Forgot your password?
typodupeerror
The Courts Technology

WikiLeaks Sues the Guardian Over Leak 289

Posted by samzenpus
from the leaking-the-leakers dept.
An anonymous reader writes "WikiLeaks complaining of a leak is hard to get one's head around. That it's suing The Guardian — its great ally — is even harder. That The Guardian did such a ridiculous thing to warrant litigation in the first place almost defies belief." Update: 09/01 04:59 GMT by S : Changed the first link to point to the statement on WikiLeaks' website. The Guardian has denied the allegations, saying, "Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours."
This discussion has been archived. No new comments can be posted.

WikiLeaks Sues the Guardian Over Leak

Comments Filter:
  • Message not found

    Message does not exist. Either you've got a bad link or the poster has deleted the message.

    Lovely!

  • by SuperKendall (25149) on Wednesday August 31, 2011 @11:53PM (#37272160)

    There is no honor amongst thieves.

    Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.

    • It's going to get even funnier when we find out that the US State Department leaked it to The Guardian as payback for all the diplomatic cable leaks...

    • by c0lo (1497653)

      There is no honor amongst thieves.

      Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.

      Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking? (i.e. is there any category of information that should not leak?)

      • by Seraphim_72 (622457) on Thursday September 01, 2011 @12:17AM (#37272260)

        is the identity of the original leakers also subject to your postulate on selective leaking?

        It certainly is part of Assange's. I can only ever assume that it was the papers that heald him back. His redactions are a joke after all.

         

        is there any category of information that should not leak?

        Many say no. But claiming special dispensation on a leak .. that is just delicious.

        -Seraphim

        • Re: (Score:2, Interesting)

          by c0lo (1497653)

          is there any category of information that should not leak?

          Many say no. But claiming special dispensation on a leak .. that is just delicious.

          -Seraphim

          I wonder what you understand on the difference between "secrecy in governance" and "personal privacy"/"anonymity"/"pseudonimity"?

          • by Seraphim_72 (622457) on Thursday September 01, 2011 @01:46AM (#37272618)

            I understand them well. I would never cede their understanding to Julien Assange however. His *version* of them never involves himself, or perhaps always or only involves himself. If your life blood is "leaks" then you had best be squeaky clean yourself, and open. He is not. At least Robin Hood admitted he was a thief.

            • by c0lo (1497653)

              I understand them well. I would never cede their understanding to Julien Assange however. His *version* of them never involves himself, or perhaps always or only involves himself. If your life blood is "leaks" then you had best be squeaky clean yourself, and open. He is not. At least Robin Hood admitted he was a thief.

              So, you don't deny the right of the "innocent" people to have their identity protected, you just deny Assange's right to complain that actions of The Guardian allegedly breached the rights to anonymity for these people?

              Would it matter for you if I'm pointing that the complaint is actually issued by WikiLeaks as an organisation?

        • is the identity of the original leakers also subject to your postulate on selective leaking?

          It certainly is part of Assange's.

          I call bullshit, what are the names of the leaker's revealed or confirmed by Assange?

      • Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking?

        The names of many people who would not have like to have been named were in the documents leaked and released. I do not see why the person leaking should expect any special treatment in that regard; of course an organization that leaks that would see fewer leaks come in to be sure, but it is fair game if someone ELSE can extract it from the site data is leaked to...

        You have to figure as a leaker

        • "would not have like to have been named " is very different to "were unfairly harmed by being named."
          • "would not have like to have been named " is very different to "were unfairly harmed by being named."

            There were at least a few tribal leaders in Afghanistan named who were in fact worried about being killed, far worse than anything the leaker faces.

            There is no difference at all, and in fact in many of these documents people are being named that are worried about being killed - also exact positions of military bases useful for mortars, etc.

        • by c0lo (1497653)

          Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking?

          The names of many people who would not have like to have been named were in the documents leaked and released.

          Well, the devil in the details. It's not about what the people want or not, it's the difference between what one is doing (which is important) and the identity/position of the person doing it (which may be important - if that person has chances of persisting in doing it. e.g. Hillary asking for private data on UN officials - or may be not important - I didn't care to know who is the blonde nurse Gaddafi hold dear, she wasn't doing anything of consequence to Libyan people).

          With the CableGate leak, WL seems

    • by Relic of the Future (118669) <{dales} {at} {digitalfreaks.org}> on Thursday September 01, 2011 @12:05AM (#37272210)

      The point of leaking is to expose malfeasance. The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly. You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.

      WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage. But oh, to live in your simple world...

      • by flyingsquid (813711) on Thursday September 01, 2011 @12:32AM (#37272322)

        The point of leaking is to expose malfeasance. The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly. You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.

        WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage. But oh, to live in your simple world...

        From the New York Times, August 30: "WASHINGTON — In a shift of tactics that has alarmed American officials, the antisecrecy organization WikiLeaks has published on the Web nearly 134,000 leaked diplomatic cables in recent days, more than six times the total disclosed publicly since the posting of the leaked State Department documents began last November. A sampling of the documents showed that the newly published cables included the names of some people who had spoken confidentially to American diplomats and whose identities were marked in the cables with the warning “strictly protect.” State Department officials and human rights activists have been concerned that such diplomatic sources, including activists, journalists and academics in authoritarian countries, could face reprisals, including dismissal from their jobs, prosecution or violence."

        In other words, Wikileaks no longer gives a s*** about protecting peoples' identity as long as they can get some media attention, and probably never have. As soon as Wikileaks stopped being front-page news, they increased the volume of the leaks and stopped editing them. Headlines, after all, are far more important than people's heads. But oh, to live in your simple world...

        • by Xest (935314)

          "In other words, Wikileaks no longer gives a s*** about protecting peoples' identity"

          Well it's about weighing the dangers against the benefits, and as the dangers to date have seemed to be completely negligible I'm not sure I can blame them. When they did it last time, no harm came from it, even the Pentagon agreed.

          This time, when they worked with media organisations they got nothing but shit off them. The old school media being pissed off that they'd been shown up in terms of their lack of journalistic cap

          • by GauteL (29207) on Thursday September 01, 2011 @06:36AM (#37273750)

            "If Wikileaks is going back to just leaking raw data then I don't blame them, they were better off that way not getting fucked by a media" ... "I don't believe Wikileaks is anything like perfect, it has many problems, but they were better off just leaking data" [Emphasis mine].

            Aside from a slight sympathy with people in general, who cares if Wikileaks gets "fucked" or what Wikileaks are better off doing? Surely the important thing here is the exposure of malfeasance, while doing your best to protect the innocent? If the promotion of Wikileaks becomes more important than the actual leaks, you have just proven the parent post's point. And if the newspapers don't print what Wikileaks want them to print, they can always release the information themselves as well.

            As a side note I'd rather see Assange and Wikileaks get fucked than some innocent who just happens to be put in danger due to his identity being revealed by Wikileaks. At least Assange made the concious choice to put themselves in the spotlight for this.

      • by LordLimecat (1103839) on Thursday September 01, 2011 @12:35AM (#37272334)

        The point of leaking is to expose malfeasance

        So every one of those diplomatic cables exposed malfeasance? Tsvingarai is guilty of malfeasance?

        WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage.

        Assange doesnt think there should be any secrets, and has a known axe to grind with the US. There may be other reasons for why he leaks the way he does, but one only has to see the edits that he did to "collateral murder" (or even the title he gave it) to see that hes hardly some noble unbiased source.

      • by drnb (2434720) on Thursday September 01, 2011 @12:39AM (#37272348)

        The point of leaking is to expose malfeasance.

        Not necessarily. Leaking is also a tool of embarrassment, harassment, political manipulation, etc. When leaking selectively, one side and not the other, the point may be entirely political.

      • by gl4ss (559668)

        deciding "good" should not be wikileaks motive unless they want to be an old school political movement.

        that just makes them users of power, instead of a tool for people(unable to do it themself) to publish things anonymously. when they decide what's good or bad, they're taking active part in politics of what's good or bad, deciding what's immoral and whats moral, deciding who is guilty and who is innocent, what's true and what's not - and by that way they get responsibility as well as they're no longer a ca

      • If you really believe that Wikileaks has no political agenda besides exposing malfeasance I have some documents I would like to sell you.
      • by c0lo (1497653)

        The purpose of accepting leaks as declared by Wikileaks is to expose malfeasance.

        There, FTFY (otherwise "leaking" may a mean to various ends). Otherwise, all's well.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The point of leaking is to expose malfeasance. The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly. You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.

        WikiLeaks' act of leaking the original (redacted) leaks and their suit against this new (non-redacted) leak are a consistent stance from the point of doing the most good while avoiding the most damage. But oh, to live in your simple world...

        BULLSHIT

        Wikileaks is awfully selective about what they term malfeasance and who they target with their leaks. They don't have the guts to actually leak things about Russia or China - because they know they'd end up with a 9mm-hole-induced headache.

        They target they US because:

        1. Assange is a bog-standard anti-American, sheltered, coddled, ignorant Western leftist twerp, albeit with enough charisma to set up Wikileaks (and play around with his adoring girls..). Don't think so? Follow his history.

        2. They

      • by ArcherB (796902) on Thursday September 01, 2011 @07:27AM (#37273990) Journal

        You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that.

        And who gets to decide who are the "bad" actors and who are the good ones? What gives WikiLeaks the right to be my judge and jury? No investigation, no trial, no chance for rebuttal, just BAM, and your name is attached to something "bad" that may or may not have happened, or that you may or may not have had anything at all to do with.

        Your innocence in this case is not relevant. Getting the opportunity to defend yourself is not important. The lives of your family, your wife, kids, parents, distant cousins who you never met, may be the price for the "bad" things that some document says you did.

        Sorry, but a right to fair trial and an investigation into the allegations are a basic, fundamental, global human right. WikiLeaks has stripped that basic human right from everyone whose name is on any document that has ever been leaked by them.

      • by sycodon (149926)

        Honest officer, I just wanted to burn up that little pile of trash, not the whole damned neighborhood.

        Wikileaks is not equipped to make informed decisions on what should be leaked nor what should and should not be redacted. They material they have is largely out of context and undoubtedly incomplete.

      • by LWATCDR (28044) on Thursday September 01, 2011 @09:36AM (#37274966) Homepage Journal

        "You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that."
        Okay so it would be okay for someone to post that you are cheating on your mate, downloading porn, and or that you like to dress up as a little girl and have Rupert Murdoch spank you with a fish? I am sure that many people would find thing that you do to be bad acts.

        "The point of redacting the leaked material was to limit collateral damage to those who had not acted poorly." And you trust a private group with no public oversight to do this more than a democratically elected government? Really?
        Even using your own rules Wikileaks fails I will go back to your rules.
        "You only leak what you need to leak in order to expose the bad acts and bad actors, but no more than that." So why did wikileaks leak a list of locations of important contractors? I am talking about parts makers. What bad act and bad actors where exposed? Why did they release pager data from 9/11 of private people paging their loved ones that they where ok? What bad acts and actors where involved in those?
        Wikileaks has failed.
        They failed by your rules.
        They failed in basic security by giving out a password to sensitive data.
        They have failed to redact data that could get people hurt.
        They have failed to present the data without bias.

        " But oh, to live in your simple world..." it seems that you do as well.

    • by Sulphur (1548251)

      There is no honor amongst thieves.

      Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.

      Of course there is; they honor each other by stealing from each other.

    • by Jonner (189691)

      There is no honor amongst thieves.

      Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.

      To me, this issue emphasizes one thing that's always bothered me about wikileaks.org: It's not actually a Wiki. Wikis are about maximum user freedom, but I don't think that's ever been true of wikileaks.org.

  • by mykos (1627575) on Wednesday August 31, 2011 @11:54PM (#37272162)
    "...Free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master. "
  • Password (Score:3, Informative)

    by Anonymous Coward on Thursday September 01, 2011 @12:05AM (#37272208)

    The supposed password, as it appears on page 148 of the pdf [googlecode.com] version of the book, is ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#

    Supposedly applies to "cables.csv" but not to the insurance.aes torrent released last year by Wikileaks.

    • by TheLink (130905)
      To me it shows a great lack of discretion by the Guardian or at least David Leigh. Even if passwords are temporary you do not leak them to the public. It potentially provides clues to others on how passwords are constructed, and the security systems used (it might not apply to wikileaks, but it certainly applies to many organizations).

      Journalists change names of sources/interviewees/places all the time, the same should apply for passwords.
      • by Adayse (1983650)

        To me it shows a great lack of discretion by the Guardian or at least David Leigh.

        I agree. The Guardian is one of my favourite publications but they shouldn't be claiming that their publishing the password was reasonable as they are doing. They undeniably and stupidly broke half the security making it likely that they are dumb enough to be the source of the file leak as well.

      • by ace123 (758107)

        This is why an encryption key is never "temporary" -- it shows no discretion on the part of the journalists to leak a key. This is not a password that can be revoked--it's a key. If you have a key for your previous house, you don't ever give the key away while telling people the address -- the lock has probably not been changed.

        Honestly I don't know why he didn't use SCP or SFTP, giving the journalist the fingerprint+password over a second channel... It's easy to revoke a password, and hard to MITM the leap

      • Re:Password (Score:4, Insightful)

        by gsslay (807818) on Thursday September 01, 2011 @04:26AM (#37273216)

        To me it shows that the whole Wikileaks/Guardian set up was a gaggle of amateurs dabbling in information that they did not know how to handle.

        Either this data is highly sensitive and needs great care in handling, which they demonstrated they were unable to do, or it isn't and there is no need for the encryption etc. Wikileak's claim that it is mostly not sensitive, should be public, and they are the self-appointing ones to set it free. This debacle demonstrates that they handled it like it was entirely sensitive, shouldn't be made public, and they are not the ones to be trusted to do it.

        Their own actions make a nonsense of their claims.

  • The coastguard?

    I'm starting a new website, to be called 'Open-Wiki-Leaks-Leaks'.

    • by syousef (465911)

      The coastguard?

      I'm starting a new website, to be called 'Open-Wiki-Leaks-Leaks'.

      ...And then I'm going to start a website to publish the leaks on your website.

      It's leaky turtles all the way down!!!

      • ...And then I'm going to start a website to publish the leaks on your website.

        I take your leak and raise you a leak!

        In saying that, I now really need to pee.

  • Food for thought (Score:5, Insightful)

    by subreality (157447) on Thursday September 01, 2011 @12:12AM (#37272240)

    FTFA:

    Wikileaks complaining of a leak?

    Yes, and damned well they should unless your moral views are very shallow.

    How many US politicians are laughing at the Wikileaks/Guardian partnership exploding so spectacularly?

    I'd say it's the CIA laughing. This is incredibly valuable for them. They lose some secrets, but they discredit the messenger (And anyone who tries to replace them) to prevent future leaks. If I was running the CIA, I'd certainly run a program to discredit Wikileaks. A few rape allegations here, an ideological schism in the organization alleging untrustworthiness, some unveiling of sources to make future sources afraid...

    Does Wikileaks finally realise there's a need for secrecy/privacy in the world?

    Finally? They've said that all along. That's why they were redacting the documents in the first place.

    Does privacy/secrecy all boil down to where someone draws an arbitrary line in the sand?

    Yes. The world is a fuzzy place and doesn't lend itself to simple morals where you can divide things into the dark side and the light side. At some point it just comes down to someone looking at the situation and doing what they feel is right.

    Should a lack of privacy/secrecy be all or nothing?

    Of course not. In general, I believe that the larger an entity is, the less privacy they deserve.

    Is Wikileaks cementing views that it is or isn't an organisation of journalists who are guided by traditional journalistic ethics?

    They publish the truth and protect sources who need protection. They've pretty much always been in that camp.

    • Finally? They've said that all along. That's why they were redacting the documents in the first place.

      You are attempting to claim Wikileaks is 100% pure here.

      The reality is no-one can truly judge what should be redacted over thousands of documents. A lot of REALLY bad information was released and not redacted in the documents Wikileaks released. Names were named. Why you are trying to paint WikiLeaks as wholly noble when they are the same shade of grey is a mystery to me.

      Yes they tried to redact some st

      • Re: (Score:3, Informative)

        by subreality (157447)

        You are attempting to claim Wikileaks is 100% pure here.

        No, I'm claiming that "Wikileaks [ ... ] realizes there's a need for secrecy/privacy in the world", and providing evidence to support that claim.

        And yes, the job's too big for one person... that's why they were farming it out to reasonably respectable news organizations which are (well, should have been) capable of handling this level of journalistic ethics.

        Have a look at the actual leaks. The redactions aren't like the black pages you get back on an FOIA request. They're omitting names and other specifi

    • by c0lo (1497653)

      FTFA:

      Wikileaks complaining of a leak?

      Yes, and damned well they should unless your moral views are very shallow.

      Yes and damned well they should.

      Because two actions use the same mean doesn't make the actions equivalent.
      To put it into perspective: self-defense and premeditated murder may use a firearm. Are they equivalent?

    • by dbIII (701233)

      If I was running the CIA, I'd certainly run a program to discredit Wikileaks. A few rape allegations here, an ideological schism in the organization alleging untrustworthiness, some unveiling of sources to make future sources afraid...

      Nice theory, but since those things actually happened instead of a major fuckup it's incredibly unlikely that the CIA was involved :)

    • At some point it just comes down to someone looking at the situation and doing what they feel is right.
      At that point you may as well start the good intentions paving company and be done with it. Also no snowflake in an avalanche feels responsible.
  • Leaking unredacted documents is exactly what wikileaks was widely criticized for in their first big release (~70k cables). In that case, they staunchly defended the practice. Now they're complaining, and even suing over the exact same thing, only they weren't the ones to expose them this time. When did they change their position on this issue? And if they have changed it, are they now prepared to apologize for their prior behavior?
    • by mgiuca (1040724) on Thursday September 01, 2011 @12:44AM (#37272374)

      Your post basically answers itself. They did change their position on the issue because they got a lot of heat for not redacting the cables. That is why for the past year (with the Cablegate cables) they have been working with news organisations to carefully redact them before releasing, and releasing them in small batches a few at a time. That has consistently been WL's position for the past year. Complaining that The Guardian released the cables that were supposedly sent to them for the sole purpose of redacting them is not inconsistent with their recent position.

      (I have often said that one is not a hypocrite for changing one's beliefs, only for simultaneously saying one thing and doing another.)

      • As I said in my initial post, changing position is fine. However, when you change your (in this case very public) position, you should publicly acknowledge that you have done so, and take responsibility for any issues your prior position caused. To my knowledge, they have done none of that. Last I heard from them is that they were "right" to release the unredacted cables in the past, and "it didn't matter because no harm was done". That's an irresponsible position to take. If they have apologized or accepte
        • Ok, I didn't actually say it's ok to change positions in my initial post, but it was implied by my comments about apologizing for any issues caused by their previous position.
  • Idiots. (Score:5, Insightful)

    by v(*_*)vvvv (233078) on Thursday September 01, 2011 @12:33AM (#37272328)

    Who in their right mind would think it okay to publish a password and publish the correct one? They could have published the same book with a fake password all the same, yet obviously it was the password.

    As for it being temporary, it wasn't an access password, but a decryption password. And in the eyes of the law, why would what Wikileaks said even matter if non-disclosure was part of their arrangement?

    • by mgiuca (1040724)

      Yes -- very well put about the access password vs decryption password. To put it another way, there was no point in having the password at all if the password was eventually to be made public.

      JA sent a file over the network, then deleted it afterwards. There are two scenarios: we can either a) assume that nobody did or ever will get their hands on the data being sent, or b) assume that someone might have or might in the future get their hands on the data. If we're going with (a), then we don't need a passwo

      • by Yvanhoe (564877)
        > Perhaps the mistake was trusting this complicated logic to a man who didn't know how to use 7-zip. The fact that journalists in this age and day do not know how to manipulate encrypted files still bewilders me.
    • Re:Idiots. (Score:4, Insightful)

      by Chuck Chunder (21021) on Thursday September 01, 2011 @01:00AM (#37272466) Homepage Journal

      Who in their right mind would think it okay to publish a password and publish the correct one?

      I am guessing that the choice of password played into this. Had it been random, nonsensical and dull it probably wouldn't have been published, but "CollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#" has descriptive value.

      I remember hearing or reading about an idea that involved identifying a leaker by seeding different people with documents that contained juicy, unique phrases to tempt journalists into quoting them directly, thereby identifying the source of the document.

      This isn't the same, but having a password that has meaning in relation to the contents of the documents certainly adds some risk. A pass phrase should be context free.

      • by igb (28052)
        There's a reason why in proper IA environments, people who are given actual sight of actual key material are trained, and that key material itself is classified to the level of the ciphertext it unlocks. No one comes out of this well: a bunch of people who don't understand how to keep stuff long-term safe playing at spies.

        For the Graun to publish key material, even stuff they "know" to be meaningless, is irresponsible. Publishing that key assumed that the ciphertext had been securely destroyed, and I ca

      • by gsslay (807818)

        Mod parent up.

        You are spot on. If the password had been random then it most certainly wouldn't have been mentioned. But the password used gives "insight" into how those handling it were treating it. Someone was being smart-arse. Someone was saying "I can encrypt this with a straight-forward description of what I regard this to be". Someone was making a statement in saying "This is no big secret, it's just a history".

        But of course, the fact they encrypted it immediately demonstrates the reverse. They

  • ...can someone who illegally obtained classified documents and released them into the public domain then sue someone else for stealing their illegally obtained documents and releasing them into the public domain.

    For what it's worth it seems much more likely to me that someone within WikiLeaks who was disaffected them stole the data/password and release them than the Guardian did it. Just because it was the (supposedly) time limited password given to the Guardian doesn't mean no one else had access to it.

    • by mgiuca (1040724)

      ...can someone who illegally obtained classified documents and released them into the public domain then sue someone else for stealing their illegally obtained documents and releasing them into the public domain.

      The two situations are totally different. The very reason that nobody can sue Julian Assange (or any other newspaper that has ever leaked something) is because they did not "illegally [obtain] classified documents". There is a deliberate asymmetry in the law here: it is illegal to disseminate classi

      • by solanum (80810)

        Sorry, the first part was meant to be funny... As for the second, according to the Guardian at http://www.guardian.co.uk/world/2011/sep/01/unredacted-us-embassy-cables-online [guardian.co.uk]

        "The embassy cables were shared with the Guardian through a secure server for a period of hours, after which the server was taken offline and all files removed, as was previously agreed by both parties. This is considered a basic security precaution when handling sensitive files. But unknown to anyone at the Guardian, the same file wit

        • by mgiuca (1040724)

          Yes but this is what I meant by "Nobody is denying the facts here (the only thing that's in contention is where the blame lies)." -- I accept that there is a debate going on as to who said what was temporary and who should or shouldn't have disclosed what. But the following facts are not in dispute: (1) WikiLeaks provided the documents (encrypted) and passphrase to Guardian, (2) Guardian editors revealed passphrase in book. So there is no need for a theory that someone else got hold of the password: Leigh p

        • Having a "doomsday" file out there in case Wikileaks is taken down, everyone arrested and whatnot is a good precaution. Reusing a password that many people in many organizations they've shared it with know is insanely stupid, no matter what. They should have used a password they and only they knew. Because as this case proves, that means they've lost control of their doomsday device. They don't have control over the file and they don't have control over the password.

          They should have used a different file fo

    • by MarkvW (1037596)

      Anybody can sue anybody about anything almost anywhere. Frivolous crap like this gets thrown out of court pretty fast.

      A lawsuit exposes Wikileaks to civil discovery. Civil discovery is very broad. Think about the story that the Guardian could write with what they learn about Wikileaks personnel in the civil discovery process. Think about the secrecy that Wikileaks gives up by prosecuting a lawsuit.

      This is posing. Assange is a nauseating individual. While Bradley Manning sits his ass in jail, that scum

  • It has often been said in security that the first law of security is being clear about what is a secret and what is not. Once we have decided that, we can safely distribute the non-secrets as long as we hide the secrets. This is, for example, why I am perfectly comfortable revealing my public key to everybody on the planet.

    So who is to blame? In one corner, WikiLeaks (allegedly... I'm not clear on the details) released this encrypted file to the public. In the other corner, The Guardian released the passphr

    • Why is wikileaks in the right?

      What kind of security policy is this, giving trust to outsiders, hoping that they will do the right thing? You may have the contract on your side, but litigation will not put the toothpaste back in the tube.

      Really it's just shoddy security practices by Wikileaks. They could have managed this in a way where they did not have to trust the reporter to do the right thing.

    • It has often been said in security that the first law of security is being clear about what is a secret and what is not.

      I think perhaps the first law of security is that you actually have to keep the secrets secret.

      • by mgiuca (1040724)

        Mm, well, no I would say that's the second law of security. You can't keep the secrets secret until you have determined which pieces of information should be kept secret.

        • And if you don't keep the secrets secret, the entire exercise is pointless!

          • by mgiuca (1040724)

            The second rule is pretty important, I agree.

            My point is, you can't keep everything secret. If you did, you wouldn't be able to release your public key. And you wouldn't be able to disclose the details of the AES algorithm, to be vetted by security professionals. And you wouldn't be able to transmit even the binary for your decryption program to untrusted people, because then someone could reverse engineer it. And, importantly for this discussion, you wouldn't be able to transmit encrypted documents over th

        • I don't understand your logic.

          Deciding what is secret and what is not is just a matter of content. Deciding that you need to keep the secrets secret affects the fundamental policies of how you do things.

          • by mgiuca (1040724)

            I'm not talking about content (as in "let's keep the details on Iraq secret but the contents of the president's breakfast public"). I'm talking about fundamental units of information (as in "let's keep the private key secret but the public key public", or more to the point, "let's keep the plaintext secret but the ciphertext can be viewed by the public"). See my response to your other post.

            It's so basic it should be a non-issue: WikiLeaks is currently taking heat for making the ciphertext of an encrypted fi

  • I think not. Alanis Morrissette never mentioned Wikileaks.

  • . . . performed by lawyers on behalf of their clients?
  • If you are going to share extremely sensitive documents with several people, why the FUCK wouldn't you create several *different archives* with different passwords - one for each individual you are sharing the information with?!

    Give each individual access for a short period of time, and then DELETE THE INDIVIDUAL FUCKING ARCHIVES FROM YOUR SERVER! This has the additional benefit of being able to trace any future leaks.

    Seriously, if you have disseminated the password to your single "master copy" archiv
    • by mgiuca (1040724)

      I've written a full post on this issue here [tumblr.com], but I'll respond to your individual points.

      If you are going to share extremely sensitive documents with several people, why the FUCK wouldn't you create several *different archives* with different passwords - one for each individual you are sharing the information with?!

      I agree, it is somewhat unusual for WL to have disseminated the cables in an encrypted archive, deleted the archive, then at a later time shared the same encrypted archive rather than creating a n

      • Sorry, none of your points hold water. Defence in depth [wikipedia.org], Separation of duties [wikipedia.org] and Discretionary access control [wikipedia.org] are all well known security tenets.

        But in the WikiLeaks scenario, what is "the damage"? If any one journalist is "compromised" (say, publishes the password in a book), all the cables go public unredacted. This is true whether they are all sharing the same password or not.

        No, and that is the whole point. If they publish the password in a book, then they themselves must also publish their copy of the archive - or the password is useless. So if one organisation publishes their file, and then another publishes their password, there is no issue.

  • Mixed feelings (Score:2, Insightful)

    by Arancaytar (966377)

    On one hand, their anger is understandable. Even when your business is to reveal secrets, you need to also keep some secrets (ask any reporter with an anonymous source). It sounds hypocritical, but it really isn't. You can argue all you want about whether some military secrets endanger national security or the safety of civilians, but it should be clear that, for example, evidence of military or political wrong-doing is in the public interest, while access information to private computers or bank accounts i

  • JA copies confidential files into a secret directory on a server and does not warn the people who have the right and the access to the parent directory, then does not delete these after transmission, and he chooses a simple password transmitted in a public place AFAIU (instead of a larger key transmitted on a physical medium, like a cd or an sd card) which he does not warn his partner never to reveal it and handle it with care, does not make sure he has the organizational, physical and administrative contro

"Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken

Working...