An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | July 19, 2022

DCSA leader reminds DOD, Industry to prevent inadvertent unauthorized disclosures

By John Joyce Defense Counterintelligence and Security Agency

Unauthorized disclosures and whistleblowers. What is the difference and why is it important for Americans entrusted with classified and controlled unclassified information (CUI) to understand the difference? In either case – how is national security affected?

DOD Unauthorized Disclosure Program Management Office (UDPMO) Chief Henry Nelson answered the questions from his Defense Counterintelligence and Security Agency (DCSA) office while citing a series of unauthorized disclosure cases, including a case that involves two infamous individuals familiar to the U.S. and international public.

The crimes committed by Julian Assange and Chelsea Manning – responsible for one of the largest incidents of unauthorized disclosure in U.S. history – began when Manning leaked hundreds of thousands of classified documents to Assange for publication in the WikiLeaks website. Classified State Department diplomatic cables, significant action reports filed by U.S. troops and assessments about detainees at the Guantanamo Bay detention camp in addition to visual imagery such as video footage of an airstrike that killed civilians were among Manning’s massive uploads to a Wikileaks dropsite.

“We don’t know what the repercussions will be but we do know that the impacts of unauthorized disclosure are extremely damaging to national security,” said Nelson in a recent interview. “DOD civilians, service members and contractors are privy to some of the most sensitive and closely held information. It is a violation of law and of the oath of office to divulge, in any fashion, non-public DOD information – classified or controlled unclassified – to anyone without the required security clearance, specific need to know and a lawful government purpose. By definition, this would be an unauthorized disclosure. Divulging information in violation of these precepts weakens the department’s ability to protect the security of the nation against its adversaries.”

This unauthorized disclosure of classified information or CUI to an unauthorized recipient can happen in various ways. It can be disclosed intentionally, negligently or inadvertently through leaks, data spills, espionage and improper safeguarding of national security information. When classified information is involved, unauthorized disclosure can be categorized as a type of security incident, characterized as an infraction or violation depending on the seriousness of the incident.

Nelson continued citing examples – including recent and less well known cases – of unauthorized disclosure related to the release of classified information and CUI in the public domain via products such as podcasts, print articles, internet-based articles, books, journals, speeches, television broadcasts, blogs and postings.

In a Maryland case, Mark Unkenholz – a National Security Agency employee who held a Top Secret/SCI clearance with lawful access to classified information related to national defense closely held by the government (National Defense Information) – was arrested on March 31, 2022 and charged with willful transmission and retention of National Defense Information, according to a news release posted on the Department of Justice (DOJ) website on the same date.

“This mishandling of classified information was intentional and he was charged accordingly,” said Nelson, who was the National Geospatial-Intelligence Agency unauthorized disclosure program officer before transferring to DCSA in 2020. “Unkenholz knew exactly what he was doing but was not charged with espionage since he did not send the information to a foreign adversary or release it into the public domain.”

According to the indictment, Unkenholz willfully transmitted National Defense Information on 13 occasions between February 2018 and June 2020 to another person who was not entitled to receive it.

If the case involved the release of classified information or CUI to a foreign adversary or publication in the public domain, Nelson and his Unauthorized Disclosure Program Management Office team of case managers and investigators would have been notified.

Current and former government, military and contractor personnel with present or prior access to DoD information or facilities must submit materials intended for public release for review and clearance when those materials may contain classified or CUI information to include any work relating to military matters, national security issues or subjects of significant concern to DOD in general.

The UDPMO team – one of several DCSA counter insider threat teams comprising the DOD Insider Threat Management and Analysis Center (DITMAC) – are immediately notified of all incidents involving the release of classified national security information (CNSI) and CUI in the public domain. Notifications to UDPMO include the release or enabled theft of information relating to any defense operation, system or technology determined to be CNSI or CUI. The team is also alerted to incidents of classified information or CUI disclosed to an unauthorized person or persons resulting in an individual’s administrative action, referral for criminal or counterintelligence investigation, or the suspension or revocation of a security clearance.

When UDPMO receives a confirmed report of unauthorized disclosure in the public domain, the team submits a crime report to DOJ. Included in the report are findings from a preliminary inquiry conducted by the affected component; a damage and impact assessment; and a media leaks questionnaire for the unauthorized disclosures appearing in the media.

The UDPMO process was exercised in the case of Henry Frese, a former Defense Intelligence Agency employee who pled guilty to the willful transmission of Top Secret national defense information to two journalists in 2018 and 2019. As a result of Frese’s actions, he was sentenced to 30 months in prison in June 2020.

“Frese violated the trust placed in him by the American people when he disclosed sensitive national security information for personal gain,” said Assistant Attorney General for National Security John C. Demers in a DOJ statement. “He alerted our country’s adversaries to sensitive national defense information, putting the nation’s security at risk. The government takes these breaches seriously and will use all the resources at our disposal to apprehend and prosecute those who jeopardize the safety of this country and its citizens.”

These cases are a reminder to all DOD civilians, contractors and military personnel of their lifelong responsibility to protect and safeguard information.

“This applies while the individual is actively employed with the U.S. government and continues when the individual retires or leaves government service,” said Nelson. “Individuals may use the Whistleblower Protection Enhancement Act to report information they reasonably believe provides evidence of a violation of any law, rule, or regulation, gross mismanagement, a gross waste of funds, abuse of authority, or a substantial danger to public health and safety.”

DOD Whistleblower Protection allows individuals to report information they reasonably believe provides evidence of a violation of any law, rule, or regulation, gross mismanagement, a gross waste of funds, abuse of authority, or a substantial danger to public health and safety to designated officials via specific channels. Additional information regarding DoD Whistleblower Protection is available on the DoD Inspector General website at www.dodig.mil. Those making contractor disclosures in response to Federal Acquisition Regulation clause 52.203-13 – Contractor Business Ethics Compliance Program and Disclosure Requirements – can find relevant instructions at www.dodig.mil/Programs/Contractor-Disclosure-Program. The differences between unauthorized disclosure and protected whistleblowing are further clarified at https://www.cdse.edu/Training/Toolkits/Unauthorized-Disclosure-Toolkit/.

Editor's note: This story was originally published on DVIDS July 5, 2022.