Emails obtained by Alexa O’Brien through MuckRock detail the confused reaction of the government after the emergence of WikiLeaks, and their confused and counterproductive attempts to deal with the game changing occurrence that must have seemed like a black swan event. Ranging from 2008 through 2013 and covering just over 500 pages (including redactions and reply emails with quoted text), the emails show that the response became increasingly about damage control and less about fixing anything – until they were ready to arrest someone for reading the Snowden documents.
While not as significant as that late revelation, one of the most interesting statements comes from an email sent by William Bosanko, then the Acting Director of Information Security Oversight Office for the National Archives and Records Administration (NARA), in a February 2008 email located at the very beginning of the documents.
The most interesting aspect is that when the site was ordered down, the folks who prepared the orders clearly had no idea as to how the internet works – following the instructions issued, the actual address was rendered inoperable while the IP address remained valid – so, like removing a telephone number only from the telephone book, but leaving the number functioning for those that know the number!
That comment was in response to another early email alerting NARA staff to the emergence of WikiLeaks, but it sets the tone for many of the government’s reactions to WikiLeaks’ publishing of classified information – they tended to be half-measures that either miss the point or are primarily an exercise in Cover Your Ass (CYA) bureaucracy, a trend which becomes very common throughout the intelligence community following any major scandal, from Watergate through WikiLeaks.
The first email in that chain, however, may be the most honest early governmental assessment of WikiLeaks. Rob Bledsoe, an Information Security Officer for NARA, described the website as “just another avenue that makes it easier for disgruntled employees, or anyone else with access and whatever motive, to give away the farm.” Compared to later comments that WikiLeaks was a new threat, this statement was refreshingly honest – WikiLeaks was simply a way for people to get information to journalists without having to play Deep Throat.
Another email reveals that NARA’s Information Security Oversight Office (ISOO) wasn’t promptly and properly briefed on the issue. Theresa Ramsey, the Deputy Director of Information Security Policy and Security Oversight for HUMINT, Counterintelligence and Security (HCI&S) and and the Office of the Undersecretary of Defense, noted that the Security Directorate was aware of its obligation to notify ISOO, they were “unaware of the facts of [the] case.” The email also stated that with “Seniors at the highest levels of this Department” working on the issue, they “expect[ed] to have better data than that [sic] we are reading in the Post and Times.”
The emails swiftly move onto the issue of government employees accessing WikiLeaks along with attempts to discourage and monitor any staff access. The question about whether it was possible or even advisable to block WikiLeaks was brought up at 8:49 PM, and by 11:20 the next morning WikiLeaks had been added to NARA’s blocklist through Websense. Unfortunately, the block was configured so that no one could search for or even view news stories about WikiLeaks. This was eventually fixed, along with an error that prevented employees from searching for government materials about WikiLeaks.
Many of the emails weren’t concerned with staff access per se, but rather with employees accessing WikiLeaks from a work computer which could result in “spillage,” which “occurs whenever classified data is spilled either onto an unclassified information system or to an information system with a lower level of classification.” The “most sensible action,” it was decided, was for agencies to simply block the WikiLeaks websites. This blocking, which was done through Websense, is what resulted in users being unable to view news stories about WikiLeaks – along with monitoring those who attempted to access WikiLeaks or news stories about the organization and its publications. According to the message users would see, “The Websense category “US-CERT Monitoring” is filtered.” US-CERT, the United States Computer Emergency Readiness Team, coordinates defense against and responses to cyber attacks across the nation. The inclusion of news stories in this category was apparently the result of the Websense filter using the expression option.
Looks like David Ferriero discussed government policy on WikiLeaks from his AOL account, because those are secure. pic.twitter.com/dllwtRbXEg
— Michael Best (@NatSecGeek) July 11, 2016
The above comment is interesting not only because of the AOL email account that was apparently used, but because of the unmarked redaction. The email was sent from David Ferriero at 8:40 PM to William Bosanko, both senior NARA staff. Five minutes later, Bosanko replied to Ferriero. The quoted text shows that there was an additional sentence in Ferriero’s email, one which was apparently redacted without it the redaction being marked.
Why this was redacted in one email and not the other, and why the redaction was unmarked, remains unknown.
While earlier emails were concerned primarily with spillage and government employees accessing WikiLeaks at work, that was not where their concern ended. One email from Leo Scanlon, then NARA’s Chief Information Security Officer, stated that the government needed “a reminder to the general user population that reiterates [Marianne Swanson’s] citation of the EO, and tells people that they should avoid downloading from any site that advertises copies of the wikileaks documents. Proper reading of the statute would also imply you should not be handling this stuff on your personal computers either…” It’s unclear what “advertises copies” means in this context, as that would technically include news sites that cover the stories. As one employee noted, the problem was that “traditional media outlets are all covering the story and quoting from the materials found at the wikileaks site… so, by extension they could be thought of in the same vein.” The follow-up guidance doesn’t clarify the issue about news reports that quote from the material, only stating that employees are allowed to view news reports based on the material “as distinguished from access to underlying documents.” An email from April 10, 2013 stated that some news stories about WikiLeaks remained blocked on government computers.
An email sent in reply noted that staff and contractors should be instructed not to access WikiLeaks with any device that they use to access NARA systems (including, arguably, the public website and their NARA email account) – whether or not it was a personally owned computer. Later guidance also stated that employees that who viewed WikiLeaks material without prior authorization “should contact their information security offices for assistance.” The phrasing is unclear, though it’s confirmed in a follow-up email that this proposed guidance included personal computers and the off-duty time of employees.
Perhaps one of the most significant emails was sent on December 3, 2010. The email contained a message that had been sent to the General Counsels at various government agencies, instructing them to prevent personnel from accessing WikiLeaks. However, the message noted that there were exceptions. “If an agency has a legitimate need for personnel to access classified information on publicly available websites, the agency head shall ensure that such access is managed in a manner that minimizes risk to government information technology systems and adheres to established requirements.” This statement is significant because, from a governmental perspective, there are only two legitimate needs that would require this:
- Managing the press and public perception.
- Criminal and counterintelligence investigations relating to and targeting WikiLeaks.
The status of these investigations remains a closely held matter to this day, though it’s known that they are ongoing.
Following emails spent a great deal of time on the issue of whether or not viewing WikiLeaks constituted a violation of the Espionage Act, following an internal news story that had been posted by the Air Force Materiel Command. This was ultimately removed and replaced with official clarifications that said the issue was a matter that the Department of Justice held jurisdiction over, but not until after the issue had been reported by a number of media outlets. The issue was settled quickly yet generated a great deal of bureaucratic discussion.
When Ryan Knutson for PBS Frontline contacted William Bosanko, the Director for ISOO, about a documentary on WikiLeaks, Chelsea (then Bradley) Manning, and the challenges WikiLeaks presents to protecting government secrets, Bosanko contacted NARA’s General Counsel and commented that he “was worried this would happen.” The documentary is not mentioned again in the emails.
Another redaction anomaly pops up when the beginning of an email is redacted due to containing law enforcement information, although the same text is unredacted when quoted in a reply email.
Redacted above, unredacted below:
Although inconsistent, the cited reason for the redaction and the rest of the email text implies that there was a law enforcement proceeding against someone for viewing some of the Snowden documents that had been published. This may be the single most important fact revealed by these documents.