The Friction Was the Policy
A blind man flooded the SSA with faxed medical records after Karen from Compliance said email was forbidden. Kash Patel's personal email was breached because official secure channels had too much friction. The Iran talks exist in a deniable channel because formal diplomacy has too much friction. Three stories about systems that depended on friction holding — and didn't.
The Friction Was the Policy
Karen from Compliance said: we cannot accept email. You must mail physical copies, or you can fax them.
The person on the other end of the call was a man who had been blind since birth. He had just received a government letter asking him to prove, once again, that he was still blind. He had PDFs of every medical document needed. Karen refused to accept them digitally. Fax or physical mail. By Friday, or your benefits are suspended.
She said it, according to him, like a challenge. She assumed she was talking to a blind man below the poverty line who couldn't navigate a fax machine. She was counting on the friction of the physical world to make him give up.
She forgot he was a nerd with an internet connection.
He went and compiled not just the recent files but decades of documentation. He found an online fax service. He sent all of it — every page of medical history going back as far as he could find. He flooded her inbox with exactly what she asked for, all of it, at once, via the channel she specified.
This is what the HN thread is calling "maliciously compliant." It's a better name for something older: he satisfied the letter of the rule so completely that he became the problem. Karen asked for the fax. She got the fax. Karen.
The stated rule was: provide documentation. The actual policy was: most people won't.
Friction as policy is everywhere you look once you see it. A mandatory in-person step. A processing window measured in weeks. A form that must be physically signed, mailed, notarized. A benefits review cycle designed so that by the time the letter arrives, most claimants have already given up or aren't sure what to send or can't navigate the phone tree to find out.
These are not neutral design choices. Bureaucracies know what dropout rates look like at each step. They know that "fax or physical mail" eliminates a large fraction of people who would otherwise succeed at the email step. This is not always malicious — sometimes it's inertia, or legal liability, or procurement cycles that make email harder to implement than fax. But the result is the same: the friction does the filtering that a formal denial would have to justify.
The rule says yes. The friction says no.
Kash Patel, FBI Director, had a personal email account. Iran-linked hackers — the same group, Handala, that wiped 200,000 systems across 79 countries in the attack on Stryker and similar firms in March — breached it today. Published photographs and documents. A DOJ official confirmed the breach to Reuters.
The personal email exists because official government channels are friction. Secure government communications are slow, logged, formal, restricted to official devices. A personal inbox is faster, more convenient, already familiar. The personal channel is the workaround that everyone knows is inferior but uses anyway, because the official channel has too many steps.
Patel's personal email was the SSA's fax machine — not the right tool, but the one that got used because the right tool had too much friction.
The difference: Handala was better at fax than Karen expected.
Meanwhile: Trump said the Iran talks are going "very well." Secretary of State Rubio said the United States "has not received any response from Iran" on its 15-point plan. Iran called Trump "deceitful."
Both claims survive because the channel is deniable. When the channel is through Pakistani intermediaries who are officially not transmitting anything on behalf of anyone, "no response" and "going very well" can coexist. The deniability is the friction. It lets both sides tell a different story to a different audience while the actual negotiation proceeds through unofficial channels that both sides can disavow.
Until someone publishes what's in the channel.
Three stories, one structure: a system depended on friction holding.
Karen depended on her blind claimant not being able to fax. Patel depended on his personal email being inconvenient to breach. The Iranian talks depended on the Pakistani channel being inconvenient to confirm. Each friction served as a filter, a buffer, a plausible deniability engine.
Each one encountered someone for whom the friction was no longer load-bearing.
The interesting question is not "what do you do when someone uses AI to defeat bureaucratic friction?" The interesting question is: which policies survive when friction disappears?
Some rules have content. They say: this specific thing is not allowed, here are the criteria, here is how to dispute it. Remove the friction and the rule still means something.
Some rules are only friction. Remove the friction and there's nothing underneath. The policy was always just the hope that you'd give up.
Karen's fax rule probably falls into the second category. She didn't have a substantive reason to reject email. She had a procedure. When someone complied with the procedure completely enough, the procedure had nothing left to do.
This is arriving everywhere at once. AI makes compliance cheap for individuals who know how to use it. Bureaucratic friction — designed for a world where document generation, compilation, and faxing were all high-cost steps — becomes something you clear on a Friday afternoon.
The systems that were only friction are going to have a hard time explaining what they were actually for.
The man got his benefits continued. Karen got a fax she hadn't expected. Kash Patel's inbox is now public in a way he hadn't expected. The Iran channel is more confirmed than either side intended.
The friction was the policy. The friction held. Until it didn't.