Possible security gap allowed Booz Allen employee to shift highly sensitive jobs
By Evan Perez
WASHINGTON (CNN) — Harold Martin was removed from a contract position at the National Security Agency in the past year following conflicts with co-workers, but that ouster did not prevent him from getting a different contract job in the government, US officials briefed on the investigation tell CNN.
Booz Allen Hamilton, his employer, moved Martin to a new contract position working for the Defense Department, which was the post he held when he was arrested in August, the officials said.
The nature of the disagreements that prompted NSA officials to request that Booz Allen remove Martin from the agency couldn’t be learned. Spokesmen for the NSA, Booz Allen, the Pentagon and an attorney for Martin all declined to comment on his employment.
Martin was posted in a variety of positions under the Defense Department contract, including doing work on some of the government’s most secretive cyberprojects operating from Fort Meade in Maryland where the NSA is headquartered. The officials say Martin’s removal from the NSA contract did not affect his security clearance.
US intelligence officials are now scrutinizing Martin’s work history and whether the nature of his removal at NSA should have prevented him from getting a new position that required a security clearance.
The intelligence officials are trying to determine whether Martin slipped through the cracks as he shifted jobs and whether reforms to the government’s security clearance system in the wake of the Edward Snowden disclosures worked as they should have, US officials said.
What can the government do?
The arrest of Martin raised new questions about what the government can do to mitigate the risk of leaks by insiders.
Investigators believe that for years, Martin illegally took home highly sensitive material, some of which was found on dozens of computers and hundreds of hard drives and thumb drives that FBI agents seized at his residence when he was arrested. Paper copies of highly classified documents were also found.
So far, investigators haven’t found evidence to suggest Martin stole information for a foreign government or had political motivations. Officials say that makes the Martin case different from that of Snowden, who has said he acted to expose what he believed was excessive government surveillance.
The leaks of classified US information by Snowden — and the earlier leaks by Chelsea Manning, then known as Bradley Manning — prompted the government to spend hundreds of millions of changes to government security practices to protect classified information.
Among the changes made: the use of thumb drives were eliminated in the intelligence community, there’s more monitoring of systems and wider use of encryption.
Much of the material Martin is accused of stealing predates the Snowden disclosures.
A US official who helped oversee some of the post-Snowden security changes tells CNN that the US intelligence community has to balance the need to protect secrets with allowing employees a measure of privacy.
“The people that we are monitoring are the most trusted people in America,” the official said. “How far do we want to go in terms of Big Brother watching what you do?”
The official declined to discuss the Martin case because it is an ongoing investigation.
Intelligence officials are still waiting to see the conclusions from the Justice Department’s investigation to see whether any security measures require changes.
“We need to wait to see what the evidence bears out in this case,” the official said. “Don’t automatically put this guy in the same bucket as Edward Snowden.”
US intelligence officials said there aren’t any additional concerns about contractors or about Booz Allen.
Josh Earnest, a White House spokesman, said he wasn’t aware of any wrongdoing on the part of the employer.
“If there are lessons that we can learn and reforms that can be implemented to prevent something like this from happening again, we certainly want to do that,” Earnest said. “But as long as we are sharing information with government employees, sensitive national security information that is critical to protecting the country, this kind of risk exists. But the risk of not sharing that information is even higher.”