.png)
Law Have Mercy!
Law Have Mercy! isn’t just about the law anymore—it’s about life, business, health, and everything that sparks curiosity. Join Personal Injury Attorney Chaz Roberts as he dives into candid conversations that mix legal insights with lifestyle tips, entrepreneurial wisdom, and personal growth. From breaking down complex legal issues in simple terms to exploring the challenges and triumphs of health, business, and beyond, Chaz brings his unique perspective and passion to every episode.
Whether you're here to learn, laugh, or find inspiration, Law Have Mercy! has something for everyone. Just remember: the opinions of our guests are their own, and nothing on this podcast is legal advice or creates an attorney-client relationship—it’s all about entertainment, exploration, and empowerment. Let’s make it fun!
Law Have Mercy!
TikTok Bans and Digital Privacy: A Deep Dive with Cyber Lawyer Sarah Anderson
Sarah Anderson returns to the podcast with revelations that might make you rethink your digital security strategy. As a cyber lawyer with military experience and eight years in the field, Sarah brings authority to her warnings about the impending TikTok ban and why it matters more than you might think.
The conversation starts with a vindication moment – Sarah correctly predicted TikTok's ban trajectory over a year ago. She walks us through the complex legal battle involving First Amendment challenges, Supreme Court decisions, and the fundamental national security concerns surrounding Chinese-owned applications. Beyond just TikTok, she explains how ByteDance's ownership extends to other popular apps like CapCut, creating a broader security issue many users haven't considered.
Perhaps most alarming is Sarah's breakdown of how cybercriminals have evolved. Gone are the days when broken English in a phishing email would give away the scam. Today's threats use AI to create perfect replicas of legitimate communications, while corrupted documents bypass security systems entirely. When Sarah reveals how hackers are specifically targeting children's information – creating what she calls "virgin PII" – the stakes become painfully clear for parents everywhere.
The podcast takes a particularly fiery turn when discussing cyber insurance. Sarah exposes how insurance companies stack the deck against businesses through panel vendors, conflicts of interest, and pre-negotiated deals that often leave clients vulnerable even after paying substantial premiums. Her passion is palpable as she advocates for businesses to understand what they're actually purchasing and how to protect their interests when disaster strikes.
For those looking to take action, Sarah introduces Project Green Wall, her initiative to bridge the knowledge gap between technical staff and business leadership. With practical training designed for non-technical decision-makers, she's creating pathways for organizations to better understand and mitigate their cyber risks without getting lost in technical jargon.
Whether you're concerned about your family's digital footprint, managing a business in an increasingly hostile cyber landscape, or simply trying to make sense of the latest security trends, this episode delivers crucial insights from someone who's been in the trenches. Listen now to arm yourself with knowledge that could save you from becoming the next cyber statistic.
You can learn more about Sarah’s work at Legally Cyber and Project Green Wall.
You can watch most full episodes of Law Have Mercy on YouTube!
For more FREE legal tips, check out our social channels:
Instagram - @chazrobertslaw
Facebook - Chaz Roberts Law
TikTok - @chazrobertslaw
LinkedIn - Chaz Roberts
If you are in need of legal guidance, visit our website: https://www.chazrobertslaw.com/
This show is co-produced by Carter Simoneaux of AcadianaCasts Network, Chaz H. Roberts of Chaz Roberts Law and Kayli Guidry Bonin of Beau The Agency, and Laith Alferahin.
All right, chaz, just give me a clap real quick, or just one, three, two, one. Hey, chaz. Back again with another episode of Law have Mercy. I'm bringing on one of our favorite guests. She's a repeat guest, sarah Anderson. She owns a law firm, swa Law LLC, also known as Legally Cyber. You got it All right. She is a cyber lawyer. She has an extensive background. She worked in the military. She's still active duty.
Speaker 2:No, I'm in the reserves.
Speaker 1:Reserve duty. All right, let me start that over.
Speaker 2:Okay, so I'll make it easy All right. I'm a reservist. I was the cyber law judge advocate for the state of Louisiana. I've been doing cyber law for about eight years, which makes me like a great grandparent.
Speaker 1:Cool Ready. Hey, this is Chaz back again with another episode of law have mercy. I'm bringing back one of my favorite guests and a good friend of mine, sarah Anderson. She owns legally cyber SWA law LLC. She's a cyber lawyer, she's a military reservist. She's got a ton of experience. She is one of the foremost experts on cyber law in Louisiana. That's pretty high praise, but it is true, sarah. Thank you so much. We're going to hit TikTok. You came all this way from Baton Rouge to collect your flowers because you were right on TikTok over a year ago when you said it was going to get banned. And I'm like, well, wait a second. I don't know if that's completely accurate because it's technically not banned and you said hold up, wait, wait till April. And so we're going to talk about that. Absolutely, we're going to shit on insurance companies.
Speaker 2:My favorite activity.
Speaker 1:Good, we have something in common and we're going to talk about a lot of cool stuff. Welcome to the podcast.
Speaker 2:Thank you so much, Chaz. It's always so good to see you.
Speaker 1:It is. We got to visit before and you and I studied for the bar together. We're good friends in law school we were neighbors.
Speaker 2:We partied together, don't gloss over that.
Speaker 1:No no.
Speaker 2:I was with you when you met your wife.
Speaker 1:Yes, you were.
Speaker 2:Gosh, isn't that crazy. That is crazy, and now like and like, you know, my husband.
Speaker 1:And your husband was in my section.
Speaker 2:Yes, and you guys played sports together in law school. I mean like it's just like it's a little incestuous, but in a good way.
Speaker 1:It is, it is.
Speaker 2:And now there's five kids between us.
Speaker 1:Two.
Speaker 2:All boys, all boys, all boys.
Speaker 1:And that means I have two and you have three, right, yes, and you have twins.
Speaker 2:Yes.
Speaker 1:How old are your boys now?
Speaker 2:They'll be 11 in April. Really so next month, yeah, okay, and then the little man will be seven in June.
Speaker 1:Seven.
Speaker 2:That's a little man and so I feel bad for him because it feels like a six-year-age gap, because he's like trying to, like you know, play basketball with him and you know he can't even reach the 10-foot hoop.
Speaker 1:Yeah, are your twins the same? Do they have the same interest?
Speaker 2:They don't play all of the same sports, so that's super fun. As I told you, I was trying to get one back into soccer because his brother plays, you know, competitive, whatever it's called today.
Speaker 1:Yeah, well, maybe that military training helped with logistics.
Speaker 2:Yeah, well, we have a nanny, so that was like you know.
Speaker 1:Oh.
Speaker 2:Yeah, and apparently I only hire like the hottest nannies.
Speaker 1:Yeah, big flex, and I can't figure out why I like to keep doing this Beth and I have tried to babysitter because we're always we bring the kids most places and so we can't keep a sitter. You know we use them once every so often.
Speaker 2:You gotta do it. It's gotta be an everyday thing, it has to be an everyday thing. Yeah, they gotta know that like it's a steady stream of income just like any other job.
Speaker 1:Yeah, but like Beth's current Beth is a stay at home mom, so you know it's hard to justify having a nanny too, and we have a big hole in our backyard, aka a swimming pool going into we just put ours in. Oh really, is it done?
Speaker 2:It's done. It's been done for about like three months now.
Speaker 1:Yeah, you enjoying it.
Speaker 2:I have not been in it but we have a heater.
Speaker 1:You are enjoying it.
Speaker 2:Yeah Well, we have a heater.
Speaker 1:Okay.
Speaker 2:Which you're getting a. Okay, money well spent.
Speaker 1:Okay.
Speaker 2:The kids have been using it off and on throughout the winter. Oh yeah, I'm not getting in it because I it's. It's another babysitter, it's a very expensive babysitter. Yes, it is yeah, that you just stick in the water, but when they're not in town, or if our next door neighbors have a pool, so it's like I feel like that's their pool is the adult pool and our pool is a kid pool.
Speaker 1:I love it. So, uh, the first thing I want to talk about is TikTok.
Speaker 2:Let's do it.
Speaker 1:You came in and said I believe you said that TikTok was going to get banned.
Speaker 2:Yes, I did.
Speaker 1:Because it's a Chinese-owned company.
Speaker 2:Yes.
Speaker 1:And you scared the crap out of me because you said that anyone that has TikTok TikTok's basically going to have access to all your apps, all your passwords all your information, not gonna they do they do they do. I'm still holding out hope that you were wrong. That's okay. And then some things happened, I think before Trump's election, where it was actually banned.
Speaker 2:Yes, because I was right.
Speaker 1:Because you were right. I just want to throw that out there, you were right. And then Trump comes in and I think it was offline for what? A day or two.
Speaker 2:Yes, you cannot re-download it right now. So it's actually the app stores are not hosting it, to my last knowledge. I haven't tried to download it, but if you have an existing account it's still good, which actually created a black market workaround to download it, and a lot of people actually flock to Red Note, which is a another Chinese based application that has a similar algorithm. Um, but it is like before TikTok span. It was like not using United States and then, like overnight, it had like 700,000 us base.
Speaker 1:It was number one in the in the app downloads.
Speaker 2:Oh, yeah, it was rocking it.
Speaker 1:Okay, so late, true or false? Late told me that the um there was a market on eBay of cell phones with TikTok downloaded on it.
Speaker 2:That is absolutely 100% correct.
Speaker 1:And so people were making money selling iPhones with TikTok on it because you couldn't re-download TikTok.
Speaker 2:Bingo and it's about to be banned again. So I think it's every time anything has a prime number in it. I completely can't track it. So it's either like the 5th or the 7th or something like that April that it's going to be banned again. It's scheduled. So what happened was.
Speaker 2:What happened was that it got officially banned in 2023, november of 2023, it announced the ban and it basically says hey, tiktok, you have and I forget the effective date of the act itself, but it was basically like you have until January 19th of 2025 to either sell, like divest, tiktok to a non-US adversary. So the US adversaries there's four or five it is Iran, china, russia, north Korea and I feel like I'm missing one. So, but anyways, and that's listed in another statute, in Title X so basically says, if a app or and it's not just to TikTok, and that's the big thing I want people to notice, and I also wonder sometimes if the government knows that it's not just TikTok, because TikTok's parent company, bytedance owns a bunch of other applications like CapCut, right, and so any application that is owned by them is that has a certain number of users monthly users in the US and allows people to kind of like interact with each other and there's other metrics to what constitutes a qualifying.
Speaker 2:App was supposed to be gone or sold to a US based entity like real controlling interest, everything like totally divested from its Chinese-based ownership, because China is an authoritarian-based government, so every single Chinese-based business is subject to the authority, even if it's privately owned, of the United States I mean not of the United States of the Chinese government. So that was the real concern Even though ByteDance is private, it's subject to the control of the Chinese governmental regime.
Speaker 1:Because essentially it can nationalize, yeah, whatever it wants to.
Speaker 2:And they do, and I mean it's not ineffective. I mean I wouldn't want to live there, but it's not ineffective, you know, for the government's purpose. But my point is is that, like they gave them until January 19th 2025, they did not get any movement on selling this thing because there's only so many entities that have the cash to buy it and also, if you're China, there's no price Like good luck getting this out of my cold dead hands. You know they had the upper hand the entire time. It doesn't get sold. Trump issues an executive order first or second day in office after the Supreme Court upheld the right to the ban. So the ban was challenged by TikTok itself, because it does have a US-based organization, tiktok Inc.
Speaker 1:What is it that the challenge is based on? First Amendment free speech.
Speaker 2:Yep, it's First Amendment, free speech and then whether or not that the ban was strictly construed enough to address the national security issue in front of the Supreme Court. And the Supreme Court came down and said well, one, it's in a federal legislation now, so it's not just a free speech, regulatory issue and also there is a compelling national security interest that is sufficiently tailored to other existing laws, like the list of foreign adversaries. And so they found it was narrow enough and it could proceed, and so the ban was going to go into effect. Trump paused it, but he only paused it for 75 days, and he also via executive order, which, depending on how you view it, may not be effective enough to trump the existing legislation. A US-based partner to partner with China to allow TikTok to proceed is what he's giving 75 days for.
Speaker 2:There's been almost no news updates to see if there's been any progress on that front. I'm not sure if there will be. So as of April like it's like 5th or 7th, whatever day it is the ban will go back into effect and it should shut down and, based on the statutory penalties that will be imposed on your internet service providers telecom providers like Verizon, at&t, comcast, Cox, right they will stop allowing access to TikTok, and which will only cause people to flock to Red Note. But technically, red Note follows under the same law.
Speaker 1:They just have to challenge it. They haven't challenged it, yeah. So what would possess the Trump administration to allow TikTok to have more time?
Speaker 2:What would incentivize the administration, one that it's extremely popular with people. I think there's been a lot of turmoil with the first 100 days of the administration, so if they want one less battle, they might extend it If they have a legitimate contender. 75 days for a corporate transaction is not a lot of time, especially when you're probably talking about billions and billions and billions of dollars, not a lot of time, especially when you're probably talking about billions and billions and billions of dollars.
Speaker 2:And then if there was a you know, allied uh, allied country to the United States, like a UK and Australia, a France or something like that that had a one of their domestic entities domestic to them, not to us I was interested in buying it. That might cause the administration to pause, reconsider the issue, because there's a big difference between a foreign adversarial government and an ally government. So I don't think we've seen the last of this. I don't think it negates any of the security threats and it also. I have a big issue with social media and children, tiktok specifically. The Massachusetts attorney general actually sued TikTok for basically marketing an intentionally addictive and abusive product. So he's basically taking TikTok and analogizing it to smoking or crack or whatever it is, because they specifically market it to teens and kids and given like the brain chemistry and I'm not a neurologist, but they say they make it intentionally addictive they uncovered actually some pretty damning internal TikTok material that you know disregarded the harmful effects on children. The United States Surgeon General twice has come out and said that it's very dangerous to kids, manipulates their brain. It also causes a lot of mental illness and we've actually seen some deaths in children regard to TikTok, like the blackout challenge. It was a little girl, I forget which state she was from 13-year-old girl died from the blackout challenge challenge, trying to black herself out and ended up strangling herself in her mother's closet. So there's actually, and there's actually been product liability actions against TikTok for similar, you know, violence, death, just some of the stuff it incites. So and there's been no regulation.
Speaker 2:And then there's also in the United States the Communications Decency Act which basically says like, like a Facebook and a TikTok can't be responsible for what their content creators put online, because that's free speech.
Speaker 2:So you've just got a lot of legal issues at play.
Speaker 2:But at the end of the day, regardless of how those shake out and I'm not the Supreme Court and I'm not the Fifth Circuit, you know my opinion is keep your kids off of it and start to wean yourself off it, because it's either going to go away this direct way of hey, there's a technically a federal law in effect under Title VI saying bye-bye, right, and it's eventually going to get enforced or it's only going to be damaging in one way or another to you and or your family. So I'm a big believer of like, let's step back If you're looking for a replacement. This is in no way a you know go meta kind of thing, but meta has a family center. A lot of states are requiring including the state of Louisiana, which becomes effective July 1st 2025, age verification measures before a child can join social media and that will start to be aggressively enforced. I've heard that from Attorney General Liz Murrow herself. She's taking that very seriously and other states are starting to enforce them all over the country.
Speaker 1:Well, I would say, look, there's a lot to unpack there.
Speaker 2:Sorry, I know it's not the most fun. Maybe I'm not a great podcast guest after all.
Speaker 1:No, that was fantastic. But look, have you seen YouTube Reels? Yes, they're just as addictive. Yes, absolutely, and their algorithm is on point. Yes, they call it the TikTokification of social media, where it's more organic and interest-based than your community or friend base.
Speaker 2:Yes.
Speaker 1:Okay, so the algorithms are so complex now and so smart now that they know what you want to see. Oh, absolutely, I'll be damned. Tiktok nails it every time I'm on it. I know, I know I didn't realize I wanted to see this cover of Pearl Jam. Right, yeah, but it's so damn good.
Speaker 2:I watch a lot of cake decorating on Instagram. I don't know what my deal is, but like if someone's coloring, I'm gonna watch that.
Speaker 1:Yeah, it's incredible. But, look, my kids will get on YouTube and I delete the damn app off TV and they find a way to get back on it and the parent controls aren't strong enough on the Samsung TV. But to me, the YouTube reels. My kids don't mess around with TikTok, right, because it's on our phones. My wife likes TikTok, I like TikTok, I like Instagram reels. I think I'm pretty damn prolific on Instagram reels and TikTok reels from these podcast clips. But I say all that to say, look, I've learned a lot from these reels. But YouTube, look, they can get rid of TikTok because it's a Chinese company. Youtube's doing the same thing.
Speaker 2:YouTube is absolutely doing the same thing. However, here's the difference between YouTube and TikTok is YouTube is owned by Google, which is here, and so eventually there is reach as needed to get to them.
Speaker 1:Yes.
Speaker 2:And, in fact, the Federal Trade Commission has made it very clear that they have no issues with issuing multi-billion dollar fines In 2019,. They issued a $5 billion fine against Facebook and are collecting it, so that's the difference is, the US government and the states can eventually reach them.
Speaker 1:Yes.
Speaker 2:Whereas if you want to get at TikTok you've got to go through like the Hague convention, and then you got to go before a Chinese judge.
Speaker 1:It's not going to work.
Speaker 2:It's not going to happen and you're not even going to get a visa to go over there to deal with it. You know, like it's just never going to work out. So that, I would say, is the big difference. There are ways to protect your children very easily. We have we allow a little bit of YouTube, uh, but we have very strict parental controls. There's private apps that, some of which are very effective, um, that I can recommend to you if you want, and that impose time limits on individual children's devices, including your television sets, and we'll also filter out what they can find on YouTube and sends me an alert so I can actually see every reel that my children have watched and I can see everything they've searched for, um, and I can block it, and I will tell you when I'm pissed. First thing I block is YouTube, quickly followed by Roblox.
Speaker 1:Tell me how. How do I protect my kids from YouTube?
Speaker 2:I hate to plug a product that's not paying me, but I'm going to do it.
Speaker 1:Let's do it.
Speaker 2:All right, I mean, it's not very capitalistic of me, but there's an app called Custodio Q-U-S-T-O-D-I-O. It's green and it's spelled wonky, but it's called Custodio and that, I feel like, has been the best. Bark is a big one.
Speaker 1:You can put that on TV too.
Speaker 2:Yeah, it'll pick up anything and it just wants to know all your devices and anything that's connected to the internet. It will shut down after a certain period of time. Cool, but you have to create user profiles on the TV. So your TV does have to be of a certain age, in other words, new enough to allow it, but it will essentially shut down their access. So I get a lot of requests. I got one while we were sitting here. Mom, can I have more time, because that's a daily limit on how long you're allowed to be on that device.
Speaker 1:I've seen my kids excuse me, I've seen my kids. If I block YouTube, they are so responsive and want to play in the yard and communicate when they get in that hole.
Speaker 2:Oh yeah, they're gone.
Speaker 1:They're gone.
Speaker 2:Yeah, they don't talk to you. They're upstairs and they're on.
Speaker 1:And it takes them hours to recover, days to recover. It seems like Days to recover.
Speaker 2:I'm with you. I mean, I see it every day, and so it was interesting. When the Massachusetts Attorney General basically called social media a drug, he was primarily maybe it's a she, I can't remember when the AG was targeting TikTok specifically, I was like man, there's a lot of drugs out there and I mean it a lot of. There's a lot of drugs out there and I mean it's bad for their brain development. It creates a pattern of, you know, dopamine release that is not healthy for the long term and so it is a I mean. But I'm guilty because sometimes, like I need a tablet, I need you to be in front of your tablet, engage, so you can shut the hell up for a minute, so I can get my shit together yeah, like it's the reality right yeah, but hopefully the pool will replace it at least somewhat.
Speaker 1:Yeah, and, and, and our kids like playing outside, Our kids like playing sports, and so it's not like they're just glued to it. But once you know and, and and my son, my oldest son, I took YouTube away from him. He said, dad, you don't understand. I'm in third grade and if I don't play, I'm sorry he's. The kids at school are talking about things and I don't know what they're talking about. So that's like their TV. Yeah, Right, the same as water cooler talk for adults. Like they talk about these things on YouTube. And if they don't watch daytime television, right? No, there is.
Speaker 2:I mean, I think my husband might be the only person left who watches television. We have YouTube TV and he watches like actual, like he still watches episodes of diners, drive-ins and dives.
Speaker 1:Flavor Town baby.
Speaker 2:He loves it. He's like oh, is Guy Fieri on and Bar Rescue with that guy, that's yelling all the time, john Tapper. Yeah, I mean Ben's in love with him.
Speaker 1:Shut it down. He loves it. He might be the last person that's watching this, I do that and we do Bravo, we do Southern Charm and Summer House.
Speaker 2:Summer House. I cut off the housewives. I can't only take you screaming at each other so long.
Speaker 1:I can't. I got enough drama in my life. I don't need to hear about these yappers.
Speaker 2:Yeah, I've cut out a lot of it. I've gotten really into sport docs and there's a new one on HBO Max about the Celtics the Boston Celtics which has Jason Tatum on the team, and so after watching the Netflix series on like basketball players, you know they got interested in Jason Tatum. So I'm trying to get them to sit down and watch this. So I'm pulling, I'm looking for every sport doc I can find and that's what I'm trying to get the kids into.
Speaker 1:I'm in a um class action consortium where we invest in class action cases and video game addiction is one of the hot topics, and I'm assuming that the parent companies are American companies.
Speaker 2:Most of them. Yeah, ea Sports is a big one. Gaming law, I think, is going to be another big thing. So right now, the last few years, everything's about cyber. It's moving into AI, which is cyber's I want to say first cousin by a half-sibling kind of deal. They're so related right. And then I think gaming is coming up next.
Speaker 1:Yeah, my son, my younger son, who's the more competitive one. He gets on fortnight and he could play for four or five hours straight.
Speaker 2:Oh yeah, we just got my oldest um a gaming computer. I said he couldn't have it unless he could build it. So, and of and of course he got help building it, so, um, and he's got Fortnite now and I will say he's into it. But, like he, he gets so moody, he's starting to recognize that, like it's infecting his mood and he's like I don't feel like being in a bad mood today.
Speaker 1:I'm like oh cool, that's smart. My son has said some similar things.
Speaker 2:I said hey, do you? See how I feel good Like you should try it. It's awesome.
Speaker 1:What are some of the other hot topics that you're seeing now, and this is March 2025. What are you seeing in cyber law that are threats to us?
Speaker 2:So there's a couple that and I will say a lot. So for a while there you know, I would say early 2010s a big issue was like social engineering people falling for. You know the emails that are like, hey, I'm a Nigerian prince and I need to wire funds Um, some of the basic ones that I get nowadays. You'd be surprised how many people in the UK want to leave me all of their assets.
Speaker 2:That's a big email I get like we'd love to leave you this $10 million, but you won't click on this link, so you still get some of that.
Speaker 1:I've joked about it. I said I know all my ancestors and they're all poor as shit. Yes, absolutely so. It's not me.
Speaker 2:Yeah, I'm third generation here man, and no one is Anglo. I'm an Eastern European mutt with a little bit of Middle Eastern thrown in there for fun. No one in my family has shit. No-transcript much better, and it's a large part due to the fact that artificial intelligence has removed the language barrier. So most cyber attacks don't come from the United States. Right, there's not a ton, a whole lot of cyber crimeime cells in the US. Yes, there are some, right, that are engaged, but it's more just straight-up fraud, like, speaking of the Housewives, that one that went to prison. That generally is that type of fraud, but they're coming from outside the United States.
Speaker 1:That was mortgage fraud right.
Speaker 2:No, I think she was like multi.
Speaker 1:She was selling leads about old people and putting them in like subscriptions they could never get out of which one was that which housewife jenshaw okay, I was thinking about theresa, I think they, oh, she was mortgage, I mean a lot of them yeah, I mean brushes with the law yeah you know.
Speaker 2:But then again you got. What did warren buffen say you got? You know you go down the highway with a cop behind you for 90 miles. Eventually you're going to get a ticket. Right, I'm not saying anyone should be tailing me for 90 miles, I will definitely get a ticket. But anyways, going back to it. So that's the new one is, and they're matching the colors. They are doing just incredible stuff. So, like one thing I saw that I teach in some of my presentations is Microsoft, a lowercase m is indistinguishable to the naked eye from a lowercase r and a lowercase n. So think about it If I'm doing this is a lowercase m.
Speaker 2:Can you see it.
Speaker 1:Yeah.
Speaker 2:Okay, what if I did this? How is this any different?
Speaker 1:Looks the same.
Speaker 2:Exactly so what they're doing is is they're finding ways to disguise the language, uh, that you're seeing, so that they can make the email look almost identical to what you would see from a legitimate email source. And they're doing it through artificial intelligence and there's very few giveaways without the language barrier. Right, you know you, you really have, they really have to mess up. So you have a situation where stuff is fooling the anti-spamware. And another thing that they're doing which came out recently which is just fascinating is, you know, sometimes someone will send you a document and let's say they're like really old school and they sent you, you know, a Microsoft Word document that was used with Windows 2003 or something right, and we're on like Windows 11 now and whatever Microsoft Word, when you go to open it will automatically fix all the defects in its old version and open the document for you, even though technically it's a corrupted document. But because Microsoft knows that you know they got a bunch of 85-year-old people still using, you know, their old processors from back in the day, it'll even take a WordPerfect document and automatically update and then adapt it in a matter of seconds to a new version of Microsoft Word so you can read that document.
Speaker 2:Well, what cybercriminals have figured out is that a corrupted document will survive anti-malware scanning for your email systems. So if you have MailScan Windows Defender, it's not going to catch malware that's embedded in a corrupted document, because it can't read the document coming in. So people will send you something from a legitimate source because they've been we call, pwned or hacked, right? So if it's like, if I get pwned or hacked today and Chaz, hey, I want you to take a look at this document I created. It's great. Can you review and just let me know your thoughts? Man, and they're using a natural language model, so it looks like something I might write. You know, and it's coming from a legit email address. You know your mail spam is not going to catch anything I've embedded in there because the document's corrupted and you open it, you're like man Sarah's using an old version of this crap. Oh well, thank God I got. You know good Microsoft, it opens it up and it directs you to another site, or it has a link or a hyperlink that says the only.
Speaker 1:The handful of times that I've almost been hacked has been from other law firms sending me documents.
Speaker 2:Yes, and a big one has been the Dropbox links. That's a huge one and I actually fell for one because I had worked opposite this firm closing a deal for a managed service provider client of mine. It was in a like kind of a merger of two parties. Anyways, I'd worked with this law firm but not this attorney.
Speaker 2:So I get something that says here's all the account information or here's all of the file you know from our last engagement together and I'm like oh, so I click on download the Dropbox file because I'm a professional Dropbox user and I guess they are too right and I'm like wait a second, that's not who I worked with and this is three years ago. Like I have all this and I immediately deleted, of course. Then I scrubbed my machine and all this other stuff and fortunately it all was fine. But that's another way they're getting to you is they're sending you a Dropbox link because they just need to get into someone else's email address and then they have access to you know everyone in their contacts that's already been approved. So it's like it's like why fish with a single line and a hook when you can fish with a net?
Speaker 1:What do they do with the information that they steal?
Speaker 2:So they do a lot of different things with it. They're doing the same thing that corporate America is doing with it, which is frightening, right? So one thing they're doing is they're studying us and our patterns, right? So one thing I tell people is like they're taking, once they get our passwords, they're feeding it into a model along with my demographic information and saying, okay, so this basic white bitch from you know, suburban, whatever, who's 40 years old, is probably going to use some combination of her anniversary, you know numerical address, and a kid's name or a pet's name in her password. And so they're studying those patterns so that they can better predict you know what someone else's password is going to be.
Speaker 2:The next thing they're doing is they love kids. They want to make sure that they can take all of what I call the pedigree information off of our children to go ahead and ruin their credit reports. I also call it virgin PII, but then someone said that was too sexual. But like they take the pedigree information off of our kids and they'll go ahead and ruin that kid's credit report before they have a chance to do it themselves in college, right, because who's checking their five-year-old's credit report? Nobody.
Speaker 1:No, but. But based on your advice, last time you came in I actually locked both of my kids' credit reports and I locked my own credit report.
Speaker 2:And Beth's.
Speaker 1:And Beth's Good. And so when I went and applied for a loan on a, an investment property, I had to go in unlock it, it was very easy. It's very easy, you just slide a bar and it unlocks it and you say two days, just give me two days. Yeah.
Speaker 2:They just need to pull the report. I do it all the time, yeah, so that's a big one. So they love kids, stuff, right, and they'll take all of that information. Another thing they'll do with the information is they want to see what kind of medications we're on. They want to see where we're being treated right, so they're studying us, because data is power In terms of people being so freaked out like, oh, they're going to get into my PayPal account, they're already in your PayPal account, don't worry about it.
Speaker 2:It's already happened. So that's the main thing. But then the major thing is they want to use what they take from you to escalate the situation. So maybe I'm not interested in Chaz Roberts' law, even though Chaz Roberts and Chaz Roberts' law does really well. They handle great cases, they have all this information. But I want to know who trusts Chaz Roberts, because maybe a bigger fish than Chaz not that you're not the biggest fish, right, but maybe somebody else in that chain trust Chaz maybe a massive and it may be less sophisticated may not have the, the, the firewall that I have, that I pay a lot of money for, and et cetera, et cetera.
Speaker 2:Money well spent, man.
Speaker 1:So in a classic example of this by the way, the firewall blocks at least 10 emails a day. Oh yeah, I mean, it's significant.
Speaker 2:Oh, you should see them in your quarantine. You get a quarantine.
Speaker 1:Yeah, I have a quarantine.
Speaker 2:Yeah, mine blocks Some. I don't even make it to the quarantine. Some are just automatically blocked If they come from a foreign country. They're never coming in, I'll never see them, they'll never be in quarantine, they're just automatically excluded.
Speaker 1:You wouldn't believe how many crypto transactions I have in a day that seems to be like one of the bigger ones.
Speaker 2:Well, that's the other thing people do is they want to get access to your machine. So, if you want a crypto jack, which is just the illegal version of crypto mining, it takes an insane amount of processing power, and so they need multiple computers doing it at the same time to crack the key to get the coin. So that's another thing they want to do. They just want to get to your machine because they want to turn it into their own little personal crypto mining tool. Are you serious? Yeah, I mean, it's a lot of it. It's a little.
Speaker 2:It's not as scary when you break it down, and a lot of it's just financially motivated, right, you know, just like anybody else. But the thing that does, I would say, bother me the most is the fact that they are preying on what they can glean from us to get to the next provider, because we are so reliant on all these services, right, and so I'm terrified that they're going to use me to somehow get to Entergy. Does Entergy trust me? Are they a client of mine? They're not a client of mine, but if they were and I had to log into something, they're using me to get to Entergy. And next thing, you know, I ain't got no power and I'm not one of these people who hangs out during a hurricane.
Speaker 2:I'm like get in the car.
Speaker 1:Let's get out of here.
Speaker 2:We're going to Houston, that we're gone.
Speaker 1:I'm out.
Speaker 2:I'm out. If you want to stay here, sweat in the dark. By all means, I'm not going to stop you, but I'm not hanging out.
Speaker 1:But so in your work with your firm, are you having those conversations with these big companies, whether it's government entities or big companies, to protect them from those types of things?
Speaker 2:Yes, and so it usually happens through third-party vendors. So that's the other thing. It's like who are you a vendor of that I can use your privileges as their vendor to escalate. A classic example of that is what happened to Target in I think it was 2017. Again, another prime number that just wants to punch me in the face Because I keep thinking 13 and 17. I told you it's just like a dyslexia thing.
Speaker 2:But what happened with? So they got to Target by hacking their HVAC vendor that was designed to make sure all the stores are at the same temperature, right, so that, like, one store isn't going to be at 90 degrees, another school is going to be at 67 degrees, and to cut down on their energy costs. Everything stays the same. They know exactly, you know, climate control. It's uniform. They don't have one like rogue manager sweating everybody out in his stores, and so they invested in a smart HVAC system, gave them a lot of privileges to their network, and that is how Target got hacked back in the day. So it's all about that escalation of trust, and then the vulnerabilities of your vendor are now yours as a big entity.
Speaker 1:So that's what scares me. So what happened in? Let's go back to talk what happened as a result of that hacking. What did they?
Speaker 2:They stole. This is back in the day when credit card numbers and stuff actually had real value, which now they're not as valuable as people think, but that was when they stole all the account information and credit card numbers of everybody who was essentially a Target red card member as well as a just member of Target savings or whatever.
Speaker 1:And was that a million or billion type loss?
Speaker 2:They only lost. I think their settlement was under 20 million across multiple states, which is unheard of now, and it's only because that case back then For the data breach yeah. It's only because that case was hard to make in 2018. Now you know, everyone's more familiar with it. Judges are more sophisticated when it comes to technology lawsuits. Now it's much bigger. That's a higher dollar value.
Speaker 1:Another company locally was Acadian Ambulance.
Speaker 2:Yes, they had yeah.
Speaker 1:And our buddy Scott is now working in the IT department.
Speaker 2:Oh, he's back at Acadian. He's back at Acadian.
Speaker 1:Good, yeah so he's doing general counsel stuff, but I think he was originally going back to the IT department.
Speaker 2:Yeah, I think he got hit twice in a year, yeah.
Speaker 1:Massive. Oh yeah, probably one of those companies that's a big company but not a Fortune 500 company with the sophistication, so it's probably one that's very vulnerable and they're also vulnerable because they are a mobile company.
Speaker 2:In other words, every single ambulance should be treated like its own office, because they all have their own internet connected devices. So it's a lot easier to defend one solitary location, two or three solitary locations, but when you got them on the move and they're dependent on Wi-Fi and everything, you got a bigger issue. That's miserable.
Speaker 1:That's a good point.
Speaker 2:That's like a target, that's like moving constantly and changes in size.
Speaker 1:So one of the things that people do not only hire someone like you to help them, but you ready to go to the insurers? Let's talk about this, yeah you hire it guys to come in and beef up the firewalls and the systems. But then as a prudent business owner, you say I'm going to, I'm going to purchase cyber insurance.
Speaker 2:Yes, let's do it.
Speaker 1:So what I'm?
Speaker 2:like chop it at the bit here. I'm like I'm going to start foaming.
Speaker 1:She's like me when I go to, when I meet with a new client and the client's trying to tell me their story and I'm like a dog on a chain trying to make the train.
Speaker 2:Yes, yes.
Speaker 1:She's like just get the damn words out, let's do it, let's do it All right, go ahead. It's like a monologue.
Speaker 2:It's like Shakespearean you ready?
Speaker 1:Yeah, let's go.
Speaker 2:Okay so.
Speaker 1:Cyber insurance no-transcript.
Speaker 2:Who reads an insurance policy, let alone a contract Insurance policy, is 98 pages long.
Speaker 1:The insurance agents don't read it.
Speaker 2:Yeah, they usually don't know what's in it. So the first thing is they're Like you don't need that. The chances of you having like a real privacy issue with the right attorney very low, right. So it's just you just pissed away, nine grand, right, or whatever it is. You need to have a policy that accurately reflects the number of employees you have, the locations you have and what your coverage is like. That's the first thing and that part's not wrong. It's just people have to step up to the plate and do their own homework.
Speaker 2:The part that ticks me off and makes me like next level irate is, after an incident, when they go to collect on their policy, what happens? Insurance companies have panel counsel or panel vendors and I'm sure you're familiar with those where they have a preferred set of vendors that they want you to use for different services that are covered under your cyber policy for different issues Forensics, legal consumer notifications, system rehabilitation, rebuilding, all these different things and sometimes the insurers will own their own forensic and system rebuilding companies and that's a huge issue for me and it's not illegal, which pisses me off, because the first thing is is they can do a crappy job and they're not incentivized to keep up with latest research and development and they're also incentivized to keep their outgoing costs low. And if they stink at their job, who cares? They're owned by the insurer. They have a steady stream of clients, whether they're decent or not, so it removes all of those free market incentives to actually do a decent job. Also, insurance companies are not known for investing in great stuff, so if they own a company, that company is gonna stagnate in an extremely dynamic environment where technology and threats change constantly.
Speaker 2:So you're going to end up basically like, instead of getting a car that has Apple Play and automatic braking and you know cameras, you're going to get a 1967 Pinto I don't even know if they made Pintos in 1967, but you're going to get some POS Ford Tempo from 1988. You're going to get that, but you're going to be paying, you know for. You know a Suburban Denali. You're going to get that, but you're going to be paying, you know for. You know a suburban Denali. You're paying for the suburban, but you're getting that and you have no idea because it's just like you know any other highly sophisticated profession like surgery. You trust your surgeon because they're a surgeon. You don't know if they suck at their job.
Speaker 2:Oh right, it's the same concept. So that's the first thing. Wool over the eyes immediately. The next thing is is panel vendors reach a pre-negotiated agreement with the insurer for their services. So the insurer knows that, no matter what happens, they're probably going to only cost X amount of dollars because they pre-negotiated the rates Well, just like any.
Speaker 2:There's a reason people don't want government cheese, right? Because it's pre-negotiated, it's probably crappy and there's no incentivized to improve it. Same thing with panel vendors. Now, not all panel vendors are good. Some are really great, but for the most part, the insurance company is encouraging you to use the crappier ones because he knows they're going to be less expensive. And then the last thing and this is on the lawyers breach counsel should be illegal. I don't know how the American Bar Association hasn't gotten involved. They're a panel vendor just like anyone else, which means their firm reached a pre-negotiated deal with the insurance company to represent the insured. But who's their loyalty going to be? The one-off client they're going to see one time, or the insurance company that feeds them 500,000 new clients a year?
Speaker 2:So, it's an immediate conflict of interest.
Speaker 1:Let me let me analogize it to what we do. Okay, I'm sorry, you get. No, you get in a wreck. Yeah, All right. State farm is the insurance company. State Farm says you have to go to my doctors. State Farm says you have to use my lawyer.
Speaker 2:Bingo Right yes.
Speaker 1:And play the rules of my game. Yes or there's no coverage Exactly.
Speaker 2:But here's the thing with cyber insurance and in some part your insurance is like every single cyber insurance provision. Every single cyber insurance contract allows you to go outside of panel if you provide a justification. Well, when they're dealing with massive law firms that are providing the breach counsel that have offices in Los Angeles, philadelphia, dallas right, do you think their rates are the same as like Baton Rouge, louisiana? No, they're not. So you're paying national level rates when your market dictates. Probably you know 30% less in your area and you would actually have an attorney that gives a crap about the long-term success of your business and rebuilding. And then the other thing is is because breach counsel is such a big business as more people buy cyber insurance, which is the fastest growing area in the insurance market, like the individual niche is that they're churning out these breach counsel like get your little CIPPUS, which is your privacy professional, and they know nothing about technology, so they don't even know enough to question these POS vendors and what they say.
Speaker 2:So when I get in and this is a lot of my businesses I get called by clients that hate their breach counsel and feel like they're getting a run around and they're being told by law enforcement. Hey, you got a really big problem. This is going to be really difficult to deal with. And then they're being told by breach counsel and that panel vendor oh it's not that big a deal, we can just load this software and you're going to be fine.
Speaker 2:Well, the problem is, is you just set yourself up to have a secondary event, right, because you didn't properly clean up the first one, and the insurance company psyched about that. Right, because then they get to raise your premium because you already had one event, and then you're going to get hit again under the next policy, which means they raise your premium again, or they get to discontinue coverage and they get to collect multiple deductibles from you. Right, and they're using their panel vendors, so their cost stays down. So you just become this repeat victim in this crappy little cycle of premiums that constantly escalates costs that constantly escalate on your end but stay stagnant on the insurance company's end.
Speaker 1:Can you collect damages for the two weeks your business was dead in the water? If you?
Speaker 2:have business interruption coverage, which not everyone does. So that's. The other problem is like they sell like basic default policies that cover stuff that like is either highly inexpensive to cure or is unlikely to really cause an issue.
Speaker 1:Can you give me a an insurance company to hire and one to stay away from? No no, you hate them all.
Speaker 2:It's all about your individual policy, but I have threatened a few adjusters over the years. I'm like I had one of them try to call my client and say you shouldn't work with her. You need to work with our panel counsel. I was like have you heard of an intentional inference with a contract? I was like and by the way, you're doing it down here in Baton Rouge Louisiana, you feel like getting on a fucking plane. That was the end of that conversation.
Speaker 1:So you've probably run into it both times hired you because they had an event and then you said well, you got to get through this panel situation and argue that you should be the lawyer instead of the panel, and then some, when they were actually assigned a panel attorney and then you got to try to fight that.
Speaker 2:Yeah, and I'll let them stick with their panel attorney. That's fine because I'll let them do their little privacy analysis and it's. You know it's fast, they do it quickly. You know they're doing it on a pre-negotiated rate, but I keep them in their little window Like I'm like if you want to do this one little thing by all means, but you're not going to cut into my client's aggregate level of insurance coverage with your astronomical fees, I'll basically let you do enough to hit the deductible and that's about it, and then I'm going to put you back on a leash and stick you in the backyard.
Speaker 2:Do you get paid hourly or contingency, both depending. So if it's an insurance issue, cyber event issue, it's all like hourly because there's no collection. I have a couple of cases that I've done on contingency where I have to actually go and sue somebody and I don't love doing it. It's just not my blood. I'm not as talented when it comes to that as you are, chaz, like it's just not something I'm initially great at, but I know all of the technology and all of, like, the reality of the claim.
Speaker 2:So I've had some attorneys approach me that are in the plaintiff's world that are like well, can I pay you hourly or give you a cut of the contingency, and I've done that on a few occasions, but I'm more of an hourly girl. I really like coming in post incident or helping you. I've also consulted for companies where they're like, can you help us purchase our insurance coverage? Like yeah, I'd be happy to, and I'll sit there and I learn a little bit about their business and then I look at the policy POS policy insurance company gave them and I negotiate their deductibles, their premiums.
Speaker 1:That's awesome.
Speaker 2:Yeah, so I'm more of an hourly girl and you sounds like a prostitute. No, I get it.
Speaker 1:Look, if people have great careers, working by the hour, right Contingency is very risky. I'm sitting on cases for 18 months, two years. I'm paying my overhead, paying my employees dumping money into it. It's not for the faint of heart.
Speaker 2:No, and you have to have a talent for it, you have to have a certain risk tolerance and you have to have the right mental temperament and I feel like, if it's the right case, I can do it, but it's. I feel like internally, for me it's a battle.
Speaker 1:Last time you came you were, I think, a solo practitioner. Have you expanded your team?
Speaker 2:I have. I've expanded a lot, so I have two other attorneys Um, I keep a research assistant just from the law schools that just come in Um, and then I've got one of the benefits of being in Baton Rouge.
Speaker 1:Yeah, yeah, access to all the lawsuits.
Speaker 2:Absolutely, I'm like you want to work for $25 an hour to figure all this crap out. Let's do it. And then I have a personal assistant, slash office manager, and she does everything.
Speaker 1:Awesome.
Speaker 2:Yeah, like today, Ben was on duty so he had to be at the courthouse really early, came in and watched the kids until the other sitter could arrive. So that part has been a game changer.
Speaker 1:Awesome.
Speaker 2:And hopefully expanding soon. I got a girl I really want to hire, but I don't have the office space for her, so I got to do the build out. And then I'm so risk averse I'm like, okay, I got to. Let me get some metrics for 2025 under my belt. Make sure I can float your salary comfortably.
Speaker 1:I can relate. We're kind of running out of space too.
Speaker 2:Yeah.
Speaker 1:You know. So that is a reality and luckily I have two people working from home and they do very well from home.
Speaker 2:But I got one working from home. She loves it.
Speaker 1:Space is Bradley, as you know, one of the smartest guys we went to law school with. He works from home and he does an incredible job.
Speaker 2:Oh, absolutely, and he has.
Speaker 1:discipline is how he's always done it, and it's incredible.
Speaker 2:I'm not messing with anyone's rhythm. I don't want to mess If you. Everybody's different. Everybody has different talents, Everyone has different aptitudes. If this is where you function your best, then that's where I want you.
Speaker 1:Some people listen to music. Some people work best in a coffee shop. Some people work best in a bar. Some people work best in an office. Wherever you are, effective.
Speaker 2:It's none of my. I mean it's my business as your boss if I am your boss, but for the most part I just want you to be the best version of you.
Speaker 1:Tell me about Project Green Wall.
Speaker 2:Thank you for asking. So one of the things I run into and I think Scott and I have actually discussed it is there is a language barrier between the technology professionals that management leadership of any organization hires and those technology professionals. And the problem is is that management, especially financial operations, are tasked with making very important decisions that affect the technological security of their business without all of the information. And every event that I've ever spoke at someone has asked me at the end of these events and they'll say well, you're a lawyer.
Speaker 2:I'm like guilty. How did you learn all this stuff? And I was like sink or swim method and a lot of pain and staying up nights. But it doesn't have to be that way for everyone else and not everyone has seven years to catch up. So I created Project Green Wall to offer corporate training or individual classes. I also do it at various events.
Speaker 2:People hire me to come in and just teach an hour to help bridge that language barrier and explain, like cybersecurity basics, how to mitigate your cyber liability from an administrative perspective, not a tech perspective, admin perspective. What are the left and right limits of AI if they're considering incorporating it into their business? What are the left and right limits of social media use? That's becoming huge. We need to build a cyber incident response plan. But I don't want the techie side, I just need to know what to do. I'm like I got you.
Speaker 2:So that is all the different types of classes that I teach. It's eight courses in total and I'm just trying to find a few companies to work with, maybe just twice a year, and be able to do this and try to expand the knowledge base Because at the end of the day, unless you're trading in your cell phone and I've said this a million times unless you're trading your cell phone in for a carrier pigeon and an abacus, you're in it right and no one's doing it. So you need to know enough to manage your business and that's all it is and that's what it's for. And I try to bring some levity, some humor, a lot of pop culture references. I mean, it is not a dry class and if you don't like bad language, I'm probably not for you, but you're an excellent speaker, so I'm sure it's super entertaining, depending on who you are.
Speaker 1:Real quick, we're running out of time. Favorite AI software app.
Speaker 2:None of them. I don't use a single one if I can avoid it, I mean we all use it, whether we want to or not?
Speaker 1:Are you going to take AI from me too?
Speaker 2:No, I'm not going to take it, but I feel like AI is. People are diving into a pond that they can't see the bottom. You don't know if it's 20 feet deep, you don't know if it's two feet deep, so you don't know if you're going to crack your neck and ruin everything or if you're going to have a great swim, and that's where we are, and so I'm not ready to go in there. But we all use it, like when you type in Microsoft Word and it starts up predictive text. That's AI, man. So I can't say I'm not using it. Everybody's using it, but I'm not actively seeking it out.
Speaker 1:I'm worried about the information we're putting in.
Speaker 2:I'm not as much worried about that. I'm worried about the sanctity of the algorithm. But that's a whole other podcast. Yeah, so if you want to discuss it over the phone one day, just give me a holler.
Speaker 1:So I had the scholarship deal, and part of the scholarship requirements was that everyone submit an essay. Aw, how many of those do you think were AI generated?
Speaker 2:Oh, I'd say 50%, man Grammarly.
Speaker 1:I think it was closer to 95%.
Speaker 2:That makes me sad.
Speaker 1:Yeah, I mean I could tell I've worked with AI so much that I can just tell I don't have to put in my own software. I could just tell.
Speaker 2:Yeah, I'm not into it.
Speaker 1:Because I know what my writing level was in high school and college and this was a little advanced.
Speaker 2:Yeah, I told you I'm not into it. I don't play around with it. My kids aren't allowed to have. They're like Mom. This will build this thing on AI for me. I'm like no.
Speaker 1:I've used it.
Speaker 2:Figure it out.
Speaker 1:I've used it some, especially with organization and task and things around here, but the best thing that I heard about AI is that it should be a passenger, not a driver. So, as a lawyer, it's important that you direct it exactly what you want and if it's going to help you, you can use it. But let it be the passenger, not the driver, and anything that it gives you make damn sure that you have checked, double-checked, triple-checked everything else, because we know that a lawyer was suspended or disciplined because of-.
Speaker 2:Oh, a bunch of this circuit has a rule now that says you have to certify, if you want to submit a brief, that it wasn't solely crafted using AI. Ai is like your Like AI from like a chat GPT standpoint it's kind of like a drunk uncle, like they're always going to give you an answer, but they're seldom correct.
Speaker 1:And they want to tell you what you want to hear.
Speaker 2:Yeah, no, it's just confidence, but with a complete lack of being correct, like they, just anything can come out and it's probably not right, and so I'm, I just stay out of it. Man, I'm not ready to. I get a lot of sales calls like, hey, would you let us help streamline your business?
Speaker 1:No, stay away from me. I treat them like they got the plague. Then you just killed me. Tell everyone where we can find you. I know you're prolific on LinkedIn. That's where you do your work.
Speaker 2:And that's where the marketing lady does the work, Thank God because, I'm hopeless. You can reach me at sarah at legallycybercom and just go to legallycybercom or projectgreenwallcom and I am easy to find on purpose.
Speaker 1:We'll put that in the show notes.
Speaker 2:Thank, you so much for being here.
