The arrest warrant says nothing about printer dots, actually. It says that once they saw it was printed (per the Intercept showing them a copy to confirm its legitimacy) they simply looked at who'd printed the original document. Upon looking into the desk computers of those 6 people, she was the only person who'd had email contact with the Intercept.

They didn't even need the yellow dots. She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.

This is a really nice bit from TFA:

"FBI special agent Justin Garrick told a federal court that Winner – a cross-fit fan who graduated high school in 2011 and was in the US Air Force apparently as a linguist – confessed to reading and printing out the document, despite having no permission to do so. "

So, she joined the company 3 months prior, and it was 'permission' rather than enforced access rights that they relied on for new trainees not to color outside of the lines.

It's not about 'permission', it is all about 'capabilities'.

According to the FBI arrest affidavit, only six people printed that document, and she emailed The Intercept from her own work computer.

So she would have been identified even if she or The Intercept had the sense to remove or alter the DocuColor dots.

"The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet"

I have submitted a PR to 'pdf-redact-tools' tonight. The new feature removes the yellow printer dots by converting the document to black and white: https://github.com/firstlookmedia/pdf-redact-tools/pull/23

The arstechnica article[1] reports, based on the FBI document, that the NSA determined who leaked the info by finding creases in the documents provided to them for authentication by the Intercept demonstrating that they were leaked by being printed out.

[1] https://arstechnica.com/security/2017/06/leaked-nsa-report-s...

I don't get it. These kind of dots are not news, they have been around for ages, the EFF cracked the code in 2005 (https://en.wikipedia.org/wiki/Printer_steganography)

Why did no one at the intercept check for them? Its trivial and they have to know about this kind of stuff?

Or more accurately, the Intercept either though ineptitude or malice burned their source.

"Yes, this code the government forces into our printers is a violation of our 3rd Amendment rights"

FYI: The 3rd Amendment reads as follows:

"No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law."

I don't see the connection. Why does this violate our 3rd amendment rights?

>To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.

I'm not convinced that would be sufficient, especially the latter option.

Also this is the NSA. If they're smart, they have backup fingerprinting that isn't publicly known.

So this is the "extraordinary law enforcement effort" Rosenstein referred to. Check printer logs, send FBI to leaker's house.

This will certainly make anybody thinking of leaking to the Intercept think twice.

With all the talk of scanning in black and white, photocopying, taking a photo with a camera or retyping as means to get around the printer dots.

Why not use OCR?

What did she reveal? That's what's important. Everything is focusing on how she was caught. Nice distraction.

Can someone explain the reference to the Third Amendment at the end of the article? Looking on Wikipedia, the 3rd Amendment is something to do with quartering soldiers in private homes.

For privacy purpose, we should have free (open source) printers.

I remember a HN thread years ago on these yellow dots watermarks, where an employee at a printer manufacturer said there was no indication this was ever used by law enforcement to track who printed what because, for one, the team who implemented the watermarking never documented or taught anyone how to decode these watermarks.

Well, here we are today with this NSA story.

I think it's possible that US-based printer manufacturers implemented watermarking on special request from the NSA. That would also explain why the printer manufacturer employees never needed to teach anyone how to decode them. It wasn't their specs in the first place.

As someone else pointed out already there is no evidence the dots were used. Only 6 people viewed the document and she was the one who printed it. Then they found logs of her emailing it from her work computer.

So there are definitely printer dots in the posted images, but how do we know they are from a printer at NSA? They could be from a printer at The Intercept, a public copy and print shop, or anywhere else, intentionally left in as a red herring.

Of course, as others have posted, she doesn't appear to have tried hard to cover her tracks at NSA so that doesn't seem too likely. But stating that she accidentally left in the printer dots is assuming several facts not in evidence.

tl;dr: the dots may have exposed metadata of the printing, but from what we know officially, NSA's internal access control system was all that was needed to argue probable cause against Reality Winner.

So the dots don't look good in terms of The Intercept's opsec, but from what we know from the Justice Department's affidavit [0] and the search warrant [1], those dots were likely inconsequential as evidence compared to the audit trail that Winner left when she accessed and printed the file. It's not unreasonable to believe that the NSA and its contractors can track access activity by user, post-Snowden; I mean, it's a feature built into states' DMV systems, which is how cops get busted in the occasional scandal of unauthorized lookup of citizen info [2].

The warrant and affidavit allude to such a system when describing the audit that was done as soon as the NSA was made aware (because the Intercept reached out to them) that the document was out in the wild. At that point, it doesn't seem hard to query their own logs to find all users who accessed and/or printed out the document. Unfortunately for Winner, it seems that very few (1 in 6) NSA employees printed out the document, and I'm sure it didn't help that her background (former Air Force, fluent in several Middle Eastern languages) would indicate that her job did not require her to have a physical copy of this particular document.

The affidavit and warrant mention "physical" metadata that they say supports their case, but it's all circumstantial

1. The documents show evidence of creases/folding, which indicates that someone had to secret it out physically (i.e. they printed it first) from the NSA. But that folding/creasing could come from the reporters printing out their own copies of the document.

2. The affidavit says that of the 6 employees to have had printed out the document, Winner was the only one to have email contact with The intercept. But the warrant specifies that this email contact occurred using her private GMail address in March, and it was limited to 2 emails: her subscribing the The Intercept podcast, and a confirmation email. i.e. she didn't use email (that we know of) to talk to the Intercept.

There's no mention of the yellow dots, which, sure, we could argue that the NSA is just keeping that bit of tradecraft secret. But keep in mind that the NSA started their investigation last week, with the FBI interviewing Winner just a few days ago (on a Saturday no less).

The other key point is that, according to the warrant, the Intercept journalist sent along the leaked documents to a NSA source for confirmation using a smartphone, i.e. they texted smartphone photos of the documents. It seems possible that that kind of ad hoc scanning would make the yellow dots illegible, depending on how much care was taken to photograph the documents.

At any rate, it's kind of irrelevant. Assuming Winner used her own NSA credentials to peruse the system, the access control logs were all that were needed to out her as fast as the NSA and FBI were able to. However, it's worth noting that if the NSA had been clueless until the Intercept's published report, the actual published document apparently did reveal the yellow dots. This means that if even if Winner were one of many NSA employees to print out the documents, the yellow-dot timestamp would greatly help in narrowing the list of suspects.

So, it's wrong to say the Intercept outed her, because we don't know what would've happened in an alternative reality in which the NSA didn't start its investigation until after seeing the published report. It is OK, probably, to speculate that the Intercept was sloppy in handling the documents...but that's not what led to Winner being outed so quickly.

[0] https://www.justice.gov/opa/pr/federal-government-contractor...

[1] http://blog.erratasec.com/2017/06/how-intercept-outed-realit...

[2] https://apnews.com/699236946e3140659fff8a2362e16f43/ap-acros...

Arresting the leaker is part of making this seem legit leaking?

undefined

Fucking cool tho.

undefined

Convert the white background to yellow

Something smells fishy here. How did the Intercept maintain enough opsec to stay in contact with Snowden (who would have dropped them like a hot potato if they didn't seem competent) and then do this, with the same general staff in place?