In 1995, a Chinese agent furnished the CIA with a document containing design information about the U.S. W88 nuclear warhead. While their intentions in sharing this information were unclear, it was evident that the People’s Republic of China (PRC) conducted a successful espionage campaign against the U.S. nuclear enterprise in the 1980s and 90s. China’s concurrent successful tests of small thermonuclear bombs from 1992-1995 raised serious concerns for U.S. policymakers. The FBI launched investigations into suspected spies at the national laboratories in two high-profile cases in the late 1990s, but they resulted in minimal consequences. The case of the stolen W88 plans remains a mystery in the unclassified record. The PRC continues to exploit weaknesses in the U.S. nuclear security apparatus. The 1999 Senate Cox Committee report found that the PRC had targeted national laboratories through direct espionage and solicited visits from U.S. scientists. A later congressional report affirmed that this concerted Chinese espionage campaign was one of the reasons the PRC’s nuclear program has advanced since the 1990s. China is a threat to U.S. nuclear secrets, yet another problem is clear in every case in the unclassified records: the threat to U.S. nuclear secrets often comes from within. This article examines the governance and enforcement architecture of nuclear secrets in the United States. It explores six cases of breaches in secrecy over three decades: breaches involving lab and military employees, private citizens, and the President himself. Legal documents, congressional reports, and news reveal disparities between investigations and prosecution at different levels of the security hierarchy. To fill in these holes, it is time for the U.S. to revisit its approach to nuclear security. Nuclear Secrets Governance The primary legislation governing and enforcing nuclear secrecy is the Atomic Energy Act of 1954 (AEA). This act defines a nuclear-specific type of classified information called restricted data. Restricted data is all data concerning the design, manufacture, and utilization of nuclear weapons, and those with access require a Q clearance. It is illegal for this information to be lost, stolen, or disseminated outside of the control of the NNSA and the Department of Energy (DoE). The executive branch has power over classified information, but in every Executive Order pertaining to classified information since Nixon, there is a disclaimer ceding the classification of restricted data to the AEA. The U.S. president and the secretary of energy can declassify restricted data if that data is not a danger to U.S. national security. The government also employs the Espionage Act of 1917to prosecute cases concerning conspiracy with a foreign government. Additionally, in 2000, Congress passed the National Nuclear Security Administration (NNSA) Act to establish a governing body for the U.S. nuclear program, including an internal counterintelligence unit called the Office of Defense Nuclear Counterintelligence (ODNCI). Along with the FBI, the ODNCI is responsible for security and counterintelligence in the post-2000 cases below. Figure 1: Nuclear Secrets Governance and Enforcement Case Studies Of the six cases of unclassified nuclear secrecy breaches since the 1990s, three explicitly concern alleged threats from the PRC. One case reveals modern lapses in security at the Naval Propulsion Lab. Two other cases directly involve the President of the United States. The Peter Lee Case (1997) The 1997 case of Peter Lee resulted in minimal charges under the Espionage Act. Peter Lee was a naturalized U.S. citizen of Chinese origin and contractor for the U.S. national laboratories. The FBI accused him of transferring restricted data to PRC scientists in 1985 and secret submarine radar information via a series of lectures in the PRC. Evidence confirmed that Peter Lee visited China and conferred with Chinese scientists in 1985 and 1997. According to congressional testimonies in 2000, the Department of the Navy chose not to provide proper evidence to the court due to fear that they would draw unwanted attention to the submarine program. As a result, Peter Lee took a plea deal and a sentence of a fine, community service, and one year in a halfway house. The Wenho Lee Case (1999) The 1999 case of Wenho Lee, an engineer at the national labs, was marred with mishaps and also resulted in a reduced sentence. He was also a naturalized U.S. citizen but notably was of Taiwanese origin. The FBI accused him of transferring restricted data from a secure server and removing some of that data from Los Alamos in physical data cartridges. A 59-count indictment charged him of violating the AEA and the Espionage Act in collusion with the PRC, despite his Taiwanese ethnicity. Additionally, Wenho Lee’s case became entangled with the W88 warhead story although there was no evidence linking him to the bomb designs. The information he purportedly removed was related to bomb testing software. According to later congressional investigations, he was held in solitary confinement for 278 days without trial during his investigation. The judge in the case later apologized to Lee for his confinement. Lee ultimately pleaded guilty to a light charge of mishandling restricted data. Both Lee cases were potentially serious breaches of security that the government incorrectly investigated and prosecuted, either due to their reticence to provide evidence or errors on the part of the FBI. As mentioned above, during the same period, the PRC developed modern thermonuclear weapons and obtained information related to seven U.S. nuclear warheads. The Cox report describes the theft of other classified information at the weapons laboratories but does not disclose more details. The report also describes that the government did not understand the severity of the threat to U.S. nuclear information until after the delivery of the W88 information to the CIA in 1995. In the end, this threat and the Lee cases raised enough concern that President Clinton urged action, and Congress established the NNSA in 2000. The Allen Ho Case (2016) Despite the creation of the NNSA, the next unclassified breach came in the form of a scheme that sent private contractors and nuclear experts to China. In 2016, Chinese-born Szuhsiung (Allen) Ho, another naturalized U.S. citizen, was convicted of violating the AEA by dealing in special nuclear material without government authorization. Special nuclear material falls under the definition of restricted data and includes enriched uranium, plutonium, and other artificially enriched isotopes. Ho worked for the Tennessee Valley Authority, which operates nuclear power plants in the Southeastern U.S., and solicited the expertise of other private-sector nuclear experts for nearly 20 years, sending them to the PRC with money from a Chinese nuclear company. Importantly, Ho was not a government employee with a clearance but still had expertise on special nuclear material, which he was prohibited from transferring per the AEA. He was sentenced to two years in jail and a fine. This case serves an example of the continued Chinese interest in U.S. nuclear information, even though Ho was not stealing nuclear information from the government. It also showcases the U.S. government’s ability to identify and investigate a citizen they suspected was dealing with a foreign power, something the FBI was unable to do by itself in the next case. The Toebbe Case (2021) The next case reveals the physical security gaps that still existed within the nuclear enterprise as late as 2021. Jonathan Toebbe was an engineer with a Q clearance at the U.S. Naval Propulsion Lab. Together with his wife, Diana Toebbe, he plotted to steal and sell nuclear secrets to Brazil. The Toebbes explicitly decided not to sell the information to China or Russia, as they deemed that morally unsound. However, Brazil immediately tipped off the FBI, leading to a months-long sting operation that resulted in their arrest and sentencing. Jonathan Toebbe was sentenced to 19 years in prison and Diana Toebbe was sentenced to 21 years, both in violation of the AEA and the Espionage Act. These are the most severe consequences across the six cases, likely due to the FBI’s preponderance of evidence. However, had the Toebbes chosen to sell the stolen restricted data to an adversary such as China or Russia, the FBI would likely not have known about the plot. This case reveals a troubling gap in the situational awareness of both the FBI and security at the Naval Propulsion Lab. According to the Defense Counterintelligence and Security Agency, Jonathan Toebbe smuggled out restricted data concerning nuclear propulsion designs on printed pages of paper over the course of several years. It also mirrors a pattern revealed by the most recent Department of Defense (DoD) report on the PRC military: service members and analysts have been able to acquire and transmit sensitive or dual-use information to adversaries of the U.S. as recently as 2024. According to the NNSA Act, the NNSA is responsible for security and counterintelligence measures at the Naval Propulsion Lab as at the other national laboratories, overlapping with the DoD. In combination with the Toebbe case, these reveal a deficiency in security across the U.S. defense enterprise. The Presidential Cases The president’s role concerning nuclear secrets is complicated, to say the least. According to the AEA, the president has the power to classify and declassify information dependent on its risk to U.S. national security. He possesses these classification powers while in office, and the nuclear dimension of restricted data is distinct from other classified information, as described in numerous executive orders. The president cannot declassify information after he has left office. While the cases in this article pertain to President Trump, it is important to note that former President Biden also possessed classified information after his time as Vice President, although that case pertained to files on the war in Afghanistan, not nuclear information. On two occasions, the President Trump has been accused of mishandling information related to U.S. nuclear weapons. First, in 2021, ABC reported that then-former President Trump discussed sensitive nuclear submarine information with an Australian billionaire at Mar-a-Lago. This information reportedly contained the number of warheads on each nuclear submarine and how close U.S. submarines could get to Russian ones. This information was highly sensitive and could have provided valuable military insights to adversaries of the U.S., especially when Trump shared it in a semi-public setting at Mar-a-Lago. According to ABC interviews with staff and other guests, the Australian billionaire then shared this information with other individuals at the club. Second, according to Special Counsel Jack Smith’s indictment of Trump in the 2023 ‘documents case,’ Trump retained classified nuclear information at Mar-a-Lago after he was president. Specifically, Trump possessed “information regarding defense and weapons capabilities of both the United States and foreign countries; United States nuclear programs; potential vulnerabilities of the United States and its allies to military attack; and plans for possible retaliation.” The FBI found these documents during their raid in 2022 and photographed boxes of files in public spaces around the beach club. The exact content of the nuclear information Trump possessed remains classified. Under the AEA, Trump’s possession of these documents was illegal and a threat to U.S. national security. Furthermore, the arrest of two Chinese nationals at Mar-a-Lago in 2019 illustrates the overlap of this security lapse with the Chinese threat, raising important questions about national security. Mar-a-Lago frequently hosts events and parties, and the documents resided in public spaces on the premises until 2022, including in a ballroom and a bathroom. But despite the indictment and evidence, the case never went to court. The judge assigned to the case, Aileen Cannon, began the process to dismiss the charges entirely in January 2025. Today, President Trump once again controls the nuclear arsenal and all its secrets. Implications and Recommendations China sought to obtain U.S. nuclear secrets and succeeded through human espionage over the past three decades. The threat persists: DoD’s 2024 Annual Report on the PRC military reported recent Chinese espionage activities, including a 2024 case in which an army analyst transmitted sensitive documents to China about U.S. military systems, including ICBMs. That incident, like the Toebbe case, reveals an apparent lapse in security within DoD, outside the jurisdiction of the NNSA. The breaches described in this article and the PRC’s continued efforts to obtain U.S. national security information pose a clear threat to U.S. national security, as the DoD report describes and the recent ODNI Threat Assessment confirms. Although nuclear information may not influence PRC nuclear development as it did in the 1990s, sensitive U.S. secrets will likely inform PRC tactics and strategy. In the 1990s, the Senate Cox Committee report found that China was benefiting from U.S. nuclear information and developing new weapons. But today, information concerning U.S. military technology will likely have little impact on Chinese nuclear development. In 2025, China has a modern, growing nuclear arsenal and is viewed as a robust threat by the U.S. intelligence community. The PRC is expanding indigenous nuclear weapons production and developing their own new nuclear aircraft carrier propulsion system. Military-specific design and testing data like that in the Lee and Toebbe cases as well as operational plans, such as the ones Trump allegedly possessed, could provide China with valuable information about U.S. nuclear capabilities. Therefore, any current or future PRC espionage will likely be focused on obtaining data that could lead to a PRC military advantage. Security weaknesses still exist at nuclear and military facilities, and sensitive information has even escaped from the White House itself. The Peter Lee and Wenho Lee cases, which could have been real evidence of Chinese espionage, revealed gaps in security at the national laboratories yet resulted in reduced sentences due to investigatory mishaps. The Ho case showcased the PRC’s continued interest in U.S. nuclear information. The Toebbe case revealed persistent security gaps at nuclear facilities and demonstrated the FBI’s ability to prosecute a case. Finally, the Trump cases represented the paradox at the heart of U.S. nuclear secrets governance: The president has complete control over nuclear information. What happens when he breaks the rules? The secrecy of the U.S. nuclear program is crucial to maintaining a stable deterrent, especially after the ODNI’s recent designation of the PRC as America’s most robust military adversary. The U.S. has the second largest nuclear arsenal on Earth, and losing control of restricted data such as submarine capabilities or testing information jeopardizes U.S. superiority. In response to the threat, the administration could undertake key governance and enforcement changes to strengthen security at nuclear facilities, provide oversight to all members of the information chain, and prosecute cases to the fullest extent of the law. First, stronger, uniform security at nuclear-related facilities, including DoD facilities, could prevent physical or digital espionage. Such upgrades require interagency cooperation between the NNSA and DoD. This includes continued advanced screening for employees as well as hardening the physical security measures at exit points at every facility. Employees should not be able to remove paper or data files outside of these facilities, as occurred in the Wenho Lee case at Los Alamos in the 1990s, in the Toebbe case at the Naval Propulsion Lab in 2021, the White House, or recently with digital ICBM information in 2024. Second, the current administration should establish strict internal oversight policies on classified information and enforce them, especially after the recent Signal group chat incident involving the highest members of the president’s national security team. If the executive branch is unable to enforce these rules and rebuild trust with the American public and allies, it is Congress’s job to intervene. Currently, there is little oversight over nuclear information within the executive branch, as the president and the secretary of energy have control over restricted data while they are in office. The NNSA should be empowered to enforce its rules and exercise the full breadth of its oversight powers as Congress intended, yet the administrator of the NNSA is appointed by the president as well. In the end, independent oversight is crucial–as Special Counsel Jack Smith’s investigation showed–but that investigation led nowhere due to Judge Aileen Cannon’s refusal to act. Finally, the Department of Justice and the courts need to enforce the prohibitions on restricted data described in the AEA uniformly, regardless of the offender. The courts should bring to bear the full power of U.S. law against all offenders of these strict security measures. Enforcing the laws about nuclear weapons is in the interest of the U.S. and all its citizens, as well as the rest of the world. To prevent future breaches, enriching the U.S. nuclear security enterprise is critical.