Forgot your password?
typodupeerror
Government The Almighty Buck The Media News

Ex-NSA Official Indicted For Leaks To Newspaper 115

Posted by timothy
from the each-whistle-is-coded-to-the-blower dept.
Hugh Pickens writes "The Baltimore Sun reports that in a rare legal action against a government employee accused of leaking secrets, a grand jury has indicted Thomas A. Drake, a former senior National Security Agency official, on charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007. Federal law prohibits government employees from disclosing classified information which could be 'expected to cause damage to national security.' The indictment (PDF) does not name either the reporter or the newspaper that received the information, but the description applies to articles written by Siobhan Gorman, then a reporter for The Baltimore Sun, that examined in detail the failings of several major NSA programs, costing billions of dollars, that were plagued with technical flaws and cost overruns. Gorman's stories did not focus on the substance of the electronic intelligence information the agency gathers and analyzes but exposed management and programmatic troubles within the agency." Adds reader metrometro: "Of note: the government says the alleged NSA mole uses Hushmail, which is all the endorsement I need for a security system." Perhaps Mr. Drake was unaware of Hushmail's past cooperation with the US government?
This discussion has been archived. No new comments can be posted.

Ex-NSA Official Indicted For Leaks To Newspaper

Comments Filter:
  • by MeNotU (1362683) on Friday April 16, 2010 @08:19AM (#31870180)
    "exposed management and programmatic troubles within the agency."! Can't have management look bad!
    • Yeah, that's right.

      We have a whistle-blower law to protect the American taxpayer, but if it's deemed classified, all bets are off.

      Great, just great! So, if I want to be a crooked government official, I just need to be able to classify it as "Secret" and "National Security" and I'm off to the Bahamas!

      • Re:Whistleblower (Score:4, Informative)

        by kilfarsnar (561956) on Friday April 16, 2010 @10:02AM (#31871274)

        Yeah, that's right.

        We have a whistle-blower law to protect the American taxpayer, but if it's deemed classified, all bets are off.

        Great, just great! So, if I want to be a crooked government official, I just need to be able to classify it as "Secret" and "National Security" and I'm off to the Bahamas!

        Yeah, that pretty much sums it up. One need look no further than United States v. Reynolds to see that classification will be abused.

      • by Elshifto (804933)
        Whistle blower protections only apply when you report the misdeeds to the congressional oversight committee in charge of the organization in question, not when you leak classified information to the press. Not that I disagree with the leaking, just that the law is clear on who gets protected.
      • Re: (Score:3, Informative)

        by stewbacca (1033764)

        Except for the fact that not just any government official can classify something. This is a typical slashdot rant, and one that most people on slashdot don't understand.

        Executive Order 12356:

        Sec. 1.2 Classification Authority.

        (a) Top Secret. The authority to classify information originally as
        Top Secret may be exercised only by:

        (1) the President; (2) agency heads and officials designated by the
        President in the Federal Register; and (3) officials delegated this
        authority pursuant to Section 1.2(d). (b) S

    • by rwa2 (4391) *

      Meh, "job security" clearances are just that... jobs for Americans that legally can't be outsourced. It keeps the middle-class Americans with degrees employed and content so they aren't off organizing revolutions for the lower classes or something. From what I've seen, the shroud of secrecy is more to hide all the advanced technology that we don't have rather than to protect details of the few things that actually work. Let the enemy assume we have bugs and eyes and ears everywhere like it's portrayed in

  • by dkleinsc (563838) on Friday April 16, 2010 @08:28AM (#31870260) Homepage

    Check out Glenn Greenwald's [salon.com] post on this exact issue. He raises an extremely important point:

    - Illegally wiretapping US citizens, and/or ordering illegal wiretapping of US citizens: No problem, we have to look forwards, not backwards.
    - Exposing illegal and inefficient workings of the NSA: throw the book at 'em.

    Something is very very rotten.

    • Re: (Score:1, Insightful)

      by NotOverHere (1526201)

      He broke the letter of the law by passing classified information, and therefore should be sent to trial. In the spirit of the law all the nitty-gritty details of his mitigating situation needs to come out on open record.

      An the process continued for any other persons demonstrated as having performing illegal acts. "It's not illegal when the president does it" is not a legal justification for Constitution violations, no matter if you like or dislike the last two president actively caught doing so.

    • Yar! That LFNB (it sucks we need that acronym) article he wrote was sad and true. I wasn't expecting the world to transform into ponies and rainbows when I voted for Obama, but I sure as hell didn't expect this.

  • The real problem (Score:5, Insightful)

    by amiga3D (567632) on Friday April 16, 2010 @08:31AM (#31870300)
    The real problem here is that officials use the security system to hide their fuck ups. By making all kinds of crap classified that shouldn't be they clog the system and reduce the efficiency. It's impossible to run a security system when you flood it with tons of info that is only classified because it's embarrassing to the morons in management.
    • by Thanshin (1188877) on Friday April 16, 2010 @08:49AM (#31870488)

      By making all kinds of crap classified that shouldn't be they clog the system and reduce the efficiency. It's impossible to run a security system when you flood it with tons of info that is only classified because it's embarrassing to the morons in management.

      Au contraire! My friend.

      Imagine being a spy trying to find some interesting piece of information. You spend a couple of days seducing the secretary, a week finding a geek to crack the codes, another week to go to Italy to replace the suit you just ruined while chasing, on motorboat, the guy who had the passkeys, etc...

      Two months later, the information you just got is random useless crap about a lowly manager fucking up his job in various ways and you just lost your best opportunity of novelizing your adventures.

    • by AHuxley (892839)
      What fuck ups, someone made/spent "billions of dollars". The NSA was pointed at the US telco networks and set to suck.
      The voice prints, known numbers and dictionary settings did the rest.
      Cross referenced with commercial databases and commercial indexing software, more connections where made. It worked and your safe.
      NSA members can enter the private sector if they like, moonlight like the CIA? or enjoy budgets and toys within the NSA thanks to the funds.
      A "fuck up" to the NSA would be something simple:
      A
    • Not inefficient (Score:2, Informative)

      by Anonymous Coward

      I agree that over-classification is a problem from a transparency point of view. However, I disagree that it decreases efficiency - in fact efficiency and convenience is one of the big reasons that documents are unnecessarily classified to begin with. When you work on a classified system (like a computer) any documents you generate are automatically treated as classified at the highest level that the system is approved to process. Decreasing or declassifying a document requires you to go through a formal pr

    • Re: (Score:3, Interesting)

      Agreed. When I heard this story on NPR last night the first thing I thought was that this person might be a protected whistleblower, as it appears that the "state secrets" that were leaked don't relate to national security as much as bureaucratic incompetence and governmental inefficiency. The NPR story doesn't seem to mention the idea that this person might be considered a whistle-blower (admittedly I didn't catch all of the story.) The infamous "most Americans" oh heck, maybe even most Americans (not ju
      • by TubeSteak (669689)

        The NPR story doesn't seem to mention the idea that this person might be considered a whistle-blower (admittedly I didn't catch all of the story.)

        Whistleblower or not, he's being charged with obstruction of justice.
        Instead of making an affirmative defense, he destroyed evidence and now he's fucked.

  • by WrongSizeGlass (838941) on Friday April 16, 2010 @08:32AM (#31870306)

    charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007

    How is it that a guy dumb enough to use e-mail for this was a senior NSA official?

    • by muckracer (1204794) on Friday April 16, 2010 @08:49AM (#31870492)

      > > > charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007

      > > How is it that a guy dumb enough to use e-mail for this was a senior NSA official?

      I think you meant it the other way around (the diff is not just cosmetic):

      How is it that a senior NSA official was dumb enough to use e-mail for this?

    • by Sir_Lewk (967686)

      He could have, at the very least, used a handful of reputable cypherpunk anonymous remailers, preferably ones run by people either outside of the country, or unlikely to cooperate with the government.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        I heard on NPR yesterday they both used Hushmail to email the classified documents.

    • by physicsphairy (720718) on Friday April 16, 2010 @09:29AM (#31870884) Homepage

      I fail to see what would be wrong with sending encrypted emails backed by chained proxies, Tor, etc. It's not like the information is even secret--the whole point was to have it disclosed in a newspaper. Given that he might come under occasional (or constant) investigation by the authorities simply because of the nature of his job, avoiding a physical presence as well as any unusual behavior is a must. What would you recommend as an alternative?

      I think the real problem was simply that he sent "hundreds of messages" to the same guy. As soon as the NSA points their attention at that guy, they have access to everything, no matter the medium of communication. Before that they already probably have their list of culprits narrowed down significantly based on the info that was being disclosed. Once they know where to get the unencrypted messages they can analyze them for writing characteristics (such as word frequencies) which correspond to one of their employees, assuming their aren't much more blatant clues slipped in. It may even be at some point he simply had no choice but to reveal details about his identity/job to convince the reporter he was a legitimate leak--I mean, if you perfectly anonymize yourself how do you convince anyone you aren't just a hoaxer? Even if the reporter can successfully destroy any evidence of the content of such communications, that doesn't mean he won't squeal when some scary guys from the government pick him up off the street and tell him horror stories about what might happen to him if it doesn't. (the fact they wouldn't mention who the reporter was could be evidence of his cutting a deal)

    • Re: (Score:1, Troll)

      by AHuxley (892839)
      Was he cultivating a member of the press with real info only to leak in something NSA/CIA creative years later?
      Or he thought the NSA does not like to listen for any mention of its projects in US emails :)
  • Then you'd probably be indicted for treason if you got caught but hey.

  • by Anonymous Coward

    It's what they'd do in Russia.

    Of course, in Soviet Russia, accident would have YOU.

  • he was exposing government waste

    if he were exposing state secrets, let him rot in jail

    but that's all sound and fury surrounding the real issue of what was actually disclosed, and why

    the substance of his disclosures and what motivated him: wasted tax payer dollars on lame NSA projects

    as far as i am concerned, for his actions, this guy is a hero. we need MORE government employees like this. and his timing is impeccable, government waste is pissing off the country like never before right now: perhaps the tax party can make him some sort of patron saint?

    • by copponex (13876)

      if he were exposing state secrets, let him rot in jail

      Sweet. Chairman Mao got a slashdot account.

    • Ok, let's say that Program X was a disaster. What you also expose by leaking this is that we don't have the capabilities of Program X. In other words, other intelligence agencies understand what we can and cannot do.

      I would be entirely sure that the Congressional committees know perfectly well that a program is messing up. And while we should be concerned about technical projects being mismanaged or being messed up (not that that doesn't occur in private industry, right?), let's not kid ourselves.

      Leaking th

      • it could be said that reagan's completely bullshit star wars program spooked the russians, and if it was publicly revealed how much money was being wasted on complete crap, the russians wouldn't have been so spooked

        however, if you are playing this game of managing perception and deceit, you've entered the rarified, high paranoia stratosophere of smoke and mirrors where the other side might also equally conclude that a "public disclosure" that a program is a failure is a lie in order to hide real deadly capa

  • "National security"? Please. This is about the fact that someone exposed the fact that they are wasting money in a highly incompetent manner.
    • Re: (Score:3, Insightful)

      This is about the fact that someone exposed the fact that they are wasting money in a highly incompetent manner.

      Actually the government is quite competent at wasting money!

    • Re: (Score:3, Insightful)

      by idontgno (624372)

      That money got wasted in a highly incompetent way is not news.

      That someone is getting in trouble for whistleblowing is not especially news.

      But this kind of whistleblowing is always going to end badly for the whistleblower, because even if a legitimate transparency function is served (calling attention to wasteful and inefficient program administration), the programs themselves are classified. In the public eyes, they're not supposed to even exist. To praise them in public would also be a breach of classific

  • Forget Hushmail (Score:5, Informative)

    by Obyron (615547) on Friday April 16, 2010 @09:01AM (#31870606)
    Hushmail is notorious in certain circles for sharing people's PGP keys with investigators who come knocking. This was in relation to DEA and Customs investigations in Operation Web Tryp to crack down on people using the internet to get ahold of research chemical indoleethylamines and phenethylamines (read: designer psychedelics). A lot of these people were using Hushmail, and when the investigators went to Hushmail, the provider burned their users. If they'll rat you out to the DEA and Customs, bet your sweet ass they'll rat you out to the NSA. Fuck, read this article at Cryptome [cryptome.info].

    If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail. Someone people actually trust, like maybe the people behind Wikileaks, should start a real anonymous mail network.
    • for sharing people's PGP keys

      Well there's your problem right there...if you let any email provider have your private key, you might as well have just stapled it to your forehead and wandered around New York asking to be mugged.

      • by Obyron (615547)
        The point of Hushmail was to make PGP-encrypted email easier to use for people who don't understand PGP encryption. As part of this, Hushmail has/had some sort of java client to encrypt your messages for you. They were logging that data and giving it to the DEA. Not everyone who'd like to protect their privacy has the time or faculties to educate themselves on cryptosystems.
        • by temojen (678985)
          An outlook or Thunderbird plugin would have done the job much better.
        • by Hatta (162192)

          If you can't be bothered to put forward the minimal effort it takes to make and distribute your own PGP keys, privacy really isn't that important to you. Using a provider like Hushmail is worse than no encryption at all, as it gives you a false sense of security.

    • Re:Forget Hushmail (Score:5, Informative)

      by metrometro (1092237) on Friday April 16, 2010 @10:07AM (#31871336)

      If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail.

      As noted in the prior /. thread on this, Hushmail uses two mode: stupid and secure. They explain as much when you sign on.

      In stupid, they do all the work for you, webmail style, which means they have a copy of your key. You are now screwed.

      In secure, encryption is done in a Java applet, which is open source. That means (barring any man in the middle weirdness with the Java download) they do not have access to your keys, because they are never sent. While they would certainly "rat you out" if they don't have the goods, they can cheerfully comply with the law (or the NSA pseudo legal equivalent) without providing much of value: just encrypted emails. This appears the be the basis of the government's evidence: the alleged leaker sent a lot of encrypted email. Their indictment, however, did not mention the specific contents of that email, probably because they can't read it.

      Alternatively, FireGPG seems like a good option for webmail. More secure systems exist, but as always, in the real world security balances against user experience and people sure seem to like this webmail thing.

      • Re: (Score:3, Insightful)

        by gknoy (899301)

        In secure, encryption is done in a Java applet.... they do not have access to your keys, because they are never sent. While they would certainly "rat you out" if they don't have the goods, they can cheerfully comply with the law (or the NSA pseudo legal equivalent) without providing much of value: just encrypted emails.

        The NSA is one of the few organizations that I would expect to be able to break the encryption on a mass of encrypted e-mails -- not by brute forcing it, but by awesome cryptanalysis. I'd be

        • by TubeSteak (669689)

          The NSA is one of the few organizations that I would expect to be able to break the encryption on a mass of encrypted e-mails -- not by brute forcing it, but by awesome cryptanalysis. I'd be surprised if the Java applet didn't have some implementation errors, or the data being encrypted had enough recognizable patterns in it to allow some work with known plaintexts.

          For people using the java applets, at law enforcement's request, Hushmail pushes out a backdoored applet to grab the encryption keys.
          "Hushmail recommends using non web-based services such as GnuPG and PGP Desktop for those who need stronger security."

          You can have secure e-mail communication, it's just not point-and-click convienent.

      • by makomk (752139)

        In secure, encryption is done in a Java applet, which is open source. That means (barring any man in the middle weirdness with the Java download) they do not have access to your keys, because they are never sent.

        They solved this issue by sending a trojaned Java applet to the victim. There's no convenient way of verifying it.

    • by killmenow (184444)
      What should they do? If you're doing something illegal and the law enforcement agencies start investigating you, should hushmail aid and abet? If I suspected my neighbor was brewing meth in his kitchen would I go to the police? Probably not. Because (a) it's just a suspicion, and (b) he has a right to privacy. But if I had evidence and the police ASKED me for it, I'd sure as hell give it to them.

      Also, I don't recall hushmail ever advertising that they would NOT cooperate with law enforcement agencies.

      No
    • Just use Freenet [freenetproject.org]. It has both BBS style message exchange and the beginnings of something like smtp.
    • Re: (Score:3, Insightful)

      by Zak3056 (69287)

      If you need any expectation at all of ACTUAL privacy (the kind that'll keep you out of prison), don't use Hushmail. Someone people actually trust, like maybe the people behind Wikileaks, should start a real anonymous mail network.

      I don't trust Wikileaks--they have an agenda, and it isn't simply informing people about things which are unlawfully/immorally kept hidden. I will grant that they are serving an important function right now, and I am grateful for this... but trust? No way.

    • by Rich0 (548339)

      Just use the gold standard [wikipedia.org].

      It doesn't get too much more secure than Mixmaster. Granted, I'm not sure if anybody is still running it these days. This was a big thing about the time that pgp was being written in the first place.

    • Think of I2P as an onion-routed (Tor-like) anonymous network [i2p2.de] with web, email and bittorrent services built in.

  • by Syntroxis (564739)
    Can anyone say Valerie Plame?
    • by DaveV1.0 (203135)

      Please explain in detail what Plame has to do with Drake being indited on charges of violating federal law and his oath of service?

      • by Syntroxis (564739)
        Federal government employees released information on Valerie Plame which decimated on-going operations. That pretty much has everything to do with busting a federal employee for releasing data. The main difference is the guy at the NSA is a lowly underling, and those involved in the Valerie Plame incident were in the executive branch, or acting on their behalf.
        • Re: (Score:1, Troll)

          by DaveV1.0 (203135)

          From what I know, the exposure of Plame's identity did not "decimate" anything. It ended her effectiveness as an agent.

          Basically, you are arguing that two wrongs make a right, specifically that because the bozo who got away with exposing Plame's identity this bozo should not be prosecuted for violating his oath of service and federal law. That is a fallacy. Using that reasoning, no murderer should ever be prosecuted because other murderers have gotten away with their crimes.

          The Plame incident is not related

          • by Syntroxis (564739)

            It is directly related. The Plame incident was a deliberate "leak" to expose a CIA operative who had been supposedly effective in her mission. We will never know how many of her operatives were killed because of the Bush administrations treasonous activity. Yes treasonous. Bush the first signed a law which made it treason to out an operative of the CIA.

            I'm not saying that the NSA employee should not be prosecuted. He should be. This administration, instead of "looking forward", should be investigating

            • Re: (Score:1, Troll)

              by DaveV1.0 (203135)

              Then, what exactly did you mean by "Can anyone say Valerie Plame?"

              So, your idea of a direct relationship is "They both involve leaked information"? That is all it takes? Well, hell, we can just give everyone ever convicted of passing on classified information a pardon. /sarcasm

              Again, you are arguing using a fallacy, specifically, two wrongs make a right.

              • by Syntroxis (564739)
                Not saying two wrongs make a right. Saying that both should be pursued to the fullest extent of the law.
                • Re: (Score:1, Troll)

                  by DaveV1.0 (203135)

                  That is not what you said, nor is it what your original post implies.

                  • by Syntroxis (564739)

                    The 5 words which I used in my first post pointed to the hypocrisy present in the prosecutions. I'm sorry that I did not elucidate clearly to prevent any possible misunderstanding. I'm really surprised that you were able to take any other implication from that. What exactly, did you think the implication was?

                    • Re: (Score:1, Troll)

                      by DaveV1.0 (203135)

                      It is not hypocrisy. If the two cases were similar, which they are not, then you might have an argument. As it is, it appears Libby was authorized by the President to release the information. Libby did not break the law in that regard. He was tried for obstruction of justice and perjury.

                      As Drake was not authorized release the information and Libby apparently was authorized, the cases are not similar, let alone the same.

                    • by Syntroxis (564739)

                      Whatever you think. Sure doesn't matter to me.

                    • by DaveV1.0 (203135)

                      How is a recitation of the facts a troll?

  • This raises the question about email providers. Who provides good, private, secure email service? If Hushmail has handed over keys & data on request, I'd rather not pay them €50-100 per year. In truth I'm not an international criminal or James Bond or anything... so I can't really justify too much cost. But surely there is a service which does not retain data for too long and would at least ask for a court order before handing anything over... and does not assume you have the financial backing

  • by Necron69 (35644) <jscott.farrow@ g m a il.com> on Friday April 16, 2010 @10:43AM (#31871866)

    One of the very first things you have to do before getting a security clearance is sign a document acknowledging that revealing classified information is punishable by a fine of $10,000 or 10 years in prison or both. If you can't handle that from the outset, you have no business having a security clearance.

    Make no mistake: this was a very serious crime. While I applaud this guy's intent, the proper place for his complaint was either the Senate Select Committee on Intelligence, or the House Permanent Select Committee on Intelligence. From that point on, it is the responsibility of those Congressional committees to follow up on the information. No person other than the Director of Central Intelligence or the President has the authority to release classified information.

    If you think that sucks, then imagine the situation where everyone with a clearance got to decide on their own whether that information should be kept secret or not. There wouldn't be any point to having classified information, and you might as well give it all away to the Chinese/Russians, etc. Do you think they'll reciprocate?

    Necron69

    • On the other hand, if leaks were impossible we would lose the useful tool of deliberate or false leaks.
    • by MattskEE (925706)

      Would you say then that Thomas Tamm [wikipedia.org] should be fined or imprisoned for illegally blowing the whistle on the NSA's warrantless wiretapping program? From a position of blindly following the law, he should be, because he revealed classified information to the media. But he exposed illegal government activities that had been classified to hide them from the public, and I would say that he was simply following his civic duty to reveal corruption.

      It's hard to interpret this Drake case, because we have little inf

    • Finally somebody gets it. For high levels of clearance the non-disclosure is good for 99 years and is punishable by...wait for it....DEATH.

      So whistle-blow all you want, morons, but you should have thought about that before signing the paper that says, "I will not whistle blow for the next 99 years by penalty of death" (my paraphrase).

  • >that examined in detail the failings of several major NSA programs, costing billions of dollars,
    >that were plagued with technical flaws and cost overruns
    I have to thank this guy profusively, now that we know all the problems with mismanagement
    there should be an investigation, and they should be held fully accountable, but it will be tough to
    prove anything, everything might be encrypted.

    Also, they learn from their mistakes, now try getting any sort of info from there, it will be almost
    impossible. I th

The universe does not have laws -- it has habits, and habits can be broken.

Working...