Laws prohibiting minors from accessing AI-powered chatbots like ChatGPT would violate the First Amendment. But that’s not stopping lawmakers from trying.
Senator Josh Hawley has introduced the Guidelines for User Age-verification and Responsible Dialogue Act of 2025 (GUARD Act), which would require AI companies to “prohibit” minors under “18 years of age” from “accessing or using” AI chatbots that “produce[] new expressive content” in response to “open-ended natural-language or multimodal user input.” Earlier this year, Virginia and Oklahoma introduced similar bills, as did California last September. The crux is the same: to prohibit minors from accessing chatbots capable of producing human-like speech.
If passed, these bills will get struck down in court for violating the First Amendment, which prohibits laws “abridging the freedom of speech.” Specifically, minors have a First Amendment right to receive information. The Supreme Court has explained, “minors are entitled to a significant measure of First Amendment protection, and only in relatively narrow and well-defined circumstances may government bar public dissemination of protected materials to them.” This right applies to the Internet with full force.
When analyzing these laws under the First Amendment, a court would start by asking whether the government is regulating speech. Speech is a broad concept, including written and spoken words, photos, music, and other forms of expression like computer code and video games. Chatbot outputs are speech; they comprise all these forms of expression. Laws prohibiting minors from accessing chatbots regulate speech by cutting off young users from the ideas and information communicated in outputs.
Next, a court would assess whether minor chatbot bans regulate protected or unprotected speech. The vast majority of outputs are protected speech: Teens use chatbots to search for information, get help with schoolwork, for fun or entertainment, and to get news. Here, the only relevant category of unprotected speech is content that is obscene to minors. The GUARD Act, for example, states that “chatbots can generate and disseminate harmful or sexually explicit content to children,” and the Virginia bill would block chatbots “capable of … [e]ngaging in erotic or sexually explicit interactions with the minor user.” Sexually explicit outputs to minors are likely unprotected speech, but the bills go much further by blocking all youth access to chatbots.
Because these bills regulate a mix of protected and unprotected speech, the court would then assess whether the prohibition on teen usage is content-based or content-neutral. Content-based restrictions target speech based on its viewpoint, subject matter, topic, or substantive message. On the other hand, content-neutral laws regulate nonsubstantive aspects of speech, like its time, place, or manner.
These bills are content-based because they prohibit access based on the subject matter of chatbot outputs. The GUARD Act would prohibit minors from accessing chatbots capable of “interpersonal or emotional interaction, friendship, companionship, or therapeutic communication.” The Oklahoma bill would block chatbots that “express[] or invit[e] emotional attachment” or “form ongoing social or emotional bonds with users, whether or not such systems also provide information.” Similarly, the Virginia bill would ban minors from accessing chatbots “capable of … offering mental health therapy.” Regardless of the pros and cons of minors accessing such information, the prohibitions are based on the content of the outputs — not on merely nonsubstantive aspects of the speech.
Because these bills are content-based, the court would apply strict scrutiny. The government would have to prove the bills are narrowly tailored to advance a compelling governmental interest and that they are the least restrictive means of serving that interest. Banning minors from accessing chatbots arguably advances “a compelling interest in protecting the physical and psychological well-being of minors” by “shielding minors from the influence of” obscene outputs.
Strict scrutiny, however, requires lawmakers to use a less restrictive means than bans to protect minors. Lawmakers could, for example, require AI companies to provide parental controls or strict safeguards preventing their models from engaging in sexually explicit conversations with young users. In fact, AI companiesalreadyhavepolicies and features to protect minor users. Because these bills aren’t narrowly tailored, a court would strike them down for violating the First Amendment.
Banning minors from using chatbots is also bad policy. Last October, California Governor Gavin Newsom vetoed the state’s proposed ban, stating, “AI is already shaping the world, and it is imperative that adolescents learn how to safely interact with AI systems … We cannot prepare our youth for a future where AI is ubiquitous by preventing their use of these tools altogether.”
Most U.S. teens use AI chatbots. These young users have a First Amendment right to receive the information the AIs output, which is generally protected speech. Prohibiting access to chatbots would violate minors’ constitutional rights and deprive them of the vast benefits of AI.
Andy Jung is associate counsel at TechFreedom, a nonprofit, nonpartisan think tank focused on technology law and policy.
Senator Ron Wyden says that when a secret interpretation of Section 702 is eventually declassified, the American public “will be stunned” to learn what the NSA has been doing. If you’ve followed Wyden’s career, you know this is not a man prone to hyperbole — and you know his track record on these warnings is perfect.
Just last month, we wrote about the Wyden Siren — the pattern where Senator Ron Wyden sends a cryptic public signal that something terrible is happening behind the classification curtain, can’t say what it is, and then is eventually proven right. Every single time. The catalyst then was a two-sentence letter to CIA Director Ratcliffe expressing “deep concerns about CIA activities.”
Well, the siren is going off once again. This time, Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being unwilling to agree to basic constitutional limitations on NSA surveillance. But that’s just a jumping off point ahead of Section 702’s upcoming reauthorization deadline. Buried in the speech is a passage that should set off every alarm bell:
There’s another example of secret law related to Section 702, one that directly affects the privacy rights of Americans. For years, I have asked various administrations to declassify this matter. Thus far they have all refused, although I am still waiting for a response from DNI Gabbard. I strongly believe that this matter can and should be declassified and that Congress needs to debate it openly before Section 702 is reauthorized. In fact,when it is eventually declassified, the American people will be stunnedthat it took so long and that Congress has been debating this authority with insufficient information.
Here’s a sitting member of the Senate Intelligence Committee — someone with access to the classified details — is telling his colleagues and the public that there is a secret interpretation of Section 702 that “directly affects the privacy rights of Americans,” that he’s been asking multiple administrations to declassify it, that they’ve all refused, and that when it finally comes out, people will be stunned.
If you’ve followed Wyden for any amount of time, this all sounds very familiar. In 2011, Wyden warned that the government had secretly reinterpreted the PATRIOT Act to mean something entirely different from what Congress and the public understood. He couldn’t say what. Nobody believed it could be that bad. Then the Snowden revelations showed the NSA was engaged in bulk collection of essentially every American’s phone metadata. In 2017, he caught the Director of National Intelligence answering a different question than the one Wyden asked about Section 702 surveillance. The pattern repeats. The siren sounds. Years pass. And then, eventually, we find out it was worse than we imagined.
Now here he is, doing the exact same thing with Section 702 yet again, now that it’s up for renewal. Congress is weeks away from a reauthorization vote, and Wyden is explicitly telling his colleagues (not for the first time) they are preparing to vote on a law whose actual meaning is being kept secret from them as well as from the American public:
The past fifteen years have shown that, unless the Congress can have an open debate about surveillance authorities, the laws that are passed cannot be assumed to have the support of the American people. And that is fundamentally undemocratic. And, right now, the government is relying on secret law with regard to Section 702 of FISA. I’ve already mentioned the provision that was stuck into the last reauthorization bill, that could allow the government to force all sorts of people to spy on their fellow citizens. I have explained the details of how the Biden Administration chose to interpret it, and how the Trump Administration will interpret it, are a big secret. Americans have the right to be confused and angry that this is how the government and Congress choose to do business.
That’s a United States senator who has a long history of calling out secret interpretations that lead to surveillance of Americans — standing on the Senate floor and warning, once again, that there’s a secret interpretation of Section 702 authorities. One that almost certainly means mass surveillance.
And Wyden knows exactly how this plays out. He’s been through the reauthorization cycle enough times to know the playbook the intelligence community runs every time 702 is up for renewal:
I’ve been doing this a long time, so I know how this always goes. Opponents of reforming Section 702 don’t want a real debate where Members can decide for themselves which reform amendments to support. So what always happens is that a lousy reauthorization bill magically shows up a few days before the authorization expires and Members are told that there’s no time to do anything other than pass that bill and that if they vote for any amendments, the program will die and terrible things will happen and it will be all their fault.
Don’t buy into that.
He’s right. Every time reauthorization is on the table, no real debate happens, and then just before the authorization is about to run out, some loyal soldier of the surveillance brigade in Congress will scream “national security” at the top of their lungs, insist there’s no time to debate this or people will die, and then promises that we need to just re-authorize for a few more years, at which point we’ll be able to hold a debate on the surveillance.
A debate that never arrives.
But even setting aside the secret interpretation Wyden can’t discuss, his speech highlights something almost as damning: just how spectacularly the supposed “reforms” from the last reauthorization have failed. Remember, one of the big “concessions” to get the last reauthorization across the finish line was a requirement that “sensitive searches” — targeting elected officials, political candidates, journalists, and the like — would need the approval of the FBI’s Deputy Director.
This was in response to some GOP elected officials being on the receiving end of investigations during the Biden era, freaking out that the NSA appeared to be doing the very things plenty of civil society and privacy advocates had been telling them about for over a decade while they just yelled “national security” back at us.
So how are those small “reforms” working out? Here’s Wyden:
The so-called big reform was to require the approval of the Deputy FBI Director for these sensitive searches.
Until two months ago, the Deputy FBI Director was Dan Bongino. As most of my colleagues know, Mr. Bongino is a longtime conspiracy theorist who has frequently called for specious investigations of his political opponents. This is the man whom the President and the U.S. Senate put in charge of these incredibly sensitive searches. And Bongino’s replacement as Deputy Director, Andrew Bailey, is a highly partisan election denier who recently directed a raid on a Georgia election office in an effort to justify Donald Trump’s conspiracy theories. I don’t know about my colleagues, but this so-called reform makes me feel worse, not better.
So the grand reform that was supposed to provide meaningful oversight of the FBI’s most sensitive surveillance activities ended up placing that authority in the hands of a conspiracy theorist, followed by a partisan election denier. And just to make the whole thing even more farcical, Wyden notes that the FBI has refused to even keep a basic record of these searches:
But it’s even worse than it looks. The FBI has refused to even keep track of all of the sensitive searches the Deputy Director has considered. The Inspector General urged the FBI to just put this information into a simple spreadsheet and they refused to do it. That is how much the FBI does not want oversight.
They won’t maintain a spreadsheet. The Inspector General asked them to track their use of a sensitive surveillance power using what amounts to a basic Excel file, and the FBI said no. That’s the state of “reform” for Section 702 after the last re-auth.
Wyden has also been sounding the alarm about the expansion of who can be forced to spy on behalf of the government, thanks to a provision jammed into the last reauthorization that expanded the definition of “electronic communications service provider” to cover essentially anyone with access to communications equipment. As Wyden explained:
Two years ago, during the last reauthorization debacle, something really bad happened. Over in the House, existing surveillance law was changed so that the government could force anyone with “access” to communications to secretly collect those communications for the government. As I pointed out at the time, that could mean anyone installing or repairing a cable box, or anyone responsible for a wifi router. It was a jaw-dropping expansion of authorities that could end up forcing countless ordinary Americans to secretly help the government spy on their fellow citizens.
The Biden administration apparently promised to use this authority narrowly. But, of course, the Trump administration has made no such promise. As we say with every expansion of executive authority, just imagine how the worst possible president from the opposing party would use it. And now we don’t have to wonder any more.
Wyden correctly points out that secret promises from a prior administration are worth exactly nothing:
But here’s the other thing – whatever secret promise the Biden Administration made about using these vast, unchecked authorities with restraint, the current administration clearly isn’t going to feel bound by that promise. So whatever the previous administration intended to accomplish with that provision, there is absolutely nothing preventing the current administration from conscripting those cable repair and tech support men and women to secretly spy on Americans.
So to tally this up: Congress is about to vote on reauthorizing Section 702 with a secret legal interpretation that Wyden says will stun the public when it’s eventually revealed, with “reforms” that placed surveillance approval authority in the hands of conspiracy theorists who won’t even keep a spreadsheet, with a massively expanded definition of who can be forced to help the government spy, with secret promises about restraint that the current administration has no intention of honoring, and with a nominee to lead the NSA who won’t commit to following the Constitution.
The Wyden Siren is blaring. And if history is any guide — and it has been, without exception — whatever is behind the classification curtain is worse than what we can see from the outside.
To completely understand computer security, it’s vital to step outside the fence and to think outside the box. Computer security is not just about firewalls, Intrusion Prevention Systems, or anti-viruses. It’s also about tricking people into doing whatever a hacker wishes. A secure system, network, or infrastructure is also about informed people. The All-in-One Super-Sized Ethical Hacking Bundle will help you learn to master ethical hacking techniques and methodologies over 14 courses. It’s on sale for $28 for a limited time.
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
Every phone is a narc whether you realize it or not. The private sector certainly knows what information a cell phone can divulge and has leveraged the always-on nature of these devices to maximize profitability.
The public sector — mainly law enforcement agencies, both local and federal — have caught onto this as well. With court decisions making it less than absolutely clear things like geofence warrants and long-term location tracking are actually lawful, they’re turning to third parties to give them the data they can’t easily obtain without trying to talk judges into approving their warrants.
Data brokers will sell to anyone willing to pay, which means plenty of federal agencies are obtaining location data this way, bypassing the restraints created by courts and the oversight Congress is supposed to provide. The DHS has been doing this for years, as have several other federal law enforcement agencies. It finally attracted enough attention on Capitol Hill that even CBP (Customs and Border Protection) pinky-promised Senator Ron Wyden and other lawmakers that it wouldn’t continue to bypass constitutional protections by throwing its money at private sector data brokers.
Customs and Border Protection (CBP) bought data from the online advertising ecosystem to track peoples’ precise movements over time, in a process that often involves siphoning data from ordinary apps like video games, dating services, and fitness trackers, according to an internal Department of Homeland Security (DHS) document obtained by 404 Media.
The document shows in stark terms the power, and potential risk, of online advertising data and how it can be leveraged by government agencies for surveillance purposes. The news comes after Immigration and Customs Enforcement (ICE) purchased similar tools that can monitor the movements of phones in entire neighbourhoods. ICE also recently said in public procurement documents it was interested in sourcing more “Ad Tech” data for its investigations.
CBP told Senator Wyden that it would stop purchasing location data from data brokers back in 2023. There’s no reason to believe this assertion is still true, now that Trump has made hunting down non-whites a prominent part of his domestic policy.
In fact, there’s every reason to believe CBP has gone back to buying up whatever it can from third-party data brokers. A letter signed by 58 Congressional members (including Sen. Wyden and author Rep. Adriano Espaillat) notes that the CBP has refused to discuss its current data broker-enabled location tracking efforts with Congressional oversight.
ICE is now stonewalling congressional oversight into its purchase of location data. Senator Wyden’s office requested a briefing from ICE soon after this contract was revealed in the press, in October, which was scheduled in December, for February 10, 2026. One day before that briefing was to take place, ICE cancelled it with no explanation and without any offer to reschedule.
It’s another DHS power move — albeit one put in play before Kristi Noem was sidelined by Trump. It’s one that says again, quite clearly, that federal agencies (under Trump) feel no compunction to answer to anyone, especially not their direct oversight.
What separates this reporting from earlier reporting on federal agency use of data brokers is this: prior efforts involved purchasing location data obtained via installed apps that tracked users’ locations with or without the explicit knowledge or permission of app users or even the developers of these apps. These efforts utilized built-in tracking tools contained in some SDK (software development kits) frequently used by developers.
This collection involves device information gathered and tracked by ad brokers and their customers. AdID (advertising identification) tracks unique device info to serve up targeted advertising to users, which obviously includes nudging them towards goods and services in their area.
While it doesn’t link device info specifically to the people using these devices, it does allow the government to buy data generated by these ad RTB (real-time bidding) markets to collect location info. This can be used to track people’s movements because it only takes a little extra effort (some of that already being performed for the government by companies like Palantir) to tie a device to a person.
404 Media’s reporting is first to show federal agencies have moved past data brokers to directly collect information that’s perpetually generated multiple times per minute to generate information these companies can sell to marketing firms… or, apparently, the government itself. Here’s how this works:
In essence, the AdID acts as the digital glue between a person’s device and their location data, allowing marketers—or a surveillance contractor or DHS—to attribute a set of movements to a specific device. From there, investigators can draw geofences to see all phones at a particular area over a period of time. Many smartphone location data tools then let officials see where else those devices went, potentially revealing where their owners live or work, or other sensitive locations.
While this information is drawn from a DHS-produced PTA (Privacy Threshold Analysis), the PTA generated after the “pilot program” closed in 2021, CBP has yet to produce the PIA (Privacy Impact Assessment) that is supposed to precede rollouts of programs like this, whether they’re “pilots” or not.
That report still doesn’t seem to exist. And while this report claims this was only a “pilot” program that was not used to engage in any actual surveillance, the facts on the ground say otherwise:
Although CBP described the move as a pilot, the DHS Office of the Inspector General (OIG) later found both CBP and ICE did not limit themselves to non-operational use. The OIG found that CBP, ICE, and the Secret Service all illegally used the smartphone location data, and found a CBP official used the data to track coworkers with no investigative purpose. CBP and ICE went on to repeatedly purchase access to location data.
So… business as usual. The government says it’s just test-driving something but then we found out it was used to actually engage in surveillance. The government says it will stop buying data from data brokers in contravention of Supreme Court rulings on location data and then it just keeps doing it. And when the government is told by a co-equal branch to explain itself, it ghosts its oversight and goes back to doing the extremely dirty business of being a rogue administration that openly embraces any bit of authoritarianism it can hammer into place while the system of checks and balances sputters in disbelief.
There are solutions still available to stem the authoritarian tide. We just need a few GOP representatives to care more about the country they’re supposed to be serving than the guy who’s blundering around the Oval Office in hopes of being next-gen Hitler, albeit one that includes Israel in his genocidal plans, rather than making it a target.
As always with authoritarian regimes (and corporate ownership), this is all presented to the public as an effort to restore balance, eliminate (nonexistent) “liberal bias,” and reach out to real Americans. As if billionaires and their useful idiots could care less about everyday Americana.
“So, look, I’ve said this since the beginning, which is, you know, for — when it really comes to — editorial independence will absolutely be maintained. It’s maintained at CBS. It’ll be maintained at CNN. And, really, who we want to talk to is the 70% of Americans and really around the world that identify as center-left, as center-right. And we want to be in the truth business. We want to be in the trust business. And that’s not going to change.”
Traditionally there’s only one editorial direction U.S. journalism usually goes under consolidated corporate ownership. U.S. media owners like tax cuts, deregulation, subsidies, access, and merger approvals, so corporate media’s editorial slant generally follows the financial interests of ownership. The pretense that U.S. media suffers from widespread “liberal bias,” or the belief that there are still functional firewalls between ownership and editorial, are long-deceased relics.
Larry Ellison clearly wants to hoover up what’s left of corporate media (including CBS, CNN, HBO) — and fuse it with his co-ownership of TikTok to create a sort of Hungary-esque autocratic state media, where administration allies praise dear leader while the government strangles independent and public media just out of frame.
The only thing saving us from the full and terrible vision of this outcome to date is the fact that very few of the weird nepobabies and brunchlords being tasked with its creation have anything you’d mistake for competence.
Alright, I think it might be time for a wellness check on the people running Buc-ee’s.
I realize that these chain of gas and convenience stores has a strange cult following in the south. I won’t pretend to understand why that is, but whatever. Unfortunately, the company also appears to be run by a bunch of trademark bullying jackwagons. I’ve referred to Buc-ee’s as the Monster Energy of gas stations, because the company appears to think that trademark law allows it to own the concept of a cartoon animal mascot in any tangential industry. They have bullied and/or sued many, many companies under this premise. Because most of its victims are smaller companies, they have gotten a lot of settlements out of these bullying efforts.
But those settlements don’t make the bullying legitimate. Buc-ee’s views on what trademark law allows it to own and control are fantasy. They’re still out here doing their bullying thing, though, with the latest example being its decision to sue a company that runs a gas station called “Mickey’s”. I’ve embedded the suit below, but here is a sample of the claims in the filing made against the gas station chain.
Like the Buc-ee’s Marks, Defendant’s Logos incorporate a cartoon animal facing right with wide eyes and a smile, overlaying a round background…also uses red as a predominant color in its interior and exterior signage, as well as employee uniforms and anthropomorphic representations of its cartoon moose mascot…also uses red as a predominant color in its interior and exterior signage, as well as employee uniforms and anthropomorphic representations of its cartoon moose mascot.
Consumers are likely to perceive a connection or association as to the source, sponsorship, or affiliation of the parties’ products and services, when in fact none exists, given the similarity of the parties’ logos, trade channels, and consumer bases.
And here, dear readers, is the very similar branding that the lawsuit references.
Once again, as with past Buc-ee’s trademark suits, the claims simply fall apart on inspection of the evidence. These logos are not similar. They don’t use the same overall color schemes. They feature easily distinguishable cartoon animals as mascot. A beaver is not a moose, which is a sentence I never thought I’ve have to type out on a keyboard. Likewise, a hexagon is not round, another thing I’d never thought I’d have to write. This is all very, very stupid, and not at all concerning from a customer confusion standpoint.
Despite that, the suit alleges that Mickey’s has “used” the Buc-ee’s logos to enrich themselves. It’s bonkers. In addition, Buc-ee’s has petitioned the USPTO to cancel the trademark registrations Mickey’s has for its branding.
Why is this company so beloved? They truly seem like craven bullies above all else. None of this is trademark infringement and I certainly hope the owners of Mickey’s are prepared to fight this fight. Because Buc-ee’s doesn’t somehow have a monopoly on cartoon character mascots. Not for its industry, never mind others.
Who should be directly liable for online infringement – the entity that serves it up or a user who embeds a link to it? For almost two decades, most U.S. courts have held that the former is responsible, applying a rule called the server test. Under the server test, whomever controls the server that hosts a copyrighted work—and therefore determines who has access to what and how—can be directly liable if that content turns out to be infringing. Anyone else who merely links to it can be secondarily liable in some circumstances (for example, if that third party promotes the infringement), but isn’t on the hook under most circumstances.
The test just makes sense. In the analog world, a person is free to tell others where they may view a third party’s display of a copyrighted work, without being directly liable for infringement if that display turns out to be unlawful. The server test is the straightforward application of the same principle in the online context. A user that links to a picture, video, or article isn’t in charge of transmitting that content to the world, nor are they in a good position to know whether that content violates copyright. In fact, the user doesn’t even control what’s located on the other end of the link—the person that controls the server can change what’s on it at any time, such as swapping in different images, re-editing a video or rewriting an article.
But a news publisher, Emmerich Newspapers, wants the Fifth Circuit to reject the server test, arguing that the entity that embeds links to the content is responsible for “displaying” it and, therefore, can be directly liable if the content turns out to be infringing. If they are right, the common act of embedding is a legally fraught activity and a trap for the unwary.
The Court should decline, or risk destabilizing fundamental, and useful, online activities. As we explain in an amicus brief filed with several public interest and trade organizations, linking and embedding are not unusual, nefarious, or misleading practices. Rather, the ability to embed external content and code is a crucial design feature of internet architecture, responsible for many of the internet’s most useful functions. Millions of websites—including EFF’s—embed external content or code for everything from selecting fonts and streaming music to providing services like customer support and legal compliance. The server test provides legal certainty for internet users by assigning primary responsibility to the person with the best ability to prevent infringement. Emmerich’s approach, by contrast, invites legal chaos.
Emmerich also claims that altering a URL violates the Digital Millennium Copyright Act’s prohibition on changing or deleting copyright management information. If they are correct, using a link shortener could put users at risks of statutory penalties—an outcome Congress surely did not intend.
Both of these theories would make common internet activities legally risky and undermine copyright’s Constitutional purpose: to promote the creation of and access to knowledge. The district court recognized as much and we hope the appeals court agrees.
Images from the missile strike in southern Iran were more horrifying than any of the case studies Air Force combat veteran Wes J. Bryant had pored over in his mission to overhaul how the U.S. military safeguards civilian life.
Parents wept over their children’s bodies. Crushed desks and blood-stained backpacks poked through the rubble. The death toll from the attack on an elementary school in Minab climbed past 165, most of them under age 12, with nearly 100 others wounded, according to Iranian health officials. Photos of small coffins and rows of fresh graves went viral, a devastating emblem of Day 1 in the open-ended U.S.-Israeli war in Iran.
Bryant, a former special operations targeting specialist, said he couldn’t help but think of what-ifs as he monitored fallout from the Feb. 28 attack.
Just over a year ago, he had been a senior adviser in an ambitious new Defense Department program aimed at reducing civilian harm during operations. Finally, Bryant said, the military was getting serious about reforms. He worked out of a newly opened Civilian Protection Center of Excellence, where his supervisor was a veteran strike-team targeter who had served as a United Nations war crimes investigator.
Today, that momentum is gone. Bryant was forced out of government in cuts last spring. The civilian protection mission was dissolved as Defense Secretary Pete Hegseth made “lethality” a top priority. And the world has witnessed a tragedy in Minab that, if U.S. responsibility is confirmed, would be the most civilians killed by the military in a single attack in decades.
Dismantling the fledgling harm-reduction effort, defense analysts say, is among several ways the Trump administration has reorganized national security around two principles: more aggression, less accountability.
Trump and his aides lowered the authorization level for lethal force, broadened target categories, inflated threat assessments and fired inspectors general, according to more than a dozen current and former national security personnel. Nearly all spoke on condition of anonymity for fear of retaliation.
“We’re departing from the rules and norms that we’ve tried to establish as a global community since at least World War II,” Bryant said. “There’s zero accountability.”
Citing open-source intelligence and government officials, several news outlets have concluded that the strike in Minab most likely was carried out by the United States. President Donald Trump, without providing evidence, told reporters March 7 that it was “done by Iran.” Hegseth, standing next to the president aboard Air Force One, said the matter was under investigation.
The next day, the open-source research outfit Bellingcat said it had authenticated a video showing a Tomahawk missile strike next to the school in Minab. Iranian state media later showed fragments of a U.S.-made Tomahawk, as identified by Bellingcat and others, at the site. The United States is the only party to the conflict known to possess Tomahawks. U.N. human rights experts have called for an investigation into whether the attack violated international law.
The Department of Defense and White House did not respond to requests for comment.
Since the post-9/11 invasions of Afghanistan and Iraq, successive U.S. administrations have faced controversies over civilian deaths. Defense officials eager to shed the legacy of the “forever wars” have periodically called for better protections for civilians, but there was no standardized framework until 2022, when Biden-era leaders adopted a strategy rooted in work that had begun under the first Trump presidency.
Formalized in a 2022 action plan and in a Defense Department instruction, the initiatives are known collectively as Civilian Harm Mitigation and Response, a clunky name often shortened to CHMR and pronounced “chimmer.” Around 200 personnel were assigned to the mission, including roughly 30 at the Civilian Protection Center of Excellence, a coordination hub near the Pentagon.
The CHMR strategy calls for more in-depth planning before an attack, such as real-time mapping of the civilian presence in an area and in-depth analysis of the risks. After an operation, reports of harm to noncombatants would prompt an assessment or investigation to figure out what went wrong and then incorporate those lessons into training.
By the time Trump returned to power, harm-mitigation teams were embedded with regional commands and special operations leadership. During Senate confirmation hearings, several Trump nominees for top defense posts voiced support for the mission. Once in office, however, they stood by as the program was gutted, current and former national security officials said.
Around 90% of the CHMR mission is gone, former personnel said, with no more than a single adviser now at most commands. At Central Command, where a 10-person team was cut to one, “a handful” of the eliminated positions were backfilled to help with the Iran campaign. Defense officials can’t formally close the Civilian Protection Center of Excellence without congressional approval, but Bryant and others say it now exists mostly on paper.
“It has no mission or mandate or budget,” Bryant said.
Spike in Strikes
Global conflict monitors have since recorded a dramatic increase in deadly U.S. military operations. Even before the Iran campaign, the number of strikes worldwide since Trump returned to office had surpassed the total from all four years of Joe Biden’s presidency.
Had the Defense Department’s harm-reduction mission continued apace, current and former officials say, the policies almost certainly would’ve reduced the number of noncombatants harmed over the past year.
Beyond the moral considerations, they added, civilian casualties fuel militant recruiting and hinder intelligence-gathering. Retired Gen. Stanley McChrystal, who commanded U.S. and NATO forces in Afghanistan, explains the risk in an equation he calls “insurgent math”: For every innocent killed, at least 10 new enemies are created.
U.S.-Israeli strikes have already killed more than 1,200 civilians in Iran, including nearly 200 children, according to Human Rights Activists News Agency, a U.S.-based group that verifies casualties through a network in Iran. The group says hundreds more deaths are under review, a difficult process given Iran’s internet blackout and dangerous conditions.
Defense analysts say the civilian toll of the Iran campaign, on top of dozens of recent noncombatant casualties in Yemen and Somalia, reopens dark chapters from the “war on terror” that had prompted reforms in the first place.
“It’s a recipe for disaster,” a senior counterterrorism official who left the government a few months ago said of the Trump administration’s yearlong bombing spree. “It’s ‘Groundhog Day’ — every day we’re just killing people and making more enemies.”
In 2015, twodozen patients and 14 staff members were killed when a heavily armed U.S. gunship fired for over an hour on a Doctors Without Borders hospital in northern Afghanistan, a disaster that has become a cautionary tale for military planners.
“Our patients burned in their beds, our medical staff were decapitated or lost limbs. Others were shot from the air while they fled the burning building,” the international aid group said in a report about the destruction of its trauma center in Kunduz.
A U.S. military investigation found that multiple human and systems errors had resulted in the strike team mistaking the building for a Taliban target. The Obama administration apologized and offered payouts of $6,000 to families of the dead.
Human rights advocates had hoped the Kunduz debacle would force the U.S. military into taking concrete steps to protect civilians during U.S. combat operations. Within a couple years, however, the issue came roaring back with high civilian casualties in U.S.-led efforts to dislodge Islamic State extremists from strongholds in Syria and Iraq.
In a single week in March 2017, U.S. operations resulted in three incidents of mass civilian casualties: A drone attack on a mosque in Syria killed around 50; a strike in another part of Syria killed 40 in a school filled with displaced families; and bombing in the Iraqi city of Mosul led to a building collapse that killed more than 100 people taking shelter inside.
In heavy U.S. fighting to break Islamic State control over the Syrian city of Raqqa, “military leaders too often lacked a complete picture of conditions on the ground; too often waved off reports of civilian casualties; and too rarely learned any lessons from strikes gone wrong,” according to an analysis by the Pentagon-adjacent Rand Corp. think tank.
Released in 2019, the review Mattis launched was seen by some advocacy groups as narrow in scope but still a step in the right direction. Yet the issue soon dropped from national discourse, overshadowed by the coronavirus pandemic and landmark racial justice protests.
During the Biden administration’s chaotic withdrawal of U.S. forces from Afghanistan in August 2021, a missile strike in Kabul killed an aid worker and nine of his relatives, including seven children. Then-Defense Secretary Lloyd Austin apologized and said the department would “endeavor to learn from this horrible mistake.”
That incident, along with a New York Times investigative series into deaths from U.S. airstrikes, spurred the adoption of the Civilian Harm Mitigation and Response action plan in 2022. When they established the new Civilian Protection Center of Excellence the next year, defense officials tapped Michael McNerney — the lead author of the blunt RAND report — to be its director.
“The strike against the aid worker and his family in Kabul pushed Austin to say, ‘Do it right now,’” Bryant said.
The first harm-mitigation teams were assigned to leaders in charge of some of the military’s most sensitive counterterrorism and intelligence-gathering operations: Central Command at MacDill Air Force Base in Tampa, Florida; the Joint Special Operations Command at Fort Bragg, North Carolina; and Africa Command in Stuttgart, Germany.
A former CHMR adviser who joined in 2024 after a career in international conflict work said he was reassured to find a serious campaign with a $7 million budget and deep expertise. The adviser spoke on condition of anonymity for fear of retaliation.
Only a few years before, he recalled, he’d had to plead with the Pentagon to pay attention. “It was like a back-of-the-envelope thing — the cost of a Hellfire missile and the cost of hiring people to work on this.”
Bryant became the de facto liaison between the harm-mitigation team and special operations commanders. In December, he described the experience in detail in a private briefing for aides of Sen. Chris Van Hollen, D-Md., who had sought information on civilian casualty protocols involvingboat strikes in the Caribbean Sea.
Bryant’s notes from the briefing, reviewed by ProPublica, describe an embrace of the CHMR mission by Adm. Frank Bradley, who at the time was head of the Joint Special Operations Command. In October, Bradley was promoted to lead Special Operations Command.
At the end of 2024 and into early 2025, Bryant worked closely with the commander’s staff. The notes describe Bradley as “incredibly supportive” of the three-person CHMR team embedded in his command.
Bradley, Bryant wrote, directed “comprehensive lookbacks” on civilian casualties in errant strikes and used the findings to mandate changes. He also introduced training on how to integrate harm prevention and international law into operations against high-value targets. “We viewed Bradley as a model,” Bryant said.
Still, the military remained slow to offer compensation to victims and some of the new policies were difficult to independently monitor, according to a report by the Stimson Center, a foreign policy think tank. The CHMR program also faced opposition from critics who say civilian protections are already baked into laws of war and targeting protocols; the argument is that extra oversight “could have a chilling effect” on commanders’ abilities to quickly tailor operations.
To keep reforms on track, Bryant said, CHMR advisers would have to break through a culture of denial among leaders who pride themselves on precision and moral authority.
“The initial gut response of all commands,” Bryant said, “is: ‘No, we didn’t kill civilians.’”
Reforms Unraveled
As the Trump administration returned to the White House pledging deep cuts across the federal government, military and political leaders scrambled to preserve the Civilian Harm Mitigation and Response framework.
At first, CHMR advisers were heartened by Senate confirmation hearings where Trump’s nominees for senior defense posts affirmed support for civilian protections.
Gen. Dan Caine, chairman of the Joint Chiefs of Staff, wrote during his confirmation that commanders “see positive impacts from the program.” Elbridge Colby, undersecretary of defense for policy, wrote that it’s in the national interest to “seek to reduce civilian harm to the degree possible.”
When questioned about cuts to the CHMR mission at a hearing last summer, U.S. Navy Vice Adm. Brad Cooper, head of Central Command, said he was committed to integrating the ideas as “part of our culture.”
Despite the top-level support, current and former officials say, the CHMR mission didn’t stand a chance under Hegseth’s signature lethality doctrine.
The former Fox News personality, who served as an Army National Guard infantry officer in Iraq and Afghanistan, disdains rules of engagement and other guardrails as constraining to the “warrior ethos.” He has defended U.S. troops accused of war crimes, including a Navy SEAL charged with stabbing an imprisoned teenage militant to death and then posing for a photo with the corpse.
A month after taking charge, Hegseth fired the military’s top judge advocate generals, known as JAGs, who provide guidance to keep operations in line with U.S. or international law. Hegseth has described the attorneys as “roadblocks” and used the term “jagoff.”
At the Civilian Protection Center of Excellence, the staff tried in vain to save the program. At one point, Bryant said, he even floated the idea of renaming it the “Center for Precision Warfare” to put the mission in terms Hegseth wouldn’t consider “woke.”
By late February 2025, the CHMR mission was imploding, say current and former defense personnel.
Shortly before his job was eliminated, Bryant openly spoke out against the cuts in The Washington Post and Boston Globe, which he said landed him in deep trouble at the Pentagon. He was placed on leave in March, his security clearance at risk of revocation.
Bryant formally resigned in September and has since become a vocal critic of the administration’s defense policies. In columns and on TV, he warns that Hegseth’s cavalier attitude toward the rule of law and civilian protections is corroding military professionalism.
Bryant said it was hard to watch Bradley, the special operations commander and enthusiastic adopter of CHMR, defending a controversial “double-tap” on an alleged drug boat in which survivors of a first strike were killed in a follow-up hit. Legal experts have said such strikes could violate laws of warfare. Bradley did not respond to a request for comment.
“Everything else starts slipping when you have this culture of higher tolerance for civilian casualties,” Bryant said.
Concerns were renewed in early 2025 with the Trump administration’s revived counterterrorism campaign against Islamist militants regrouping in parts of Africa and the Middle East.
Last April, a U.S. air strike hit a migrant detention center in northwestern Yemen, killing at least 61 African migrants and injuring dozens of others in what Amnesty International says “qualifies as an indiscriminate attack and should be investigated as a war crime.”
Operations in Somalia also have become more lethal. In 2024, Biden’s last year in office, conflict monitors recorded 21 strikes in Somalia, with a combined death toll of 189. In year one of Trump’s second term, the U.S. carried out at least 125 strikes, with reported fatalities as high as 359, according to the New America think tank, which monitors counterterrorism operations.
“It is a strategy focused primarily on killing people,” said Alexander Palmer, a terrorism researcher at the Washington-based Center for Strategic and International Studies.
Last September, the U.S. military announced an attack in northeastern Somalia targeting a weapons dealer for the Islamist militia Al-Shabaab, a U.S.-designated terrorist group. On the ground, however, villagers said the missile strike incinerated Omar Abdullahi, a respected elder nicknamed “Omar Peacemaker” for his role as a clan mediator.
After the death, the U.S. military released no details, citing operational security.
“The U.S. killed an innocent man without proof or remorse,” Abdullahi’s brother, Ali, told Somali news outlets. “He preached peace, not war. Now his blood stains our soil.”
In Iran, former personnel say, the CHMR mission could have made a difference.
Under the scrapped harm-prevention framework, they said, plans for civilian protection would’ve begun months ago, when orders to draw up a potential Iran campaign likely came down from the White House and Pentagon.
CHMR personnel across commands would immediately begin a detailed mapping of what planners call “the civilian environment,” in this case a picture of the infrastructure and movements of ordinary Iranians. They would also check and update the “no-strike list,” which names civilian targets such as schools and hospitals that are strictly off-limits.
One key question is whether the school was on the no-strike list. It sits a few yards from a naval base for the Iranian Revolutionary Guard. The building was formerly part of the base, though it has been marked on maps as a school since at least 2013, according to visual forensics investigations.
“Whoever ‘hits the button’ on a Tomahawk — they’re part of a system,” the former adviser said. “What you want is for that person to feel really confident that when they hit that button, they’re not going to hit schoolchildren.”
If the guardrails failed and the Defense Department faced a disaster like the school strike, Bryant said, CHMR advisers would’ve jumped in to help with transparent public statements and an immediate inquiry.
Instead, he called the Trump administration’s response to the attack “shameful.”
“It’s back to where we were years ago,” Bryant said. If confirmed, “this will go down as one of the most egregious failures in targeting and civilian harm-mitigation in modern U.S. history.”
Last month we reported on a strange story in two strange parts: first, a coder had his AI agent create an entire smear campaign against a coding repository volunteer because he rejected AI code. Second, an Ars Technica journalist named Benj Edwards used a bunch of quotes made up by ChatGPT in a story about the saga without fact-checking whether or not they were actually true.
Edwards says he first tried to use Claude to scrape some quotes from the engineer’s website, but that was blocked by site code. He then turned to ChatGPT to farm quotes from the site, but ChatGPT decided to just make up a whole bunch of stuff the engineer never said (this is a pretty common issue).
Sorry all this is my fault; and speculation has grown worse because I have been sick in bed with a high fever and unable to reliably address it (still am sick)I was told by management not to comment until they did. Here is my statement in images belowarstechnica.com/staff/2026/0…
Just cutting and pasting quotes probably would have saved the journalist a lot of time and headaches. And his job, apparently, since Ars has since decided to fire Edwards, something Ars doesn’t seem interested in talking about:
“As of February 28, Edwards’ bio on Ars was changed to past tense, according to an archived version of the webpage. It now reads that Edwards “was a reporter at Ars, where he covered artificial intelligence and technology history.”
Futurism reached out to Ars, Condé Nast, and Edwards to inquire about the reporter’s employment status. Neither the publication nor its owner replied. Edwards said he was unable to comment at this time.”
There are several interesting layers here. The biggest being that AI isn’t an excuse to simply turn your brain off and no longer do rudimentary fact checking.
The pressure at most outlets for journalists to generate an endless parade of content without adequate compensation or time off creates in increased likelihood of error. The overloading (or elimination of) editors (with or without AI replacement) compounds those errors. That the end product isn’t living up to anybody’s standards for ethical journalism really shouldn’t surprise anybody.
From the very beginning of the DOGE saga, many of us raised alarms about what would happen when a bunch of inexperienced twenty-somethings were handed unfettered access to the most sensitive databases in the federal government with essentially zero oversight and zero adherence to the security protocols that exist for very good reasons. We wrote about it when a 25-year-old was pushing untested code into the Treasury’s $6 trillion payment system. We published a piece about it, originally reported by ProPublica, when DOGE operatives stormed into Social Security headquarters and demanded access to everything while ignoring the career staff who actually understood the systems.
That ProPublica deep dive painted a picture of 21-to-24-year-olds who didn’t understand the systems they were demanding access to, had “pre-ordained answers and weren’t interested in anything other than defending decisions they’d already made,” and were operating with essentially no accountability. The former acting commissioner described the operation as “a bunch of people who didn’t know what they were doing, with ideas of how government should run—thinking it should work like a McDonald’s or a bank—screaming all the time.”
These are the people who were handed the keys to the most sensitive databases the federal government holds.
And now we have what appears to be the entirely predictable consequence of all of that: direct exfiltration of data in a manner known to break the law, but zero concern over that fact, because of the assurances of a Trump pardon if caught.
The Washington Post has a stunning whistleblower report alleging that a former DOGE software engineer, who had been embedded at the Social Security Administration, walked out with databases containing records on more than 500 million living and dead Americans—on a thumb drive—and then allegedly tried to get colleagues at his new private sector job to help him upload the data to company systems.
According to the disclosure, the former DOGE software engineer, who worked at the Social Security Administration last year before starting a job at a government contractor in October, allegedly told several co-workers that he possessed two tightly restricted databases of U.S. citizens’ information, and had at least one on a thumb drive. The databases, called “Numident” and the “Master Death File,” include records for more than 500 million living and dead Americans, including Social Security numbers, places and dates of birth, citizenship, race and ethnicity, and parents’ names. The complaint does not include specific dates of when he is said to have told colleagues this information, but at least one of the alleged events unfolded around early January, according to the complaint. While working at DOGE, the engineer had approved access to Social Security data.
In the past, this was the kind of thing that the US government actually did a decent job protecting and keeping private. Now they have DOGE bros walking out the door with it on thumbdrives. Holy shit!
And here’s the detail that really tells you everything about the culture DOGE created inside these agencies:
He told another colleague, who refused to help him upload the data because of legal concerns, that he expected to receive a presidential pardon if his actions were deemed to be illegal, according to the complaint.
According to this complaint, this person allegedly understood that what he was doing might be illegal, did it anyway, and had already calculated that the political environment would protect him from consequences. The Elon Musk DOGE bros clearly believed they ran the show and that anyone associated with DOGE was entirely above the law on anything they did.
Perhaps just as troubling, the complaint also alleges that after leaving government employment, the DOGE bro claimed he still had his agency computer and credentials, which he described as carrying “God-level” security access to Social Security’s systems.
The complaint alleges that after leaving government employment, the former DOGE member told colleagues he had a thumb drive with Social Security data and had kept his agency computer and credentials, which he allegedly said carried largely unrestricted “God-level” security access to the agency’s systems — a level of access no other company employee had been granted in its work with SSA.
The Social Security Administration says he had turned in his laptop and lost his credential privileges when he departed. His lawyer denies all alleged wrongdoing, and both the agency and the company said they investigated the claims and didn’t find evidence to confirm them. The company said it conducted a “thorough” two-day internal investigation.
Two whole days! Investigating themselves. On an issue where ignoring it benefits them.
But the SSA’s inspector general is investigating, and has alerted Congress and the Government Accountability Office, which has its own audit of DOGE’s data access underway.
And this whistleblower complaint, filed back in January, surfaces alongside a separate complaint from the SSA’s former chief data officer, Charles Borges, which alleges that DOGE members improperly uploaded copies of Americans’ Social Security data to a digital cloud.
A separate complaint, made in August by the agency’s former chief data officer, Charles Borges, alleges members of DOGE improperly uploaded copies of Americans’ Social Security data to a digital cloud, putting individuals’ private information at risk. In January, the Trump administration acknowledged DOGE staffers were responsible for separate data breaches at the agency, including sharing data through an unapproved third-party service and that one of the DOGE staffers signed an agreement to share data with an unnamed political group aiming to overturn election results in several states.
We wrote about that other leak at the time, of a DOGE bro sharing data with an election denier group.
All of this just confirms what many people expected and none of this should surprise anyone who was paying attention: Donald Trump allowed Elon Musk and his crew of over-confident know-nothings to view federal government computer systems as their personal playthings, where they could access and exfiltrate any data they wanted for whatever ideological reason they wanted.
And we’re only hearing about this because a whistleblower came forward and because a former chief data officer had the courage to file a complaint. How many similar incidents happened at other agencies where no one spoke up? DOGE operatives were embedded across the entire federal government, accessing heavily restricted databases and, as the Washington Post puts it, “merging long-siloed repositories.” Every single one of those agencies had the same dynamic: young, inexperienced but overconfident engineers demanding unfettered access, career staff pushing back and being overruled, and essentially no security protocols being followed.
Former chief data officer Borges put it about as well as anyone could:
“This is absolutely the worst-case scenario,” Borges told The Post. “There could be one or a million copies of it, and we will never know now.”
Once it’s out, you can’t put it back. We’re going to be learning about the consequences of DOGE’s ransacking of federal systems for years, maybe decades. And we’re finding out that the waste, fraud, and abuse we were told DOGE was there to find, appears to have mostly been in their own actions.
