Last week, a 21-year-old airman in the Massachusetts Air National Guard, Jack Teixeira, was arrested and charged with two counts under the Espionage Act for disseminating top secret documents online. But questions have lingered about the potential fallout stemming from the revelation of some of America’s most sensitive secrets about the war in Ukraine, relations with China, and the ongoing surveillance of international partners. And many have asked how such a seemingly junior member of the U.S. military could have access to such highly classified material and what the government needs to do to better safeguard its secrets.
To get additional perspective, Harvard Law Today spoke with Timothy Edgar, a former national security official and current lecturer on law. Edgar, who is the author of “Beyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA,” argues that many U.S. allies already lack trust in the nation’s ability to keep secure its secrets, says that the government isn’t doing enough to protect classified computer systems, and proposes one simple reform that he believes would help stem the flood of leaks: disabling the ability of people like Teixeira to print classified documents.
Harvard Law Today: In your estimation, how problematic are the recent leaks?
Timothy Edgar: These are certainly substantial leaks, and they’ve certainly affected U.S. national security and foreign relations in a negative way. Both because there’s some important detailed information in there about issues like our handling of the Ukrainian war or Chinese relations, but also because it sends a signal to our allies and partners that we can’t be trusted to maintain secrets. And our track record wasn’t very good to begin with. You look at WikiLeaks and the [Edward] Snowden leaks and other leaks afterwards, and this just shows that we haven’t changed our ways, and that we haven’t managed to reform our processes to do a better job of safeguarding national security secrets.
HLT: How do you think they might impact the ongoing war in Ukraine?
Edgar: I think the good news and the bad news are both the same here, which is that the Ukrainians did not share their secret war plans about the coming spring offensive, and as a result, they were not leaked. So, that’s good news. It’s also bad news, because, again, it points out that if you’re a partner and ally of the United States, then the only way you can really keep your secrets from being potentially leaked is to not share them with the Americans. And that could have big long-term implications for us.
As to the specific details that were leaked about U.S. estimates of Ukrainian strength, specific weapons, deliveries, all of that information, it’s not good to have that information out there for the Russians and others to see. How damaging it is, I think, is hard to tell at this exact point. Certainly, the Russians have had a lot of problems with the way they’ve conducted the war. But you don’t want to rely on your adversary’s incompetence. It’s not a good way to deal with national security secrets. Some of the other information, for example, about Chinese support for the Russians, was very interesting. It gave us some insight as to why the administration was saying the things it was saying about a month and a half ago about the Chinese looking like they were going to support lethal aid to the Russians. I think the real danger is, if the information is specific enough, it might help the Chinese understand the source of that leak. And I presume that the Chinese have been diligently working to understand that over the past couple of weeks as they’ve come to recognize what’s been going on.
HLT: Do you think this will inhibit the United States’ ability to collect this kind of information going forward?
Edgar: There is a major damage assessment underway right now among the intelligence agencies. The Office of the Director of National Intelligence is leading up that effort. Part of the assessment is just to understand what the damage is, or might be, including whether there are sources that need to be protected because they’re exposed now. And to see how you reestablish access if a particular source is no longer viable. Obviously, that’s not a good situation to be in, but it’s not like we don’t have a process for handling it. The intelligence community has been in this situation before and will do what it can to minimize the damage and to reestablish new sources of information if any of them go away.
HLT: What about U.S. allies on whom the documents allege we spy? I remember the outrage in Germany after it was discovered the U.S. had tapped Chancellor Angela Merkel’s phone. Is this an issue with allies? Or is it just another confirmation that we spy on them and they presumably spy on us?
Edgar: I think the two most controversial aspects of the Snowden disclosures having to do with spying on allies were the direct spying on heads of state and the mass surveillance of foreign populations. And there were reforms on both of those. On the heads of state, the decision of whether to target a particular head of state was elevated to the White House to provide greater political accountability for those decisions. And on the issue of mass surveillance, the U.S. government undertook substantial reforms, including a new signals intelligence directive, PPD-28, that put in place greater privacy protections for all subjects of signals intelligence operations. So, I think that the mere fact that the U.S. spies on allies was never really a huge scandal.
Our circle of trust for intelligence is quite different than it is for military alliances. For intelligence, the circle of trust is very small. And for us, the most important circle of trust is the Five Eyes [an intelligence sharing partnership involving five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States]. And if you’re not in the Five Eyes club, you’re not in the Five Eyes club and it shouldn’t shock you that the Americans may be spying on you. But if you are a friendly country, you’re not necessarily going to expect the Americans to be doing something as sensitive as spying on your head of state or collecting mass data on the communications of your population without privacy rules. But ordinary spying on foreign ministries and the like, I don’t think it’s going to be a surprise or much of a shock to anyone.
HLT: Were you surprised that the source of the leak was a 21-year-old in the Air National Guard who is stationed in Cape Cod?
Edgar: It did not surprise me that a more junior person in Cape Cod had a security clearance. It did surprise me that highly classified — top secret, code word — information was made available to this Air National Guardsman. It shows me that the same problems that we’ve had, and that we’ve known about ever since the Chelsea Manning leaks back in the WikiLeaks era more than 10 years ago, have not been fixed.
“It did not surprise me that a more junior person in Cape Cod had a security clearance. It did surprise me that highly classified — top secret, code word — information was made available to this Air National Guardsman.”
I worked in the [Obama] administration on an executive order to try to safeguard the security of the classified networks. And I remember even at the time thinking that what we were doing wasn’t enough and that we weren’t doing a major overhaul of how we handle information available on classified computer networks. Especially because those networks had been expanded greatly after 9/11 to ensure greater information sharing. And I thought — and this view was shared by many — that there needed to be a corrective. But I don’t think that happened in the way that it really should have happened. I mean, this is top secret code word material, and that is much more sensitive than just your garden variety classified information. A junior officer in the Air National Guard might need a secret clearance, [but] I see no reason that someone in the Air National Guard should have a top secret code word clearance except at the very highest levels in that organization.
I think part of the reason that there has been such a push towards increasing the number of people with security clearances, and not just security clearances, but security clearances that are highly sensitive security clearances, is that it’s just easier bureaucratically to continue to clear more and more people so that you can make facilities and information available. And you say, ‘Well, these people have the clearance to see it, so it’s okay.’ But of course, that’s wildly at odds with any principle of how you keep secrets. The concept of code word is to compartment, and to compartment means that even within the world of top secret clearances, you’re getting a smaller subset of people who must have these particular code word compartments. And already by the time I was in government, there were some compartments that were just so large that they weren’t really compartments anymore.
HLT: If there is a lot of access to secrets on the front end, are there any precautions on the back end to prevent people from printing out documents and taking them home — as Teixeira is alleged to have done? I don’t suppose people are searched on their way out of secure buildings or given polygraph tests?
Edgar: This is a widespread misconception that I think we get from TV and movies that there’s a lot of searching people on the way in and out of classified facilities. The government just doesn’t have the resources to be searching people as they leave these facilities. That’s what the clearance process is for. It’s not hard to sneak something out of a classified building; it’s incredibly easy because nobody’s searching.
“[There is] a widespread misconception that I think we get from TV and movies that there’s a lot of searching people on the way in and out of classified facilities.”
HLT: Is there a way to tighten up the system to prevent this kind of thing from happening again?
Edgar: I think that I have a simple fix: We simply should stop printing out classified documents. The security costs of having printers connected to our classified networks are far greater than whatever we gain by that. I think that this may be a tipping point where we realize the dangers here, not only to security, but also to just basic document management. Look at the Trump documents situation, the Biden documents situation. All of these resulted from having hard copies of classified documents running around. Enormous amounts of resources are involved in protecting those hard copies. When I was in government, it became clear to me that it was much easier for me simply not to print out a document than to print it out, make sure it was properly safeguarded, make sure that I was dealing with how it should be handled. Electronic document management systems have their vulnerabilities and flaws, but they are clearly better than just having an individual employee figure out how to safeguard and manage a paper document.
A similar measure which happened earlier was the disabling of USB ports so that people didn’t use thumb drives. The danger from thumb drives was not just exfiltrating classified documents in an unauthorized way, but also introducing malware into the systems. And so, at great expense and with a great deal of effort, starting with the Defense Department, and I think extending pretty much throughout the classified networks, they simply disabled the USB ports on most of those computers. I would say for similar reasons, we just shouldn’t have printers. And if senior leaders want a hard copy, the answer is ‘I’m sorry, we don’t have one.’
“I think that I have a simple fix: We simply should stop printing out classified documents. The security costs of having printers connected to our classified networks are far greater than whatever we gain by that.”
HLT: You spoke to us a few months ago about federal and state efforts to ban TikTok, a Chinese-based platform which some argue is a security threat. These documents were first shared on a U.S. network. Does this incident cast any new light on the TikTok debate?
Edgar: I think it’s an illustration of the fact that whatever danger there is in having a social media platform owned by a Chinese company, ultimately, we have a lot of potential security risks. And clearly, our inability to handle classification — things that we’ve known about for decades, like the relentless over-classification of our systems — do pose a much greater threat as they have actually resulted in leaks of classified information. And I should say that the idea of banning the printing of classified documents addresses a cyber risk. Because the risk is what we saw. It’s the technology that makes those hard copies so dangerous. They can be photographed and scanned and put on any number of possible platforms, including platforms we don’t know much about.
The TikTok risk is simply the fact that U.S. companies will no longer have exclusive access to all our data because there will be other competing companies out there. The question is how we address that extra level of risk. And I think that just putting our head in the sand and banning it and saying, ‘Well, we don’t like it, so we’re going to ban it’ doesn’t really address that risk at all. It makes us feel good. [But] there are going to be many other foreign based platforms. So, how do we address that risk? I think it is a difficult policy problem. And I don’t think that banning all of them is going to work.
This conversation has been edited for length and clarity.
Want to stay up to date with Harvard Law Today? Sign up for our weekly newsletter.