Ex-NSA Official Indicted For Leaks To Newspaper

Hugh Pickens writes "The Baltimore Sun reports that in a rare legal action against a government employee accused of leaking secrets, a grand jury has indicted Thomas A. Drake, a former senior National Security Agency official, on charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007. Federal law prohibits government employees from disclosing classified information which could be 'expected to cause damage to national security.' The indictment (PDF) does not name either the reporter or the newspaper that received the information, but the description applies to articles written by Siobhan Gorman, then a reporter for The Baltimore Sun, that examined in detail the failings of several major NSA programs, costing billions of dollars, that were plagued with technical flaws and cost overruns. Gorman's stories did not focus on the substance of the electronic intelligence information the agency gathers and analyzes but exposed management and programmatic troubles within the agency." Adds reader metrometro: "Of note: the government says the alleged NSA mole uses Hushmail, which is all the endorsement I need for a security system." Perhaps Mr. Drake was unaware of Hushmail's past cooperation with the US government?

Look forward, not backward

[dkleinsc]

Check out Glenn Greenwald's post on this exact issue. He raises an extremely important point:

- Illegally wiretapping US citizens, and/or ordering illegal wiretapping of US citizens: No problem, we have to look forwards, not backwards.
- Exposing illegal and inefficient workings of the NSA: throw the book at 'em.

Something is very very rotten.

The real problem

[amiga3D]

The real problem here is that officials use the security system to hide their fuck ups. By making all kinds of crap classified that shouldn't be they clog the system and reduce the efficiency. It's impossible to run a security system when you flood it with tons of info that is only classified because it's embarrassing to the morons in management.

Re:The real problem

[Thanshin]

By making all kinds of crap classified that shouldn't be they clog the system and reduce the efficiency. It's impossible to run a security system when you flood it with tons of info that is only classified because it's embarrassing to the morons in management.

Au contraire! My friend.

Imagine being a spy trying to find some interesting piece of information. You spend a couple of days seducing the secretary, a week finding a geek to crack the codes, another week to go to Italy to replace the suit you just ruined while chasing, on motorboat, the guy who had the passkeys, etc...

Two months later, the information you just got is random useless crap about a lowly manager fucking up his job in various ways and you just lost your best opportunity of novelizing your adventures.

Can You Say "Paper Trail"?

[WrongSizeGlass]

charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007

How is it that a guy dumb enough to use e-mail for this was a senior NSA official?

Re:Can You Say "Paper Trail"?

[physicsphairy]

I fail to see what would be wrong with sending encrypted emails backed by chained proxies, Tor, etc. It's not like the information is even secret--the whole point was to have it disclosed in a newspaper. Given that he might come under occasional (or constant) investigation by the authorities simply because of the nature of his job, avoiding a physical presence as well as any unusual behavior is a must. What would you recommend as an alternative?

I think the real problem was simply that he sent "hundreds of messages" to the same guy. As soon as the NSA points their attention at that guy, they have access to everything, no matter the medium of communication. Before that they already probably have their list of culprits narrowed down significantly based on the info that was being disclosed. Once they know where to get the unencrypted messages they can analyze them for writing characteristics (such as word frequencies) which correspond to one of their employees, assuming their aren't much more blatant clues slipped in. It may even be at some point he simply had no choice but to reveal details about his identity/job to convince the reporter he was a legitimate leak--I mean, if you perfectly anonymize yourself how do you convince anyone you aren't just a hoaxer? Even if the reporter can successfully destroy any evidence of the content of such communications, that doesn't mean he won't squeal when some scary guys from the government pick him up off the street and tell him horror stories about what might happen to him if it doesn't. (the fact they wouldn't mention who the reporter was could be evidence of his cutting a deal)

the guy was a whistle blower

[circletimessquare]

he was exposing government waste

if he were exposing state secrets, let him rot in jail

but that's all sound and fury surrounding the real issue of what was actually disclosed, and why

the substance of his disclosures and what motivated him: wasted tax payer dollars on lame NSA projects

as far as i am concerned, for his actions, this guy is a hero. we need MORE government employees like this. and his timing is impeccable, government waste is pissing off the country like never before right now: perhaps the tax party can make him some sort of patron saint?

Forget Hushmail

[Obyron]

Hushmail is notorious in certain circles for sharing people's PGP keys with investigators who come knocking. This was in relation to DEA and Customs investigations in Operation Web Tryp to crack down on people using the internet to get ahold of research chemical indoleethylamines and phenethylamines (read: designer psychedelics). A lot of these people were using Hushmail, and when the investigators went to Hushmail, the provider burned their users. If they'll rat you out to the DEA and Customs, bet your sweet ass they'll rat you out to the NSA. Fuck, read this article at Cryptome.

If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail. Someone people actually trust, like maybe the people behind Wikileaks, should start a real anonymous mail network.

Re:Forget Hushmail

[metrometro]

If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail.

As noted in the prior /. thread on this, Hushmail uses two mode: stupid and secure. They explain as much when you sign on.

In stupid, they do all the work for you, webmail style, which means they have a copy of your key. You are now screwed.

In secure, encryption is done in a Java applet, which is open source. That means (barring any man in the middle weirdness with the Java download) they do not have access to your keys, because they are never sent. While they would certainly "rat you out" if they don't have the goods, they can cheerfully comply with the law (or the NSA pseudo legal equivalent) without providing much of value: just encrypted emails. This appears the be the basis of the government's evidence: the alleged leaker sent a lot of encrypted email. Their indictment, however, did not mention the specific contents of that email, probably because they can't read it.

Alternatively, FireGPG seems like a good option for webmail. More secure systems exist, but as always, in the real world security balances against user experience and people sure seem to like this webmail thing.

Re:Bahahah

[copponex]

Your point 1 requires evidence. What unreasonable searches and seizures do you refer to?

Have you read a single newspaper in the last eight years?

http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy

What exactly do you think the NSA does? Are you really that credulous?

If you want to make a case that all budgets must be entirely disclosed at some given level of detail, I'd love to hear it.

Article 1, Section 9: No Money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law; and a regular Statement and Account of the Receipts and Expenditures of all public Money shall be published from time to time.

Are you disputing the government's authority to operate clandestine intelligence agencies? If so, I'd love to hear the argument for that, too.

They have shown repeatedly that they are incapable of controlling themselves when there is no oversight. The NSA and CIA and FBI have repeatedly operated outside the law. We are supposed to be a nation of laws.

But the solution for that is not turning a blind eye while people spill our secrets in wartime.

Do you think you're channelling Thomas Jefferson or Stalin with that kind of outlook?

Why suspend the habeas corpus in insurrections and rebellions? Examine the history of England. See how few of the cases of the suspension of the habeas corpus law have been worthy of that suspension. They have been either real treasons, wherein the parties might as well have been charged at once, or sham plots, where it was shameful they should ever have been suspected. Yet for the few cases wherein the suspension of the habeas corpus has done real good, that operation is now become habitual and the minds of the nation almost prepared to live under its constant suspension. -Thomas Jefferson

wow, good link

[circletimessquare]

yeah, again, i utterly fail in the comment qualification department

anyone who divulges a LACK OF security like this guy should get the congressional medal of honor

anyone who divulges the OPERATING DETAILS of a genuine security apparatus should get a cold cell