This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

JAMES BALL. This is exactly how not to do it. This will go into training as being comedically dumb. This is the worst PR since on 9-11, a Labour spad said, today is a terrific day to bury bad news, and ended her entire career, that of her colleagues and that of her boss. It is utterly idiotic.

---

ANNOUNCER. Smashing Security, episode 455. Face-off, Meta's glasses, and America's internet kill switch, with Graham Cluley and special guest James Ball.

---

GRAHAM CLULEY. Hello, hello, and welcome to Smashing Security, episode 455. My name's Graham Cluley. And I'm James Ball. James, welcome to the show. First time on Smashing Security, although I've been following your work for many a long year. For those people who don't know you, and shame on them if they don't know James Ball, what are you? And what do you do?

---

JAMES. I'm a journalist that covers technology and politics. So I write on politics for The New World, who are in Political Editor, and I write on tech all over the place. And I think I've been quoting you for 15 years or so now. Gosh, a long time. Yeah, I've been around the block a bit.

---

GRAHAM. I think I first met you when you were at The Guardian, possibly. Yes, the early 2010s era. A busy time for internet privacy and lots of big stories way back then, weren't there? There were. We

---

JAMES. were doing the Edward Snowden leaks at that time, which is one of those nice stories where most things you do in journalism, you know, it's chip paper. It's not even chip paper now because it's all digital. But the Snowden stuff still feels relevant nearly, you know, we're 13 years later now and that one still comes up. So that's decent. Yeah. What have you been most recently working on, James? I am finishing off a book about conspiracy theories and the internet. And I'm actually, I'm studying for a PhD on how we might regulate artificial intelligence. So still very tech-centric for me.

---

GRAHAM. You read a book about QAnon, wasn't it? And all those crazy theories coming out on the internet?

---

JAMES. I did, yes. It was called The Other Pandemic, How QAnon Contaminated the World. And of course, it's been quite strange sort of talking about conspiracy theories about big drops of email revealing sort of conspiracies around paedophilic activity. When, you know, the big story of 2026 so far has been 3 million plus documents from the Epstein files coming out. So trying to separate out the reality of these things, which is just lots of rich men talking in very clear terms about their crimes versus the conspiracy version, which was, well, what about when they say pizza that means underground satanic murder site the sort of the reality and the difference feel very different when you actually look at it but on the surface it does feel a lot like I've written a book about conspiracy theories being ridiculous and then they've been proven right

---

GRAHAM. It is obviously utterly horrific what is coming to light and astonishing times and I suspect amidst all the reality there will be conspiracy theories which spring from it so even greater craziness still to come

---

JAMES. Oh there already is I mean it's the nature of a conspiracy theory that you can't be happy with what you see there's always got to be another twist or another reveal and so you've got this awful set of revelations about industrial level abuse huge abuses of power you know the allegations against Mandelson aren't sexual but He, within minutes during a global financial crisis, forwarded the most sensitive of cabinet papers to his mate who happened to be a sort of convicted paedophile. You have very serious stuff in there, but people always want to look for more. So they want to prove it's Mossad or they want to prove that there was a satanic element or they want to sort of show there's extra. It can never just be what it is. And the danger of having so many documents and them not being filtered is there's things tip lines or unsolicited emails or all sorts in there. So it is a very hazardous place for people to wander.

---

GRAHAM. Well, listeners, I can promise you today we're going to have an Epstein-free podcast. We are going to be talking about some serious topics, though. But before we kick off, let's thank this week's wonderful sponsors, Adaptive Security, Passwork and Vanta. We'll be hearing more about them later on in the podcast. This week on Smashing Security. We won't be talking about the malware developer who faked his own death in an attempt to evade the FBI. You'll hear no discussion of how a sex toy manufacturer has revealed hackers have stolen its customer list. And we won't even mention how Dutch police have arrested a man after accidentally giving him their own sensitive files and then getting annoyed when he didn't hand them back. So James, what are you going to be

---

JAMES. talking about this week? So I'm going to be talking about tech sovereignty, which I think most easily is understood as, could we manage an internet without

---

GRAHAM. talking about this week? So I'm going to be talking about tech sovereignty, which I think most easily is understood as, could we manage an internet without the Americans? And I'm going to be asking, how might Meta be planning to push the bounds of privacy once again. All this and much more coming up in this episode of Smashing Security.

Well, we've got time right now to hear from one of our sponsors, Passwork. If you work in cybersecurity, you already know this, most secrets don't get stolen, they leak. Passwords pasted into chat tools, shared admin accounts, those spreadsheets that everyone pretends don't exist, Passwork is built to stop that.

It's a password manager and secrets management platform designed for organisations that want on-premise deployment, meaning your sensitive data stays on your own infrastructure under your control. That matters if you're dealing with regulatory requirements, data sovereignty, or simply don't want your most critical secrets living in someone else's cloud.

From a security perspective, Passwork uses a zero-knowledge architecture with strong, openly documented encryption, and its design is regularly tested by independent security researchers. Operationally, it's built for real teams, role-based access control, integration with existing identity systems, support for MFA, highly available architecture designed to keep things running when parts of your environment fail.

Unlike those tools that look cheap, until you start paying for them in time and stress, Passwork focuses on long-term stability, a public development roadmap and a lower total cost of ownership. Passwork. It's not just a password management platform. It's the secure, adaptable secrets manager built to meet your business needs.

To find out more, go to smashingsecurity.com slash passwork. That's smashingsecurity.com slash passwork.

Now, a lot of people wear glasses. You wear glasses, James. I've seen from your mugshot.

---

JAMES. I do indeed. I wear them all the time. I promise there are no cameras in them. Although I would say that, wouldn't I?

---

GRAHAM. You would say that. I don't know if that's in order to make yourself look smarter because you need them.

---

JAMES. I mean, a bit of both. I've just got a very big face without them. I need something to break it up about halfway through, you know.

---

GRAHAM. I once worked with a colleague who had very large eyes. She looked a bit like a Disney princess. Do you know, with those huge cartoon eyes.

---

JAMES. Yes, very much so.

---

GRAHAM. I remember that I and another colleague, in fact, the former co-host of Smashing Security, Carole Theriault, we actually decided to all measure our faces, work out the surface area. And with this work, of course, we had the big eyes. What percentage of her face was taken up by eyes?

It turns out I have quite small eyes. But that's not why I wear glasses sometimes. I do wear glasses sometimes. I mean, I think it's partly because I'm getting older. You know, it's creeping up on me. I've been blessed with the budget version, effectively, of human eyesight. I've got like Poundland eyesight is, I think, what I'm using.

But if you cast your mind back to 2013, you will remember that something slowly began to creep into the world's lives. And that was smart glasses because of Google Glass, of course. Do you remember those? And did you ever wear a pair, James?

---

JAMES. I got to very briefly try someone's pair once and they were rubbish. I mean, the key thing with Google Glass, as I recall, is they couldn't put prescription lenses into them. So they made glasses that only worked for people who didn't need glasses, which as a sign that you might have launched too early, I think is pretty high up the list, really, isn't it?

---

GRAHAM. Yes, that does seem like a bit of an oversight, frankly. You know, why not get the people who already wear glasses to wear the smart glasses? Because they've already decided, OK, I'm happy wearing glasses.

---

JAMES. Yeah, that's your captive market. Hey, we've got this improvement on this thing you already have. Why not be a hipster weirdo who wears glasses that you don't need that cost an absolute fortune?

---

GRAHAM. They were a strange product. They cost like $1,500 or something. And they seem to be aimed at people who looked at their smartphone and thought, hmm, I wish this was strapped to my face rather than in my hands. That would be great, wouldn't it? It was Google's first attempt at putting a computer on your face. And they said they were going to revolutionise everything. Until, of course, it didn't happen.

---

JAMES. Well, they basically never escaped Silicon Valley, did they? But even there, everyone hated them. I mean, the thing I can remember is, I think within about a week of them coming out, and bear in mind, these were niche as hell, you know, almost no one had them. The term was glassholes, wasn't it?

---

GRAHAM. It was. I mean, well done, whoever coined that, to be fair.

---

JAMES. It was a brilliant name and it instantly destroyed the brand, I think.

---

GRAHAM. And if you were walking around wearing Google Glass, you could be greeted with a cheery, oh, there's some weird shit on your face. Or at worst, you'd be met with a swinging fist and a shout of stop being an arsehole.

But just because an idea by a big tech company has proven to be blooming awful isn't going to stop another big tech company from having a go. So Meta, the company formerly known as Facebook, that cared for its users' privacy and data in such a reckless manner it had to actually rebrand itself, they jumped on board the smart glass bandwagon a while back.

They partnered with the company that owns Ray-Ban and they released smart glasses that looked, well, pretty much like an ordinary pair of glasses, but glasses with a camera built in. As if anyone was saying to themselves, you know what would improve my glasses? If Mark Zuckerberg was somehow involved. And

---

JAMES. Also using himself as the most famous model of them, because he sort of wears them at all of these events. And he is not a famously fashionable or cutting edge guy. You know, I don't think many of us go, hey, I want to look more like Mark Zuckerberg, you know? And yeah, he is the face of this thing. But it did at least, you're right, he partnered with a cool brand. They look sort of, I don't really like them. I think they look quite obvious, but people sort of agree. If you like a chunky sort of sunglass look, they're all right, apparently.

---

GRAHAM. Quite what Ray-Ban is thinking about, getting into bed with Facebook, that's anyone's guess. I imagine it just involved a large chunk of money, frankly. That's my guess too, to be honest. That's normally the way these things work, isn't it? So millions of pairs, apparently, of these things have been sold. So there are lots of people out there with face-mounted cameras walking around in the wild. If you think there's a problem with too many CCTV cameras, just remember that. Now, in theory, there is a small LED light on the front of these glasses that is supposed to indicate when they're recording. That's your protection as a member of the public. So the idea is that you will notice that little indicator and realize you're being filmed.

---

JAMES. Yes. To be fair, it is quite a conspicuous light when you see it. It's quite bright. It's quite obvious. And because you don't usually see glowing lights on the frames of people's glasses, you notice it even if it's sort of in a bit of a crowd. The issue is that if you're going to have anything like that, someone is going to sell a black sticker. And if you've got something about the thickness of duct tape, you know, that goes on. They sell these little bespoke stickers that can match the color of your frame because, of course, the creepers do that. And because they haven't put anything in to check the lights there or a sensor to see if it's obstructed before it will record.

---

GRAHAM. I think they have now. I believe in the latest Meta glasses it does detect if that light is covered so there is a sensor in that.

---

JAMES. Oh well that's promising because you know you can go on Amazon and literally just search glass cover-up and they're there. And so the light does work, you're not going to miss it if someone's not covered it but at the moment I think they're easy to cover.

---

GRAHAM. But it depends upon you knowing what that means doesn't it? It's not like someone's wearing an LED sign on their forehead which is scrolling the words I am watching you. You kind of want that to let everyone in your vicinity know to be on their guard. It's not like an automated voice is saying warning warning, a twat wearing Facebook connected spectacles within your vicinity. There are more obvious ways to indicate people what is going on.

---

JAMES. Just quickly on this then, because I'm a journalist and part of our job involves writing about people who don't want to be written about or sometimes taking photos of people who don't want photos taken. People sometimes have a bit of a distorted understanding about the rules here. You don't have a right to not have your picture taken. If you're in public, if you're on the street, people can take your photo. Now, they can't take intimate photos. They shouldn't be using it to harass you. They can't stalk you. There are other rules. But public photography is allowed. There are certain different rules about if you're going to put it on TV, etc. But for general purposes you can take photos and we all carry around at all times devices that can take very good very high definition photos much better than anything a lens can take and there's no noise requirement on that. There's no sound requirement on that our phones can silently take pictures as we pretend we're scrolling social media or whatever. And so for me there's a slight sort of sense of something a bit odd going on with glasses because if you think about most obvious creep shots they're easier to do on a phone than with glasses. You know if you're, you're not going to upskirt someone while wearing a pair of glasses I think you'd get caught. Sorry that sounds like I'm trying to be funny I think it's foul doing that and of course often points to other offenses I think. Giselle Pellicot's husband got caught because he was upskirting people. And then they saw the even more horrifying photos on his phone. You know, let's not make light of it. But I think because they're obviously on someone's face, it feels more intrusive or it feels different.

---

GRAHAM. Okay. So it may well be legal, as you've said, to do this kind of thing, but it feels socially unacceptable. It clearly makes people really uncomfortable. It certainly makes me feel uncomfortable. I wouldn't like it if someone we're doing that?

---

JAMES. Yes. I mean, one thing that I think is a little bit missing from the glasses debate, I was talking to someone who's used one quite a lot because they were testing it. And they went, it's just bad tech still. Between, you know, your problem with anything like this is always battery versus processing versus weight. You know, this is on your face. And even if you wear glasses, I wear glasses all the time. There's only so much weight that you like on the front of your face and it's not very much. And so what they can do in terms of processing versus keep the battery life given they don't want a wire down so to have a pocket battery pack, they are underpowered, they crash quite often, they lag. The tech is apparently just not very impressive.

---

GRAHAM. But can you imagine the battery storage of Dame Edna Everage or Elton John though?

---

JAMES. I mean you're probably getting somewhere there aren't you, but it's still pretty weak tech. And so I think any use case it's a bit easier to just think well why can't this just be done with a phone and I'm sure there will come a point where that pivots.

But the thing is wearable tech is the dog that never quite barks. Everyone's wanted to sell it. I remember watching Tomorrow's World in the 90s as a kid and they were telling you that VR would be coming and two or three years ago when everything was going to be the metaverse.

And I bought a VR headset because I well because I knew I'd get commissions. I got about five pieces going I got in VR and is it any good and it's, I genuinely I had a bit of an existential thing on just how bleak it was. It was horrible. It was just rubbish and you're like tens of billions are going in this and no one no one's going to use it, it's awful.

And I think this is the attempt to salvage that work. This is the attempt to go yeah okay VR's still not it but look augmented reality is clearly the future, it's clearly there and I still think it is a solution in search—

---

GRAHAM. Of a problem yeah. And now Meta wants to add facial recognition. And according to The New York Times, Mark Zuckerberg's Meta has been working on a feature internally called Name Tag.

And what it will do is it will let you identify people just by looking at them through your spectacle. So you point your face at somebody and you ask Meta's AI assistant who they are, and you'll get a name and whatever other information Meta can scrape together about them.

Now, you would think that a company like Meta, which has in the past had to pay out billions of dollars in privacy settlements, would tread very carefully around this. They've been fined over two billion dollars in the past for collecting facial data without permission. I think it was during the Cambridge Analytica case they got fined five billion dollars by the FTC for various privacy violations.

You'd think someone in their legal department might raise a hand saying are we sure that we're comfortable with this. But according to The New York Times they say they've got hold of an internal memo from Meta's Reality Labs dated from last May and it contains this and I'm going to read it out verbatim.

It says, "We will launch during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns." In other words, everyone's too distracted by political chaos, you know, the psychodrama which is going on every day, quite frankly. They're not going to be able to give us any grief about what we're doing.

So while they're busy, the civil liberty groups, they're going to be putting out other fires. This is our chance to launch this feature in our glasses.

---

JAMES. It's astonishing, isn't it? It's genuinely jaw-dropping stuff. It's quite a launch strategy, isn't it?

This is the sort of stuff that villains write in movies for six-year-olds to make sure that they know who the bad guy is. Just to first react as a comms professional, this is exactly how not to do it. This will go into training as being comedically dumb.

This is the worst PR since on 9/11, a Labour spad said, "Today is a terrific day to bury bad news" and ended her entire career, that of her colleagues and that of her boss. And rightly so.

This is rubbish. I mean, also, the civil liberties groups are delighted because they've all put out fundraising claims off the back of this and promised to make sure they will be glued to Meta. It is utterly idiotic.

---

GRAHAM. They suck at this. So the civil liberties groups, they're all deciding we're going to leave one person back at the office just in case today's the day that Meta launches the glasses.

---

JAMES. Yeah, sort of designated survivor just staring at Facebook. So just firstly, terrible PR. Second, the worry for me is someone who sort of goes, look, actually accountability and sort of rights and expressions.

We need some ability to be able to take pictures or video in public. That shouldn't just be licensed and authorized. That's actually a tool for autocracy.

I worry that idiotic overreach like this is how we lose those rights that my job relies on, that expression relies on. I do think there is such a huge difference in loading out facial recognition like this. And I think it's awful. I think it's intrusive. I think it's invasive. I think it's bad.

And the thing that strikes me is they want to do it because they think it sounds cool. They don't have a case for this. What is this supposed to be good for?

Why does a normal person going about their day need to be able to facially recognize a stranger? What is the legitimate use case to go against the huge invasiveness and creepiness factor here? And they haven't even bothered to come up with one.

---

GRAHAM. So one of the things which they're thinking of doing, apparently, to help launch the product is to begin. And again, I'm going to quote their word, is to wash the product launch through the disabled community.

So their planning, they said, was to first introduce this facial recognition as an accessibility feature at a conference of blind users before unleashing it on the general public. That was how they were hoping to weave it in. People who are blind, people who have low vision, they're going to try and sell it as a feature to them.

---

JAMES. I mean, it's everything about accessibility done wrong, isn't it? I mean, there is a regular complaint. I'm a little bit more familiar with the sort of deaf community than people with visual impairments but a lot of stuff comes around things that people who don't have the disability think people with it would like, right? Or tools that they think you would need that you don't.

So I've grown up in a house with a largely deaf father for example and a lot of things people think you'd need an indicator light or whatever for you can just wave or you stand on the right side or you set up your house in certain ways. And so people come up with all sorts of deaf tools that it's like, well, if you ever spoke to a deaf person for 20 seconds, I could tell you this is useless.

What do people need versus what does someone, you know, someone's built a tool and then wants a use case for it, wants to be able to say, oh no, but you can't be against this because that smacks of something that they've decided oh well blind people yeah that's who will use blind people. And especially when you're saying washing through it just very clearly has nothing to do with the actual use case.

It is they think glasses are cool, they want a market for this and they are looking for a PR strategy because they know that there'll be a terrible public reception. They're not even good at being

---

GRAHAM. cynical. It feels to me like Mark Zuckerberg is using people with visual impairment as a human shield to soften the PR launch of this mass surveillance feature, which is going to be used by creeps and people creating TikToks.

---

There is

JAMES. serious creepy potential. I think people should be alarmed at facial recognition in this and should push back. And all power to the civil liberties groups.

I might up my donation to them. But it's a rubbish product. I keep wanting to say crap, and I'm not sure if you have.

Sorry, they're crap. You can say it. They're dreadful.

I am just generally reminded that Facebook hasn't launched a good product in years. And the last good product it launched was Instagram Stories, and that was a direct ripoff of Arrival. And I just don't think this is the one.

---

GRAHAM. I have to say, of course, there are legitimate purposes for this. One of the reasons why ICE agents in the States might be covering their faces is because I'm sure people are protesting about what's happening in the likes of Minnesota.

Some of them will be wearing the likes of Meta glasses in order to film what is going on. So you can put this technology to uses which I think were acceptable.

Well, Meta apparently is working on an enhancement to Meta glasses. They are internally calling something super sensing glasses.

These were glasses which would continuously run cameras and sensors to keep a record of your entire day. Always on, always watching. It's a bit like having a dash cam on your face. So everything would be recorded.

Again, I don't know how they're going to do that battery-wise. I don't know how people are going to feel about it. I don't know who's going to buy such a thing.

It does seem to be pushing the bounds, I think, of some of their earlier agreements with the FTC. It's a fascinating article in the New York Times.

I'd recommend people look at it because it does appear that Meta is really trying to push the limit a great deal. They did introduce a risk review process, internal privacy risk review process, as part of the most recent FTC judgment.

And it seems that they are trying to water that down considerably in the last 12 months or so. And I think it's something we have to keep an eye on because, well, they've been fined $7 billion already. But apparently the lesson seems to be learnt that all they need to do is be sneakier next time.

---

JAMES. I think the good faith era for Meta and Facebook passed a while ago, didn't it?

---

GRAHAM. Yes, yes, many years ago perhaps. OK chums, hands up if you've ever clicked a dodgy link and then immediately thought, oh no, I've just handed my entire life over to a bloke in a tracksuit somewhere.

Don't worry, you're not alone. That's why adaptive security exists, to stop your staff from doing precisely that.

Adaptive Security is the first cybersecurity company backed by OpenAI, and they provide proper security awareness training that doesn't feel like death by PowerPoint. We're talking real-world examples tailored to your company with phishing, vishing, smishing, and yes, even AI deepfake scams all covered.

If someone tries to ring up accounts pretending to be the boss, your team will be ready. And their phishing simulations aren't just any old click this fake delivery email malarkey, you can help prepare your team for advanced social engineering attacks via email, voice, SMS and video, which take advantage of the sort of information attackers could actually dig up about you and your staff.

And now Adaptive's new AI content creator helps security teams instantly generate custom training by just pasting in a news article, whether it's a breaking threat or an internal policy update, Adaptive can spin it into interactive multilingual training in seconds. So if you'd rather your employees didn't become the weakest link, head over to smashingsecurity.com slash adaptive.

That's smashingsecurity.com slash adaptive. And thanks to Adaptive Security for supporting the show.

James, what's your story for us this week?

---

JAMES. So I've been digging around the issue of tech sovereignty. We've had the Munich Security Conference recently, and of course, we have a land war in Europe. It's not just a cybersecurity event, it's all the politicians talking security.

But one issue that comes up quite a lot is, as we have these clashes between the US and Europe, what would happen if Europe really fell out with America? What if the Greenland situation had got worse and we start being in a full-scale trade war?

The US has got this incredible soft power over us in that they can essentially turn off access to their online tools. Some human rights groups and activist groups get sanctioned by America and they suddenly find the internet's almost unusable.

You can't access Gmail and Office and obvious tools. But trying to get a web stack, trying to get anything like that is quite nightmarish.

And it turns out, essentially, the internet is American territory. And so Europe's actually doing this quite big set of initiatives to try and address that.

And that started with data sovereignty, actually in the wake of the Snowden stuff, saying that if you were processing information on EU citizens, you should store it within the EU. I think to essentially try and make backdoor access by America or other countries more difficult, to make physical regulation easier, that sort of thing.

And it seems to have been relatively successful. Big tech kicked off about it and then broadly complied with it.

The UK, our data has all gone back to America now. It was an EU service and post Brexit we're back to the lower tiers of protection although there's complexities around that. Data protection law is never thrilling.

---

GRAHAM. And unlike Europe which is building up its own platforms, the UK appears to be very comfortable signing huge deals with American tech companies. We're getting into bed with them much more.

---

JAMES. Yeah, so Europe's now trying to go well that worked for data, can we do it for the actual technology? And so they're trying to do things like lighter touch regulation for startups.

You know, if you're an American startup, you can access a home market of 300 million people with one regulatory regime. If you're Europe, you've got 27 countries, about 30 different languages, 27 different regulatory regimes.

They're trying to at least make it easier by saying until you get to a certain size, here is one lighter EU-wide regulatory regime. Here are some investment funds.

Now, I'll add the brief caveat. None of this has really worked yet. There isn't an amazing European tech startup scene. There aren't alternatives to most of these providers, but they're trying. And it's better to start late than never.

As you say, the UK is kind of doing the opposite. Just as these relations are getting trickier, as it all looks quite fraught, we have signed defense deals and health deals with Palantir.

We've signed a big tech prosperity partnership with the US which very much ties together our AI scene. Because we've got one of the biggest AI startup environments, AI networks in the world outside America, but it's very tied into the American ecosystem and it's now signed in by treaty.

We are essentially signing ourselves as a bit of a US dependency.

---

GRAHAM. Just to correct one point, James, Palantir, I don't believe it's US-based, is it? I believe it's actually based in Mordor, isn't it?

---

JAMES. I apologize for the error.

---

GRAHAM. The CEO Saruman will be the one looking after our health data.

---

JAMES. Well, of course Saruman is in fact being controlled by Sauron there because even one of the Valar can't look in without going to madness. God I hate the amount of Lord of the Rings lore you have to know to cover tech these days.

---

GRAHAM. I think it'd be fair to say that things aren't running along quite as smoothly in the world as maybe they used to be. There's obviously been huge injustices and horrible disparities in terms of what's going on in the world.

But things do seem less stable for one reason or another at the moment. And it is a frightening time.

And it feels like our desperate desire to try and reboot the British economy and at the same time not be seen as being too chummy with Europe, in case that puts off some of the voters, is leading us down a particular path. Where we will do anything to put a huge amount of money into the pockets of some tech bro in California.

---

JAMES. Just all smacks a bit of incoherence. You know, you've got a government that does say it wants closer relations with Europe and the EU. It wants to do defence cooperation with the EU.

But then we didn't get in SAFE, which was the big procurement round on defence, even though Canada managed it. So when Canada can get into a European defence initiative and the UK can't, you've got a mess.

When you sort of say that we want a startup scene, we want an independent tech scene, and then we tie into America, it just feels very scattergun. And in the absence of a strategy, they end up just grabbing on whatever moves and also hoping to not antagonize Donald Trump.

And so it feels like Europe is at least trying to do something a bit distinct and perhaps a bit more interesting. You know it will be good for everyone to have a more balanced, you know a more globally balanced internet.

You know the only major tech company that isn't American is TikTok and it's Chinese. Yes, you know Europe is the biggest economic continent, we are still a very significant global player and we just don't exist in the digital world.

And the UK just seems to be resigning itself to an American internet and to essentially being a bit of a vassal state of that. And it seems to lack in imagination to me.

You know, I'm very much not doing a let's shut off the internet and have a British internet for British people. The great British internet. Yes.

But it feels like we could have a little bit more imagination here and a bit more resilience as well. I do think when we are in these times, it feels quite fragile to me to have so much dependence without alternatives on the American stack.

---

GRAHAM. Especially if there's someone fairly temperamental in charge of part of the relationship who, you know, may vacillate somewhat as to who is his friend that particular week. I mean, to put this in really simple terms, if you were going to school, for instance, right, if all of your homework and your photos and your messages were stored on your mate's computer, and your mate suddenly decided that they didn't like you anymore, or their parents made some new rules, you'd really be in real trouble, wouldn't you?

What on earth would you do? You'd be up Schitt's Creek without a paddle.

---

JAMES. Yeah, and it is that reminder. The cloud is just always someone else's computer.

And we are entirely reliant on America for pretty much every bit of the stack. And even the bits that don't look like it behind the scenes are almost all American too.

And that's fine if there are alternatives. And at the moment, there aren't.

And it does feel like both politically, there's potential growth in here, there's potential jobs in it, there's economic reasons, but there's certainly security reasons. At the moment, institutions are just forced to be completely reliant on the whims of an American administration that has shown it is willing to use almost every bit of leverage at its disposal.

And we're sort of lucky that Trump doesn't understand the internet and is kind of in hock to big tech donors that he hasn't realised quite the potential of online soft power at his disposal because if he was leveraging sanctions and a little bit more it actually might be even more damaging and even more coercive than everything he's tried with tariffs.

---

GRAHAM. Oh James don't give him ideas.

---

JAMES. Well, it's someone worse could come along next. You know, if Trump had a coronary tomorrow, we've got J.D. Vance and who knows what he would try.

And so I don't like our security and our sort of digital future. It's guarantor is Donald Trump. That doesn't feel great, does it?

---

GRAHAM. Okay, before we go any further, we've got time to chat quickly about one of our sponsors today, Vanta. So a question for you. What do you worry about at two o'clock in the morning when it comes to your company's cyber security?

Is it, do we actually have the right controls in place? Is it, are our vendors quietly on fire? Or the truly terrifying one, why are we still trying to do all this with spreadsheets?

Well, if that sounds like you, enter Vanta. Vanta takes all that painful manual security busy work, chasing audit evidence, filling out questionnaires, updating the same spreadsheet for the thousandth time, and it automates it.

Their trust management platform continuously monitors your systems, pulls everything into one place, and helps keep your security program audit-ready all of the time. And yes, it uses AI, but in the useful way, flagging risks, streamlining evidence collection, and fitting neatly into the tools you already use.

So you can move faster, scale with confidence, and maybe even sleep through the night. Get started today at Vanta.com slash smashing.

That's V-A-N-T-A dot com slash smashing. And thanks to Vanta for supporting the show.

And welcome back. Can you join us at our favourite part of the show?

The part of the show that we like to call Pick of the Week. Pick of the Week.

Pick of the Week is the part of the show where everyone chooses something they like. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app.

But whatever they like, it doesn't have to be security related necessarily. Well, my pick of the week this week is not security related.

My pick of the week came across my eyeballs because I wandered into my living room and my lovely wife was there watching a movie. And I had a laptop and I was doing a bit of work and she was watching this movie.

And I sort of caught my attention. I looked up and thought, oh, this looks good.

And I started watching. I started to forget my laptop.

After a while, I stopped doing any work at all because I was watching a movie which came out in 2019, which I hadn't seen before, called Just Mercy with Michael B. Jordan and Jamie Foxx. And this is the story.

Turns out it's a true story. The story of a lawyer called Bryan Stevenson and specifically his defence of a man called Walter McMillian, who had been wrongly convicted for a murder.

A jury chose to sentence him to life in prison, but a judge overruled and sentenced him to death. And Bryan Stevenson is an extraordinary fellow.

I watched his TED talk earlier today and it's great. There he is fighting for justice and for people who found themselves in a particularly ghastly situation.

And one of the things that you realise is, well, he was railing against a world which seemed to treat you much better if you were rich and guilty than if you were poor and innocent. And there does seem to be, once again, a real imbalance in terms of who is on death row and just how many of them indeed turn out to be innocent.

It's an alarming number as he put it in his TED talk. If we were to take that statistic and apply it to air flights, none of us would get on planes.

We'd ask for there to be a proper examination as to what on earth was going wrong. Just Mercy is a terrific movie and I would recommend it and that is my pick of the week James.

---

JAMES. What's your pick of the week? Mine feels very trivial after that one but I'm going to recommend The Residence which is on Netflix and it is a very light cozy murder mystery but it's set in the White House on the night of a state dinner.

In fact a state dinner for the Australians at which Kylie Minogue is performing and she does an excellent series of cameos. You are reminded that she used to be an actor of course she started out on Neighbours and she's delightful in it.

And it's not very complex, you know you're not going to sort of go oh this is the cleverest mystery I've watched but it's quite fun. It also as someone who you know I've worked in America, I've been a reporter out there, they have got such an accurate layout of the White House and how it all works and all of that.

It's a fictional president, it's a fictional staff, you're not going to get any heavy politics. It's got the obligatory sort of quirky detective figure who's a sort of woman who is very obsessed with bird spotting.

It's entirely irrelevant to the plot but the president's married to a man, you know it's a gay couple. So it's all very escapist, it's all very sort of light other than being a murder mystery and it was just quite delightful sort of eight episodes.

You know I at the moment I sort of sometimes feel like you need something very escapist quite silly and it's really ticked the box. I was kind of delighted by it so I cannot claim it's got anything like the worth or the the public value of yours but it is quite good fun.

---

GRAHAM. Don't worry about that James. I am grateful to you because we needed a bit of frivolity, you know this has been a terribly serious episode of the podcast.

I think we needed something a little bit frothy just to pep people up at the end of the show so I'm very grateful to you. And that just about wraps up the show for this week.

Well I am off up to Newcastle where I'll be speaking at the NHS's Skills Development Network conference. If you see me there come up and say hello.

Thank you so much James for joining us. I'm sure lots of people would love to follow you online and find out what you're up to?

What's the best way for folks to do that?

---

JAMES. The best way is James R. Ball on Blue Sky or JamesRBall.com for my newsletter.

---

GRAHAM. And you can find Smashing Security on social media as well. You can find me, Graham Cluley, on LinkedIn and Blue Sky and Mastodon.

And don't forget, to ensure you never miss another episode, follow Smashing Security in your favourite podcast app, such as Apple Podcasts, Spotify and Pocket Casts. For episode show notes, sponsorship info, guest lists and the entire back catalogue of 455 or so episodes, check out smashingsecurity.com.

Until next time, cheerio, bye bye, goodbye.

---

Announcer. You've been listening to Smashing Security with me Graham Cluley, and thanks so much to James Ball for joining us this week, and to this episode's sponsors Adaptive Security, Vanta and Passwork.

And of course I have to thank those fellows over on Patreon. Smashing Security Plus is what they have signed up for, which means amongst other perks such as getting the episodes early and without ads, they also have the opportunity to have their names read out at the end of the show.

So I'm going to reach into the hat right now and pick out a few of them. Who have we got? Kenneth Ingham, Kajetan Kazimir Shak who sounds like he should be conducting a symphony, Dave Ellison who always knows where his HDMI cable is, Greg Bailey, Henry Walshaw, the solid and dependable Justin Dale, David Smith or is it Smythe? He has a Y in it just to confuse podcast hosts, I suppose.

And finally, someone who just uses a single letter J, clearly operating on a need-to-know basis.

Well, would you like to hear your name read out at the end of the show from time to time? Join Smashing Security Plus. Go to smashingsecurity.com/plus to sign up there. Costs as little as $5 a month.

Of course, I realise not everyone can stretch that, and that's absolutely fine. What you could do instead of that is you could go and tell your friends, or you can leave us a five-star review. You can like, you can subscribe, whatever you wish. Just spread the word, and every little bit helps.

I really appreciate it, and I hope you will be doing just that, and we'll be tuning in to the show next week. Until then, cheerio. Bye-bye. Thank you.

-- TRANSCRIPT ENDS --