WikiLeaks Sues the Guardian Over Leak 289
An anonymous reader writes "WikiLeaks complaining of a leak is hard to get one's head around. That it's suing The Guardian — its great ally — is even harder. That The Guardian did such a ridiculous thing to warrant litigation in the first place almost defies belief."
Update: 09/01 04:59 GMT by S : Changed the first link to point to the statement on WikiLeaks' website. The Guardian has denied the allegations, saying, "Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours."
Can't even try to read the fucking article (Score:2)
Message not found
Message does not exist. Either you've got a bad link or the poster has deleted the message.
Lovely!
Re:Can't even try to read the fucking article (Score:5, Funny)
Sorry, it's been redacted.
Re:Can't even try to read the fucking article (Score:3)
I swapped out the original link with one pointing to the statement on their website, so it should work now.
Thed saying holds true... (Score:5, Insightful)
There is no honor amongst thieves.
Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.
Re:Thed saying holds true... (Score:3)
It's going to get even funnier when we find out that the US State Department leaked it to The Guardian as payback for all the diplomatic cable leaks...
Re:Thed saying holds true... (Score:2)
There is no honor amongst thieves.
Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.
Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking? (i.e. is there any category of information that should not leak?)
Re:Thed saying holds true... (Score:4, Insightful)
is the identity of the original leakers also subject to your postulate on selective leaking?
It certainly is part of Assange's. I can only ever assume that it was the papers that heald him back. His redactions are a joke after all.
is there any category of information that should not leak?
Many say no. But claiming special dispensation on a leak .. that is just delicious.
-Seraphim
Re:Thed saying holds true... (Score:2, Interesting)
is there any category of information that should not leak?
Many say no. But claiming special dispensation on a leak .. that is just delicious.
-Seraphim
I wonder what you understand on the difference between "secrecy in governance" and "personal privacy"/"anonymity"/"pseudonimity"?
Re:Thed saying holds true... (Score:4, Insightful)
I understand them well. I would never cede their understanding to Julien Assange however. His *version* of them never involves himself, or perhaps always or only involves himself. If your life blood is "leaks" then you had best be squeaky clean yourself, and open. He is not. At least Robin Hood admitted he was a thief.
Re:Thed saying holds true... (Score:2)
I understand them well. I would never cede their understanding to Julien Assange however. His *version* of them never involves himself, or perhaps always or only involves himself. If your life blood is "leaks" then you had best be squeaky clean yourself, and open. He is not. At least Robin Hood admitted he was a thief.
So, you don't deny the right of the "innocent" people to have their identity protected, you just deny Assange's right to complain that actions of The Guardian allegedly breached the rights to anonymity for these people?
Would it matter for you if I'm pointing that the complaint is actually issued by WikiLeaks as an organisation?
Re:Thed saying holds true... (Score:2)
is the identity of the original leakers also subject to your postulate on selective leaking?
It certainly is part of Assange's.
I call bullshit, what are the names of the leaker's revealed or confirmed by Assange?
Why not? (Score:3)
Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking?
The names of many people who would not have like to have been named were in the documents leaked and released. I do not see why the person leaking should expect any special treatment in that regard; of course an organization that leaks that would see fewer leaks come in to be sure, but it is fair game if someone ELSE can extract it from the site data is leaked to...
You have to figure as a leaker it is more likely than not someone will figure out it is you, and be prepared for that eventuality. If the leak is truly important enough, that will not matter.
Re:Why not? (Score:2)
Yes sir, we have that in the back (Score:2)
"would not have like to have been named " is very different to "were unfairly harmed by being named."
There were at least a few tribal leaders in Afghanistan named who were in fact worried about being killed, far worse than anything the leaker faces.
There is no difference at all, and in fact in many of these documents people are being named that are worried about being killed - also exact positions of military bases useful for mortars, etc.
Re:Why not? (Score:2)
Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking?
The names of many people who would not have like to have been named were in the documents leaked and released.
Well, the devil in the details. It's not about what the people want or not, it's the difference between what one is doing (which is important) and the identity/position of the person doing it (which may be important - if that person has chances of persisting in doing it. e.g. Hillary asking for private data on UN officials - or may be not important - I didn't care to know who is the blonde nurse Gaddafi hold dear, she wasn't doing anything of consequence to Libyan people).
With the CableGate leak, WL seems to try protecting the identity of the people that are not of any consequence in the action.
I do not see why the person leaking should expect any special treatment in that regard; of course an organization that leaks that would see fewer leaks come in to be sure, but it is fair game if someone ELSE can extract it from the site data is leaked to...
Difference between expectations and risks. Would I be a leaker, I'd expect the leak destination to do everything possible to protect my identity (even if I would also be prepared for the risk of this not happening, I consider the expectation of anonymity as legitimate).
From this "generalized" angle (i.e. "category of info that should not leak") , I'm not seeing in any way as paradoxical the current WL action against Guardian. If WL is right, that's a breach in the agreement the two parties had, agreement by which WL were doing "their best" to keep the "innocent's identities" covered.
To put it in short: the fact that two actions share a common mean to reach a goal does not make the two actions equivalent.
I still don't see publishing facts and publishing person identities as being two similar actions only because both are done by "leaking".
Re:Thed saying holds true... (Score:5, Insightful)
The point of leaking is to expose malfeasance. The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly. You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.
WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage. But oh, to live in your simple world...
Re:Thed saying holds true... (Score:5, Interesting)
The point of leaking is to expose malfeasance. The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly. You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.
WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage. But oh, to live in your simple world...
From the New York Times, August 30: "WASHINGTON — In a shift of tactics that has alarmed American officials, the antisecrecy organization WikiLeaks has published on the Web nearly 134,000 leaked diplomatic cables in recent days, more than six times the total disclosed publicly since the posting of the leaked State Department documents began last November. A sampling of the documents showed that the newly published cables included the names of some people who had spoken confidentially to American diplomats and whose identities were marked in the cables with the warning “strictly protect.” State Department officials and human rights activists have been concerned that such diplomatic sources, including activists, journalists and academics in authoritarian countries, could face reprisals, including dismissal from their jobs, prosecution or violence."
In other words, Wikileaks no longer gives a s*** about protecting peoples' identity as long as they can get some media attention, and probably never have. As soon as Wikileaks stopped being front-page news, they increased the volume of the leaks and stopped editing them. Headlines, after all, are far more important than people's heads. But oh, to live in your simple world...
Re:Thed saying holds true... (Score:3)
"In other words, Wikileaks no longer gives a s*** about protecting peoples' identity"
Well it's about weighing the dangers against the benefits, and as the dangers to date have seemed to be completely negligible I'm not sure I can blame them. When they did it last time, no harm came from it, even the Pentagon agreed.
This time, when they worked with media organisations they got nothing but shit off them. The old school media being pissed off that they'd been shown up in terms of their lack of journalistic capability by a bunch of upstarts and their falling hook line and sinker for Domscheit-Berg's FUD, Domscheit-Berg being someone who, for all his talk has yet to actually achieve anything worthwhile whatsoever, and on the contrary has achieved plenty of things that frankly make him a dick.
If Wikileaks is going back to just leaking raw data then I don't blame them, they were better off that way not getting fucked by a media that wanted to pick and choose what to release and what to redact so it could pursue it's own political agenda, and then launch rabid attacks against Wikileaks when it was done.
I don't believe Wikileaks is anything like perfect, it has many problems, but they were better off just leaking data and not really doing anything beyond that. Everything more they have done, even when they've tried to do so because people are telling them it's more "ethical" has just blown up in their faces. So again, it's no surprise they've gone back to their original ways- things worked out much better for them back then. Even if you don't agree with what they do it's not hard to see why they're now doing what they're doing, and it's easy to see that an irresponsible media shares some of the blame because when it was given a chance to do things a bit better, it turned round and stabbed it's partner in the back.
Old school media is to blame for many Western problems due to the fact it's more interested in politics than news, this is yet another demonstration of that, and is why Wikileaks is sensible in just sticking to real actual news than wasting time playing the media's political games.
Of course, if you care about protecting people's identities and think it's important, Wikileaks have asked for volunteers to help do redactions themselves because otherwise they wouldn't have the manpower to do it, and leaking with minimal chance of harm has arguably demonstrated itself better than not leaking at all as it has exposed the likes of the corrupt Tunisian and Egyptian regimes giving more weight to the revolutions in those countries. Of course, if you're like most Slashdotters I'm sure rather than volunteering to do something about it you'll just sit bitching and moaning revelling in your inaction instead though.
Re:Thed saying holds true... (Score:4, Insightful)
"If Wikileaks is going back to just leaking raw data then I don't blame them, they were better off that way not getting fucked by a media" ... "I don't believe Wikileaks is anything like perfect, it has many problems, but they were better off just leaking data" [Emphasis mine].
Aside from a slight sympathy with people in general, who cares if Wikileaks gets "fucked" or what Wikileaks are better off doing? Surely the important thing here is the exposure of malfeasance, while doing your best to protect the innocent? If the promotion of Wikileaks becomes more important than the actual leaks, you have just proven the parent post's point. And if the newspapers don't print what Wikileaks want them to print, they can always release the information themselves as well.
As a side note I'd rather see Assange and Wikileaks get fucked than some innocent who just happens to be put in danger due to his identity being revealed by Wikileaks. At least Assange made the concious choice to put themselves in the spotlight for this.
NYT: Nixonian henchmen of today (Score:5, Insightful)
Ah yes, the NYTimes - The Nixonian henchmen of today [salon.com]
Apparently, faced with hundreds of thousands of documents vividly highlighting stomach-turning war crimes and abuses -- death squads and widespread torture and civilian slaughter all as part of a war he admired for years and which his newspaper did more than any other single media outlet to enable -- John Burns and his NYT editors decided that the most pressing question from this leak is this: what's Julian Assange really like?
Re:Thed saying holds true... (Score:5, Insightful)
The point of leaking is to expose malfeasance
So every one of those diplomatic cables exposed malfeasance? Tsvingarai is guilty of malfeasance?
WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage.
Assange doesnt think there should be any secrets, and has a known axe to grind with the US. There may be other reasons for why he leaks the way he does, but one only has to see the edits that he did to "collateral murder" (or even the title he gave it) to see that hes hardly some noble unbiased source.
Leaking can be entirely political ... (Score:4, Informative)
The point of leaking is to expose malfeasance.
Not necessarily. Leaking is also a tool of embarrassment, harassment, political manipulation, etc. When leaking selectively, one side and not the other, the point may be entirely political.
Re:Thed saying holds true... (Score:3)
deciding "good" should not be wikileaks motive unless they want to be an old school political movement.
that just makes them users of power, instead of a tool for people(unable to do it themself) to publish things anonymously. when they decide what's good or bad, they're taking active part in politics of what's good or bad, deciding what's immoral and whats moral, deciding who is guilty and who is innocent, what's true and what's not - and by that way they get responsibility as well as they're no longer a carrier but also a censorship authority.
Luther wouldn't have had much liberating effect on the world if he had decided what's a good thing to have in the bible and what's not, only whole translation done as well as he could was worthwhile.
Re:Thed saying holds true... (Score:2)
Re:Thed saying holds true... (Score:2)
The purpose of accepting leaks as declared by Wikileaks is to expose malfeasance.
There, FTFY (otherwise "leaking" may a mean to various ends). Otherwise, all's well.
Re:Thed saying holds true... (Score:2, Insightful)
The point of leaking is to expose malfeasance. The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly. You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.
WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage. But oh, to live in your simple world...
BULLSHIT
Wikileaks is awfully selective about what they term malfeasance and who they target with their leaks. They don't have the guts to actually leak things about Russia or China - because they know they'd end up with a 9mm-hole-induced headache.
They target they US because:
1. Assange is a bog-standard anti-American, sheltered, coddled, ignorant Western leftist twerp, albeit with enough charisma to set up Wikileaks (and play around with his adoring girls..). Don't think so? Follow his history.
2. They know the US plays nice - they won't wind up with the aforementioned 9mm headache.
Re:Thed saying holds true... (Score:4, Insightful)
You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.
And who gets to decide who are the "bad" actors and who are the good ones? What gives WikiLeaks the right to be my judge and jury? No investigation, no trial, no chance for rebuttal, just BAM, and your name is attached to something "bad" that may or may not have happened, or that you may or may not have had anything at all to do with.
Your innocence in this case is not relevant. Getting the opportunity to defend yourself is not important. The lives of your family, your wife, kids, parents, distant cousins who you never met, may be the price for the "bad" things that some document says you did.
Sorry, but a right to fair trial and an investigation into the allegations are a basic, fundamental, global human right. WikiLeaks has stripped that basic human right from everyone whose name is on any document that has ever been leaked by them.
Re:Thed saying holds true... (Score:3)
Honest officer, I just wanted to burn up that little pile of trash, not the whole damned neighborhood.
Wikileaks is not equipped to make informed decisions on what should be leaked nor what should and should not be redacted. They material they have is largely out of context and undoubtedly incomplete.
Re:Thed saying holds true... (Score:4, Insightful)
"You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that."
Okay so it would be okay for someone to post that you are cheating on your mate, downloading porn, and or that you like to dress up as a little girl and have Rupert Murdoch spank you with a fish? I am sure that many people would find thing that you do to be bad acts.
"The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly." And you trust a private group with no public oversight to do this more than a democratically elected government? Really?
Even using your own rules Wikileaks fails I will go back to your rules.
"You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that." So why did wikileaks leak a list of locations of important contractors? I am talking about parts makers. What bad act and bad actors where exposed? Why did they release pager data from 9/11 of private people paging their loved ones that they where ok? What bad acts and actors where involved in those?
Wikileaks has failed.
They failed by your rules.
They failed in basic security by giving out a password to sensitive data.
They have failed to redact data that could get people hurt.
They have failed to present the data without bias.
" But oh, to live in your simple world..." it seems that you do as well.
Re:Thed saying holds true... (Score:2)
There is no honor amongst thieves.
Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.
Of course there is; they honor each other by stealing from each other.
Re:Thed saying holds true... (Score:2)
There is no honor amongst thieves.
Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.
To me, this issue emphasizes one thing that's always bothered me about wikileaks.org: It's not actually a Wiki. Wikis are about maximum user freedom, but I don't think that's ever been true of wikileaks.org.
"[Americans] learned in Earth's final century..." (Score:5, Insightful)
Re:"[Americans] learned in Earth's final century.. (Score:2)
We must dissent!
Password (Score:3, Informative)
The supposed password, as it appears on page 148 of the pdf [googlecode.com] version of the book, is ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
Supposedly applies to "cables.csv" but not to the insurance.aes torrent released last year by Wikileaks.
Re:Password (Score:2)
Journalists change names of sources/interviewees/places all the time, the same should apply for passwords.
Re:Password (Score:2)
To me it shows a great lack of discretion by the Guardian or at least David Leigh.
I agree. The Guardian is one of my favourite publications but they shouldn't be claiming that their publishing the password was reasonable as they are doing. They undeniably and stupidly broke half the security making it likely that they are dumb enough to be the source of the file leak as well.
Re:Password (Score:2)
This is why an encryption key is never "temporary" -- it shows no discretion on the part of the journalists to leak a key. This is not a password that can be revoked--it's a key. If you have a key for your previous house, you don't ever give the key away while telling people the address -- the lock has probably not been changed.
Honestly I don't know why he didn't use SCP or SFTP, giving the journalist the fingerprint+password over a second channel... It's easy to revoke a password, and hard to MITM the leap-of-faith while maintaining the correct fingerprint. But hindsight is 20-20... I wouldn't have thought of this issue either.
I know most people are complaining about the irony of a leak at wikileaks, but has nobody considered the fact that the gpg-encrypted file was publicly available on a "temporary server", probably for at least a few hours (it must have taken Leigh some time to drive home and start the download).
At the time, wikileaks may not have been as popular, but it's not a stretch to imagine somebody was randomly browsing the IP address of that "temporary server" at the time, and noticed the encrypted file. Wikileaks is not your ordinary file host with uninteresting data on it--every file on there can be considered politically sensitive, and it may have been downloaded by several governments the instant Assange started the http daemon.
So it's not a stretch to imagine somebody downloads the file and leaves it on his hard drive waiting for the password to come out. Heck, I may have done this once or twice to the "insurance" file--and the only thing more obvious than "insurance" is a file named "cables.gpg".
Re:Password (Score:4, Insightful)
To me it shows that the whole Wikileaks/Guardian set up was a gaggle of amateurs dabbling in information that they did not know how to handle.
Either this data is highly sensitive and needs great care in handling, which they demonstrated they were unable to do, or it isn't and there is no need for the encryption etc. Wikileak's claim that it is mostly not sensitive, should be public, and they are the self-appointing ones to set it free. This debacle demonstrates that they handled it like it was entirely sensitive, shouldn't be made public, and they are not the ones to be trusted to do it.
Their own actions make a nonsense of their claims.
Who watches the watchmen? (Score:2)
The coastguard?
I'm starting a new website, to be called 'Open-Wiki-Leaks-Leaks'.
Re:Who watches the watchmen? (Score:2)
The coastguard?
I'm starting a new website, to be called 'Open-Wiki-Leaks-Leaks'.
...And then I'm going to start a website to publish the leaks on your website.
It's leaky turtles all the way down!!!
Re:Who watches the watchmen? (Score:2)
...And then I'm going to start a website to publish the leaks on your website.
I take your leak and raise you a leak!
In saying that, I now really need to pee.
Food for thought (Score:5, Insightful)
FTFA:
Wikileaks complaining of a leak?
Yes, and damned well they should unless your moral views are very shallow.
How many US politicians are laughing at the Wikileaks/Guardian partnership exploding so spectacularly?
I'd say it's the CIA laughing. This is incredibly valuable for them. They lose some secrets, but they discredit the messenger (And anyone who tries to replace them) to prevent future leaks. If I was running the CIA, I'd certainly run a program to discredit Wikileaks. A few rape allegations here, an ideological schism in the organization alleging untrustworthiness, some unveiling of sources to make future sources afraid...
Does Wikileaks finally realise there's a need for secrecy/privacy in the world?
Finally? They've said that all along. That's why they were redacting the documents in the first place.
Does privacy/secrecy all boil down to where someone draws an arbitrary line in the sand?
Yes. The world is a fuzzy place and doesn't lend itself to simple morals where you can divide things into the dark side and the light side. At some point it just comes down to someone looking at the situation and doing what they feel is right.
Should a lack of privacy/secrecy be all or nothing?
Of course not. In general, I believe that the larger an entity is, the less privacy they deserve.
Is Wikileaks cementing views that it is or isn't an organisation of journalists who are guided by traditional journalistic ethics?
They publish the truth and protect sources who need protection. They've pretty much always been in that camp.
Why the black and white morals? (Score:2)
Finally? They've said that all along. That's why they were redacting the documents in the first place.
You are attempting to claim Wikileaks is 100% pure here.
The reality is no-one can truly judge what should be redacted over thousands of documents. A lot of REALLY bad information was released and not redacted in the documents Wikileaks released. Names were named. Why you are trying to paint WikiLeaks as wholly noble when they are the same shade of grey is a mystery to me.
Yes they tried to redact some stuff, but you also cannot know WHY they redacted what they did - you can never know what ulterior motive Wkileaks might have had for redaction. Michelangelo once famously said when asked how he carved David that "It is easy. You just chip away the stone that doesn't look like David.". Well given enough documents you can tell whwatever story you like through redaction - and don't forget there are two levels at work, the leakers redactions in addition to WikiLeaks.
Re:Why the black and white morals? (Score:3, Informative)
You are attempting to claim Wikileaks is 100% pure here.
No, I'm claiming that "Wikileaks [ ... ] realizes there's a need for secrecy/privacy in the world", and providing evidence to support that claim.
And yes, the job's too big for one person... that's why they were farming it out to reasonably respectable news organizations which are (well, should have been) capable of handling this level of journalistic ethics.
Have a look at the actual leaks. The redactions aren't like the black pages you get back on an FOIA request. They're omitting names and other specifics, but leaving the intention of the documents perfectly well intact. Sure, that can still be used to hide an agenda on WL's part, but that just calls for critical thinking skills.
I'm not giving them a free pass, but it does appear that they're trying to do the right thing. How could they even cheat at this? Tell their press partners "hey, we need to redact these documents but, uh, could you do it with this other agenda in mind?"
For better or worse, we'll find out: since the raw information is now available, we can see what was redacted and if it was done with an agenda.
Re:Food for thought (Score:2)
FTFA:
Wikileaks complaining of a leak?
Yes, and damned well they should unless your moral views are very shallow.
Yes and damned well they should.
Because two actions use the same mean doesn't make the actions equivalent.
To put it into perspective: self-defense and premeditated murder may use a firearm. Are they equivalent?
Re:Food for thought (Score:3)
Nice theory, but since those things actually happened instead of a major fuckup it's incredibly unlikely that the CIA was involved :)
Re:Food for thought (Score:3)
At that point you may as well start the good intentions paving company and be done with it. Also no snowflake in an avalanche feels responsible.
Re:Food for thought (Score:3)
Speaking of people with black and white morals...
Sometimes exposing a secret is the right thing to do, sometimes not. That's not hypocrisy; that's just admitting that the subject is too complicated to boil down to "secrets should [not] be exposed".
Addendum (Score:3)
After I wrote this, a great quote came to mind:
There it is. That's the ten word answer my staff's been looking for for two weeks. There it is. Ten-word answers can kill you in political campaigns. They're the tip of the sword. Here's my question: What are the next ten words of your answer? Your taxes are too high? So are mine. Give me the next ten words. How are we going to do it? Give me ten after that, I'll drop out of the race right now. Every once in a while... every once in a while, there's a day with an absolute right and an absolute wrong, but those days almost always include body counts. Other than that, there aren't very many unnuanced moments in leading a country that's way too big for ten words. I'm the President of the United States, not the President of the people who agree with me. And by the way, if the left has a problem with that, they should vote for somebody else.
--President Josiah "Jed" Bartlet, from The West Wing
Re:Food for thought (Score:2)
Really?
Elected juries? That sounds like a world of hurt to me.
Elected executioners? I guess you could, but surely that's just a standard job - it's not like the executioner chooses whom to execute or anything.
Elected judges? Well some US states seem too - but pretty much everywhere else thinks that's a great way to produce a biased judiciary that makes popular decisions rather than correct decisions.
Wikileaks change of position? (Score:2)
Re:Wikileaks change of position? (Score:5, Informative)
Your post basically answers itself. They did change their position on the issue because they got a lot of heat for not redacting the cables. That is why for the past year (with the Cablegate cables) they have been working with news organisations to carefully redact them before releasing, and releasing them in small batches a few at a time. That has consistently been WL's position for the past year. Complaining that The Guardian released the cables that were supposedly sent to them for the sole purpose of redacting them is not inconsistent with their recent position.
(I have often said that one is not a hypocrite for changing one's beliefs, only for simultaneously saying one thing and doing another.)
Re:Wikileaks change of position? (Score:2)
Re:Wikileaks change of position? (Score:2)
Idiots. (Score:5, Insightful)
Who in their right mind would think it okay to publish a password and publish the correct one? They could have published the same book with a fake password all the same, yet obviously it was the password.
As for it being temporary, it wasn't an access password, but a decryption password. And in the eyes of the law, why would what Wikileaks said even matter if non-disclosure was part of their arrangement?
Re:Idiots. (Score:3)
Yes -- very well put about the access password vs decryption password. To put it another way, there was no point in having the password at all if the password was eventually to be made public.
JA sent a file over the network, then deleted it afterwards. There are two scenarios: we can either a) assume that nobody did or ever will get their hands on the data being sent, or b) assume that someone might have or might in the future get their hands on the data. If we're going with (a), then we don't need a password at all -- it could have been sent in the clear. Obviously, that isn't the assumption we are operating under. So it must be (b), and therefore, we should assume that that password is a highly sensitive secret for the rest of time. It should have been destroyed.
Perhaps the mistake was trusting this complicated logic to a man who didn't know how to use 7-zip.
Re:Idiots. (Score:2)
Re:Idiots. (Score:4, Insightful)
I am guessing that the choice of password played into this. Had it been random, nonsensical and dull it probably wouldn't have been published, but "CollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#" has descriptive value.
I remember hearing or reading about an idea that involved identifying a leaker by seeding different people with documents that contained juicy, unique phrases to tempt journalists into quoting them directly, thereby identifying the source of the document.
This isn't the same, but having a password that has meaning in relation to the contents of the documents certainly adds some risk. A pass phrase should be context free.
Re:Idiots. (Score:2)
For the Graun to publish key material, even stuff they "know" to be meaningless, is irresponsible. Publishing that key assumed that the ciphertext had been securely destroyed, and I cannot for one second believe that a newspaper has the IA regime in place to do that, nor the ability to know that the initial transfer from Wikileaks to the Graun hadn't been observed by a state or non-state actor.
For Wikileaks to use the same passphrase for their insurance copy of the file and the copy they passed to their collaborators is insane: there must be fifty and more groups with that pass phrase if the same process was repeated for all the people working on those cables. That meant that a repressive regime had a large choice of people in many countries they could kidnap and extract the key from, for example.
Re:Idiots. (Score:3)
Mod parent up.
You are spot on. If the password had been random then it most certainly wouldn't have been mentioned. But the password used gives "insight" into how those handling it were treating it. Someone was being smart-arse. Someone was saying "I can encrypt this with a straight-forward description of what I regard this to be". Someone was making a statement in saying "This is no big secret, it's just a history".
But of course, the fact they encrypted it immediately demonstrates the reverse. They were saying one thing, yet doing the other, and in doing so managed to fail completely at both.
Only in the USA... (Score:2)
...can someone who illegally obtained classified documents and released them into the public domain then sue someone else for stealing their illegally obtained documents and releasing them into the public domain.
For what it's worth it seems much more likely to me that someone within WikiLeaks who was disaffected them stole the data/password and release them than the Guardian did it. Just because it was the (supposedly) time limited password given to the Guardian doesn't mean no one else had access to it.
Re:Only in the USA... (Score:2)
The two situations are totally different. The very reason that nobody can sue Julian Assange (or any other newspaper that has ever leaked something) is because they did not "illegally [obtain] classified documents". There is a deliberate asymmetry in the law here: it is illegal to disseminate classified information, but it is not illegal to receive or publish it. That is why Bradley Manning is locked up, but Julian Assange is not (well, not relating to the cables anyway).
On the other hand, WikiLeaks and The Guardian had a contractual obligation not to divulge the contents of those cables. Nobody at WikiLeaks "leaked" the cables to The Guardian -- they were transferred to The Guardian under contract. This is a case of breach of contract, nothing else.
Maybe cut back on the conspiracy theories. Nobody is denying the facts here (the only thing that's in contention is where the blame lies). The story comes straight from the book written by The Guardian editors -- Julian Assange gave the password to Leigh, and he published the password in his book. The problem is that Leigh thought it was a time limited password, when it wasn't. (If he knew anything about cryptography, it would have been obvious that it wasn't, because it was a decryption password, not an access password.)
Re:Only in the USA... (Score:3)
Sorry, the first part was meant to be funny... As for the second, according to the Guardian at http://www.guardian.co.uk/world/2011/sep/01/unredacted-us-embassy-cables-online [guardian.co.uk]
"The embassy cables were shared with the Guardian through a secure server for a period of hours, after which the server was taken offline and all files removed, as was previously agreed by both parties. This is considered a basic security precaution when handling sensitive files. But unknown to anyone at the Guardian, the same file with the same password was republished later on BitTorrent, a network typically used to distribute films and music. This file's contents were never publicised, nor was it linked online to WikiLeaks in any way.
"Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours.
So 1) WikiLeaks knew the password was out there many months ago, 2) if they were TOLD the password was temporary they didn't misunderstand anything...
Re:Only in the USA... (Score:2)
Yes but this is what I meant by "Nobody is denying the facts here (the only thing that's in contention is where the blame lies)." -- I accept that there is a debate going on as to who said what was temporary and who should or shouldn't have disclosed what. But the following facts are not in dispute: (1) WikiLeaks provided the documents (encrypted) and passphrase to Guardian, (2) Guardian editors revealed passphrase in book. So there is no need for a theory that someone else got hold of the password: Leigh published it. I'm not sure who published the encrypted data, but I believe it was WL themselves. Following cryptographic principles, WL was not at fault to publish the encrypted data, because that isn't the part that was supposed to be secret; the passphrase was.
To your points: (1) Yes, WikiLeaks did know the password was out there many months ago. They did not make a public statement about it until today, because they didn't want to draw attention to it. At the time of the book's publishing, the encrypted files were already available online, and there was nothing that anybody could have done to keep it from getting out (besides not saying anything). WikiLeaks had no power to change the password or revoke the file by that time.
I wrote a full post [tumblr.com] on this issue.
(2) I find it very hard to believe that WL would have told the guardian that the password was temporary, since it clearly wasn't (it was PGP). I imagine there was a misunderstanding which went something along these lines:
1. JA hosts a file on a private server. The connection to the server itself is over SSL. However, JA knows that SSL is not sufficient to prevent others from downloading the file, since it doesn't require authentication on the part of the client. So he also encrypts the file itself.
2. JA explains to DL that the connection to the server is encrypted and the file will only be temporarily hosted. DL, by his own admission a non-technical person (he needed JA's help to use 7-zip) misunderstands this as "the password on the file is temporary."
3. JA separately hands DL a piece of paper containing the password to decrypt the file.
4. DL downloads and decrypts the file using the password.
5. JA is operating under the assumption that the encrypted file is public (since it was available on an open network, via SSL, but still available to the public). Therefore, it is safe to distribute the same file on another date (I'm not exactly sure how this encrypted file eventually got out, but suffice to say that it is now public, and this is cryptographically not to be unexpected or a problem).
6. DL, not realising the importance of the password (he figures that now that the file has been taken off JA's server, the password is no longer valid) writes it down into his book.
7. The editors, under pressure to release, do not vet the contents of the book, and publish it.
8. JA reads the book and finds the password. By this point, it is too late to do anything other than keep silent about it as long as possible.
Personally, I'd put the blame on Wikileaks (Score:2)
Having a "doomsday" file out there in case Wikileaks is taken down, everyone arrested and whatnot is a good precaution. Reusing a password that many people in many organizations they've shared it with know is insanely stupid, no matter what. They should have used a password they and only they knew. Because as this case proves, that means they've lost control of their doomsday device. They don't have control over the file and they don't have control over the password.
They should have used a different file for partners, that they controlled tightly with very limited risk even if the password was exposed. Of course they couldn't ultimately have stopped the Guardian if they had revealed both that file and the password, but at least you didn't hand over the keys to your doomsday device. That is just epic fail on the side of Wikileaks, no matter if the Guardian acted stupid or not.
Re:Only in the USA... (Score:2)
Anybody can sue anybody about anything almost anywhere. Frivolous crap like this gets thrown out of court pretty fast.
A lawsuit exposes Wikileaks to civil discovery. Civil discovery is very broad. Think about the story that the Guardian could write with what they learn about Wikileaks personnel in the civil discovery process. Think about the secrecy that Wikileaks gives up by prosecuting a lawsuit.
This is posing. Assange is a nauseating individual. While Bradley Manning sits his ass in jail, that scumbag Assange fritters away the donations of true believers in a frivolous lawsuit that will never go anywhere.
Which part is secret? (Score:2)
It has often been said in security that the first law of security is being clear about what is a secret and what is not. Once we have decided that, we can safely distribute the non-secrets as long as we hide the secrets. This is, for example, why I am perfectly comfortable revealing my public key to everybody on the planet.
So who is to blame? In one corner, WikiLeaks (allegedly... I'm not clear on the details) released this encrypted file to the public. In the other corner, The Guardian released the passphrase. WikiLeaks blames The Guardian for releasing the passphrase, while The Guardian blames WikiLeaks for releasing the enciphered data (it claims that it was a one-time password that should have been safe to give out).
Clearly, from a cryptographic standpoint, WikiLeaks is right here, and The Guardian is at fault. We must be operating under the assumption that the encrypted data file is non-secret, and the passphrase is secret. That is why it was safe to transmit the encrypted data file over the Internet, but Julian wrote the passphrase down on a piece of paper and handed it directly, as well as verbally giving Leigh an unwritten salt.
Re:Which part is secret? (Score:2)
Why is wikileaks in the right?
What kind of security policy is this, giving trust to outsiders, hoping that they will do the right thing? You may have the contract on your side, but litigation will not put the toothpaste back in the tube.
Really it's just shoddy security practices by Wikileaks. They could have managed this in a way where they did not have to trust the reporter to do the right thing.
Re:Which part is secret? (Score:2)
I don't claim to be an expert, but I'm pretty sure I can easily create a PGP key that is time-limited, which would render the Wikileaks position bogus. At least, GPG certainly supports such keys.
Wouldn't it be possible to change the GPG code so it no longer honors the expiration date of a key?
Re:Which part is secret? (Score:2)
It has often been said in security that the first law of security is being clear about what is a secret and what is not.
I think perhaps the first law of security is that you actually have to keep the secrets secret.
Re:Which part is secret? (Score:2)
Mm, well, no I would say that's the second law of security. You can't keep the secrets secret until you have determined which pieces of information should be kept secret.
Re:Which part is secret? (Score:2)
And if you don't keep the secrets secret, the entire exercise is pointless!
Re:Which part is secret? (Score:2)
The second rule is pretty important, I agree.
My point is, you can't keep everything secret. If you did, you wouldn't be able to release your public key. And you wouldn't be able to disclose the details of the AES algorithm, to be vetted by security professionals. And you wouldn't be able to transmit even the binary for your decryption program to untrusted people, because then someone could reverse engineer it. And, importantly for this discussion, you wouldn't be able to transmit encrypted documents over the open internet.
Because if you kept everything secret, then you wouldn't be able to make ANYTHING (not even the encrypted text) public. That's why the first step of security is to decide which things can (or must) be made public, and which things must be kept secret. So we have established theory that says "don't make your algorithm secret -- it will leak out eventually", which is why we have public algorithms like AES. We have a notion of public keys, which we put on the public servers. And we of course acknowledge that once something is encrypted, we can put it out over an unsecure wire. But we also know that there are things which must not be disclosed. Private keys must be kept to yourself. Passphrases must be kept between only the people who are sharing the encrypted data. Of course the plaintext itself must not be disclosed publicly.
Once we have established which bits of information are secrets (passphrases, private keys, plaintext) and which may be exposed on an open wire (algorithm descriptions, public keys, ciphertext), and ONLY once we have established that, can we go about carefully guarding the secrets, and stop worrying about the non-secrets.
Re:Which part is secret? (Score:2)
I don't understand your logic.
Deciding what is secret and what is not is just a matter of content. Deciding that you need to keep the secrets secret affects the fundamental policies of how you do things.
Re:Which part is secret? (Score:2)
I'm not talking about content (as in "let's keep the details on Iraq secret but the contents of the president's breakfast public"). I'm talking about fundamental units of information (as in "let's keep the private key secret but the public key public", or more to the point, "let's keep the plaintext secret but the ciphertext can be viewed by the public"). See my response to your other post.
It's so basic it should be a non-issue: WikiLeaks is currently taking heat for making the ciphertext of an encrypted file public, while the Guardian disclosed the passphrase to that file. How is this WikiLeak's fault? We all make ciphertexts of encrypted files public all the time -- that is the whole point of encryption.
Irony? (Score:2)
I think not. Alanis Morrissette never mentioned Wikileaks.
Is this a circle jerk . . . (Score:2)
100% Wikileaks' fault (Score:2)
Give each individual access for a short period of time, and then DELETE THE INDIVIDUAL FUCKING ARCHIVES FROM YOUR SERVER! This has the additional benefit of being able to trace any future leaks.
Seriously, if you have disseminated the password to your single "master copy" archive to multiple organisations, then it might as well not be encrypted. If they had created different archives + passwords for each recipient this would be a non-issue.
An analogous situation is where you're setting up a webserver which hosts multiple sites/apps. You run the server process of each site as a different user because that way if one site is exploited, the damage is contained to that site only.
I seriously wonder if Wikileaks employees run their desktops as root.
Re:100% Wikileaks' fault (Score:3)
I've written a full post on this issue here [tumblr.com], but I'll respond to your individual points.
I agree, it is somewhat unusual for WL to have disseminated the cables in an encrypted archive, deleted the archive, then at a later time shared the same encrypted archive rather than creating a new one. It might have been better to create a new one with a new password, and may have added some extra layers of security, but from a cryptographic standpoint this was perfectly reasonable behaviour.
You need to consider this as a cryptographic system (as I'm sure Julian Assange did), and that means considering what information is public and what information is secret. The archive was encrypted, and the ciphertext was shared across the open Internet (I assume over SSL, but still not requiring authentication). Therefore, we must assume that the encrypted archive is public from that point forwards. The password that unlocked that archive was kept secret and treated as extremely sensitive by WL. By Leigh's own description, JA handed it to him in person on a piece of paper, and then verbally gave him a salt to apply to the password. It's strange that the passphrase wasn't a collection of random letters, but apart from that, all of this makes cryptographic sense.
Now let's suppose that you need to send the exact same document to another journalist at a later date. While maybe you should re-encrypt it, cryptographically it doesn't make any difference, because we are operating under the assumption that the original encrypted archive was public from the last time we put it on the open network. Therefore, reusing the same archive again with the same passphrase doesn't weaken our security very much. To put it another way, even if WL had destroyed that archive and never reused the passphrase, someone in the general public could theoretically have a copy of it from the one time it was shared, and therefore could have decrypted it when Leigh disclosed the passphrase.
Technically it is too late by this point. Once you have put it on the open internet for a short period of time, you have to assume that it is public, and rely on the encryption on the archive itself, and your endpoint not to disclose the passphrase. They could have set up a login system that requires the client to authenticate. That would have guarded against the contact disclosing the password at some point in the future. But is there any reason to have planned for that scenario? You are already giving the full dump of sensitive documents to your contact, so cryptographically it makes no difference whether you do it by an authenticated login or by transmitting an encrypted document. The end result is the same -- only you and your contact have the plaintext -- assuming your contact is not malicious or stupid. If your contact is malicious or stupid, you're fucked anyway because he has the documents. To put it another way, the system would have been secure if Leigh had not disclosed the password, which Leigh was contractually obliged not to do. Any other system would have required the same level of trust in Leigh. This was an error on Leigh's part, not WikiLeaks and not the technology.
Re:100% Wikileaks' fault (Score:2)
But in the WikiLeaks scenario, what is "the damage"? If any one journalist is "compromised" (say, publishes the password in a book), all the cables go public unredacted. This is true whether they are all sharing the same password or not.
No, and that is the whole point. If they publish the password in a book, then they themselves must also publish their copy of the archive - or the password is useless. So if one organisation publishes their file, and then another publishes their password, there is no issue.
Mixed feelings (Score:2, Insightful)
On one hand, their anger is understandable. Even when your business is to reveal secrets, you need to also keep some secrets (ask any reporter with an anonymous source). It sounds hypocritical, but it really isn't. You can argue all you want about whether some military secrets endanger national security or the safety of civilians, but it should be clear that, for example, evidence of military or political wrong-doing is in the public interest, while access information to private computers or bank accounts is not (even if the person is guilty of wrong-doing). And on another level, a journalist publishing information given him by a confidential source is fulfilling his journalistic duty, while a journalist publishing information the source told him not to publish (which may possibly identify the source) is breaching trust.
On the other hand, taking this to court is completely fucking retarded. It kills any remaining relations with the newspaper, harms their relations with the other papers, hurts public opinion (because of the appearance of hypocrisy), draws public attention to the very matter they wanted to keep confidential (Streisand effect), and has no chance of stopping the damage.
Also, as the article says, what the hell was the point of publishing the passphrase in the first place?
Let me get it right. (Score:2)
JA copies confidential files into a secret directory on a server and does not warn the people who have the right and the access to the parent directory, then does not delete these after transmission, and he chooses a simple password transmitted in a public place AFAIU (instead of a larger key transmitted on a physical medium, like a cd or an sd card) which he does not warn his partner never to reveal it and handle it with care, does not make sure he has the organizational, physical and administrative control over this server.
Holy shit this guy fucked up. For acting cool he compromised *all* security principles. In the company where i worked security was hanging not so high, but putting data, even encrypted to a server outside the companies full control was *strictly* forbidden.
If i would have to design something which is easy to give, i would choose a bootable linux read-only USB stick (so that anybody can just freshly boot) with networking turned off and an encrypted container and instruct my partner to open it on a freshly bought random netbook. Easy, cheap, fast, safe.
But not as cool and you have to explain a few minutes.
Re:Wikileaks should be happy... (Score:5, Insightful)
Now that wikileaks can't be trusted with keeping the UNREDACTED versions safe, they will lose a lot of sources.
Re:Wikileaks should be happy... (Score:5, Insightful)
Assange is on record stating that he doesnt think there should be ANY secrets at all. A large number of slashdotters have reinforced that belief.
Why the hypocrisy all of a sudden?
Re:Wikileaks should be happy... (Score:2)
I look at it from a different angle :
this proves a leak is possible within wikileaks itself, and as such , they should try to fix it.
It's better that the password is released to everyone, than to only a select few who would benefit from it.
I assume all wikileaks has to do is see the password, and change the password everywhere it was used.
However, their reaction seems to indicate it's not that simple.
But the fact that they bitch (and sue ) about it , rather than trying to fix the actual problem , is at least ironic.
A little self-reflection wouldn't hurt , it would only make them better.
Re:Wikileaks should be happy... (Score:3, Insightful)
How exactly do you propose they change a password in a file has already been downloaded by thousands of people?
Re:Wikileaks should be happy... (Score:2)
Why the hypocrisy all of a sudden?
We're not going to tell you. It's a secret.
Pragmatism (Score:2)
This is eerily parallel to RMS with respect to copyright. Ideally, he would prefer that copyright not exist, but it is the basis for the GPL/copyleft model of enforced sharing.
Utilizing a resource which you would prefer not exist, but it does, to derive benefits in the meantime while you wait for it to be abolished, is not hypocrisy in my eyes --- providing that you do not claim that the resource is wholly bad, there is no problem with this. It only becomes hypocrisy if you add the additional logical error of "false dichotomy". Since I don't know anything about Assange's statement or its context, it's impossible for me to know whether it was absolute enough to warrant calling his position hypocritical.
Re:Pragmatism (Score:2)
I think you make a valid point, but when I step back, I see Assange attempting to use governmental power (via the courts and associated governmental enforcement mechanisms) to keep secrets from the people.
Re:Wikileaks should be happy... (Score:5, Informative)
Assange is on record stating that he doesnt think there should be ANY secrets at all
Let me see if I can dumb it down for you:
1. Chicken is yummy
2. Chicken hatch other baby chicken
3. You eat all yummy chicken -> No baby chicken -> You die of starvation X-(
4. You save some chicken -> Yummy chicken year around
The goal of complete openness is not achievable while fighting against large conspiracies, just like the goal of complete non-violence is infeasible when fighting for peace against a violent aggressor. Recognizing this, Wikileaks maintains the least secrecy necessary in order to maximize the total quantity of leaked information. Leaking more than this level is detrimental to their long term goal. In their quest for openness Wikileaks is willing to settle for a practical goal, and if it turns out they can't protect sources that practical goal is compromised. And what practical results those were ! They played a major role, maybe a decisive one in starting the Arab Spring.
The position of The Guardian who leaked the password for the widely disseminated Cablegate file under the pretence that "a password isn't harmful by itself" is laughable. Here Wikileaks recognized it's inability to correctly disseminate the large volume of data, and brought in traditional media, only to be betrayed and embarrassed by their sheer negligence or malevolence.
ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
Re:Wikileaks should be happy... (Score:5, Informative)
That's just false.
Assange advocates for public knowledge and control about the things that governments and enterprises are doing. He also advocates for personal privacy.
Please, read what Assange says before writing nonsense about his believes.
Re:Wikileaks should be happy... (Score:4, Informative)
Have you bothered looking at wikileaks from before, say, 2010? Assange has no qualms about releasing private personal information, such as hacked emails, from people he doesn't like.
Re:Wikileaks should be happy... (Score:3)
Not quite.
Assange is ALL FOR leaks of information about Western Democracies and corporations, especially the US, but I have yet to see a leak from him of Russian or Chinese secrets. That because he knows such a leak would result in his unfortunate "accidental" death.
Crying about leaks concerning his operations is the height of arrogance and hypocrisy.
I would imagine that if his leaks of Western information results in the deaths of one or more ordinary people mentioned by name in those leaked documents then several members of the Wikileaks organization might experience unfortunate "accidents". They can't hide for any length of time.
Re:Wikileaks should be happy... (Score:3)
He leaks information primarily about the US because he has an axe to grind with us. He may along the way leak genuinely good things (either from the US or other countries), but lets not pretend he isnt really pro-tearing-the-us-down.
Re:Wikileaks should be happy... (Score:3)
Please, read what Assange says before writing nonsense about his believes.
Really? I call bullshit. His history shows the exact opposite. This is the fucking douche who lost his kid ... for being a fucking douche, and then campaigned to make ALL CHILD CUSTODY RECORDS PUBLIC INFORMATION so he could get something to use against the mother of his child. He didn't give a flying fuck about what that meant to the children.
He believes in personal privacy for Julian Assange, no one else. If you think he wants you to have personal privacy, you're completely out of touch with reality.
Re:Wikileaks should be happy... (Score:2)
A large number of slashdotters have reinforced that belief.
Why the hypocrisy all of a sudden?
Who? They needn't all have the same beliefs.
Re:Wikileaks should be happy... (Score:2)
Re:Wikileaks should be happy... (Score:3)
If Wikileaks allowed a third party to have access to unredacted ANYTHING they are idiots.
Said third party might have government moles or spies looking to bust whoever leaked the stuff...or enemy moles looking to use the sensitive stuff to inflict damage.
Re:Quote from the book listing password (Score:2)
So much for "don't use words, and especially not words in your field of interest".
And not taking the server down a few hours later as promised, but depending on others believing it was taken down so you could re-use it, is just "insecurity through obscurity."
Re:only confirms (Score:4, Insightful)
This only confirms what kind of hypocrits the wikileaks guys are.. Leaking other people's secrets is ok, but if you leak theirs....
Using a firearm to defend others is ok, but it makes you a hypocrite if you protest others using a firearm to commit murder.