Earlier this year we noted how the Trump FCC, at the direct request of wireless phone giants, destroyed popular phone unlocking rules making it easier and cheaper to switch wireless carriers. The rules, applied via spectrum acquisition and merger conditions after years of activism, required that Verizon unlock your phone within 60 days after purchase so you could easily switch to competitors.

Verizon, as we’ve long established, hates competition, and early last year immediately got to work lobbying the Trump administration to destroy the rules (falsely) claiming, without evidence, that the modest phone unlocking requirements were a boon to criminals and scammers.

The pay-to-play Trump administration quickly agreed, killed the rules, and shortly thereafter Verizon started telling wireless customers on its many prepaid phone brands (including Tracfone) they had to wait a year before switching phones after purchasing one from Verizon:

“While a locked phone is tied to the network of one carrier, an unlocked phone can be switched to another carrier if the device is compatible with the other carrier’s network. But the new TracFone unlocking policy is stringent, requiring customers to pay for a full year of service before they can get a phone unlocked.”

Recently, Verizon implemented a whole bunch of additional restrictions made possible by the Trump administration. More specifically, they imposed a new 35-day waiting period when a customer pays off their device installment plan online or in the Verizon app and wants to take their device to another carrier:

“Payments made over the phone also trigger a 35-day waiting period, as do payments made at Verizon Authorized Retailers. Getting an immediate unlock apparently requires paying off the device plan at a Verizon corporate store.”

So first, they implemented the most draconian restrictions on its prepaid customers, who tend to be lower income and the most impacted from high prices. Now they’re starting to push restrictions onto their more lucrative postpaid (month to month) customers.

Verizon insists (falsely) that these restrictions are necessary to “prevent fraud,” but the real goal is to increase friction when it comes to switching to a competitor. They don’t want the press to outright acknowledge this is anti-competitive in coverage, so they’re engaging in the slow-boiling frog approach that just steadily makes porting your phone out steadily more difficult and annoying.

These unlocking conditions were broadly popular, served the public interest, and took decades of activism and reform advocacy to pass. They ensured that it was easier for consumers to switch between our ever-consolidating, anti-competitive wireless phone giants (consolidation directly made possible by the Trump administration’s past rubber stamping of shitty telecom mergers).

Verizon lobbied the FCC by repeatedly lying, without evidence, that these conditions resulted in a wave of black market phone thefts. FCC boss Brendan Carr, ever the industry lackey, parroted the lies in his subsequent industry-friendly rulings. You know, to make America great again via “populism” or whatever.

Verizon (and Carr) know that there’s a lot going on and the mundanity of a subject like phone unlocking won’t get much attention in the press. Given that the Trump administration has largely lobotomized regulatory independence (at Verizon’s request), there’s very little chance Verizon will see any future accountability, but it’s positively adorable that they’re proceeding cautiously just in case.

The 2026 Microsoft Office Pro Bundle has 8 courses to help you master essential Office skills. Courses cover Access, PowerPoint, Word, Excel, and more. It’s on sale for $25.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

If you run a company whose entire value proposition is the ability to see patterns, predict outcomes, and connect dots that others miss, you’d think someone in the building might have flagged that suing a small independent magazine over unflattering-but-accurate reporting would only guarantee that millions more people read it.

And yet, here we are.

Palantir Technologies, the infamous surveillance and data analytics giant chaired by Peter Thiel, has filed a lawsuit against Republik, a small Swiss online magazine, over a pair of investigative articles published in December. The articles, produced in collaboration with the investigative collective WAV, detailed a years-long, multi-ministry charm offensive by Palantir to sell its software to Swiss federal authorities. The campaign was, by all accounts, a comprehensive failure. Swiss agencies rejected Palantir at least nine times, with concerns ranging from data sovereignty to reputational risk to the simple fact that nobody needed the product.

The reporting was based on documents obtained through 59 freedom of information requests filed with Swiss federal agencies. The key finding was an internal Swiss Armed Forces report that concluded Palantir’s software posed unacceptable risks because sensitive military data could potentially be accessed by U.S. government intelligence agencies. As the Republik article details:

The authors of the report state that using Palantir’s software would increase dependence on a U.S. provider. It also poses the risk of losing data sovereignty and thereby national sovereignty.

Above all, however, the army’s staff experts say it remains unclear who has access to data shared with Palantir. The following sentence from the Swiss Army report is particularly relevant: “Palantir is a U.S.-based company, which means there is a possibility that sensitive data could be accessed by the US government and intelligence services.”

As if it’s any sort of surprise that European governments are wary of betting on US tech companies with close ties to the US government. It’s not like reports of US spies co-opting US tech companies for surveillance efforts haven’t been front page news over the past twenty years. And now, this administration—with its willingness to antagonize everyone in Europe, and its close ties to Palantir and Thiel? It’s no freaking wonder that the Swiss government was like “yo, maybe pass.”

So how does a sophisticated data intelligence company respond to well-sourced investigative journalism based on official government documents?

By suing the journalists, of course.

But here’s the thing that makes this even more absurd: Palantir isn’t even claiming the articles are false. The company isn’t suing for defamation. It isn’t seeking damages. Instead, it’s invoking a Swiss “right of reply” statute, alleging that Republik didn’t give the company a sufficient opportunity to respond. Palantir wants the court to force the magazine to publish lengthy counter-statements to each article.

According to the FT:

Palantir’s lawsuit, filed in January, is not seeking damages or making libel claims against Republik, but instead alleges that the company was not given sufficient right to reply under Swiss media law. The company objects to Republik’s presentation of the public documents and believes its right to reply has been wrongfully denied.

….

Republik’s managing director Katharina Hemmer said Palantir had wanted the magazine to publish a very lengthy counterstatement to each article. Republik believed the proposed statements did not fairly address or rebut the reporting, she said, adding that the magazine stands by its reporting.

To which I say: good. Because Palantir’s demand here is absurd. Oh boo-fucking-hoo, the big defense contractor didn’t like the coverage? Pull on your big boy pants and get over it. Switzerland’s right of reply law exists so people can correct factual errors, not so corporations can force publications to run PR copy because they didn’t like the tone of accurate, document-based reporting.

And it’s worth noting: Palantir has already used other avenues to respond. The company published a blog post complaining that the Republik article “paints a false and misleading picture” and “hinders important discussions about the modernization of European software.” They’ve got the platform. If Palantir wants to push back on the story, they have many methods of doing so. Hell, they can do so on X any time they want—on what Musk and company like to call the global town square for free speech.

But that’s apparently not enough. Instead, a multibillion-dollar American defense and intelligence contractor is hauling a small independent Swiss magazine into court, not because anything the magazine published was wrong, but because Palantir wants to force the publication to run its talking points under legal compulsion.

Compelled speech isn’t free speech, guys. And this is nothing more than a blatant intimidation campaign to frighten away reporters from reporting the truth about Palantir.

The European Federation of Journalists has called this exactly what it is: a SLAPP suit—a strategic lawsuit against public participation, designed to use the weight and cost of litigation to intimidate and punish journalists for doing their jobs.

“The investigation conducted by WAV and Republik into Palantir is largely based on official documents that journalists were able to access thanks to Swiss freedom of information law,” notes EFJ President Maja Sever. “The legal action brought by this powerful multinational firm against a small Swiss media start-up is, in our view, an attempt at intimidation aimed at discouraging any critical analysis of Palantir’s activities.”

And in case you didn’t catch the irony: the Swiss military rejected Palantir in part because of fears about a heavy-handed American entity with uncomfortably close ties to U.S. intelligence. Palantir’s response to the reporting of that rejection? Behave like a heavy-handed American entity trying to bully a small foreign publication into submission. If anyone at Palantir had run this decision through their own pattern-recognition software, you’d hope a few red flags would have popped up.

Meanwhile, the lawsuit has done exactly what anyone with a passing familiarity with the Streisand Effect could have predicted. The original Republik articles were about the Swiss government politely but firmly declining Palantir’s advances—an embarrassing but relatively contained story.

Now, thanks to the lawsuit, the story has gone international. The Financial Times is covering it. The European Federation of Journalists is covering it. A UK member of parliament has already cited the Republik investigation during a debate on British defense contracts with Palantir, using the story to suggest that the British government “pivot away” from Palantir.

The Republik investigation itself is genuinely worth reading, and not just because Palantir desperately doesn’t want you to.

It paints a picture of a company that spent seven years working every angle to get Swiss federal agencies to buy its products—approaching the Federal Chancellery during COVID, pitching the Federal Office of Public Health on contact tracing, presenting anti-money laundering software to financial regulators, making repeated runs at the military—and getting turned away at every door. Sometimes embarrassingly, such as the Federal Statistical Office director apparently just ignoring Palantir’s outreach entirely.

For a company that brags about its ability to “optimize the kill chain” and whose CEO once told investors that “Palantir is here to disrupt… and, when it’s necessary, to scare our enemies and occasionally kill them,” getting politely rejected by the Swiss statistical office has to sting a little.

But suing the journalists who reported on it? When the entire basis of your lawsuit is “we want you to publish our talking points” rather than “anything you published was wrong,” it makes pretty clear you don’t actually have a substantive response to the reporting. If Palantir thinks the picture is false, the remedy is to demonstrate that the documents are wrong—not to drag a small magazine through expensive litigation until it capitulates or goes broke.

Seriously, how fucking fragile are the egos in the Palantir executive suite that they can’t handle a bit of mildly embarrassing reporting? Grow up.

A Zurich court is expected to rule on the case in March. Whatever the outcome, Palantir has already lost the only contest that matters: the one for public perception. For a company that sells the ability to see around corners, they apparently never thought to search “The Streisand Effect.”

Netflix has retreated from its protracted bidding war with Larry Ellison for control of Warner Brothers, giving the Trump ally likely control of Warner, CNN, and HBO. In a statement, Netflix co-CEOs Ted Sarandos and Greg Peters said that Paramount’s latest offer made the acquisition financially irresponsible:

“The transaction we negotiated would have created shareholder value with a clear path to regulatory approval. However, we’ve always been disciplined, and at the price required to match Paramount Skydance’s latest offer, the deal is no longer financially attractive, so we are declining to match the Paramount Skydance bid.”

As we’ve repeatedly noted, Ellison is clearly attempting to to buy his way to a total domination of U.S. media (with the help of Saudi cash). The acquisition of Warner Brothers and its assets come after Ellison gained control of CBS and a significant portion of TikTok thanks to some help from Trump and bumbling Democrats.

As we’ve seen with the Ellison family mismanagement of CBS, a big part of the acquisition involves converting acquired assets into Trump-friendly agitprop. It’s the exact trajectory we’ve seen play out in autocratic countries like Hungary, where authoritarian-allied oligarchs buy up media outlets and pummel the public with propaganda while the government strangles publicly owned and independent journalism just out of frame.

The merger was made possible, in part, by the Trump administration’s efforts to help Ellison and Paramount elbow out Netflix. That included a disinformation campaign across right wing media falsely portraying Netflix as a “woke” leftist company, as well as a fake DOJ antitrust investigation into Netflix (that will now mysteriously disappear now that Larry Ellison has likely gotten his prize).

This trajectory was always very clear; recall that Trump and Ellison met last year to discuss which CNN reporters Ellison would fire to please Trump. The history of authoritarian movements suggests that not too long after this deal is finalized you can expect a significant ramping up of hostilities against independent journalism that speaks truth to power (whatever’s left of it in the U.S.).

I’d like you to take a peek at the news coverage of this whole mess and notice how few outlets even acknowledge that Trump administration corruption played a role, much less acknowledge that the goal here is autocratic-friendly propaganda.

If there’s a potential positive here, it’s that nobody at Ellisons’ companies appear particularly competent. Bari Weiss was hired to convert CBS into a ratings-friendly, autocrat coddling trolling and propaganda farm, and the result as been broadly disastrous.

The massive debt load from massively overpaying for Warner Brothers is also likely to cause major operational headaches that could result in this being a short-lived adventure much like the several-decades worth of pointless Warner media mergers (including AT&T) that preceded it.

In addition to promising a whopping $111 billion (or $31 per share), Paramount promised a ticking fee payable to shareholders equal to $0.25 per quarter beginning after Sept. 30, 2026, a $7 billion regulatory termination fee if the deal doesn’t cross the finish line, and $2.8 billion to cover Netflix’s proposed payout to Warner Bros for their own deal failing to materialize.

That’s a lot of money for the Ellisons (and the Saudis) to dump into a company that has, again, seen nothing but a two-decade history of disastrous overvalued mergers resulting in a progressively shittier and less creative company, broadly despised by creatives after a parade of brutal layoffs (much more of which are certainly coming to pay off debt).

Things could could be further complicated by a sudden subscriber exodus across the brands, or the Ellisons’ fortunes being further strained by a potential AI hype bubble collapse. All the lazy AI-generated Batman IP slop in the world will not be able to save this mess if the winds don’t blow favorably in the Ellisons’ direction over the next two years.

Still, an overt authoritarian oligarch is now very close to controlling an unprecedented segment of U.S. traditional and new media. If it follows the established autocratic playbook, this push will continue until it runs into something other than pudding-soft public, political, and policy opposition. There’s a window here for policymakers and consumers to ensure the gambit fails, but the hour is getting late.

Measles. Yes, yes, I know you’re sick of hearing about it. For that, though, you must lay the blame at the feet of Donald Trump, RFK Jr., and this entire administration of clown-tools that isn’t bothering to do anything about what has become the worst continuous outbreak of the disease in America in several decades. Their fault, not mine.

And, yes, this is getting worse, not better. The CDC’s measles tracking site is a combination of woefully inaccurate and behind when it comes to current case counts (more to come on that shortly), but it’s at least useful in benchmarking what 2025 looked like. While certainly underreported, the CDC tallied 2,281 cases of measles in America last year. That site is updated only once a week on Fridays. Either due to that, or incompetence, or a more nefarious attempt to downplay the problem, the current case count is wrong.

The CDC site shows a 2026 case count of 982. That would be bad enough, but it’s actually worse. The actual count is well over 1,000 cases, which means we’re somewhere right around half of 2026’s case total as of right now. So you don’t feel the need to check a calendar, it’s still February.

“It is very concerning to see more than 1,000 cases in the U.S. this early in the year,” Martha Edwards, MD, president of the South Carolina Chapter of the American Academy of Pediatrics, told MedPage Today. “Already, we have more than half the number of cases seen in all of 2025, and the number of cases in 2025 was one of the highest annual case counts seen in decades.”

“As people continue to believe inaccurate information about vaccines, and as non-medical exemption rates continue to rise throughout the country, we can expect case counts to continue to rise, threatening children and immunocompromised individuals with a disease that was nearly eliminated in our country through vaccination,” she added.

The true number is going to be even higher than that. There are outbreaks of one size or another in many, many states. South Carolina alone has nearly 1,000 reported cases. The truly frustrating thing about all of this is that this problem is a simple one to fix. More people need to get vaccinated for measles via the widely available MMR vaccine.

To achieve that, the government needs to do two simple things. First, cut the shit when it comes to the misinformation about vaccines that is scaring the hell out of a percentage of the population. In fact, advocate for those same vaccines. Get Kennedy hopped up on those psychedelics he likes if you need to, but he needs to be front and center telling people to get vaccinated. And stop the nonsense that is going on with supposed religious exemptions for vaccinations.

Edwards highlighted the need for “accurate information about the dangers of measles virus and the complications that can ensue, in addition to communicating the safety and efficacy of the measles vaccine.”

“Raising the bar to obtain non-medical exemptions for vaccines and requiring families to gain accurate information about the dangers of vaccine-preventable illnesses and the importance of vaccines would be a huge benefit in helping to raise vaccination rates in South Carolina and the rest of the country,” she added. “We would love to see a requirement for parents to come in person to the health department, watch a video on vaccine-preventable illnesses, and have a conversation with a healthcare professional before they choose non-medical exemptions.”

Second, take the data collection and sharing about measles seriously. Along those same lines, demonstrate leadership by helping state governments and local medical facilities collect and share data, strategize protective measures to stop the spread of the disease, and pump the ecosystem full of real-time accurate information about where the disease is, how it spreads, and how to handle an infection.

That isn’t happening. Instead, you get stories like how South Carolina’s state government doesn’t require any mandatory reporting of measles cases in the state when patients are admitted. One doctor in the state had to find out that patients in her own area had been hospitalized with measles from Facebook.

Dr. Leigh Bragg, a pediatrician working a county away, wasn’t even aware that anyone in South Carolina had been hospitalized with measles-related illnesses until a short time later when she logged on to Facebook and saw someone relay the distraught husband’s comments. 

Part of the reason Bragg didn’t know is that South Carolina doesn’t require hospitals to report admissions for measles, potentially obscuring the disease’s severity. In the absence of mandatory reporting rules, she and other doctors are often left to rely on rumors, their grapevines of colleagues, and the fragments of information the state public health agency is able to gather and willing to share. 

So, what you get is South Carolina reporting that roughly 2% of its measles cases have resulted in hospitalization. Nobody with any knowledge of measles thinks that is even remotely accurate.

“A hospitalization rate at 2% is ludicrous,” said Dr. Paul Offit, director of the Vaccine Education Center and an infectious disease physician at Children’s Hospital of Philadelphia who served on the Centers for Disease Control and Prevention’s immunization advisory committee. 

“It’s vast underreporting,” Offit said. “Measles makes you sick.”

Without that sort of accurate data, neither the state nor federal government knows where to help, nor how how much help is needed. If Kennedy and Trump wanted to actually confront this growing problem, that’s the kind of organization the federal government and its health-related agencies could help with. But this administration seems content to put its hands over its eyes and shout, “Nuh uh, I can’t see you!”

This is going to continue to get worse until real action is taken. Until then, I guess we all just try to keep an eye out for rashes.

Ctrl-Alt-Speech is a weekly podcast about the latest news in online speech, from Mike Masnick and Everything in Moderation‘s Ben Whitelaw.

Subscribe now on Apple Podcasts, Overcast, Spotify, Pocket Casts, YouTube, or your podcast app of choice — or go straight to the RSS feed.

In this week’s roundup of the latest news in online speech, content moderation and internet regulation, Ben is joined by Casey Newton, founder and editor of Platformer and co-host of Hard Fork, a podcast that makes sense of the rapidly changing world of tech. Together, they discuss:

• After a deadly raid, an AI power struggle erupts at the Pentagon (Washington Post)
• Following: Anthropic vs. The Pentagon (Platformer)
• Anthropic Drops Flagship Safety Pledge (TIME)
• Hackers Expose Age-Verification Software Powering Surveillance Web (The Rage)
• Discord is delaying its global age verification rollout (The Verge)
• Reddit fined £14m by UK data watchdog over age verification checks (BBC News)
• How to evaluate Trust & Safety vendors (Everything in Moderation*)
• Regulate platforms, not children – Commissioner urges caution over social media bans (Commissioner for Human Rights)
• MPs reject total ban, want data housed locally (The Star)
• Exclusive: US plans online portal to bypass content bans in Europe and elsewhere (Reuters)

Play along with Ctrl-Alt-Speech’s 2026 Bingo Card and get in touch if you win!

I’ll take my joy where I can. And this iteration of the Trump DOJ continues to provide bright bursts of schadenfreude-tinted sunshine.

Any competent DOJ can close cases. Any barely competent prosecutor can push a case past a grand jury. Any sufficiently slippery solicitor (mixing in some British for the sheer alliteration of it all) can convince a judge that the lies told by officers were merely good faith blunders not worthy of anything more than a judicial “no one’s perfect” shrug.

This DOJ fails at every single level. It can’t secure indictments. It can’t convince grand juries that vindictive prosecutions are legitimate prosecutions. And its prosecutors are constantly undermined by (1) prejudicial, fact-free social media posts and public statements by administration officials, (2) the illegal actions of federal officers, (3) their own ineptitude, (4) the lies told by federal officers, and (5) any or all of the above.

High-level prosecutors keep getting sidelined because they’ve been illegally appointed. Other prosecutors have refused to engage with the administration’s vindictive plans, resulting in most of them retiring or being fired. Consequently, there’s a shortage of qualified, experienced prosecutors. The void is being constantly refilled by some of the emptiest people ever to leverage MAGA loyalty into federal employment.

It took less than a year for the Trump DOJ to almost completely destroy the “presumption of regularity” — the legal concept that the government is acting in good faith, even if its legal arguments aren’t the best. It took less than a year for the Trump DOJ to turn grand juries into coin flips.

I mean, this is how it went for years prior to Trump 2.0:

In 2016, the most recent year for which the Justice Department has published data, federal prosecutors concluded more than 155,000 prosecutions and declined over 25,000 cases presented by investigators. In only six instances was a grand jury’s refusal to indict listed as the reason for dropping the matter.

Six times in a one year over 25,000 declined cases. Trump’s loyalist US Attorney pick, Lindsey Halligan, put her insurance law background to work and… managed to do this twice during a single (attempted) prosecution.

When prosecutors aren’t shooting themselves in the foot (or being shot in the foot by their employer), they’re losing cases because the people they expect to back up their cases — the federal officers claiming to have been assaulted, etc. — can’t even back up their own narratives when testifying in court.

This was already a problem by late summer of last year. The Guardian reports that things appear to have gotten even worse.

The most recent significant fumble came from Minneapolis prosecutors, who last week dismissed felony assault charges they had filed against two Venezuelan men accused of “violently beating” an Immigration and Customs Enforcement (ICE) officer “with weapons” on 14 January.

According to the early government narrative, federal officers were assaulted by “violent criminal illegal aliens” during a stop of an undocumented Venezuelan. The officers claimed two other men came out of a nearby apartment and attacked an officer with a “snow shovel and broom handle.” That case is now dead because… well, the testifying officers lied.

[O]n 12 February, prosecutors filed a motion to dismiss both men’s cases, saying: “Newly discovered evidence in this matter is materially inconsistent with the allegations in the complaint affidavit.”

[…]

ICE director Todd Lyons said ICE and the DoJ had opened an investigation into the case after videos revealed “sworn testimony provided by two separate officers appears to have made untruthful statements”, marking a rare acknowledgement of possible wrongdoing by DHS officials.

It’s extremely rare for the government to dismiss its own prosecution with prejudice, meaning it can’t ever seek to refile these criminal charges against the alleged perpetrators. And I don’t know if Todd Lyons just misspoke or if he actually tried to use the exonerative tense while simultaneously stating these officers lied. “Sworn testimony… appears to have made untruthful statements” sounds like the courtroom version of a government official discussing a shooting by an officer with the phrase “the officer’s weapon discharged,” suggesting no one actually pulled the trigger.

Whatever the case, there’s definitely a trend here.

In Chicago, of 92 people arrested for assaulting or impeding officers last fall, 74 cases have resulted in no charges; in 13 cases, charges were filed and dismissed; and five charged cases were still pending, a recent investigation by Fox 9, a Minneapolis-based station, showed. As of the end of January, there have been no convictions.

In LA, the federal public defenders have won all six cases filed against ICE protesters that have gone to trial since June, the LA Times recently reported. Fewer than 1% of federal criminal defendants were acquitted across the US in fiscal year 2024, with US prosecutors traditionally having a roughly 90% conviction rate, the paper noted.

Juries have also issued not guilty verdicts for people accused of assaulting ICE or similar charges in Louisville, Kentucky, Seattle and Washington DC.

I assume the DOJ bloodshed will continue. Trump hates losing and he hates people who lose in his name even more. But replacing talent with loyalists isn’t going to end this losing streak. If nothing else, this iteration of the DOJ has the chance to go down in history as one of the worst ever assembled, even if we consider nothing else but its win-loss record.

It doesn’t mean the DOJ is harmless, however. It’s still more than willing to engage in vindictive prosecutions, ignore court orders, and take bite after bite of the apple (so to speak) until it finally manages to at least pierce the skin. And that means a lot of people are going to have their lives upended, even if only temporarily, just to please a tyrant who thinks anything or anyone presenting even the most minimal of opposition should be subjected to punishment.

This story was originally published by ProPublica. Republished under a CC BY-NC-ND 3.0 license.

When county clerk Brianna Lennon got an email in November saying a newly expanded federal system had flagged 74 people on the county’s voter roll as potential noncitizens, she was taken aback.

Lennon, who’d run elections in Boone County, Missouri, for seven years, had heard the tool might not be accurate.

The flagged voters’ registration paperwork confirmed Lennon’s suspicions. The form for the second person on the list bore the initials of a member of her staff, who’d helped the man register — at his naturalization ceremony. It later turned out more than half the Boone County voters identified as noncitizens were actually citizens.

The source of the bad data was a Department of Homeland Security tool called the Systematic Alien Verification for Entitlements, or SAVE.

Once used mostly to check immigrants’ eligibility for public benefits, SAVE has undergone a dramatic expansion over the last year at the behest of President Donald Trump, who has long falsely claimed that millions of noncitizens lurk on state voter rolls, tainting American elections.

At Trump’s direction, DHS has pooled confidential data from across the federal government to enable states to mass-verify voters’ citizenship status using SAVE. Many of the nation’s Republican secretaries of state have eagerly embraced the experiment, agreeing to upload all or part of their rolls.

But an examination of SAVE’s rollout by ProPublica and The Texas Tribune reveals that DHS rushed the revamped tool into use while it was still adding data and before it could discern voters’ most up-to-date citizenship information.

As a result, SAVE has made persistent mistakes, particularly in assessing the status of people born outside the U.S., data gathered from local election administrators, interviews and emails obtained via public records requests show. Some of those people subsequently become U.S. citizens, a step that the system doesn’t always pick up.

According to correspondence between state and federal officials, DHS has had to correct information provided to at least five states after SAVE misidentified some voters as noncitizens.

Texas and Missouri were among the first states to try the augmented tool.

In Missouri, state officials acted on SAVE’s findings before attempting to confirm them, directing county election administrators to make voters flagged as potential noncitizens temporarily unable to vote. But in hundreds of cases, the tool’s determinations were wrong, our review found. Lennon was among dozens of clerks statewide who raised alarms about the system’s errors.

“It really does not help my confidence,” she said, “that the information we are trying to use to make really important decisions, like the determination of voter eligibility, is so inaccurate.”

In Texas, news reports began emerging about voters being mistakenly flagged as noncitizens soon after state officials announced the results of running the state’s voter roll through SAVE in October.

Our reporting showed these errors were more widespread than previously known, involving at least 87 voters across 29 counties. County election administrators suspect there may be more. Confusion took hold when the Texas secretary of state’s office sent counties lists of flagged voters and directed clerks to start demanding proof of citizenship and to remove people from the rolls if they didn’t respond.

“I really find no merit in any of this,” said Bobby Gonzalez, the elections administrator in Duval County in South Texas, where SAVE flagged three voters, all of whom turned out to be citizens.

Even counting people flagged in error, the first bulk searches using SAVE haven’t validated the president’s claims that voting by noncitizens is widespread. At least seven states with a total of about 35 million registered voters have publicly reported the results of running their voter rolls through the system. Those searches have identified roughly 4,200 people — about 0.01% of registered voters — as noncitizens. This aligns with previous findings that noncitizens rarely register to vote.

Brian Broderick leads the verification division of U.S. Citizenship and Immigration Services, the DHS branch that oversees SAVE. In an interview this month, he acknowledged the system can’t always find the most current citizenship information for people not born in the U.S. But he defended the tool, saying it was ultimately up to states to decide how to use SAVE data.

“So we’re giving a tool to these folks to say, ‘Hey, if we can verify citizenship, great, you’re good. If we can’t, now it’s up to you to determine whether to let this person on your voter rolls,’” Broderick said.

In Texas, Secretary of State Jane Nelson declined an interview request. Her spokesperson, Alicia Pierce, said the office hadn’t reviewed SAVE’s citizenship determination before sending lists to counties because it isn’t an investigative agency. In a statement, Pierce added that the use of SAVE was part of the office’s “constitutional and statutory duty to ensure that only eligible citizens participate in Texas elections.”

A spokesperson for Missouri Secretary of State Denny Hoskins called SAVE a valuable resource even though some people it flagged might later be confirmed as citizens. “No system is 100% accurate,” Hoskins said in an interview, “but we’re working to get it right.”

Asked whether it was problematic that his office directed clerks to temporarily bar voters from casting ballots before verifying SAVE’s findings, Hoskins said that was a “good point.”

While 27 states have agreed to use SAVE, others have hesitated, concerned not only about inaccuracies, but also about privacy and the data’s potential to be used in immigration enforcement. Indeed, speaking at a recent conference, Broderick said that when SAVE flags voters as noncitizens, they are also referred to DHS for possible criminal investigation. (It is a crime to falsely claim citizenship when registering to vote.)

People who’ve been flagged by SAVE in error say it’s jarring to have to provide naturalization records to stay eligible to vote when they know they’ve done nothing wrong.

Sofia Minotti, who lives north of Dallas in Denton County, was born in Argentina but became a U.S. citizen years ago. Nonetheless, she was one of 84 Denton County voters identified by SAVE as a potential noncitizen. She and 11 others have since provided proof of citizenship, giving the system an error rate in the county of at least 14%.

The real rate is probably higher, a county official acknowledged, since some of those sent notices to prove their citizenship might not respond in time to meet the deadline. They’ll have to be reinstated to vote in the midterms later this year.

Minotti, though still on the rolls, felt singled out unfairly.

“I’m here legally, and everything I’ve done has been per the law,” she said. “I really have no idea why I had to prove it.”

Election administrators in many states have long hungered for better access to federal information on citizenship status.

States don’t typically require people to provide proof of citizenship when they sign up to vote, only to attest to it under penalty of perjury. Previous efforts to use state data to catch noncitizens on voter rolls have gone poorly. Texas officials had to abandon a 2019 push after it became clear their methodology misidentified thousands of citizens, many of them naturalized, as ineligible voters.

Until recently, SAVE hadn’t been much of a resource. State and local election officials needed to have voters’ DHS-assigned immigration ID numbers — information not collected in the registration process — to verify their citizenship status. Plus, officials had to pay to conduct searches one by one, not in bulk.

In March, Trump issued an executive order that required DHS to give states free access to federal citizenship data and partner with the Department of Government Efficiency to comb voter rolls.

The order triggered a series of meetings at USCIS designed to comply with a 30-day deadline to remake SAVE, a document obtained by the American Civil Liberties Union and reviewed by ProPublica shows.

The system’s main addition was confidential Social Security Administration data, which allowed states to search using full or partial Social Security numbers and incorporated information on millions of Americans who were not previously in Homeland Security databases.

David Jennings, Broderick’s deputy at USCIS, had pressed his team to move quickly, he said on a June video call with members of former Trump lawyer Cleta Mitchell’s Election Integrity Network, which has spread false claims about noncitizen voting.

“We tested it and deployed it to our users in two weeks,” Jennings said on the call, which ProPublica obtained a recording of. “I think that’s remarkable. Kind of proud of it.”

Jennings added that to get quick access to the Social Security data, which has been tightly guarded, USCIS partnered with DOGE. (In an unrelated matter, DOGE has since been accused of misusing Social Security data.) Jennings did not respond to questions from ProPublica and the Tribune.

Perhaps because of its accelerated timetable, USCIS expanded the system before meeting legal requirements to inform the public about how the data would be collected, stored and used, according to voting rights organizations that sued. (UCSIS did not respond to a request for comment about this.) It also blew past concerns from voter advocacy groups about the accuracy of SSA’s citizenship data, which multiple audits and analyses have shown is often outdated or incomplete. This is particularly true for people not born in the U.S., who often get Social Security numbers well before they become citizens.

According to emails obtained by ProPublica and the Tribune, SAVE first checks SSA’s citizenship information. If that shows a voter isn’t a citizen, DHS searches other databases, but it can be difficult to locate and match all the data the systems have on a person. This can lead to errors.

Broderick said in the interview that Trump’s executive order dramatically accelerated the timetable for launching SAVE, getting agencies to cooperate and move quickly. But he insisted the work was done responsibly.

“Do I think it was reckless? Do I think it wasn’t planned? Do I think it wasn’t tested? Absolutely not,” he said.

By September, Texas had uploaded its entire list of more than 18 million registered voters into SAVE. Alabama, Arkansas, Indiana, Louisiana, Missouri, Montana, Tennessee, Utah and Wyoming put voter data into the system, too.

They would soon start to unveil what SAVE had found.

One of the first out of the gate was Texas. In late October, with early voting underway in state and local elections, Nelson, the secretary of state, announced SAVE had identified 2,724 potential noncitizens on the rolls.

But as Nelson delegated the task of investigating those voters’ statuses to local election officials, confusion took hold.

At a meeting, Nelson’s staff told county clerks’ offices to investigate flagged voters and then send notices to those for whom they were unable to confirm citizenship. In a follow-up email, Nelson’s staff told the clerks they should already have heard from someone in the office with more details.

That set off a chain of messages on the local officials’ email group

Travis County voter registration director Christopher Davis said he hadn’t been contacted and had just learned the county had 97 flagged voters. Marsha Barbee, in Wharton County near Houston, shared that she talked to a Nelson staffer who said she’d been directed not to tell local officials about their lists because they were in the middle of early voting.

“They said we have enough on our plates and didn’t want us to worry right now,” Barbee wrote.

In the absence of clear state guidance, clerks proceeded inconsistently. Some said they didn’t act on their lists, waiting for more direction. Others, unsure how to investigate flagged voters’ status, said they simply sent notices asking for proof of citizenship, though some opted not to remove nonresponsive voters from the rolls.

“I give them many chances; I don’t just expire them right away,” Dee Wilcher, a clerk in East Texas’ Anderson County, said about flagged voters, adding that she wanted to avoid removing citizens from the rolls and looking “stupid.”

Chris McGinn, executive director of the Texas Association of County Election Officials, said many clerks expressed frustration with the secretary of state’s lack of guidance and failure to help with investigations. When he shared clerks’ concerns, McGinn said Nelson’s staff didn’t respond, leading him to conclude that checking SAVE’s findings wasn’t an agency priority.

He called the state’s use of SAVE “more political and appearance-based” than a practical way to ensure election integrity.

One way to check SAVE’s findings would have been to get information from the Texas Department of Public Safety, which requires proof of citizenship if residents register to vote when obtaining a driver’s license. The secretary of state’s office didn’t do this and didn’t direct counties to either.

Several county officials said they hadn’t thought to ask DPS for information; those who did often found the agency had documentation showing some of the voters who SAVE identified as noncitizens were in fact citizens.

In the Texas Panhandle, Potter County elections officials quickly confirmed through DPS that three of nine voters on their list had proof of citizenship on file. In neighboring Randall County, DPS helped officials verify that one in five had a U.S. passport, according to interviews with the local officials.

In December, Travis County learned that 11 of the 97 voters flagged by SAVE had proven their citizenship to DPS. After getting the data, the county’s voter registrar, Celia Israel, said in an interview that she felt even more uncomfortable about moving forward with sending notices to voters, given SAVE’s errors.

“It has proven to be inaccurate,” she said. “Why would I rely on it?”

To be sure, SAVE also identified some people who weren’t eligible to vote, clerks said. Several came across instances in which voters marked on registration forms that they weren’t citizens, but were registered by election office staffers in error. Clerks also said voters have told them they’d misunderstood questions about eligibility when getting drivers’ licenses. (It’s not clear if any of those registered in error voted; overall, noncitizens rarely vote.) 

ProPublica and the Tribune surveyed the 177 Texas counties that had voters flagged by SAVE, receiving data from 97 that had either checked DPS records or sent notices to voters to try to verify SAVE’s citizenship information. Overall, more than 5% of the voters SAVE identified as noncitizens proved to be citizens. In some smaller counties, most of those flagged were eligible to vote. That includes six of 11 in the Panhandle’s Moore County, and two of three in Erath County, near Dallas.

But some of those who didn’t respond to notices also might be citizens.

In Denton County, where Sofia Minotti lives, checks by elections administrator Frank Phillips’ staff delivered clear answers on the citizenship status of 26 of the 84 voters flagged by SAVE. Twelve, including Minotti, proved they were citizens. Fourteen more had marked on their registration forms that they weren’t and the blame rested with workers for registering them nonetheless.

Phillips said he removed anyone who didn’t provide proof by the deadline from the rolls to comply with the secretary of state’s instructions, but he fears some were eligible voters.

“What is bugging me is I think our voter rolls may be more accurate than this database,” Phillips said. “My gut feeling is more of these are citizens than not.”

At least initially, Missouri took a more targeted approach to SAVE than Texas did. State officials used the system to search for information on a subset of about 6,000 voters they had reason to think might not be citizens, according to emails between federal and state officials.

The state had results by October, but in early November, a USCIS official wrote to Missouri and four other states to say some people flagged by SAVE as noncitizens were actually citizens, emails obtained through public records requests show.

“We have continued to refine our processes used to obtain and review the citizenship data available to us,” the official wrote, adding that one such improvement revealed the errors.

The staffer attached amended search results, but Missouri officials withheld the attachment from its response to a public records request and did not respond to a question about how many corrections were made.

Based on the updated data from USCIS, Missouri sent lists of flagged voters to county election administrators in November. ProPublica and the Tribune obtained these lists for seven of 10 most populous counties in the state, which show SAVE initially identified more than 1,200 people as noncitizens just in these areas.

The Missouri secretary of state’s office told election administrators it would work to verify SAVE’s citizenship determinations. In the meantime, local officials were instructed to change the status of flagged voters, making them temporarily unable to vote.

The lists were met with swift pushback from county election officials, who, like Lennon, soon spotted people they knew to be citizens and questioned the directive’s legality. On a group call in November, they traded examples, saying they recognized neighbors, colleagues and people they’d helped to register at naturalization ceremonies.

In St. Louis, the Board of Election Commissioners didn’t alter the eligibility of anyone on its flagged voter list after being advised not to by its attorney.

Rachael Dunn, a spokesperson for Hoskins, the Missouri secretary of state, said state law allows officials to change voters’ status during investigations into their eligibility — for example, if there are signs they’ve moved. The laws she cited don’t directly address investigations into citizenship status, however.

In early December, some 70 clerks, Republicans and Democrats, wrote a letter to Missouri House Speaker Jonathan Patterson saying there were better ways than SAVE to keep noncitizens off voter rolls.

Weeks later, the state’s election integrity director, Nick La Strada, wrote USCIS to ask why a voter that SAVE had identified as a noncitizen in October had showed up in a more recent search as a citizen.

A USCIS official replied that between the initial search and the follow-up, DHS had gotten access to passport data, which contains more up-to-date citizenship information on some people not born in the U.S.

The USCIS staffer explained that some of the most accurate citizenship information — which is within DHS’ own records — still wasn’t searchable in SAVE because running that kind of search would require the voter’s DHS identifier, which can’t always be located. The staffer said they were working on improvements but those could take until March.

“You don’t start with something at that scale until you work the bugs out, and that is not the case here,” Clinton Jenkins, president of the Missouri Association of County Clerks and Election Authorities, said in an interview. Jenkins is also the clerk for Miller County in the Ozarks.

In early January, in what was framed as a “SAVE review update,” the secretary of state’s office sent counties across Missouri revised lists with reduced numbers of voters identified as potential noncitizens. It instructed election administrators to move voters who’d been initially flagged in error by SAVE back to active status, restoring their eligibility to vote.

Dunn, Hoskins’ spokesperson, didn’t specify what prompted these adjustments. Even the new lists may not be final, she acknowledged. Once the review is complete, the state has said it plans to send letters to those still on the lists, demanding proof of citizenship and giving recipients 90 days to respond.

The addition of new data to SAVE makes it a more valuable resource, she maintained, “while also reinforcing the need for careful, layered review before any action is taken.”

After the January revision, St. Louis County’s initial list of 691 potential noncitizens dropped to 133.

Zuzana Kocsisova, who lives in St. Louis, was among those incorrectly flagged by SAVE on its first pass. Originally from Slovakia, she became a U.S. citizen in 2019. She showed ProPublica and the Tribune a copy of her naturalization certificate, which she keeps with a letter from Trump congratulating her for “becoming a citizen of this magnificent land.”

When a reporter told her that SAVE had initially identified her as a potential noncitizen, she said she wasn’t surprised. She saw it as part of the Trump administration’s targeting of immigrants. She was more frustrated than relieved to learn that she wasn’t on the smaller list of flagged voters sent in January.

“Overall, it seems like this process has done more to worry people who can vote than to identify actual registered voters who don’t qualify,” she said. “It’s just a waste of resources. I don’t think it makes the elections any more safe.”

In Boone County, where Lennon is the clerk, the count of flagged voters fell from 74 to 33 and the naturalized citizen who Lennon’s staff helped register was no longer on the list.

Lennon said she and other county clerks would happily accept data that helps them correctly identify noncitizens on their voter rolls. But so far, SAVE hasn’t done that. And until it does, she said, she won’t purge voters purely because SAVE has flagged them.

“This is not ready for prime time,” Lennon said. “And I’m not going to risk the security and the constitutional rights of my voters for bad data.”

We wrote recently about the FBI’s pre-dawn raid on Washington Post reporter Hannah Natanson’s home, in which agents seized two laptops, a phone, a portable hard drive, a recording device, and even a Garmin watch. Natanson covers the federal workforce and had cultivated nearly 1,200 confidential sources across more than 120 government agencies. She was not accused of any crime. She was not the target of any investigation. The FBI told her that much while they were busy carting away basically everything she uses to do her job.

The raid was connected to the prosecution of Aurelio Perez-Lugones, a government contractor charged with retaining classified information. The DOJ wanted to rummage through a journalist’s entire digital life to find evidence against someone else. And they got a warrant to do it by, among other things, simply never mentioning to the magistrate judge that there’s a federal law—the Privacy Protection Act of 1980—that exists specifically to prevent exactly this kind of thing from happening.

Last week, at a hearing on the Washington Post’s motion to get the devices back, Magistrate Judge William Porter let the DOJ attorneys have it. And then on Tuesday, he issued his ruling, blocking the government from searching Natanson’s devices and rescinding the portion of the warrant that would have let them do so.

The ruling is worth reading in full. Porter doesn’t mince words about what happened, even as he accepts some responsibility for his own failure to catch the omission:

Before reaching the merits, the Court addresses a matter of significant concern: the government’s failure to identify and analyze the Privacy Protection Act of 1980, 42 U.S.C. §§ 2000aa et seq. (“PPA”), in its search warrant application. As the judge who found probable cause and approved the search warrant, the Court acknowledges that it did not independently identify the PPA when reviewing the warrant application. As far as this Court knows, courts have approved search warrants directed at members of the press in only a handful of instances. This Court had never received such an application and, at the time it approved the warrant, was unaware of the PPA. This Court’s review was limited to probable cause, and the Court accepts that gap in its own analysis. But the government’s failure to identify the PPA as applicable to a request for a search warrant on a member of the press—and to analyze it in its warrant application—is another matter. This omission has seriously undermined the Court’s confidence in the government’s disclosures in this proceeding.

Credit to the judge for admitting his own gap in knowledge. But, come on: EDVA handles more national security cases than practically any other jurisdiction in the country. That a magistrate judge there could be unaware of the Privacy Protection Act—a statute that exists specifically to prevent the government from doing exactly what it was asking him to authorize—seems bizarre. Though, it also suggests how rarely the DOJ even bothers to seek these warrants, and how heavily the system depends on prosecutors acting in good faith. Which brings us to the far bigger problem: the DOJ’s deliberate decision to never bring it up.

And it wasn’t just some overworked junior attorney who “forgot.” As Porter notes in his ruling, lawyers at the highest levels of the DOJ were involved in getting this warrant approved:

The Court’s communications with the government over two days were not limited to the local AUSA. Counsel from the highest levels of the DOJ participated in at least one of those calls. Many government lawyers had multiple opportunities to identify the PPA as controlling authority and to include an analysis of it in the warrant application. None of them did.

None of them. Not the assistant US attorney who filed the application. Not the Principal Deputy Assistant Attorney General of the National Security Division who was on the phone. Not anyone in the chain that apparently went all the way up to Attorney General Pam Bondi, whose approval is required by the DOJ’s own regulations before you can seek a warrant against a member of the press.

The attorney who submitted the application, Gordon Kromberg, is no novice. He’s a veteran national security prosecutor who worked on the Julian Assange case—a case built almost entirely around the intersection of the Espionage Act and journalism. The idea that he just didn’t think of the Privacy Protection Act while applying for a warrant to search a reporter’s home for evidence related to an Espionage Act prosecution beggars belief. (Kromberg was also accused of political shenanigans in that case too.)

The Freedom of the Press Foundation apparently agrees: they’ve filed a bar complaint against Kromberg with the Virginia State Bar, arguing that his failure to disclose the PPA violated Rule 3.3—the “Candor Toward the Tribunal” rule. As the complaint notes, this “could not have been a mere oversight” given that the warrant “predictably” became national news and should have required authorization from the highest levels of the DOJ, including the Attorney General.

At the hearing last week, as CNN reported, Porter made his feelings about this fairly clear:

“How could you miss it? How could you think it doesn’t apply?” Magistrate Judge William Porter asked a DOJ lawyer during a hearing in Alexandria, Virginia.

“I find it hard to believe that in any way this law did not apply,” Porter added later.

[….]

“You don’t think you have an obligation to say that?” Porter said at one point. “I’m a little frustrated with how the process went down.”

When DOJ attorney Christian Dibblee tried to argue that the decision was made by officials above him and that he understood the judge’s “frustration,” Porter shot back: “That’s minimizing it!”

Dibblee also tried the remarkable argument that the Privacy Protection Act wasn’t the kind of “adverse authority” that lawyers are typically required to disclose when making requests for warrants. A federal statute specifically governing searches of journalists’ materials somehow doesn’t count as relevant law when you’re applying for a warrant to search a journalist’s materials? Sure. That’s believable.

Porter’s ruling addresses this attempted dodge in a footnote that is quietly devastating. Kromberg claimed at the hearing that he didn’t mention the PPA because he believed the statute’s “suspect exception” applied—the narrow carve-out for when the journalist herself has committed a crime. But Porter dismantles that excuse:

The Court finds this explanation inadequate and only highlights why the AUSA should have analyzed the PPA in the application. The government cannot pretextually label a reporter a suspect simply to gather evidence against the actual target. DOJ’s governing guidelines between 2013 and 2020 prohibited invoking the suspect exception “if the sole purpose is to further the investigation of a person other than the member of the news media.” See 28 C.F.R. § 50.10(d)(5) (2016), https://perma.cc/S52Q-BKGD. Such a rule would mean that any invocation of the Espionage Act’s receipt provision, see 18 U.S.C. § 793(c), would automatically strip a reporter of PPA protection—an interpretation that would render the statute a nullity and cannot be reconciled with Congress’s purpose in enacting it. That the AUSA claims to have received contrary advice during the very period when DOJ policy reflected this limitation only underscores the inadequacy of the government’s analysis here.

In other words: Kromberg’s excuse for not mentioning the law actually makes it worse, because it suggests the DOJ’s position is that any time a journalist receives classified information—which is what investigative national security journalists do—the PPA just evaporates. Which would make the statute entirely meaningless. Which is exactly how this DOJ would prefer to treat it.

The ruling also highlights just how much the DOJ took from Natanson beyond what it had any conceivable right to. According to the CNN report linked above, at the hearing, the DOJ “quickly conceded ‘there is more information that was received than what was pursuant to the warrant,’ drawing a scoffing laugh from the judge.” Porter’s written opinion is blunt about the scope of the damage:

No easy remedy exists here. Movants’ First Amendment rights have been restrained. The government seized all of Ms. Natanson’s work product, documentary material, and devices, terminating her access to the confidential sources she developed and to all the tools she needs as a working journalist. The government’s proposed remedy—that she simply buy a new phone and laptop, set up new accounts, and start from scratch—is unjust and unreasonable.

The DOJ’s argument that Natanson could just “start from scratch” is the kind of thing that sounds reasonable only if you’ve never thought about journalism for more than thirty seconds. Or, I guess, if you’re being deliberately obtuse in court while trying to create chilling effects for journalists. Which is just part of the reason this is a clear First Amendment violation:

The government has seized the entirety of Ms. Natanson’s work product: her active stories, her notes on future investigations, and her background and confidential source material that, once compromised, cannot be replaced. The government’s suggestion that she can simply start from scratch fails to recognize the realities of modern journalism and the value of confidential source relationships cultivated over time. The Court finds that seizing the totality of a reporter’s electronic work product, including tools essential to ongoing newsgathering, constitutes a restraint on the exercise of First Amendment rights.

Separately, Porter refused to let the government’s own filter team conduct the review of the seized materials, citing a Fourth Circuit precedent that directly applies here. The government wanted its own people to sift through all of Natanson’s data. Porter said no, invoking language from the circuit court that captures the absurdity of the DOJ’s proposal perfectly:

Given the documented reporting on government leak investigations and the government’s well-chronicled efforts to stop them, allowing the government’s filter team to search a reporter’s work product—most of which consists of unrelated information from confidential sources—is the equivalent of leaving the government’s fox in charge of the Washington Post’s henhouse…. The concern that a filter team may err by neglect, by malice, or by honest difference of opinion is heightened where its institutional interests are so directly at odds with the press freedom values at stake.

Instead, Porter will conduct the review himself, which is the right call under the circumstances, even if it means the process will take significantly longer.

Porter also explains how the DOJ’s conduct has changed the way he will approach their representations going forward. A federal judge, explaining on the record that he can no longer take the government at its word:

In its day-to-day workings, this Court affords government attorneys a presumption of regularity, including by assuming that federal prosecutors have satisfied their obligation to disclose controlling and relevant authority…..

The government’s conduct has disturbed that baseline posture of deference.

That phrase—”disturbed that baseline posture of deference”—is doing a lot of work. It’s a judge admitting, as diplomatically as the federal judiciary allows, that the DOJ exploited his trust. Porter mentioned in passing that the week he received this warrant request there were 45 other such requests.

It feels a bit late for Porter to notice this, but the federal judiciary can be slow. For years we’ve called out how the DOJ frequently lies to judges, especially in any case they can slap a “national security” label on. And it’s been a long-term Techdirt complaint that judges give them a tremendous amount of unearned deference.

The DOJ lies. But this DOJ is so over the top in its misrepresentations, it appears judges are finally learning that.

The “presumption of regularity” that Porter describes is supposed to be earned through consistent good-faith conduct, and this DOJ has burned through whatever reserves of credibility it had.

The bar complaint and the judge’s frustration are both welcome. But what has already happened cannot be undone. Natanson’s 1,200 confidential sources—federal employees who reached out to her because they were afraid of retaliation from this administration—now know that their communications may be sitting in government hands. The fact that a judge eventually blocked the search doesn’t un-ring that bell. Every source who has ever talked to Natanson, and every source thinking about talking to any journalist covering this administration, has received the message loud and clear.

Porter seems to understand this. His closing paragraph carries what you might charitably call restrained skepticism:

The Court’s genuine hope is that this search was conducted—as the government contends—to gather evidence of a crime in a single case, not to collect information about confidential sources from a reporter who has published articles critical of the administration. The Court further hopes the record ultimately bears out the government’s representations

“Genuine hope.” A federal judge—bound by norms of restraint, writing in a judicial opinion—is telling us that the best he can offer is that he hopes the DOJ didn’t exploit his courtroom to target a journalist’s sources. He’s not saying he believes them. He’s not saying the evidence supports their claims. He’s saying he hopes. That’s as close as a sitting federal judge can come to calling the government liars without actually using the word. And he’s not alone—we’re hearing more and more judges feeling the need to speak out.

The outcome here is not the worst case scenario. Porter blocked the search, rescinded the review authorization, and will conduct the review himself rather than letting the DOJ’s own team paw through a reporter’s entire professional life. But the damage from the raid itself—the seizure, the chilling effect, the signal sent to every government employee who might consider talking to a reporter—was baked in the moment the FBI knocked on Natanson’s door at six in the morning.

If federal judges want this to stop, “frustration” expressed in hearings and “disturbed” confidence described in memorandum opinions aren’t going to cut it. Judges need to start imposing real consequences—sanctions, referrals, contempt—on individual DOJ lawyers who treat “candor toward the tribunal” as an optional courtesy rather than a professional obligation. Because right now, the DOJ has learned that the price for misleading a court to execute an unconstitutional raid on a journalist is a stern talking-to and a slightly more complicated review process a month later. Omit the inconvenient law. Exploit the judge’s trust. Execute the raid. Deal with the consequences later.

Judges used to “trust” DOJ representations. Now we’ve blown right past “trust, but verify” all the way to “never trust, always verify.”

Judge Porter has now learned, painfully and publicly, that this DOJ is not acting in good faith. He’s unlikely to be the last such judge.

Most of Trump FCC boss Brendan Carr’s time lately has been split between destroying all consumer protection oversight and threatening media companies with fake investigations if they’re not appropriately deferential to our mad idiot king. The latter has tended to overshadow the former, but it’s all been an ugly combination of authoritarianism, regulatory capture, and rank corruption.

But every so often Carr pauses to do other stuff to show daddy Trump he’s a very good boy. Like his latest announcement that he’s creating a new “Pledge America Campaign” ahead of the country’s 250th birthday this July 4th. The campaign features a demand by Carr that U.S. media outlets make sure they’re airing “pro-America” programming through the summer holiday:

“Consistent with their longstanding public interest obligations, America’s broadcasters play a key role in educating, informing, and entertaining viewers and listeners all across America, and they are particularly well suited to air programming that is responsive to the needs and
interests of their local communities.

The Pledge America Campaign enables broadcasters to lend their voices in support of Task Force 250 and the celebration of America’s 250th birthday by airing patriotic, pro-America content that celebrates the American journey and inspires its citizens by highlighting the historic accomplishments of this great nation from our founding through the Trump Administration today.”

This would obviously be far less ominous if Carr hadn’t spent much of the last year trampling all over the First Amendment, trying to censor comedians who make fun of Trump, threatening talk shows with fake investigations if they’re not friendly to Republicans, and abusing the FCC merger approval process to try and force large companies to be more racist and sexist.

While this is framed as a “voluntary initiative,” Carr’s recent history of launching costly and pointless investigations into companies that aren’t dutifully obedient lurks quietly in the background. You can clearly infer that Carr defines “programming that is responsive to the needs and interests of their local communities” as programming that kisses Republican ass and ignores criticism of Republican policy.

You’ll notice that Carr specifically singles out broadcasters because he’s trying to abuse the FCC’s public interest standard control over “publicly owned” airwaves:

“If Carr’s pledge is truly voluntary, there would be no reason to limit it to broadcasters, said Harold Feld, a longtime telecom attorney who is senior VP of consumer advocacy group Public Knowledge. “If this were genuinely intended as voluntary, and genuinely about celebrating America, there is no reason to limit this to broadcasters,” Feld told Ars. “Cable operators are equally free to celebrate America, as are podcasters for that matter.”

The Trump FCC’s lone Democratic Commissioner (the authoritarians refuse to fill the other vacant commission seat), Anna Gomez, had this to say about the campaign over at Elon Musk’s right wing propaganda website:

Carr’s other effort to “empower local communities” has involved destroying popular media consolidation limits so that Trump-friendly broadcasters like Sinclair can merge and become more powerful than ever. It’s really not subtle how badly the MAGA movement wants a North Korea, Hungary, or Russia style media that delivers nothing but 24/7 agitprop blindly praising dear leader.

They’ll keep pushing toward their goal until they run into something other than soft pudding in response.

It will only take a few moments perusing all the headlines of posts we’ve done on the collective group that owns the Pokémon properties to know that they really, really care about intellectual property. It doesn’t matter if it’s patents, copyright, or trademark, these people will wield it all if they sniff out even the barest potential infringement they can find. But sometimes the depravity of these people’s unflinching focus on IP can surprise even I.

In January, a card shop called The Poke Court held an event at the store in Manhattan. Unfortunately, that event was interrupted by armed gunmen that stormed the storefront and robbed it. It was all over the news and the store received all kinds of support from the local community and online. Obviously a shitty situation, but good people rallied to support them.

Then Nintendo came calling.

The shop posted on its Instagram account that Nintendo reached out with “concerns” about its name and logo, which included the iconic red-and-white Poké Ball. “The short story is Nintendo reached out to us with concerns about our name and logo,” the message read. “This means we’re evolving!”

As such, the owners have released a statement with a new name and logo. The store will now be called The Trainer Court, and now has replaced the Poké Ball logo with a new one with a stylized “C” for “Court.” Beyond that, the store will continue to offer the same cards, community events, and tournaments. The Trainer Court will also be hosting an event on Pokémon Day, February 27, which commemorates the series’ 30th anniversary.

Now, I want to be very clear about this: Nintendo can do this. The store’s name and logo are likely infringing. In a vacuum, this would be your run of the mill trademark issue, with a large company forcing a smaller company to rebrand, because that’s simply what they do.

But this isn’t in a vacuum. Nintendo only caught wind of this supposed “threat” because very real people with very real guns forced a traumatic experience upon the store owners, workers, and customers. There is nothing in the Instagram message posted above to indicate that Nintendo expressed anything at all to the business other than its concerns about intellectual property. It appears that Nintendo cares more about that than any of the lives impacted by what was an armed robbery.

The business itself is putting on both a brave face and a positive attitude about all of this.

“Above all, we have always been fans of Pokémon,” the statement reads. “We are a group of kids who refuse to grow up, and we spend every day celebrating this franchise that means so much to us.”

That’s great, but it sure would be lovely if that same humanity and enthusiasm was mirrored by the very business of which they are such fans. And perhaps the ink could have dried on the police reports before Nintendo felt it necessary to pump out some legal threat letters.

We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare.

Well, here we go again.

A couple weeks ago, Discord announced it would launch “teen-by-default” settings for its global audience, meaning all users would be shunted into a restricted experience unless they verified their age through biometric scanning. The internet, predictably, was not thrilled. But while many users were busy venting their frustration, a group of security researchers decided to do something more useful: they took a look under the hood at Persona, one of the companies Discord was using for verification (specifically for users in the UK).

What they found, according to The Rage, was exactly what we would predict:

Together with two other researchers, they set out to look into Persona, the San Francisco-based startup that’s used by Discord for biometric identity verification – and found a Persona frontend exposed to the open internet on a US government authorized server.

In 2,456 publicly accessible files, the code revealed the extensive surveillance Persona software performs on its users, bundled in an interface that pairs facial recognition with financial reporting – and a parallel implementation that appears designed to serve federal agencies.

Let me say that again: 2,456 publicly accessible files sitting on a government-authorized server, exposed to the open internet. Files that revealed a system performing not a simple age check, but a ton of potentially intrusive checks:

Once a user verifies their identity with Persona, the software performs 269 distinct verification checks and scours the internet and government sources for potential matches, such as by matching your face to politically exposed persons (PEPs), and generating risk and similarity scores for each individual. IP addresses, browser fingerprints, device fingerprints, government ID numbers, phone numbers, names, faces, and even selfie backgrounds are analyzed and retained for up to three years.

The information the software evaluates on the images themselves includes “Selfie Suspicious Entity Detection,” a “Selfie Age Inconsistency Comparison,” similar background detection, which appears to be matched to other users in the database, and a “Selfie Pose Repeated Detection,” which seems to be used to determine whether you are using the same pose as in previous pictures.

This was the same company checking whether a teenager should be allowed to use voice chat on a gaming platform.

Beyond offering simple services to estimate your age, Persona’s exposed code compares your selfie to watchlist photos using facial recognition, screens you against 14 categories of adverse media from mentions of terrorism to espionage, and tags reports with codenames from active intelligence programs consisting of public-private partnerships to combat online child exploitative material, cannabis trafficking, fentanyl trafficking, romance fraud, money laundering, and illegal wildlife trade.

So you wanted to verify you’re old enough to use voice chat, and now there’s a permanent risk score somewhere documenting whether you might be involved in illegal wildlife trafficking.

What could go wrong?

As the researchers put it to The Rage:

“The internet was supposed to be the great equalizer. Information wants to be free, the network interprets censorship as damage and routes around it, all that beautiful optimism. And for a minute it was true.”

[….]

“The state wants to see everything. The corporations want to see everything. And they’ve learned to work together.”

Discord, to its credit, has now said it will not be proceeding with Persona for identity verification. And to be fair, Discord and similar internet companies are in an impossible position here—facing mounting regulatory pressure in multiple jurisdictions to verify ages while being handed a market of vendors who keep turning out to be security nightmares. But this is part of a pattern that should be deeply familiar by now.

Just last year, Discord’s previous third-party age verification partner suffered a breach that exposed 70,000 government ID photos, which were then held for ransom. Discord said it stopped using that vendor. Then it moved to Persona, which was already raising concerns due to connections to Peter Thiel. Now Persona’s frontend is found wide open on a government-authorized server, and Discord is dropping them too.

See the pattern? Discord keeps swapping vendors like someone frantically rotating buckets under a leaking roof, apparently hoping the next bucket won’t have a hole in it. But the problem was never the bucket. The problem is the hole in the roof — the never-ending stream of age-verification government mandates.

And this brings us to the bigger, more important point that almost nobody in the “protect the children” policy crowd seems willing to engage with honestly. Every single time you mandate age verification, you are mandating the creation of a centralized database of extraordinarily sensitive personal information. Government IDs. Biometric facial data. The kind of data that, once breached, cannot be “changed” like a password. You get one face. You get one government ID number. When those leak—and they will leak—the damage is permanent.

Even the IEEE Spectrum Magazine is now publishing articles that detail how age verification undermines any effort to protect children by putting their privacy at risk.

These systems fail in predictable ways.

False positives are common. Platforms identify as minors adults with youthful faces, or adults who are sharing family devices, or have otherwise unusual usage. They lock accounts, sometimes for days. False negatives also persist. Teenagers learn quickly how to evade checks by borrowing IDs, cycling accounts, or using VPNs.

The appeal process itself creates new privacy risks. Platforms must store biometric data, ID images, and verification logs long enough to defend their decisions to regulators. So if an adult who is tired of submitting selfies to verify their age finally uploads an ID, the system must now secure that stored ID. Each retained record becomes a potential breach target.

Scale that experience across millions of users, and you bake the privacy risk into how platforms work.

We have been cataloging these breaches for years. In 2024, Australia greenlit an age verification pilot, and hours later a mandated verification database for bars was breached. That same year, another ID verification service was breached, exposing private info collected on behalf of Uber, TikTok, and more. Then came the Discord vendor breach last year. And now Persona.

This keeps happening because it has to keep happening. It’s the inevitable result of a system designed to aggregate the exact kind of data that attackers most want to steal. Computer scientists and privacy experts have been sounding this alarm for years.

And what makes this even more galling is that these age verification systems don’t even accomplish what they claim to accomplish.

Take Australia’s infamous ban on social media for under-16s, the poster child for this approach. It’s been a complete failure on its own terms: plenty of kids have already figured out ways around the ban, while those who can’t—particularly kids with disabilities who relied on social platforms for community—are being actively harmed by their exclusion. As the security researcher who helped discover the Persona leak, Celeste, told The Rage:

“Normies won’t be able to bypass these,” while less benevolent people “will always find ways to exploit your system.”

So we’ve built a system that fails to keep out the people it’s supposedly targeting, while successfully creating permanent biometric dossiers on millions of law-abiding users. Not great!

Meanwhile, what’s happening at the legislative level is perhaps even more cynical. Governments around the world are pushing harder and harder for mandatory age verification online. And as these mandates create a captive market worth billions of dollars, a whole ecosystem of venture-backed “identity-as-a-service” startups has sprung up to serve it. Persona, valued at $2 billion and backed by Peter Thiel’s investment network, is just one of many. These companies make grand promises about privacy-preserving verification, get contracts with major platforms, and then — whoops — leave 2,456 files exposed on a government server.

And, of course, these very firms are now lobbying for stricter age verification mandates. They’ve positioned themselves as protectors of children while actively working to expand the legal requirements that guarantee their revenue stream.

Lawmakers mandate an impossible task, VC-backed startups pop up to sell a “solution,” those startups then lobby for even stricter mandates to protect their market, and the cycle repeats.

“Child safety” has simply become the marketing department for a rent-seeking surveillance industry.

As long as the law demands that these biometric gates exist, the “security” of the data they collect will always be a secondary concern to “compliance” with the mandate. Companies will keep rotating through vendors, each one promising that their system is the one that won’t leak, right up until it does. And the age verification industry will keep lobbying for stricter laws, because every new mandate is another guaranteed revenue stream.

The researchers who exposed Persona’s frontend hope their findings will serve as a wake-up call. Given the track record, it probably won’t be. Discord dropping Persona changes nothing—the next vendor will collect the same data, make the same promises, and eventually suffer the same breach. Because the problem was never which company holds your biometric data. The problem is that anyone is being forced to hand it over in the first place.

Late last year, Mike was a guest on Seb Agertoft’s Humans in the Loop podcast for a wide-ranging discussion all about restoring the promise of the decentralized internet. That interview was just released, and we’re dropping the whole conversation here as well on this week’s episode of the Techdirt Podcast.

You can also download this episode directly in MP3 format.

Follow the Techdirt Podcast on Soundcloud, subscribe via Apple Podcasts or Spotify, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.