My colleague Andrea Ruth posted on the the arrest of the unfortunately named Reality Winner for stealing a secret assessment of Russian efforts to penetrate various electoral systems and giving it to Glenn Greenwald’s online domain, The Intercept.
Basically, Ms. Winner printed a copy of a report she was not authorized to see. She removed that report from the classified facility where she worked. She gave the report to The Intercept. In early May, someone at The Intercept contacted a defense contractor to verify that the document was legit.
The reporter asked the contractor for help verifying the documents, and the reporter texted images of them to the contractor. The contractor told the reporter the documents were fake, then notified the agency in question about the documents shown to the contractor and gave the agency identifying numbers listed on the document.
The Intercept contacted the NSA to get a comment:
The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA requested a number of redactions. The Intercept agreed to some of the redaction requests after determining that the disclosure of that material was not clearly in the public interest.
This is from the arrest affidavit:
On June 1, 2017, the FBI was notified by the U.S. Government Agency that the U.S. Government Agency had been contacted by the News Outlet on May 30, 2017, regarding an upcoming story. The News Outlet informed the U.S. Government Agency that it was in possession of what it believed to be a classified document authored by the U.S. Government Agency. The News Outlet provided the U.S. Government Agency with a copy of this document. Subsequent analysis by the U.S. Government Agency confirmed that the document in the News Outlet’s possession is the intelligence reporting. The intelligence reporting is classified at the Top Secret level, indicating that its unauthorized disclosure could reasonably result in exceptionally grave damage to the national security, and is marked as such. The U.S. Government Agency has since confirmed that the reporting contains information that was classified at that level at the time that the reporting was published on or about May 5, 2017, and that such information currently remains classified at that level.
13. The U.S. Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space. [Italics are mine]
14. The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals’ desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.
15. On June 3, 2017, your affiant spoke to WINNER at her home in Augusta, Georgia. During that conversation, WINNER admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a “need to know,” and with knowledge that the intelligence reporting was classified. WINNER further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the News Outlet, which she knew was not authorized to receive or possess the documents. WINNER further acknowledged that she was aware of the contents of the intelligence reporting and that she knew the contents of the reporting could be used to the injury of the United States and to the advantage of a foreign nation.
This case shows that the NSA learned precisely nothing from the Edward Snowden experience.
Winner was a civilian contractor and she had no ‘need to know’ to see this report. Contrary to what a lot of civilians think, ‘need to know,’ not security clearance level is the fail-safe of the entire classified information system. Just because you have the requisite security level you can’t just browse classified material without a work related reason for doing so. Everything is supposed to be on a “clearance plus need to know” basis.
Winner was able to print a copy of the report and was able to walk that report out of her workspace. As difficult as it is to believe, apparently there were no safeguards in place to control who printed what as she was not authorized access to the document and still managed to print it. There was no accountability established for the printed document.
Winner was in contact with The Intercept from her work computer. This tells you 100% of what you need to know about the counterintelligence program at her employer. It was so lackadaisical that it wasn’t even feared.
These are the same things that led to Edward Snowden walking out of a secure facility with a hernia-inducing load of classified material. Except in many ways this is worse.
Ask yourself what are the odds of a Russian or Chinese or Cuban or Iranian or [fill in your favorite bogeyman here] agent calling the NSA to verify a document is real. Because had The Intercept not called the NSA would not even know the document was missing. And had they not provided a scan of the document Winner had sent them (I’m not all that clear if Winner sent The Intercept a hard copy or if she scanned it and emailed it) they would not have a clue as to how the document got out of their control. Had Winner not been in contact with The Intercept on her office computer the field of suspects might never have been discovered.
Until the counterintelligence programs in government and at government contractors are tightened up and until supervisors start actually supervising, we are going to see document after document walk out of our most secure facilities and we aren’t even going to know they are gone unless Wikileaks publishes them.