
Did the Intercept bungle the NSA leak? - utternerd
https://www.washingtonpost.com/blogs/erik-wemple/wp/2017/06/06/did-the-intercept-bungle-nsa-leak/
======
fnordfnordfnord
* Our leaker is a person with a Twitter timeline that makes you wonder how she maintained her Secret clearance. She retweets @Snowden, yet was hired at Pluribus in Feb. of this year, days after doing so.

* The story is a huge black eye for the Intercept, makes it look like they are very inept.

* The leak is not really substantial, mostly analyst notes about an ongoing thing that's been talked up in the press quite a bit.

* The DocuColor thing is ancient as well: [https://www.theregister.co.uk/2005/10/20/outlaw_printer_dots...](https://www.theregister.co.uk/2005/10/20/outlaw_printer_dots/)

Maybe my tinfoil hat is on too tight, but this just has a funny odor to it.
One might speculate that this is a calculated leak intended to discredit The
Intercept, sow fear in the minds of potential leakers?.

If the comments on other forums are anything to judge by, there are at least
two groups of paid astroturfers battling it out today.

~~~
danso
She had top secret clearance prior to being hired by Pluribus in February. She
was formerly in the Air Force and apparently specialized in Middle Eastern
languages. Apparently, top secret clearance is renewed every 5 years [0], so
she may have had carte blanche to do what she wanted for a few years.

[0] [http://www.military.com/veteran-jobs/security-clearance-
jobs...](http://www.military.com/veteran-jobs/security-clearance-jobs/avoid-
having-security-clearance-expire.html)

~~~
fnordfnordfnord
I don't know how that works, but I'd be surprised if there were not a sort-of
abbreviated check?

~~~
phaus
There are things that can easily be detected and cause you to have issues with
a clearance. For example, if you get arrested or have other significant legal
issues, someone will probably find out. Also, if you stop paying your bills
long enough to have severe credit issues, someone will likely find out about
that too.

For social media activity, someone would likely have to report you for anyone
to take action.

I for one think its pretty reasonable, it sucks working for the government
enough already, if we put people under 24x7 surveillance just for trying to
serve their country they will go from having very few talented/ethical people
working for them to absolutely none.

~~~
jewbacca
That was exactly Julian Assange's original thesis:

\----

"The non linear effects of leaks on unjust systems of governance

[...]

The more secretive or unjust an organization is, the more leaks induce fear
and paranoia in its leadership and planning coterie. This must result in
minimization of efficient internal communications mechanisms (an increase in
cognitive "secrecy tax") and consequent system-wide cognitive decline
resulting in decreased ability to hold onto power as the environment demands
adaption."

[https://web.archive.org/web/20071020051936id_/http://iq.org:...](https://web.archive.org/web/20071020051936id_/http://iq.org:80/#Thenonlineareffectsofleaksonunjustsystemsofgovernance)

[https://cryptome.org/0002/ja-conspiracies.pdf](https://cryptome.org/0002/ja-
conspiracies.pdf)

------
chakalakasp
Any article that ends with a yes/no question is always answered with "no".
This one is no exception. Print classified info out at work on work printers
from a monitored work computer you are logged into and said info ends up with
reporters days later? Reporters you communicated with over _gmail_?! This
person isn't exactly an infosec genius. Which, I mean, isn't a sin or
anything, but when you know the organization you are directly burning is the
_NSA_ and the president of the United States, that's almost an insane level of
ignorance.

~~~
braderhart
Unless you are a whistleblower and feel that the public legitimately needs to
know about something, because afterall this election affects our daily lives.
We deserve to to know the truth about threats to democracy, especially when
Presidential candidates are still claiming that voter data was rigged. Didn't
Trump blame Hillary for him losing the popular vote, saying that it was her
fault for hacking the election?

~~~
JeremyBanks
Was it really vital that this tidbit be leaked right now now? Mueller is
currently performing an extremely detailed official investigation of this
topic and has access to this and much more information, the resources to
follow up, the motive to find the truth.

Whistleblowing is warranted in cases where information pertinent to the public
interest won't come out otherwise. Given Mueller's investigation, the
responsible thing would have been to wait and see, unless you had reason to
doubt him.

~~~
pessimizer
She was clearly really into the Trump-Russia thing, and there's very little
public evidence that there is a Trump-Russia thing. She saw something that she
thought of as good evidence, and wanted to inform the public. Her intentions
were good.

~~~
qb45
The problem is that there is also zero evidence in this document she leaked.
No evidence of vote tampering, no evidence of Trump participating in anything,
no evidence of Trump trying to cover it up, nothing at all to actually sink
Trump.

She only sunk herself and gave ammo to critics of government leaks because now
it seems that the NSA can't even investigate espionage incidents without
somebody leaking to the press just to add fuel to some ongoing drama.

------
throwaway-1209
Nah. Only 6 people have printed the doc and of those only one could be found
in phone call metadata making a call to a press related contact. I don't know
what the leaker was thinking.

And in the end even this leak doesn't contain any evidence of anything that
would even tie it to Russia, let alone GRU. On the internet no one knows
you're a dog. So she will get 10 years in the slammer for nothing.

~~~
strictnein
The Intercept scanned the document and posted high quality versions of them
online. They were of such quality that the embedded dots modern printers add
to each page were readily available:

[http://blog.erratasec.com/2017/06/how-intercept-outed-
realit...](http://blog.erratasec.com/2017/06/how-intercept-outed-reality-
winner.html)

It pointed to the exact printer being used and the exact time and date the
document was printed. They didn't need her email to figure out it was her, but
I'm sure that will help them in her court case.

edit: cleaned up some sloppy verbiage

~~~
cmiles74
In the vast majority of cases, the watermark data wouldn't point anywhere
interesting. Maybe the serial number would point to a public library or a
warehouse where the printer was stored prior to sale. Certainly The Intercept
had no way of knowing that the serial number would correspond to an office
printer at the NSA or one of their contractors.

I don't think we should expect news outlets to scour every printed document
for these watermarks and remove them. Most aren't that technically savvy and
this solidly seems like the responsibility of the person doing the leaking.

Leaking is dangerous and risky. I don't know the leaker personally but I could
understand someone feeling that documents need to be released to the public
and, at the same time, feeling like they can't evade the NSA's investigation.
At that point any counter-measures probably seem pointless, especially for
those who are not technical and can't imagine any bounds to the NSA
investigative powers.

~~~
zerohm
Actually the Intercept should have known. Margaret Thatcher used water marking
to find which Ministry was leaking stories in the 80s. It's standard practice
to retype documents before sharing, set up well thought out, secure amnesty
boxes, etc.

~~~
notatoad
>It's standard practice to retype documents before sharing

My first thought is that even blogs like AndroidPolice protect their sources
better than The Intercept does here - they go as far as re-creating
screenshots or renders of phone leaks.

The Intercept's lack of care is astounding. There wasn't any reason they
needed to publish the fact that they received printed copies, let alone the
actual scans.

------
rndgermandude
Yes, TheIntercept did compromise their source, although she did compromise
herself as well due to poor opsec.

\- TheIntercept failed to sanitize the documents before posting

\- They provided the govt (or rather a govt contractor) with further
information, at least that the mail was posted in Augusta, Georgia.

The former can be attributed to simple mistakes, but at least the latter is
gross negligence of the highest order.

Given these two things alone, even if she had her own opsec in order, she'd
likely been found out.

~~~
microwavecamera
But it also begs the obvious question, has TheIntercept been compromised by
one of the alphabet agencies? Could it have been intentional on TheIntercept's
part but done in a way that gives them plausible deniability? Does seem
interesting that TheIntercept isn't treated like Wikileaks for essentially
doing the same thing, especially seeing how they're a domestic organization.

------
apeace
The yellow dots thing was certainly a mistake on their part. But there's a
much bigger issue I haven't seen anyone point out yet.

One thing that the Intercept--and Glenn Greenwald in particular--have been
very critical of is news organizations that blindly publish leaks as verified
facts. Here[0] is just one example where Greenwald writes:

> THE WASHINGTON POST late Friday night published an explosive story that, in
> many ways, is classic American journalism of the worst sort: The key claims
> are based exclusively on the unverified assertions of anonymous officials,
> who in turn are disseminating their own claims about what the CIA
> purportedly believes, all based on evidence that remains completely secret.

Now, in this case they at least have a document, which they verified was a
real document created at the NSA. But even the Intercept's own article[1]
admits:

> A U.S. intelligence officer who declined to be identified cautioned against
> drawing too big a conclusion from the document because a single analysis is
> not necessarily definitive.

So, are they living up to their own standard here? I don't think the answer is
black and white. But I am certainly tired of hearing all this talk without
seeing the technical details.

If the U.S. election system was hacked--even just one voter registration
company--the American public deserves to get the details. Period.

What were the IP addresses used, and what ties them to Russia? What does the
malware actually look like, and has it been seen before? How was this whole
thing discovered?

For now, all we have to go off of is what the NSA says may have happened. That
it was a leaked document doesn't make it any more revealing than if it was a
phone conversation with another unnamed official.

[0] [https://theintercept.com/2016/12/10/anonymous-leaks-to-
the-w...](https://theintercept.com/2016/12/10/anonymous-leaks-to-the-washpost-
about-the-cias-russia-beliefs-are-no-substitute-for-evidence/)

[1] [https://theintercept.com/2017/06/05/top-secret-nsa-report-
de...](https://theintercept.com/2017/06/05/top-secret-nsa-report-details-
russian-hacking-effort-days-before-2016-election/)

~~~
fixermark
How does the information you're describing (IP addresses used, ties to Russia,
malware shape) help the average American if disclosed publicly? Because the
harm seems immediate: bad actors will change their tactics and burn their
channels, making them harder to detect, trace, or understand.

Given that the average American barely understands what a computer virus is,
is the level of technical detail you're calling for sensible for public
dissemination?

~~~
hammock
It helps Americans by bringing them more truthful journalism, by allowing the
reporters to report independently verified facts rather than hearsay

~~~
apeace
Exactly.

I think it's also informative to look at how attribution was viewed in the
past. We as a tech community used to almost pride ourselves on our skepticism,
as can be seen in this Bruce Schneier post[0] on Stuxnet.

In the post (written in 2010), he points out that attributing Stuxnet to the
US Government is "almost entirely speculation", that ties to the Bushehr
nuclear power plant were "rumors" at the time, and that "Once a theory takes
hold, though, it's easy to find more evidence".

It took years months of more research, technical similarities to the Flame
virus, video of an Israeli intelligence official joking about the virus, and
much more before the tech community accepted the theory that Stuxnet was a US
Government creation.

I'm not saying there's a perfect solution, but surely we as a tech community
have lost our skeptical tone and no longer see it as important to question the
government's technical claims as we once did.

I have a feeling if the roles were reversed, and it were Trump crying foul
about Russian hacking, that's exactly what we'd be doing.

[0]
[https://www.schneier.com/blog/archives/2010/10/stuxnet.html](https://www.schneier.com/blog/archives/2010/10/stuxnet.html)

~~~
matt4077
Isn't the Stuxnet story actually a good example of the tech community maybe
taking their scepticism too far?

I'm also really sceptical of what, if anything, the government could provide
as evidence that people would accept. If the evidence is technical, that
doesn't only prevent non-technical people from evaluating it. It also means
it's susceptible to being called "fake" when it isn't.

Say, for example, the NSA has log data from a bunch of switches across the
world, and maybe the Russians also tapped into a few honeypots. All the NSA
then has is IP addresses and other system logs–all of which could easily be
faked.

Concerning your last point: Yes, we would treat the reverse different. And
there's nothing wrong with judging some information by their record: If I read
something on a website that open 6 pop-ups for porn, and that I have never
seen before, I'm going to trust it less than the New York Times, which has,
contrary to popular myth, an excellent track record of trying their best and
making it public when they fail.

------
cproctor
I wonder whether NSA uses syntactic watermarking[1], imperceptible changes to
word order or sentence form, keyed to the user accessing a document. This, or
other techniques of embedding a fingerprint in the text itself, would allow a
leaker to be identified from just a transcription of the document.

What is the right amount of fuzzing for a news organization to perform on
leaked documents, to protect a source while providing credible evidence to
support a claim?

Meral, H. M., Sevinc, E., Ünkar, E., Sankur, B., Özsoy, A. S., & Güngör, T.
(2007, February). Syntactic tools for text watermarking. In Electronic Imaging
2007 (pp. 65050X-65050X). International Society for Optics and Photonics.

~~~
cylinder
How would changes to word order or sentence form be imperceptible?

~~~
matt4077
"Imperceptible without comparing to other versions of the same document"

------
tanderson92
Have we learned nothing about the NSA's tactics? The Intercept publishes
reporting that they would rather not have been printed, and the very day the
DOJ unseals charges where they try to say they learned about the leak from a
paper crease from what can be reasonably inferred to be The Intercept.
Meanwhile the alleged leaker allegedly used her work computer to contact The
Intercept (in contradiction with their recommended best practices).

It has all the appearances of the government trying to smear a news outlet and
ensure no one leaks to them again.

Do we still really trust the NSA? It was disappointing yet expected from the
WaPo that they took as fact everything the DOJ alleged about how the case
proceeded.

~~~
user982
_> It has all the appearances of the government trying to smear a news outlet
and ensure no one leaks to them again._

A scheme that would be less effective if not for The Intercept's demonstrably
deficient opsec in protecting its source in this affair.

~~~
cmiles74
I don't think The Intercept has much responsibility here at all. In my
opinion, in their role as receivers of leaked information, they should verify
the information provided to them and decide if it should be released to the
public. Sure, they shouldn't reveal their source and The Intercept met that
requirement by insuring that they themselves did not know the leaker's
identity.

Anyone who is thinking about leaking anything classified only needs to spend
thirty seconds typing "Snowden" into Google to find out what happens when the
federal government identifies the leaker. They then decide if it's worth the
risk and how much time they will spend on covering their tracks. In this case
(if true) it sounds like Reality Winner decided that they simply couldn't
cover up their leaking and threw in the towel.

Much has been made of the watermarks on laser printers, we've known about
those for a long time. Not everyone is aware but it's the sort of thing you
can find out about if you put in time to do the research. After doing my own
research, it doesn't seem like these watermarks really came into play; the NSA
simply looked up everyone who had accessed the document and inspected their
workstations for clues.

~~~
shorodei
I'm not doubting that the NSA would have figured out the source eventually,
yellow dots or not, but I think it's a fair criticism to say the Intercept did
not have to publish a picture of the document in full, instead of transcribing
the contents.

~~~
matt4077
It could still make a major difference when it comes to the question of what
they can prove in court.

------
mmjaa
Yes, or maybe no. It doesn't really matter, because this is just one of many
battles being waged in the current cyber-war gripping our lives.

I mean, we have to just see it in the larger context: there is very definitely
a war going on among various, nefarious, otherwise, or indeterminate, hostile
parties.

It seems that if we must dismantle the military-industrial state, it is going
to be through info-wars. The key targets are all secrets. (Curious that both
sides seem to want the same thing though, i.e. "the info wants to be free",
isn't it?)

~~~
fixermark
I'm curious: If there is a war going on, did this leak help or hinder? Which
side did it help or hinder? Who benefits from this leak, and who is harmed?

I have a sinking suspicion that the average American, for example, isn't
benefited by this leak.

~~~
mmjaa
I dunno how we can quantify "Americans being benefited" in light of what these
leaks are revealing in the global context, but I sure don't like it, living as
I do, under either a velvet glove, or an iron one, depending on which side of
the wall I happen to decide to visit.

But, I do think that these leaks are good for everyone, not just Americans,
and that is why they need to happen.

~~~
fixermark
But practically, what would you do given the information divulged. Hackers
gonna hack, that's known. Does knowing Russian agents attempted a hack cast
them in worse light? No; we already know Russia isn't a close political ally
of the US. What details of the hack do is tip off the Russians to burn their
channels and methods and complicate the NSA's work in protecting American
digital assets from further attack (as well as, depending on what secondary
information can be gleaned from the hack based on what the Russians know,
compromise the NSA's own back-channels and espionage approaches to
understanding what Russia's spy operations are doing).

There's a difference between the leaks Deep Throat provided ("Your President
is a criminal") and the leaks allegedly executed by Reality Winner ("Russian
spies are spying, as Russian spies do"). A failure to distinguish qualitative
nature of dumped information weakens both the future security of leakers and
the overall philosophy that more transparency is a good thing.

~~~
mmjaa
This story has the danger of cyber-fatigue'ing the general public, but it has
the potential to forward a number of positive aspects in the war against
warfare-criminality-because-secrecy, on either side of the argument: Pro
"Pease with Russia, At All Costs", or Con "Send Russkie Hacker UP The
Bomb(s)".

These leaks have value, because they continue to forward the narrative in the
general public, and the centres of true power, though weakening:
mainstream/middle-class/entitled-/privileged- consumers who can Do Stuff™ to
change the power structures behind this big military-industrial mess.

If we hold one thing in place: Pease with Russia, we must assume that there
are parties who want this, and parties who don't. Oh, sorry, I mean "War With
Russia", which is what this is all really about.

------
defined
> The methods presented in this paper have many applications in law
> enforcement such as tracking, counterfeiting, and child pornography. The
> downside is that they provide a mechanism for a simple device, a printer or
> a digital camera, to spy on its user. A typical user cannot turn off these
> signatures, particularly the intrinsic signature, without very detailed
> knowledge of how the device operates. This could have dire consequences for
> many important uses of these devices in our society. For example a
> whistleblower who would like to share documents with a regulatory agency
> could be in danger in that their printer could be identified as the one that
> produced the documents. [1]

Prophetic words from a 2008 paper (PDF) [1].

This paper may be duplicate information, but reading this paper impressed upon
me how many more ways there may be to spy on people than I could imagine (and
I know about some existing things like side-channel attacks... how do I spy on
thee? Let me count the ways.)

So don't register your printer with the manufacturer, folks; the serial number
may be on every page it prints. Ditto for digital cameras.

Then again, is fighting for digital privacy a losing battle when at every
turn, there are deliberately hidden bits of PII? Pun intended.

[1]:
[https://engineering.purdue.edu/~prints/public/papers/sp_arti...](https://engineering.purdue.edu/~prints/public/papers/sp_article_09_chiang.pdf)

------
lubesGordi
I'm not clear on what the motivation for this 'leak' would be. Is it morally
reprehensible for the NSA to withhold this information from the public? Was
the NSA doing something illegal by withholding this info? If the only
actionable information leaked is politically charged or simply falling within
the established/mass media narrative, is it wrong to suspect this 'leak' is
disinformation?

~~~
elefanten
Really? All kinds of motivations are easy to imagine, but the reporting about
the leaker herself indicates that she maybe just did it for political reasons
(ie- she is Anti-Trump).

But given the response and the constellation of corroborating info from
various sources, it seems pretty reasonable at this point to presume it is NOT
disinformation. It's almost certainly not a complete picture of what various
parties know and it's likely a snapshot of an evolving knowledge base (ie- the
broader intelligence community's knowledge of what was going on before and
during our election).

But the presumption that it is not 'false' information should be pretty solid
by now.

------
andy_ppp
In other news, if you are leaking set up a hidden camera in someone's room,
steal their password and do everything from their account.

Or if you are really moral just set up the camera above your desk.

A bit of plausible deniability is much better than life in a supermax I
promise...

------
linkregister
What I find interesting is that the email from the Gmail account on the work
computer was able to be intercepted and logged. What mechanism might they have
used, an SSL proxy with a pre-loaded root certificate? How long is this data
logged?

~~~
mi100hael
Yes, that's pretty standard fare for a corporate firewall/proxy. Most
configurations don't log everything, just traffic matching particular patterns
or hosts. But when it's the NSA, who knows how much they retain.

~~~
m-j-fox
> pretty standard fare for a corporate firewall/proxy

It is? So corporations install something that infects your laptop and updates
the root certificate every time Chrome or Firefox updates? Sounds extreme to
me. Something the NSA might be able to do, but hopefully not my company.

~~~
mjcl
If you're running Windows, it's built into the OS using Group Policy. Very
helpful when a company is running it's own internal CA/PKI.

~~~
m-j-fox
Wow Windows. You've outdone yourself. Can I assume Linux and Mac are safe?

~~~
mi100hael
Nope, you can install additional certificate authorities in the system
keychain on Mac, which Safari and Chrome both use. Commonly done on managed
installs.

[https://www.jamf.com/jamf-
nation/discussions/11830/deploying...](https://www.jamf.com/jamf-
nation/discussions/11830/deploying-certificates)

Other applications on mac/linux that use their own keystore like OpenSSL or
Java will throw cert errors if you don't also install the CA in their
keystores, but that could be scripted as well if it causes too much friction
for users.

If you're in such an environment, the options are either install the CA or
don't use anything that requires HTTPS ¯\\_(ツ)_/¯

------
kharms
I think the real fuckup is including in the article the method for IDing a
Russian agent - registering with a personal phone number. That's the kind of
mistake that could have been made again, but now probably won't be.

On the whole I think this information needed to get out. There were reports of
people all over the US being dropped from voter registration rolls, and now
proof that the Russian military targeted voter registration companies.

------
_Codemonkeyism
Both fumbled with opsec. But the Intercept considers themselves the pros.

------
paralelogram
Why are almost all official documents about Russian government-sponsored
hackers "secret" or "top secret"?

~~~
RickS
Counter question: why wouldn't they be?

Either their methods work, and of course they should be secret, or their
methods don't work, and it's unproductive to help them shorten the list of
attack methods they try.

------
21
Off topic, her name is "Reality (Leigh) Winner"?

Is this a new trend? Can you name your child with any surname you wish? For
example "Tower John Trump".

~~~
vultour
Personally I think that seeing a name like "Reality Winner" on a CV would
immediately make me question the entire family's fitness to exist in society.

~~~
mythrwy
I read somewhere her original name was Sarah. She changed it herself.

------
interrupt13
I can't help but feel a Zen-like sense of balance and bliss over this. An NSA
contractor violated her employment agreement and the law in providing Top
Secret info to The Intercept, who then published it.

The Intercept got a story published and is enjoying great attention (and ad
revenue), and the guilty party was caught. Everyone can be happy.

"God’s in His heaven — All’s right with the world!" [R. Browning]

~~~
gorhill
> The Intercept got a story published and is enjoying great attention (and ad
> revenue)

There is no ad revenue at The Intercept.

------
mowenz
>The leaks contain no "raw" evidence

Something stinks here. Both WaPo and the NSA, who Greenwald has picked fights
with, get to smear The Intercept, while we are supposed to bekieve the leaker
has extreme incompetence (flagrantly incriminating herself while using a
pseudonym), and meanwhile the public still has no evidence of the election
tampering.

It's not like the Deep State didn't lie to the country to wage a war in Iraq
not long ago.

The public deserves to see proof.

------
ahoy
As with every headline that poses a yes/no question, the answer is usually
"no".

EDIT: I'm also unsure what the point of shifting the focus onto The
Intercept's alleged "mishandling" of the leaker's identity is. It seems like a
smear job meant to discredit a publication that the natsec community and
mainstream media like WaPo dislike. It also removes the focus from the
substance of the leaks and puts it on the "character" of the publication.

~~~
thefalcon
Except it sure seems like in this case, yeah, they bungled it. At the very
least a total lack of awareness or care towards infosec to help protect
sources (regardless of the fact that the lack of awareness extends to the
source - I'd want a journalist to be better at this than I am if I were
leaking information). [ The article doesn't mention this, but I wouldn't be
surprised if these microdots, rather than "a crease" were the smoking gun:
[https://twitter.com/quinnnorton/status/871883733032415236](https://twitter.com/quinnnorton/status/871883733032415236)
]

~~~
LeifCarrotson
The search warrant says that the internal audit and (logged-in?) gmail account
were the smoking gun. Page 11, paragraphs 14-16:

[https://d3vv6lp55qjaqc.cloudfront.net/items/1k2I053M3J2z0f47...](https://d3vv6lp55qjaqc.cloudfront.net/items/1k2I053M3J2z0f473l3r/show_temp%20%2866%29.pdf)

> _14\. The U.S. Government Agency [NSA] examined the document shared by the
> News Outlet [The Intercept] and determined the pages of the intelligence
> reporting appeared to be folded and /or creased, suggesting they had been
> printed and hand-carried out of a secured space._

> _15\. The U.S. Government Agency conducted an internal audit to determine
> who accessed the intelligence reporting since its publication. The U.S.
> Government Agency determined that six individuals printed this reporting.
> These six individuals included WINNER. A further audit of the six
> individuals ' desk computers revealed that WINNER had e-mail contact with
> the News Outlet. The audit did not reveal that any of the other individuals
> had e-mail contact with the News Outlet._

> _16\. The U.S. Government Agency determined that WINNER had e-mail
> communication with the News Outlet on or about March 30, 2017, and March 31,
> 2017. The first e-mail was from WINNER, using e-mail address
> [redacted].fitness@gmail.com, to the News Outlet. In it, WINNER appeared to
> request transcripts of a podcast. The second e-mail was from the News Outlet
> to [redacted].fitness@gmail.com and confirmed WINNER 'S subscription to the
> service. The [redacted].fitness@gmail.com account is a personal e-mail
> account not sponsored by or affiliated with the U.S. Government Agency._

Whether the 'crease' noticed by the NSA in paragraph 14 was actually creases
or an internal code for microdots, if The Intercept was going to use this
report there's nothing they could have done to protect this reckless source.

~~~
dingaling
Rather revealing that the "Agency" was privy not only to the e-mail metadata
but also the contents.

Watching outbound SMTP from Gmail or just MiTM internal agency traffic?

~~~
mjcl
Could be an ordinary search warrant. Supposedly the Intercept also told the
govt. that the document was mailed with an Augusta postmark. The postmark +
being the only person to print the document in that city seems like reasonable
basis for a search warrant, but I'm not a lawyer.

