By Joseph Marks
The floor of the main lobby of the CIA in Langley,
Federal prosecutors’ failure to convict an accused CIA
Joshua Schulte was charged in what CIA officials called the largest leak in the agency's history, which they said caused “catastrophic” damage to national security. He allegedly passed a trove of digital tools the agency used to hack into
But jurors in a Manhattan courtroom deadlocked on the most serious charges, convicting him only of making false statements to investigators and contempt of court, as my colleagues Shayna Jacobs and Shane Harris report. The judge in the case, Paul Crotty, declared a mistrial on the remaining eight charges and the government is expected to try again for a conviction. A conference is set for March 26 to discuss next steps in the case.
The failure to convict Schulte was especially damaging because the intelligence community has made substantial efforts to protect its data from leaks since NSA contractor Edward Snowden released reams of sensitive data in 2013. Agencies have also developed new methods to track who is accessing specific pieces of classified information so they can quickly identify and punish the culprit.
And yet there wasn’t enough of a digital trail to convince jurors that Schulte was guilty beyond a reasonable doubt.
“Basically, a lot of jurors came in assuming that classified networks have all this great auditing and this case shows that — at least in some cases — they don’t,” Jake Williams, a former NSA hacker and founder of the
The verdict should raise serious questions
The verdict could also be damaging to the government’s argument in the encryption debate, Williams said. The Justice Department
“The government is saying ‘Don’t worry, we can keep this stuff safe.' And this
Prosecutors are far from finished with Schulte, however, and just because this jury couldn’t agree on a verdict doesn’t mean the next one won’t.
“The mistrial on the counts at issue here was more likely attributable to the jury’s specific assessment of the evidence as a whole than it was to the particular characteristics of a
Prosecutors will be able to retool their case during a second trial to make it more convincing.
“A trial in front of a jury is a complex thing and there are many factors at play,” Marcus Christian, a former federal prosecutor who now focuses on
Prosecutors portrayed Schulte as a disgruntled former employee and presented extensive evidence — including testimony from former co-workers who appeared under pseudonyms and with limited media coverage of their testimony.
Schulte’s attorneys, however, argued the government could never prove he gave the hacking tools to WikiLeaks because other CIA employees had access to
“The bottom line is this
The case was also something of a test for the government because Schulte was the only one of several high-profile
DOJ charged Snowden with crimes – including violating the Espionage Act and theft of government property. But he’s living in Russia where he won’t face extradition. Another NSA contractor, Reality Winner, pleaded guilty to unauthorized transmission of national defense information and was sentenced in 2018 to five years in prison. Former Army intelligence analyst Chelsea Manning was convicted at a court-martial in 2013 for disclosing data to WikiLeaks, but President Obama commuted her sentence in 2017 after she served seven years.
Schulte had left the CIA for a job in New York City by the time WikiLeaks began publishing the trove of hacking tools in March 2017. But investigators traced the breach to when he was still employed in the agency’s Engineering Development Group.
He was arrested after FBI investigators found evidence of child pornography on his computer, including more than 10,000 photos and videos, prosecutors alleged. It was more than nine months later that Schulte was formally charged in the leak case. He’s awaiting a separate trial on the child pornography charges, to which he has pleaded not guilty.
“I doubt the mistrial on the pertinent counts here will meaningfully erode future deterrence against leaks, as few
PINGED, PATCHED, PWNED
Two teenagers on smartphones.
Millions of the records found by researchers belonged to children. The data included location coordinates from users’ last posts, many of which traced to specific schools, workplaces, military bases and residential neighborhoods. The confessions included deeply personal information, such as users' sexual orientation, confessions of adultery and posts about suicide.
“This has very much violated the societal and ethical norms we have around the protection of children online,” researcher Dan Ehrlich told Drew. “No matter what happens from here on out, the data has been exposed for years.
Researchers found the exposed data on a non-password-protected database open to the public, which they shared with Drew. They also alerted federal law enforcement officials and the company about the vulnerability. The researchers said
Shortly after researchers and The Post contacted Whisper on Monday, access to the data was removed. The company did not respond to multiple requests for comment.
“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said in a statement.
The case is now pending in
Facebook reached a $5 billion settlement with the U.S. Federal Trade Commission in July for the Cambridge Analytica scandal. The social media company agreed to overhaul its consumer privacy practices as part of the agreement.
NSO, which previously hadn’t shown up at court, is asking the judge to vacate that ruling and is asking for an additional 120 days to respond to Facebook's lawsuit, according to court documents.
The case marks the most significant effort to date to hold companies that sell hacking tools accountable for how those tools are used by government clients.