He Took Home Documents to Catch Up on Work at the N.S.A. He Got 5½ Years in Prison.
BALTIMORE — As a Vietnamese immigrant with imperfect English, Nghia H. Pho felt he was falling behind his fellow National Security Agency software developers in promotions and pay. So in 2010, after four years on the job, he began taking highly classified documents to his Maryland home to get extra work done at night and on weekends in an effort to improve his performance evaluations.
But in the five years that Mr. Pho, 68, stored the material on his insecure home computer, officials believe it was stolen by Russian hackers using the antivirus software installed on the machine. Mr. Pho worked for the N.S.A.’s hacking unit, then known as Tailored Access Operations, and his cache is believed to have included both hacking tools and documentation to go with it.
On Tuesday, as family members wept in the courtroom, Mr. Pho was sentenced to five and a half years in prison after pleading guilty to a single count of willful retention of national defense information.
Mr. Pho, a slender man with a thatch of white hair, chose to address the court in English despite the presence of an interpreter. “I did not betray the U.S.A.,” he said. “I did not send the information to anyone. I did not make a profit.”
Mr. Pho’s lawyer, Robert C. Bonsib, noted repeatedly that David H. Petraeus, the retired Army general and former C.I.A. director, served no prison time after he pleaded guilty in 2015 to mishandling classified information, a misdemeanor. He shared the materials with the woman who was his lover and biographer.
United States District Judge George L. Russell III expressed some sympathy for Mr. Pho’s situation and admiration for his family. But he said the sentence was necessary to create “a real deterrent” for others who might consider mishandling sensitive information.
Prosecutors, who had sought an eight-year term, emphasized that Mr. Pho had been repeatedly trained along with other N.S.A. employees in the rules governing secrets. Thomas P. Windom, an assistant United States attorney, took issue with Mr. Bonsib’s assertion that Mr. Pho had made “one mistake” in an otherwise exemplary career.
“This was not one mistake,” Mr. Windom said. “This was five years of bad choices — criminal choices — that were devastating for the intelligence community.”
Prosecutors did not explain in open court the evidence that Russia had targeted Mr. Pho’s home computer, a topic presumably discussed in a separate closed court session. Mr. Windom did speak about the thousands of hours spent by N.S.A. workers to assess what Mr. Pho took home and what harm the loss of secrets might cause.
Adm. Michael S. Rogers, then the N.S.A. director, wrote in an unusual letter to Judge Russell last March that Mr. Pho’s breach of security rules had resulted in “articulable harm to intelligence-gathering.” Security officials, speaking of the classified case on condition of anonymity, have said that Mr. Pho had installed the popular Kaspersky Lab antivirus software on his home computer and that Russian government hackers had essentially piggybacked on the software to steal his material.
Mr. Pho’s case is only one of several N.S.A. breaches in recent years. In 2013, Edward Snowden, an N.S.A. contractor, fled to Hong Kong with a huge archive of documents that he shared with journalists. In 2016, another contractor, Harold T. Martin III, was arrested after spending years taking sensitive agency data to his Maryland home, where he stored it in his car and in a shed in his yard. Around the same time, a still-unidentified group calling itself the Shadow Brokers began to post some of the agency’s most guarded software tools on the web; the source of the leak has not been found.
Last month, an N.S.A. translator, Reality Winner, was sentenced to five years and three months in prison for sharing classified documents about Russian election hacking with The Intercept, an online publication.
Gloss