Justin Sherman

Europe’s Data Broker Problem Threatens U.S. National Security Data brokerage in Europe is putting U.S. service members and personnel at risk. The U.S. is waiting on Europe to step in.

@jshermcyber.bsky.social explores the risks posed to U.S. national security from data brokers in Europe and what can be done to protect American’s data from adversarial exploitation. www.lawfaremedia.org/article/euro...

From Research to Reality: The Security by Design Project By Lawfare Institute

On October 1, join Lawfare for a free, in-person event marking the culmination of our multi-year project on Security by Design!

Speakers include @rosenzweigp.bsky.social, Jen Easterly, @jackhcable.bsky.social, James A. Lewis, Lauren Zabierek, and @jshermcyber.bsky.social.

RSVP today!

Russia’s Cyber Firms Are Getting Rich During War Russian cyber firms are raking in record profits, challenging the efficacy of U.S. efforts to technologically isolate Russia.

Despite the significant sanctions put on Russia since the full scale invasion in Feb. 2022, the Russian cyber industry made more money in 2024 than ever before.
@jshermcyber.bsky.social looks at how Russian cyber firms have adapted and what American policymakers can do.

Securing data in the AI supply chain To avoid lopsided AI policy, policymakers must see the data used and generated by AI as a chain, not a snapshot.

🚨NEW ISSUE BRIEF🚨 In “Securing data in the AI Supply Chain,” CSI fellow @jshermcyber.bsky.social writes about the seven data components powering AI and the risks they face. Read it here: www.atlanticcouncil.org/in-depth-res...

UPCOMING BRIEFING—The Impact on Central Asia of Russia’s War on Ukraine: Opportunities for U.S. Engagement
📅September 4
🕑2pm
🏛️Rayburn 2200
Join our expert panel for a discussion about how Russia's war on Ukraine has shifted political & economic dynamics in Central Asia. (1/2)

Take the bribe but watch your back: Why Russia imprisoned a security officer for taking cybercriminal payoffs Russia imprisoned a security service officer for taking bribes from cybercriminals—showing not a willingness to crack down on cybercrime, but instead just how much the Kremlin wants to maintain its…

The Kremlin’s unspoken agreement with hackers? Don’t cross certain lines. When an FSB officer failed to protect the cybercriminals who paid him, the consequences were swift. @jshermcyber.bsky.social explains what this means for Russia’s cyber underworld. 🔗

TransUnion says hackers stole 4.4 million customers' personal information | TechCrunch The credit reporting giant confirmed unauthorized access to a third-party application storing the personal information of its customers.

NEW: Credit reporting giant TransUnion has confirmed a data breach involving more than 4.4 million customers' personal information. TransUnion claims "no credit information was accessed" in the late-July breach, which it said involves its U.S. consumer support operations.

We've received a lot of applications from non U.S. students to this. Please note you must apply with an .edu email to be considered.
If you're interested in training and are not a student in the USA we have a full list of upcoming public trainings here: www.bellingcat.com/workshops/

Lawfare Daily: ‘War in the Smartphone Age,’ with Matthew Ford Podcast Episode · The Lawfare Podcast · 08/27/2025 · 59m

@warmatters.bsky.social joins today’s @lawfaremedia.org Daily to discuss his new book “War in the Smartphone Age.” We talked about everything from ‘context collapse’ on social media to the future of ‘participatory warfare.’

Listen wherever you get your podcasts!

podcasts.apple.com/us/podcast/t...

On Lawfare Daily, @jshermcyber.bsky.social spoke to @warmatters.bsky.social about his new book “War in the Smartphone Age,” the role of smartphones and related technologies in war, how smartphones and other devices are reshaping open-source intelligence, and more.

Experts React to Reuters Reports on Meta's AI Chatbot Policies | TechPolicy.Press Tech Policy Press invited a range of experts to submit reactions to concerning reports on Meta's AI chatbot policies and products.

Last week, Reuters published two articles by journalist Jeff Horwitz reporting concerning details about Meta's AI chatbot policies and products and how they affect children and vulnerable adults. Tech Policy Press invited experts to submit reactions to the reports—here are their responses:

Russia’s digital tech isolationism: Domestic innovation, digital fragmentation, and the Kremlin’s push to replace Western digital technology Russia’s technological isolation is both a reality and a desired goal for Moscow. This piece explores the impacts of this phenomenon and offers recommendations for how to deal with that evolving…

“Technological isolationism is now both a reality and a desired goal for many in the Russian government and technology sector,” writes @jshermcyber.bsky.social in this issue brief. Read more here:

Excited to see my upcoming book on Amazon’s current ranking of “hot new releases” in national security!

Preorder “Navigating Technology and National Security” here: www.amazon.com/Navigating-T...

Aug 21: Edinburgh Aug 22: Online Aug 23: Bangor, UK Sep 4: Sydney Sep 5: Melbourne Sep 11: Berkeley Sep 23: Online Oct 8: Amsterdam Oct 11: NYC Oct 13: NYC Oct 15: Chicago Oct 22: NYC Oct 24: Munich

I'm headed back on tour for my book EMPIRE OF AI! Starting next week, I'll be on the road again with stops in the US, UK, Europe & Asia. Here are my upcoming events open to the public, with more to come. Event details & ticket reservations at empireofai.com/#tour.

Congressional Cyber and Digital Policy Program Open to full time Congressional staffers, this program covers key cybersecurity and digital policy issues.

What does cybersecurity have to do with broadband, AI, and your Member’s next hearing? Come find out. Our 6-part Fall 2025 program for Hill staffers starts Sept 26. Weekly Friday sessions (w/ lunch!)

🔗 Apply now: bit.ly/ACCongressio...

Hacking and Firewalls Under Siege: Russia’s Cyber Industry During the War on Ukraine This paper examines how Russian cybersecurity firms are supporting the Russian government and adapted to the new environment in the wake of the Russia-Ukraine War.

NEW: How’s Russia’s cyber industry adapting to sanctions, a new security environment, etc. post-Russia’s full-scale, illegal war on Ukraine in Feb. 2022?

Hint: three Russian cyber firms made more money in 2024 than ever. My new report for CNA out today: www.cna.org/analyses/202...

On Lawfare Daily, @jshermcyber.bsky.social spoke to @sambresnick.bsky.social about his recently published report, “Big Tech in Taiwan,” on 17 companies’ Taiwan entanglements, and how greenfield foreign direct investments, data centers, supply chains, and more expose those companies to Taiwan.

Take the bribe but watch your back: Why Russia imprisoned a security officer for taking cybercriminal payoffs Russia imprisoned a security service officer for taking bribes from cybercriminals—showing not a willingness to crack down on cybercrime, but instead just how much the Kremlin wants to maintain its…

In Russia’s cyber ecosystem, even FSB officers aren’t untouchable. @jshermcyber.bsky.social dives into the sentencing of an officer who took bribes from hackers but failed to deliver protection. It’s about more than corruption—it’s a warning to others. 🔗

Lawfare Daily: ‘Big Tech in Taiwan’ with Sam Bresnick Podcast Episode · The Lawfare Podcast · 08/07/2025 · 38m

Will Big Tech support Taiwan in the event of a conflict? How exposed are they — financially, operationally, etc.? Georgetown’s Sam Bresnick joins me on today’s @lawfaremedia.org to discuss

Hear about Google, Cisco, Maxar, and more and their Taiwan exposures

podcasts.apple.com/us/podcast/t...

Homogeneity and concentration in the browser Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential…

Competition is a cybersecurity issue, but @Jshermcyber.bsky.social says policymakers must “acknowledge how questions of market concentration may not address other questions around the security and resilience of underlying foundational technologies”

As Putin wages war on Ukraine, he intensifies his repression of the Russian people. Banning private messaging apps & forcing Russians to use MAX will increase surveillance while further limiting their access to information about the outside world.

Navigating Technology and National Security: The Intersection of CFIUS, Team Telecom, AI Controls, and Other Regulations Navigating Technology and National Security: The Intersection of CFIUS, Team Telecom, AI Controls, and Other Regulations [Sherman, Justin] on Amazon.com. *FREE* shipping on qualifying offers. Navigating Technology and National Security: The Intersection of CFIUS, Team Telecom, AI Controls, and Other Regulations

My (first) book comes out Dec. 11!! "Navigating Technology and National Security" dives into the story of how the US came to govern so much technology—startup investments and data flows; TikTok and Grindr; cloud systems and AI models—through national security powers.

www.amazon.com/Navigating-T...

Putin's MAX app could snoop on Russians - ABC listen With almost 100 million users, WhatsApp is Russia's most popular messaging service. But that's about to change. The service - which is owned by Facebook's parent company Meta is widely expected to be...

Russia is pushing a “super app” messenger for all citizens — including so it can ban WhatsApp and reduce reliance on Telegram. What could possibly go wrong?

My 5-minute breakdown on Australian Broadcasting Corporation:

www.abc.net.au/listen/progr...

Trump’s Flip-Flop on Nvidia Chips Is a Win for China A reversal of export controls on H20 chips presents a national-security risk, Justin Sherman writes in a guest commentary.

Flip-flopping on chip export controls to China to claim a “win” now — in exchange for deepening semiconductor business ties in China — is a long-term national security mistake. My latest Barron’s column (gift link):

www.barrons.com/articles/tru...

Two pop-up computer tabs are displayed against a light blue speckled background. One tab is titled "FCRA & GBLA Exemptions" and contains folders named after federal and state laws. The second tab is titled "Holding Data Brokers Accountable". It shows a quote from the white paper: "Consumers deserve robust privacy protections and rights over their own data, regardless of the type of business collecting and processing that information. Legislators should not limit those protections with unnecessary and overly broad exemptions.”

“Consumers deserve robust privacy protections and rights over their own data, regardless of the type of business collecting and processing that information...”

➡️ Read EPIC's latest white paper by Law Fellow Caroline Kraczon and Scholar in Residence @jshermcyber.bsky.social: epic.org/documents/un...

On Lawfare Daily, @jshermcyber.bsky.social sits down with @candacerondeaux.bsky.social to discuss Yevgeny Prigozhin and his founding of the Wagner Group, Wagner and Russia’s full-scale invasion of Ukraine in 2022, and more.

Unbridled and Underregulated: Removing FCRA and GLBA Exemptions from Privacy Laws to Hold Data Brokers Accountable

New paper by Caroline Kraczon and I @epic.org on how states can better hold data brokers accountable:

epic.org/documents/un...

📊📜 Today, EPIC published "Unbridled and Underregulated: Removing FCRA and GLBA Exemptions from Privacy Laws to Hold Data Brokers Accountable, a white paper by Law Fellow Caroline Kraczon and Scholar in Residence Justin Sherman @jshermcyber.bsky.social: epic.org/documents/un...

New for @lawfaremedia.org: Don’t want to put people serving their country and our national security at risk? Instead of allowing countless, unrestrained private-sector data practices, putting strong, comprehensive data protections into law would help both consumers *and* national security.

Ubiquitous Technical Surveillance Demands Broader Data Protections As adversary surveillance capabilities expand, the U.S. national security community faces grave threats. Broader data protections can help.

In June, the Justice Department Inspector General published a report on the FBI's efforts to mitigate the risks of ubiquitous technical surveillance. @jshermcyber.bsky.social argues that better data privacy and security protections could combat UTS-related risks.