How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing?
from the seems-like-an-important-question dept
A few weeks back, we wrote about the arrest of Harold Martin, an NSA contractor working at Booz Allen, for apparently taking “highly classified information” from the NSA and storing it electronically and physically in his home. There were a lot of questions about whether or not Martin was connected to the Shadow Brokers release of NSA hacking tools, though as more info comes out, it sounds like perhaps Martin was just found because of an investigation into Shadow Brokers, but not because he was connected to them. Soon after the arrest was made public (after being kept sealed for a little over a month), reports came out suggesting that Martin was basically a digital hoarder, but not a leaker (or a whistleblower).
The latest filing by the government in the case gives you a sense of just how much hoarding was done. Basically, it sounds like Martin has been taking a variety of digital and paper files home for two decades or so. There’s a lot of stuff.
The Defendant stole from the government and hid at his residence and in his vehicle a vast amount of irreplaceable classified information. His thefts involved classified government materials that were dated from 1996 through 2016, spanning two decades? worth of extremely sensitive information.
Now, it may be that he did the taking more recently and just took old documents, but that 1996 date coincides with when he first got access to such material:
The Defendant had access to classified information, including Top Secret information, beginning in 1996. His access to classified information began during his service in the U.S. Naval Reserves, and continued as he worked for seven different private government contracting companies. Access to classified information was critical to the Defendant?s employment in his field. He worked on highly classified, specialized projects and was entrusted with access to government computer systems, programs and information.
The government estimates 50 terabytes of data, but admits it’s still going through all of it to figure out what is in there.
During execution of the search warrants, investigators seized thousands of pages of documents and dozens of computers and other digital storage devices and media containing, conservatively, fifty terabytes of information….
[….]
A conservative estimate of the volume of the digital information seized from the Defendant is approximately 50,000 gigabytes. This information must be fully reviewed by appropriate authorities to determine its source and classification level, as well as the extent to which it constitutes ?national defense information.? The investigation into the Defendant?s unlawful activities is ongoing, including review of the stolen materials by appropriate authorities. The government anticipates that much of this material will be determined to be national defense information that the government goes to great expense to protect.
Of course, some in the press are claiming, incorrectly, that this means Martin took 500 million pages of records and secrets, but we don’t know that yet. The DOJ admits it’s still going through everything, and has no idea how much of it is secret (or even how much of it is from the government).
Martin, at the very least, does appear to have been… kind of careless with some of this stuff:
For example, the search of the Defendant?s car revealed a printed email chain marked as ?Top Secret? and containing highly sensitive information. The document appears to have been printed by the Defendant from an official government account. On the back of the document are handwritten notes describing the NSA?s classified computer infrastructure and detailed descriptions of classified technical operations. The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations.
Among the many other classified documents found in the Defendant?s possession was a document marked as ?Top Secret/Sensitive Compartmented Information? (?TS/SCI?) regarding specific operational plans against a known enemy of the United States and its allies. In addition to the classification markings, the top of the document reads ?THIS CONOP CONTAINS INFORMATION CONCERNING EXTREMELY SENSITIVE U.S. PLANNING AND OPERATIONS THAT WILL BE DISCUSSED AND DISSEMINATED ONLY ON AN ABSOLUTE NEED TO KNOW BASIS. EXTREME OPSEC PRECAUTIONS MUST BE TAKEN.? The Defendant was not directly involved in this operation and had no need to know about its specifics or to possess this document.
Of course, the usual caveat does apply: this is the DOJ’s side of the story, and history tells us they have a habit of massively inflating things or misrepresenting things in these kinds of cases. That includes over-classification or other exaggerations about how serious, important, or secret certain information truly is. So, take the DOJ’s claims with at least some grain of salt here. It will certainly be interesting to see how Martin responds to all of this.
The other interesting, and potentially troubling part, is that it appears the DOJ is moving to charge Martin under the Espionage Act. When the initial charge sheet came out, some people noticed that it didn’t include Espionage Act charges, which even Ed Snowden pointed out was a “noteworthy absence.” At the very least, it implied no distribution by Martin.
However, the latest filing makes it clear the lack of Espionage Act charges was a temporary thing that the DOJ is planning to correct soon. But here’s the really crazy bit: the government is arguing that merely collecting this info is an Espionage Act violation, even without distributing it.
The improper retention and transmission of national defense information is prohibited under the Espionage Act. See, e.g., 18 U.S.C. § 793 (Gathering, Transmitting or Losing Defense Information). Information about sources and methods of the Intelligence Community, such as the information in the documents described above, and in the criminal complaint, is classic national defense information. See Gorin v. United States, 312 U.S. 19, 28 (1941) (information relating to the national defense is ?a generic concept of broad connotations, referring to the military and naval establishments and the related activities of national preparedness.?). In this case, when an indictment or information is filed, the government anticipates that the charges will include violations of the Espionage Act, an offense that carries significantly higher statutory penalties and advisory guideline ranges than the charges listed in the complaint.
You can check out 18 USC 793 yourself. It’s noteworthy that most of it requires intent or belief that the information is being used to harm the US, or distribution, but it’s likely that the DOJ is leaning hard on section (f):
Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer
Still… this once again seems like a stretch under the Espionage Act. If it’s true that Martin was just hoarding the information (even carelessly), it’s overkill to bust out the Espionage Act. If true, it would be stupid, but it’s clearly not spying for the purpose of helping a foreign nation or anything.
One final thing, though. Fifty terabytes is a shitload of information. How the hell did the NSA not notice this over the past two decades? Even assuming (which is a pretty bad assumption) that the NSA was not as good at protecting its secrets prior to the Snowden leaks, once Snowden’s leak was public, how the hell did the NSA still not notice what Martin had done (or, potentially, was continuing to do)? If anything, this raises a hell of a lot more questions about the NSA’s own security practices than anything about Martin himself.
Filed Under: espionage act, harold martin, nsa
Comments on “How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing?”
“Fifty terabytes”
Even at 5TB a piece that’s 10 drives full. Over the past 20 years when drives were a mere 40 gig…. that number does not make sense. He’d be using HDD’s as coasters going back that far.
Re: 50TB, 20 years
Assuming for the sake of argument that he collected the information over a period of 20 years, rather than that he recently decided to take 20 years worth of information home in a short time period, 50TB over 20 years is still possible if the type of material he took changed over time. Perhaps he started out collecting mostly printed materials and plain text files, but switched to more complicated document formats and large image files as drives became bigger. We have seen a general pattern of bloat in the computer industry, and if the same pattern applied to the types of classified data held by the government, it could be the case that 2 years ago, he had well less than (18 / 20) * 50TB = 45TB of information.
Re: Re:
More realistically, that’s
* an 8 TB NAS drive
* a couple of terabyte hard disks
* several more TB of laptop drives from laptops of dubious functioning
* a dozen maybe functional desktops, hard disks uninventoried “but assumed to be at least a terabyte each” (despite them being 80386 and Pentium systems).
* a moderate sized box of USB sticks ( call it 50 x 4GB for another couple of TB)
* a couple boxes of RW DVDs ( 4GB x 400 for another 1.5 TB (!) )
* a xerox paper box of 3.5″ floppies ( 1.4GB x 200 for another 8 TB because, y’know, math is hard for the DOJ)
* a set of reel-to-reel backup tapes (hey, those gotta hold a lot, right?) from 1995
* 3 boxes of cryptically labeled VHS tapes (because, hacker, right?) from/to someone probably named Debbie from West Palm Beach, from spring break… and so on.
… and all of it CLASSIFIED!!! because of course anything he ever touched became classified the moment the indictment came down.
Boy, he was a clever B***td, using steganography to hide data in these movies. I’d better watch them all, just to be on the safe side…
Re: Re:
Thinking he was also stealing HD’s loaded at work. Grand theft larceny charges too then. Then the recent DoS routine today was probably trying to find persons with access to servers and networks he had rigged by watching reconnects. Who cares about twits on twitter. Twit’s is a derogatory name of the old days with twitter being appropriately named.
Re: Re:
Somehow the volume does not make sense. What is overlooked is the number of drives and disks this requires and their costs. Looking up internal drives on Amazon, 50 TB or storage would cost now about $2500 if one bought 5/6 TB drives. Also, why would these files be anything other than text or MSO type files.
“Sorry NSA, but since you have shown yourselves incapable of data containment, it would be an unacceptable security risk to give you the information you requested.”
Re: Re:
“Sorry, NSA, but since Mr. Martin has 50TB of classified data and went 20 years without a security breach, he IS the NSA now.”
Yeah I’ve got a 50 terabyte server in my spare room. No biggie. Most people do don’t they?
Re: Re:
Are you housing Martin’s cloud backup?
Martin for President 2016
Looks like we have a new candidate for the Presidential election.
Re: Martin for President 2016
I can totally see that someone who had that much info in digital form routed to their house, via auto or via private email server, might be investigated to see if their actions compromised lives, operations, etc. I bet he didn’t have time to hammer smash a single Blackberry before they seized every bit.
NSA failure explained
To answer why the NSA was unable to find out about Martin’s actions for over 20 years and 50 terabyte of info later. The simplified answer is “No dick pictures were involved in this downloads”. If he would have added a single dick picture it would have been flagged for review by at least 20 NSA big wigs.
It’s certainly another confirmation that there are no real systems of control over classified information. (rules, but not useful systems limiting access to need to know at that time, auditing access, DL, copies, etc — not just policy, architecture).
We should absolutely assume that everyone else’s intelligence organizations have buffet-level access to all information as well.
50 TB
50 TB is the estimate of the amount of data seized, not the amount of data copied from NSA. It’s likely they seized every storage device they could find, and lots of people have 50 TB sitting around the house (these days, it could just be an 8-bay NAS, about $2000-$3000 with drives; not a big deal for a technical person with a good job).
Odds on the NSA knew about it just like they knew about every employee or contractor taking work material home to work on off-hours. That’s been SOP for every place I’ve worked for, I can’t see that changing just because the company’s working on government projects. The DOJ’s in panic mode and looking for anything that’ll make it look like they’re doing something, common sense is completely out the window at this point.
Re: Re:
not in my experience. not being able to take work home is one of the benefits of this type of work. Of course, that just means you have to come into the office on weekends to get shit done.
So many things wrong in the government's release...
First, the big political one: he should have known to remove the classified markings from everything. As we learned this year on the presidential campaign trail, if it "is not marked as classified", keeping the material in an insecure setting is fine and results in, at most, loss of clearance and a bit of public embarrassment, but no charges. Mr. Comey himself indicated no prosecution can be expected to result from that type of conduct.
Someone has been drinking a bit too much Copyright Kool-Aid here. If the government really kept exactly one copy of this irreplaceable classified information, that statement could be true, but how then did it take them years to realize that they had zero copies on hand (because the one copy in existence was at his home) when they should have had one copy on hand? If they did not keep exactly one copy, then the information is not irreplaceable. It could be highly sensitive, dangerous in the wrong hands, etc., but it is not irreplaceable.
So, if the Defendant had no need to know about the operation, and the document is to be distributed ONLY ON AN ABSOLUTE NEED TO KNOW BASIS, then how did Defendant come to possess it? That would seem to suggest he had access to materials that he had no need to know about, even when those materials are documented as being restricted to those who need to know about them. That would mean internal security is not properly enforced. That cannot be right. 😉
Re: So many things wrong in the government's release...
You’d need to get someone else to remove the markings. Removing them yourself is indication that you’re not high enough up the foodchain.
Re: So many things wrong in the government's release...
Re: Re: So many things wrong in the government's release...
According to the document itself, only those with a need-to-know should know about it, so yes, they typed it up themselves or found a way to claim that their secretary (technically, "administrative assistant") needed to know so that the AA could type it up for them. Either way, Mr. Martin was not an AA to people who needed to know, so even that loophole cannot justify why he had access to a need-to-know document if he did not need to know.
I’m sure he was advised to keep it at home by Gen. Powell.
If it was irreplaceable then why did it take so long to notice it was gone? Are they seriously saying he took the only copy and no one noticed?
If it was truly irreplaceable then why did no one notice it was gone? Are they saying he took the only copy and no one noticed?
> One final thing, though. Fifty terabytes is a shitload of information.
If it is all text, just how many man working lives, at 40 hours a week for 50 years, would it take to read it all?
Would it not be possible that the fifty terabytes just meant that he and his family had a few computers in his house, along with some jump drives, floppy disks (this goes back to the 90s, remember), other backup media? I mean, just an iPhone 7 can have 256 GB!
Most likely, they just took everything electronic in the residence, whether or not it had anything classified in it, and said he had 50 terabytes of potential classified information that they confiscated.
I Could See This Happening
Working in government is weird. Many times you can get away with murder, because it’s convenient and gets the job done. Getting the job done is job number one in government. There was a saying in my government office, “You can make any policy you want, but be sure people are going to go around, under, over, or through to get their jobs done.”
In my mind this guy was good at his job, and his supervisors turned a blind eye to his actions. Maybe they knew, or maybe they didn’t, but I can guarantee you that not one of his supervisors would admit to knowing anything about his actions.
How good of an government employee I’m not sure, but we will be able to tell soon, because the first job of any good government employee is to create your CYA file. I knew of some people who had many cabinet draws full of pictures, memos, emails, and all kinds of evidence covering their actions.
The cardinal rule of government employment is to never do anything unless you have it in writing. Those who don’t follow this rule become scapegoats, and are crucified in the audits and cover-ups that are common in government.
Regardless of the circumstances surrounding this case, the only thing for sure is that he won’t see freedom for a very very long time, if ever
how could he have done it ? ? ?
easy, the key ISN’T that the gummint/sea eye ehh/enn ess ehh/etc have super-duper, super-thorough, super-efficient secrecy systems and procedures (oh, i am *certain* they have bookshelves/CD’s full of them); it is they have the APPEARANCE of super-duper secrecy systems, and simply ignore so much of it so much of the time, that anyone doing it for nefarious reasons could probably escape notice because it is so pervasive, it is looking for a needle in a haystack-size pile of needles…
Re: how could he have done it ? ? ?
They didn’t even see a whole 50Tb pile of needles go out the door…
Why do you think it was never noticed? It just became convenient for someone to actually do something about it.
Richard Hansen, the FBI spy, had so many red flags that it was impossible not to know he was leading a double life. Suddenly it became useful for someone to actually act on that knowledge. Either that, or the entire upper third of the FBI should be dismissed for incompetence. Or perhaps both.
Or he could be the latest scapegoat being framed to cover for malicious intent and general not giving a dam about keeping things safe because it is easier to ignore their responsabilities they hold.
I just don’t automatically believe the government’s narrative anymore without a doubt when it comes to stuff like this. Considering how often they later get exposed as making it all up, lying to cover their asses, or to simply ruin someone they don’t like for whatever reason.
“How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing?”
Simply put, they’ve been too busy spying on the rest of us.
Re: Re:
Makes you wonder how much Chinese stole at the same time without being noticed at all.
The bottom line
Security is in our own hands, and we must learn to defend it for ourselves and loved ones.
Duh.
“How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing?”
Perhaps he didn’t tell anyone.
This guy should be running the NSA, not prosecuted.
Section (f)
It seems to me that section (f) would apply to Hillary’s email server scheme. So why wasn’t she charged with espionage?
Re: Section (f)
she does have hundreds of millions if not billions of dollars. She probably paid off those in charge.
If you are rich the courts won’t touch you.
Re: Section (f)
“It seems to me that section (f) would apply to Hillary’s email server scheme. So why wasn’t she charged with espionage?”
Because she said she didn’t “intend” to do anything wrong and she apologized, anything else – she “can’t recall”…
Maybe he really is crazy
The law can be twisted to fit any circumstance. Then it will be used to destroy you and everyone close to you.
What, no backups?
“The Defendant stole from the government and hid at his residence and in his vehicle a vast amount of ***irreplaceable*** classified information.”
The NSA should thank Martin for providing the only backup for their classified information.
So why do we need Bluffdale?
If each NSA employee had 50TB at home, NSA could close Bluffdale and save a boatload of $$$.
Waste not, ...
If this isn’t a standard NSA backup, perhaps he’s simply reluctant to waste good hardware …
I would invoke the hillary defense. He had no scienter, therefore cannot be charged
Re: Re:
What’s the Hillery defense, only the press and the faux news have forgotten, she only proposed healthcare in the way early 90’s..maybe that would have cured your delusions by now.
His would be a good test case to see if FBI’s “Hillary Doctrine” extends beyond her. Claim the same defenses that she did (“I don’t remember” and “I didn’t know” and “I didn’t mean any harm”) and see how far they fly. Really, he has nothing to lose for trying them.
Lrn2lawyer. The conduct he is alleged to have committed is exactly covered by 793(f) so it is not “overkill” to charge him with a violation.
“The Defendant COPIED from the government”
“Of course, the usual caveat does apply: this is the DOJ’s side of the story, and history tells us they have a habit of massively inflating things or misrepresenting things in these kinds of cases.” Recent history does not tell us that.
You know nothing
What a fool. Didn’t he know that all he had to do was setup an email server in his basement and store everything on that?
Im sorry but I dont trust the NSA, CIA, FBI. These are Big Govt criminals and America’s mortal enemies.
They all lie and all support Fascist Democrats.
Im sorry but I dont trust the NSA, CIA, FBI. These are Big Govt criminals and America’s mortal enemies.
They all lie and all support Fascist Democrats.
It is impossible to get a man to understand something when his Paycheck depends entirely upon him not understanding.
Im sorry but I dont trust the NSA, CIA, FBI. These are Big Govt criminals and America’s mortal enemies.
They all lie and all support Fascist Democrats. This is how NAZIs stole Germany.
It is impossible to get a man to understand something when his Paycheck depends entirely upon him not understanding.
IdiOT
Junior, put the boots on, brown stuff pilling up here. I would say, turn off the TV and sit down in a beach chair, CIA, FBI, Democratic? Since when? Georgiesr dad was in charge of the CIA, since the big game no 2, that’s who promoted and ran the company. FBI, come now, they ruined their reputation back in the thirties with their arrest of Smyth for leaking the overthrow plans. Don’t you read your history?
N.P.
Child protective services. DATE CORRECTION MASK for data manipulation. Yahoo I already miss you!!!