Did The Intercept Betray Its NSA Source With Sloppy Reporting? Here's What To Know.
On Monday, the Intercept broke the news that Russian military intelligence attempted to hack an American voting software supplier and local election officials in the days leading up to the 2016 election. The report was based on a highly classified NSA document, which the Intercept received in the mail from an anonymous source.
Shortly after the Intercept's article was published, the Department of Justice announced that the FBI had arrested 25-year-old intelligence contractor Reality Winner on Saturday for sharing classified information with a news outlet. NBC News and BuzzFeed quickly confirmed that the two stories were connected: Winner was the anonymous source who shared the NSA's document with the Intercept.
Did the Intercept burn Winner with sloppy reporting? Or did Winner seal her own fate by failing to cover her tracks? Here's what you need to know about the controversy.
Evidence That The Intercept Betrayed Winner
The Intercept Sent A Copy Of The Document To An NSA Contractor Who Tattled
One of the Intercept's reporters shared a photograph of the document with another contractor in an attempt to verify its authenticity. Crucially, that reporter told the contractor that the document had been sent from Augusta, Georgia — where Winner lives.
[O]n May 24, a reporter from the Intercept reached out to an unnamed government contractor, trying to determine the validity of the leak. During the exchange, the Intercept revealed that the leak had been mailed with a postmark of Augusta, Georgia, where Winner lives. (Checking with other sources about the validity of a leak is not necessarily bad opsec; revealing specific information about the leak almost certainly is — though it's also probably more common than journalists would like to admit.)
According to the FBI's search warrant affidavit, the contractor eventually told his or her superiors about the conversation with the reporter.
The Contractor informed the Reporter that he thought that the documents were fake. Nonetheless, the Contractor contacted the U.S. Government Agency on or about June 1, 2017, to inform the U.S. Government Agency of his interaction with the Reporter. Also on June 1, 2017, the Reporter texted the Contractor and said that a U.S Government Agency official had verified that the document was real.
Lawfare's Susan Hennessey points out on Twitter that the Intercept's contractor source was legally obligated to report any leak to his or her superiors, which means that the Intercept was taking a big risk by sharing the leak with him or her.
The Intercept Also Gave A Copy Of The Document Directly To The NSA
As part of the verification process, and to give the government a chance to recommend redactions of sensitive info, the Intercept shared some version of the document with the NSA.
The Intercept also passed along a copy of the document to the government as part of its reporting process — and that apparently contained some clues as well. "The U.S. Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space," says one of the court documents.
The Document Shared With The NSA May Have Contained 'Microdots' Showing Exactly When And Where It Was Printed
What are microdots?
The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
The version of the document that the Intercept published on its website contained printer dots, and so many are assuming that the version it sent to its tattling security contractor source and also to the NSA also contained the dots.
The Intercept Should Have Known That The Document Contained Metadata And Retyped It To Be Safe
Information security types on Twitter have chastised the Intercept for not knowing that the printed document likely contained microdots or other metadata.
Information security researcher "The Grugq" suggested that any journalist who deals in leaked documents should take care to retype them in order to protect sources.
The Intercept Doesn't Provide Much Detailed Advice For Would-Be NSA Leakers On Its Website
Matthew Garrett, a security developer at Google, points out that the Intercept's guide for leakers says almost nothing about the NSA's techniques for keeping tabs on classified information, which may have given Winner a false sense of security.
Evidence That Winner Doomed Herself
She Had Emailed The Intercept Before From A Work Computer
Winner was apparently a fan of the Intercept, and she'd apparently emailed the Intercept twice in March — more than a month before the classified document was written. The FBI cites this email contact in the affidavit it filed to get a search warrant for Winner's house.
It's important to note here that — contra the assumptions of many on Twitter — her contact had nothing to do with the story, and occurred months before she even allegedly accessed the report that was leaked. She emailed the site on March 30 from her private Gmail account, asking for a transcript of a podcast. She emailed the site again on March 31, confirming "subscription to the service," (likely one of the Intercept's newsletters).
The Intercept even warns potential leakers on its website that visiting the Intercept can be risky, as the Washington Post's Erik Wemple points out.
On its site, the Intercept provides a tutorial to prospective leakers throughout U.S. officialdom. It advises them to take advantage of its SecureDrop server, for instance, and warns them to be careful about their Internet habits. "If you have access to secret information that has been published, your activities on the internet are likely to come under scrutiny, including what sites (such as The Intercept) you have visited or shared to social media," reads the guidance. "Make sure you're aware of this before leaking to us, and adjust your habits as needed well before you decide to become our source. Tools like Tor (see above) can help protect the anonymity of your surfing."
Also: "Don't contact us from work."
Based on U.S. government documents released on Monday, it's fair to say that Reality Leigh Winner didn't apparently follow all those warnings.
Only Six People Had Printed It Out, And Winner Didn't Have A Work Reason For Printing It
The federal documents in the case provide a window into how that scoop evolved. Winner, according to a search warrant affidavit, was found to have printed the NSA report on May 9, just four days after its publication date. Authorities determined how many workers had printed the report — six, it turned out. A search of her computer, too, turned up email correspondence with the Intercept.
The subject matter in the report, according to the document, is unrelated to Winner's job duties, for which she maintained a Top Secret clearance.
Winner Could Have Screenshotted The Document Instead Of Printing It — But Even Then She Likely Would Have Been Found Out
William Turton at The Outline suggests that Winner should have known that printing out the document would be risky, and that she would have been better off choosing a different way of capturing the document.
Winner made a few big mistakes, including emailing The Intercept on another occasion from a computer at work, and printing the document that she eventually mailed to reporters. It's unclear why Winner opted for this tactic, instead of, say, screenshotting the documents from a personal cell phone or screencapping them and then printing them.
But Jake Swearingen of New York Magazine points out that the NSA has ways of finding out anyone who's ever even looked at a document — and that since Winner had no valid work reason for accessing the document, she would be an obvious suspect under any circumstances.
[I]t's important to note that the FBI and NSA didn't need to know that the pages had even been printed. All material classified "top secret" (the highest security rating a document can receive) are stored in a massive government intranet known as the Joint Worldwide Intelligence Communications System, or JWICS. As detailed by New York Magazine contributer Yashar Ali on Twitter, this system logs everyone who accesses top secret documents, as well as what they do with them. Even if the Intercept had verified the document without alerting the NSA, and then paraphrased the entire report, after it published its story, the government would have quickly moved to determine who had accessed the document — and Winner would have, eventually, come under the same scrutiny.
