Ex-NSA Official Indicted For Leaks To Newspaper

Hugh Pickens writes "The Baltimore Sun reports that in a rare legal action against a government employee accused of leaking secrets, a grand jury has indicted Thomas A. Drake, a former senior National Security Agency official, on charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007. Federal law prohibits government employees from disclosing classified information which could be 'expected to cause damage to national security.' The indictment (PDF) does not name either the reporter or the newspaper that received the information, but the description applies to articles written by Siobhan Gorman, then a reporter for The Baltimore Sun, that examined in detail the failings of several major NSA programs, costing billions of dollars, that were plagued with technical flaws and cost overruns. Gorman's stories did not focus on the substance of the electronic intelligence information the agency gathers and analyzes but exposed management and programmatic troubles within the agency." Adds reader metrometro: "Of note: the government says the alleged NSA mole uses Hushmail, which is all the endorsement I need for a security system." Perhaps Mr. Drake was unaware of Hushmail's past cooperation with the US government?

Burn him at the stake!

[MeNotU]

"exposed management and programmatic troubles within the agency."! Can't have management look bad!

Look forward, not backward

[dkleinsc]

Check out Glenn Greenwald's post on this exact issue. He raises an extremely important point:

- Illegally wiretapping US citizens, and/or ordering illegal wiretapping of US citizens: No problem, we have to look forwards, not backwards.
- Exposing illegal and inefficient workings of the NSA: throw the book at 'em.

Something is very very rotten.

The real problem

[amiga3D]

The real problem here is that officials use the security system to hide their fuck ups. By making all kinds of crap classified that shouldn't be they clog the system and reduce the efficiency. It's impossible to run a security system when you flood it with tons of info that is only classified because it's embarrassing to the morons in management.

Re:The real problem

[Thanshin]

By making all kinds of crap classified that shouldn't be they clog the system and reduce the efficiency. It's impossible to run a security system when you flood it with tons of info that is only classified because it's embarrassing to the morons in management.

Au contraire! My friend.

Imagine being a spy trying to find some interesting piece of information. You spend a couple of days seducing the secretary, a week finding a geek to crack the codes, another week to go to Italy to replace the suit you just ruined while chasing, on motorboat, the guy who had the passkeys, etc...

Two months later, the information you just got is random useless crap about a lowly manager fucking up his job in various ways and you just lost your best opportunity of novelizing your adventures.

Can You Say "Paper Trail"?

[WrongSizeGlass]

charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007

How is it that a guy dumb enough to use e-mail for this was a senior NSA official?

Re:Can You Say "Paper Trail"?

[muckracer]

> > > charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007

> > How is it that a guy dumb enough to use e-mail for this was a senior NSA official?

I think you meant it the other way around (the diff is not just cosmetic):

How is it that a senior NSA official was dumb enough to use e-mail for this?

Re:Can You Say "Paper Trail"?

[physicsphairy]

I fail to see what would be wrong with sending encrypted emails backed by chained proxies, Tor, etc. It's not like the information is even secret--the whole point was to have it disclosed in a newspaper. Given that he might come under occasional (or constant) investigation by the authorities simply because of the nature of his job, avoiding a physical presence as well as any unusual behavior is a must. What would you recommend as an alternative?

I think the real problem was simply that he sent "hundreds of messages" to the same guy. As soon as the NSA points their attention at that guy, they have access to everything, no matter the medium of communication. Before that they already probably have their list of culprits narrowed down significantly based on the info that was being disclosed. Once they know where to get the unencrypted messages they can analyze them for writing characteristics (such as word frequencies) which correspond to one of their employees, assuming their aren't much more blatant clues slipped in. It may even be at some point he simply had no choice but to reveal details about his identity/job to convince the reporter he was a legitimate leak--I mean, if you perfectly anonymize yourself how do you convince anyone you aren't just a hoaxer? Even if the reporter can successfully destroy any evidence of the content of such communications, that doesn't mean he won't squeal when some scary guys from the government pick him up off the street and tell him horror stories about what might happen to him if it doesn't. (the fact they wouldn't mention who the reporter was could be evidence of his cutting a deal)

the guy was a whistle blower

[circletimessquare]

he was exposing government waste

if he were exposing state secrets, let him rot in jail

but that's all sound and fury surrounding the real issue of what was actually disclosed, and why

the substance of his disclosures and what motivated him: wasted tax payer dollars on lame NSA projects

as far as i am concerned, for his actions, this guy is a hero. we need MORE government employees like this. and his timing is impeccable, government waste is pissing off the country like never before right now: perhaps the tax party can make him some sort of patron saint?

Forget Hushmail

[Obyron]

Hushmail is notorious in certain circles for sharing people's PGP keys with investigators who come knocking. This was in relation to DEA and Customs investigations in Operation Web Tryp to crack down on people using the internet to get ahold of research chemical indoleethylamines and phenethylamines (read: designer psychedelics). A lot of these people were using Hushmail, and when the investigators went to Hushmail, the provider burned their users. If they'll rat you out to the DEA and Customs, bet your sweet ass they'll rat you out to the NSA. Fuck, read this article at Cryptome.

If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail. Someone people actually trust, like maybe the people behind Wikileaks, should start a real anonymous mail network.

Re:Forget Hushmail

[metrometro]

If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail.

As noted in the prior /. thread on this, Hushmail uses two mode: stupid and secure. They explain as much when you sign on.

In stupid, they do all the work for you, webmail style, which means they have a copy of your key. You are now screwed.

In secure, encryption is done in a Java applet, which is open source. That means (barring any man in the middle weirdness with the Java download) they do not have access to your keys, because they are never sent. While they would certainly "rat you out" if they don't have the goods, they can cheerfully comply with the law (or the NSA pseudo legal equivalent) without providing much of value: just encrypted emails. This appears the be the basis of the government's evidence: the alleged leaker sent a lot of encrypted email. Their indictment, however, did not mention the specific contents of that email, probably because they can't read it.

Alternatively, FireGPG seems like a good option for webmail. More secure systems exist, but as always, in the real world security balances against user experience and people sure seem to like this webmail thing.

Bahahah

[copponex]

Oh my god. This is the funniest post I've read in years.

Tell me, which article of the Constitution permits

1) unreasonable searches and seizures by
2) agencies under no or very little congressional oversight
3) which have secret budgets?

I think you and the tea partiers will be slightly disappointed once you get around to understanding the constitution instead of reading it for selective applications of your own biases.

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on Confession in open Court.

Re:Bahahah

[copponex]

Your point 1 requires evidence. What unreasonable searches and seizures do you refer to?

Have you read a single newspaper in the last eight years?

http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy

What exactly do you think the NSA does? Are you really that credulous?

If you want to make a case that all budgets must be entirely disclosed at some given level of detail, I'd love to hear it.

Article 1, Section 9: No Money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law; and a regular Statement and Account of the Receipts and Expenditures of all public Money shall be published from time to time.

Are you disputing the government's authority to operate clandestine intelligence agencies? If so, I'd love to hear the argument for that, too.

They have shown repeatedly that they are incapable of controlling themselves when there is no oversight. The NSA and CIA and FBI have repeatedly operated outside the law. We are supposed to be a nation of laws.

But the solution for that is not turning a blind eye while people spill our secrets in wartime.

Do you think you're channelling Thomas Jefferson or Stalin with that kind of outlook?

Why suspend the habeas corpus in insurrections and rebellions? Examine the history of England. See how few of the cases of the suspension of the habeas corpus law have been worthy of that suspension. They have been either real treasons, wherein the parties might as well have been charged at once, or sham plots, where it was shameful they should ever have been suspected. Yet for the few cases wherein the suspension of the habeas corpus has done real good, that operation is now become habitual and the minds of the nation almost prepared to live under its constant suspension. -Thomas Jefferson

Re:Bahahah

[copponex]

By pointing to Wikipedia, you undermine your own argument.

By pointing to nothing, you fail to make an argument. I check the sources.

The budget is published, with certain details redacted for national security purposes.

Here's sworn testimony from the Director of the CIA that contradicts your claims:

Finally, in evaluating whether to release the total intelligence appropriation, I have to consider whether a release could add to information that is already available to hostile individuals in a way that could reasonably be expected to reveal or lead to identification of other information that could damage the national security. Information that is in the public domain is not, in fact, entirely accurate. Where official release of the budget total, even if it does not itself reveal all the sensitivities of the intelligence Community, would provide valuable analytic benchmarks or clues to make our sensitive intelligence activities, sources, or methods more readily and precisely identifiable by hostile services and groups, then official release reasonably could be expected to damage the national security.

http://www.fas.org/sgp/foia/2002/tenet.html

No budget is published. There is nothing to redact, and any redaction would be a violation of providing a regular statement of account, notwithstanding the direct violation of taking money out of the treasury for unlawful purposes. Not being aware of the facts undermines your argument pretty seriously, don't you think?

Your Jefferson quote does not support your position.

The word you're missing is context. Medcalf tried to make the assertion that wartime is an excuse for breaking the laws of our country. I demonstrated that this belief was not shared by at least one of our founding fathers.

This ignores the fact that the war on terrorism is just like the war on jealousy - it's never going to end, and it will be an eternal excuse for abuses of power.

Re:Whistleblower

[kilfarsnar]

Yeah, that's right.

We have a whistle-blower law to protect the American taxpayer, but if it's deemed classified, all bets are off.

Great, just great! So, if I want to be a crooked government official, I just need to be able to classify it as "Secret" and "National Security" and I'm off to the Bahamas!

Yeah, that pretty much sums it up. One need look no further than United States v. Reynolds to see that classification will be abused.

Lock Him Up and Throw Away The Key

[Necron69]

One of the very first things you have to do before getting a security clearance is sign a document acknowledging that revealing classified information is punishable by a fine of $10,000 or 10 years in prison or both. If you can't handle that from the outset, you have no business having a security clearance.

Make no mistake: this was a very serious crime. While I applaud this guy's intent, the proper place for his complaint was either the Senate Select Committee on Intelligence, or the House Permanent Select Committee on Intelligence. From that point on, it is the responsibility of those Congressional committees to follow up on the information. No person other than the Director of Central Intelligence or the President has the authority to release classified information.

If you think that sucks, then imagine the situation where everyone with a clearance got to decide on their own whether that information should be kept secret or not. There wouldn't be any point to having classified information, and you might as well give it all away to the Chinese/Russians, etc. Do you think they'll reciprocate?

Necron69

wow, good link

[circletimessquare]

yeah, again, i utterly fail in the comment qualification department

anyone who divulges a LACK OF security like this guy should get the congressional medal of honor

anyone who divulges the OPERATING DETAILS of a genuine security apparatus should get a cold cell