Snowden Calls For Special Protection For Whistleblowers

From safety in Moscow, Edward Snowden has called for a complete overhaul of US whistleblower protections after a new source from deep inside the Pentagon came forward with a startling account of how the system became a “trap” for those seeking to expose wrongdoing.

The account of John Crane, a former senior Pentagon investigator, appears to undermine Barack Obama, Hillary Clinton and other major establishment figures who argue that there were established routes for Snowden other than leaking to the media.

Crane, a longtime assistant inspector general at the Pentagon, has accused his old office of retaliating against a major surveillance whistleblower, Thomas Drake, in an episode that helps explain Snowden’s 2013 National Security Agency disclosures. Not only did Pentagon officials provide Drake’s name to criminal investigators, Crane told the Guardian, they destroyed documents relevant to his defence.

Snowden, responding to Crane’s revelations, said he had tried to raise his concerns with colleagues, supervisors and lawyers and been told by all of them: “You’re playing with fire.”

He told the London Guardian: “We need iron-clad, enforceable protections for whistleblowers, and we need a public record of success stories. Protect the people who go to members of Congress with oversight roles, and if their efforts lead to a positive change in policy – recognize them for their efforts. There are no incentives for people to stand up against an agency on the wrong side of the law today, and that’s got to change.”

Snowden continued: “The sad reality of today’s policies is that going to the inspector general with evidence of truly serious wrongdoing is often a mistake. Going to the press involves serious risks, but at least you’ve got a chance.”

Financially ruined

Thomas Drake’s legal ordeal ruined him financially and ended in 2011 with all serious accusations against him dropped. His case served as a prologue to Snowden’s. Now Crane’s account has led to a new investigation at the US justice department into whistleblower retaliation at the Pentagon that may serve as an epilogue – one Crane hopes will make the Pentagon a safe place for insiders to expose wrongdoing and illegality.

“If we have situations where we have whistleblowers investigated because they’re whistleblowers to the inspector general’s office, that will simply shut down the whole whistleblower system,” Crane told the Guardian.

Crane, who has not previously given interviews, has told his explosive story in a new book, Bravehearts: Whistle Blowing In The Age of Snowden by Mark Hertsgaard, from which the Guardian is running extracts. 

“When someone becomes a whistleblower, they’re making a serious, conscious decision,” Crane said. “They’re making a decision that can change their lives, change their futures, impact family life, too. There needs to be this certain unbreakable trust. Confidentiality is that trust and that can’t ever be violated.”

Snowden cited Drake’s case as a reason for his lack of faith in the government’s official whistleblower channels. “When I was at NSA, everybody knew that for anything more serious than workplace harassment, going through the official process was a career-ender at best. It’s part of the culture,” Snowden told the Guardian. “If your boss in the mailroom lies on his timesheets, the IG might look into it. But if you’re Thomas Drake, and you find out the president of the United States ordered the warrantless wiretapping of everyone in the country, what’s the IG going to do? They’re going to flush it, and you with it.”

While Drake’s case is well known in US national security circles, its internal history is not.

Major source

In 2002, Drake and NSA colleagues contacted the Pentagon inspector general to blow the whistle on an expensive and poorly performing tool, Trailblazer, for mass-data analysis. Crane, head of the office’s whistleblower unit, assigned investigators. For over two years, with Drake as a major source, they acquired thousands of pages of documents, classified and unclassified, and prepared a lengthy secret report in December 2004 criticizing Trailblazer, eventually helping to kill the program. As far as Crane was concerned, the whistleblower system was working.

But after an aspect of the NSA’s warrantless mass surveillance leaked to the New York Times, Drake himself came under investigation and eventually indictment. Drake was suspected of hoarding documentation – exactly what inspector-general investigators tell their whistleblowers to do.

“They made it clear to keep [documents] wherever possible, and obviously properly handle anything that was classified,” Drake remembered.

Crane feared that his own colleagues had told the FBI about Drake. He suspected the Pentagon inspector general’s lead attorney, Henry Shelley, whom Crane said had earlier suggested working with the justice department about the leak, had done so. A confrontation yielded what Crane considered to be evasions.

“The top lawyer would not reveal to me whether or not Drake’s confidentiality had been compromised or not. That was a concern … Normally I expect direct answers,” Crane said.

When Drake’s attorneys sought potentially exculpatory information from the inspector general’s office, they learned that much of it had been “destroyed before the defendant was charged, pursuant to a standard document destruction policy”, according to a 2011 letter from prosecutors.

Crane was livid. All relevant regulations mandated keeping the documents, not destroying them. But a high-ranking colleague, Lynne Halbrooks, prevented Crane from investigating the document destruction. He suspected Shelley and Halbrooks of sacrificing a whistleblower and misleading the justice department and a federal judge, all in a case centering around the cover-up of NSA bulk surveillance.

Forced out

Crane’s relationship with his superiors spiraled downward until they forced him out in 2013, months before Snowden’s revelations. The next year, he filed a complaint with a federal agency that works with whistleblowers, the Office of Special Counsel. In March this year, it found a “substantial likelihood” that the Pentagon inspector general’s office improperly destroyed the Drake documents and arranged, with Pentagon consent, for the justice department inspector general to investigate.

Shelley, still the Pentagon inspector general’s senior counsel, declined to answer questions but said he was “certain my name will be cleared” by the new investigation.

Halbrooks, the Office of Special Counsel and the justice department inspector general declined to comment for this story. Bridget Serchak, a spokeswoman for the Pentagon inspector general, noted that her office and the Office of Special Counsel jointly requested the justice department investigation. “It is important to point out that there has been no determination on the allegations, and it is unfair to characterize the allegations otherwise at this point. DoD OIG will cooperate fully with the DoJ OIG’s investigation of this matter and looks forward to the results of that investigation,” Serchak said.

Crane considers this latest inquiry a bellwether for whether the whistleblower system can reform itself in a post-Snowden era.

“Snowden responded to the way Drake was handled. The Office of Special Council investigation regarding destruction of possibly exculpatory documents regarding Drake might be the end of this saga,” Crane said.

Guardian:

« NATO Tools Up For Cybewar
Hackers Target Vulnerabilities Across US Politics »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

MonsterCloud

MonsterCloud

MonsterCloud is a leader in managed cyber security services. Our cyber security team constantly monitors and protects businesses from cyber threats.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

Pentera Security

Pentera Security

Pentera (formerly Pcysys) is focused on the inside threat. Our automated penetration-testing platform mimics the hacker's attack - automating the discovery of vulnerabilities.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

Navisite

Navisite

Navisite is a combination of eight respected IT consulting and managed service providers that were brought together under the Navisite brand.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.