October 2016

A federal contractor suspected of leaking powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the US government, according to court records and a law enforcement official familiar with the case. Harold Thomas Martin III, 51, who worked for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. He was arrested in August after investigators searched his home in Glen Burnie (MD) and found documents and digital information stored on various devices that contained highly classified information, authorities said.

The breadth of the damage Martin is alleged to have caused was not immediately clear, though officials alleged some of the documents he took home “could be expected to cause exceptionally grave damage to the national security of the United States.” Investigators are probing whether Martin was responsible for an apparent leak that led to a cache of NSA hacking tools appearing online in August, according to an official familiar with the case. Those tools included “exploits” that take advantage of unknown flaws in firewalls, for instance, allowing the government to control a network.

[Commentary] Americans have made it clear that they want more control over their personal information. It’s time for the Federal Communications Commission (FCC) to act quickly and finally put in place strong rules for Internet service providers, or ISPs, to protect consumers’ privacy. Unfortunately, when the FCC announced more than a year and half ago its intention to adopt new privacy rules for ISPs, the rebuke from critics was swift. The proposal was an important step forward, but the critics argued that because consumers could be confused, the government should not adopt new rules for ISPs unless those rules were imposed on everyone at the same time. In other words, because websites would not operate under the stronger rules, ISPs should not have to either. The optimal solution would be to adopt strong privacy rules for both ISPs and websites, but unfortunately, this is easier said than done.

Today, the FCC can adopt rules of the road to protect people’s privacy only when it comes to ISPs. Websites, on the other hand, are overseen by the Federal Trade Commission (FTC). Unlike the FCC, the FTC must follow an arduous process that makes it virtually impossible to adopt similar rules. Moreover, a recent court decision has thrown the legal landscape into chaos by potentially undermining the FTC’s already limited ability to protect consumers without the FCC’s help. We need to make sure consumers’ privacy is protected, no matter where they go on the Internet or how they connect. Congress should take this opportunity to fully empower the FTC, and give it the tools it needs to protect consumers from the unscrupulous practices of any company that can collect and monetize their data — whether it is a website or a cable company. To fully answer the public’s call and maximize the economic power of the Internet, the two agencies must do all they can to protect consumers by using the tools that they have today. That means the FCC must act now to finalize strong, new privacy rules.

[Rep Frank Pallone, Jr. (D-NJ) is the Ranking Member of the House Commerce Committee]