The swift arrest of the latest contractor charged with providing a top-secret intelligence document to the news media offers a cautionary lesson for both leakers and the journalists who deal with them: Conceal your tracks.
While modern technology has made it easier than ever to pass along government secrets, it also creates digital footprints that can expose leakers to retribution from an administration that has vowed to jail them.
That appeared to be the case with Reality Winner, a 25-year-old intelligence agency contractor in Georgia who was arrested Saturday under the Espionage Act on charges of mailing a classified report to an online news organization in early May. Based on court documents filed by the Justice Department, technology experts and free speech advocates say Winner may have made basic missteps that inadvertently led to her quick capture — and the same might be true of The Intercept, the news organization to which she’s suspected of having fed secret information on Russian interference in the 2016 U.S. election.
Those digital breadcrumbs include hard-to-notice data hidden in the leaked report, which security experts say contained telltale signs of exactly when and where it had been printed. DOJ filings said a journalist had provided a copy of the document to the government while trying to verify its authenticity, a decision that Barton Gellman, a longtime investigative reporter with The Washington Post, called “baffling.”
“Don’t show them the document. Don’t talk about any of the circumstances around when you got it, how you got it, where it’s from, even to characterize it,” Gellman, who led The Post’s coverage of government leaker Edward Snowden’s National Security Agency revelations, said in an interview with POLITICO. “These are extremely competent intelligence organizations who can take things you would not realize are big clues and exploit them.”
Even if Winner was likely to be outed eventually, the document’s handling expedited that process, security experts and those who deal with government leakers agreed.
“I continue to be dismayed at the significant operational security failures demonstrated by leakers of classified information and the journalists who receive them,” said Mark Zaid, an attorney who represents government whistleblowers and members of the media in such cases. “Given technology advancement and the pervasiveness of how we use and rely on it, people seem to forget how simple it is to track electronic actions.”
Winner is hardly the first leaker to face prosecution for disclosing secrets — the Obama administration’s aggressive use of the century-old Espionage Act brought prison terms for defendants like Chelsea Manning, who served seven years for supplying classified troves to WikiLeaks, and turned Snowden into a hunted fugitive. The Obama-era Justice Department also scored the first ever prison sentence for a CIA officer, John Kiriakou, over passing classified information to a journalist.
But leaks have taken on special political importance during Donald Trump’s presidency, which has been rocked by a series of unauthorized disclosures about ties between his advisers and Russia and the president’s conversations with Russian ambassadors, world leaders and fired FBI Director James Comey.
Trump and Attorney General Jeff Sessions have inveighed against these disclosures. Trump has vowed on Twitter that “low-life leakers … will be caught,” and Sessions said in April that “whenever a case can be made, we will seek to put some people in jail.”
That means both the people who reveal the information and the journalists who receive it need to take care to avoid disclosing the identity of the sources, according to free speech and civil liberties groups.
These organizations fear that the speed and aggressiveness of Winter’s arrest may be an indicator of what’s to come. While Barack Obama’s DOJ wielded the Espionage Act against leaks more than all prior administrations combined, Trump and his top officials have brought a rhetorical fire to that crusade. Trump even asked Comey to consider jailing journalists who publish classified information, according to information leaked to the news media last month.
“Leaks to journalists occur every day, as they have for decades, and are a vital source of information for the public in our democracy,” said Patrick Toomey, an attorney with the American Civil Liberties Union’s National Security Project. “It would be deeply troubling if this prosecution marked the beginning of a draconian crackdown on leaks to the press by the Trump administration.”
The incident “makes it harder to get information out when it should come out,” said Steven Aftergood, an expert on classification policy and director of the Federation of American Scientists’ Project on Government Secrecy.
The Intercept — which isn’t named in the DOJ documents — also came in for criticism over its possible role in accidentally exposing its source to arrest. The loudest critics include the anti-government secrecy group WikiLeaks, which offered a “$10,000 reward” on Twitter “for information leading to the public exposure & termination of this ‘reporter.’”
The Intercept declined to comment in detail on the case, saying in a statement Tuesday that it doesn’t know who its source was and expressing skepticism about the allegations against Winner. “Winner faces allegations that have not been proven,” the news site said. “The same is true of the FBI’s claims about how it came to arrest Winner.”
But according to reports, government filings and security experts, it appears that The Intercept’s handling of the documents it relied on for the Russia story it published Monday may have accelerated the government’s discovery of Winner. The story reported that the Kremlin’s cyber spies had seemingly cracked into a U.S. voting database software supplier and used the information to craft malware-laden emails sent to over 100 local election officials — the most concrete example to date of Russian efforts to go after voter data or voting machines.
For one thing, security experts said the leaked documents posted on The Intercept’s website contained damning micro-data that, when decoded, revealed exactly when and where the document was printed. That data would also have been available to federal investigators if the publication had shared the documents with the government, as the DOJ’s court filings indicated.
Investigators also said the document “appeared to be folded and/or creased,” offering a clue that someone had printed it out, according to the filings.
Additionally, investigators found that only six people, including Winner, had printed the report, the FBI said in an affidavit. It noted that Winner had searched for the document around the time it was printed, despite the fact the analysis was not related to her job. She had also used a work device to exchange emails from her personal account with the media organization, the filings said, an oversight that security experts found surprising.
Taken together, these clues almost immediately made Winner the prime suspect.
Finally, in another attempt to verify the contents of the explosive report, the news organization ran it by another government contractor, disclosing that the document had been sent through the mail and postmarked in Augusta, Georgia, the DOJ wrote. The contractor promptly relayed these crucial details to superiors.
Gellman, the Post reporter, said journalists should be much more sparing in the information they share with government about leaked documents. Gellman said he would offer the document’s name, date and author, and then tell the government, “Go find it and then we’d go over it verbally.”
But many experts were quick to note that, based on the government’s allegations, Winner had made critical mistakes of her own that would have put her in the cross hairs eventually — such as emailing the news outlet from a work device and printing a report that few others did. Others, including Gellman, noted that The Intercept has properly protected sources and secret documents before.
“It does not appear that other protocol by The Intercept would have protected the identity of the alleged leaker,” said Justin Fier, a cyber specialist at the cyberdefense firm Darktrace and a former government contractor for more than a dozen years.
Regardless, the incident has jolted the media world. And Alexandra Ellerbeck, a senior research associate for the Committee to Protect Journalists’ Americas program, called the government’s continued use of the Espionage Act to go after journalists’ sources “deeply troubling.”
The act is “a 100-year-old law originally used to go after spies,” she said, expressing fear that Trump might someday turn the law on journalists themselves. The prospect, she said, “is something that we’ve been worried about for a while.”
Eric Geller and Hadas Gold contributed to this report.