How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing?

from the seems-like-an-important-question dept

A few weeks back, we wrote about the arrest of Harold Martin, an NSA contractor working at Booz Allen, for apparently taking “highly classified information” from the NSA and storing it electronically and physically in his home. There were a lot of questions about whether or not Martin was connected to the Shadow Brokers release of NSA hacking tools, though as more info comes out, it sounds like perhaps Martin was just found because of an investigation into Shadow Brokers, but not because he was connected to them. Soon after the arrest was made public (after being kept sealed for a little over a month), reports came out suggesting that Martin was basically a digital hoarder, but not a leaker (or a whistleblower).

The latest filing by the government in the case gives you a sense of just how much hoarding was done. Basically, it sounds like Martin has been taking a variety of digital and paper files home for two decades or so. There’s a lot of stuff.

The Defendant stole from the government and hid at his residence and in his vehicle a vast amount of irreplaceable classified information. His thefts involved classified government materials that were dated from 1996 through 2016, spanning two decades? worth of extremely sensitive information.

Now, it may be that he did the taking more recently and just took old documents, but that 1996 date coincides with when he first got access to such material:

The Defendant had access to classified information, including Top Secret information, beginning in 1996. His access to classified information began during his service in the U.S. Naval Reserves, and continued as he worked for seven different private government contracting companies. Access to classified information was critical to the Defendant?s employment in his field. He worked on highly classified, specialized projects and was entrusted with access to government computer systems, programs and information.

The government estimates 50 terabytes of data, but admits it’s still going through all of it to figure out what is in there.

During execution of the search warrants, investigators seized thousands of pages of documents and dozens of computers and other digital storage devices and media containing, conservatively, fifty terabytes of information….


A conservative estimate of the volume of the digital information seized from the Defendant is approximately 50,000 gigabytes. This information must be fully reviewed by appropriate authorities to determine its source and classification level, as well as the extent to which it constitutes ?national defense information.? The investigation into the Defendant?s unlawful activities is ongoing, including review of the stolen materials by appropriate authorities. The government anticipates that much of this material will be determined to be national defense information that the government goes to great expense to protect.

Of course, some in the press are claiming, incorrectly, that this means Martin took 500 million pages of records and secrets, but we don’t know that yet. The DOJ admits it’s still going through everything, and has no idea how much of it is secret (or even how much of it is from the government).

Martin, at the very least, does appear to have been… kind of careless with some of this stuff:

For example, the search of the Defendant?s car revealed a printed email chain marked as ?Top Secret? and containing highly sensitive information. The document appears to have been printed by the Defendant from an official government account. On the back of the document are handwritten notes describing the NSA?s classified computer infrastructure and detailed descriptions of classified technical operations. The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations.

Among the many other classified documents found in the Defendant?s possession was a document marked as ?Top Secret/Sensitive Compartmented Information? (?TS/SCI?) regarding specific operational plans against a known enemy of the United States and its allies. In addition to the classification markings, the top of the document reads ?THIS CONOP CONTAINS INFORMATION CONCERNING EXTREMELY SENSITIVE U.S. PLANNING AND OPERATIONS THAT WILL BE DISCUSSED AND DISSEMINATED ONLY ON AN ABSOLUTE NEED TO KNOW BASIS. EXTREME OPSEC PRECAUTIONS MUST BE TAKEN.? The Defendant was not directly involved in this operation and had no need to know about its specifics or to possess this document.

Of course, the usual caveat does apply: this is the DOJ’s side of the story, and history tells us they have a habit of massively inflating things or misrepresenting things in these kinds of cases. That includes over-classification or other exaggerations about how serious, important, or secret certain information truly is. So, take the DOJ’s claims with at least some grain of salt here. It will certainly be interesting to see how Martin responds to all of this.

The other interesting, and potentially troubling part, is that it appears the DOJ is moving to charge Martin under the Espionage Act. When the initial charge sheet came out, some people noticed that it didn’t include Espionage Act charges, which even Ed Snowden pointed out was a “noteworthy absence.” At the very least, it implied no distribution by Martin.

However, the latest filing makes it clear the lack of Espionage Act charges was a temporary thing that the DOJ is planning to correct soon. But here’s the really crazy bit: the government is arguing that merely collecting this info is an Espionage Act violation, even without distributing it.

The improper retention and transmission of national defense information is prohibited under the Espionage Act. See, e.g., 18 U.S.C. § 793 (Gathering, Transmitting or Losing Defense Information). Information about sources and methods of the Intelligence Community, such as the information in the documents described above, and in the criminal complaint, is classic national defense information. See Gorin v. United States, 312 U.S. 19, 28 (1941) (information relating to the national defense is ?a generic concept of broad connotations, referring to the military and naval establishments and the related activities of national preparedness.?). In this case, when an indictment or information is filed, the government anticipates that the charges will include violations of the Espionage Act, an offense that carries significantly higher statutory penalties and advisory guideline ranges than the charges listed in the complaint.

You can check out 18 USC 793 yourself. It’s noteworthy that most of it requires intent or belief that the information is being used to harm the US, or distribution, but it’s likely that the DOJ is leaning hard on section (f):

Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer

Still… this once again seems like a stretch under the Espionage Act. If it’s true that Martin was just hoarding the information (even carelessly), it’s overkill to bust out the Espionage Act. If true, it would be stupid, but it’s clearly not spying for the purpose of helping a foreign nation or anything.

One final thing, though. Fifty terabytes is a shitload of information. How the hell did the NSA not notice this over the past two decades? Even assuming (which is a pretty bad assumption) that the NSA was not as good at protecting its secrets prior to the Snowden leaks, once Snowden’s leak was public, how the hell did the NSA still not notice what Martin had done (or, potentially, was continuing to do)? If anything, this raises a hell of a lot more questions about the NSA’s own security practices than anything about Martin himself.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing?”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: 50TB, 20 years

Assuming for the sake of argument that he collected the information over a period of 20 years, rather than that he recently decided to take 20 years worth of information home in a short time period, 50TB over 20 years is still possible if the type of material he took changed over time. Perhaps he started out collecting mostly printed materials and plain text files, but switched to more complicated document formats and large image files as drives became bigger. We have seen a general pattern of bloat in the computer industry, and if the same pattern applied to the types of classified data held by the government, it could be the case that 2 years ago, he had well less than (18 / 20) * 50TB = 45TB of information.

Anonymous Coward says:

Re: Re:

More realistically, that’s
* an 8 TB NAS drive
* a couple of terabyte hard disks
* several more TB of laptop drives from laptops of dubious functioning
* a dozen maybe functional desktops, hard disks uninventoried “but assumed to be at least a terabyte each” (despite them being 80386 and Pentium systems).
* a moderate sized box of USB sticks ( call it 50 x 4GB for another couple of TB)
* a couple boxes of RW DVDs ( 4GB x 400 for another 1.5 TB (!) )
* a xerox paper box of 3.5″ floppies ( 1.4GB x 200 for another 8 TB because, y’know, math is hard for the DOJ)
* a set of reel-to-reel backup tapes (hey, those gotta hold a lot, right?) from 1995
* 3 boxes of cryptically labeled VHS tapes (because, hacker, right?) from/to someone probably named Debbie from West Palm Beach, from spring break… and so on.

… and all of it CLASSIFIED!!! because of course anything he ever touched became classified the moment the indictment came down.

Boy, he was a clever B***td, using steganography to hide data in these movies. I’d better watch them all, just to be on the safe side…

Jim says:

Re: Re:

Thinking he was also stealing HD’s loaded at work. Grand theft larceny charges too then. Then the recent DoS routine today was probably trying to find persons with access to servers and networks he had rigged by watching reconnects. Who cares about twits on twitter. Twit’s is a derogatory name of the old days with twitter being appropriately named.

Unanimous Cow Herd says:

Re: Martin for President 2016

I can totally see that someone who had that much info in digital form routed to their house, via auto or via private email server, might be investigated to see if their actions compromised lives, operations, etc. I bet he didn’t have time to hammer smash a single Blackberry before they seized every bit.

Capt ICE Enforcer says:

NSA failure explained

To answer why the NSA was unable to find out about Martin’s actions for over 20 years and 50 terabyte of info later. The simplified answer is “No dick pictures were involved in this downloads”. If he would have added a single dick picture it would have been flagged for review by at least 20 NSA big wigs.

Anonymoose says:

It’s certainly another confirmation that there are no real systems of control over classified information. (rules, but not useful systems limiting access to need to know at that time, auditing access, DL, copies, etc — not just policy, architecture).

We should absolutely assume that everyone else’s intelligence organizations have buffet-level access to all information as well.

Anonymous Coward says:

50 TB

50 TB is the estimate of the amount of data seized, not the amount of data copied from NSA. It’s likely they seized every storage device they could find, and lots of people have 50 TB sitting around the house (these days, it could just be an 8-bay NAS, about $2000-$3000 with drives; not a big deal for a technical person with a good job).

TKnarr (profile) says:

Odds on the NSA knew about it just like they knew about every employee or contractor taking work material home to work on off-hours. That’s been SOP for every place I’ve worked for, I can’t see that changing just because the company’s working on government projects. The DOJ’s in panic mode and looking for anything that’ll make it look like they’re doing something, common sense is completely out the window at this point.

Anonymous Coward says:

So many things wrong in the government's release...

First, the big political one: he should have known to remove the classified markings from everything. As we learned this year on the presidential campaign trail, if it "is not marked as classified", keeping the material in an insecure setting is fine and results in, at most, loss of clearance and a bit of public embarrassment, but no charges. Mr. Comey himself indicated no prosecution can be expected to result from that type of conduct.

The Defendant stole from the government and hid at his residence and in his vehicle a vast amount of irreplaceable classified information.

Someone has been drinking a bit too much Copyright Kool-Aid here. If the government really kept exactly one copy of this irreplaceable classified information, that statement could be true, but how then did it take them years to realize that they had zero copies on hand (because the one copy in existence was at his home) when they should have had one copy on hand? If they did not keep exactly one copy, then the information is not irreplaceable. It could be highly sensitive, dangerous in the wrong hands, etc., but it is not irreplaceable.


So, if the Defendant had no need to know about the operation, and the document is to be distributed ONLY ON AN ABSOLUTE NEED TO KNOW BASIS, then how did Defendant come to possess it? That would seem to suggest he had access to materials that he had no need to know about, even when those materials are documented as being restricted to those who need to know about them. That would mean internal security is not properly enforced. That cannot be right. 😉

Anonymous Coward says:

Re: So many things wrong in the government's release...

So, if the Defendant had no need to know about the operation, and the document is to be distributed ONLY ON AN ABSOLUTE NEED TO KNOW BASIS, then how did Defendant come to possess it?

Do you really think that those with a need to know actually typed out their own documents? Many a lowly secretary, who those in power consider to be a replaceable nobody, will have handled those documents.

Anonymous Coward says:

Re: Re: So many things wrong in the government's release...

Do you really think that those with a need to know actually typed out their own documents?

According to the document itself, only those with a need-to-know should know about it, so yes, they typed it up themselves or found a way to claim that their secretary (technically, "administrative assistant") needed to know so that the AA could type it up for them. Either way, Mr. Martin was not an AA to people who needed to know, so even that loophole cannot justify why he had access to a need-to-know document if he did not need to know.

Anonymous Coward says:

Would it not be possible that the fifty terabytes just meant that he and his family had a few computers in his house, along with some jump drives, floppy disks (this goes back to the 90s, remember), other backup media? I mean, just an iPhone 7 can have 256 GB!

Most likely, they just took everything electronic in the residence, whether or not it had anything classified in it, and said he had 50 terabytes of potential classified information that they confiscated.

Pronounce (profile) says:

I Could See This Happening

Working in government is weird. Many times you can get away with murder, because it’s convenient and gets the job done. Getting the job done is job number one in government. There was a saying in my government office, “You can make any policy you want, but be sure people are going to go around, under, over, or through to get their jobs done.”

In my mind this guy was good at his job, and his supervisors turned a blind eye to his actions. Maybe they knew, or maybe they didn’t, but I can guarantee you that not one of his supervisors would admit to knowing anything about his actions.

How good of an government employee I’m not sure, but we will be able to tell soon, because the first job of any good government employee is to create your CYA file. I knew of some people who had many cabinet draws full of pictures, memos, emails, and all kinds of evidence covering their actions.

The cardinal rule of government employment is to never do anything unless you have it in writing. Those who don’t follow this rule become scapegoats, and are crucified in the audits and cover-ups that are common in government.

art guerrilla (profile) says:

how could he have done it ? ? ?

easy, the key ISN’T that the gummint/sea eye ehh/enn ess ehh/etc have super-duper, super-thorough, super-efficient secrecy systems and procedures (oh, i am *certain* they have bookshelves/CD’s full of them); it is they have the APPEARANCE of super-duper secrecy systems, and simply ignore so much of it so much of the time, that anyone doing it for nefarious reasons could probably escape notice because it is so pervasive, it is looking for a needle in a haystack-size pile of needles…

Groaker (profile) says:

Why do you think it was never noticed? It just became convenient for someone to actually do something about it.

Richard Hansen, the FBI spy, had so many red flags that it was impossible not to know he was leading a double life. Suddenly it became useful for someone to actually act on that knowledge. Either that, or the entire upper third of the FBI should be dismissed for incompetence. Or perhaps both.

Padpaw (profile) says:

Or he could be the latest scapegoat being framed to cover for malicious intent and general not giving a dam about keeping things safe because it is easier to ignore their responsabilities they hold.

I just don’t automatically believe the government’s narrative anymore without a doubt when it comes to stuff like this. Considering how often they later get exposed as making it all up, lying to cover their asses, or to simply ruin someone they don’t like for whatever reason.

Jim says:


Junior, put the boots on, brown stuff pilling up here. I would say, turn off the TV and sit down in a beach chair, CIA, FBI, Democratic? Since when? Georgiesr dad was in charge of the CIA, since the big game no 2, that’s who promoted and ran the company. FBI, come now, they ruined their reputation back in the thirties with their arrest of Smyth for leaking the overthrow plans. Don’t you read your history?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...