from the yet-another-unanticipated-defense dept
The expression, “to make a federal case out of something” usually describes making a bigger deal out of something than it should be. But in the case of Anthropic and Hegseth, Trump, and the Department of Defense*, this federal case is actually quite simple: what the government defendants did to Anthropic is beyond the bounds of anything the law or Constitution would allow. It didn’t require some complicated analytical parsing to see the problem with the Administration’s behavior, and the remedy is straightfoward: there’s now an injunction depriving that behavior of any effect (albeit stayed for seven days).
But the government is only restrained as to what it did that was actually illegal. Importantly, the injunction clarifies that to the extent that the government could lawfully stop working with Anthropic, it remained fully able to divorce itself. From the full paragraph on the last page of the preliminary injunction order itself articulating what has been restrained:
This Order restores the status quo. It does not bar any Defendant from taking any lawful action that would have been available to it on February 27, 2026, prior to the issuances of the Presidential Directive and the Hegseth Directive and entry of the Supply Chain Designation. For example, this Order does not require the Department of War to use Anthropic’s products or services and does not prevent the Department of War from transitioning to other artificial intelligence providers, so long as those actions are consistent with applicable regulations, statutes, and constitutional provisions.
As the decision justifying the injunction explains, this case wasn’t about whether and how DOD could use Anthropic and whether Anthropic could have a say in how it was used, which was the issue underpinning the contract dispute between the two. Had it been, then the DOD could have simply walked away from the product. The problem is that the government didn’t just stop doing business with Anthropic; it went further, and it is those actions that broke the law.
The question here is whether the government violated the law when it went further. After Anthropic went public with its disagreement with the Department of War, Defendants reacted with three significant measures that are the subject of this lawsuit. First, the President announced that every federal agency (not just the Department of War) would immediately ban Anthropic from ever having another government contract. That would include, for example, the National Endowment for the Arts using Claude to design its website. Second, Secretary Hegseth announced that anyone who wants to do business with the U.S. military must sever any commercial relationship with Anthropic. That would mean a company that used Claude to power its customer service chatbot could not serve as a defense contractor. Third, the Department of War designated Anthropic a “supply chain risk,” a label that applies to adversaries of the U.S. government who may sabotage its technology systems. That designation has never been applied to a domestic company and is directed principally at foreign intelligence agencies, terrorists, and other hostile actors. [p.1-2]
And the court counts several ways that the government’s actions were likely illegal. At minimum, Anthropic suffered a due process violation for not having notice and an opportunity to respond to the government’s sudden supply chain risk designation, which threatened a cognizable liberty interest the Fifth Amendment protects. (“The record shows that the Challenged Actions threaten to cripple Anthropic by not only stripping it of billions of dollars in federal contracts and subcontracts but also by labeling it as an adversary to the United States and ending its ability to have any commercial relationship with any company that might want to do business with DoW.”) [fuller analysis p.24-29]
The “supply chain risk” designation was also likely “both contrary to law and arbitrary and capricious.” On the first point, there are two statutory paths for designating a vendor a supply chain risk, and this case addressed just one of them—the other will be addressed by the DC Circuit. But it found the government’s claim it was using the statutory authority properly to be wanting: First, Anthropic’s conduct did not meet the statutory definition of a supply chain risk.
On the record before the Court, Anthropic’s conduct does not appear to be within the definition of “supply chain risk” in Section 3252. Section 3252 defines a supply chain risk as limited to “the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert . . . a covered system.” 10 U.S.C. § 3252(d)(4). Assuming without deciding that a domestic company can be an “adversary,” the plain text of the statute is directed at covert acts or hacks, not overt positions taken during contract negotiations. Indeed, it is difficult to understand how one could sabotage, maliciously introduce an unwanted function, or subvert an information technology system by publicly announcing usage restrictions or insisting on such restrictions in conversations with DoW. Defendants appear to be taking the position that any vendor who “push[es] back” on or “question[s]” DoW becomes its “adversary.” (Dkt. No. 128 at 41.) That position is deeply troubling and inconsistent with the statutory text. [p.30-32]
And second, those procedural rules the government blew off to invoke the statute, such as the need to notify Congress first, actually mattered. Despite what the government argued at oral argument, that the Congressional notification requirements were only for the benefit of Congress, the court found that they were important safeguards Congress had built into the statute to prevent its abuse and therefore non-optional. (“Section 3252 and its enabling regulations create institutional safeguards—which the Secretary must complete before making a designation—to ensure that its designation is applied properly. The Supply Chain Designation failed to comply with these mandated procedural safeguards.”) [see analysis p.32-34].
In addition, the designation itself was likely arbitrary and capricious. As the court noted early in its decision (emphasis added):
The Department of War provides no legitimate basis to infer from Anthropic’s forthright insistence on usage restrictions that it might become a saboteur. At oral argument, government counsel suggested that Anthropic showed its subversive tendencies by “questioning” the use of its technology, “raising concerns” about it, and criticizing the government’s position in the press. Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government.[p. 2; further analysis p.35-37 (“In sum, the contradictory positions, the procedural defects, and the rushed process following a public declaration of the foreordained conclusion all indicate that the actions were arbitrary and capricious.”)]
And then there is the problem at the heart of the matter: that it appears the government is trying to punish Anthropic for daring to criticize it, and that sort of retaliation for speech violates the First Amendment.
The record supports an inference that Anthropic is being punished for criticizing the government’s contracting position in the press. In their announcements, the President and Secretary Hegseth called Anthropic “out of control” and “arrogant,” describing its “sanctimonious rhetoric” as an attempt to “strong-arm” the government. The Department of War’s records show that it designated Anthropic as a supply chain risk because of its “hostile manner through the press.” Punishing Anthropic for bringing public scrutiny to the government’s contracting position is classic illegal First Amendment retaliation. [p.2]
And it violates the First Amendment not only by impinging on Anthropic’s right to speak, but everyone else, who is now deterred from speaking out as well, even on matters of public concern like ethical use of AI, given that the government is now inflicting consequences on those who speak in ways it doesn’t like. To the court, the government’s action looks clearly retaliatory. (“The record shows that Defendants’ conduct appears to be driven not by a desire to maintain operational control when using AI in the military but by a desire to make an example of Anthropic for its public stance on the weighty issues at stake in the contracting dispute.”) [p.19]. A retaliation claim can succeed when (1) the plaintiff was engaged in constitutionally protected activity, (2) the defendant’s actions would “chill a person of ordinary firmness” from continuing to engage in the protected activity, and (3) the protected activity was a substantial motivating factor in the defendant’s conduct—in other words, that what the defendant did was intended to chill speech, and here the court found all these prongs met. [p.20].
On the first, Anthropic was publicly staking out a position on what deployments of Claude are currently unsafe and what rights Anthropic has to allow Claude’s use by the government only with certain safety restrictions, which the court found to be a matter of public concern and thus protected by the First Amendment. (“[T]he record shows that Anthropic and its CEO, Dario Amodei, are a loud and influential voice regarding the capabilities, risks, and safe uses of AI technology.”) [p.20]. As to the second, there was plenty of evidence of speech being chilled:
Anthropic has submitted evidence that the Challenged Actions threaten to cripple the company and chill public debate. See supra Section II.G. Several amicus briefs support this conclusion. A group of 37 individuals working on AI technology assert that the Challenged Actions “chill[] professional debate on the benefits and risks of frontier AI systems and various ways that risks can be addressed to optimize the technology’s deployment.” (Dkt. No. 24-1 at 8.) An industry group of “values-led investors” warns that the Challenged Actions chill speech necessary to allow them to direct their investments to support the “principles and values” they care about. (Dkt. No. 77-1 at 12.) In short, the Challenged Actions easily qualify as ones which would chill a person of ordinary firmness from continuing to engage in further protected speech amici in the case showed how everyone’s speech was being chilled by what the government had done.[p.21]
And as for the third, the government’s behavior clearly resulted from displeasure with Anthropic’s views and the desire to relinquish them.
Secretary Hegseth expressly tied Anthropic’s punishment to its attitude and rhetoric in the press. He stated that “Anthropic delivered a master class in arrogance.” (Dkt. No. 6-21 at 2.) Referring to Anthropic and Amodei, he further stated: “Cloaked in the sanctimonious rhetoric of ‘effective altruism,’ they have attempted to strong-arm the United States military” through their “corporate virtue-signaling” and “Silicon Valley ideology.” (Id.) “Anthropic’s stance is fundamentally incompatible with American principles.” (Id.) The President described Anthropic as “radical left, woke company” and its employees as “leftwing nut jobs,” who “made a DISASTROUS MISTAKE trying to STRONG-ARM the Department of War.” (Dkt. No. 6-20 at 2.) Read in context of these repeated references to rhetoric and ideology, the term “strong-arm” in the Presidential Directive and the Hegseth Directive appears to be characterizing Anthropic as applying public pressure. […] These specific references to Anthropic’s viewpoint and public stance are direct evidence of what motivated Defendants’ decision-making.[p.21-22]
And the government’s defense—that Anthropic’s “contracting position” is conduct, not speech entitled to First Amendment protection, and that Anthropic’s refusal to accept DOD’s terms was what prompted the government’s actions—was unavailing.
First, without reaching the question of whether private contract negotiations alone could constitute protected activity under the First Amendment, the record shows that Anthropic engaged in protected speech when it took public the parties’ contracting impasse and the reasons behind its refusal to agree to DoW’s terms. (See, e.g., Dkt. Nos. 6-7, 6-18.) As already explained, Anthropic’s views on this matter fall within the heart of what the First Amendment protects: “subject[s] of general interest and of value and concern to the public” and “of legitimate news interests.” See Snyder, 562 U.S. at 452–53 (citation omitted). Therefore, to the extent Anthropic publicly discussed its “contracting position,” that speech is protected by the First Amendment.
Next, Defendants argue that even if Anthropic’s public statements constitute protected speech, the contract dispute—not Anthropic’s speech—was the motive and “but for” cause of the Challenged Actions. (Dkt. No. 96 at 22–24.) They point out that although Anthropic and Amodei have long advocated for AI safety, Defendants took the Challenged Actions only after Anthropic refused to remove its usage restrictions. But Defendants’ own actions belie the notion that Anthropic’s contracting position is what drove the Challenged Actions. Anthropic had imposed its usage restrictions from the beginning of DoW’s use of Claude Gov, and no one had ever suggested that this indicated that Anthropic was untrustworthy or a potential saboteur. To the contrary, Anthropic passed extensive vetting at that time and was praised by the government, which had made arrangements to expand the company’s role. It was only when Anthropic publicly discussed its dispute with DoW that Defendants criticized its rhetoric and ideology and adopted the punitive measures at issue.[p.22-23]
Throughout the decision the court observes that if the dispute here were just over the contract, then surely the government would have just stopped using Claude. But it didn’t just do that; it did more. And that more is now enjoined. The February 27 Presidential Directive from Trump “ordering all federal agencies to cease use of Anthropic’s technology” is to have no effect, nor is any agency action (by any agency,** not just the DOD), taken in response to it. No one in the Trump Administration (Anthropic had named pretty much every agency as defendants, so that’s basically how it boils down) may “issu[e] or maintain[] any guidance, directive, communication, or instruction to any officer, employee, contractor, or agent, in furtherance of or implementing the Presidential Directive” or “tak[e] any other action to implement, effectuate, or further the purposes of the Presidential Directive.”
Meanwhile, Hegseth and the DOD are also enjoined from “implementing, applying, or enforcing in any manner” what the court referred to as the Hegseth Directive, issued later on February 27, designating Anthropic a “Supply-Chain Risk to National Security” and “directing that no contractor, supplier, or partner doing business with the United States military may conduct commercial activity with Anthropic.” Nor can it implement, apply, or enforce anything in the March 3 letter DOD sent notifying Anthropic of the supply chain designation and the associated determination formalizing that designation under 10 U.S.C. § 3252. Hegseth and the DOD are also enjoined from “[f]rom issuing or maintaining any guidance, directive, communication, or instruction to any officer, employee, contractor, or agent, in furtherance of or implementing the Hegseth Directive or the Supply Chain Designation [and from] taking any other action to implement, effectuate, or further the purposes of the Hegseth Directive or the Supply Chain Designation.”
* No, it’s not the “Department of War” as unfortunately both parties and even the court called it, for reasons that elude. Perhaps Anthropic feared it would pull a Trump-friendly judge and need to speak the Administration’s language in order to be treated fairly, but such was not the case, at least in this piece of the case in the Northern District of California—maybe it will be different in the second piece of the case in the DC Circuit. But it’s not clear why the court had to humor them; it applies law, and the law, as passed by Congress to create, name, and fund the agency, calls it the Department of Defense, with Hegseth having been appointed to a specific job called the “Secretary of Defense.” If Congress wanted it to be called the “Department of War” it could have named it thus, but it found there were tangible policy reasons not to when it in fact changed its name to the DOD instead. It typifies the Trump Administration’s typical indifference to any law that might happen to govern any of its behavior to ignore it and Congress’s authority to pass it by unilaterally trumping Congress’s wishes and rename it, but no one else needs to indulge yet another of their abuses of power by humoring their choice.
** The Executive Office of the President is not bound by the injunction directly, despite being a named defendant. Nevertheless, “[l]ike all other persons, EOP is barred from acting for, with, by, through, or under authority from any enjoined Defendant, or in concert or participation with any enjoined Defendant, in any manner inconsistent with the preliminary injunction order.” [p.42]
Filed Under: 1st amendment, defense department, dod, free speech, pete hegseth, supply chain risk
Companies: anthropic
You must be logged in to post a comment Login