Washington Post

Judge doesn’t trust DOJ with search of devices seized from Wash. Post reporter

department of justice, Policy, Washington Post / Kris Guyer / February 25, 2026

Let me search that for you

Court to search devices itself instead of letting government have full access.

The Washington Post building on August 6, 2013 in Washington, DC, Credit: Getty Images | Saul Loeb

A federal court will conduct a search of devices seized from a Washington Post reporter after a magistrate judge decided yesterday that the Department of Justice cannot be trusted to perform the search on its own.

US Magistrate Judge William Porter criticized government prosecutors for not including key information in a search warrant application. The court wasn’t aware of a 1980 law that limits searches and seizures of journalists’ work materials when it approved the warrant, Porter acknowledged.

The decision came six weeks after the FBI executed the search warrant at the Virginia home of reporter Hannah Natanson. Porter declined the Post and Natanson’s request to return the devices immediately but decided on a court-led process to ensure that the search is limited to materials that may aid a criminal case against an alleged leaker who was in contact with Natanson. He also rescinded the portion of the search warrant that authorized the government to open, access, review, or otherwise examine the seized data.

“The government acknowledges that it established probable cause to obtain only a small fraction of the material it seized,” Porter wrote in yesterday’s order. “Allowing the government to search through the entirety of a reporter’s work product—when probable cause exists for only a narrow subset—would authorize an unlawful general warrant.”

Porter’s ruling said the government’s proposed search would also violate the Department of Justice’s own guidelines that search warrants directed at the press must be narrowly drawn and that searches of materials must be designed to minimize intrusion into newsgathering activities and materials that are unrelated to the investigation. Keyword searches can be used to limit the intrusion, but Porter rejected the government’s request to use its own “filter team” to conduct the search.

“Given the documented reporting on government leak investigations and the government’s well-chronicled efforts to stop them, allowing the government’s filter team to search a reporter’s work product—most of which consists of unrelated information from confidential sources—is the equivalent of leaving the government’s fox in charge of the Washington Post’s henhouse,” Porter wrote.

Rejecting what he called an “unsupervised, wholesale search of all Movants’ seized data,” Porter said the court will develop a process for the search in consultation with the parties involved in the case.

US prosecuting alleged leaker

The US is seeking information for its prosecution of Aurelio Perez-Lugones, a government contractor accused of leaking classified information to Natanson. Porter wrote that the court will conduct the search to “gather the information the government needs to prosecute its criminal case without authorizing an unrestrained search and violating Movants’ First Amendment and attorney-client privileges.”

Porter, who presides in US District Court for the Eastern District of Virginia, said that a 4th Circuit appeals court precedent mandates this result. The US could appeal Porter’s ruling to that court.

On January 21, Porter ordered the government to stop its search of Natanson’s devices until further decisions from the court. That standstill order will remain in effect while the court conducts its review of the seized materials. Porter denied the Post and Natanson’s motion to return seized materials without prejudice and said that issue will be taken up in future proceedings.

The government started searching devices before the standstill order and was able to access Natanson’s work MacBook Pro by compelling her to unlock it with her fingerprint. But the government said it was unable to access data from the iPhone because it was protected by Apple’s Lockdown Mode. Natanson has said she uses encrypted Signal chats to communicate with sources and that her list of contacts exceeds 1,100 current and former government employees.

Porter’s ruling recounted the events leading to the government search of Natanson’s home. He said the government’s search warrant application should have discussed limitations imposed by the Privacy Protection Act (PPA) of 1980.

Porter said magistrate judges give the government some leeway in their role “as probable cause gatekeepers for search warrants,” given the “fast-paced environment” in which the requests are processed. The Natanson search warrant was one of 46 requested by the government that week.

Court admits “gap” in its analysis

Porter admitted that he was unaware of the PPA’s existence at the time he approved the warrant application:

As the judge who found probable cause and approved the search warrant, the Court acknowledges that it did not independently identify the PPA when reviewing the warrant application. As far as this Court knows, courts have approved search warrants directed at members of the press in only a handful of instances. This Court had never received such an application and, at the time it approved the warrant, was unaware of the PPA. This Court’s review was limited to probable cause, and the Court accepts that gap in its own analysis.

Porter went on to say that “the government’s failure to identify the PPA as applicable to a request for a search warrant on a member of the press—and to analyze it in its warrant application… has seriously undermined the Court’s confidence in the government’s disclosures in this proceeding.”

The PPA, he wrote, generally prohibits government officers “from searching for or seizing ‘work product materials’ or ‘documentary materials’ possessed by a person ‘reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication.’” There are exceptions allowing search warrants when a reporter is suspected of a crime, when a seizure is needed to prevent death or serious injury, or when there is reason to believe that issuing a subpoena would result in the destruction of documents.

A Washington Post article said that Porter “scolded prosecutors about this omission at a hearing on the search warrant in an Alexandria courthouse Friday.” Prosecutor Gordon Kromberg reportedly responded that he didn’t mention the law in the application because he didn’t believe it applied to the case.

Porter’s ruling said that if the government had mentioned the law in its application, “the Court may well have rejected the search warrant application and directed the government to proceed by subpoena instead. At the very least, it would have asked more questions. The government deprived the Court of the opportunity to make those real-time decisions.”

Judge should have gone further, press group says

Even without being aware of the PPA, the court did not approve the Natanson warrant right away. Porter’s order said the court rejected the government’s first two requests for a search warrant because they were too broad. The court was “concerned about both the scope of the proposed search warrant and the government’s apparent attempt to collect information about Ms. Natanson’s confidential sources,” he wrote.

The search warrant ultimately approved by the court was limited to information that Natanson received from Aurelio Luis Perez-Lugones and information related to Perez-Lugones that could be evidence in the case against him.

“The government expressly alleged that Ms. Natanson received classified information from Mr. Perez-Lugones,” but its search warrant application did not say whether Natanson herself was a target of the criminal investigation, Porter wrote. “The Court learned that Ms. Natanson was not a focus of the investigation only through press reports published the day the warrant was executed,” he wrote.

Porter said the court has to take seriously the government’s claim that the case “involves top secret national security information,” even though the court doesn’t know whether disclosure of the information would cause harm. “The Court takes the government at its word, while acknowledging the well-documented concern that the government has at times overclassified information to avoid embarrassing disclosures rather than to protect genuine secrets,” he wrote.

The Freedom of the Press Foundation said that “Judge Porter was right to treat the seizure as a prior restraint and to limit the government from fishing through the irrelevant data it seized to snoop on reporters,” and right to reprimand prosecutors for the omission in their search warrant application. But the order didn’t go far enough, the foundation said.

“Judge Porter should have required all of Natanson’s materials seized pursuant to the deceptive warrant application to be returned to her,” the group said. “And he should not have credited the administration’s claims that any of the seized materials posed a national security threat without strict proof—as Judge Porter acknowledged, this administration, even more so than others, has a long track record of falsely claiming national security threats to protect itself from embarrassment and further its political agenda. It has earned zero deference from the judiciary on claims of national security threats, particularly when press freedom is at stake.”

Jon is a Senior IT Reporter for Ars Technica. He covers the telecom industry, Federal Communications Commission rulemakings, broadband consumer affairs, court cases, and government regulation of the tech industry.

Judge doesn’t trust DOJ with search of devices seized from Wash. Post reporter Read More »

FBI stymied by Apple’s Lockdown Mode after seizing journalist’s iPhone

apple lockdown mode, hannah natanson, iphone lockdown mode, Policy, Washington Post / Mike M. / February 4, 2026

Apple made Lockdown Mode for people at high risk

CART couldn’t get anything from the iPhone. “Because the iPhone was in Lockdown mode, CART could not extract that device,” the government filing said.

The government also submitted a declaration by FBI Assistant Director Roman Rozhavsky that said the agency “has paused any further efforts to extract this device because of the Court’s Standstill Order.” The FBI did extract information from the SIM card “with an auto-generated HTML report created by the tool utilized by CART,” but “the data contained in the HTML was limited to the telephone number.”

Apple says that LockDown Mode “helps protect devices against extremely rare and highly sophisticated cyber attacks,” and is “designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats.”

Introduced in 2022, Lockdown Mode is available for iPhones, iPads, and Macs. It must be enabled separately for each device. To enable it on an iPhone or iPad, a user would open the Settings app, tap Privacy & Security, scroll down and tap Lockdown Mode, and then tap Turn on Lockdown Mode.

The process is similar on Macs. In the System Settings app that can be accessed via the Apple menu, a user would click Privacy & Security, scroll down and click Lockdown Mode, and then click Turn On.

“When Lockdown Mode is enabled, your device won’t function like it typically does,” Apple says. “To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.”

Lockdown Mode blocks most types of message attachments, blocks FaceTime calls from people you haven’t contacted in the past 30 days, restricts the kinds of browser technologies that websites can use, limits photo sharing, and imposes other restrictions. Users can exclude specific apps and websites they trust from these restrictions, however.

FBI stymied by Apple’s Lockdown Mode after seizing journalist’s iPhone Read More »

Judge orders stop to FBI search of devices seized from Washington Post reporter

fbi, Policy, Washington Post / Paul Patrick / January 21, 2026

The Post asked for an expedited briefing and hearing schedule. Porter ordered the government to file a reply by January 28 and scheduled oral arguments for February 6.

Post: “Government refused” to stop search

FBI agents reportedly seized Natanson’s phone, a 1TB portable hard drive, a device for recording interviews, a Garmin watch, a personal laptop, and a laptop issued by The Washington Post. Natanson has said she’s built up a contact list of 1,100 current and former government employees and communicates with them in encrypted Signal chats.

“The day the FBI raided Natanson’s residence, undersigned counsel reached out to the government to advise that the seized items contain materials protected by the First Amendment and the attorney-client privileges,” attorneys for The Washington Post and Natanson told the court. “Undersigned counsel asked the government to refrain from reviewing the documents pending judicial resolution of the dispute, but the government refused.”

The filing said that unless a standstill order is issued, “the government will commence an unrestrained search of a journalist’s work product that violates the First Amendment and the attorney-client privilege, ignores federal statutory safeguards for journalists, and threatens the trust and confidentiality of sources.”

The six devices seized from Natanson “contain essentially her entire professional universe: more than 30,000 Post emails from the last year alone, confidential information from and about sources (including her sources and her colleagues’ sources), recordings of interviews, notes on story concepts and ideas, drafts of potential stories, communications with colleagues about sources and stories, and The Post’s content management system that houses all articles in progress,” the Post said. “The devices also housed Natanson’s encrypted Signal messaging platform that she used to communicate with her more than 1,100 sources. Without her devices, she ‘literally cannot contact’ these sources.”

Judge orders stop to FBI search of devices seized from Washington Post reporter Read More »

FBI fights leaks by seizing Washington Post reporter’s phone, laptops, and watch

Policy, press freedom, trump administration, Washington Post / Mike M. / January 14, 2026

“Extraordinary, aggressive action”

FBI searches home and devices of reporter who has over 1,100 government contacts.

The Washington Post building on August 6, 2013 in Washington, DC, Credit: Getty Images | Saul Loeb

The FBI searched a Washington Post reporter’s home and seized her work and personal devices as part of an investigation into what Attorney General Pam Bondi called “illegally leaked information from a Pentagon contractor.”

Executing a search warrant at the Virginia home of reporter Hannah Natanson on Wednesday morning, FBI “agents searched her home and her devices, seizing her phone, two laptops and a Garmin watch,” The Washington Post reported. “One of the laptops was her personal computer, the other a Washington Post-issued laptop. Investigators told Natanson that she is not the focus of the probe.”

Natanson regularly uses encrypted Signal chats to communicate with people who work or used to work in government, and has said her list of contacts exceeds 1,100 current and former government employees. The Post itself “received a subpoena Wednesday morning seeking information related to the same government contractor,” the report said.

Post Executive Editor Matt Murray sent an email to staff saying that early in the morning, “FBI agents showed up unannounced at the doorstep of our colleague Hannah Natanson, searched her home, and proceeded to seize her electronic devices.” Murray’s email called the search an “extraordinary, aggressive action” that is “deeply concerning and raises profound questions and concern around the constitutional protections for our work.”

The New York Times wrote that it “is exceedingly rare, even in investigations of classified disclosures, for federal agents to conduct searches at a reporter’s home. Typically, such investigations are done by examining a reporter’s phone records or email data.”

The search warrant said the probe’s target is “Aurelio Perez-Lugones, a system administrator in Maryland who has a top-secret security clearance and has been accused of accessing and taking home classified intelligence reports that were found in his lunchbox and his basement,” the Post article said.

“Alarming escalation” in Trump “war on press freedom”

Bondi confirmed the search in an X post. “This past week, at the request of the Department of War, the Department of Justice and FBI executed a search warrant at the home of a Washington Post journalist who was obtaining and reporting classified and illegally leaked information from a Pentagon contractor. The leaker is currently behind bars,” Bondi wrote.

Bondi said the Trump administration “will not tolerate illegal leaks of classified information” that “pose a grave risk to our Nation’s national security and the brave men and women who are serving our country.”

Searches targeting journalists require “intense scrutiny” because they “can deter and impede reporting that is vital to our democracy,” said Jameel Jaffer, executive director of the Knight First Amendment Institute at Columbia University. “Attorney General Bondi has weakened guidelines that were intended to protect the freedom of the press, but there are still important legal limits, including constitutional ones, on the government’s authority to use subpoenas, court orders, and search warrants to obtain information from journalists. The Justice Department should explain publicly why it believes this search was necessary and legally permissible, and Congress and the courts should scrutinize that explanation carefully.”

Seth Stern, chief of advocacy at Freedom of the Press Foundation, called the search “an alarming escalation in the Trump administration’s multipronged war on press freedom. The Department of Justice (and the judge who approved this outrageous warrant) is either ignoring or distorting the Privacy Protection Act, which bars law enforcement from raiding newsrooms and reporters to search for evidence of alleged crimes by others, with very few inapplicable exceptions.”

In April 2025, the Trump administration rescinded a Biden-era policy that limited searches and subpoenas of reporters in leak investigations. But even the weaker Trump administration guidelines “make clear that it’s a last resort for rare emergencies only,” according to Stern. “The administration may now be in possession of volumes of journalist communications having nothing to do with any pending investigation and, if investigators are able to access them, we have zero faith that they will respect journalist-source confidentiality.”

The Washington Post didn’t say whether Perez-Lugones provided information to Natanson and pointed out that the criminal complaint against him “does not accuse him of leaking classified information he is alleged to have taken.”

Post reporter has over 1,100 government contacts

Natanson does have many sources in the federal workforce. She wrote a first-person account last month of her experience as the news organization’s “federal government whisperer.” Around the time Trump’s second term began, she posted a message on a Reddit community for federal employees saying she wanted to “speak with anyone willing to chat.”

Natanson got dozens of messages by the next day and would eventually compile “1,169 contacts on Signal, all current or former federal employees who decided to trust me with their stories,” she wrote. Natanson explained that she was previously an education reporter but the paper “created a beat for me covering Trump’s transformation of government, and fielding Signal tips became nearly my whole working life.”

In another case this month, the House Oversight Committee voted to subpoena journalist Seth Harp for allegedly “doxxing” a Delta Force commander involved in the operation in Venezuela that captured President Nicolás Maduro. Harp called the doxxing allegation “ludicrous” because he had posted publicly available information, specifically an online bio of a man “whose identity is not classified.”

“There is zero question that Harp’s actions were fully and squarely within the protections of the First Amendment, as well as outside the scope of any federal criminal statutes,” over 20 press freedom and First Amendment organizations said in a letter to lawmakers yesterday.

The Trump administration’s aggressive stance toward the media has also included numerous threats from Federal Communications Commission Chairman Brendan Carr to investigate and punish broadcasters for “news distortion.”

As for Perez-Lugones, he was charged last week with unlawful retention of national defense information in US District Court for the District of Maryland. Perez-Lugones was a member of the US Navy from 1982 to 2002, said an affidavit from FBI Special Agent Keith Starr. He has been a government contractor since 2002 and held top-secret security clearances during his Naval career and again in his more recent work as a contractor.

“Currently, Perez-Lugones works as a systems engineer and information technology specialist for a Government contracting company whose primary customer is a Government agency,” the affidavit said. He had “heightened access to classiﬁed systems, networks, databases, and repositories” so that he could “maintain, support, and optimize various computer systems, networks, and software.”

Documents found in man’s car and house, FBI says

The affidavit said that “Perez-Lugones navigated to and searched databases or repositories containing classified information without authorization.” The FBI alleges that on October 28, 2025, he took screenshots of a classified intelligence report on a foreign country, pasted the screenshots into a Microsoft Word document, and printed the Word document.

His employer is able to retrieve records of printing activity on classified systems, and “a review of Perez-Lugones’ printing activity on that dates [sic] showed that he had printed innocuous sounding documents (i.e., Microsoft Word‐Document 1) that really contained classified and sensitive reports,” the affidavit said.

Perez-Lugones allegedly went on to access and view a “classified intelligence report related to Government operational activity” on January 5, 2026. On January 7, he was observed at his workplace taking notes on a yellow notepad while looking back and forth between the notepad and a computer that was logged into the classified system, the affidavit said.

Investigators executed search warrants on his home in Laurel, Maryland, and his vehicle on January 8. They found a document marked as SECRET in a lunchbox in his car and another secret document in his basement, the affidavit said.

Prior video surveillance showed Perez-Lugones at his cubicle looking at the document that was later found in the lunchbox, the affidavit said. Investigators determined that he “remov[ed] the classification header/footer markings from this document prior to leaving his workplace.”

The US law that Perez-Lugones was charged with violating provides for fines or prison sentences of up to 10 years. A magistrate judge ruled that Perez-Lugones could be released, but that decision is being reviewed by the court at the request of the US government.

FBI fights leaks by seizing Washington Post reporter’s phone, laptops, and watch Read More »