A few weeks back, we wrote about the arrest of Harold Martin
, an NSA contractor working at Booz Allen, for apparently taking "highly classified information" from the NSA and storing it electronically and physically in his home. There were a lot of questions about whether or not Martin was connected to the Shadow Brokers
release of NSA hacking tools, though as more info comes out, it sounds like perhaps Martin was just found because of an investigation into Shadow Brokers, but not because he was connected to them. Soon after the arrest was made public (after being kept sealed for a little over a month), reports came out suggesting that Martin was basically a digital hoarder, but not a leaker
(or a whistleblower).
The latest filing by the government in the case
gives you a sense of just how much hoarding was done. Basically, it sounds like Martin has been taking a variety of digital and paper files home for two decades or so. There's a lot of stuff.
The Defendant stole from the government and hid at his residence and in his vehicle a vast amount of irreplaceable classified information. His thefts involved classified government materials that were dated from 1996 through 2016, spanning two decades’ worth of extremely sensitive information.
Now, it may be that he did the taking more recently and just took old documents, but that 1996 date coincides with when he first got access to such material:
The Defendant had access to classified information, including Top Secret information, beginning in 1996. His access to classified information began during his service in the U.S. Naval Reserves, and continued as he worked for seven different private government contracting companies. Access to classified information was critical to the Defendant’s employment in his field. He worked on highly classified, specialized projects and was entrusted with access to government computer systems, programs and information.
The government estimates 50 terabytes of data, but admits it's still going through all of it to figure out what is in there.
During execution of the search warrants, investigators seized thousands of pages of documents and dozens of computers and other digital storage devices and media containing, conservatively, fifty terabytes of information....
A conservative estimate of the volume of the digital information seized from the Defendant is approximately 50,000 gigabytes. This information must be fully reviewed by appropriate authorities to determine its source and classification level, as well as the extent to which it
constitutes “national defense information.” The investigation into the Defendant’s unlawful activities is ongoing, including review of the stolen materials by appropriate authorities. The government anticipates that much of this material will be determined to be national defense information that the government goes to great expense to protect.
Of course, some in the press are claiming, incorrectly, that this means Martin took 500 million pages of records and secrets
, but we don't know that yet. The DOJ admits it's still going through everything, and has no idea how much of it is secret (or even how much of it is from the government).
Martin, at the very least, does appear to have been... kind of careless with some of this stuff:
For example, the search of the Defendant’s car revealed a printed email chain marked as “Top Secret” and containing highly sensitive information. The document appears to have been printed by the Defendant from an official government account. On the back of the document are handwritten notes describing the NSA’s classified computer infrastructure and detailed descriptions of classified technical operations. The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations.
Among the many other classified documents found in the Defendant’s possession was a document marked as “Top Secret/Sensitive Compartmented Information” (“TS/SCI”) regarding specific operational plans against a known enemy of the United States and its allies. In addition to the classification markings, the top of the document reads “THIS CONOP CONTAINS INFORMATION CONCERNING EXTREMELY SENSITIVE U.S. PLANNING AND OPERATIONS THAT WILL BE DISCUSSED AND DISSEMINATED ONLY ON AN ABSOLUTE NEED TO KNOW BASIS. EXTREME OPSEC PRECAUTIONS MUST BE TAKEN.” The Defendant was not directly involved in this operation and had no need to know about its specifics or to possess this document.
Of course, the usual caveat does apply: this is the DOJ's side of the story, and history tells us they have a habit of massively inflating things or misrepresenting things in these kinds of cases. That includes over-classification or other exaggerations about how serious, important, or secret certain information truly is. So, take the DOJ's claims with at least some grain of salt here. It will certainly be interesting to see how Martin responds to all of this.
The other interesting, and potentially troubling part, is that it appears the DOJ is moving to charge Martin under the Espionage Act
. When the initial charge sheet came out, some people noticed that it didn't include Espionage Act charges, which even Ed Snowden pointed out was a "noteworthy absence."
At the very least, it implied no distribution by Martin.
However, the latest filing makes it clear the lack of Espionage Act charges was a temporary thing that the DOJ is planning to correct soon. But here's the really crazy bit: the government is arguing that merely collecting this info is an Espionage Act violation, even without distributing it.
The improper retention and transmission of national defense information is prohibited under the Espionage Act. See, e.g., 18 U.S.C. § 793 (Gathering, Transmitting or Losing Defense Information). Information about sources and methods of the Intelligence Community, such as the information in the documents described above, and in the criminal complaint, is classic national defense information. See Gorin v. United States, 312 U.S. 19, 28 (1941) (information relating to the national defense is “a generic concept of broad connotations, referring to the military and naval establishments and the related activities of national preparedness.”). In this case, when an indictment or information is filed, the government anticipates that the charges will include violations of the Espionage Act, an offense that carries significantly higher statutory penalties and advisory guideline ranges than the charges listed in the complaint.
You can check out 18 USC 793
yourself. It's noteworthy that most of it requires intent or belief that the information is being used to harm the US, or distribution, but it's likely that the DOJ is leaning hard on section (f):
Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer
Still... this once again seems like a stretch under the Espionage Act. If it's true that Martin was just hoarding the information (even carelessly), it's overkill to bust out the Espionage Act. If true, it would be stupid, but it's clearly not spying for the purpose of helping a foreign nation or anything.
One final thing, though. Fifty terabytes is a shitload of information. How the hell did the NSA not notice
this over the past two decades? Even assuming (which is a pretty bad assumption) that the NSA was not as good at protecting its secrets prior to the Snowden leaks, once Snowden's leak was public, how the hell did the NSA still not notice what Martin had done (or, potentially, was continuing to do)? If anything, this raises a hell of a lot more questions about the NSA's own security practices than anything about Martin himself.