Ex-NSA Official Indicted For Leaks To Newspaper

Hugh Pickens writes "The Baltimore Sun reports that in a rare legal action against a government employee accused of leaking secrets, a grand jury has indicted Thomas A. Drake, a former senior National Security Agency official, on charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007. Federal law prohibits government employees from disclosing classified information which could be 'expected to cause damage to national security.' The indictment (PDF) does not name either the reporter or the newspaper that received the information, but the description applies to articles written by Siobhan Gorman, then a reporter for The Baltimore Sun, that examined in detail the failings of several major NSA programs, costing billions of dollars, that were plagued with technical flaws and cost overruns. Gorman's stories did not focus on the substance of the electronic intelligence information the agency gathers and analyzes but exposed management and programmatic troubles within the agency." Adds reader metrometro: "Of note: the government says the alleged NSA mole uses Hushmail, which is all the endorsement I need for a security system." Perhaps Mr. Drake was unaware of Hushmail's past cooperation with the US government?

Re:Can You Say "Paper Trail"?

[Anonymous Coward]

I heard on NPR yesterday they both used Hushmail to email the classified documents.

Forget Hushmail

[Obyron]

Hushmail is notorious in certain circles for sharing people's PGP keys with investigators who come knocking. This was in relation to DEA and Customs investigations in Operation Web Tryp to crack down on people using the internet to get ahold of research chemical indoleethylamines and phenethylamines (read: designer psychedelics). A lot of these people were using Hushmail, and when the investigators went to Hushmail, the provider burned their users. If they'll rat you out to the DEA and Customs, bet your sweet ass they'll rat you out to the NSA. Fuck, read this article at Cryptome [cryptome.info].

If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail. Someone people actually trust, like maybe the people behind Wikileaks, should start a real anonymous mail network.

Re:Whistleblower

[kilfarsnar]

Yeah, that's right.

We have a whistle-blower law to protect the American taxpayer, but if it's deemed classified, all bets are off.

Great, just great! So, if I want to be a crooked government official, I just need to be able to classify it as "Secret" and "National Security" and I'm off to the Bahamas!

Yeah, that pretty much sums it up. One need look no further than United States v. Reynolds to see that classification will be abused.

well there's state secrets, and then state secrets

[circletimessquare]

for example: the security apparatus around nuclear power plants, that should not be exposed and anyone who does should be punished. that's what i was talking about

but something like bush and cheney's end runs around the constitution: yeah, that should be exposed

so i apologize, you are correct:

i should have qualified my comments better, as i was only really talking about the kind of state secrets like missile launch sequences, that should never be divulged publicly. but you are correct to take issue with my blanket comment, it was unqualified, plenty of "state secrets" need to be divulged

Re:Forget Hushmail

[metrometro]

If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail.

As noted in the prior /. thread on this, Hushmail uses two mode: stupid and secure. They explain as much when you sign on.

In stupid, they do all the work for you, webmail style, which means they have a copy of your key. You are now screwed.

In secure, encryption is done in a Java applet, which is open source. That means (barring any man in the middle weirdness with the Java download) they do not have access to your keys, because they are never sent. While they would certainly "rat you out" if they don't have the goods, they can cheerfully comply with the law (or the NSA pseudo legal equivalent) without providing much of value: just encrypted emails. This appears the be the basis of the government's evidence: the alleged leaker sent a lot of encrypted email. Their indictment, however, did not mention the specific contents of that email, probably because they can't read it.

Alternatively, FireGPG seems like a good option for webmail. More secure systems exist, but as always, in the real world security balances against user experience and people sure seem to like this webmail thing.

Not inefficient

[Anonymous Coward]

I agree that over-classification is a problem from a transparency point of view. However, I disagree that it decreases efficiency - in fact efficiency and convenience is one of the big reasons that documents are unnecessarily classified to begin with. When you work on a classified system (like a computer) any documents you generate are automatically treated as classified at the highest level that the system is approved to process. Decreasing or declassifying a document requires you to go through a formal process.

If you are working a a project that is mostly unclassified with a view classified elements, then people spend most of their time working on the unclassified systems, and moving over to classified is a hassle that is only done when needed. As the amount of classified increases, it becomes more of a hassle as you have to split your work between two systems, generate tons of one-time-use CD-Rs for transferring unclassified data to the classified system (which must be immediately marked as classified and appropriately destroyed or tracked). After a point where most of the documents you generate are classified, it is just easier to do everything on the classified system, treat everything as classified, and just go through the review process when you legitimately need the document to be unclassified. In addition to decreasing the amount of data transfer that needs to take place, you also relieve yourself of the worry of accidentally including classified information in an unclassified document (or more likely, indirectly relieving classified information by the association of various unclassified information).

Finally, there often are legitimate reasons why things like schedules and budgets need to be classified. For example, if they include production quantities that are classified. I have worked on projects where the vast majority of our work was unclassified, but we still had both classified and unclassified versions of the budget. I can imagine project where it would be easier to only have a classified version.

All that said, not knowing the details of this case, I can't say whether the information release was legitimately harmful to National Security, or just a gross violation of procedure for good reasons.

Posted anonymously not because any of this is sensitive, but to avoid attracting unwanted attention to myself, by advertising to the work that I work on classified projects.

Lock Him Up and Throw Away The Key

[Necron69]

One of the very first things you have to do before getting a security clearance is sign a document acknowledging that revealing classified information is punishable by a fine of $10,000 or 10 years in prison or both. If you can't handle that from the outset, you have no business having a security clearance.

Make no mistake: this was a very serious crime. While I applaud this guy's intent, the proper place for his complaint was either the Senate Select Committee on Intelligence, or the House Permanent Select Committee on Intelligence. From that point on, it is the responsibility of those Congressional committees to follow up on the information. No person other than the Director of Central Intelligence or the President has the authority to release classified information.

If you think that sucks, then imagine the situation where everyone with a clearance got to decide on their own whether that information should be kept secret or not. There wouldn't be any point to having classified information, and you might as well give it all away to the Chinese/Russians, etc. Do you think they'll reciprocate?

Necron69

Re:Bahahah

[copponex]

By pointing to Wikipedia, you undermine your own argument.

By pointing to nothing, you fail to make an argument. I check the sources.

The budget is published, with certain details redacted for national security purposes.

Here's sworn testimony from the Director of the CIA that contradicts your claims:

Finally, in evaluating whether to release the total intelligence appropriation, I have to consider whether a release could add to information that is already available to hostile individuals in a way that could reasonably be expected to reveal or lead to identification of other information that could damage the national security. Information that is in the public domain is not, in fact, entirely accurate. Where official release of the budget total, even if it does not itself reveal all the sensitivities of the intelligence Community, would provide valuable analytic benchmarks or clues to make our sensitive intelligence activities, sources, or methods more readily and precisely identifiable by hostile services and groups, then official release reasonably could be expected to damage the national security.

http://www.fas.org/sgp/foia/2002/tenet.html [fas.org]

No budget is published. There is nothing to redact, and any redaction would be a violation of providing a regular statement of account, notwithstanding the direct violation of taking money out of the treasury for unlawful purposes. Not being aware of the facts undermines your argument pretty seriously, don't you think?

Your Jefferson quote does not support your position.

The word you're missing is context. Medcalf tried to make the assertion that wartime is an excuse for breaking the laws of our country. I demonstrated that this belief was not shared by at least one of our founding fathers.

This ignores the fact that the war on terrorism is just like the war on jealousy - it's never going to end, and it will be an eternal excuse for abuses of power.

Re:Whistleblower

[stewbacca]

Except for the fact that not just any government official can classify something. This is a typical slashdot rant, and one that most people on slashdot don't understand.

Executive Order 12356:

Sec. 1.2 Classification Authority.

(a) Top Secret. The authority to classify information originally as
Top Secret may be exercised only by:

(1) the President; (2) agency heads and officials designated by the
President in the Federal Register; and (3) officials delegated this
authority pursuant to Section 1.2(d). (b) Secret. The authority to
classify information originally as Secret may be exercised only by: (1)
agency heads and officials designated by the President in the Federal
Register; (2) officials with original Top Secret classification
authority;