Attorney General Eric Holder's assignment on June 8 of two U.S. attorneys to investigate "possible unauthorized disclosures of classified information" might blunt demands within Congress to enact new legislation to combat classified leaks by government officials. Whether the new investigations lead to criminal charges, however -- or convictions in the event of a prosecution -- is far from certain.
At the center of the controversy are apparent leaks contained in recent news stories regarding a variety of sensitive national security matters: the thwarting of another Yemen-based terrorist plot to down U.S. passenger aircraft, involving an enhanced "underwear bomb"; U.S. involvement in the "Stuxnet" computer virus that targeted the Iranian nuclear program; a "kill list" designating terrorists for elimination; the Pakistani doctor reportedly recruited by the CIA to obtain DNA samples from Osama bin Laden's family; and information provided to filmmakers developing a movie about the U.S. military raid that killed bin Laden.
Investigative Challenges
Leak investigations present formidable challenges for prosecutors. In many cases, it is not immediately evident who the leaker is, and the government must devote substantial investigative resources to interviewing the universe of people who had access to the classified information that was leaked. Another threshold challenge for prosecutors is to confirm the precise nature and significance of the classified information at issue in a given leak, and to determine whether and how that information satisfies the elements of an existing federal criminal statute prohibiting the unauthorized disclosure of classified information. That preliminary step, too, is not always easy.
Contrary to popular belief, there is no federal statute that broadly criminalizes the disclosure of classified information to persons unauthorized to receive it. Rather, there is a longstanding patchwork of laws -- most of which collectively comprise the Espionage Act -- intended to target what is technically known in the law as "spy stuff." Because the applicability of these laws often hinge on the specific type of classified information at issue, or on a particular recipient, the government's charging options may be limited. For example:
• Under Title 18 of the U.S. Criminal Code, Section 793, a person who lawfully possesses or has access to "information respecting the national defense," and willfully discloses that information to someone not authorized to receive it, may be subject to a fine of up to $250,000, imprisonment of up to ten years, or both. But the government may charge a government official only if it can prove that the official "has reason to believe" that the information disclosed "could be used to the injury of the United States or to the advantage of any foreign nation."
• Title 18 of the U.S. Code, Section 798 prohibits the knowing and willful transmittal of specified classified information to an unauthorized person, but it pertains only to information relating to the communications intelligence systems and activities of the United States.
• Title 18 of the U.S. Code, Sections 795 and 797, prohibit the unauthorized creation, publication, sale, or transfer of photographs or sketches of vital defense installations or equipment, as defined by the President.
• The Intelligence Identities and Protection Act of 1982, at issue in the Valerie Plame case, contains criminal prohibitions regarding the disclosure of the identity of covert U.S. intelligence agents.
• Title 18 of the U.S. Code, Section 641, criminalizes the theft or conversion of government property or records for one's own use or the use of another person. (The government has used this statute extensively to prosecute procurement-related fraud and corruption regarding the theft of equipment in Iraq and Afghanistan.) By its terms, the statute does not encompass the unauthorized disclosure of classified information, and nothing in its legislative history indicates that Congress so intended. But in at least one case, the government successfully used Section 641, as well as 18 U.S.C. § 793(d), to prosecute a disclosure of classified information to the news media.
Prior Consideration of a Comprehensive Anti-Leak Prohibition
In 2000, Congress passed legislation to enact a new statute to criminalize all leaks of classified information. The measure would have made it a crime, punishable by three years in prison, for any "officer or employee of the United States" (or any former officer or employee), or any other person with access to classified information, to knowingly and willfully disclose "any classified information acquired as a result of such person's authorized access to classified information to a person (other than an officer or employee of the United States) who is not authorized access to such classified information, knowing that such person is not authorized access to such classified information." Under this legislation, the government would not have been required to prove that the leaker intended to harm the U.S. Government or aid a foreign government, and it would not have been constrained by the subject matter of the classified information. The statute therefore would have broadly applied to leaks of classified information to members of the news media. President Clinton vetoed the legislation, however, stating that the measure "might discourage Government officials from engaging even in appropriate public discussion, press briefings, or other legitimate official activities," and might therefore "create an undue chilling effect."
In 2001, after considering whether to pass the same legislation again, Congress instead directed the Attorney General and the heads of other Executive Branch departments to conduct a review of current protections against the unauthorized disclosure of classified information, and to issue a report containing recommendations for legislative or administrative actions. In 2002, Attorney General John Ashcroft transmitted a report to Congress in which he acknowledged that "there is no comprehensive statute that provides criminal penalties for the unauthorized disclosure of classified information irrespective of the type of information or the recipient involved." Ashcroft nonetheless concluded that "current statutes provide a legal basis to prosecute those who engage in unauthorized disclosures, if they can be identified," and expressed uncertainty that a comprehensive anti-leak statute would improve the government's ability to identify or deter future leakers.
The Department of Justice's current aggressiveness in prosecuting leak cases appears to support Ashcroft's conclusion. In a pending case against CIA employee Jeffrey Sterling, for example, the government is relying on two statutes comprising part of the Espionage Act, among other laws, to prosecute Sterling for leaking classified information and documents to James Risen of the New York Times. The indictment suggests that Sterling's motive for allegedly leaking classified information and material concerned an administrative dispute with the CIA - rather than any desire to harm the national security of the United States or aid a foreign country. But the indictment appears to be based on the premise that Sterling knew the classified information and documents he leaked would be included in a book by the reporter, and therefore derivatively would result in harming U.S. national security. Count One of the indictment, for example, charges that Sterling:
did willfully cause to be communicated, delivered and transmitted the [classified] information to any person of the general public not entitled to receive said information, including foreign adversaries, through the publication, distribution, and delivery of [James Risen's] book to the Eastern District of Virginia, all the while having reason to believe that said information could be used to the injury of the United States and to the advantage of any foreign nation.
The indictment also charges Sterling under 18 U.S.C. § 641 with the "unauthorized conveyance" of government property (i.e., classified information documents) for "convey[ing] without authority property of the United States, namely classified information... having a value of more than $1,000.00 and having come into defendant Sterling's possession by virtue of his employment with the CIA..."
Availability of Non-Criminal Measures
The availability of non-criminal measures as an alternative sanction for government employees who leak classified information should be considered by those pressing for new criminal legislation. As a general matter, Executive Branch agencies have broad discretion to grant a security clearance, to impose disciplinary action regarding the misuse of classified information, and to revoke the security clearances of government employees. Administrative appeal procedures in the event of a security clearance revocation are available to the government employee contesting the clearance revocation, but it is an uphill battle in which only limited due process protections are afforded. The loss of a security clearance can be devastating, as it can result not only in the loss of federal employment but also constrain reemployment options in the private sector.
Criminal Litigation: Challenges and Risks
Those pressing for new legislation -- or more frequent leak prosecutions -- also should be mindful of the challenges and risks that accompany criminal prosecutions of leaks of classified information. In the common scenario where a government employee transmits intangible information (as opposed to documents or other tangible items) to a journalist, it is not sufficient for the government to prove that the information "[relates] to the national defense" and that the defendant disclosed the classified information to a person unauthorized to receive it. It must also prove that the defendant had a "bad faith purpose to either harm the United States or to aid a foreign government." So held the district court in the recent prosecution of two officials with the American-Israel Public Affairs Committee ("AIPAC"), a ruling that contributed to the government's decision to dismiss the case.
Leak prosecutions also entail the risk that additional classified information could be disclosed as a result of the government's discovery obligations to a defendant. The Classified Information Procedures Act ("CIPA") serves to protect the government against "graymail," defined by one court as "a practice whereby a criminal defendant threatens to reveal classified information during the course of his trial in the hope of forcing the government to drop the charge against him." Some district courts, however, have required the government to be more expansive in its discovery to defendants, putting sensitive classified information potentially at risk. In many if not most prosecutions involving the transmittal of classified information -- including the notorious espionage cases of CIA employee Aldrich Ames and FBI official Robert Hanssen -- the government has avoided the problem by obtaining convictions via plea agreements, thereby obviating the need to go to trial. In 2011, however, the government was forced to abandon a leaks case against National Security Agency ("NSA") official Thomas Drake when the district court issued a discovery ruling that likely would have resulted in public references at trial to certain NSA activities. Drake pleaded guilty instead to a misdemeanor offense, and the government suffered the embarrassing collapse of a high-profile prosecution.