Accused NSA Leaker Wants to Subpoena Intel Agencies, Cybersecurity Firms

26-year old former NSA contractor Reality Leigh Winner is accused of leaking classified documents to The Intercept, and is now looking to subpoena some of America's largest cybersecurity firms. Her lawyers are applying for the court's permission to call representatives from the companies, along with officials from the CIA, Pentagon and other government agencies as witnesses for the defense. The justification for Winner's lawyers seeking these subpoenas is still sealed and has to undergo a classification review before it can be released to the public.

READ MORE: Prosecution of NSA Whistleblower Reality Winner Hinges on FBI Interrogation

Hacking Claims and Counter-Claims

Winner is a language specialist who served in the Air Force before going to work for an NSA contractor, studying Iranian military aerospace capabilities. She is accused of leaking a single Top Secret NSA report to The Intercept, which contains details of a hacking attempt supposedly carried out by the GRU in connection with the 2016 election. Winner was arrested in June 2017 and charged under the Espionage Act with removing the report from an NSA facility at Fort Gordon in August, Georgia, where she worked. 

As with so many of the Russiagate hacking claims, the NSA report is far more circumspect than the media headlines based on it. In the NSA's assessment it isn't certain that the spear-phishing operation aimed at US election officials originated with the GRU, as, "this activity demonstrated several characteristics that distinguish it" from another program they attributed to the GRU. Whoever the hackers were, there is no evidence of their phishing attempt succeeding, as the NSA noted, "It is unknown if the GRU was able to successfully compromise any of the entities targeted by this campaign."

The subpoenas requested by Winner's lawyers include officials from the 21 states the DHS claimed were the targets of Russian hacking attempts, along with representatives from the DHS. In late September 2017 the DHS informed the 21 states of their assessment that hackers had tried to compromise their election systems in the run-up to the presidential election. 

However, officials in California, Wisconsin and Texas quickly denied the DHS's claim, leading the DHS to reverse their their claim to say the hackers targeted Winsconsin's Department of Workforce Development and not their election systems. As Elections Commission Chairman Mark Thomsen said at the time, "Either they were right on Friday and this is a cover up, or they were wrong on Friday and we deserve an apology." It appears that Winner's defense are trying to incorporate this dispute between the DHS and state officials as part of their defense. 

'A Fishing Expedition'

In total the requested subpoenas seek witnesses from 21 states, the CIA, the Pentagon, DHS, the White House, the National Archives and Records Administration, the Office of the Director of National Intelligence and several cybersecurity firms. These include TrendMicro, FireEye, ESET, CrowdStrike, Volexity, F-Secure Corporation, ThreatConnect, Secureworks and Fidelis Cybersecurity. 

The prosecution have not made any public statements about the defense subpoenas but in their submission to the court they argued that the requests are too broad and should be subject to judicial review prior to being approved. The subpoenas are seeking documents as well as witnesses, which the prosecution say, "Are likely to put third parties to the task of gathering reams of information that the Court may ultimately deem irrelevant, inadmissible, impermissibly imprecise, or otherwise inappropriate for production." Their submission went on, "Such an unchecked fishing expedition would constitute an oppressive and frivolous waste of government resources."

Winner's trial is scheduled to begin in October.