A high-ranking NSA official has been indicted for leaking classified information and lying about it to investigators. The reported beneficiary of the leaks was Siobhan Gorman, then of the Baltimore Sun and now of the Wall Street Journal.
This is a big deal. It’s been years since officials saw any real risk in leaking classified information. This indictment will change the calculus, at least for members of the intelligence community.
It appears that the leaker did his best to defeat surveillance. He obtained a Hushmail account to communicate with the reporter. Hushmail offers encrypted webmail and operates from a server in British Columbia, where only a Canadian court can order it to assist law enforcemnt. Even so, the leaker was identified and suspended in about a year.
How did that happen? For starters, cyberspace is not completely anonymous. Even if Hushmail’s encryption system were foolproof, webmail systems usually record the IP addresses of their users, which would allow investigators to confirm that the NSA official was using the service — and perhaps to associate the timing of the emails to the reporter’s stories, or even her own Hushmail use. (I’m assuming the leaker used his home or, if he’s an idiot, his work computer; but even if he went to a cybercafe or wifi-enabled hotel lobby, it would still be possible to trace him with a bit of work.)
Armed with that information, it wouldn’t be hard to obtain an order forcing disclosure of the content of the official’s emails, since leaking classified information is a crime. Legally, that order would go through Canadian officials and courts, but in the end it would be served on Hushmail and honored. As Hushmail has acknowledged, it has the ability to decrypt mail sent to its server when it receives a valid court order.
I think we’ll see more cases like this. In my experience, most leakers, even of highly classified material, are motivated by surprisingly petty interests — things like spite, flattery, and a desire to win intramural debates by other means. It’s not that the rewards of leaking are so great; it’s that the downside risk seems so small. For the same reason, leakers often don’t use world-class tradecraft to protect themselves; they are protected largely by the perception, inside government and out, that leakers cannot be caught.
But that’s no longer true. We leave a much longer transactional trail in cyberspace than Deep Throat ever did. And mainstream media is losing the financial and publicity clout it once used to protect leakers and reporters from investigation. Brought by the Obama administration to punish leaks that hurt NSA in the last administration, this case could mark the end of an era — one that only really began in 1971, with the publication of the Pentagon Papers.