It was only a few months ago in September that Maduro bragged that China had given him a phone that “the Americans can’t hack…neither their spy planes, nor their satellites.” In the end, it may not have mattered because apparently the CIA already had a spy in Maduro’s inner circle and a team on the ground that had been tracking his every move since August. But the sophisticated operation to capture Maduro revealed an even broader U.S. intelligence effort. Based on the statements of American officials and summary of events by General Dan Caine, the Chairman of the Joint Chiefs of Staff, the operation required the full panoply of U.S. intelligence capabilities, including human intelligence, geospatial intelligence, signals intelligence, and even potentially cyberattacks. 

Going forward, intelligence has a central role to play in capitalizing on the successful capture of Maduro and stabilizing post-Maduro Venezuela. It can demonstrate U.S. capabilities and resolve against several of America’s foremost state adversaries, and it can deal a serious blow to the illicit drug trade and finances of non-state actors like Hezbollah and cartels. A U.S.-aligned Venezuela would be an enormous asset and ally in the contemporary era of geopolitical conflict and competition. But this will not be easy. The great test for American intelligence in Venezuela will be if it escapes the historical cycle that so many are predicting will follow.

A Warning About Shadow Wars

American intelligence success underscored more than just Venezuelan intelligence failure because Maduro received intelligence, military, and technological support from China, Russia, Iran, and Cuba. Cuba even acknowledged that thirty-two members of its armed forces and intelligence services were killed in the raid, possibly protecting Maduro himself, in what is undoubtedly an embarrassing debacle for Cuban counterintelligence. In a rare admission, two Chinese military affairs experts highlighted several competencies and advantages the United States demonstrated in executing the mission, including evading the Russian-provided Venezuelan air defense system and recruiting Venezuelan officials as intelligence assets. Surely, Operation Absolute Resolve should go down in the history books as a stunning victory for American intelligence.

Not so fast. Intelligence, regime change, and Latin America? Venezuela has all the makings of another intelligence-spearheaded scandal, echoing several that happened in the twentieth century—from Guatemala to Cuba to Chile to Nicaragua. For a country haunted by the recent ghosts of Afghanistan and Iraq, and the more distant ghosts of the Cold War in Latin America, Maduro’s capture now has Americans wondering, what happens next? If the United States cannot help stabilize Venezuela, then Maduro’s capture will enter the annals of history as another example of a failed U.S. intelligence coup in Latin America.

In a press conference on the operation, President Donald Trump announced that the United States would “run” Venezuela, adding that he was not afraid to put “boots on the ground.” But recent polling revealed little public support for an American invasion of Venezuela and the administration’s new National Security Strategy specifically eschews “imposing…democratic or social change,” suggesting just as little presidential appetite for a military occupation or nation-building effort in Venezuela. Intelligence could offer a lower risk way to advance U.S. interests. But one of the warnings of history is that intelligence and covert action have led to deeper U.S. entanglement and prolonged shadow wars for the United States in countries where other states are determined to protect their clients or are contesting American efforts to install a friendly government. The key will be for the Trump administration to use intelligence to control mission creep in Venezuela and for the U.S. Intelligence Community (IC) to support the administration with analysis and operations that keep U.S. foreign policy goals in Venezuela measured, attainable, and credible. 

The Trump administration will need to leverage the intelligence advantages revealed by Operation Absolute Resolve because it is doubtful Russia, China, Iran, Cuba, or non-state actors like Hezbollah or drug cartels will allow the United States to displace them in Venezuela without a fight. Everyone involved will be looking to exploit the power vacuum created by Maduro’s removal. The question will be whether the United States can successfully keep this struggle contained to the shadows without having to call in the military as an occupying force. Perhaps the most common perception of an intelligence-led shadow war involves paramilitary operations, which, historically speaking, can get ugly. Some observers are already predicting chaos in Venezuela. Street and jungle firefights between U.S. and foreign-supported proxies, political assassinations, and human rights abuses are all possibilities that the United States must avoid at all costs. This might not be easy with so many actors ready to be spoilers in any American plans for a post-Maduro Venezuela. 

Intelligence in the Lead

Succession is the big question facing both Venezuela and the Trump administration right now. A classified CIA report concluded that Maduro holdovers would be best positioned to head the new Venezuelan government. Nonetheless, the United States could lend intelligence support and protection for Venezuelan opposition figures, for example, María Corina Machado, who might be targeted based on the danger they pose to entrenched interests, like U.S. intelligence helped foil Russian attempts to assassinate Ukrainian President Volodymyr Zelenskyy. Aside from possibly turning members of Maduro’s inner circle into assets, the IC will have to continue analyzing both Maduro heirs apparent and opposition figures to prepare the Trump administration for future negotiations and possible changes in the government. Leadership analysis could shape other covert efforts, for instance, information campaigns to influence public opinion or elections to replace the government with one more amenable to working closely with the United States. The IC will also have to fend off competing efforts by adversaries to extend their influence over Venezuela’s new government. Furthermore, Maduro’s capture could expose internal rifts within Venezuela’s military and intelligence services that the IC could exploit to develop new assets and liaison partners. 

Regardless of who is in charge, the United States faces a Venezuelan state thoroughly compromised by both state and non-state counterintelligence challenges. As a preliminary measure, the Trump administration is already pressuring Venezuela’s interim government to expel all suspected intelligence officers from China, Russia, Cuba, and Iran. The IC will also have to identify spies for these states in the Venezuelan government and corrupt officials who have been co-opted by groups like Hezbollah and cartels. Acting President Decly Rodríguez has apparently ordered the arrest of U.S.-sanctioned Major General Javier Marcano Tábata, the director of military counterintelligence and head of presidential security, but his replacement by another U.S.-sanctioned general who was responsible for brutal crackdowns on protestors in 2014, will alarm human rights advocates. Venezuela could already be headed toward the Cold War-era model where the United States supported abusive, reactionary governments as long as they advanced American interests.

The problem is not only the people, but also the military and intelligence infrastructure positioned by foreign states in Venezuela. The Chinese telecom giant, ZTE, constructed a database for Venezuela modeled on elements of China’s social credit system to help extend government control over the population. China has supported Venezuela with radar and satellite technology as part of its growing space and surveillance foothold in the Western Hemisphere and Russia supplied Venezuela with its aerial defense system, even though both proved vulnerable to the U.S. military in Operation Absolute Resolve. Nonetheless, they are an area of access and influence for those states. Additionally, helping the new Venezuelan government roll back its dependence on Chinese and Russian technology is as much a U.S. national security imperative as a Venezuelan one because they are likely compromised and can provide information to foreign governments about U.S. intelligence operations in Venezuela. American intelligence officers therefore not only have to worry about the people they are working with, but also the systems in place. So, even a friendlier Venezuelan government does not mean it will be a friendlier operating environment for American intelligence.

The IC will also need to play a role in securing Venezuelan economic infrastructure. In the press conference following the operation, President Trump suggested U.S. oil companies would invest in and rebuild Venezuela’s oil infrastructure, which would be a pillar of any new Venezuelan government’s efforts to restore its economy and establish its legitimacy with the Venezuelan people. More recently, the Trump administration is insisting Venezuela sever economic ties with Russia, China, and Iran. These states undoubtedly do not want to see Venezuela’s considerable oil, mineral, and precious metal wealth come under American control. The IC would have to work with private sector U.S. companies on physical and cyber security to protect oil, mineral, and precious metal infrastructure from state-sponsored sabotage. Foreign investment to rebuild Venezuela’s crumbling energy and mining sectors will be critical to the country’s future, but companies will only want to invest if they consider it safe to do so. 

Violent non-state actors including Hezbollah and drug cartels have used Venezuela as a safe haven and base of operations. Russia, China, and Iran may exploit these non-state actors, and their willingness to use violence, to destabilize Venezuela. Moreover, these groups have their own economic interests in Venezuela, and it will be difficult to avoid bloodshed if the Venezuelan government attempts to root them out. The United States may revive elements of the Plan Colombia playbook, which was an agreement reached between the U.S. and Colombian governments to help the latter restore order after decades of instability created by non-state actors like drug cartels and the FARC. Economic development and intelligence support were central to the plan. In this respect, the Treasury Department’s Office of Intelligence and Analysis will play as big a role as any in the IC to identify, target, sanction, and disrupt foreign state and non-state actors engaging in criminal enterprises in Venezuela. Although political and military covert action always command more of the public’s attention, economic covert action could actually eclipse them in the shadow war over Venezuela’s future. 

Stabilizing Venezuela and securing American interests there will require tackling not only the state and non-state actors that can threaten reconstruction but also lingering corruption in the post-Maduro Venezuelan government. The IC can aid the U.S. government’s effort to transparently and successfully prosecute Maduro for his crimes. The prosecution will need access to intelligence collected on Maduro’s connection to drug cartels and narcoterrorist groups. This case could also present a foundation for anti-corruption investigations and trials in Venezuela that could restore public trust in the government.

From Covert Action to Public Accountability

The operation to capture Maduro was all the more remarkable as an intelligence success because it remained secret until its execution. This was quite an achievement for the second Trump administration, which suffered from pervasive leaking in its first administration. However, the Trump administration only informed the “Gang of Eight” after the operation was underway, and Democratic lawmakers are already claiming they were misled about the administration’s plans in Venezuela. The IC will be called upon to account for its activities at congressional hearings on the Maduro operation and the Trump administration’s policy for a post-Maduro Venezuela. The IC will have to resist pressure to politicize intelligence to suit either the Trump administration or opposing lawmakers. Resisting politicization also includes avoiding leaks from classified hearings or materials given to members of Congress, which could directly affect ongoing intelligence operations in Venezuela, like those that plagued previous American covert action operations in Latin America during the Cold War. 

That said, the IC should be as transparent as security permits precisely because secret intelligence operations in Latin America were the source of so much scandal and public outcry in other periods of American history. Immediately after Maduro’s capture, disinformation began to flood social media. The IC, which already struggles with countering disinformation and advancing its own narrative, will face disinformation operations designed to undermine global and domestic public trust in the U.S. government’s activities in Venezuela. Undoubtedly, foreign intelligence services will commit many of the same sins or worse that they will accuse the United States of in Venezuela, just as they did in the Cold War. The IC will have to work with both the Venezuelan and American governments to manage the information environment. Ultimately, the only thing worse than disinformation is information based on real abuses, so the IC must avoid repeating the mistakes it has made in other Latin American countries. The United States and its intelligence community have succumbed to these mistakes in the past, so the real test of resolve is yet to come. 

The post U.S. Intelligence in a Post-Maduro Venezuela appeared first on Just Security.

This sends the wrong message to Beijing, as well as to U.S. allies in the Indo-Pacific caught in China’s cyber crosshairs. Trump’s new National Security Strategy (NSS) explicitly calls for burden-sharing, arguing that allies must “assume primary responsibility for their regions,” while the United States serves as a “convener and supporter” in regional defense. Backing away from sanctions after a major China-linked hacking campaign undercuts that logic: burden-sharing collapses if the United States is not willing to bear economic or political costs itself. If the world’s largest economy will not confront China’s cyber operations, how can it credibly ask Indo-Pacific allies — who have far less leverage over Beijing — to step up?

There is still time to recalibrate. To counter Beijing’s cyberattacks and operationalize burden-sharing, the United States must use its unique leverage to impose costs on China while enabling Indo-Pacific allies to lead cyber defense in the region.

Beijing Exploits Cyber Weakness Across the Indo-Pacific 

The U.S. intelligence community identifies China as the most persistent and active cyber threat to U.S. networks. In 2024, the Chinese state-sponsored hacking group Salt Typhoon carried out one of the most severe breaches of U.S. telecommunications companies. Just weeks before Trump met with Xi in October, the United States uncovered another major China state-backed cyber intrusion of the cybersecurity vendor F5, triggering an emergency directive from the lead U.S cyber agency. Yet, the cyber threat to Washington extends far beyond the homeland. China’s cyber operations have already infiltrated networks supporting U.S. forward deployed forces across the Indo-Pacific, targeted export controls on critical technologies, and spread disinformation campaigns designed to erode trust in U.S. alliances.

U.S. regional partners also bear the full brunt of Beijing’s cyber coercion. In Taiwan alone, China-linked hackers target critical infrastructure and government networks roughly 2.8 million times a day — a 17 percent jump from last year. Over the past five years, Chinese hacking groups have targeted Japan’s national security and critical technology data over 200 times.

Indo-Pacific cyber defenses are not keeping pace with threats from China. The region is experiencing rapid digitalization — often without matching investments in cybersecurity. In Southeast Asia alone, the digital economy could reach up to $1 trillion in gross merchandise value by 2030. This surge in connectivity is fueling growth, but it also expands the attack surfaces that state-backed hackers, and other malign cyber actors, can exploit — underscoring the urgent need for collective investments in cyber defenses.

The lack of cybersecurity personnel in the region emboldens Beijing’s hackers. When breaches occur, scant cyber workforces struggle to root out China’s hostile activity. Identifying the attackers takes weeks — if it happens at all — and allied cyber defense resources often arrive after the damage is done. The numbers are stark. There are only around 200 highly certified cybersecurity professionals in the Philippines, and Japan’s cyber workforce shortfall nearly doubled between 2022-2023. At the same time, China operates a hacking program larger than that of every major country combined.

Beijing’s economic leverage is also blunting efforts to counter China’s cyber operations. For example, the Philippines made no official attribution statement against its largest trading partner, China, when Beijing-backed attackers infiltrated the government and stole sensitive military data earlier this year. The same story plays out in South Korea, Japan, and Taiwan — leaders condemn cyber espionage in vague terms but hesitate to call out Beijing specifically when trade is on the line.

To counter Beijing’s cyber operations across the Indo-Pacific, Washington should lead its treaty allies in building a new “Cyber Shield” for the region. In this proposed framework, Washington would provide strategic capacity-building resources while allies commit to measurable investments in their own cyber defenses — enabling greater regional integration and capability to defend against cyber threats. This framework would also define options for a collective response to move away from ineffective, ad hoc reactions that only embolden China.

Toward an Indo-Pacific Cyber Shield

While an Indo-Pacific Cyber Shield will not stop Beijing’s cyber aggression, it will certainly raise the cost for China. The recommendations below operationalize the proposed Cyber Shield across three pillars — joint resolve, joint resources, and joint response.

Joint Resolve 

Countering Beijing’s cyber operations starts with conveying the joint resolve of the United States and its Indo-Pacific allies. Washington and its regional partners should issue a joint statement condemning China’s cyber activity and commit to a significant collective response if Beijing’s cyber operations continue. Such a statement would undercut Beijing’s denials of its cyber operations. It would also help signal resolve and bolster awareness by publicly highlighting Beijing’s hostile cyber operations. A joint advisory — issued by the FBI and European allies in August — offers a model to replicate. The United States and its allies should increase the cadence of these alerts following major China-backed infiltrations.

Joint Resources

Increasing joint cyber defense capabilities will be the most critical component of countering China’s cyber aggression. To operationalize the Cyber Shield, U.S. capacity building resources should scale with greater partner investments in cyber defenses. This reflects the National Security Strategy’s burden-sharing model in practice. Regional allies must improve the technical capacity to identify evidence of Chinese hacking when a breach occurs, quickly patch vulnerabilities, and bolster resilience of critical networks to thwart future intrusions. The United States is making important progress on cyber defense capacity building in the region. U.S. Cyber Command has deployed more than 85 times to over 30 countries in partner-enabled missions to hunt for hostile activity on networks. The U.S. Cybersecurity and Infrastructure Security Agency has also conducted several capacity-building exercises, including with Japan in 2024 on maritime cybersecurity.

For their part, Indo-Pacific allies and partners participate in multiple U.S.-led military exercises that have a cyber component, including the annual Cyber Flag exercise hosted by the U.S. Cyber Command. The United States has also prioritized negotiating an intelligence sharing agreement with the Philippines, and both countries approved a major intelligence sharing upgrade in 2024. The United States should leverage these engagements to share cyber threat intelligence and provide a clear roadmap for how allies can receive greater cyber defense support from Washington.

Critically, U.S. allies in the Indo-Pacific need to invest in their own cyber defenses. In exchange for access to U.S. cyber defense resources and information, allies should modernize military and intelligence cyber capabilities, upgrade and strengthen intelligence systems, and provide a clear legal pathway for U.S. Hunt Forward operations — defensive operations conducted by U.S. Cyber Command at the request of a host nation — to root out hostile activity on partner networks. Most importantly, allies should remove insecure ICT infrastructure, especially from companies like Huawei and ZTE, that pose a significant cyber espionage risk.

Joint Response

If a breach occurs, the United States and its regional allies must be ready to impose costs on Chinese state-backed hackers. In addition to bolstering domestic cyber defenses, the United States should develop a joint escalation ladder with its regional allies outlining a variety of responses to state-backed cyber aggression. The European Union’s Cyber Diplomacy Toolbox shows what a coordinated diplomatic response to malign cyber activity can look like. While U.S. Indo-Pacific allies are not as politically or institutionally integrated as the European Union, the region can apply similar tools while leveraging the multiple existing cyber coordination channels between the United States, Japan, South Korea, and the Philippines.

Legal action is an important but underutilized tool in the cyber context. The United States has indicted China-linked hackers multiple times, including two hackers linked to the Chinese Ministry of State Security in 2018, and employees of i-Soon — a company that carried out cyber operations on behalf of the Chinese government — last March. Indo-Pacific allies are beginning to take similar steps, albeit less frequently. In 2021, for example, Japanese law enforcement investigated a Chinese hacker over alleged involvement in cyberattacks on about 200 companies, including the Japan Aerospace Exploration Agency. The United States should work with Indo-Pacific allies to develop frameworks to prosecute China-linked hacking, especially for threat groups like Salt Typhoon, that target both the United States and the Indo-Pacific.

The Cyber Shield framework would also encourage its members to levy economic sanctions against known Chinese cyber threat actors. Despite the reported White House walk-back, the United States has sanctioned China-backed hackers multiple times, including Zhou Shuai, a Shanghai-based cyber actor, last March. Similarly, the United States, Australia, and the United Kingdom jointly issued sanctions against Aleksandr Ermakov, a Russian hacker who breached Australia’s largest private health insurance provider, in January 2024. The United States should coordinate similar sanctions regimes with its Indo-Pacific allies after significant cyberattacks, especially if the threat actor targets multiple allied countries.

Finally, the United States and its regional allies should prepare to respond with offensive cyber operations when necessary and legal to make China-backed hackers pay. Seoul and Tokyo are already honing their offensive cyber capabilities: South Korea’s 2024 National Cybersecurity Strategy calls for intelligence and military agencies to “preemptively and offensively respond to threats,” while Japan’s new active cyber defense legislation authorizes the neutralization of adversary servers. This further aligns Indo-Pacific allies with Washington’s Defend Forward cyber posture, which calls for disrupting adversary cyber threats before they reach domestic networks. The United States should take advantage of this alignment in strategy by prioritizing the development of joint offensive cyber capabilities during military exercises like Cyber Flags.

* * *

Without a new framework to counter China-backed cyber operations in the region, Beijing and other state-backed cyber groups will continue escalating their cyber operations to spy, steal, and sabotage with near impunity. A new Cyber Shield would translate the National Security Strategy’s burden-sharing concept to Indo-Pacific cyber defense, enabling allies to take greater responsibility in countering state-backed cyber threats. A Cyber Shield will not eliminate Beijing’s cyber intrusions, but it will finally enable the United States and its Indo-Pacific allies to act faster, coordinate responses, and impose costs on China.

The post America’s Cyber Retreat Is Undermining Indo-Pacific Security appeared first on Just Security.

The post Just Security’s Artificial Intelligence Archive appeared first on Just Security.

On March 24, 2025, The Atlantic published the first in a series of articles containing material from the group chat, including screenshots of Signal messages between cabinet-level officials discussing the authorization and operational details of the strikes, which took place on March 15. Hegseth, then National Security Advisor Michael Waltz, and other cabinet members, including the administration’s two most senior intelligence officials, discussed matters including the number of aircraft involved in the attack, the kinds of munitions dropped, specific times for the attack, and targets on the ground, according to The Atlantic.

OIG published its report on the incident alongside a companion report offering recommendations for the handling of sensitive information on “non-DoD controlled electronic messaging systems.” The OIG conducted its evaluation of the incident from April through October 2025, collecting information and documents and conducting interviews with current and former DoD personnel to identify “the factual circumstances and adherence to policies and procedures surrounding the Secretary’s reported use of Signal to conduct official government business from approximately March 14 through March 16, 2025.”

In a previous article on Just Security, Ryan Goodman analyzed the criminal laws that could apply to Signalgate. This fell outside of the scope of the OIG report, which did “not try to identify whether any person violated criminal laws.” Instead, the report assessed whether Hegseth and other DoD officials “complied with DoD policies and procedures for the use of the Signal commercial messaging application for official business” in “compliance with classification and records retention requirements.” The report’s findings and the recommendations raise a number of questions that lawmakers should address.

OIG Report Findings and Recommendations

The OIG found that Hegseth, who declined to be interviewed, shared sensitive, non-public information from a USCENTCOM briefing in the Signal group just hours before the United States conducted strikes in Yemen. In doing so, the report says, “the Secretary’s actions did not comply with DoD Instruction 8170.01, which prohibits using a personal device for official business and using a nonapproved commercially available messaging application to send nonpublic DoD information.”

The OIG explicitly stated that the information shared in the group could have created a risk to U.S. forces, contradicting a written statement by Hegseth.

Although the Secretary wrote in his July 25 statement to the DoD OIG that “there were no details that would endanger our troops or the mission,” if this information had fallen into the hands of U.S. adversaries, Houthi forces might have been able to counter U.S. forces or reposition personnel and assets to avoid planned U.S. strikes. Even though these events did not ultimately occur, the Secretary’s actions created a risk to operational security that could have resulted in failed U.S. mission objectives and potential harm to U.S. pilots.

The report also found that Hegseth and his office failed to retain the messages as required by federal law, since some of the messages were “auto-deleted before preservation.” DoD was only able to provide “a partial transcript of the Signal messages based on screenshots taken from the Secretary’s personal cell phone on March 27, but this record did not include a significant portion of the Secretary’s conversations disclosed by The Atlantic,” according to the report. The OIG therefore “relied on The Atlantic’s version of the Signal group chat.”

The report also detailed procedural issues with the classification of operational information in USCENTCOM communications, including a lack of appropriate markings on certain communications.

With regard to Hegseth’s failure to comply with DoD instructions on the use of a personal device and non-approved commercial app for the conduct of official business, the OIG did not make a recommendation, asserting that “the use of Signal to send sensitive, nonpublic, operational information is only one instance of a larger, DoD-wide issue.” The single actionable recommendation from the OIG evaluation is that USCENTCOM should review its classification procedures and “ensure that clear requirements are communicated” for marking classified information.

The companion report included a number of other recommendations. It suggests that the DoD should take efforts to remove the incentive for personnel to use apps such as Signal by providing better official alternatives, that it should conduct department-wide cybersecurity training, and that senior leadership should receive training and “a knowledge assessment” on the use of mobile devices and applications. The DoD Chief Information Officer agreed with most of the recommendations, but quibbled with creating new department-wide training, arguing they would be expensive and “redundant” to existing efforts.

Questions Lawmakers Should Ask Now 

The OIG report raises questions, including about its drafting and scope. For instance, while Appendix A of the report stipulates that it “does not try to identify whether any person violated criminal laws,” two pages later it says OIG “obtained support from the Administrative Investigations and Defense Criminal Investigative Service Components in the DoD OIG,” which “advised and assisted the project team with analysis of potential criminal conduct and taking recorded and sworn testimony from DoD officials.” Was the inquiry truly limited in its scope, or did OIG implicitly conduct a criminal-adjacent investigation without stating so? Was any material left out of the report that would have been important for Congress or the public to know?

Regardless, the OIG report is far from the “total exoneration” claimed by Hegseth and his aides. Rep. Don Bacon (R-NE) told CNN’s Brianna Keilar that claims the report exonerated Hegseth are “total baloney,” while Sen. Jim Himes (D-CT) told CBS News’ Face the Nation that his Republican colleagues are expressing concern over the findings. But when asked if he would use Signal again, the Secretary told a Fox News correspondent on Saturday that he does not “live with any regrets.”

Given bipartisan concern over the issue, Congress should pursue a more substantial inquiry into the incident, and look into the “DoD-wide issue” that the OIG report says stems from the use of Signal. Perhaps there are legislative solutions. Congress could write a law to require DoD to deploy a secure messaging application to reduce the incentive to use consumer apps, or more clearly codify consequences for senior officials—including Cabinet members—who violate electronic communications or records laws.

That might create accountability for a future Secretary of Defense. It would at least put the same degree of accountability in place for the civilian leader of the military as for his subordinates. As The Atlantic’s Goldberg put it on Friday:

I try not to express my personal views from this chair, but since Signal Gate happened on my phone, let me say that the most disturbing aspect of this whole episode is that if any other official at the Department of Defense and certainly any uniform military officer shared information 1 in 100th as sensitive as Hegseth and others shared on an insecure messaging app, without even knowing that the editor-in-chief of The Atlantic was on the chat, they would be fired or court-martialed for their incompetence.

Perhaps such common sense is insufficient to serve in place of a rule. Congress has the opportunity now to use the OIG report as the starting point to consider what should happen next. If it fails to do so, then the report will be filed away as the endpoint Hegseth claims it is.

The post Questions Lawmakers Should Ask About Inspector General Report on Signalgate appeared first on Just Security.

As those legal risks were being debated, new reporting described European leaders giving fresh political backing to a different kind of intelligence adjustment: the European Commission’s effort to strengthen its internal fusion capacity, building on years of work to make better use of information already held by member states and EU institutions. The Venezuela-related carve-outs did not create that initiative, and the Commission’s plans long predate the U.S. boat strikes. But both raise a larger question: are European partners just managing discrete problems, or are they beginning to hedge more systematically against U.S. volatility in the intelligence domain?

Isolated decisions to limit intelligence sharing would matter under any administration. They may carry a greater weight, however, in the current U.S. political context. A second Trump term introduced a variable absent under previous presidents: a U.S. leader more inclined to view  alliances as short-term transactions and who openly uses intelligence support as leverage over other countries. Against that backdrop, adjustments to intelligence sharing that might once have passed for routine housekeeping now take on sharper significance and risk hardening into more conditional, guarded cooperation.

This is not to suggest the transatlantic intelligence relationship is collapsing. No intelligence organization—on either side of the Atlantic—is likely to make a clean break with its closest partners. That would be operationally catastrophic and strategically pointless. The Five Eyes alliance—the intelligence-sharing arrangement between the United States, the United Kingdom, Canada, Australia, and New Zealand—remains the most deeply institutionalized part of the Western alliance system. Meanwhile, European intelligence services still depend heavily on U.S. technical and collection capacity. But actions across both Trump administrations have left partners wary enough to start treating U.S. reliability as something to be managed, not assumed.

In March, I argued that the clearest indicator of any U.S. strategic realignment toward Russia would show up in Washington’s adjustments to intelligence flows rather than threats to Article 5 or summit theatrics: who is written into “REL TO” dissemination markings—the list of foreign partners allowed to see a given product—and whose access is quietly thinned, and whether ad hoc contacts with Moscow become routine exchanges. That remains a “canary in the coal mine” for a deliberate tilt toward Moscow, and there is still no evidence of that threshold being crossed.

What has changed since the spring is not a single decisive move, but the accumulation of background noise. The mix of signals that worried European officials then—CIA Director John Ratcliffe’s outreach to Moscow, pauses and threats in support to Kyiv, public disparagement of NATO allies—has been joined by fresh episodes: a White House “peace plan” for Ukraine drafted largely over European heads; an ever-shifting “war on narco-terrorists” that casts Venezuela’s President Nicolás Maduro as a drug kingpin even as Trump pardons former Honduran President Juan Orlando Hernández, a convicted cocaine trafficker serving a 45-year sentence; and a Pentagon inspector general report on “Signalgate” detailing Defense Secretary Pete Hegseth’s use of a personal Signal chat to share Yemen strike plans in violation of Pentagon policy and with acknowledged risk to troops. The administration’s newly released National Security Strategy, which elevates the Western Hemisphere and treats Europe more as a secondary theater expected to shoulder more of its own risk, points in the same direction.

Each can be debated on its own terms. Taken together, they deepen an existing unease about Washington’s steadiness as a security partner without yet amounting to a clear break.

How Intelligence Officers Think About Limits on Sharing

Public debate tends to treat “intelligence sharing” as an on/off switch. For practitioners inside CIA and NSA, and their counterparts across Europe, it looks more like overlapping networks of pipes and valves. Some of those networks are formal: Five Eyes, NATO structures, and liaison officers embedded in U.S. combatant commands and European headquarters. Other networks are quieter bilateral or trilateral channels that have matured over decades: analyst to analyst on secure systems, Station chiefs to counterparts, desk officer to long-standing liaison contact. Unless a sharing arrangement is revoked, information keeps moving through these less formal conduits.

From the intelligence officer’s perspective, limits inside this architecture are routine, not alarming. Intelligence is born with markings that specify who may see it and under which national “flags.” Those caveats are meant to protect sensitive sources and methods. The Five Eyes partnership enjoys the broadest and most automatic access. But the same mechanisms used to manage that cooperation—originator control rules, “no foreign” restrictions, topic-specific exclusions—are applied every day in U.S.–European and intra-European exchanges.

The historical logic of this system remains straightforward. No single service can collect everything. The United States relies on partners with better access in particular regions, communities, and problem sets. Those partners rely on U.S. reach, technical mass, and global analytic capacity. Foreign intelligence liaison, as Jennifer Sims has put it, is a form of subcontracted collection based on barter: States enter these arrangements to expand access, lower costs and risks, and speed information to decisionmakers. When partners worry intelligence will be misused, they don’t dismantle entire frameworks. Instead, they rely on the familiar tools—tighter caveats, narrowed subject-matter, additional conditions—to make some flows slower and more contingent.

Seen through that lens, the United Kingdom’s reported decision to narrow what it shares on suspected drug-trafficking vessels is not a sign that British and U.S. intelligence agencies have stopped talking to one another, nor that Five Eyes is coming apart. It is a partner fencing-off a specific operational line within a larger relationship. London has not publicly implied that it has stopped intelligence sharing on maritime issues in general with Washington.

The transatlantic intelligence-sharing system rests on three assumptions. First, that partners broadly agree on who the main adversaries and problems are, and what kinds of attacks or crises matter most, even if they rank those threats differently. Second, that their legal frameworks and targeting practices are close enough that shared intelligence will not routinely drag one service into another’s gray zones. Third, that all sides can trust each other’s internal controls: vetting, auditing, and resistance to politicization. When any one of those assumptions is strained—because definitions of terrorism expand, because the boundary between law enforcement and military action blurs, or because domestic politics call institutional neutrality into question—intelligence and policy senior officials on one end of the network start reaching for those “valves.”

All three assumptions face periodic tension, but the Trump administration has put unusual and sustained stress on the third. For European services, the concern is not one scandal in isolation but the pattern developed over two Trump terms. They have not forgotten the first term’s controversies over handling classified information, including the 2017 Oval Office meeting in which highly sensitive counterterrorism intelligence was disclosed to Russian officials, alarming the Middle Eastern partner that had provided it, or the subsequent criminal case over classified documents stored at Mar-a-Lago, with photographs in the 2023 indictment showing boxes of national defense information stacked in a ballroom and even a bathroom. Allies know those episodes do not reflect everyday tradecraft, but they still raise doubts about discipline at the top.

In European capitals these episodes are part of the story services must tell their own oversight bodies when they are asked whether U.S. national security agencies still merit the deference they have long received—especially in a climate where recent polling shows most Europeans now see the United States less as a trusted ally than as a “necessary partner.”

Such Caution Has a History

Friction in intelligence relations is common. In the post-9/11 period, European services repeatedly tightened or recalibrated cooperation with Washington over Iraq, renditions, drone strikes, surveillance programs, and privacy law. Each time adjustments were made cooperation continued.

Under Presidents George W. Bush and Barack Obama, European courts and parliaments pushed back against CIA rendition and secret detention programs, and later against lethal drone strikes in places such as Pakistan and Yemen. Council of Europe inquiries, national investigations, and litigation in the United Kingdom, Italy, and elsewhere forced governments to account for their role in U.S.-led operations. The result was familiar: liaison relationships survived, but partners added caveats and narrowed categories of cooperation that made some forms of sharing slower and more conditional.

After the disclosures of Edward Snowden revealed that Germany’s Federal Intelligence Service (BND) had assisted the NSA in monitoring European officials, including German Chancellor Angela Merkel, Berlin temporarily halted certain NSA-tasked internet surveillance while parliamentary and legal reviews ran their course. Cooperation resumed, but not on the old terms. German oversight bodies demanded clearer limits and more formal tasking. Both sides accepted tighter auditing and documentation of what could be collected, on whom, and under which authorities.

In parallel, the Court of Justice of the European Union (CJEU) has repeatedly narrowed the legal space for bulk data retention and for transatlantic transfers exposed to expansive U.S. surveillance powers. Judgments striking down indiscriminate metadata regimes, together with rulings that forced the EU to adopt more stringent conditions and safeguards for data transfers to the United States, did not target intelligence liaison directly. But their message was unambiguous: legal exposure does not disappear because information comes from a trusted ally. Governments are expected to interrogate how foreign-sourced data is obtained and used, and to ensure that cooperation with U.S. agencies does not sidestep domestic and EU-level protections.

These episodes reflect a caution among European partners that predates Trump. Services and courts have learned to live with friction by using the same instruments now visible in the Caribbean case. What is different now is that familiar friction is operating against unusually visible doubts about the steadiness of U.S. leadership. Unlike in the past, that unease is showing up not only in case-by-case caveats, but also in quiet efforts to give Europe more internal resilience within an alliance system it still relies on.

A Slow-Building European Baseline

That search for a more autonomous baseline is now taking institutional form in Brussels. The Commission is moving ahead with plans to build an intelligence “cell” in the Commission’s Secretariat-General. The initiative is designed to fuse information already held by member-state services, EU institutions, and open sources, and to improve how Brussels uses information it already receives. The timing invites an easy narrative of cause and effect that the facts do not support. Whereas the carve-outs over maritime strikes are a narrow legal hedge, the push for a more integrated intelligence network has grown in the face of sustained Russian aggression and spreading instability in the Middle East and Africa. These developments intersect in their logic, not their origin: both reflect a quiet effort to make sure Europe is less exposed when U.S. choices become harder to predict.

Calls among EU nations for a more integrated intelligence network have been ongoing but have intensified over the last year. In November 2024, Sauli Niinistö, the former Finnish president and now a special adviser to the European Commission, delivered a mandated report that recommended strengthening the EU’s Single Intelligence Analysis Capacity—the combined civilian Intelligence Analysis and Situation Centre (INTCEN) and the EU Military Staff’s intelligence directorate that serves as the EU’s main hub for strategic warning and situational awareness—and, over time, developing it into a “fully fledged intelligence cooperation service” for EU institutions and member states. The aim, Niinistö stressed, was not to create a European CIA, but to give EU leaders a clearer, timelier understanding of threats based on intelligence that capitals already hold.

Officials in the European External Action Service—the diplomatic service in charge of executing the EU’s international relations—worry about duplication with INTCEN, and several capitals remain wary of giving Brussels a larger formal role in handling their reporting. But the political intent is clear enough: the Commission wants a more direct hand in how information already inside the EU system is fused and fed into decision-making, so that leaders in Brussels are not reliant on occasional national briefings or U.S. readouts to understand their own security environment.

The instinct behind this effort—to have a European baseline that does not rise or fall with U.S. domestic politics—did not begin with Trump. His presidency has, however, turned a long-standing worry into a present problem. In Trump’s first term, European governments watched a U.S. president cast aside his own intelligence services when their findings were personally or politically inconvenient. He publicly discounted U.S. assessments of Russian election interference while standing beside Vladimir Putin in Helsinki. And he brushed past the CIA’s judgment on Washington Post reporter Jamal Khashoggi’s murder while deepening security and investment ties with Riyadh. In his second term, his administration paused battlefield intelligence support to Ukraine and delayed in arms transfers at politically sensitive moments to try to shape Kyiv’s negotiating posture.

European concerns are intensifying. Diplomats have reacted with open frustration to a Trump-backed “peace plan” for Ukraine negotiated largely over their heads. The plan would ask Kyiv to accept territorial losses and it contains clauses about “profit-sharing” from frozen Russian assets that many in Brussels regard as nakedly self-interested. The White House is once again pressuring Ukrainian President Volodymyr Zelenskyy to express public gratitude while hinting that future U.S. support will depend on Kyiv’s willingness to accept such unfair terms. For Europe, the message is not subtle: intelligence and military backing are bargaining chips, not joint commitments. For many European officials, the practical response is not to walk away from U.S. intelligence, but to make sure that when Washington swings, Europe has enough internal capacity to ride out the turbulence and repair the relationship later.

U.S. intelligence services are not blind to Europe’s anxieties. CIA Director Ratcliffe reportedly made a deliberately low-key stop in Brussels at the end of October, officially to brief the North Atlantic Council, but with a parallel set of meetings with EU High Representative Kaja Kallas and senior officials from INTCEN and the EU Military Staff. The subtext, as several European officials described it, was that European partners should distinguish between the volatility of the Trump White House and the steadier posture of U.S. intelligence agencies. That kind of reassurance mission would have been unnecessary a decade ago. It now takes place alongside accelerated intra-European cooperation, talk of “coalitions of the willing” to sustain support to Ukraine, and selective carve-outs such as the Venezuela issue.

Taken together, these steps are best understood as a layered insurance policy: modest institutional reforms in Brussels, pragmatic efforts to keep cooperation intact through a turbulent American presidency, and a recognition that Europe cannot afford to be wholly dependent on the reliability of any one administration in Washington. The open question is whether this remains a bounded adjustment—an extra set of valves around a still-shared system—or is it the first stage of a more lasting shift in how defaults on both sides of the Atlantic are set? That uncertainty is the backdrop for asking, in concrete terms, what a more serious hardening of European caution would look like in practice.

What Deeper Hedging Would Look Like

A deeper European hedge against dependence on U.S. intelligence would show up less as a formal rupture than as a reset in default settings—from “share unless there is a clear reason not to” to “hold back unless we are sure this will not create legal or political exposure.” That kind of reset would show up in the structure of cooperation itself: how categories of activity are defined, which channels remain open by default, and which are treated as exceptional.

One visible sign that caution has crossed into something more serious would be the spread from a handful of tightly defined exclusions to a walling off of broader categories of cooperation. Each carve-out could still be justified on its own terms—domestic legal constraints, parliamentary pressure, proportionality concerns—but the accumulation would matter. It would mark a move away from treating differences between U.S. and European targeting practices as manageable friction and toward assuming that those gaps are large enough to warrant narrower, more qualified sharing as the default.

The clearest signal of a shift—and the most consequential—would occur below the surface: administrative rather than declaratory. Services can tighten their control over who else gets to see and reuse the material they collect, adjust dissemination markings, and require additional legal sign-off before certain products are shared or used operationally. Analysts can be told, formally or informally, to privilege national or commercial collection when building key assessments and to treat U.S. reporting more to fill gaps than as the backbone of their picture—a significant change for services that still depend on U.S. reach and persistence they cannot easily replicate. Liaison embeds can be reduced by a few billets at a time, or their access to particular databases and working groups trimmed back. Over time, those choices add up to a different pattern of who sees which products, on what issues, and with how much delay.

Those disruptions would be asymmetrical. European States would gain resilience and political room to maneuver, but they would also assume more of the burden of fusing and defending their own intelligence in contentious cases. The United States would retain unmatched technical capacity, yet find that some of the most valuable “crown jewel” access held by European partners is only available later, on narrower terms, or not at all. The alliance would still function, but with less of the easy presumption that information will move quickly and fully across the Atlantic just because it always has.

A System Under Strain, Not in Free Fall

However the Venezuela episode is resolved, the more important shift is in the default settings of the U.S.-Europe security relationship, not in any single carve-out. European services are not weighing whether to walk away from U.S. intelligence; they are working out how much exposure to U.S. swings their own law, politics, and publics will tolerate, and building a little more slack in the system. The risk for Washington is the opposite: that these adjustments are treated as background noise rather than as feedback about how allies now think about American reliability.

As of today, liaison channels remain open, Five Eyes still sits at the core of Western cooperation, and European governments continue to rely on U.S. reach in ways they cannot quickly replace. The risk at this stage is not collapse; it is normalization of a more conditional, more guarded partnership.

That is one reason the day-to-day relationships between analysts and operators are likely to endure even through a turbulent presidency. Joint targeting cells, embedded liaison officers, and long-standing case-specific channels are built on habits of cooperation and professional trust that do not vanish with an election. The strain shows up first at the upper tiers: general counsel offices, directorates that set foreign-disclosure policy, and political appointees who decide how tightly to keep sensitive reporting inside national systems. That is where allied services are now recalibrating.

The United States’ intelligence advantage has never been only about its own collection; it has rested on partners’ willingness to route their best reporting through American systems and to take U.S. assessments as a starting point for discussion. If those habits weaken—even without a single embassy protest or formal suspension—the United States will feel it at the margins: fewer early warnings from European coverage, more delays, more caveats at exactly the moments when speed and confidence matter most.

The system can absorb strain. Five Eyes and related networks were built to survive political swings and policy disputes, and they have done so before. What would be harder to manage is a gradual thickening of legal and political hedges that makes “hold back unless we are sure” feel like the safer default. That tendency did not begin with Trump, but his second term is giving it new tests and, at times, sharper visibility.

For Europe, the path forward involves building more tools to compare notes internally and more confidence in its own legal and analytic judgments, while keeping U.S. access where it remains clearly in their interest. For the United States, the choice is more practical than dramatic. It can treat episodes like the Venezuela carve-out as irritants to be pushed past, assuming that allies will always come back because they need American power. Or it can read them as reminders that even close partners will fence off parts of cooperation when domestic law, politics, or public opinion demand it.

If that pattern widens, the consequences are likely to be incremental rather than spectacular: more issues where European services decide to keep certain streams narrower, more moments when Washington learns that some of what it once saw automatically now arrives later, with more conditions attached, or not at all. That is still a system under strain, not in free fall—but it is one in which the United States should no longer assume that what reaches its inbox is the whole of what its allies know.

The post The Quiet Rebalance in Transatlantic Intelligence appeared first on Just Security.

The Trump administration has been hyping the threat posed by Antifa for months. “Antifa is an existential threat to our nation,” Attorney General Pam Bondi claimed. Department of Homeland Security Secretary Kristi Noem has argued that the “network of Antifa is just as sophisticated as” ISIS and Hezbollah, two international terrorist organizations that have murdered tens of thousands of civilians and combatants in attacks and guerilla warfare around the globe.

The new designations do not support the administration’s case that Antifa presents an “existential” threat to Americans. Indeed, the move appears to do little, or nothing, to protect Americans either at home or abroad. If anything, the State Department’s announcement shows that the administration is unsuccessfully laboring to portray “Antifa” – an amorphous “anti-fascist” movement with no clear leadership or hierarchy – as a significant terrorist threat. And it could be used to undermine the civil liberties of U.S. citizens. 

A Far Cry from the Threat Posed by Al-Qaeda on 9/11

 The U.S. government created the SDGT listing process as part of Executive Order (E.O.) 13224, which was signed by President George W. Bush in the aftermath of the 9/11 terrorist attacks. Nearly 3,000 people perished during al-Qaeda’s attacks on New York City, Washington, D.C., and Pennsylvania. Thousands more have succumbed to, or still suffer from, related illnesses. Around that same time, the United Nations Security Council, NATO, and Organization of American States mobilized to respond to the al-Qaeda threat.   

From that moment forward, the SDGT list created a powerful tool, overseen by the U.S. Treasury Department, to cut off the international finances of terrorists capable of such large-scale attacks. Prior to the second Trump administration, the overwhelming majority of entities on the list were associated with al-Qaeda, ISIS, Iranian proxies or other global terrorist networks that had killed or threatened Americans.

The threat posed by the four newly designated entities, which have been responsible for small-scale attacks resulting in minimal casualties outside of the United States, falls far short of al-Qaeda or the other global terror networks previously designated. The State Department does not allege that any of the newly designated entities are capable of 9/11-style attacks. The Department does not claim that any Americans have been killed in their operations. Nor has the Department demonstrated that they endanger Americans or U.S. interests either at home or abroad, even though such threats are a prerequisite for inclusion on both the SDGT and FTO lists, which are authorities statutorily provided through congressional legislation. Indeed, the relevant statute giving the Secretary of State authority to designate an FTO requires “the terrorist activity of the organization threatens the security of United States nationals or the national security of the United States.”

Under E.O. 13224, the Secretary of State is authorized to “designate foreign individuals or entities that he determines have committed, or pose a significant risk of committing, acts of terrorism that threaten the security of U.S. nationals or the national security, foreign policy, or economy of the U.S.” The criteria for inclusion on State’s FTO list, under section 219 of the Immigration and Nationality Act (INA), contains similar language. 

Nothing in the State Department’s fact sheet satisfies this criterion – even if one were to read it in the broadest possible manner. Antifa Ost’s followers have engaged in street fights with suspected “fascists” in Germany and Hungary (more on that below). The FAI/FRI “primarily operates in Italy,” has affiliates elsewhere, and has threatened “political and economic institutions” in other countries, but the State Department does not claim it has plotted against the U.S. government or Americans. The remaining two entities – Armed Proletarian Justice and Revolutionary Class Self-Defense – are based in Greece and have targeted the Greek government and police. The latter group, Revolutionary Class Self-Defense, has claimed responsibility for two minor attacks in Greece that resulted in little damage and no injuries. As Reuters reports, such attacks are hardly new, as “[s]mall-scale attacks on businesses, police, politicians and embassies are frequent in Greece, which has a long history of political violence by leftist and anarchist groups.”

If the Trump administration has intelligence indicating that these groups pose a real threat to Americans, the U.S. government or its interests, then it should present it. The publicly available evidence does not support such a conclusion. Instead, the evidence shows that the targeted networks are responsible for a low-level of violence in European countries.

Inflating the Threat Posed by “Antifa”

The Trump administration has not clearly defined what it means by “Antifa.” Experts have long recognized that Antifa is an amorphous movement with no clear national, let alone international, leadership or hierarchy. According to a Congressional Research Service (CRS) assessment published in 2020, the “U.S. antifa movement appears to be decentralized, consisting of independent, radical, like-minded groups and individuals” and “lacks a unifying organizational structure or detailed ideology.” The first Trump administration’s national security leaders agreed with this assessment.

As mentioned above, in contrast, DHS Secretary Noem has compared Antifa’s “network” to ISIS and Hezbollah. She also compared Antifa to international criminal gangs such as MS-13 and Tren de Arugua, as well as Hamas. But Antifa lacks the organizational structure and hierarchy of each of these five organizations. Indeed, Noem’s comparison inadvertently reveals the weakness of the Trump administration’s case, as it has failed to demonstrate how Antifa is a cohesive group or “network” comparable to the world’s leading terrorist organizations.  

Without specific criteria for defining “Antifa,” the U.S. government has no firm basis for concluding which groups or individuals belong to it, beyond those who somehow self-identify as its adherents. This opens the door for the Trump administration to abuse the term as a catch-all for leftwing groups and individuals who are broadly opposed to “fascism,” but may otherwise have no ties to one another.

This talk of “Antifa” untethered to facts is evident in the State Department’s treatment of the four foreign entities. 

Only one of the four entities designated by the State Department, the German-based Antifa Ost, openly brands itself as part of the Antifa movement. But the administration has not alleged that Antifa Ost is connected to any American Antifa adherents. It is not clear what ties, if any, there are between Antifa Ost and the other three entities, which are based in Italy and Greece. Nor is it clear if the other three have any ties to Antifa at all, either in other countries or inside the United States. It appears that the administration is simply conflating other far-left extremists and anarchists with Antifa, as if they are all part of the same network.

For instance, the first known American Antifa group was established in Portland, Oregon in 2007. As the State Department itself notes, the anarchist FAI/FRI began operating approximately four years earlier, in 2003, meaning that it predates the birth of the American Antifa movement. The Trump administration has not explained why it considers FAI/FRI, which has a long track record of violence on its own, to now be a part of Antifa in any meaningful sense.

The Trump administration has not designated neo-Nazi groups banned by democratic allies

The first entity listed by the State Department is Antifa Ost, also known as Antifa East and the “Hammer Gang,” a name its adherents earned by wielding hammers in their street attacks. Although Antifa Ost is based in Germany, the Trump administration reportedly did not coordinate its designation process with the German government. It is easy to see why. After the designation was announced, a spokesperson for the German Interior Ministry explained that Antifa Ost’s capacity for violence has “decreased significantly” after a series of arrests – an assessment that directly undermines the Trump administration’s desire to portray Antifa as a global menace. Indeed, the State Department does not attribute any attacks to Antifa Ost’s adherents since February 2023 — that is, more than two and half years ago.

The State Department notes that Antifa Ost is “accused of having conducted a series of attacks in Budapest in mid-February 2023.” But the Department’s announcement omits a key detail – namely, these “attacks” occurred during the “Day of Honor” event – an annual neo-Nazi rally held in the Hungarian capital.  

 The “Day of Honor” rally commemorates a battle in which Nazi soldiers and Hungarian troops joined forces to break the Soviet Union’s siege of Budapest in 1945. Even though the joint Nazi-Hungarian campaign was unsuccessful, modern neo-Nazis see it as an inspiration. Hundreds of far-right extremists from around the world attend the “Day of Honor” event in Budapest each year, including in February 2023, when Antifa Ost’s adherents showed up as counterprotesters.

The “Day of Honor” rally is organized by Légió Hungária, a neo-Nazi organization. According to Bellingcat, Légió Hungária maintains close relationships with other international neo-Nazi and skinhead groups that participate in the “Day of Honor” rally. These include Blood & Honour (B&H), which originated in the United Kingdom and has maintained presence inside the United States since the 1990s, and Hammerskins. America’s allies have long recognized the international threat posed by both groups.     

In 2000, Germany banned B&H after it was linked to a series of racially motivated murders. In 2010, a Spanish court ordered the dissolution of a B&H chapter after 18 of its members were “found guilty of illicit possession of arms and inciting hate for racist and anti-Semitic reasons.” In 2019, the French government dissolved a B&H affiliate inside the country. The Canadian government banned B&H and Combat 18 that same year, explaining that the group had carried out “murders and bombings” across several countries, including the murders of two homeless men in Tampa Bay, Florida in the late 1990s. In 2020, Germany then added Combat 18 to its list of prohibited groups. Finally, in January of this year, the U.K. government froze B&H’s financial assets, finding that there were “reasonable grounds to suspect [it] of being involved in terrorist activities through promoting and encouraging terrorism, seeking to recruit people for that purpose and making funds available for the purposes of its terrorist activities.”

 In 2023, the German government banned Hammerskins (also known as Hammerskin Nation), which was founded in Dallas, Texas in the late 1980s. The German interior ministry explained that “Hammerskins affiliates exist in a number of countries” and its “members call each other ‘brothers’ and see themselves as part of an elite ‘brotherhood,’” with approximately 130 members in Germany alone. Authorities “seized cash and large quantities of weapons,” as well as Nazi paraphernalia, in raids across the country. The interior ministry specifically thanked the American government for its cooperation, saying it “worked closely with its U.S. partner agencies to bring about this ban on a right-wing extremist and racist organization.” Such bilateral cooperation stands in direct contrast to the U.S. government’s unilateral designation of Antifa Ost.

Thus far, the administration has failed to employ the U.S. government’s powerful designation authorities against the neo-Nazi organizations that participate in the “Day of Honor” rally, or any other like-minded groups, even though several allied democratic nations have already done so. Instead, Trump’s State Department has followed the course set by Viktor Orban’s autocratic regime, focusing the power of the state mainly on the leftwing counterprotesters who clashed with neo-Nazis in Budapest in February 2023. The administration has done so even though the far-right was also culpable for the violence. 

For example, a previous report by the State Department clarified that violence broke out during the 2023 event when “extreme-right and neo-Nazi groups clashed with antifascist counterprotesters.” Although local police attempted to ban the rally beforehand, “several hundred extreme-right and neo-Nazi sympathizers gathered” and “antifascist demonstrators … assaulted several individuals they assumed to be affiliated with the extreme right.” The violence was not one-sided, however, as “extreme right sympathizers reportedly attacked groups they took to be antifascist demonstrators.”  

Concern that the Trump Administration Will Abuse the Designation Process to Target Domestic Opposition

 Since the murder of Charlie Kirk on Sept. 10, senior administration officials have repeatedly claimed, without evidence, that a leftwing terrorist network, supported by non-governmental organizations (NGOs), threatens the security of Americans. Antifa is the main foe they cite. 

On Sept. 22, President Donald Trump issued an E.O. deeming Antifa a “domestic terrorist organization.” The E.O. lacked legal teeth, as the label does not create any new legal authorities to target groups operating inside the United States. Still, the E.O. signaled that the administration was probing for ways to conduct a broader crackdown on leftwing groups.

On Sept. 25, Trump followed up with a national security presidential memorandum (NSPM-7) claiming that the “anti-fascist” “lie” is used by “domestic terrorists” to threaten America’s “democratic institutions, constitutional rights, and fundamental American liberties.” The memorandum directs agencies of the U.S. government to take various actions against these supposed “networks.” Civil liberties and pro-democracy groups immediately saw NSPM-7 as a threat to free speech and civil society, as the memorandum imagines a broad conspiracy requiring a whole of government effort to combat. The memorandum seemingly invites branches of the U.S. government, including Joint Terrorism Task Forces (JTTFs) around the country, to surveil and investigate groups and individuals based on “indicia” (beliefs) such as “anti-Americanism, anti-capitalism, and anti-Christianity.”

Secretary of State Marco Rubio invoked those three types of beliefs when announcing the designations of the four “Antifa” groups, vowing to “continue using all available tools to protect our nation from these anti-American, anti-capitalist, and anti-Christian terrorist groups.” Indeed, the State Department’s SDGT and FTO designations are the latest step in the administration’s campaign to portray Antifa as a top-tier threat.

FTO designations are powerful by design, as Thomas Brzozowski, the former counsel for Domestic Terrorism in the Counterterrorism Section of the U.S. Department of Justice, has written in these pages. Once a group is designated as an FTO, the U.S. government can invoke legal authorities that allow it to surveil and harass any party connected to it – including organizations inside the United States. It is for that reason that the State Department’s designations of four alleged “Antifa” groups is potentially worrisome. Although the administration has not yet branded “Antifa” in its entirety as an FTO, it is apparently seeking ways to invoke those intrusive authorities against an enemy that is conjured without evidence and conceptually undefined. 

None of this is to suggest that the threat of leftwing political violence should be dismissed. It is real, but the U.S. government already has the tools needed to combat it. And as the review above is intended to show, the new designations are unnecessary. They are surely not based on a bottom-up assessment of the threat that these entities pose, but instead a top-down desire to create a bogeyman.

When Trump first announced his intent to designate “Antifa” as a foreign terrorist organization in mid-September, Hungary’s Orban quickly cheered. Orban’s enthusiasm was telling, as he has used the power of the state to hollow out opposition to his autocratic regime, which he has described as an “illiberal democracy.” Some hard-right politicians in different parts of Europe followed Trump’s statement by announcing their own interest in designating “Antifa” a terrorist organization. On Sept. 26, Hungary declared Antifa Ost a terrorist organization and then “added the group to its national anti-terrorism list.” It was conspicuous that Orban did not take a similar action against any of the neo-Nazi groups that march in Budapest every February. After all, they do not protest his rule. Meanwhile, the policy actions taken by the Trump administration to address domestic terrorism thus far, including NSPM-7, fail to address the threat posed by far-right extremists in the United States.     

The post State Dept’s Foreign Terrorist Designations Undermine Claims of “Antifa” Threat appeared first on Just Security.

Reports have also emerged that the Netherlands has curtailed intelligence cooperation due to fear that the United States might use it to support human rights violations or, a rather shocking concern, assist Russia. 

Canada, which is conducting Operation Caribbe in coordination with the Coast Guard and 13 other nations, has likewise informed the United States that the information it provides is not to be used to facilitate the boat strikes. As a spokesperson for the Department of National Defence emphasized, “Canadian Armed Forces activities under Operation Caribbe, conducted in coordination with the United States Coast Guard, are separate and distinct from the activities you describe involving other branches of the United States military.” 

And Colombia, which has long collaborated hand-in-glove with the United States on counter-drug operations, has similarly suspended intelligence sharing with U.S. intelligence agencies until the strikes end. Colombian President Gustavo Petro justified the decision by noting,  “The fight against drugs must be subordinated to the human rights of the Caribbean people.” Mexico has also opposed the boat strikes, called on the United States to respect international treaties, and most recently announced an arrangement with the United States whereby the Mexican Navy will intercept boats near the countries’ coasts in order to prevent further lethal attacks in that area.

In recent days, E.U. leaders and member States, such as France, have told journalists that they consider the boat strikes flatly illegal. (France too has a significant presence in the region, including past work with U.S. counter-narcotics operations.) In response to such European legal concerns, Rubio quipped, because many of the shipments are bound for Europe, “Maybe they should be thanking us.”

Suspension of intelligence sharing is not new. For example, Germany and other European States froze intelligence following revelations of torture and rendition in the aftermath of the 9/11 attacks. And the 2003 invasion of Iraq by U.S. forces motivated France to curtail intelligence cooperation on the basis that the invasion was unlawful. 

The U.S. attacks on suspected drug traffickers are both short-sighted from a strategic policy perspective and morally questionable. Such concerns may have motivated the intelligence sharing restrictions that U.S. allies and partners have imposed. However, as we will explain in this essay, even setting aside those concerns, the decision to withhold intelligence and other cooperation that might contribute to the U.S. operations was a sensible decision from the perspective of international legal risk. 

To understand why, it is necessary to assess both the legality of the strikes under international law and the relationship between them and the cooperation being withheld. If the operations are lawful (they are not), other States may lawfully contribute to them, barring any other applicable rule specifically prohibiting such contributions. However, if the U.S. operations are unlawful, this raises the urgent question whether support for them would itself violate international law. In other words, would a State sharing intelligence with the United States be complicit in the “internationally wrongful acts” of the United States? Accordingly, we first conduct a brief survey of the legality of U.S. strikes and then proceed to examine the possible complicity of third States.

The Legality of the Operations

Despite protestations from the Trump administration, and the very suspect claims by a Pentagon spokesperson that “lawyers up and down the chain of command have been thoroughly involved in reviewing these operations prior to execution” and “no lawyer involved has questioned the legality” of them, international law experts who have opined on the matter are nearly unanimous in their conclusions that the strikes clearly violate international law (see, inter alia, Just Security’s collection of commentary and this episode of EJIL: The Podcast!). However, there is some confusion among the broader public regarding why this is the case.

Inapplicable Law: UN Charter, Non-Intervention, and Laws of War

The U.S. operations do not violate the prohibition on the use of force found in Article 2(4) of the UN Charter and customary international law, for that rule only bars the use of force directed at other States. Thus, attacking a flagless (Stateless) ship on the high seas does not amount to a wrongful use of force under international law’s jus ad bellum. For the same reason, the strikes do not constitute unlawful intervention into the internal affairs of other States. 

Nor do the operations violate the law of armed conflict (LOAC), as that law is inapplicable in this situation for reasons explained below. Nevertheless, the administration, in a notification to Congress and a statement to the United Nations Security Council, contends that the attacks are lawful on the basis that the United States is involved in a non-international armed conflict (NIAC) with drug cartels and that those killed were “unlawful combatants.” It is correct that civilians who directly participate in hostilities (so-called unlawful combatants) may be attacked for such time as they so participate. Moreover, in our view, members of the armed wing of an “organized armed group” (OAG) may be attacked at any time during a NIAC, so long as other targeting rules, such as the rule of proportionality and the requirement to take precautions to protect civilians in attack, are satisfied. 

However, whether those aboard the boats fall into either of the targetable categories need not detain us here; LOAC rules are simply not relevant in this situation, since it does not qualify as a NIAC. A NIAC, as distinct from an armed conflict between States, requires protracted and intense armed violence between a State and non-State organized armed group, an explanation derived from the judgements of international tribunals and long-accepted by the United States (Tadić, para. 70; ICTR, Akayesu, para. 619; ICC, Bemba, para. 229; DoD Law of War Manual, § 17.1.1). 

To begin with, drug trafficking as such has never been treated as “armed violence,” nor could it. Drug cartels sometimes use violence against a government, but it is that violence that can qualify the situation as a NIAC, not their drug activities. Moreover, the violence must be at a high level to distinguish a NIAC from “internal disturbances and tensions, such as riots, isolated and sporadic acts of violence, and other acts of a similar nature” (DoD Law of War Manual, § 17.1.1). Examples include various situations in Mexico and Colombia, where cartels or armed groups such as Sinaloa and the FARC directed intense violence against the government in addition to producing and trafficking drugs. 

Although there was no qualifying violence until the first strike, the more attacks the United States conducts, the more likely it is that this threshold will arguably be reached – despite the fact that the violence is one-sided (although some scholars believe there needs to be exchanges of fire from both sides). But even if the threshold is reached, the violence must be directed at an organized armed group. This requirement is not met simply because a group possesses weapons or sometimes uses violence to further its criminal ends, as many cartels do. To qualify, the group “must possess organized armed forces” (2016 Commentary to GC I, art. 3), which the targeted groups such as Tren de Aragua do not appear to field. 

In short, neither the intensity nor the organization requirement for a NIAC has been satisfied in this situation. Thus, there is no armed conflict and, derivatively, no applicable LOAC rule to violate. It is essential to note that this is an objective assessment of the facts. These facts cannot be ignored simply because the U.S. President proclaims otherwise – which, from the recent reporting on Department of Justice memoranda justifying these operations, appears to be the sole basis on which the otherwise inexplicable U.S. legal claims are based. 

Applicable Law: International human rights law (extrajudicial killings)

This being the case, the applicable body of law directly governing these uses of lethal force is international human rights law (IHRL). It is here that the international law violation is found. Importantly, even if, contrary to our view, the jus ad bellum prohibition on the use of force in Article 2(4) of the Charter did apply, but the United States was exercising the right to self-defense, U.S. defensive actions would still need to comply with IHRL since, as explained, the situation does not amount to an armed conflict triggering LOAC.

It has long been recognized that the arbitrary deprivation of life violates a State’s international human rights obligations (see, e.g., UDHR, art. 3). The right is found in the International Covenant on Civil and Political Rights, Article 6(1), an instrument to which the United States is a party. There has long been a debate over whether the ICCPR generally, or Article 6(1) specifically, applies extraterritorially, an issue present in the boat strikes. The United States claims that it does not, although the prevailing view, illustrated by the UN Human Rights Committee’s General Comment 36, is that it does (¶ 63). As noted in that Comment, the right extends to persons “located outside any territory effectively controlled by the State whose right to life is nonetheless affected by its military or other activities in a direct and reasonably foreseeable manner.” 

But in any event, the right to life is a customary right that applies extraterritorially, regardless of the U.S. interpretation of the ICCPR – a point that the United States has previously accepted, as explained by Ryan. This is also acknowledged in the 2024 U.S. Army’s Operational Law Handbook, which characterizes the prohibition of murder as a fundamental right, and explains that “[i]n contrast to fundamental human rights, […] non-fundamental human rights do not necessarily bind States during all operations inside and outside a State’s territory.” The implication is that a fundamental right, such as the prohibition on the arbitrary deprivation of life, does apply during all operations and extraterritorially (pages 98-99). 

Moreover, there is extensive State verbal practice and opinio juris characterizing extrajudicial killings, including those committed abroad, as violations of the right. And in its recent UNRWA advisory opinion, the International Court of Justice (ICJ) ruled that State obligations under IHRL (including customary IHRL, which the Court discusses twice in the opinion) apply when a State exercises jurisdiction extraterritorially, particularly in, but not limited to, situations of occupation (¶ 151; see more here). To put this simply, there is no doubt in our mind that, were the ICJ to be confronted with a situation similar to the U.S. strikes against suspected drug boats, the Court would rule that the right to life, i.e., the prohibition on the arbitrary taking of life, applies even if the State concerned kills people outside its own territory. 

Therefore, the question is whether these killings were “arbitrary.” The widely-accepted standard for arbitrariness prohibits the use of force likely to cause death or grievous bodily injury “except in self-defence or defence of others against the imminent threat of death or serious injury, to prevent the perpetration of a particularly serious crime involving grave threat to life, to arrest a person presenting such a danger and resisting their authority, or to prevent his or her escape, and only when less extreme means are insufficient to achieve these objectives” (Basic Principles on the Use of Force and Firearms by Law Enforcement Officials; see also U.N. Human Rights Committee, General Comment 36, para 12).

As reflected in the standard, a deprivation of life must be strictly necessary to be justified, as a measure of last resort – if a State can mitigate the imminent threat that an individual poses to others by non-lethal means, then those means must be exhausted first. It is manifest that the U.S. strikes do not satisfy this requirement. While countering drugs is a legitimate aim for State action, the fact that there are numerous operational means that the United States regularly uses to stop maritime drug-trafficking renders simply blowing the boats up unnecessary as a matter of law.

In short, there is absolutely no question that the U.S. lethal strikes on the boats are a violation of international human rights law. The violation of the right to life is as equally manifest as it would be if the United States started using drone strikes against suspected drug traffickers on its own territory. Such individuals, serious criminals though they may be, need to be arrested and put on trial, not summarily killed. We thus agree with the U.N. High Commissioner on Human Rights, who labelled the strikes as “extrajudicial killings” – this is precisely what they are. 

This legal point is very straightforward. Indeed, as a Senator, Marco Rubio sponsored legislation calling out the Philippines’ then-President, Rodrigo Duterte, for summarily killing people involved in the drug trade. The legislation stated: “Extrajudicial killings perpetrated by the Government of the Philippines as part of a government-directed antidrug campaign present the foremost human rights challenge.” Notably, the International Criminal Court approved an arrest warrant for Duterte for the crime against humanity, because a policy of such killings can eventually amount to a widespread or systematic attack on a civilian population. 

Support to the Unlawful Strikes by Other Countries

This then brings us to the question of the possible complicity of third States in facilitating the U.S. strikes in the Caribbean. As with complicity doctrines in domestic law, there are various ways in which States accrue legal responsibility by contributing to the “internationally wrongful acts” of other States (for a primer, see this Chatham House paper by Harriet Moynihan). Two are relevant here. 

First, a State may be complicit on the basis of the general rule set out by the International Law Commission in Article 16 of its Articles on State Responsibility, which provides that a State that assists another in the commission of an internationally wrongful act will be responsible for its contribution if it is bound by the same legal obligation as the assisted State, and if it provides the assistance knowing of the attendant circumstances. The ICJ has held that this rule reflects customary international law. Second, a State may be complicit based on rules that are specific to the various sub-branches of international law, like IHRL, which may set somewhat different standards than the general secondary rule.

There is no doubt that intelligence sharing can constitute such a form of wrongful facilitation, for it can causally contribute to a sufficient degree to the commission of the wrongful act (for an extended discussion, see this paper and this blog post series by Marko). Consider, for instance, the sharing of geolocational data about a boat in the Caribbean with the United States, or other information about the people on board and their activities. It is self-evident that the United States could use this information to conduct a lethal strike against the boat in question. Accordingly,  the criterion of a causal contribution, which is essential to all complicity rules, could be met in such a scenario, depending on the nature and content of the intelligence shared. 

The requirement that the same legal obligation bind the assisting State as the assisted State is likewise satisfied. All States partnering with the United States in intelligence sharing are bound by customary IHRL prohibiting arbitrary deprivations of life. Most are also parties to treaties that prohibit arbitrary deprivation of life. For instance, France, the United Kingdom and the Netherlands are party to the European Convention on Human Rights, and Colombia and Mexico are bound by the American Convention on Human Rights (arts. 2 and 4, respectively). The five, as well as Canada, are parties to the ICCPR. They are all bound by the customary international law prohibition on arbitrary deprivation of life.

But whether States sharing intelligence would be complicit in the unlawful U.S. attacks depends primarily on the fault (subjective, mental, culpability) element of the given complicity rule. There has been much discussion of this issue in the literature, which we will not examine here (see Marko’s article). We would only make two points. 

To begin with, under Article 16, the fault element would be met if the assisting State shared intelligence with the United States, knowing that the latter intended to conduct unlawful strikes and that the intelligence would facilitate them, and nonetheless decided to proceed (a form of oblique or indirect intent). After the United States has conducted 20 such strikes and has openly announced it would conduct more, no State sharing intelligence with the United States could plausibly argue that it lacked the requisite degree of knowledge. This is especially the case for intelligence that directly relates to the activities of boats or drug cartels in the Caribbean. 

Under complicity rules specific to IHRL, the requisite fault standard might be lower still – mere appreciations of a level of risk (rather than certainty) that the United States would engage in arbitrary killings using the intelligence provided. This would be a fault standard akin to recklessness, that is, one of conscious risk-taking. As explained in Marko’s piece, and although this possibility is unsettled in IHRL, a lower standard would arguably be justified by the importance of the interest being protected – the right to life.

In short, in our view, any State sharing intelligence with the United States about boats or drug trafficking in the Caribbean exposes itself to a high degree of legal risk. If the United States kills someone, and if the intelligence provided facilitates that killing, the State sharing the intelligence is itself violating international law. This is true even if the relatively high fault standard in Article 16 ASR is applied, let alone under IHRL. After 20 such strikes, no State could plead ignorance here.

As an aside, for present purposes, we do not assess whether the U.S. boat strikes could constitute international crimes, nor do we examine the potential liability of other State officials under a theory of aiding and abetting.

Conclusion 

Obviously, we have no way of knowing whether the decisions to suspend intelligence sharing were made after government ministers sought and obtained formal legal advice to that effect. The step could also have been taken prudentially, as a matter of policy. And, of course, it is politically problematic for partners and allies to publicly castigate the United States for engaging in unlawful attacks. 

However, whatever the motivation for maintaining or suspending intelligence sharing, the law is clear. The only way in which States can avoid their own responsibility for facilitating attacks that qualify as “arbitrary killings” under international human rights law is to refrain from sharing intelligence that, in part, enables them. Even mitigation measures, such as diplomatic assurances, are unlikely to adequately lower the legal risk, for the nature of the information shared is such that States sharing it cannot plausibly claim ignorance or clean hands. Simply put, any provision of intelligence known to support such attacks is unlawful. Needless to say, this is a point that States should also bear in mind with respect to any prospective U.S .operations directly against Venezuela or other States in the region.

The post The International Law Obligation of States to Stop Intelligence Support for U.S. Boat Strikes appeared first on Just Security.

While not deferring completely to the president, courts have nevertheless given DOJ significant deference, in accordance with how they have historically treated the president’s determinations regarding exigencies that threaten national security or involve foreign policy. Even applying such deference, however, lower courts have concluded, at least preliminarily, that the president’s determination about the situation in U.S. cities where he has sought to deploy the National Guard does not reflect “a colorable assessment of the facts and law within a ‘range of honest judgment.’”

This hesitation to defer to the president’s determination is warranted, not only because, in the words of Judge Karin Immergut in the Oregon case, that presidential determination was “simply untethered to the facts,” but also because the reasons for historical deference to the judgment of the Executive Branch in matters of national security and foreign policy have been severely undermined during the first eight months of the Trump administration.

Deference to the president based on his superior access to intelligence information provided by seasoned intelligence analysts and counterterrorism and counterintelligence experts is no longer warranted where: (1) many of these experts have been fired or stripped of their security clearances for political and retaliatory reasons; (2) presidential determinations have been contrary to the considered assessments of the intelligence community (for example, contrary to Trump administration claims regarding the Venezuelan criminal gang Tren de Aragua (TDA), the declassified National Intelligence Council assessment that “the Maduro regime probably does not have a policy of cooperating with TDA and is not directing TDA movement to and operations in theUnited States”); and (3) the administration has pushed the envelope on compliance with court orders and then sought to shield itself from review by invoking deference in matters of foreign policy and national security.

A deep dive into the controversy over the president’s invocation of the Alien Enemies Act to spirit away alleged members of Tren de Aragua to an El Salvadoran terrorist prison without any notice or opportunity to be heard illustrates these points.  I wrote about this for Georgetown Law’s Journal of National Security Law and Policy, which is available in full here:

The post When Deference is No Longer Due appeared first on Just Security.

The mechanics of Trump’s campaign to muzzle the media were on display in the brief suspension of Jimmy Kimmel Live! after a Kimmel monologue following the murder of Charlie Kirk prompted the chair of the Federal Communications Commission (FCC) to suggest that ABC affiliates that continued to air the show risked regulatory sanctions. They were evident in Trump’s $15 billion defamation suit against The New York Times and others for allegedly conspiring to portray him as corrupt, in a complaint so obviously written to advance a political narrative rather than to right a legal wrong that the court immediately threw it out as “decidedly improper and impermissible.” And they were reflected in the new press policy announced by the Department of Defense asking Pentagon reporters to acknowledge that soliciting information not pre-approved for public release is illegal and grounds for revocation of their press passes.

These moves—threatened regulatory action, sprawling lawsuits, credential pledges—are soft instruments. They rely on leverage, intimidation, and the hope that delay or distribution control will shape behavior without forcing a direct constitutional clash. But their very limits point to what remains available. When regulatory pressure stalls or procedural setbacks mount, the administration still holds a statute with sharper teeth for controlling news reports: the Espionage Act of 1917.

The Act’s scope is broad, its penalties severe, and it contains no explicit public-interest defense. It has been used to punish leakers and intermediaries; under some readings, its sanctions could also apply to the press.

What has prevented its application to journalists until now has not been the text of the statute, but the choice of presidents and prosecutors to exercise the type of restraint this administration has shown little interest in. While no administration official has publicly pledged to indict journalists under the Act, the administration’s posture and rhetoric make plain that it understands the statute’s power. In June, when asked directly about the potential use of the Espionage Act against journalists, a White House spokesman stated: “Leaking classified information is a crime, and anyone who threatens American national security in this manner should be held accountable.”

Unlike access rules or civil litigation, the Espionage Act’s reach is criminal, its language capacious, and its chilling effect immediate. It does not require prior restraint for the Act to narrow what the public learns. The law raises the stakes after publication, transforming routine reporting on national security into potential criminal exposure. This is the hard edge that makes every softer measure credible. Behind the latest experiment in credential control lies a law designed for spies, now positioned to be wielded against journalists and possibly others—academics, commentators, even comedians—who speak up on any issue the administration can link to a perceived national security concern.

The Espionage Act’s Dangerous Elasticity

The Espionage Act, codified primarily at 18 U.S.C. § 793, is one of the broadest criminal statutes in the national security field. It criminalizes the obtaining, retention, or communication of “information relating to the national defense,” a phrase that Congress left undefined and the courts have never narrowed with clarity. In Gorin v. United States (1941), the U.S. Supreme Court upheld the law against vagueness challenges, concluding that “national defense” was a “generic concept of broad connotations.” This open-endedness has given prosecutors wide latitude, allowing them to pursue not only traditional espionage cases but also disclosures to the press or even negligent handling of documents.

The Act’s scope is further expanded by the fact that “information relating to the national defense” is not limited to information the government has formally classified. Courts have held that classification is an administrative tool, not a legal element of an Espionage Act offense. This means that unclassified material can be subject to prosecution if the government asserts that it touches on national defense.

Crucially, the statute’s terms do not expressly require the government to prove either that national defense information was disclosed with an intent to harm the United States or even that a disclosure caused any actual harm. In the government’s view, a crime is committed if a person should have “reason to believe” disclosure could be injurious—a standard far more forgiving to prosecutors than the bad faith intent required by most federal criminal statutes. Thus, a journalist acting in good faith and reporting important, newsworthy information could be accused of violating the malleable terms of the law.

Another distinctive feature of the Espionage Act is its criminalization of “passive conduct.” Section 793(e) makes it unlawful not only to transmit national defense information but also to retain it without authorization or to fail to return it on demand. This provision has become particularly salient in recent years, as seen in the Trump classified records case, where prosecutors argued that mere possession of national defense materials at Mar-a-Lago—absent any proof of dissemination—was a felony. For journalists and commentators who may receive sensitive material from confidential sources, this raises still further risks. The legal exposure does not turn on whether they publish, but on whether the government concludes they unlawfully “retained” the material at any point.

For decades after its enactment, however, the Espionage Act was applied in accordance with the common-sense meaning of espionage—against spies, saboteurs, and those who transmitted military secrets to foreign powers. Through two world wars and more than half a century, prosecutions were largely confined to individuals passing troop movements, ship designs, or defense plans. This changed significantly in 1985 when the Reagan Justice Department convicted Samuel Morison, a civilian analyst at the Naval Intelligence Support Center, under §793 for leaking satellite imagery to the magazine Jane’s Defence Weekly. His conviction—upheld on appeal—was the first successful use of the Act against a government employee for providing information to the press rather than a foreign government. While Morison’s conviction signaled the potential to treat unauthorized disclosures to journalists as Espionage Act violations, that potential lingered, largely unused for two decades.

Amidst heightened security concerns after the September 11 attacks, however, the Justice Department increasingly turned to the Espionage Act to pursue insiders accused of leaking to the press. A trend that began under President George W. Bush accelerated dramatically under President Barack Obama, whose Justice Department filed eight Espionage Act indictments against leakers. Targets included Thomas Drake, indicted for retaining documents about NSA surveillance; Jeffrey Sterling, prosecuted for disclosing details of a CIA program; Chelsea Manning, charged for transmitting defense-related information during the war in Afghanistan; and Edward Snowden, charged for disclosures concerning massive government surveillance of U.S. citizens. In each of these cases, prosecutors aimed at the source who leaked to the press, not at the journalist who published the information, preserving a line between punishing disclosure and punishing publication.

That line blurred in May 2019, when the Trump Justice Department indicted Julian Assange on 17 counts under the Espionage Act, alleging he conspired with Chelsea Manning to obtain and publish defense-related information. The charges marked the first time a publisher was directly accused under the statute. In 2024, Assange pleaded guilty to a single conspiracy count, resolving the case but leaving unresolved the central constitutional question: whether the First Amendment protects journalists who publish truthful national defense information. No court has yet ruled definitively on whether publication of true, newsworthy national defense information can be subjected to criminal penalties.

The Assange case was not an isolated incident of Trump focusing on a publisher through the lens of the Espionage Act. During his first term, the Trump Justice Department secretly obtained the phone and email records of reporters from the Washington Post, New York Times, and CNN as part of leak investigations. The disclosures, which did not become public until 2021, underscored the administration’s willingness to treat the press as part of the investigative landscape. That practice—long criticized as chilling to newsgathering—foreshadowed a more aggressive posture in Trump’s second term.

Administrative Rules as Prosecution Triggers

The Espionage Act has always stood as a formidable weapon that past administrations have applied with caution. Since January, an accumulation of administrative rules has shifted the landscape and expanded the Act’s practical reach. New credential pledges, an expanded focus on “Controlled Unclassified Information,” and broadened prepublication review requirements have not amended the law, but they have multiplied the circumstances in which reporting can be cast as “unauthorized.” The cumulative effect is to transform rules that once served as internal guidance to the Intelligence Community into potential triggers for prosecution—an effect that aligns closely with this administration’s appetite to use every available lever against disfavored speech.

A clear example of this transformation involves Controlled Unclassified Information. The CUI designation was originally meant to rationalize the tangle of labels agencies had improvised for decades to identify “sensitive but unclassified” information. Under earlier administrations, a CUI designation functioned mainly as an internal housekeeping tool. In Trump’s second term, it has acquired a different weight. By conditioning Pentagon access on a reporter’s written acknowledgment that disclosing CUI without permission will harm national security—something clearly untrue in many circumstances—Hegseth is converting an internal marking into a boundary for public reporting. Restraint has given way to opportunism: a label that once guided document handling now operates as a filter on what journalists can report without fear of potential prosecution under the Espionage Act.

CUI’s reach makes the shift more than symbolic. The program now spans over 100 categories of information across federal agencies, covering everything from infrastructure schematics to immigration data. Each designation is bureaucratic, not statutory, yet when tied to credential conditions or nondisclosure rules it can function as a speech restriction with real consequences. For journalists, the sprawl means that a wide range of ordinary reporting—from base security lapses to procurement disputes—can be recast as involving protected information. For prosecutors, it supplies a ready-made bridge: what begins as a violation of agency handling rules can, if politically useful, be reframed as “national defense information” within the meaning of the Espionage Act.

Prepublication review offers a parallel mechanism of control distinct from Defense Secretary Pete Hegseth’s press-access regime. Under Intelligence Community Directive 711, current and former intelligence personnel must submit for review any work touching on their service before its public release—even if the author judges the work to contain no classified content. The directive’s broad language, open to interpretation, means that many borderline pieces will still be subject to review. Critics have argued that the directive functions as a soft prior restraint, chilling speech through uncertainty.

What elevates the significance of ICD 711 today is its discretionary reach. The Director of National Intelligence’s role in defining “covered intelligence” grants flexibility to stretch review obligations—and to apply them unevenly. Because these reviews occur within agencies and outside of public view, the processes lack the procedural rigor and transparency of adjudicated prosecutions. That opacity makes prepublication review more inviting as a tool of influence: delays, redactions, or informal pressure all signal risk to authors. Over time, those constraints shift perceptions of what is “authorized,” potentially reinforcing the logic by which Espionage Act exposure is later claimed.

CUI and prepublication review, in addition to pledges required for press credentials, constitute a layered system that enlarges what can be deemed “unauthorized” and prepare the ground for Espionage Act application. A Pentagon reporter who agrees not to publish CUI, a retired officer constrained by ICD 711, or a journalist who receives material withheld in a prepublication review all face the same structural risk from information outside the classified system that is treated as off-limits. This shift does not rewrite the statute, but it makes its use easier, broadening the funnel through which ordinary reporting or commentary can be recast as grounds for criminal prosecution.

Where the Fight Moves

Legal challenges to access rules and credential pledges are the kind of battles the press knows how to fight. Newsroom lawyers are quick to mobilize when credentials or publication are at stake, and courts have long invalidated prior restraints and conditions that make access contingent on content. But that is not where the greater opportunity for press coercion and intimidation lies. The more consequential pressure point is post-publication, where compulsory process—grand jury subpoenas, search warrants, compelled testimony—can expose sources and reporting chains without triggering any well-settled constitutional constraints. A newsroom can win an injunction against a credential pledge and still lose the larger fight if its records are pulled into a leak investigation.

Attorney General Pam Bondi cleared the way for pulling the press into leak investigations within weeks of taking office. In April, she rescinded the Justice Department’s 2021 newsroom guidelines that barred prosecutors from issuing subpoenas for reporters’ phone and email records in leak investigations. That rollback restored tools long criticized as chilling—grand jury subpoenas, compelled disclosure of communications, secret acquisition of reporters’ records—and signaled that the administration intended to use them. Paired with Trump’s public declarations that journalists who publish classified information “should be in jail,” the change stripped away the guardrails that had kept the Espionage Act’s most aggressive applications in check. The stage was set for a return to high-profile leak prosecutions, not as rare events but as warnings and determinations of loyalty.

There are three main ways the Trump administration could weaponize the Espionage Act to silence the press. The most familiar step would be the prosecution of their sources—those who disclose information without prior approval. The post-9/11 cases against Drake, Sterling, and Manning made clear that prosecutions for disclosure of classified information could succeed—or at least devastate careers—even when evidence of harm was tenuous or charges later collapsed. A second Trump administration has every incentive to press this line harder. By defining “national defense information” broadly and seeking harsher sentences, prosecutors can convert leak cases into loyalty tests: a signal that disclosure by a perceived critic, even inadvertent, may be treated as a felony. The spectacle matters as much as any conviction. The aim is deterrence through ruin—making examples of individuals so that others hesitate before sharing information that casts the administration in an unfavorable light.

The second step would turn the focus directly to the press. In Branzburg v. Hayes (1972), the Supreme Court held that journalists do not have a First Amendment privilege to refuse a grand jury subpoena. Although lower courts have widely recognized a qualified privilege in civil cases, no court has extended that protection to reject a subpoena in a leak investigation framed as a national security concern. This approach, too, has practical consequences. Judith Miller of the New York Times spent 85 days in jail rather than testify before a grand jury investigating the Valerie Plame leak. James Risen, also of the Times, fought a subpoena for years before prosecutors relented, but only after immense personal and financial cost. Motions to quash, contempt proceedings, and grand jury appearances consume vast resources. Legal uncertainty breeds caution in newsrooms; editors must weigh whether running a sensitive story is worth the cost of potential litigation. With DOJ’s prohibition on reporters’ subpoenas rescinded, a Trump administration could again jail reporters for contempt if they refused to disclose their sources, confident that Branzburg shields them from successful appeal.

The third and most radical option—once considered unthinkable—would be direct prosecution of reporters or editors for publishing stories relating to national defense. The theory advanced in the Assange indictment provided a template the Trump Justice Department could adopt against domestic journalists. The only reported decision addressing this theory came from a district court judge in United States v. Rosen (2006), the so-called “AIPAC case.” Two lobbyists were indicted under the Espionage Act for receiving information during meetings at the Pentagon that they transmitted to Israel. Though charges were eventually dropped, the court held that non-government actors could, in principle, be prosecuted for possessing or communicating national defense information that came into their possession. That ruling, coupled with Assange’s guilty plea, gives Trump’s lawyers ample running room to seek indictments against journalists under the Act. The spectacle of jailed journalists or newsrooms forced into court battles over potential criminal punishment could achieve the desired deterrent effect without producing a single guilty verdict.

The impact of these strategies would not be to eliminate leaks, but to recalibrate the risk calculation. By raising the legal and financial stakes for both insiders and reporters, Trump could constrict the flow of politically damaging stories. The Espionage Act’s elasticity allows prosecutors to treat ridicule or dissent as a threat to the national defense, turning political grievances into national security prosecutions.

For Trump, the success of this strategy would not be measured in convictions but in silence. What matters now is not only how far Trump is willing to go, but whether the courts would stand in the way.

Judicial Deference—and Its Limits

The framers of the U.S. Constitution saw a free press as the “bulwark of liberty” that had to be protected to restrain government’s “natural tendency toward tyranny and despotism.” They saw the ability of the press to “bare the secrets of government and inform the people” as essential to the success of the new republican form of government they were creating. For much of American history, the Supreme Court has echoed that view, citing the First Amendment as vital to sustaining open society and functioning democracy. New York Times v. Sullivan (1964) protected even mistaken criticism of public officials. The Pentagon Papers case (New York Times v. United States, 1971) imposed an almost insurmountable barrier to prior restraint. Richmond Newspapers v. Virginia (1980) barred the removal of the press from criminal trials. These decisions created a sense of constitutional shelter for the press. But none directly defined when subpoenas to reporters amount to an unconstitutional interference with newsgathering and none has answered whether the press can be punished after publishing accurate information when national security is invoked. These gaps matter now.

The judiciary’s past deference in Espionage Act prosecutions suggests that Trump might find receptive courts. New York Times v. United States is often cited as proof of judicial resistance to presidential overreach, even in the face of national security claims. But that ruling was limited to prior restraint, which the Court found unavailable because the Espionage Act had not granted the president any express authority to stop publication of national defense information. The Act does allow criminal prosecutions, and since 9/11, courts have shown great reluctance to second guess a presidential assertion about the needs of national security in other contexts. Cases such as Holder v. Humanitarian Law Project (2010) have reinforced a pattern of judicial deference to executive claims when national security is invoked. Trump’s lawyers could build on that lineage, framing steps against the press as essential to protecting national security secrets and daring courts to second-guess.

Trump officials are increasingly pressing the term “national security” into service far beyond traditional espionage: it is invoked to justify protest suppression, immigration enforcement, and press control. Courts in Chicago and Los Angeles have already pushed back, barring force against journalists absent probable cause and limiting crowd controls in protest zones. At the same time, administrative actions—such as ICE raids using paramilitary tactics and executive orders branding domestic opponents as terrorist actors—signal that the security frame is being leveraged domestically.

The Supreme Court has yet to define the contours of the Justice Department’s ability to compel journalists to give up their confidential sources. The only time the Court has squarely addressed the issue, in Branzburg v. Hayes, it refused to excuse journalists from testifying before grand juries about information they learned inside Black Panthers’ headquarters and observing the manufacture of illegal drugs. Justice Lewis Powell’s narrow concurrence in the 5 to 4 decision left room for case-by-case protections, but the majority’s holding was clear: there is no categorical First Amendment privilege to shield sources in good faith criminal investigations. Lower courts have sometimes recognized a qualified privilege in civil matters, but in leak cases, especially under the Espionage Act, Branzburg still governs. That precedent makes it difficult to argue that reporters are legally entitled to protect sources when subpoenaed, no matter how essential those relationships are to uncovering government wrongdoing.

Because the courts offered little protection, until now the main safeguard of reporters’ ability to obtain information confidentially came from inside the Justice Department itself. Since the 1970s, Department regulations recognized the need for reporters to be able to gather the news without government interference and required prosecutors to exhaust all other avenues before subpoenaing a reporter. Prosecutors were also required to obtain the personal approval of the attorney general before issuing a subpoena to a reporter. For 50 years, those rules remained in force, growing only stricter over time. In 2015, following public outcry over the Obama DOJ’s secret seizure of Associated Press phone logs and email from a Fox News reporter, Attorney General Eric Holder reaffirmed and strengthened the protections. Merrick Garland went further still in 2021, barring all subpoenas of journalists seeking information they learned while engaged in news-gathering. That “bright line” was erased in May by Bondi, who objected that leaks to the press “undermine President Trump’s policies” and branded them “treason.”

Without strict DOJ guardrails, subpoenas are available as a political weapon. The Fourth Circuit’s treatment of James Risen made clear that no First Amendment privilege prevents compelling a journalist to testify in a criminal trial. Judges can order reporters to disclose sources or go to jail, as Judith Miller did in 2005. Trump’s DOJ can now pursue the same strategy, presenting judges with a choice between enforcing subpoenas or inviting accusations of being “soft” on leaks.

The extent to which the First Amendment limits an Espionage Act prosecution of a publisher provided with national security information has yet to be tested, but judicial resistance to such a prosecution is far from certain. The district court in Rosen acknowledged First Amendment concerns with applying the law to lobbyists who became recipients of classified information but still ruled that they could be prosecuted if they acted with a “bad faith” intent to harm the United States. That case collapsed before appeal, leaving no clear precedent. For the press, a First Amendment defense thus remains more theoretical than precedential. Judges may express unease at criminalizing the publication of newsworthy information, but they have repeatedly upheld the statute’s broad sweep against leaks.

A fundamental problem is the impulse of many judges to defer to the president as soon as a claim of national security is raised. In the Pentagon Papers case, six justices refused to issue a prior restraint on publication of the classified Pentagon report, but several wrote that prosecutions after publication might be viable. In Freedom of Information Act (FOIA) litigation, Congress specifically instructed courts to review “de novo” agency claims that information was “properly classified,” and could therefore be kept secret on national security grounds. But after 9/11, courts routinely deferred to agency affidavits invoking the “mosaic theory”—that even trivial fragments of information, if combined, could reveal secrets. Judges extend a “presumption of good faith” to executive declarations, and they require only a “logical” and “plausible” explanation of a national security reason for secrecy. In that climate, it is hard to see courts preventing an Espionage Act prosecution of a reporter framed as vital to protecting national security.

DOJ filings in past national security cases were sometimes riddled with errors — as the Foreign Intelligence Surveillance Court (FISC) documented in the Carter Page surveillance application — but judges still stopped short of imposing sanctions, preferring remedial orders to outright punishment. That pattern of deference leaves room for sloppy pleadings to stand uncorrected, especially in leak cases, where judges risk being blamed for hypothetical damage if they question executive claims. Trump’s lawyers will emphasize that other presidents pursued Espionage Act cases, that Assange pled guilty, and that the statute has been upheld against vagueness attacks. With no binding precedent protecting reporters, the institutional habit for deference could be Trump’s shield.

From Chilling Effect to Systemic Silence

When courts defer, the practical burden falls not on judges but on reporters and their editors. Newsrooms begin calculating which stories are worth the legal fight, often deciding in silence that some are not. The chilling effect appears not in headlines but in the gaps between them: stories quashed before drafts are complete, calls never returned by cautious officials, tips left unpursued because counsel advises against holding classified material, even briefly. What the public sees is less controversy, fewer disclosures, and a narrowing of debate, not because misconduct has disappeared, but because the avenues for revealing it have closed.

The warning issued by Associated Press president Gary Pruitt after AP phone records were seized in 2013 portends the broader risks now at issue: “Some of our longtime trusted sources have become nervous and anxious about talking to us, even on stories that aren’t about national security.” He added that “in one case, a reporter could not get a routine confirmation of a fact from a law enforcement officer.” That dynamic would repeat on a larger scale, with disfavored news outlets denied access to the basic information needed to report what the government is up to.

The impact inside the government is equally concerning. The Pentagon’s new press policy is not an isolated measure; across the federal bureaucracy, lawful channels for disclosure have already eroded. In an August 15 letter House Oversight Democrats objected to Kristi Noem, secretary of the Department of Homeland Security, that multiple inspector-general offices had been “hollowed out and stonewalled,” citing post-January purges, staffing losses, and refusals to provide records. Director of National Intelligence Tulsi Gabbard’s installation in June of a political adviser to a position within the office of the inspector general of the U.S. intelligence community prompted allegations of unlawful interference. Agencies have reinforced the message: the Labor Department warned staff in April that speaking with journalists could trigger criminal charges, while the Small Business Administration that same month opened investigations into “unauthorized communications” with reporters and former colleagues. For federal workers, official avenues for lawful disclosures are compromised or futile.

That leaves only unofficial disclosure—and here the risks are sharper still. Insider-threat programs, polygraphs, and surveillance tools have primed federal employees to treat contact with the press as dangerous. Added to this are new conditions on access and Hegseth’s apparent plans to remove reporters from their dedicated workspaces in the Pentagon to a new location that will likely isolate them further, making it harder to interact even with the spokespeople designated to make information available. These steps all reinforce the message that even unclassified communication can be treated as “unauthorized.”

Espionage Act prosecutions collapse the distinction between whistleblowing and spying. After the Obama-era pursuit of leakers such as Thomas Drake and Jeffrey Sterling, officials learned that even limited disclosures could ruin a career. The 2017 conviction of Reality Winner, a National Security Agency contractor who leaked a classified NSA assessment on Russian election interference, underscored that the statute applied even when the disclosure was meant to inform a vital, on-going public debate. For today’s federal workforce, the consequence is not merely chilled speech but systemic silence: disclosure is criminalized, lawful alternatives are hollow, and the risks outweigh even the strongest sense of public duty.

If historic restraint gives way to political weaponization, the milestones of this campaign will be indictments stretching §793 to its limits, subpoenas that expose reporters’ sources, and contempt orders that send journalists to jail. These will not arrive as a single moment of crisis. They will come piecemeal, one filing or court order at a time. The question that follows is whether, as recent months suggest, the guardrails that would be expected to prevent this subversion have already broken.

Leaks Won’t Stop—They’ll Shift

It is tempting to imagine counterweights if the Espionage Act is turned into a political weapon. Career prosecutors might balk at indicting journalists. Congressional committees could hold hearings or tie appropriations to limits on leak prosecutions. Editors and publishers might band together, as they did during the Pentagon Papers fight, to raise the political cost of criminalizing reporting. The potential value of these checks is real, and these actions would matter. But events since January suggest that many of the guardrails once thought sturdy have bent quickly under pressure. Some institutional resistance remains, but the broader pattern is one of accommodation rather than defiance.

Yet history shows leaks do not simply stop in response to government pressure and legal actions. They adapt. Inside newsrooms, encrypted channels—SecureDrop portals, Signal numbers, ProtonMail addresses—have become routine, reflecting how far quiet caution now substitutes for open contact. These systems allow reporters and sources to communicate without detection.

Leakers also migrate. When mainstream outlets appear too dangerous, insiders turn to adversarial platforms, foreign publications, or dedicated leak sites. Suppression may narrow traditional channels, but it does not seal them.

In the years since Snowden, a parallel ecosystem of leak sites has taken shape. These platforms post troves of government and corporate files that traditional outlets either cannot authenticate or choose not to publish. For example, a hacker this past May breached the TeleMessage service used by former Trump national security adviser Mike Waltz and intercepted messages from more than 60 government users — the data was then released via Distributed Denial of Secrets, which describes itself as a “publisher of last resort.” The data included messages and metadata from officials across disaster response, diplomatic missions, customs, and the Secret Service. The point is not mass readership; it is permanence. Once such material is released, it is mirrored, shared, and preserved, beyond the reach of any administration.

Other tools enable secure, anonymous transfer through spaces that operate outside traditional editorial control. SecureDrop software also allows whistleblowers to upload documents safely through the Tor network. The open-source platform GlobaLeaks supports collaborations such as PubLeaks in the Netherlands, where dozens of newsrooms share a common intake system for submissions.

Each of these outlets and technologies exists to make suppression harder. Once information flows into their channels, it cannot be pulled back. And once it is published in Berlin, London, or Reykjavik, American outlets can cover it freely, reporting on what is already public without carrying the liability of being first.

Recent cases underline the point. In 2023, Jack Teixeira, a young Air National Guardsman, posted classified Pentagon documents in a Discord chat group. They circulated for weeks among gamers before surfacing in public channels and being picked up by the press. The government had no way to contain the leak once it spread across social platforms. What began as a handful of slides meant for bragging rights reached a global audience within days.

Technology makes suppression harder still. Social media ensures that even small disclosures can ripple outward at speed, amplified far beyond the original audience. Artificial intelligence tools now accelerate that process, automatically translating documents, generating instant summaries, and circulating them across multiple platforms. But when leakers bypass established outlets, the information often surfaces without context, verification, or restraint. An unintended consequence of aggressive secrecy is that it produces disclosures more sweeping and more damaging than what steady, incremental reporting might have delivered.

Information flowing from alternative leak platforms is also hard to vet. Journalistic analysis reveals how SecureDrop’s anonymity can make verification especially difficult, even in newsrooms equipped to use it. Platforms such as GlobaLeaks and PubLeaks that enable crowd-sourced submission complicate journalistic accountability, since they operate without unified editorial standards. In practice, silencing mainstream journalism does not prevent disclosure—it shifts it into forums where the dangers of privacy violations and genuine national security harm are greater, not less.

That is the paradox of repression. By silencing traditional media, a government pushes leaks into darker, less accountable spaces. Responsible outlets provide context, verification, and editorial judgment. Strip that away, and what remains are indiscriminate dumps or direct transfers to adversary intelligence services. Suppression might succeed in narrowing debate at home, but it magnifies risk abroad. Foreign intelligence services will not hesitate to exploit frustrated insiders. Authoritarian governments already invoke U.S. hostility to the press to justify their own crackdowns. Allies who once saw American democracy as a model now see a cautionary tale.

A campaign against the press can only ensure that what Americans learn about their government arrives later, with less context, and often from places far outside U.S. reach. The danger is not abstract. We will see it unfold in case filings, courtrooms, and press briefings in the months ahead. Each of those is a milestone — a moment when institutions can either absorb the pressure or assert the limits of power. What’s at stake is not only the fate of leakers and journalists, but the ability of citizens to know what their government is doing in their name—an essential prerequisite of democracy itself.

The post Weaponizing the Espionage Act: What It Means for Whistleblowers, Reporters, and Democracy appeared first on Just Security.

As of Sept. 15, 2025, over 40 universities have been targeted with callers falsely alleging the presence of an active shooter on campus, causing emergency protocols to be enacted until the threat was determined to be fake. Swatting attacks are sometimes dismissed as pranks, particularly in comparison to physical attacks. However, according to data from TDR Technology Solutions, as cited in Campus Safety Magazine, the recent string of university attacks has impacted about 1.1 million students and cost campuses upwards of $62 million.

A review of publicly available information and federal court records associated with Purgatory reveals details about how a network of online groups operates, their adherents’ motivations, and the difficulties encountered by law enforcement when identifying and charging perpetrators. Further, this evidence underscores the scope of the problem caused by the increasing number of swatting attacks.

Nihilistic Violent Extremism

Nihilistic Violent Extremism (NVE), a term adopted by the Federal Bureau of Investigation (FBI) in early 2025, describes an increase in violence from “individuals who engage in criminal conduct within the United States and abroad, in furtherance of political, social, or religious goals that derive primarily from a hatred of society at large and a desire to bring about its collapse by sowing indiscriminate chaos, destruction, and social instability.”

NVE has received particular attention from law enforcement and the media due to the predominantly young perpetrators, most of whom, including leaders within the network, are under the age of 25, with many under the age of 18. Indeed, FBI reporting on the online NVE community known as “The Com” suggests that the majority of members are between the ages of 11 and 25.

The Com

The Com is a recently formed digital network where nihilistic violent extremists convene and share information and instructions about violent activity. The Com mainly operates in online spaces like Discord and Telegram, allowing global reach to further the NVE network, with the goal of spreading violence. Members of The Com do not necessarily need to subscribe to a specific group. Many recent attacks within the United States, such as the Aug. 27 shooting at the Annunciation Catholic Church in Minneapolis, were carried out by perpetrators who appear to be motivated by the NVE ideology and tactics, though some experts have cautioned against applying the label of NVE to attacks that don’t explicitly fall within the ideology. NVE ideology differs from other types of violent extremism because their primary drivers tend to be status within the community and inflicting harm.

Recently, the FBI has released more information about how they are classifying subgroups operating within The Com, particularly as it relates to their tactics.

Hacker Com refers to a subset of The Com comprised of sophisticated cyber criminals who are linked to ransomware-as-a service (RaaS) groups.

In Real Life (IRL) Com refers to subgroups within The Com who provide violence as a service (VaaS), as well as perpetrating their own user-directed attacks. IRL Com includes groups that engage in physical violence (e.g., stabbing, bricking) as well as those who engage in online or remote violence (e.g., swatting, doxxing), such as Purgatory.

Still another group, Extortion Com has received the most public attention, in part due to a large-scale effort to arrest and prosecute members of a group called 764. Tactics within Extortion Com include grooming, blackmailing, and extorting victims into producing and sharing content that depicts self-harm, animal abuse, sexually explicit acts, and suicide. 764 specifically targets minor victims and other vulnerable populations.

The ideological roots of The Com can be traced to occultic violent extremist organizations such as the Order of Nine Angles (O9A), as well as accelerationist groups like the Atomwaffen Division and the National Socialist Order (NSO). While some groups within The Com demonstrate clear ideological motivation, the primary goal of many within the network is to use violence to cause fear and the destruction of society, often with their specific ideology being secondary.

More traditional ideologies such as antisemitism or racially motivated extremism are present within The Com, though Purgatory does not show evidence of a driving, unified belief. Within Purgatory, ideology is more apparent at the individual actor level and may influence the targets and tactics chosen by that actor.

Purgatory

Purgatory displays several markers consistent with influence from the violent occultic organization, Order of Nine Angles (O9A). The founder of O9A emphasized that violence and harm don’t further ideological goals if the activity isn’t publicized. Within Purgatory and other groups within The Com network, the driving philosophy is to seek credit, notoriety, and public attention for violent activity in furtherance of a cause. Adherents may manifest this philosophy by seeking media attention, promoting violent activity on social media, or livestreaming attacks (as was the case with the recent Purgatory swatting attacks).

Recently, Purgatory’s followers has celebrated the media attention their swatting attacks have garnered on their Telegram channel and livestreamed some of their attacks to other members, which is consistent with influence from O9A on NVE and groups operating within The Com.

Though Purgatory is currently within the IRL Com subgroup, the group was originally a splinter group of 764 founded by former leader Evan Strauss, who was arrested on charges of sextortion of minor victims in 2024. Purgatory’s members utilize a variety of tactics in furtherance of their ideology including swatting attacks and occasionally sextortion, though they primarily operate using tactics consistent with IRL Com (these include swatting, doxxing, bricking, and similar tactics).

Purgatory has taken credit for a string of swatting attacks happening across universities at the start of the 2025 school year, including Villanova University and University of Tennessee, though the FBI has not publicly confirmed their responsibility. After the arrests of three leaders and key members in 2024, Purgatory shifted to its current iteration which primarily engages in criminal activity, including activity for hire – or what the FBI refers to as violence as a service (Vaas).

Purgatory provides new members with instructions on engaging Voice over Internet Protocol (VoIP) to engage in swatting calls online while masking the location and identity of the caller from law enforcement. In addition, its members often provide others with details on specific targets. More recently, Purgatory’s followers promoted themselves as “services-for-hire,” saying they will accept payment to engage in online attacks such as swatting or doxxing, as well as offline attacks such as bricking for a fee, though they also engage in member-driven attacks. Fees tend to range from $20 for a swatting attack to $100 for offline attacks such as bricking, which carry a higher immediate risk of intervention. Purgatory claims to have raised over $100,000 in fees from recent attacks.

Purgatory tends to focus on soft targets that have a large public presence, such as universities, hospitals, airports, and businesses. These targets are attractive because they have larger impact than a similar attack on a private business or residence and are, therefore, more likely to garner media attention. The recent swatting attacks on universities were claimed by an individual who uses the name “Gores” online, and identifies themselves as one of the co-leaders of Purgatory. These attacks involved a false claim of an active shooter on campus, triggering campus emergency response plans, including lockdowns for up to an hour or longer until law enforcement was able to determine the alleged threat was false.

On the day of the Villanova and Tennessee swatting attacks, Gores posted a live stream online in a Purgatory-linked Discord channel with four other Purgatory members where viewers could listen in as additional false reports of active shooters were called in live. To make their swatting attacks seem more realistic, Purgatory members sometimes add the sound of guns in the background of their calls — as was the case during the attacks on Villanova and Tennessee.

Federal Cases Linked to Purgatory

To date, three individuals (including Strauss) publicly linked to Purgatory have been federally charged—all three in the District of Maryland. Strauss received additional charges related to sextortion of a minor victim in the Western District of Virgina.

Federal court records offer insight into the operation of Purgatory. Strauss’s sextortion charges are similar to other high profile federal cases linked to the sextortion group 764, and include filming the victim without her knowledge while engaging in sexual activity, as well as coercing the victim to engaging in self-harm under threat of swatting her family home or the home of her boyfriend. Strauss was found guilty and received a sentence of 15 years’ imprisonment related to these charges.

In addition to these convictions, Strauss, aged 26, was convicted along with two other defendants (both aged 18 at the time of their arrests) on conspiracy charges relating to a string of swatting and doxxing attacks in early 2024. The charges include cyberstalking, threats to damage or destroy property with fire or explosives, and communicating interstate threats. The charges also indicated that there were three minor co-conspirators who were not named. Strauss’s role in the conspiracy included finding targets and victims, doxxing, and conducting swatting calls. In one of Strauss’s swatting attacks, a false claim of an active shooter at a Delaware high school was called in to the local police department.

The second defendant, one of Strauss’s co-conspirators, was credited in court records with cofounding Purgatory and helping to create the group’s public and private Telegram channels, which have been used to recruit new members, publicize attacks, and share information, including best practices for engaging in attacks. Among other activity, the defendant was credited with a swatting attack that occurred on the Albany International Airport, which he later shared on the Purgatory Telegram channel. The third defendant was also credited as a cofounder of Purgatory and charged for his participation in the swatting attacks. In addition, the defendant was found to have provided scripts to engage in swatting attacks to other members and direction on targets. All three pleaded guilty.

Swatting Attacks Cause Great Harm

Swatting attacks are sometimes dismissed as pranks or hoaxes, particularly in comparison to physical attacks. However, the real-world impact of swatting attacks goes beyond the time spent determining the threat was false. Swatting financially impact its targets and the greater population. In addition to the estimated $62 million in damages caused to universities from swatting attacks claimed by Purgatory, a report from TDR Technology Solutions suggests swatting attacks cost Florida taxpayers $65 million in losses in 2023.

Setting aside the financial implications, swatting attacks cause significant public safety challenges. These attacks engage law enforcement resources that may be unable to respond to legitimate emergencies immediately due to the false threats. This is particularly harmful to smaller communities, like some recently impacted American college towns, which may have limited emergency response personnel available. Further, swatting attacks on universities cause psychological harm to those impacted. Even after the threat is determined to be false, the fear of a mass casualty event can linger in the victims’ daily lives. Media coverage can also heighten public fear and safety concerns following these attacks.

There is also a risk that the frequency of swatting attacks may desensitize the public to real threats over time. In the wake of recent attacks, some universities have sought to verify the report prior to enacting campus safety protocols. Even minor delays in the response could cause greater harm in instances where the threat is legitimate.

Though rare, swatting attacks have also been linked with physical harm to victims. The FBI has cautioned that the fear experienced by victims during the attacks has led to heart attacks in some cases, including at least one case that resulted in death. In 2019, a 19 year-old man was convicted on federal charges after a swatting attack led police to shoot and kill an innocent bystander, believing him to be armed as the caller alleged. In another case, the victim of a swatting attack fired at law enforcement upon their arrival, before the threat was determined to be false. An officer was saved by a bullet proof vest.

Despite the gravity of swatting attacks, law enforcement and prosecutors face a number of challenges investigating them. The technologies used, such as VoIP, mask the identity of the caller and can spoof a local number when the perpetrator may live in a different state. This may mean that the investigating officers will not have jurisdiction to charge the perpetrator.

Though some perpetrators of swatting attacks (including the three members of Purgatory who were convicted) face federal charges related to their activity, there is currently no legal statute that allows an individual to be charged for swatting. Aside from the charges used in the Purgatory cases (cyberstalking, bomb threats), a common charge used in these cases is 18 U.S.C. §§ 875, which relates to communicating interstate threats. The use of this charge has become more frequent in recent years, though sentencing can be inconsistent depending on the ideology of the perpetrator. Still, in the absence of a direct legal statute, law enforcement and prosecutors face an uphill battle to piece together sufficient charges to get a conviction and implement appropriate sentencing. This legal hurdle further complicates efforts to counter violent extremism inside the United States, as swatting attacks become more frequent and perpetrators can be more difficult to identify.

The post Swatting Attacks and Nihilistic Violent Extremism: A Primer appeared first on Just Security.