The Trump administration’s AI policy is two-faced, torn between deregulation and despotism.
In March, the administration released its National AI Legislative Framework, directing Congress to “prevent the United States government from coercing technology providers, including AI providers, to ban, compel, or alter content based on partisan or ideological agendas.” This policy against government interference with AI is consistent with the administration’s purported light-touch approach to regulating the technology—but contrary to its recent actions.
In February 2025, Vice President Vance denounced “excessive regulation of the AI sector,” endorsing a “deregulatory flavor” of AI policy. Several months later, the administration released its AI Action Plan, pledging to “dismantle unnecessary regulatory barriers” and “onerous regulation.”
At first, the Trump administration followed through on this deregulatory promise. Three days into his second term, President Trump revoked an Executive Order from President Biden which established a government-wide effort to regulate and guide the development of the AI industry. Next, as directed by President Trump’s AI Action Plan, the Office of Science and Technology Policy initiated a proceeding to identify federal rules and regulations “that unnecessarily hinder” AI in order to implement “regulatory reform” and “promote” the technology. Last December, the Federal Trade Commission, led by two Trump appointees, set aside a Biden-era enforcement action against Rytr, an AI-powered writing assistant. The FTC explained that, “after reviewing the final order in response to President Trump’s AI Action Plan,” it concluded “the order unduly burdens innovation in the nascent AI industry.”
Despite the laissez-faire gesturing, however, the administration demonstrates a tyrannical impulse to control AI. In the same breath as denouncing excessive regulation, Vice President Vance demanded that “AI must remain free from ideological bias.” President Trump’s AI Action Plan echoed this command, directing AI companies to design their models “to pursue objective truth rather than social engineering agendas.” This rhetoric elides the fact that the First Amendment bars the government from deciding what constitutes “truth.”
In recent months, the administration has sought to exert control over the industry under the guise of combatting so-called “woke AI.” Last July, President Trump issued an Executive Order on Preventing Woke AI in the Federal Government, prohibiting government procurement of AI models unless they are ideologically “neutral,” i.e., “nonpartisan tools that do not manipulate responses in favor of ideological dogmas such as DEI.” In January, Secretary of Defense Hegseth issued a memo instructing the Department of Defense to “utilize models free from usage policy constraints” and banning the DoD from “employ[ing] AI models which incorporate ideological ‘tuning.’”
The memo set the stage for the ongoing dispute between the administration and Anthropic, an American AI company. In July 2025, the DoD contracted with Anthropic to deploy its AI models for national security applications like intelligence analysis, modeling and simulation, operational planning, and cyber operations. In the contract, Anthropic stipulated that the government could not use its models for mass domestic surveillance or to power fully autonomous weapons—arguably violating Hegseth’s rule against usage constraints.
Consequently, in late February, Hegseth threatened to cut ties with Anthropic unless the company allowed the military to use its AI for “all lawful purposes.” When Anthropic refused, President Trump directed federal agencies to “IMMEDIATELY CEASE all use of Anthropic’s technology,” deriding the firm as “A RADICAL LEFT, WOKE COMPANY.” He threatened to “use the Full Power of the Presidency to make [Anthropic] comply, with major civil and criminal consequences to follow.”
The DoD then designated Anthropic a “supply chain risk” under the Federal Acquisition Supply Chain Security Act of 2018, defined as an entity that “may sabotage, maliciously introduce unwanted function, extract data, or otherwise manipulate” the technology it provides “so as to surveil, deny, disrupt, or otherwise manipulate” the use of the technology or the “information stored or transmitted” thereon. The government has never applied this designation to a U.S. company; it is typically reserved for foreign intelligence agencies, terrorists, and hostile actors. As a result, Anthropic may not provide products or services to the DoD, and contractors may not use its products while working on DoD projects.
On March 9, Anthropic sued the administration in federal court, challenging the designation and seeking an injunction blocking its implementation. The company pleaded that the Trump administration has “harm[ed] Anthropic irreparably,” jeopardizing public and private contracts and costing it “hundreds of millions of dollars in the near-term,” as well as attacking “Anthropic’s reputation and core First Amendment freedoms.”
On March 26, the District Court for the Northern District of California sided with Anthropic and granted a preliminary injunction barring a variety of federal agencies from terminating their contracts. The court also blocked the DoD and Hegseth from implementing the supply chain risk designation. U.S. District Judge Rita Lin observed that the Trump administration is “punishing Anthropic for bringing public scrutiny to the government’s contracting position,” which “is classic illegal First Amendment retaliation.” Last week, the administration appealed the ruling to the Ninth Circuit.
Hegseth accused Anthropic of “duplicity,” but it is the Trump administration that has been duplicitous about its approach to AI. Despite championing deregulation, the administration has weaponized the federal government to punish an American AI company for refusing to bend to its will. Abusing the government procurement process to crush domestic AI firms is the opposite of light-touch regulation.
Judge Lin described the Trump administration’s actions against Anthropic as “Orwellian.” The administration has shown its ugly side on AI, and it looks a lot like tyranny.
Andy Jung is associate counsel at TechFreedom, a nonprofit, nonpartisan think tank focused on technology law and policy.
Martha Gellhorn stowed away on a hospital ship to become the only woman journalist to land on Normandy Beach on D-Day. She carried stretchers before writing her harrowing account of the invasion.
The New Yorker’s famously epicurean writer A.J. Liebling subsisted on military rations and came under fire during World War II to describe what it was like for the soldiers and sailors at war.
Syndicated columnist Ernie Pyle died, in a helmet and Army fatigues, among some of the troops whose names and hometowns he carefully included in his dispatches. “At this spot, the 77th Infantry lost a buddy,” read the makeshift sign posted at the place where a Japanese machine gun bullet felled him.
Those reporters told stories of war in all its gore and its glory, its exhilaration and its ennui. Others have laid bare the anxiety and doubts.
Veteran Vietnam correspondent Neil Sheehan broke the story of the Pentagon Papers, which showed how government officials deceived the public about the Vietnam war. Sheehan won a Pulitzer Prize for his book, “A Bright Shining Lie,” which chronicled the war’s impact on idealists who once believed in it, through the story of his relationship with an inside source.
As someone who worked as a Washington correspondent for decades, I worry that these obstacles could limit the number of reporters who have the experience with – and trust of – key sources to do the kind of in-depth, nuanced journalism that a war, with its price in lives and resources, deserves.
Corralling the watchdogs
Generally, war correspondents need the cooperation of the military they are covering to get to the front. For the U.S. press, that requires relationships and credibility at the Pentagon.
Early in 2025, Hegseth ordered major news organizations to give up their desks in the Pentagon press room to MAGA favorites. NPR’s desk went to Breitbart News. Roaming the hallways, where reporters sometimes found sources who would deviate from the company line, became verboten.
Eventually, the area in the Pentagon where reporters were allowed was circumscribed to a single corridor outside the press room – even though the public affairs officers who worked most closely with reporters were in an office on the other side of the 6½-million-square-foot building.
Then Hegseth conditioned the issuance of press credentials on reporters, effectively giving military brass the right to censor or sanitize their reports.
As a result, almost the entire Pentagon press corps, which included outlets ranging from The Associated Press to The New York Times to Fox News and USNI News, which covers the Navy, moved out of the building in October 2025. Some have been invited back for the press briefings Hegseth and Gen. Dan Caine, chairman of the Joint Chiefs of Staff, have begun to give on progress of the battle in Iran.
But after the first of these briefings, the Pentagon abruptly banned photographers from attending, reportedly because Hegseth’s staff found some of their images of him to be unflattering.
Secretary on defense
Gone are the off-camera “background” briefings where Department of Defense brass could give trusted reporters greater context and nuance for battlefield decisions. Gone are the impromptu hallway meetings where reporters have, with luck or persistence, picked up information that deviates from an administration’s agreed-upon script.
How might that affect what you, the public, gets to know? It was a combination of an anonymous tip and insider access that led the legendary investigative reporter Seymour Hersh to break the devastating story of My Lai, the American soldiers’ massacre of civilians during the Vietnam War.
At the made-for-TV briefings he does hold, Hegseth devotes most of the session to questions from outlets such as the Epoch Times, The Daily Caller and LindellTV – owned by Mike Lindell, the head of the well-known pillow company.
At one recent briefing, one of the favored new cadre tossed Hegseth a shameless softball. Referring to American troops in the Middle East, the questioner asked: “What is your prayer for them?”
Yet as hostilities drag on, even some among Hegseth’s chosen press corps have begun to ask irksome questions about the war. The normally Trump-friendly Daily Caller ran a less-than-flattering piece about the president berating a reporter for asking about troop deployments.
On March 4, 2026, Hegseth accused journalists of focusing on war casualties to make “the president look bad.” On March 13, Hegseth castigated as “more fake news” CNN’s report that the Trump administration had underestimated the impact of the war on shipping traffic in the Strait of Hormuz.
“The sooner David Ellison takes over that network, the better,” Hegseth concluded, adding fuel to the speculation that a Trump supporter who won a bidding war for CNN’s corporate parent is going to turn the network into a more administration-friendly outlet.
The Trump administration is not alone in its disdain for a free press: Israel has long been notorious for restricting press access from areas where it is conducting military operations.
Leaders of the theocratic Iranian regime are even worse; the country is cited by press freedom advocate Reporters Without Borders as “one of the world’s most repressive countries in terms of press freedom.”
But the United States has historically distinguished itself by making freedom its calling card, even – or perhaps especially – in wartime.
“The news may be good, or bad. We shall tell you the truth,” Voice of America, a U.S. government-launched radio network, promised – in German – in its very first broadcast to Nazi Germany in 1942.
Now, however, the Trump administration, is busy trying to undermine the editorial independence of Voice of America, which broadcasts news to countries that don’t have a free press.
Pentagon reporters are continuing to find ways to get around the propaganda. NPR’s Tom Bowman told me that he takes inspiration from a pep talk he overheard a military source deliver to another reporter crestfallen over the lack of access.
“Quit whining and be a Marine,” the official said. “Go over, under or around the obstacle. Find a way to do it.”
Most reporters and their organizations are doing just that, finding sources outside the administration, like the ones in Congress who told The Hill how much money the war is costing taxpayers per day. And they’re continuing to get information from sources on the inside, like the ones who told The Wall Street Journal that Trump’s military advisers warned him that Iran might block the Gulf of Hormuz, but that he opted for war anyway.
So far, neither Hegseth’s obstacle course nor threats from the White House and the FCC have stopped the press from reporting stories or asking questions that the administration would rather not see or hear.
But restrictions on press freedom have a corrosive effect. We already have seen how Trump, using lawsuits and licensing threats, has used his power to make corporate media owners think twice about pursuing news he doesn’t like.
Seasoned Pentagon reporters will still find ways to get to sources they already have. But Hegseth’s tactic of blocking press access to the military keeps reporters from developing new sources and keeps new reporters from building the relationships they need to become seasoned Pentagon reporters.
Americans have long been able to understand the triumphs and tribulations of American troops at war, and to make intelligent decisions about whether they approve of a war’s cost, because a free press has been able to tell the story – good or bad. That tradition is now at risk.
The expression, “to make a federal case out of something” usually describes making a bigger deal out of something than it should be. But in the case of Anthropic and Hegseth, Trump, and the Department of Defense*, this federal case is actually quite simple: what the government defendants did to Anthropic is beyond the bounds of anything the law or Constitution would allow. It didn’t require some complicated analytical parsing to see the problem with the Administration’s behavior, and the remedy is straightfoward: there’s now an injunction depriving that behavior of any effect (albeit stayed for seven days).
But the government is only restrained as to what it did that was actually illegal. Importantly, the injunction clarifies that to the extent that the government could lawfully stop working with Anthropic, it remained fully able to divorce itself. From the full paragraph on the last page of the preliminary injunction order itself articulating what has been restrained:
This Order restores the status quo. It does not bar any Defendant from taking any lawful action that would have been available to it on February 27, 2026, prior to the issuances of the Presidential Directive and the Hegseth Directive and entry of the Supply Chain Designation. For example, this Order does not require the Department of War to use Anthropic’s products or services and does not prevent the Department of War from transitioning to other artificial intelligence providers, so long as those actions are consistent with applicable regulations, statutes, and constitutional provisions.
As the decision justifying the injunction explains, this case wasn’t about whether and how DOD could use Anthropic and whether Anthropic could have a say in how it was used, which was the issue underpinning the contract dispute between the two. Had it been, then the DOD could have simply walked away from the product. The problem is that the government didn’t just stop doing business with Anthropic; it went further, and it is those actions that broke the law.
The question here is whether the government violated the law when it went further. After Anthropic went public with its disagreement with the Department of War, Defendants reacted with three significant measures that are the subject of this lawsuit. First, the President announced that every federal agency (not just the Department of War) would immediately ban Anthropic from ever having another government contract. That would include, for example, the National Endowment for the Arts using Claude to design its website. Second, Secretary Hegseth announced that anyone who wants to do business with the U.S. military must sever any commercial relationship with Anthropic. That would mean a company that used Claude to power its customer service chatbot could not serve as a defense contractor. Third, the Department of War designated Anthropic a “supply chain risk,” a label that applies to adversaries of the U.S. government who may sabotage its technology systems. That designation has never been applied to a domestic company and is directed principally at foreign intelligence agencies, terrorists, and other hostile actors. [p.1-2]
And the court counts several ways that the government’s actions were likely illegal. At minimum, Anthropic suffered a due process violation for not having notice and an opportunity to respond to the government’s sudden supply chain risk designation, which threatened a cognizable liberty interest the Fifth Amendment protects. (“The record shows that the Challenged Actions threaten to cripple Anthropic by not only stripping it of billions of dollars in federal contracts and subcontracts but also by labeling it as an adversary to the United States and ending its ability to have any commercial relationship with any company that might want to do business with DoW.”) [fuller analysis p.24-29]
The “supply chain risk” designation was also likely “both contrary to law and arbitrary and capricious.” On the first point, there are two statutory paths for designating a vendor a supply chain risk, and this case addressed just one of them—the other will be addressed by the DC Circuit. But it found the government’s claim it was using the statutory authority properly to be wanting: First, Anthropic’s conduct did not meet the statutory definition of a supply chain risk.
On the record before the Court, Anthropic’s conduct does not appear to be within the definition of “supply chain risk” in Section 3252. Section 3252 defines a supply chain risk as limited to “the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert . . . a covered system.” 10 U.S.C. § 3252(d)(4). Assuming without deciding that a domestic company can be an “adversary,” the plain text of the statute is directed at covert acts or hacks, not overt positions taken during contract negotiations. Indeed, it is difficult to understand how one could sabotage, maliciously introduce an unwanted function, or subvert an information technology system by publicly announcing usage restrictions or insisting on such restrictions in conversations with DoW. Defendants appear to be taking the position that any vendor who “push[es] back” on or “question[s]” DoW becomes its “adversary.” (Dkt. No. 128 at 41.) That position is deeply troubling and inconsistent with the statutory text. [p.30-32]
And second, those procedural rules the government blew off to invoke the statute, such as the need to notify Congress first, actually mattered. Despite what the government argued at oral argument, that the Congressional notification requirements were only for the benefit of Congress, the court found that they were important safeguards Congress had built into the statute to prevent its abuse and therefore non-optional. (“Section 3252 and its enabling regulations create institutional safeguards—which the Secretary must complete before making a designation—to ensure that its designation is applied properly. The Supply Chain Designation failed to comply with these mandated procedural safeguards.”) [see analysis p.32-34].
In addition, the designation itself was likely arbitrary and capricious. As the court noted early in its decision (emphasis added):
The Department of War provides no legitimate basis to infer from Anthropic’s forthright insistence on usage restrictions that it might become a saboteur. At oral argument, government counsel suggested that Anthropic showed its subversive tendencies by “questioning” the use of its technology, “raising concerns” about it, and criticizing the government’s position in the press. Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government.[p. 2; further analysis p.35-37 (“In sum, the contradictory positions, the procedural defects, and the rushed process following a public declaration of the foreordained conclusion all indicate that the actions were arbitrary and capricious.”)]
And then there is the problem at the heart of the matter: that it appears the government is trying to punish Anthropic for daring to criticize it, and that sort of retaliation for speech violates the First Amendment.
The record supports an inference that Anthropic is being punished for criticizing the government’s contracting position in the press. In their announcements, the President and Secretary Hegseth called Anthropic “out of control” and “arrogant,” describing its “sanctimonious rhetoric” as an attempt to “strong-arm” the government. The Department of War’s records show that it designated Anthropic as a supply chain risk because of its “hostile manner through the press.” Punishing Anthropic for bringing public scrutiny to the government’s contracting position is classic illegal First Amendment retaliation. [p.2]
And it violates the First Amendment not only by impinging on Anthropic’s right to speak, but everyone else, who is now deterred from speaking out as well, even on matters of public concern like ethical use of AI, given that the government is now inflicting consequences on those who speak in ways it doesn’t like. To the court, the government’s action looks clearly retaliatory. (“The record shows that Defendants’ conduct appears to be driven not by a desire to maintain operational control when using AI in the military but by a desire to make an example of Anthropic for its public stance on the weighty issues at stake in the contracting dispute.”) [p.19]. A retaliation claim can succeed when (1) the plaintiff was engaged in constitutionally protected activity, (2) the defendant’s actions would “chill a person of ordinary firmness” from continuing to engage in the protected activity, and (3) the protected activity was a substantial motivating factor in the defendant’s conduct—in other words, that what the defendant did was intended to chill speech, and here the court found all these prongs met. [p.20].
On the first, Anthropic was publicly staking out a position on what deployments of Claude are currently unsafe and what rights Anthropic has to allow Claude’s use by the government only with certain safety restrictions, which the court found to be a matter of public concern and thus protected by the First Amendment. (“[T]he record shows that Anthropic and its CEO, Dario Amodei, are a loud and influential voice regarding the capabilities, risks, and safe uses of AI technology.”) [p.20]. As to the second, there was plenty of evidence of speech being chilled:
Anthropic has submitted evidence that the Challenged Actions threaten to cripple the company and chill public debate. See supra Section II.G. Several amicus briefs support this conclusion. A group of 37 individuals working on AI technology assert that the Challenged Actions “chill[] professional debate on the benefits and risks of frontier AI systems and various ways that risks can be addressed to optimize the technology’s deployment.” (Dkt. No. 24-1 at 8.) An industry group of “values-led investors” warns that the Challenged Actions chill speech necessary to allow them to direct their investments to support the “principles and values” they care about. (Dkt. No. 77-1 at 12.) In short, the Challenged Actions easily qualify as ones which would chill a person of ordinary firmness from continuing to engage in further protected speech amici in the case showed how everyone’s speech was being chilled by what the government had done.[p.21]
And as for the third, the government’s behavior clearly resulted from displeasure with Anthropic’s views and the desire to relinquish them.
Secretary Hegseth expressly tied Anthropic’s punishment to its attitude and rhetoric in the press. He stated that “Anthropic delivered a master class in arrogance.” (Dkt. No. 6-21 at 2.) Referring to Anthropic and Amodei, he further stated: “Cloaked in the sanctimonious rhetoric of ‘effective altruism,’ they have attempted to strong-arm the United States military” through their “corporate virtue-signaling” and “Silicon Valley ideology.” (Id.) “Anthropic’s stance is fundamentally incompatible with American principles.” (Id.) The President described Anthropic as “radical left, woke company” and its employees as “leftwing nut jobs,” who “made a DISASTROUS MISTAKE trying to STRONG-ARM the Department of War.” (Dkt. No. 6-20 at 2.) Read in context of these repeated references to rhetoric and ideology, the term “strong-arm” in the Presidential Directive and the Hegseth Directive appears to be characterizing Anthropic as applying public pressure. […] These specific references to Anthropic’s viewpoint and public stance are direct evidence of what motivated Defendants’ decision-making.[p.21-22]
And the government’s defense—that Anthropic’s “contracting position” is conduct, not speech entitled to First Amendment protection, and that Anthropic’s refusal to accept DOD’s terms was what prompted the government’s actions—was unavailing.
First, without reaching the question of whether private contract negotiations alone could constitute protected activity under the First Amendment, the record shows that Anthropic engaged in protected speech when it took public the parties’ contracting impasse and the reasons behind its refusal to agree to DoW’s terms. (See, e.g., Dkt. Nos. 6-7, 6-18.) As already explained, Anthropic’s views on this matter fall within the heart of what the First Amendment protects: “subject[s] of general interest and of value and concern to the public” and “of legitimate news interests.” See Snyder, 562 U.S. at 452–53 (citation omitted). Therefore, to the extent Anthropic publicly discussed its “contracting position,” that speech is protected by the First Amendment.
Next, Defendants argue that even if Anthropic’s public statements constitute protected speech, the contract dispute—not Anthropic’s speech—was the motive and “but for” cause of the Challenged Actions. (Dkt. No. 96 at 22–24.) They point out that although Anthropic and Amodei have long advocated for AI safety, Defendants took the Challenged Actions only after Anthropic refused to remove its usage restrictions. But Defendants’ own actions belie the notion that Anthropic’s contracting position is what drove the Challenged Actions. Anthropic had imposed its usage restrictions from the beginning of DoW’s use of Claude Gov, and no one had ever suggested that this indicated that Anthropic was untrustworthy or a potential saboteur. To the contrary, Anthropic passed extensive vetting at that time and was praised by the government, which had made arrangements to expand the company’s role. It was only when Anthropic publicly discussed its dispute with DoW that Defendants criticized its rhetoric and ideology and adopted the punitive measures at issue.[p.22-23]
Throughout the decision the court observes that if the dispute here were just over the contract, then surely the government would have just stopped using Claude. But it didn’t just do that; it did more. And that more is now enjoined. The February 27 Presidential Directive from Trump “ordering all federal agencies to cease use of Anthropic’s technology” is to have no effect, nor is any agency action (by any agency,** not just the DOD), taken in response to it. No one in the Trump Administration (Anthropic had named pretty much every agency as defendants, so that’s basically how it boils down) may “issu[e] or maintain[] any guidance, directive, communication, or instruction to any officer, employee, contractor, or agent, in furtherance of or implementing the Presidential Directive” or “tak[e] any other action to implement, effectuate, or further the purposes of the Presidential Directive.”
Meanwhile, Hegseth and the DOD are also enjoined from “implementing, applying, or enforcing in any manner” what the court referred to as the Hegseth Directive, issued later on February 27, designating Anthropic a “Supply-Chain Risk to National Security” and “directing that no contractor, supplier, or partner doing business with the United States military may conduct commercial activity with Anthropic.” Nor can it implement, apply, or enforce anything in the March 3 letter DOD sent notifying Anthropic of the supply chain designation and the associated determination formalizing that designation under 10 U.S.C. § 3252. Hegseth and the DOD are also enjoined from “[f]rom issuing or maintaining any guidance, directive, communication, or instruction to any officer, employee, contractor, or agent, in furtherance of or implementing the Hegseth Directive or the Supply Chain Designation [and from] taking any other action to implement, effectuate, or further the purposes of the Hegseth Directive or the Supply Chain Designation.”
* No, it’s not the “Department of War” as unfortunately both parties and even the court called it, for reasons that elude. Perhaps Anthropic feared it would pull a Trump-friendly judge and need to speak the Administration’s language in order to be treated fairly, but such was not the case, at least in this piece of the case in the Northern District of California—maybe it will be different in the second piece of the case in the DC Circuit. But it’s not clear why the court had to humor them; it applies law, and the law, as passed by Congress to create, name, and fund the agency, calls it the Department of Defense, with Hegseth having been appointed to a specific job called the “Secretary of Defense.” If Congress wanted it to be called the “Department of War” it could have named it thus, but it found there were tangible policy reasons not to when it in fact changed its name to the DOD instead. It typifies the Trump Administration’s typical indifference to any law that might happen to govern any of its behavior to ignore it and Congress’s authority to pass it by unilaterally trumping Congress’s wishes and rename it, but no one else needs to indulge yet another of their abuses of power by humoring their choice.
** The Executive Office of the President is not bound by the injunction directly, despite being a named defendant. Nevertheless, “[l]ike all other persons, EOP is barred from acting for, with, by, through, or under authority from any enjoined Defendant, or in concert or participation with any enjoined Defendant, in any manner inconsistent with the preliminary injunction order.” [p.42]
This was extremely wild shit to be happening anywhere, much less in the land of the First Amendment. No sooner had Donald Trump decided it was time to rename the Department of Defense to the Department of War than the head of DoD operations decided it would be sorting news agencies by level of subservience.
Pretending this was all about national security, the Defense Department basically kicked everyone out of the Pentagon’s press office and stated that only those that chose to play by the new rules would be allowed back inside.
Booted: NBC News, the New York Times, NPR. Welcomed back into the fold: OAN, Newsmax, Breitbart. The Pentagon wanted a state-run press, but without having to do all the heavy lifting that comes with instituting a state-run press in the Land of the Free.
Somewhat surprisingly, some of those explicitly invited to partake of the new Defense Department media wing refused to participate. Fox and Newsmax decided to stay out, rather than promise they’d never publish leaked documents. Those choosing to bend the knee were those who never needed this sort of coercion in the first place: One America News (OAN), The Federalist, and far-right weirdos, the Epoch Times. In other words, MAGA-heavy breathers that have never been known for their independence, much less their journalism.
That didn’t stop Hegseth and the department he’s mismanaging from attempting to take a victory lap. And it certainly didn’t stop news agencies like the New York Times from suing over this blatant violation of the First Amendment.
It’s so obvious it only took the NYT four months to secure a win in a federal court (DC) that is positively swamped with litigation generated by Trump’s swamp. (h/t Adam Klasfield)
The decision [PDF] makes it clear in the opening paragraph how this is going to go for the administration and its extremely selective “respect” of enshrined rights and freedoms.
A primary purpose of the First Amendment is to enable the press to publish what it will and the public to read what it chooses, free of any official proscription. Those who drafted the First Amendment believed that the nation’s security requires a free press and an informed people and that such security is endangered by governmental suppression of political speech. That principle has preserved the nation’s security for almost 250 years. It must not be abandoned now.
Amen.
The court notes that in the past, there has been some friction between national security concerns and reporting by journalists. In some cases, the friction has been little more than the government chafing a bit when something has been published that it would rather have kept a secret. In other cases, leaks involving sensitive information have provoked reform efforts on both sides of the equation, seeking to balance these concerns with serving the public interest.
Up until now, any efforts to expel reporters have been limited to backroom bitching. What’s happening now, however, is unprecedented.
Historically, though, even when Department leaders disliked a journalist’s reporting, they did not consider suspending, revoking, or not renewing the journalist’s press credentials in response to that reporting. Julian Barnes, Pete Williams, and Robert Burns—reporters who have spent decades covering the Pentagon—as well as former Pentagon officials, are not aware of the Department ever suspending, revoking, or not renewing a journalist’s credentials due to concern over the safety or security of Department personnel or property or based on the content of their reporting.
This may be new, but the court isn’t willing to make it the “new normal.” It’s the decades of precedent that truly matter, not the vindictive whims of the overgrown toddlers currently holding office.
The Pentagon claims that demanding journalists agree not to “solicit,” much less print data or information not explicitly approved for release by the Defense Department doesn’t reach any further than existing laws governing the handling of classified documents. The court disagrees, noting that the new policy allows the government to conflate the illegal solicitation of classified material with the sort of soliciting — i.e., requests for information, etc. — journalists do every day in hopes of securing something newsworthy.
On top of allowing the government to punish people for things that weren’t previously considered unlawful, the demand for obeisance wasn’t created in a vacuum. Instead, it flowed directly from this entire administration’s constant attacks on the press by the president and pretty much every one in his Cabinet.
The plaintiffs are correct: “The record is replete with undisputed evidence that the Policy is viewpoint discriminatory.” That evidence tells the story of a Department whose leadership has been and continues to be openly hostile to the “mainstream media” whose reporting it views as unfavorable, but receptive to outlets that have expressed “support for the Trump administration in the past.”
The story begins prior to the adoption of the Policy, when—following extensive reporting on Secretary Hegseth’s background and qualifications during his confirmation process—Secretary Hegseth and Department officials “openly complained about reporting they perceive[d] as unfavorable to them and the Department.” Then, in the weeks and months leading up to the issuance of the Policy, Department officials repeatedly condemned certain news organizations—including The Times—for their coverage of the Department. For example, in response to reporting by The Times on Secretary Hegseth’s alleged misuse of the messaging platform Signal, Mr. Parnell posted on X to call out The Times “and all other Fake News that repeat their garbage.” Mr. Parnell decried these news organizations as “Trump-hating media” who “continue[] to be obsessed with destroying anyone committed to President Trump’s agenda.” In other social media posts leading up to the issuance of the Policy, Department officials referred to journalists from The Washington Post as “scum” and called for their “severe punishment” in response to reporting on Secretary Hegseth’s security detail.
It was never about keeping loose lips from sinking ships. It was always about cutting off access to news agencies the administration didn’t like. And once you’ve gotten rid of the critics, you’re left with the functional equivalent of a state-run media, but without the nastiness of having to disappear people into concentration camps or usher them out of their cubicles at gunpoint.
The court won’t let this stand. The new policy violates both the First Amendment and Fifth Amendment (due to the vagueness of its ban on “soliciting” sensitive information). That’s never been acceptable before in this nation. Just because there’s an aspiring tyrant leaning heavily on the Resolute Desk these days doesn’t make it any more permissible.
The Court recognizes that national security must be protected, the security of our troops must be protected, and war plans must be protected. But especially in light of the country’s recent incursion into Venezuela and its ongoing war with Iran, it is more important than ever that the public have access to information from a variety of perspectives about what its government is doing—so that the public can support government policies, if it wants to support them; protest, if it wants to protest; and decide based on full, complete, and open information who they are going to vote for in the next election. As Justice Brandeis correctly observed, “sunlight is the most powerful of all disinfectants.”
The administration will definitely appeal this decision. And it almost definitely will try to bypass the DC Appeals Court and go straight to the Supreme Court by claiming not being able to expel reporters it doesn’t like is some sort of national emergency. It will probably even claim that the fight it picked in Iran justifies the actions it took months before it decided to involve us in the nation’s latest Afghanistan/Vietnam.
But it definitely shouldn’t win. This isn’t some obscure permutation of First Amendment law. This is the government crafting a policy that allows it to decide what gets to be printed and who gets to print it. That’s never been acceptable here. And it never should be.
Images from the missile strike in southern Iran were more horrifying than any of the case studies Air Force combat veteran Wes J. Bryant had pored over in his mission to overhaul how the U.S. military safeguards civilian life.
Parents wept over their children’s bodies. Crushed desks and blood-stained backpacks poked through the rubble. The death toll from the attack on an elementary school in Minab climbed past 165, most of them under age 12, with nearly 100 others wounded, according to Iranian health officials. Photos of small coffins and rows of fresh graves went viral, a devastating emblem of Day 1 in the open-ended U.S.-Israeli war in Iran.
Bryant, a former special operations targeting specialist, said he couldn’t help but think of what-ifs as he monitored fallout from the Feb. 28 attack.
Just over a year ago, he had been a senior adviser in an ambitious new Defense Department program aimed at reducing civilian harm during operations. Finally, Bryant said, the military was getting serious about reforms. He worked out of a newly opened Civilian Protection Center of Excellence, where his supervisor was a veteran strike-team targeter who had served as a United Nations war crimes investigator.
Today, that momentum is gone. Bryant was forced out of government in cuts last spring. The civilian protection mission was dissolved as Defense Secretary Pete Hegseth made “lethality” a top priority. And the world has witnessed a tragedy in Minab that, if U.S. responsibility is confirmed, would be the most civilians killed by the military in a single attack in decades.
Dismantling the fledgling harm-reduction effort, defense analysts say, is among several ways the Trump administration has reorganized national security around two principles: more aggression, less accountability.
Trump and his aides lowered the authorization level for lethal force, broadened target categories, inflated threat assessments and fired inspectors general, according to more than a dozen current and former national security personnel. Nearly all spoke on condition of anonymity for fear of retaliation.
“We’re departing from the rules and norms that we’ve tried to establish as a global community since at least World War II,” Bryant said. “There’s zero accountability.”
Citing open-source intelligence and government officials, several news outlets have concluded that the strike in Minab most likely was carried out by the United States. President Donald Trump, without providing evidence, told reporters March 7 that it was “done by Iran.” Hegseth, standing next to the president aboard Air Force One, said the matter was under investigation.
The next day, the open-source research outfit Bellingcat said it had authenticated a video showing a Tomahawk missile strike next to the school in Minab. Iranian state media later showed fragments of a U.S.-made Tomahawk, as identified by Bellingcat and others, at the site. The United States is the only party to the conflict known to possess Tomahawks. U.N. human rights experts have called for an investigation into whether the attack violated international law.
The Department of Defense and White House did not respond to requests for comment.
Since the post-9/11 invasions of Afghanistan and Iraq, successive U.S. administrations have faced controversies over civilian deaths. Defense officials eager to shed the legacy of the “forever wars” have periodically called for better protections for civilians, but there was no standardized framework until 2022, when Biden-era leaders adopted a strategy rooted in work that had begun under the first Trump presidency.
Formalized in a 2022 action plan and in a Defense Department instruction, the initiatives are known collectively as Civilian Harm Mitigation and Response, a clunky name often shortened to CHMR and pronounced “chimmer.” Around 200 personnel were assigned to the mission, including roughly 30 at the Civilian Protection Center of Excellence, a coordination hub near the Pentagon.
The CHMR strategy calls for more in-depth planning before an attack, such as real-time mapping of the civilian presence in an area and in-depth analysis of the risks. After an operation, reports of harm to noncombatants would prompt an assessment or investigation to figure out what went wrong and then incorporate those lessons into training.
By the time Trump returned to power, harm-mitigation teams were embedded with regional commands and special operations leadership. During Senate confirmation hearings, several Trump nominees for top defense posts voiced support for the mission. Once in office, however, they stood by as the program was gutted, current and former national security officials said.
Around 90% of the CHMR mission is gone, former personnel said, with no more than a single adviser now at most commands. At Central Command, where a 10-person team was cut to one, “a handful” of the eliminated positions were backfilled to help with the Iran campaign. Defense officials can’t formally close the Civilian Protection Center of Excellence without congressional approval, but Bryant and others say it now exists mostly on paper.
“It has no mission or mandate or budget,” Bryant said.
Spike in Strikes
Global conflict monitors have since recorded a dramatic increase in deadly U.S. military operations. Even before the Iran campaign, the number of strikes worldwide since Trump returned to office had surpassed the total from all four years of Joe Biden’s presidency.
Had the Defense Department’s harm-reduction mission continued apace, current and former officials say, the policies almost certainly would’ve reduced the number of noncombatants harmed over the past year.
Beyond the moral considerations, they added, civilian casualties fuel militant recruiting and hinder intelligence-gathering. Retired Gen. Stanley McChrystal, who commanded U.S. and NATO forces in Afghanistan, explains the risk in an equation he calls “insurgent math”: For every innocent killed, at least 10 new enemies are created.
U.S.-Israeli strikes have already killed more than 1,200 civilians in Iran, including nearly 200 children, according to Human Rights Activists News Agency, a U.S.-based group that verifies casualties through a network in Iran. The group says hundreds more deaths are under review, a difficult process given Iran’s internet blackout and dangerous conditions.
Defense analysts say the civilian toll of the Iran campaign, on top of dozens of recent noncombatant casualties in Yemen and Somalia, reopens dark chapters from the “war on terror” that had prompted reforms in the first place.
“It’s a recipe for disaster,” a senior counterterrorism official who left the government a few months ago said of the Trump administration’s yearlong bombing spree. “It’s ‘Groundhog Day’ — every day we’re just killing people and making more enemies.”
In 2015, twodozen patients and 14 staff members were killed when a heavily armed U.S. gunship fired for over an hour on a Doctors Without Borders hospital in northern Afghanistan, a disaster that has become a cautionary tale for military planners.
“Our patients burned in their beds, our medical staff were decapitated or lost limbs. Others were shot from the air while they fled the burning building,” the international aid group said in a report about the destruction of its trauma center in Kunduz.
A U.S. military investigation found that multiple human and systems errors had resulted in the strike team mistaking the building for a Taliban target. The Obama administration apologized and offered payouts of $6,000 to families of the dead.
Human rights advocates had hoped the Kunduz debacle would force the U.S. military into taking concrete steps to protect civilians during U.S. combat operations. Within a couple years, however, the issue came roaring back with high civilian casualties in U.S.-led efforts to dislodge Islamic State extremists from strongholds in Syria and Iraq.
In a single week in March 2017, U.S. operations resulted in three incidents of mass civilian casualties: A drone attack on a mosque in Syria killed around 50; a strike in another part of Syria killed 40 in a school filled with displaced families; and bombing in the Iraqi city of Mosul led to a building collapse that killed more than 100 people taking shelter inside.
In heavy U.S. fighting to break Islamic State control over the Syrian city of Raqqa, “military leaders too often lacked a complete picture of conditions on the ground; too often waved off reports of civilian casualties; and too rarely learned any lessons from strikes gone wrong,” according to an analysis by the Pentagon-adjacent Rand Corp. think tank.
Released in 2019, the review Mattis launched was seen by some advocacy groups as narrow in scope but still a step in the right direction. Yet the issue soon dropped from national discourse, overshadowed by the coronavirus pandemic and landmark racial justice protests.
During the Biden administration’s chaotic withdrawal of U.S. forces from Afghanistan in August 2021, a missile strike in Kabul killed an aid worker and nine of his relatives, including seven children. Then-Defense Secretary Lloyd Austin apologized and said the department would “endeavor to learn from this horrible mistake.”
That incident, along with a New York Times investigative series into deaths from U.S. airstrikes, spurred the adoption of the Civilian Harm Mitigation and Response action plan in 2022. When they established the new Civilian Protection Center of Excellence the next year, defense officials tapped Michael McNerney — the lead author of the blunt RAND report — to be its director.
“The strike against the aid worker and his family in Kabul pushed Austin to say, ‘Do it right now,’” Bryant said.
The first harm-mitigation teams were assigned to leaders in charge of some of the military’s most sensitive counterterrorism and intelligence-gathering operations: Central Command at MacDill Air Force Base in Tampa, Florida; the Joint Special Operations Command at Fort Bragg, North Carolina; and Africa Command in Stuttgart, Germany.
A former CHMR adviser who joined in 2024 after a career in international conflict work said he was reassured to find a serious campaign with a $7 million budget and deep expertise. The adviser spoke on condition of anonymity for fear of retaliation.
Only a few years before, he recalled, he’d had to plead with the Pentagon to pay attention. “It was like a back-of-the-envelope thing — the cost of a Hellfire missile and the cost of hiring people to work on this.”
Bryant became the de facto liaison between the harm-mitigation team and special operations commanders. In December, he described the experience in detail in a private briefing for aides of Sen. Chris Van Hollen, D-Md., who had sought information on civilian casualty protocols involvingboat strikes in the Caribbean Sea.
Bryant’s notes from the briefing, reviewed by ProPublica, describe an embrace of the CHMR mission by Adm. Frank Bradley, who at the time was head of the Joint Special Operations Command. In October, Bradley was promoted to lead Special Operations Command.
At the end of 2024 and into early 2025, Bryant worked closely with the commander’s staff. The notes describe Bradley as “incredibly supportive” of the three-person CHMR team embedded in his command.
Bradley, Bryant wrote, directed “comprehensive lookbacks” on civilian casualties in errant strikes and used the findings to mandate changes. He also introduced training on how to integrate harm prevention and international law into operations against high-value targets. “We viewed Bradley as a model,” Bryant said.
Still, the military remained slow to offer compensation to victims and some of the new policies were difficult to independently monitor, according to a report by the Stimson Center, a foreign policy think tank. The CHMR program also faced opposition from critics who say civilian protections are already baked into laws of war and targeting protocols; the argument is that extra oversight “could have a chilling effect” on commanders’ abilities to quickly tailor operations.
To keep reforms on track, Bryant said, CHMR advisers would have to break through a culture of denial among leaders who pride themselves on precision and moral authority.
“The initial gut response of all commands,” Bryant said, “is: ‘No, we didn’t kill civilians.’”
Reforms Unraveled
As the Trump administration returned to the White House pledging deep cuts across the federal government, military and political leaders scrambled to preserve the Civilian Harm Mitigation and Response framework.
At first, CHMR advisers were heartened by Senate confirmation hearings where Trump’s nominees for senior defense posts affirmed support for civilian protections.
Gen. Dan Caine, chairman of the Joint Chiefs of Staff, wrote during his confirmation that commanders “see positive impacts from the program.” Elbridge Colby, undersecretary of defense for policy, wrote that it’s in the national interest to “seek to reduce civilian harm to the degree possible.”
When questioned about cuts to the CHMR mission at a hearing last summer, U.S. Navy Vice Adm. Brad Cooper, head of Central Command, said he was committed to integrating the ideas as “part of our culture.”
Despite the top-level support, current and former officials say, the CHMR mission didn’t stand a chance under Hegseth’s signature lethality doctrine.
The former Fox News personality, who served as an Army National Guard infantry officer in Iraq and Afghanistan, disdains rules of engagement and other guardrails as constraining to the “warrior ethos.” He has defended U.S. troops accused of war crimes, including a Navy SEAL charged with stabbing an imprisoned teenage militant to death and then posing for a photo with the corpse.
A month after taking charge, Hegseth fired the military’s top judge advocate generals, known as JAGs, who provide guidance to keep operations in line with U.S. or international law. Hegseth has described the attorneys as “roadblocks” and used the term “jagoff.”
At the Civilian Protection Center of Excellence, the staff tried in vain to save the program. At one point, Bryant said, he even floated the idea of renaming it the “Center for Precision Warfare” to put the mission in terms Hegseth wouldn’t consider “woke.”
By late February 2025, the CHMR mission was imploding, say current and former defense personnel.
Shortly before his job was eliminated, Bryant openly spoke out against the cuts in The Washington Post and Boston Globe, which he said landed him in deep trouble at the Pentagon. He was placed on leave in March, his security clearance at risk of revocation.
Bryant formally resigned in September and has since become a vocal critic of the administration’s defense policies. In columns and on TV, he warns that Hegseth’s cavalier attitude toward the rule of law and civilian protections is corroding military professionalism.
Bryant said it was hard to watch Bradley, the special operations commander and enthusiastic adopter of CHMR, defending a controversial “double-tap” on an alleged drug boat in which survivors of a first strike were killed in a follow-up hit. Legal experts have said such strikes could violate laws of warfare. Bradley did not respond to a request for comment.
“Everything else starts slipping when you have this culture of higher tolerance for civilian casualties,” Bryant said.
Concerns were renewed in early 2025 with the Trump administration’s revived counterterrorism campaign against Islamist militants regrouping in parts of Africa and the Middle East.
Last April, a U.S. air strike hit a migrant detention center in northwestern Yemen, killing at least 61 African migrants and injuring dozens of others in what Amnesty International says “qualifies as an indiscriminate attack and should be investigated as a war crime.”
Operations in Somalia also have become more lethal. In 2024, Biden’s last year in office, conflict monitors recorded 21 strikes in Somalia, with a combined death toll of 189. In year one of Trump’s second term, the U.S. carried out at least 125 strikes, with reported fatalities as high as 359, according to the New America think tank, which monitors counterterrorism operations.
“It is a strategy focused primarily on killing people,” said Alexander Palmer, a terrorism researcher at the Washington-based Center for Strategic and International Studies.
Last September, the U.S. military announced an attack in northeastern Somalia targeting a weapons dealer for the Islamist militia Al-Shabaab, a U.S.-designated terrorist group. On the ground, however, villagers said the missile strike incinerated Omar Abdullahi, a respected elder nicknamed “Omar Peacemaker” for his role as a clan mediator.
After the death, the U.S. military released no details, citing operational security.
“The U.S. killed an innocent man without proof or remorse,” Abdullahi’s brother, Ali, told Somali news outlets. “He preached peace, not war. Now his blood stains our soil.”
In Iran, former personnel say, the CHMR mission could have made a difference.
Under the scrapped harm-prevention framework, they said, plans for civilian protection would’ve begun months ago, when orders to draw up a potential Iran campaign likely came down from the White House and Pentagon.
CHMR personnel across commands would immediately begin a detailed mapping of what planners call “the civilian environment,” in this case a picture of the infrastructure and movements of ordinary Iranians. They would also check and update the “no-strike list,” which names civilian targets such as schools and hospitals that are strictly off-limits.
One key question is whether the school was on the no-strike list. It sits a few yards from a naval base for the Iranian Revolutionary Guard. The building was formerly part of the base, though it has been marked on maps as a school since at least 2013, according to visual forensics investigations.
“Whoever ‘hits the button’ on a Tomahawk — they’re part of a system,” the former adviser said. “What you want is for that person to feel really confident that when they hit that button, they’re not going to hit schoolchildren.”
If the guardrails failed and the Defense Department faced a disaster like the school strike, Bryant said, CHMR advisers would’ve jumped in to help with transparent public statements and an immediate inquiry.
Instead, he called the Trump administration’s response to the attack “shameful.”
“It’s back to where we were years ago,” Bryant said. If confirmed, “this will go down as one of the most egregious failures in targeting and civilian harm-mitigation in modern U.S. history.”
In less than a week, the Pentagon blacklisted an AI company for having ethics, declared it a supply chain risk, watched its preferred replacement face a massive user revolt, and then sat down to amend the replacement’s contract to address the very concerns the blacklisted company had been raising all along. Meanwhile, the blacklisted company is reportedly back in negotiations with the same Pentagon that tried to destroy it, because—wouldn’t you know—its models are apparently better for what the military actually needs.
On Monday night, Sam Altman posted on X that OpenAI had amended its Defense Department agreement to include new language explicitly addressing domestic surveillance:
We have been working with the DoW to make some additions in our agreement to make our principles very clear.
1. We are going to amend our deal to add this language, in addition to everything else:
“Consistent with applicable laws, including the Fourth Amendment to the United States Constitution, National Security Act of 1947, FISA Act of 1978, the AI system shall not be intentionally used for domestic surveillance of U.S. persons and nationals.
For the avoidance of doubt, the Department understands this limitation to prohibit deliberate tracking, surveillance, or monitoring of U.S. persons or nationals, including through the procurement or use of commercially acquired personal or identifiable information.”
Is this better than the original contract language we flagged earlier this week? Probably! The explicit mention of “commercially acquired personal or identifiable information” is new and addresses the exact data type—geolocation, browsing history, the stuff data brokers sell about all of us—that reportedly was the final sticking point in the Anthropic negotiations. The language about “deliberate tracking, surveillance, or monitoring” is more concrete than the original contract’s vague reference to “unconstrained monitoring.”
Altman also noted that the Defense Department “affirmed that our services will not be used by Department of War intelligence agencies (for example, the NSA)” and that any such use “would require a follow-on modification to our contract.”
This sounds better than where they were before, but it’s genuinely hard to tell from the outside. And that difficulty—the opaque nature of what any of this means in practice—is the actual story here.
Because the problem with OpenAI’s deal was never just about the specific contract language. As we laid out earlier this week, the intelligence community has spent decades engineering legal definitions that let it conduct what any reasonable person would call mass surveillance while truthfully claiming otherwise. Whether this new amendment survives contact with those definitions is a question no outside observer can answer right now.
The bigger issue is happens to innovation when the rules can change based on a cabinet secretary’s mood. The contract still references compliance with existing legal authorities—the same authorities that have been stretched and reinterpreted for years to permit exactly the kinds of data collection the new language purports to prohibit.
Anthropic’s Dario Amodei was characteristically blunt about the gap between OpenAI’s public framing and what the contract language actually delivers. In a memo to staff that has since leaked:
“The main reason [OpenAI] accepted [the DoD’s deal] and we did not is that they cared about placating employees, and we actually cared about preventing abuses.”
Damn.
He called OpenAI’s messaging around the deal “straight up lies” and described the whole thing as “safety theater.” You can dismiss some of that as competitive sniping, but Amodei was in the room for the Anthropic negotiations, and his characterization of what the Pentagon was actually demanding lines up with what the New York Times separately reported. His criticism is specific and technical: the Pentagon asked Anthropic to delete a “specific phrase about ‘analysis of bulk acquired data'” that was “the single line in the contract that exactly matched this scenario we were most worried about.” OpenAI’s original contract conspicuously lacked any such language. The amendment addresses this, at least on its face. Whether it does so in a way that actually binds the Pentagon’s behavior is a different question.
But the contract language debate, as important as it is, obscures the much larger problem.
“So maybe you think the Iran strike was good and the Venezuela invasion was bad…. You don’t get to weigh in on that.”
That’s the CEO of one of the most important AI companies on the planet telling his workforce that operational decisions about how their technology gets used in military actions are entirely up to Defense Secretary Pete Hegseth. The same Pete Hegseth who, just days earlier, tried to nuke an entire company for asking that AI not make autonomous kill decisions. The same Hegseth whose idea of contract negotiation was to issue what we described earlier this week as a “corporate death penalty” against Anthropic.
Speaking of Anthropic, that situation has gone from tragedy to farce and back again. The Financial Times reports that Amodei is now in direct talks with Emil Michael, a Hegseth lackey, to try to salvage a deal. This is the same Emil Michael (a scandal-ridden former Uber exec) who, just last week, called Amodei a “liar” with a “God complex”. And the same Defense Department that designated Anthropic a supply chain risk. The same administration that directed every federal agency to “immediately cease” all use of Anthropic’s technology.
And yet here they are, back at the table. Because, as multiple reports have made clear, Anthropic’s Claude models were already deployed on the Pentagon’s classified network and were quite useful for the Defense Department. The Pentagon apparently needs Anthropic’s technology because it’s actually good at the job. This just highlights how monumentally stupid the whole “supply chain risk” gambit was. You don’t issue a corporate death penalty against a company whose product you’re actively relying on for military operations unless you’re operating on pure spite rather than strategy.
The public, meanwhile, is making its own calculations under this cloud of uncertainty. ChatGPT uninstalls spiked 295% the day after the OpenAI deal was announced, while downloads dropped significantly. Anthropic’s Claude app jumped to the top of the App Store. One-star reviews of ChatGPT surged nearly 775% over the weekend.
Users who have zero ability to evaluate the legal intricacies of EO 12333 or the practical significance of “commercially acquired personal or identifiable information” are making choices based on the clear understanding that something has gone seriously wrong.
Call it the uncertainty tax: when users can’t verify whether a company’s principles are real, they treat visible conflict with authority as proof of authenticity. When people can’t tell whether a company’s safety commitments are real, they default to the company that got punished for having safety commitments—because at least that tells you that there were at least some principles at play.
Getting punished for having principles is, perversely, the clearest indication that you had any, whether or not it’s true.
Altman himself seems to recognize that the rollout was a disaster. From his post:
One thing I think I did wrong: we shouldn’t have rushed to get this out on Friday. The issues are super complex, and demand clear communication. We were genuinely trying to de-escalate things and avoid a much worse outcome, but I think it just looked opportunistic and sloppy.
“Looked” opportunistic is doing a lot of work in that sentence. But okay.
The deeper issue here goes beyond any one contract or any one company. What we’ve watched unfold over the past week is a case study in why you cannot build a functional technology industry under a petulant, arbitrary authoritarian regime.
This is now what every AI company knows: if you tell the government “no” on something—even something as basic as “our AI shouldn’t make autonomous kill decisions without human oversight”—the Defense Secretary may try to destroy your company, publicly call you treasonous, and bar anyone doing business with the military from working with you. If you tell the government “yes,” you may face a massive consumer backlash, lose hundreds of thousands of users, and find yourself amending contracts on the fly to address concerns you should have thought about before signing.
Seems like a rough way to encourage innovation in the AI space.
And the rules can change at any moment. This week it’s “give us unrestricted access for all lawful purposes.” Next week, the definition of “lawful” might shift. The week after that, maybe the administration decides it doesn’t like something else about your company and the threats start anew. Altman told his employees that Hegseth made clear OpenAI doesn’t “get to make operational decisions.” So the company writes the safety stack, crosses its fingers, and hopes the people who just tried to destroy its largest competitor over basic ethical commitments will honor the contract language.
This is the environment the AI industry’s biggest Trump boosters created for themselves. For months, the refrain on certain VC bro podcasts was that the Biden administration was going to destroy AI and hand the industry to China. In reality, Biden’s AI policy amounted to a toothless set of principles and some extra paperwork. It was annoying, sure. It did not involve the Defense Secretary threatening to obliterate companies or the president directing all federal agencies to stop using a specific American company’s technology.
And the irony of it all is that the market seems to be figuring this out even as the companies’ leadership teams scramble to pretend everything is fine. The same users who were happily using ChatGPT a week ago are fleeing to Claude—the product of the company the government tried to destroy—because they’ve correctly identified that a company that got punished for standing up to an authoritarian government is probably more trustworthy than one that rushed to fill the void.
Innovation requires predictability. It requires the ability to plan, to hire, to build product roadmaps that extend beyond next Friday’s presidential tweet. It requires knowing that if you build something good and compete fairly, the government won’t try to destroy you because you annoyed a cabinet secretary during contract negotiations. Every AI company—even the ones currently benefiting from Anthropic’s punishment—should be deeply unsettled by what happened last week.
Because the leopard that ate Anthropic’s face last Friday can eat yours next Friday. All it takes is one disagreement, one insufficiently sycophantic response, one moment of “duplicity” defined as “having principles.”
Altman seems to partially grasp this. He publicly stated that the decision to designate Anthropic as a supply chain risk was “a very bad decision” and that the Pentagon should offer Anthropic the same terms OpenAI agreed to. That’s the right thing to say when facing a PR crisis like this. But saying it while simultaneously benefiting from the decision, while telling your employees they don’t get to have opinions about how their technology gets used in military operations, sends a somewhat mixed signal.
The lesson here has less to do with the specifics of any contract than with the fact that an impetuous, arbitrary, out-of-control authoritarian government is bad for innovation. I mean, it’s also bad for the public, society, and (arguably) the military as well. The US has led in innovation for decades in part because we had stable institutions and predictable rule of law.
But hey, at least nobody’s asking them to fill out compliance forms anymore. That was the real threat to American AI leadership.
We’ve covered how there’s a real push afoot to implement statewide “right to repair” laws that try to make it cheaper, easier, and environmentally friendlier for you to repair the technology you own. Unfortunately, while all fifty states have at least flirted with the idea, only Massachusetts, New York, Minnesota, Colorado, California, and Oregon, and Washington have actually passed laws.
And among those states, not one has actually enforced them despite a wide array of ongoing corporate offenses (though to be fair to states there is kind of a lot going on).
This reform movement, which sees broad bipartisan support, had even started to reach toward the military, which is probably the poster child for over-billing, dysfunctional repair monopoly, “parts pairing,” and other predatory efforts to jack up the cost of maintenance and ownership.
Back in June we mentioned how Army Secretary Daniel Driscoll had committed to including right-to-repair requirements in all existing and future Army contracts with manufacturers. Some very light language to this effect was to be included in the latest National Defense Authorization Act by Democrat Elizabeth Warren of Massachusetts and Republican Tim Sheehy of Montana.
“Driscoll recently pointed to a Black Hawk helicopter part to show how contractor restrictions drive up costs. The original equipment manufacturer refuses to repair or replace a small screen-control knob that grounds the aircraft when it breaks — forcing the Army to purchase an entire new screen assembly for $47,000. Driscoll said the Army could make the knob for just $15.”
Picture that problem, at scale, across the entirety of U.S. military hardware, planet wide.
But despite the bipartisan popularity of right to repair reforms, companies weren’t keen on losing money via a government crackdown on their grift. So the various policy and lobbying fronts for America’s defense contractors spent much of this fall trying to frame the modest reforms as an affront on innovation to scuttle the reforms as the House and Senate debate over bill versions.
“The House’s Data-as-a-Service Solutions for Weapon System Contracts provision, which would have required DoD to negotiate access to technical data and necessary software before signing a contract, was removed from the final text of the annual legislation released over the weekend. The Senate’s provision requiring contractors to provide the military with detailed repair and maintenance instructions was dropped from the bill as well.
Instead, the legislation requires the Defense Department to develop a digital system that would track and manage all technical data and verify whether contractors and subcontractors comply with contract requirements related to technical data. The compromise version of the bill also requires DoD to review all existing contracts to determine what contractors were required to deliver and what data DoD can access.”
That’s basically worthless bureaucracy as it applies to any sort of meaningful right to repair reforms.
Again, these reforms were about as basic as they get. Still, they would have likely opened the door to taxpayers saving billions of dollars annually when it comes to paying too much for the repair and maintenance of U.S. military equipment. It was a no brainer reform, but because the United States is genuinely too corrupt to function, even that was ultimately a bridge too far.
To add insult to injury, we’ve got fake Trump populists and Silicon Valley execs like Elon Musk running around pretending they care about efficiency. But in instances like this, where there’s real potential to improve government efficiency, you’ll notice they’re nowhere to be found because the reforms would interfere with their ability to rip off the public.
You know this is a spectacle, right? A show. That’s what it is. A performance for social media. With blood.
Pete Hegseth just ordered the twenty-first strike on a suspected drug boat. Three more bodies. Another video posted to X showing a vessel bursting into flames. “Three male narco-terrorists” dead, the military announces. No trial. No evidence presented. No due process. Just boats exploding on camera and bodies labeled terrorists because the Department of Defense says so.
This is governance as content creation. TikTok foreign policy. Snackable clips of military strikes designed for engagement metrics while everything that actually matters falls apart around us.
Blowing up drug-running boats in the Caribbean isn’t going to stop the flow of drugs into America. Everyone knows this. The drugs will keep coming—they always do, they always have. Different boats, different routes, same product reaching the same streets. This isn’t policy designed to solve problems. This is spectacle designed to produce feelings. The feeling that someone strong is doing strong things. The feeling that enemies are being punished. The feeling that something is being done even as nothing actually changes.
But it is illegal. Under United States law and international law. The rule of law is being killed alongside these men in these boats. Admiral Alvin Holsey—the four-star admiral overseeing these operations—resigned because the boats weren’t showing immediate hostile intent. Colombia says we’re killing their fishermen. Ecuador released survivors for lack of evidence. Congress hasn’t authorized any of this. The Constitution hasn’t been consulted. Just Hegseth ordering strikes and posting videos while the legal framework that makes civilization possible burns alongside the boats.
So they can post it on X. So they can show you what an amazing job they’re doing. While your prices rise. While the Epstein files document twenty thousand pages of connections that cannot be explained away. While the artificial intelligence market bubble exhausts its last breaths of irrational exuberance. While American citizens are illegally detained by masked federal agents and some have been shot. This is a show for social media.
Twenty-one strikes now. How many bodies for the algorithm? How many “narco-terrorists” killed without trial before someone asks to see evidence? How many boats exploding on camera before Congress remembers it’s supposed to authorize military action? The carrier arrives tomorrow. Fifteen thousand troops ready. And still no authorization. Still no debate. Just Trump saying he’s “sort of made up my mind” while Hegseth produces content.
This is what authoritarian governance looks like in the age of engagement metrics. The policy is the spectacle. The spectacle is the policy. You’re not supposed to ask whether it works. You’re supposed to watch the boats explode and feel like winning is happening. You’re supposed to see bodies labeled terrorists and feel safer. You’re supposed to consume the content and move on to the next post before you have time to ask: Where’s the evidence? Where’s the legal authority? Where’s Congress? What is this actually accomplishing besides producing clips for social media?
The boats keep exploding. The videos keep posting. The body count keeps rising. And while you watch the performance, Trump’s Epstein connections sit in those twenty thousand pages. While you debate whether the targets were really terrorists, American citizens are detained without warrants. While you argue about drugs, the Constitution collects dust and admirals resign in protest and the rule of law dies with every strike that produces another video for posting.
This is governance for the algorithm. Bodies for engagement. Military action as content strategy. Twenty-one strikes. The carrier arrives tomorrow. Eighty people dead in undeclared war. Congress silent. The Constitution ignored. Admirals resigning. The rule of law burning.
For fucking TikTok.
Mike Brock is a former tech exec who was on the leadership team at Block. Originally published at his Notes From the Circus.
The “fresh hell” administration keeps on rolling. There’s no need to actually ask what fresh hell awaits. You need do nothing more than exist and a new fresh hell will be delivered, almost daily.
Here’s the freshest: the US military decided to blow up a boat traveling in international waters — one carrying eleven people, all definitely dead — because… well, no one really seems to be able to say definitively.
There’s a whole lot of vibes going on, but not much else. The man presumably capable of making a final call on extrajudicial killings during war time — famed accused day drinker and Signal chat enthusiast Pete Hegseth — said some stuff that lacked substance or, more importantly, any legal backing while being chatted up by PravdaUS:
The Trump administration has not offered any legal rationale. But Defense Secretary Pete Hegseth said in an appearance on “Fox & Friends” on Wednesday that administration officials “knew exactly who was in that boat” and “exactly what they were doing,” although he did not offer evidence.
For whatever reason, Secretary of State Marco Rubio felt compelled to offer his comments on the offshore murders, which went about as well as anything ever does for Marco:
Mr. Rubio had said on Tuesday that it was going to Trinidad, while Mr. Trump said the United States. On Wednesday, Mr. Rubio changed his version, saying the drug-laden boat was bound for the United States.
The secretary said in Mexico City that drug cartels and traffickers, including those on the boat, “pose an immediate threat to the United States, period.”
But no one actually offered any rationale for what happened (and was boasted about by Trump on Truth Social). While officials said some vague stuff about drug trafficking and made unsubstantiated claims about the eleven victims of this attack being Tren de Aragua members, the government was busy working its way backwards from the killings to find some reason for having already killed people:
Pentagon officials were still working Wednesday on what legal authority they would tell the public was used to back up the extraordinary strike in international waters.
A day later, the Defense Department must still have been working on a semi-plausible excuse for breaking all the rules of crime-fighting — especially one in which it certainly appears the US government destroyed a boat carrying eleven people but probably not much (if any!) drugs. The footage of the strike shows a boat more likely carrying refugees/migrants to another country (possibly even Trinidad). Half-mumbled claims about drug dealing and terrorism being pretty much the same thing were made by many in Trump’s cabinet.
Anna Kelly, a White House spokeswoman, emphasized in a statement late on Wednesday that the strike took place in international waters and did not put American troops at risk. She said that Mr. Trump had directed the attack in “defense of vital U.S. national interests and in the collective self-defense of other nations who have long suffered due to the narcotics trafficking and violent cartel activities of such organizations.”
“The strike was fully consistent with the law of armed conflict,” Ms. Kelly said.
First things fucking last: NO ONE WAS EVER IN THE LEAST BIT CONCERNED ABOUT THE SAFETY OF US TROOPS. This answers a question no one asked and does nothing more than pad an answer that really isn’t an answer. It’s just more of the same deflection and dribble from the Trump administration. Saying it took place in international waters doesn’t mean — like far too many people believe — that all bets are off and any country can do whatever it wants in waters that don’t actually belong to any single country.
Finally, saying the strike was “consistent” with the “law of armed conflict” only means something if the strike, in fact, complied with law of armed conflict. Simply saying it does doesn’t actually make it legal. That’s what judges call a “conclusory statement” and that’s one of the most worthless things any entity can offer in defense of its actions.
If it was indeed “fully consistent” with the law, you’d think the administration would have already released a memo or statement from the White House Office of Legal Counsel explaining (with citations) why this strike complied with all applicable laws.
But that’s not what happened. Instead, we got some people saying it’s defensible because drug cartels have been called “terrorists” by Trump and another person saying “this was legal because I’m saying it was legal.” Instead, what we’ve been given is an extrajudicial killing, followed by some administration gloating, followed by some administration deflection, which is now followed by the unsettling feeling that this is just beginning of a new wave of awfulness. As Charlie Savage’s headline for the New York Times puts it plainly: Trump has claimed the power of summary execution, which aligns him directly with authoritarian leaders he so obviously admires.
And as if all of this weren’t horrifying enough, here’s the president’s official “War Room” account responding to Senator Rand Paul’s obvious question about the morality of summarily executing people only suspected of committing a crime:
This administration has no use for slippery slopes. It races all the way to the bottom of them and then dares anyone to do anything about it. There’s nothing too unethical, immoral, or illegal to be taken off the table when accomplishing its end goals. The justification for the means can always be generated after the fact and if that fails to hold up to judicial scrutiny, the administration will simply move on to the next lawless act on the authoritarian to-do list — whatever it takes to convert the land of the free into the “vast ecumenical holding company” of the GOP’s fever dreams.
When you specifically ask a judge for something, get exactly what you requested, then immediately start whining about how burdensome your own suggestion is — well, that’s not legal strategy. That’s performance art.
Worse: having a senior Justice Department official claim that the solution that the DOJ itself requested is being unfairly imposed on the government “putting ICE agents’ lives in danger.”
Even worse: doing this based on a NY Post article… while ignoring that just days earlier the judge himself in the case had directly scolded the DOJ for ignoring that they themselves had requested this state of affairs and that they were absolutely free to arrange alternatives.
But that’s precisely what’s happening in the ongoing South Sudan deportation case, where the Trump administration is now crying about conditions they themselves created and refuse to fix despite having obvious alternatives.
Quick recap: Last week I wrote about how the US government shipped people to South Sudan without required due process hearings. When a judge blocked the deportation mid-flight, the plane diverted to Camp Lemonnier in Djibouti.
Here’s the key part everyone seems to forget: When the judge asked about next steps, the DOJ specifically requested that the men be held in Djibouti for their hearings rather than brought back to the US. The judge made it crystal clear this was the government’s choice:
THE COURT: I’m very much considering this, but, if this is the route we go, my inclination would be to say,if you want to do all of these [interviews] where they are, you have to do them appropriately; if you don’t want to, you can always bring them home of your own volition and do it there. And so I’m not going to mandate that the Department do anything overseas, but in an effort to craft as circumscribed a remedy as possible, I’m inclined to say if the Department wants to figure that out, I’m inclined to let them.
The DOJ responded that DHS had informed them that they could handle the interviews in Djibouti. But then, five days later, they complained that it was too rough to do it remotely like that. In response, Judge Brian Murphy again reminded them, in print this time, that they could always bring the men back to the US for their hearings:
… the Court never said that Defendants had to convert their foreign military base into an immigration facility; it only left that as an option, again, at Defendants’ request. The other option, of course, has always been to simply return to the status quo of roughly one week ago, or else choose any other location to complete the required process.
So it seems pretty rich that a little over a week after that ruling, the DOJ filed a declaration from a DHS official, whining about how much of a pain it is to hold these men in Djibouti while organizing their hearings.
The aliens are currently being held in a conference room in a converted Conex shipping container on the U.S. Naval base in Camp Lemonnier, Djibouti. This has been identified as the only viable place to house the aliens.
The only U.S. government personnel authorized to maintain care and custody of the aliens upon their arrival in Djibouti were the three ICE officers who accompanied the plaintiffs on this removal operation. The team of ICE officers that was originally assigned to this mission was replaced and expanded on May 27, 2025. However, having to switch teams creates additional problems as ICE must identify officers that are available to work in the same potentially deleterious conditions. Notwithstanding staffing challenges, the current group of ICE officers responsible for administering these duties is expected to be replaced soon.
There are currently eleven ICE officers assigned to guard and maintain custody of the aliens and two ICE officers assigned support the medical staff. The eleven ICE officers are divided into groups of two and work twelve-hour shifts. Five officers are assigned to the day shift, and six officers are assigned to the night shift. Officers within each shift may only take breaks when another officer assumes the assigned officer’s responsibilities during the break.
ICE officers do not have the capacity to maintain constant surveillance, custody, and care of the aliens for prolonged periods of time. The surveillance and security that ICE officers are expected to provide includes escort service to a designated area to distribute medications, as needed; to the same location for medical consultations between aliens and the medical staff, as needed; and the restroom for each alien upon an alien’s request. The alien-designated restroom has sinks, six toilet stalls, and six showers. The designated restrooms are located in a separate trailer, which is forty to fifty yards from the unit in which the aliens are housed. The ICE officers conduct pat-downs and searches for contraband during movements to the restroom, or for any other outside activity. Only one alien is allowed to use the toilet or shower at a time, and one officer is required to escort the alien. Aliens are permitted to shower every other day, and showers occur at night due to the heat. From the onset of these ICE operations, the daily temperature outside has exceeded 100 degrees Fahrenheit during the day
The conference room in which the aliens are housed is not equipped nor suitable for detention of any length, let alone for the detention of high-risk individuals. Notably, the room has none of the security apparatus necessary for the detention of criminal aliens. If an altercation were to occur, there is no other location on site available to separate the aliens, which further compromises the officers’ safety.
ICE officers are currently sharing very limited sleeping quarters, consisting of a trailer with three sets of bunk beds and six beds in total. Storage space is limited to an individual locker for each officer.
There is limited lighting in the area, which makes visibility difficult and creates a significant security risk for both the officers and aliens.
Currently, U.S. Department of Defense (DOD) resources are being used for the care of these aliens, causing disruption to the station’s operations and consuming critical resources intended for service members. DOD operators have expressed frustration, particularly about the proximity to DOD quarters of aliens with violent criminal records . ICE medical staff has also received limited medication and medical supplies for both officers and the aliens from DOD.
I have to imagine that it’s difficult, as a judge, not to respond to this by pointing out that they don’t need the judge’s permission to fix this. They have always been able to move them somewhere else, as the judge directly reminded them just a week ago.
Naturally, this manufactured crisis became fodder for the right-wing outrage machine, which then fed back into the administration, baiting the rabid MAGA crowd with lies.
First, the NY Post wrote a laughably false article based on this filing, claiming ICE agents were “stranded” in terrible conditions in Djibouti. Except, they’re not stranded. Again, the US government directly requested this and the judge gave them the option to stay there or to move somewhere else, so long as they provided the required due process.
Then, in a demonstration of how the Trump admin launders these lies, Chad Mizelle, chief of staff to Attorney General Pam Bondi, tweeted — falsely — that the judge had ordered that ICE agents do this:
That’s Chad Mizelle linking to the NY Post’s story and claiming (again, falsely):
The Judge’s orders in the DVD case are literally putting ICE agents’ lives in danger. He grounded a removal flight to South Sudan that was already over east Africa, and now three ICE agents are “marooned in Djibouti with eight criminal migrants under ‘outrageous’ living conditions and the threat of rocket attacks from Yemen.” The illegal aliens these ICE agents are charged with securing in the meantime have been convicted of murder, sexually assaulting minors, robbery and arson.
This is a top-level DOJ official lying to the American public. The judge made it quite clear, multiple times, that officials could move the men elsewhere or bring them back to the US, complete their “reasonable fear interviews” and get on with the deportation effort. The DOJ itself — which Mizelle is supposed the chief of staff for — directly requested of the court that the men be held in Djibouti.
This is, yet again, how the Trump admin works. They lie with impunity. They blame others for problems they themselves caused and refuse to even take the options in front of them to fix the mess they themselves caused. I get that their MAGA followers love this thing where they play the victim and blame big evil judges, but at some point, it would be nice if senior government officials lived in the land of reality.
