It’s happened again.
The Department of Justice on Thursday announced the arrest of 60-year-old Mark Robert Unkenholz of Hanover, Maryland. The National Security Agency employee faces 26 charges related to the willful transmission and retention of national defense information. These are relatively rare charges, and the DOJ has made no mention of espionage. Still, the Unkenholz affair shines a light, yet again, on security lapses at our biggest and best-funded spy agency.
What Unkenholz did appears straightforward enough. An NSA engineer specializing in encryption technology, between February 14, 2018, and June 1, 2020, when he was assigned to an agency office responsible for dealings with private industry, Unkenholz on 13 occasions emailed classified information to a friend who was employed outside NSA. Like all NSA affiliates, Unkenholz held a Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance, and he used this access to email classified information via personal, unclassified emails. This is a gross violation of security policies and federal law. The friend is identified only as “R.F.” in the DOJ indictment, and she apparently worked for defense contractors (which also aren’t named).
From April 2016 to June 2019, “R.F.” held Top Secret/SCI clearance. She then switched companies, and from July 2019 to January 2021, she lacked any security clearances. However, that’s not the issue here, because even if “R.F.” was properly cleared to see classified information, Unkenholz had no business sending it to her in unclassified emails. We don’t know Unkenholz’s motivation for sending classified information to his friend — does the fact that his first compromise occurred on Valentine’s Day 2018 constitute a tell? — but he knew this was wrong. All NSA affiliates are indoctrinated with the rules about handling classified material. Unkenholz broke them 13 different times, 10 of those times involving TS/SCI information.
This matters for a simple reason.
The U.S. government defines “Top Secret” as “information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to national security.” The very sensitive SCI caveat is even more restrictive. This could not have been a mistake. At NSA, as in all our intelligence agencies, classified information does not travel on the same networks as unclassified information. Indeed, there’s a whole separate network just for TS/SCI information. When Unkenholz took classified information and placed it in his personal email, switching networks, to send to his friend on 13 occasions, he did so with intent. Now, he will pay a price.
Each of the 26 counts Unkenholz faces carries a possible sentence of up to 10 years’ imprisonment (though his actual sentence will likely be far shorter). Since the charges make no mention of espionage, Unkenholz’s motive appears to be personal or perhaps pecuniary or career-related rather than treason. Regardless, the NSA takes the mishandling of classified information seriously, as any TS/SCI information sent via unclassified channels can be easily intercepted by hostile actors.
We don’t know how the authorities learned of Unkenholz’s criminal behavior, only that it was discovered during an FBI investigation. Sadly, this case is just one more in the depressing litany of NSA’s security lapses over the past decade. In 2013, agency contractor Edward Snowden stole 1.5 million classified documents from NSA and fled to Moscow. In 2016, NSA employee Harold Thomas Martin III was discovered to have removed terabytes of classified data from his office. The next year, NSA military assignee Reality Winner stole a TS/SCI report and passed it to the media for publication. In the aftermath of these damaging compromises, the NSA assured Congress that it had gotten its security act together.
The Unkenholz case raises uncomfortable questions about the actual state of counterintelligence and security at the NSA. After all, Unkenholz removed classified information from work and emailed it from his personal address for over two years without getting caught, and he was only arrested nearly two years after that.
John R. Schindler served with the National Security Agency as a senior intelligence analyst and counterintelligence officer.
