Here’s What Makes Former NSA John Bolton’s Indictment Different
By Ronald W. Chapman II, White‑Collar Defense Attorney
If you think the John Bolton case is just another “classified‑documents” brawl, you haven’t read the charging paper. This is not a storage‑unit saga; it’s a diary‑to‑family indictment with compartments like HCS and SI splashed across the pages, an alleged Iran‑linked hack of a personal AOL account (yes, AOL), and a timeline that tracks right through a decommissioned home SCIF.
It’s also a test of how far prosecutors can press 18 U.S.C. § 793(d)(transmission) and (e) (retention) when the audience isn’t a newspaper, a foreign service, or a friendly reporter—but your own relatives. That’s new. And it’s going to matter.
Who John Bolton is—and why politics hovers over this case
The FBI raided Bolton’s home and found classified information.
John Bolton is a former National Security Advisor (2018–2019), U.N. Ambassador, and long‑time national security figure known for a hawkish foreign‑policy bent and open criticism of multiple presidents, including the one he served. The public reporting around his indictment emphasizes 18 counts (8 transmission; 10 retention) returned by a Maryland grand jury. Career prosecutors are on the signature block; political oxygen surrounds the case anyway because Bolton is a familiar, outspoken figure and a frequent commentator. Expect the noise; focus on the evidence.
What the indictment actually charges
Start with the law. § 793(d) criminalizes willful communication of national defense information (NDI) by someone with lawful access to a person “not entitled to receive it.” § 793(e) covers willful retention (and certain transmissions) by someone without authorization to possess the NDI. Both require “reason to believe” the information could be used to the injury of the United States or to the advantage of a foreign nation—not that actual harm occurred. Courts have long read “national defense” to cover closely held military and intelligence information, even if “classified” isn’t a statutory element.
Now the facts as charged. From April 2018 to September 2019, the government says Bolton regularly emailed and messaged diary‑style notes—some labeled “For Diary in the future!!!”—to two relatives, none of whom held a clearance. The messages allegedly included descriptions of planned foreign attacks, U.S. covert actions, and intelligence sources and methods at levels up to TOP SECRET/SCI. Later, in August 2025, the FBI searched Bolton’s home and office and seized printed copies of those materials; prosecutors say he retained them long after his home SCIF was decertified. For color—and mens rea—the indictment quotes Bolton’s own past warnings that sensitive business has no place on Signal or Telegram.
One more twist: in July 2021, an “actor believed to be associated with Iran” allegedly hacked Bolton’s AOL account and sent a message threatening public release of the contents. Prosecutors say Bolton (through counsel) told the FBI the account would be deleted—the sort of fact pattern that spawns discovery fights over preservation but doesn’t, on its own, equal obstruction.
Finally, prosecutors included a forfeiture allegation under § 793(h) and cross‑reference statutes—standard belt‑and‑suspenders language to position the government for asset forfeiture if the statutory criteria are met. Importantly, the indictment itself says none of the charged information appeared in Bolton’s published book, undermining any simple “book‑proceeds” narrative.
What makes this case different from the usual “documents” headlines
Two words: audience and compartments.
Audience. Most modern § 793 prosecutions involve transmission to media (Reality Winner), lobbyists (the AIPAC case that DOJ later dismissed), or the press (Morison). Here the alleged recipients are family members—not cleared, not official, not journalists. That’s atypical. It neuters some First Amendment posturing and narrows the trial to entitlement(“not entitled to receive it”) and willfulness.
Compartments. The charge tables list HCS (human sources), SI (signals), ORCON and NOFORN, and even REL TO USA GBR—a diplomatic way of saying “this came from or is shared with an ally, handle with care.” Those markings scream CIPA (the Classified Information Procedures Act): protective orders, substitutions, summaries, and endless fights over whether the defense “needs” specific classified content to mount a case. Translation: slow litigation, heavy secrecy, and jury instructions that become a battle of adjectives.
How these charges have historically been brought—and how they end
If you’re trying to predict outcomes, history helps:
Samuel Loring Morison (1985): convicted of § 793(d)/(e) for leaking KH‑11 satellite photos to Jane’s. Sentenced to two years, later pardoned by President Clinton. A landmark case confirming that “leaks to the press” can be espionage—no foreign spy needed.
Rosen & Weissman (the AIPAC case, 2005–2009): non‑government actors charged under § 793(g) (conspiracy) for receiving/discussing NDI. After bruising CIPA litigation and novel First Amendment issues, DOJ moved to dismiss. Takeaway: prosecutors can charge non‑official recipients, but trying those cases is hard.
Thomas A. Drake (2010–2011): ex‑NSA official indicted under § 793(e) (retention). Case collapsed on the eve of trial; he pled to a misdemeanor (computer misuse) and got probation. Takeaway: retention cases with policy‑dispute undertones can melt under CIPA heat.
Reality Winner (2017–2018): contractor pled to § 793(e) for mailing a TOP SECRET NSA report to the press; 63‑month sentence—the longest to that point for a leak to media. Takeaway: when the facts are tight and the leak is undeniable, sentences can bite.
David Petraeus (2015): former CIA Director wasn’t charged under § 793. He pled to a misdemeanor (18 U.S.C. § 1924) for mishandling his classified “black books” with his biographer; probation and a $100,000 fine. Takeaway: senior officials have historically resolved mishandling cases short of § 793.
Sandy Berger (2005): former National Security Advisor likewise pled to § 1924 (unauthorized removal) for taking documents from the National Archives; probation, fine, community service. He was not charged under § 793.
Add John Deutch (former CIA Director), who negotiated a § 1924 plea for mishandling secrets on home computers but was pardoned before charges were filed. Senior principals historically avoided § 793.
That’s why Bolton is distinct: As far as reported cases go, no former National Security Advisor has previously faced § 793(d)/(e) charges. The closest analogs (Berger, Petraeus, Deutch) resolved or were poised to resolve under § 1924—a misdemeanor. If this goes the distance, Bolton’s case is a first.
The elements the government must actually prove
The government will hammer three pillars:
It was “NDI.” Courts define national defense information as closely held information relating to the national defense whose disclosure could damage U.S. interests; classification is persuasive but not dispositive. Expect a fight over whether these diary entries are NDI and how “closely held” they truly were.
“Not entitled to receive.” That phrase usually maps to the classification system: clearance and need‑to‑know. Relatives don’t qualify. Communications to them are straight lines for § 793(d).
Willfulness + “reason to believe.” DOJ will wave those Signal/Telegram quotes and Bolton’s own classification background to show he knew what he was doing and that the content could aid an adversary. Defense will say: these were recollections, not war plans; reason to believe is being stretched.
Sentencing exposure, in the real world
The statute caps each § 793 count at 10 years. But Guidelines are the real gravity. For transmissions, USSG § 2M3.3applies (historically base level 29 for TOP SECRET; 24 otherwise), with § 2M3.2 potentially triggered where the government argues the conduct fits the “gathering/transmitting” paradigm and the proof reaches intangible information thresholds. Either way, the classification level drives the base offense level.
What do courts actually do? The U.S. Sentencing Commission’s “National Defense” Quick Facts (FY 2024) shows 83.9% of national‑defense defendants go to prison; the average sentence was 53 months. Caveat: those statistics bundleespionage with export‑control and terrorism‑related cases—apples and oranges for § 793. Still, they illustrate a trend: judges vary downward almost half the time in this category.
Comparators underscore the variance: Winner (63 months), Morison (24 months, later pardoned), Drake (misdemeanor probation), Petraeus and Berger (misdemeanors, probation/fines). Bolton’s status (former NSA), the compartments at issue (HCS/SI), and the prosecution’s decision to charge transmissions to unauthorized persons (rather than just retention) all push the case upward on seriousness—while the absence of publication or sale tempers the “harm” narrative.
Does this hint at a larger case?
Maybe—but not necessarily. The indictment’s focus is narrow: Bolton as sender/keeper; two relatives as recipients. There are no co‑defendant counts, no obstruction charge, no conspiracy. The Iran‑linked hack is background color, not a new defendant. What does hint bigger are the liaison references (REL TO USA GBR) and covert action details—because those require inter‑agency and ally consultations for declassification, substitutions, and damage assessments. That complexity doesn’t necessarily predict additional defendants; it predicts a long and classified litigation runway.
The defense playbook (and where I’d press)
If I were defending this case, here’s where the skepticism goes:
NDI status, item by item. The defense will probe whether the messages re‑told public or declassified facts mixed with Bolton’s opinions. Remember, “classified” isn’t an element; NDI must be closely held and potentially damaging. Expect experts and a fight over whether snippets like “planned attacks” were already public through foreign statements or press accounts.
Willfulness. Prosecutors will point to Bolton’s experience and quotes; the defense will stress a prepublication review process that, while contentious, showed engagement, and the indictment’s own concession that the charged material wasn’t published. Willfulness gets fuzzier if the evidence shows he believed he was collecting notes for a book process—bad judgment versus criminal mens rea.
Overbreadth of “transmission.” Communicating to relatives is improper; is it espionage? The defense will argue § 793(d) was designed for deliberate dissemination to persons expected to use or further disclose the information (press, liaisons, hostile services)—not private family exchanges. DOJ will counter that “not entitled to receive”means what it says. The case law (Morison, Rosen/Weissman) shows courts are willing to apply § 793 to non‑spies and non‑journalists; still, juries care about context.
CIPA pressure. In Drake and AIPAC, the friction of litigating classified proofs helped collapse or end cases. Here, the compartments (HCS/SI/ORCON) raise the substitution stakes. The more DOJ must summarize sensitive details, the more room the defense has to say the summaries overstate sensitivity or omit exculpatory nuance. That can drive outcomes off the merits.
How this compares to past high‑level cases
It bears emphasizing: Petraeus (CIA Director) and Berger (National Security Advisor) did not face § 793. They resolved (or were poised to resolve) under § 1924—a misdemeanor. Deutch (CIA Director) negotiated such a plea before a pardonmooted it. Bolton’s case, by contrast, is felony § 793(d)/(e)—closer to Morison (government employee to press) and Winner (contractor to media) than to the usual “senior‑official mishandling” playbook. That alone makes this case a first‑of‑its‑kind stress test for how DOJ treats former principals.
A word about forfeiture
The indictment’s forfeiture language cites § 793(h) (which addresses proceeds derived from foreign governments as a result of the violation) plus the § 981/§ 853/§ 2461(c) toolkit that lets DOJ use familiar forfeiture procedures in criminal cases. That doesn’t magically attach to “book money”—again, the indictment says the charged secrets weren’t published—but it keeps the government’s options open if trial evidence fits a forfeiture theory. Think of it as the government reserving the right tool, not declaring the desired property.
The political atmosphere—and why it matters less than you think
Early reports note the obvious: Bolton’s a polarizing figure; this is the third big secrets case involving a prominent political voice; and the venue (District of Maryland) has seen major national‑security prosecutions before. But the signature page lists career national‑security prosecutors. The courtroom will run on CIPA schedules, Rule 16, and jury instructions—not cable‑news chirons. Expect motions about jury contamination and selective prosecution; expect the judge to drag the case back to elements and proof.
Where this could go (and what to watch)
A motion to dismiss “transmission” counts as over‑broad when the recipients are relatives? It’s a longshot, but it previews a trial‑focus argument: no dissemination intent, no sale, no publication.
A motion to compel broader CIPA substitutions so the defense can argue lack of harm (or lack of “reason to believe” harm). DOJ will resist; the judge will balance.
Plea gravity. Bolton’s profile makes a misdemeanor § 1924 resolution politically fraught for DOJ after charging § 793—but never say never. Outcomes like Drake and AIPAC remind us: CIPA risk changes leverage.
Sentencing contours. If there’s a plea, watch whether DOJ insists on a felony to avoid the “Petraeus/ Berger disparity” narrative. If it goes to verdict, the Guidelines will be an arena unto themselves, with the classification level driving offense levels and the defense pressing for downward variances.
Bottom line
Historically, former principals have avoided § 793; Bolton hasn’t. That’s why the case matters. The government still has to prove NDI, willfulness, and “not entitled to receive” beyond a reasonable doubt, under the shadow of CIPA and with a defendant who will argue context, intent, and overreach. However you feel about Bolton, the legal question is narrower, the proof is thornier, and the precedent—if this gets to verdict—could reshape how DOJ charges senior national‑security officials going forward.
Sources & references (selected)
Indictment (United States v. John Robert Bolton, II, D. Md., Oct. 16, 2025): counts, markings, SCIF, hack, search warrants, forfeiture. Full Bolton Indictment
Statutes & elements: 18 U.S.C. § 793; Gorin v. United States; Morison line of cases.
USSC data & Guidelines: National Defense Quick Facts (FY 2024); USSG §§ 2M3.2, 2M3.3.
Comparators: Petraeus (§ 1924 plea); Berger (§ 1924 plea); Deutch (pardon after § 1924 plea talks); Morison (§ 793 conviction); Drake (case collapsed to misdemeanor); Winner (§ 793(e) plea, 63 months).
Early coverage of the indictment: Reuters; AP; WaPo.