How many more Snowdens?
Harold Martin is accused of stealing classified NSA matieral, like Edward Snowden
In late August, the FBI arrested Harold T. Martin, a former Booz-Allen-Hamilton contractor, on charges of mishandling classified information and theft of government property. Since 1996, investigators claim, Mr. Martin has amassed a vast collection of more than 50 terabytes of classified material from the National Security Agency.
The scope of his alleged criminal acts appears to dwarf Edward Snowden’s earlier theft and offer fresh evidence that there is still a serious problem in the security culture within the intelligence community.
Security professionals and senior leaders within the NSA and the intelligence community implemented institutional changes after Mr. Snowden stole roughly 1.5 million classified documents, including: more periodic background checks, reviews of public social media postings by those holding security clearances and stricter security controls on the information systems that Mr. Snowden exploited.
When I first began my career in the 1980s, and up to 9/11, the intelligence community operated on a “need-to-know” basis. Under that construct, when you put on your color-coded ID badge and entered a secure facility, you were limited to only the classified information you needed to accomplish your mission. Gaining access to anything outside of that mission area, or beyond what you were currently cleared for, was something that was always heavily scrutinized and justified before your access was expanded. There was an implied wall between offices within the same organization because of it and between the larger intelligence agencies.
In the mid-1990s, the intelligence community embraced the internet revolution with good intent, creating networks like National Security Agency in Fort Meade Intelink and internal computer networks. As office automation systems became more prevalent, the security concept of need-to-know remained in place.
But after 9/11, “need-to-know,” evolved into a “need-to-share” approach, which has obvious advantages. Information would be shared among all mission partners to meet the 9/11 Commission’s admonition that the intelligence community do a better job of sharing information to better track and deal with our adversaries.
The new need-to-share mindset, and the vast information-sharing potential of networked computers linked to everincreasing data storehouses, amplified an existing vulnerability: the “insider threat.” Counterintelligence agents have always concerned themselves with this kind of threat, but more from the standpoint of an individual sharing their personal knowledge or turning over a comparative handful of documents to a foreign intelligence service — what we traditionally think of when we hear the term “spy.”
As more Generation Y and millennial employees joined the intelligence commu- nity, their ingrained desire to share everything via networks, coupled with the new need-to-share mentality, became a tidal force within the intelligence community during the first decade of the 21st century. This expanded the data storehouses into a vast treasure-trove of highly classified information available for collaboration — and for exploitation by a malicious insider with an intelligence community badge and the network login he or she received automatically with it.
Mr. Snowden leveraged the lax security of NSA’s computer network, and it would appear Mr. Martin did as well. His alleged theft of 50TB of information over the past 20 years surpasses Mr. Snowden’s 60GB by several orders of magnitude.
The questions now are whether there are others in the intelligence community who took advantage of the negligent computer security pre-Snowden, what they’re doing with that information and how we find them — not to mention how we further tighten network security. The FBI should take every action within the law to prevent future leaks and find any potential leakers who still have daily access to classified information.
Additional instances of mishandling classified information cannot be tolerated — at any level of our government. Such actions place the lives our military, diplomatic and intelligence professionals at risk, as well as our citizens at home and abroad.
James Wyda, lawyer for Harold T. Martin III, makes a statement alongside Martin’s wife, Deborah Shaw, outside the Baltimore U.S. District courthouse after a federal judge ruled that Martin would remain in jail while his case moves forward.