Advice for Whistleblowers and Journalists from an NSA Spy and Snowden's Lawyer

There's no playbook for leaking evidence of state and corporate wrongdoing. But with the uptick in whistleblower prosecutions by the US government, there probably should be.

For now, studying past whistleblowers, from Daniel Ellsberg to Chelsea Manning and Edward Snowden, is a good place to start. Some whistleblowers, like former NSA senior executive Thomas Drake and former US Department of Justice ethics adviser Jesselyn Radack (now Snowden's lawyer), have shown themselves willing to offer instruction.

Drake and Radack, who appeared at the Berlin Transmediale festival's CAPTURE ALL event to discuss the documentary Silenced, spoke to me about the challenges facing future whistleblowers and journalists. While they didn't lay out a precise playbook, they did offer advice on how whistleblowers and journalists can better protect themselves.

For Radack, it starts with understanding the Espionage Act. While the 1917 law was initially designed to protect against spies, not whistleblowers, the US government has taken to claiming that the leaking of classified information is equivalent of espionage. Espionage Act prosecutions under President Obama, in Radack's estimation, have created a "backdoor war on journalists" and an "unofficial way to create an official secrets act," which exists in the United Kingdom but not in the US. Educating whistleblowers and the journalists who work with them is of the utmost importance to Radack.

"A lot of people come to me after they blow the whistle and are being retaliated against," Radack said. "My advice would be seek a lawyer, get lawyered up, before you blow the whistle. Also, there are now encryption protocols [like SecureDrop] that let you blow the whistle in a much safer way."

After being shrugged off by NSA superiors, Drake contacted the Baltimore Sun's Siobhan Gorman in 2010, eventually blowing the whistle on the NSA's violations of Americans' electronic communications privacy with the Trailblazer project. And, back in 2002, Radack revealed an FBI ethics violation that occurred when John Walker Lindh—an American citizen captured in Afghanistan as an "enemy combatant"—was interrogated without a lawyer present.

Drake said he would have gone to the press a lot sooner instead of running into NSA stonewalling tactics. But he cautioned that publicizing state crime is no simple task for whistleblowers and journalists.

"It becomes absolutely crucial for the press and media, when they have a very sensitive source, that they must absolutely protect that source at all costs," Drake said. "I know what mechanisms I went through. I actually had to instruct a particular reporter in how to even set up encryption, how to use encryption, and all of the means I had to use to protect the encryption I used."

As Drake sees it, journalists still don't fully appreciate the extent of surveillance. "They're actually putting their sources in danger," he said. "And, as we've seen in the United States, the government is more than willing to use incredibly heavy prosecution, up to and including the Espionage Act, to go after the sources for the very critical kinds of information the public needs to know."

The journalism community as a whole has placed more importance on of secure communications, especially following the Snowden leaks and increased emphasis in journalism schools. But Radack said many journalists still don't see the necessity of encryption.

"[T]here is a huge bloc of journalists that are resistant to it, and I think at that point it becomes incumbent upon people who would like to blow the whistle to say, 'I would like to tell you, but in order to keep me safe you need to use protection, and insist on it the way Edward Snowden did with Glenn Greenwald and Laura Poitras," Radack said. "He walked them through how to do encryption."

"Should that ideally have to be the case that the burden is on the whistleblower?" Radack continued. "No, but if people don't want to get burned or caught, then again I think it would be in the journalist's advantage to learn how to use encryption, and good old-fashioned ways of reporting such as meeting in person, paying in cash, taking cryptic notes, and being careful not to do anything that could burden your source."

The analog approach is often forgotten, and Drake emphasized the paradox of the current digital age: the very use of electronic communication leaves "digital prompts," even if messages have been encrypted. When Drake ultimately decided to go to a reporter, he made direct contact.

"It turned out that at that point in time, given the kind of surveillance that I was under, it was safer to make physical contact even from the Watergate Era of meeting in the equivalent of a parking garage," he said. But, establishing that first contact is problematic.

"It's extremely challenging—that's a whole conversation in itself that I lived over a number of months," Drake said. "How do I make contact with a reporter who has no means of encryption and I do, and how do I make it so that reporter has no idea who I am? And this was before any of these things called SecureDrop or electronic dropboxes. This was before WikiLeaks."

"WikiLeaks is a model, by the way, in terms of how do you protect a source," Drake added. "They have cut all kinds of precedent in this space that never existed before [in] recognizing those critical dangers. You can't just make direct contact, that's part of the problem. But, if you choose to do so, how do you? And, remember, a lot of stuff gets spammed, and maybe it's a false flag—this happens."

Both Drake and Radack successfully fought government prosecution. Other whistleblowers haven't been so lucky, including CIA case officer Jeffrey Sterling, who was recently sentenced for leaking information on Operation Merlin, an effort to delay development of Iran's nuclear reactor. Caught up in Sterling's case was New York Times reporter James Risen, who recently concluded a seven-year legal battle in a successful bid to avoid testifying about his source.

Drake pointed to Sterling's recent prosecution under the Espionage Act as a cautionary tale. The evidence linking Sterling to Risen was, Drake said, "totally circumstantial."

"They never presented in the courtroom actual proof, real evidence, that the CIA employee Jeffrey Sterling ever actually provided the very things that the government alleged he did with the New York Times reporter James Risen," Drake said. "It simply was metadata that there had been emails and phone calls between the two of them in a very short period of time—a designated period of time. That was apparently proof enough."

"They tried to basically kabuki dance the venue in which the criminal act actually took place," said Drake. "At one point they even argued, although that ended up as front page news, that the witness to the crime was the reporter; that's why they had to bring the reporter [Risen] into the courtroom."

For some would-be whistleblowers and journalists this could be a cause for concern. But Drake and Radack believe the two forces are vital checks on legislative and executive power. Both recommend going to the press early, though methods might very from whistleblower to whistleblower.

Some may follow Snowden's lead and walk journalists through the encryption process. Others may choose to deal only with journalists comfortable with encrypted communication, or use SecureDrop and other whistleblower submission systems. Still others may adopt Drake's All the President's Men approach, with in-person first contact followed by encrypted messaging. In any case, it's clear that without secure channels, potential whistleblowers are likely to shy away from releasing leaks.