It’s happened again. An employee at the National Security Agency, our largest and most powerful intelligence service, has gone off the rails, stealing documents on an unprecedented scale.
When the case of Harold Thomas Martin III, an NSA contractor, broke earlier this month, I explained that the fact the FBI caught him taking classified information home was a bad sign, since it’s often a tell that espionage may be involved. As I stated:
Let me say that, as a former NSA counterintelligence officer, people seldom take classified information home with them just once. There are only two reasons why anybody risks jail by illegally removing secrets from the office. Either you’re seeking to sell them to a foreign intelligence service, or you’re just a weirdo who does that sort of thing for fun.
Martin, who was arrested in late August, was not initially charged with espionage, rather with mishandling classified information, a far less serious crime. An overweight nerd, he gave the impression of being the sort of “weirdo” I described rather than a mole.
Now, however, it’s apparent that the theft of classified information perpetrated by Martin over many years was truly astonishing and unprecedented in scope. This week, Federal prosecutors used the word “breathtaking” to describe what Martin had done and indicated they intend to charge him with crimes under the Espionage Act.
The FBI seized roughly 50 terabytes of digital information—that’s half a billion pages of documents—from Martin in late August, which is many times greater than the theft of 1.5 million classified documents perpetrated by Snowden, which when he did that, before defecting to Russia, was the biggest such theft in American history.
Taxpayers have every right to expect it to do its top secret job, properly, with accountability for failures as well as successes.
Unlike Snowden, Martin seems to have made no effort to pass this information—which included “specific operational plans against a known enemy of the United States,” per prosecutors—to journalists or foreign intelligence services, but investigators close to the case describe how he had very sensitive NSA information, at the top secret and above level, just lying around his house, totally unprotected. Worse, this had been going on for 20 years, from the beginning of Martin’s employment as an Agency contractor after he left active duty with the U.S. Navy.
There’s a good reason you’re required by law to store what NSA calls Top Secret/Sensitive Compartmented Information in special hardened facility called a SCIF, to protect it from loss or compromise. Even if Martin never gave this information to anyone else, by keeping it in his home for two decades he exposed it to serious risk of exposure.
As yet, Martin gives no sign of being the Russian mole that NSA’s been hunting inside its ranks for years—it was not Edward Snowden—yet there are several curious facts about this case. As prosecutors stated, Martin’s “handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations.”
Then there’s the fact that some of the purloined NSA data seized from Martin’s possession included top secret information that appeared online this summer on a website run by the so-called Shadow Brokers, which wanted to sell the highly classified hacking tools. This affair, which gave every appearance of being yet another Kremlin operation to humiliate the NSA, was another blow to Agency prestige and morale, which were still lagging from the Snowden debacle.
Although the FBI hasn’t found anything yet linking Martin to the Shadow Brokers case, any counterintelligence hand would have a lot of questions here. Even more questions arise from the fact that Martin was chatting online in Russian with foreign entities. It’s no surprise that prosecutors don’t want Martin to get bail, since they’re afraid he’ll pull a Snowden and flee abroad, maybe to Moscow.
It will take investigators many months to go through Martin’s vast haul of purloined classified documents to assess the damage to our national security. Counterspies will be looking for any indications that foreign intelligence services got their hands on that huge collection of Intelligence Community information. Exactly what Martin eventually gets charged with will depend on what they find, particularly if there are any links between this case and other known compromises of NSA information.
Regardless, this debacle is another public black eye for the Agency when it really didn’t need one. In the aftermath of Snowden’s appearance in Moscow, NSA and the whole Intelligence Community swore to fix mistakes and finally get serious about security. The “insider threat” problem was going to be addressed, at last. “This time it’s different,” Agency higher-ups told Congress, asking for a chance to repair a broken counterintelligence system that keeps giving us traitors, defectors, and uncaught moles.
Except they didn’t mean it. Congress was skeptical of NSA promises, and the Martin disaster shows they were right to be. How anybody stole 500 million documents from the Agency across two decades without getting caught needs to be answered—in detail and, for once, with total honesty.
Then there’s the touchy matter of the Agency’s overuse of contractors. They have long been a security problem, since their counterintelligence standards, while officially as rigorous as those applied to NSA employees, in practice are frequently much less so. The Snowden case demonstrated this painfully, yet the fact that Martin was a longtime employee of Booz Allen Hamilton—the very same powerful defense contractor Ed Snowden worked for—does not inspire confidence that anything’s been fixed.
Congress warned everyone recently that NSA was just another security disaster waiting to happen. Last month, the House Intelligence Committee informed the public of its findings in the Snowden case. In scathing language, they revealed that Ed’s a liar, a fraud and a pawn of the Kremlin—hardly the brave whistleblower he’s been posing as, from a Russian perch under Putin’s roof, for years.
Less noticed by the public were the committee’s harsh words on the still sorry state of security in the Intelligence Community, more than three years after Snowden showed up in Moscow. As their report stated, “NSA, and the IC as a whole, have not done enough to minimize the risk of another massive unauthorized disclosure…NSA has yet to effectively implement its post-Snowden security improvements.”
If NSA didn’t get serious about security after Snowden, it’s fair to ask if anything can make the Agency wake up to the extent of its counterintelligence problems. There’s nothing new here. NSA security has been a mess for years. “Snowden was going to happen, it was only a matter of time,” explained a senior Agency official to me recently. If the Martin disaster doesn’t spur a long-overdue overhaul of NSA counterintelligence, we can expect that nothing ever will.
Just how fundamentally unserious the Agency is about such vital matters is revealed by the fact that NSA has had the same security boss since late 2000. L. Kemp Ensor III has headed the Agency’s security organization (officially it’s the Associate Directorate for Security and Counterintelligence) since Bill Clinton was in the White House, through three NSA directors.
Ensor built the security system that has failed dismally, yet he kept his job after the Snowden disaster. Nobody at NSA gets fired for merely screwing up, but after major failures people do get “reassigned” to “explore new opportunities.” That Ensor remained NSA’s security chief after Snowden appeared in Moscow—and is in place today, more than three years later—speaks volumes about the Agency’s sense of accountability. If he stays in that job after the Martin disaster, it’s painfully clear that NSA cannot be reformed.
The American public should have questions. As should Congress. NSA is the most important intelligence agency in the Western world. It’s the backbone of Western counterterrorism, our shield against jihadists and other evildoers. NSA is hardly the all-seeing eye that Snowden and his seedy retinue have portrayed—in reality, it’s nowhere near that powerful or competent. If the Agency cannot keep its secrets, there’s not much point to having an NSA. Taxpayers have every right to expect it to do its top secret job, properly, with accountability for failures as well as successes.
John Schindler is a security expert and former National Security Agency analyst and counterintelligence officer. A specialist in espionage and terrorism, he’s also been a Navy officer and a War College professor. He’s published four books and is on Twitter at @20committee.