Detained NSA contractor doesn’t fit ‘insider threat’ profile, raising questions

2016-10-05-nsa-arrest

Following news today that a National Security Agency contractor, Harold Thomas Martin, was arrested over a month ago and secretly detained since then for allegedly stealing classified documents, many questions remain unanswered, but some details are known.

Martin worked for Booz Allen Hamilton, the same defense and intelligence community contractor that whistleblower Edward Snowden had been working for when he escaped to Hong Kong in 2013 with thousands of NSA documents. Martin was arrested at his home in Glen Burnie, Maryland on August 27 after an FBI raid which led to the discovery of copies of documents classified “Top Secret” and “Sensitive Compartmented Information.”

An anonymous “administration official” was quoted by the New York Times as having said that Martin did not appear to be politically motivated and was “not like a Snowden or someone who believes that what we were doing was illegal and wanted to publicize that,” but that it also didn’t appear to be a case of espionage. Interestingly, the Times reports that Martin “did not fit any of the usual profiles of an ‘insider threat.'” In fact, as Lee Fang of the Intercept points out, one of the services that Martin’s employer Booz Allen actually offers to the government, ironically, is an “insider threat” detection system.

Far from being a loosely thrown-around term, the so-called “insider threat” is one that the Defense Department, which the NSA is part of, has focused intensely on in recent years and spent considerable resources attempting to address. In June, a massive new Pentagon “insider threat” database went online. The DoD was criticized at the time by the Electronic Privacy Information Center, among others, for implicitly objecting to guaranteeing “fairness” to individuals whose information would be stored in that system.

Part of the new approach that integrates the “DoD Component Insider Threat Records System,” as it is known, is a strategy of intensive employee surveillance. Known as “continuous evaluation,” it involves things like keystroke logging and monitoring of printer, copier and fax machine use. Pentagon employees are subject to having their emails and other communications including private messages and social media potentially monitored at all times.

The “Insider Threat” database also allows access to the kinds of extensive personal and biometric data (a.k.a. fingerprints, iris scans, etc.) recorded in background checks for sensitive government positions and security clearances that was stolen in last year’s massive hack of the Office of Personnel Management. Despite gathering and centralizing this huge and diverse amount of data (which in itself poses a security risk), none of it, at least according to the Times‘ anonymous sources, provided the clue to Martin’s identity.

“It is not clear when and how the authorities first learned the contractor’s identity, when they believe he began taking information, or whether he passed it to people outside the government,” the Times reports.

It is also unclear whether Martin is connected to the Shadow Brokers leak, in which a number of sensitive NSA hacking tools were exposed in August. Many have speculated for some time about the possibility of a “second Snowden,” and despite their anonymous source’s denial of Martin being “like a Snowden”, the Times reported that “it is unclear whether he had political motives, as Mr. Snowden did when he exposed programs that he said violated the privacy of American citizens.”

And while many pointed the finger at Russia in the immediate aftermath of the Shadow Brokers revelations, that assumption, too, now appears to be far from reliable. At the time, the Times reports, NSA “would not even return phone calls inquiring about the leak of the code, and froze out former employees with deep contacts in the agency. But in recent days officials said it was not clear that Russia was involved.”

As another NSA data security breach emerges, whatever the actual nature of Martin’s alleged actions or his true motivations, a couple of things appear increasingly obvious. One is the dubious value of the Pentagon’s new “insider threat” database given that its wide-ranging resources apparently couldn’t identify Martin as fitting an insider threat “usual profile.” Another is that the government’s claims of competence in quickly identifying the source of hacks and leaks — as demonstrated by their neo-Cold War finger-pointing, followed by conflicting statements and backtracking — is somewhat exaggerated, to put it mildly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s