1033 has become a key focus of rulemaking and how changes to open banking policies could shift the balance of power between consumers, financial institutions, and emerging fintech companies.

To look into this, Shane Tews spoke with Penny Lee, president and CEO of the Financial Technology Association. Penny is also the cofounder of K Street Capital—an angel investment group in Washington, DC—and served as a senior advisor for former US Senate Majority Leader Harry Reid. She brings more than two decades of experience in the private and public sectors, making for an informative conversation.

Bluesky Social is a social media app that was originally launched in 2019 on Twitter, before becoming an independent company in 2021. Bluesky’s mission is to offer a decentralized experience for users—where algorithms are not imposed on them, but they can choose their content preferences. The platform also highlights the importance of portability, enabling users to carry their social media ecosystems across different platforms. But what are the technical and social challenges to making true platform portability a reality?

To explore this, Shane Tews interviews Matt Reeder, head of legal at Bluesky. Formerly, Matt served as chief legal and operations officer at OnlyFans and as a trial attorney with the US Marine Corps. His extensive experience in creating transparent, user-focused terms and conditions, combined with his passion for expanding opportunities, makes for an engaging conversation.

Email was created over 50 years ago—so why isn’t it secure? Sixty-eight percent of IT teams report a data breach in their organization caused by phishing in the last year. Even experts trained to spot the telltale signs can be fooled: Nearly 66 percent of IT leaders admit to clicking malicious links, and more than half of employees have done the same.

Shane interviews Cy Khormaee and Ryan Luo, cofounders of AegisAI. Together, they bring over a decade of experience at Google. In this discussion, they provide both a technical and practical lens to cybersecurity. They discuss why email is the frontline of cybersecurity, describe the anatomy of a phishing email, explain how individuals and organizations can protect their inboxes, and more.

As governments around the world expand their surveillance capabilities, strong encryption remains a cornerstone for protecting personal privacy, securing business data, and preserving digital rights. For consumers, it guards against identity theft and intrusive monitoring; for businesses, it protects intellectual property and builds trust across global markets. Yet, as governmental pressure to weaken encryption intensifies, critical questions arise: How do we preserve strong encryption standards while addressing legitimate security concerns? Can privacy, innovation, and human rights truly coexist with national security imperatives? And how do we resist the false choice between security and privacy that authoritarian regimes often present?

At the Technology Policy Institute’s 2025 Aspen Forum, Shane Tews moderated a panel titled Privacy and Governmental Surveillance with Jeff Greene, Jim Kohlenberger, and Jennifer Huddleston as panelists. Together, they discussed how artificial intelligence is highlighting cybersecurity and privacy concerns and raising tough questions about governmental surveillance.

The European Union’s Digital Markets Act (DMA) is changing the app economy—and not for the better. This law aims to promote competition for European companies by restricting large online platforms’ dominance, which are mostly American. But how is this working in practice? What are the main DMA-related challenges app developers should be aware of? And does the DMA create more problems than it solves?

To answer these questions, Shane interviews Graham Dufault, general counsel of the App Association. In this role, he represents small and medium-sized mobile software developers and connected device companies within the app economy. His practical experience with the DMA’s consequences is crucial for unpacking all this and more.

The Domain Name System (DNS)—the system that turns numerical IP addresses into easy-to-read website names—has become highly competitive at the registrar level, with potentially harmful consequences when it comes to leasing domain names for criminal activities. Today, the DNS infrastructure is increasingly exploited for cybercrimes, such as phishing and scams. Why is ignoring the identity of the parties behind the crime more than just a technical DNS infrastructure abuse issue?

In this episode, Shane is joined by Karen Rose. Rose was an early architect of internet policy and has had a substantial impact on global web infrastructure as one of the primary Department of Commerce authors of the policy white paper that created the Internet Corporation for Assigned Names and Numbers (ICANN) and a senior executive at the Internet Society. Today, she consults on technology issues focused on securing the next generation of communications infrastructure.