A government contractor providing cyber security support to part of the U.S. military faces prison time for taking home hundreds of top secret documents on his own personal thumb drive every day.
When confronted over the alarming breach of classified intel, the contractor, William Kinsel, told investigators he was not up to anything nefarious—he just wanted the comfort of being able to work from home.
Now, after pleading guilty last week to a single criminal count of obtaining classified documents and taking them home with him on an unauthorized thumb drive, Kinsel could get up to five years behind bars.
For years, according to the complaint, filed in Eastern Virginia District Court, Kinsel maintained Top-Secret Sensitive Compartmented Information security clearance, meaning he could work on classified documents involving the United States.
He worked for a government contractor, identified in court documents only as “Company One,” where he helped part of the U.S. military with cyber security support services. As an employee of Company One, Kinsel worked out of a secured office space in Stafford, Virginia.
The chain of events leading up to the discovery of Kinsel’s unauthorized dealings with classified information began in May 2019, when another Company One employee found a “small Lexar Firefly thumb drive” on the floor in a conference room at the secure office, according to court documents.
Kinsel had been in the conference room only moments before for a quick meeting of five employees. The drive was an unusual discovery—the secured office allowed no electronic devices unless they had been explicitly approved by the company.
The employee submitted the drive to Company One’s security unit, and eventually, the company’s security team examined the drive to find more than ten classified files marked “secret”—related to Kinsel’s project—and some personal materials, including one file “relating to a popular commercially distributed video game.”
Kinsel had been issued a secure computer at work called a Secret Internet Protocol Router (SIPR) computer. When security examined his work computer, they found that one of the folders perfectly matched a folder downloaded to the drive. Of those, three out of nine files had been classified “secret.”
On May 17, 2019, the participants at the meeting, which took place just before the drive was discovered, were interviewed about a possible “spillage” of classified information. According to court documents, Kinsel lied during these interviews, claiming he had never brought an unauthorized device to work. Once, he said, he had accidentally worn a fitness watch into the office, but he had removed it as soon as he noticed.
Kinsel was interviewed two more times in the coming weeks: first, on May 21, when he reiterated his denials; then on May 24, when Kinsel admitted that he had lied twice; that he had brought classified information home with him; and that the drive had been his, but fallen out of his pocket during the meeting.
He went on to confess that he had frequently transferred secret files onto the drive, taken them home, uploaded them onto a personal computer in his basement, and worked on them from home. Afterwards, he said, he would transfer the files to an external hard drive, erase any trace of the files from his personal computer, and bring the completed project back to work on the thumb drive. According to the court documents, Kinself would change the names of files and folders to avoid detection from Company One.
After his confession, Kinsel agreed to let security search his basement. They took six more devices, including a hard drive, four thumb drives and a Lenovo laptop. The hard drive, laptop and one of the thumb drives had “secret” files.
The complaint argues that Kinsel had been well aware that removing files from the secured office was illegal. According to court documents, Kinsel acknowledged having tried to evade detection. He had also recently taken several trainings about clearance and the obligations it came with: an Annual Security Training in July of 2018, a NATO security briefing in August of 2018, an Insider Threat Awareness Training of October of 2018, and a Cyber Training that same month. At the time, Kinsel signed a waiver verifying he would properly label and control all information involved.
On Dec. 11, 2019, federal prosecutors filed a complaint against Kinsel, detailing the allegations he had admitted in his confession. On Dec. 19, he signed a plea agreement, acknowledging his guilt. He faces a maximum of five years in prison when he is sentenced.