NSA contractor arrest highlights challenge of insider threat
The arrest of a National Security Agency contractor for allegedly stealing classified information was the second known case of a government contractor being publicly accused of removing secret data from the intelligence agency since 2013.
The latest arrest came despite efforts to reform security after the Edward Snowden disclosures, especially in regards to insider threats.
Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was arrested by the FBI in August after federal prosecutors say he illegally removed highly classified information and stored the material in his home and car. A defense attorney said Martin did not intend to betray his country.
The arrest was not made public until Wednesday, when the Justice Department released a criminal complaint that accused Martin of having been in possession of top-secret information that could cause "exceptionally grave danger" to national security if disclosed.
The fact that Snowden and now Martin - both working for Booz Allen Hamilton as contractors for NSA - were able to leave the NSA with highly classified documents, especially given the supposed security upgrades put into place, begs the question as to whether the intelligence agency's efforts to tighten internal security afterward were effective or adequate. The NSA declined to comment.
"One key thing we don't have visibility into now, is how he was caught, because that would provide some insight into whether the reforms that were put in post-Snowden were effective or not, or their relative efficacy," said Rajesh De, who was the NSA's general counsel when the Snowden story broke and remained there until last year. Snowden's 2013 theft of documents that were leaked to journalists revealed the NSA's bulk collection of millions of Americans' phone records.
Rep. Adam Schiff, D-Calif., the ranking member of the House Permanent Select Committee on Intelligence, said in a statement that "it is painfully clear that the Intelligence Community still has much to do to institutionalize reforms designed to protect (U.S. government secrets) from insider threats."
While details remain sparse, Martin's arrest also illustrates the difficulty of guarding against an insider threat when you have employees that, by virtue of their clearance level and jobs, must be entrusted with the nation's secrets.
It's unlikely, given the thousands of people in the intelligence community, that "you're going to be able to stop every incident of somebody taking documents if they're determined to do so. But the real question is how quickly can you detect it, how quickly can you mitigate the harm of any such incident."
Adm. Mike Rogers, who heads the NSA, has spoken multiple times since 2013 about efforts the agency has taken to ensure that such a thing doesn't happen again. He has said the agency tried to strike a balance so as to not overly upset workers, who are law-abiding citizens, with aggressive internal security mechanisms.
On Wednesday evening at a Harvard University event, Rogers declined to offer details on the ongoing investigation, but officially confirmed that the contractor was employed at the NSA, which monitors and collects sensitive information and data, mostly from overseas.
Among the classified documents found with Martin, the FBI said, were six that contain sensitive intelligence - meaning they were produced through sensitive government sources or methods that are critical to national security - and date back to 2014. All the documents were clearly marked as classified information, according to a FBI affidavit accompanying the complaint.
The complaint does not specify what documents Martin is alleged to have taken. He was arrested around the same time U.S. officials acknowledged an investigation into a cyber leak of purported hacking tools used by the NSA. That tool kit consists of malicious software intended to tamper with firewalls, the electronic defenses protecting computer networks. Those documents were leaked by a group calling itself the "Shadow Brokers." The complaint does not reference that group or allege a link to Martin.
White House spokesman Josh Earnest said President Barack Obama takes the situation "quite seriously. And it is a good reminder for all of us with security clearances about how important it is for us to protect sensitive national security information."
The New York Times first reported the arrest of a NSA contractor who worked for Booz Allen Hamilton. Booz Allen said in a statement that after learning of the arrest of one of its employees, it contacted law enforcement authorities to offer its cooperation and fired the worker.
At Martin's home, investigators found stolen property valued at "well in excess of $1,000," the complaint said. He voluntarily agreed to an interview.
"Martin at first denied, and later when confronted with specific documents, admitted he took documents and digital files from his work assignment to his residence and vehicle that he knew were classified," the affidavit says. "Martin stated that he knew what he had done was wrong and that he should not have done it because he knew it was unauthorized."
He has been in custody since a court appearance in August, when he was arrested.
"There is no evidence that Hal Martin intended to betray his country," his public defenders, James Wyda and Deborah Boardman, said in a statement. "What we do know is that Hal Martin loves his family and his country. He served honorably as a lieutenant in the United States Navy, and he has devoted his entire career to serving his country. We look forward to defending Hal Martin in court."
The complaint charges Martin with unauthorized removal and retention of classified materials, which carries a maximum one-year sentence, and theft of government property - an offense punishable by up to 10 years.
In 2013, journalists relying on classified documents stolen by Snowden revealed the NSA's bulk collection phone records and spurred a national debate on privacy and national security.
Rogers has said that since those revelations, he's repeatedly reminded the workforce of their agreement to never divulge the sensitive information they've been given access to. In prior comments, Rogers has said security isn't just about technical and insider threat preparation, but also about ensuring professional behavior.
"At times, I have some people telling me, 'Hey, what this should show you is you can't trust contractors,' " said Rogers, in a speech at Stanford University in 2014, noting that some of the biggest compromises of information came from direct U.S. employees. "This idea that you can't trust contractors, I just don't think I'm concerned about the long-term implications of that."