14 comments

[ 2.8 ms ] story [ 39.9 ms ] thread
He accepted a plea bargain and still won’t be out for 9 years; had he gone to trial he likely would have been in prison his entire life.

> Mr. Martin was never charged with leaking information, only illegally retaining national defense information.

These sentences are insane.

They are building a culture of fear, from Manning to Assange to Winner to Snowden: they want everyone to be so afraid of them that the concept of doing the right thing seems equivalent to death.

I'm not sure the idea that you shouldn't hold onto secure data is anything new or all that unusual historically.
In what sense was Martin "doing the right thing" by hoarding documents seemingly for its own sake/to satisfy some tick? I don't think it's fair to the others you listed to lump Martin in with them.
The specifics of his case are irrelevant; they are using any and all opportunities to create an atmosphere of extreme fear.

Assange isn’t even subject to US law and doesn’t/didn’t have a clearance. They’re going after him on whatever grounds they can scare up simply for publishing.

It’s part of a wider plan, to shore up the fact that they are vulnerable, which Snowden most effectively demonstrated.

If Martin had released these files somehow, wouldn't there likely have been stenographic measures in place to trace the source of the leak? Or like, ANY corroborating accounting for the transfer of ~50 TB of data? I guess the important lesson of the story is that NSA contractors can lose track of terabytes of data being exfiltrated over the course of decades. /Decades/.

Who knows, maybe there are 10 more Martins out there who are just better at covering up their tracks. Then again, maybe not. Maybe anything.

I guess there's always the "you can't stop someone from taking a photo of your computer monitor" problem (forgetting the name rn), but even then you can use little things like spacing words slightly differently per presentation of the file, etc.

There are definitely steganographic measures in place. Reality Winner is currently imprisoned because The Intercept didn't properly remove yellow tracking dots from a printed memo she leaked to them. Printed documents are easily tracked this way, and I suspect minor variations and invisible unicode, etc. is used for more widely desseminated digital material.

There is almost definitely 10 more martins out there... exfiltration is so diverse of a problem that any system with strict auditing and controls will still have side-channel attacks.

>I guess there's always the "you can't stop someone from taking a photo of your computer monitor" problem (forgetting the name rn), but even then you can use little things like spacing words slightly differently per presentation of the file, etc.

See https://en.wikipedia.org/wiki/Analog_hole

I see it kinda surprising to see that a lot of US spooks are private contractors, and not people in uniform, or even full time employees.

Can anybody shed light on that?

When the NSA project codename list first leaked, I ran a linkedin search with some of them, and I got over a hundred hits on some of them, with people seemingly not concerned with naming them at all on their resumes.

The story I hear is that NSA doesn't pay enough. So one path for people is to quit then work for one of the military contractors which then end up doing contracts at the NSA but get paid a lot more.

But maybe that is unrelated since if he would still ex-filtrate data even if he worked directly for NSA.

> But maybe that is unrelated since if he would still ex-filtrate data even if he worked directly for NSA.

This is something that's not really clear. There will always be leakers, but being part of an organization becomes part of many people's identities. The success of the organization then becomes a much more personal effort, which would likely discourage people from taking actions that might hurt it.

My point being: contractors may not have the same sense of ownership or belonging-ness that employees do. I will freely admit that this is an untested hypothesis though.

> My point being: contractors may not have the same sense of ownership or belonging-ness that employees do

That's fair. I do see someone directly working for NSA maybe being more devoted to their country. Though I imagine it must be hard when they know their previous co-workers, who now moved to Booz Allen are making 2x working on the same projects.

I recommend reading "Top Secret America." It's really eye opening, and discusses the post-9/11 increase to our intelligence services and how that lead to the large number of contractors.

Importantly the authors note that in the increase in sheer number of employees/bureaucracy/contractors/duplicative effort, has lead to a worsening in the national security apparatus. I believe they're right.

They also have a website here as it was in part a WaPo series: http://projects.washingtonpost.com/top-secret-america/

The title is misleading, as it wasn't really a "heist", which implies armed robbery. This guy stole information by taking it home from work over a period of many years.

Seems like a fairly light sentence considering he had amassed 50 terabytes of data by the time he was caught. According to Wikipedia he was caught when he contacted a Russian security firm, who in turn contacted the NSA (which is interesting in itself). [0]

[0] https://en.wikipedia.org/wiki/Harold_T._Martin_III