The Guardian and the Wikileaks Encryption Key 196
rtfa-troll writes "Bruce Schneier has a good article explaining how the Guardian released the encryption key for the WikiLeaks cables and destroyed the main protection against the release of informers' personal information. The comments in Schneier's blog fill in details of how exactly WikiLeaks' secondary file security protections were also bypassed. Now the Guardian has an article that Assange risks arrest by Australia over the latest leaks, which include information about an Australian intelligence officer. They even say, 'We deplore the decision of WikiLeaks to publish the unredacted state department cables, which may put sources at risk,' and go on to state that 'The decision to publish by Julian Assange was his, and his alone,' something which seems clearly debunked in the analysis on Schneier's blog."
Links & hints to the data (Score:5, Informative)
Re:Links & hints to the data (Score:5, Insightful)
They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.
Re:Links & hints to the data (Score:4, Interesting)
Not everyone in these documents was involved in covert operations.
I personally know a person who was mentioned in these documents. He can't be the only one who was innocently roped into this.
Re: (Score:2)
so Colin Powell.... (Score:2)
is guilty of torture?
Re: (Score:2)
Perhaps not as much as some others in the Bush administration (not to mention Congress that approved everything), but yes.
Re:Links & hints to the data (Score:5, Interesting)
Look at this from the tin-hat angle:
David Leigh/Guardian is working in the interest of CIA/MI6 and looking not to collaborate with WikiLeaks, but to ensnare him for prosecution.
Clue: DL Insisting on seeing the actual files
Clue: DL Pressing for the GPG passphrase
Clue: DL Publishing the ENTIRE proceeding and passphrase in a book
Dumbshit-Borg is either a long-time mole or was "turned"
Clue: D-B had full access to all unredacted material
Clue: D-B acrimoniously split with Assange/WikiLeaks over ego-boundary shit and speculative "risk" issues
Clue: D-B in his schism is part of the probable exposure of these cables - portrayed as an "accident", while he was unilaterally and admittedly sabotaging WikiLeaks
Clue: D-B can now say "I told you so" over this exposure of sources - pointing to this as evidence, rather than a situation he perpetrated
The US Army Counterintelligence Agency said in 2008 that WikiLeaks was"a potential force protection, counterintelligence, OPSEC, and INFOSEC threat to the US Army" and PLANNED OPERATIONS to neutralise/discredit WikiLeaks:
"The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public."
http://www.scribd.com/doc/28385794/Us-Intel-Wikileaks [scribd.com]
Question: Do you think that the Agency makes these declarations in vain, for their entertainment value?
Question: Do you think they are alone, and that there are not equivalent planned and current operations by the CIA, etc.?
Question: Are the combined actions of DL and D-B implausible as the intended outcome of a counter-WikiLeaks strategy, set in motion by one or more intelligence agencies, including US Army Counterintelligence?
Think about it. Once they set this down IN PRINT, internally, and don't have a "positive" outcome? Sombody goes through the ringer.
This is likely all a setup. One with a scenario that is similar to the one indicated here, if not completely identical. It is one where where David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings.
Either way, this is a noose fabricated of intentional actions with plausible deniability. Identify WikiLeaks with Assange's personality, and attack the personality. Attack the credibility of WikiLeaks methodology while distracting from their effectiveness and success in exposing filth, corruption and illegal government action.
I know the will get Assange one way or another. They just created the circumstance to have him charged in Australia - their one sure bet. But watch out, DL and D-B.
When your mysterious, untimely deaths occur, I will look at it as confirmation of these speculations.
And proudly burnish my tin-hat...
Re: (Score:3)
I know the will get Assange one way or another. They just created the circumstance to have him charged in Australia - their one sure bet.
If that does happen, it'll be Assange's own fault. I don't buy for a minute that shadowy TLAs forced him into this; they just gave him an excuse to do what he wanted to do anyway: http://www.reuters.com/article/2011/09/02/us-wikileaks-cables-assange-idUSTRE7816SM20110902 [reuters.com]
Re: (Score:2)
Re: (Score:2)
You are missing a key piece.
He didn't want them all dumped un-redacted.
Re: (Score:3)
He may originally intended to release them unredacted, but he clearly changed his mind, quite possibly because a lot of human rights organisations insisted that they needed to be redacted. The plans to redact them have now been ruined by a combination of Assange's (probably justified) paranoia (publishing the encrypted files, but not the encryption key), and The Guardian's ill-conceived publication of the encryption key.
Re: (Score:3)
But he didn't publish them - or distribute them - in encrypted form. This occurred because of Domshite-Berg's (Dumbshit-Borg) deliberate subterfuge and co-option of WikiLeaks.
He's been spinning like crazy, saying that he destroyed data, because he couldn't trust Assange to safeguard it.
In fact, this was to divert attention from the possible discovery that he had already distributed the PGP file in question, and prepare the ground for assigning blame to Assange/WikiLeaks.
Mirror, mirror... (Score:4, Interesting)
David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings
Indeed. According to Der Spiegel [spiegel.de], the encrypted file was among those taken from Wikileaks by Domscheit-Berg when he acrimoniously left to start his own rival Openleaks site. It was then released by Openleaks using volunteers to seed torrents of many of their files. Meanwhile, David Leigh of The Guardian published the password which Assange had given him, thereby apparently breaking an agreement of confidentiality. Later, an Openleaks-associated news site let people know where the key to this particular file could be found.
Smelly sticky shit is indeed flying, but it looks like a side effect of Assange/Wikileaks being stabbed in the back by Domscheit-Berg/Openleaks and David Leigh of The Guardian. Whether the stabbing occurred by coordinated malice or combined stupidity and incompetence is still a little uncertain. Either way, it's hard to blame this directly on Assange/Wikileaks.
Re: (Score:3)
Heh.
I want to contrast reactions. That is one of three postings of this theory.
Re: (Score:2)
Don't take a job in the Mafia's typing pool.
Don't support any government with a standing army, stationed in any foreign nation.
Re:Links & hints to the data (Score:5, Insightful)
They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.
If your ex will kill you if he/she knows where you live, and I know your ex will do that, and I tell your ex where you live, I am *not* blameless
If the country you're in will kill you if it knows what you do, and I know the country will do that, and I tell them what you do, I am not blameless.
Saying someone accepted the risk of a bad result does not mean that other people who cause that result are inherently blameless. You may accept the risk of an accident when you drive to work in the morning, but if I hit you with my car, it may still be my fault.
Re:Links & hints to the data (Score:5, Insightful)
Just an aside here, I don't know how relevant it is.
I love how all the small-government types - the ones who think that the notions of commonwealth are somehow equivalent to boogieman socialism - get all righteously pro-State, when it comes to WikiLeaks. It is a curious kind of cognitive dissonance.
I propose that this psychological maladaptation is the expected outcome of an authoritarian personality forming in the context of what is, nominally, a republic.
George Orwell was impossibly subtle and perceptive in his fictional exposition of this as "DoubleThink". He demonstrates it as obvious, oxymoronic contradiction - a caricature of the actual mental state of those who enable and support totalitarian positions.
"Freedom isn't Free" Christ! That's the knee-jerk truism for "War is Peace", "Freedom is Slavery" and "Ignorance is Strength" in one, compact portmanteau!
Re: (Score:2)
And my own aside. I love how stupid these "truthers" are(we'll call them that, since they always want the truth). Information doesn't want to be free. It's not sentient. It has no feelings. Hard truth, right there.
Re: (Score:2)
You mean that information prefers not to be anthropomorphized?
Re: (Score:2)
In order to guarantee freedom, one must be willing to back it up with force. Being an expenditure of energy which is only done to protect freedom, by definition freedom has a cost. Thus, is not free.
Re:Links & hints to the data (Score:5, Informative)
I love how all the small-government types - the ones who think that the notions of commonwealth are somehow equivalent to boogieman socialism - get all righteously pro-State, when it comes to WikiLeaks. It is a curious kind of cognitive dissonance.
It is a cognitive dissonance which forms part of a larger pattern. There is even a freely downloadable book on the topic [members.shaw.ca], written by a psychology professor.
Good book (Score:3)
I've read that same work; it's a solid dissection of the authoritarian phenomenon, from both sides -- those who cheer on the bullying leaders, and the bullying leaders themselves. It's not terribly short, but not overly long, and it's actually written in an approachable and reasonably legible style, which is unusual for high-end academia types. Well backed up, with footnotes and a bibliography for those so inclined. The author also explicitly released the book online for free, out of the view that he wan
Re: (Score:3)
On the other hand, if the information in the cables isn't released, people who have already committed actual crimes will go unpunished.
It's unfortunate that they weren't redacted before release, but the genie is out of the bottle now. I'll wager that evil dictator governments, amoral multinational corporations, organised crime gangs and terrorist organisations won't be getting their copy from the Slashdot comments.
Re: (Score:2)
I don't know if he's committed an actual crime or not, and unless you're the troll account for one of two particular Swedish women, neither do you.
Re: (Score:2)
Re: (Score:2)
Can we also blame the Guardian and anyone that downloaded the files ?
Also, has anyone actually been hurt from this as yet ? or is this more posturing on the side of the ignorant masses ? (that's actually a serious question)
Re: (Score:3)
As far anyone being hurt, from the horses mouth: "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange regarding a leak dealing with Kenya
Re: (Score:2)
> See Nuremberg. When the US is the authority, it doesn't punish itself.
The U.S. wasn't "the authority." The victorious powers together were the authority. The U.S. presence meant there was actually a trial.
Re: (Score:3)
Re: (Score:3, Insightful)
I had a long drawn out reply to this that got eaten. You'll have to live with the short form, sorry.
Your 1300 quoted is only half the text, you should read and consider the rest in the context it was said. People are trying to claim that the cables reveal names of possible informants who's lives subsequently become in danger. Can you please point to where the Kenya cables listed these 1300 people ? or was it possibly that the data highlighted corruption in the government that subsequently lead to an uprisin
Re: (Score:2, Informative)
They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.
If your ex will kill you if he/she knows where you live, and I know your ex will do that, and I tell your ex where you live, I am *not* blameless
If you got in bed with a psycho, deliberately betrayed him/her without his/her knowledge, and then broke up and went into hiding--but they didn't know you did anything--then me telling your ex that it was you, and what you did, is karma. Don't get me wrong, it's also me being an asshole, unless I'm friends with your ex and care more about him/her than you, but you did something wrong, you knew you did, you knew they'd be mad, and whatever your reason, it's on your damn head.
You're painting "Psycho ex" as s
Re: (Score:2)
Horseshit. While some psychotics were driven that way through nurture, there are plenty that are the way they are through nature alone.
Re: (Score:2)
Re:Links & hints to the data (Score:4, Insightful)
They accepted the risks when they engaged in the covert operations to begin with.
OK, here's a new plan.
Firstly, we must stop using human intelligence sources to anticipate and try to prevent criminal acts, because the sources are often inherently at risk and you don't want to protect them.
Because the public will not stand for the damaging acts that are likely to result, we need a new source of information to help prevent them. Let's make disclosure of all communications to the state mandatory, declare any use of encryption in communications or storage reasonable grounds to suspect criminal intent, and treat anyone who does it as a suspected terrorist until proven otherwise. If you've got nothing to hide, you've got nothing to fear, so obviously this won't have any chilling effects.
Also, we should stop conducting quiet diplomacy behind closed doors, because not everyone knows what their government is doing under those circumstances, and that is just wrong. Everyone needs to know everything that goes on in government immediately or the very fabric of society is at risk.
Instead of making deals with the devil, we must ensure that we fight any opposing philosophy to the bitter end, no matter the cost and no matter how long it takes. We have, after all, been highly successful in places like the Middle East using that strategy. Meanwhile, it's not as if developments like the Northern Irish peace process started with a few brave individuals on both sides meeting secretly to see if decades of bloodshed could be brought to an end or anything. That probably didn't save anyone's life or improve the quality of life across a whole country anyway.
While we're at it, we should probably also ban witness protection programmes. Courts must be open and impartial, and there is no risk to their effectiveness in cases relating to gang violence, sexual assaults, and corruption if everything is always heard with the press present.
Finally, we should definitely televise all official government meetings in real time. Politics can be kept at bay, and we are bound to wind up with more sensible policies if decisions are made based on which sound-bite will sound best on the evening news rather than the considered opinions of experts who are familiar with more subtle arguments than "Five minutes ago you agreed with part of something I almost said in another discussion, so if you don't back me up now that's a U-turn!!!!111!eleven!"
OK, here's another plan.
First, we could use just the tiniest bit of common sense. Some things are secret for good reasons, and whatever the conspiracy theorists like to say, I'm betting that most people in government, in the police, in the security services, and in the armed forces in my country are basically decent people doing their best to protect the rest of us from not-so-decent people. Those who abuse authority should be dealt with appropriately, but we could consider a less black-and-white view and not throw out the whole fridge because a bit of cheese got mouldy.
Transparency is important, and checks and balances are important, and oversight is important, and respect for democratic roots is important, and secrets should only be kept from the general public for legitimate reasons and for as long as absolutely necessary. However, I don't think we would like to live in a world where only the bad guys kept secrets at all, and I don't think we would like to live in a world where no-one was brave enough to stand up for what is right for fear of the repercussions when they were inevitably compromised.
Re:Links & hints to the data (Score:4, Insightful)
When dealing with a trusted keeper of secrets, there is a very fine line between "common sense, let them keep secrets" and simply being a dupe to a predatory and potentially crimial entity. Wikileaks wouldn't exist if the various governments of the world gave us even the slightest reason to trust them.
In the US, our elected officials are one step shy of openly taking bribes, and in the last few months, two of the three branches have been mired in what boils down to little more than a dick waving contest. We have spent a decade occupying two countries we invaded without the slightest bit of reliable intel that would give us reason to do so. Our economy was raped by Wall Street parasites that subsequently got written a big check and left without so much as a slap on the wrist.
I have absolutely zero faith that our government has the best interests of its people in mind. While I would not personally go as far as actively work to release classified documents, I find it particularly difficult to chastise anyone who believes they need to do so for the good of the public.
Re: (Score:2)
In the US, our elected officials are one step shy of openly taking bribes, and in the last few months, two of the three branches have been mired in what boils down to little more than a dick waving contest. We have spent a decade occupying two countries we invaded without the slightest bit of reliable intel that would give us reason to do so. Our economy was raped by Wall Street parasites that subsequently got written a big check and left without so much as a slap on the wrist.
And yet all of this has happened out in the wide open, without your population doing anything to remove those elected officials. What sort of difference is telling a few citizens who might actually care about a few more minor infractions (relatively speaking) going to make, when affronts like the above are carried on with apparent impunity?
Meanwhile, this year has seen the biggest forcible assertion of democratic values in generations. How much of the result is down to a few nameless heroes who fought from
Re: (Score:2)
I'm sure that the killers have their excuses too . . .
Re:Links & hints to the data (Score:4, Insightful)
people will die as a result of these leaked cables.
Maybe. The question is, will more or less die as a result of Wikileaks making it public knowledge that they have leaked. As DarkOX already pointed out the secret services already have the files so they are looking for the sources already. Now it's possible for a source to simply type in their name and know if they are in there.
The other question is; who should take the blame. The US government which kept the names in plaintext in a database with millions of people having access; the Guardian which when trusted with secret data seems to have failed to put their IT security people on the case (how the hell else could they expect the password to an encrypted archive to change) or Wikileaks.
P.S. If you are a source and want to check if you are in there, do this on a local copy of the archives or at least do it over https. Remember that searching the archives for your name may be enough to trigger someone coming knocking.
Re: (Score:2)
All this is going to lead to is the State Dept, DoD and other agencies going back to stovepiped info systems, since having a shared common operation like this is obviously flawed.
I don't know that "millions" have access to the secure networks where these cables were originally transmitted, either. It was "plaintext" but on a secure network where the user was the vulnerability.
Re:Links & hints to the data (Score:5, Interesting)
These leaked cables are about HAVING KILLED PEOPLE!
Including the point-blank firing of weapons into the heads of toddlers.
Including Israeli lies about killing "terrorists" being revealed as bombing and killing 16 civilian villagers, at prayer.
Like most reactionary cranks, you fret SO over the theoretical loss of life that might occur, if illegal and anti-democratic secrecy is not punitively enforced.
Where is your concern, passion and outrage about the ACTUAL callous and criminal loss of life, that would have initiated any such threat?
Your hypocrisy and disingenuous moral posturing stinks like the foetid pool of death that you defend.
Re:Links & hints to the data (Score:5, Informative)
Including the point-blank firing of weapons into the heads of toddlers.
I'm guessing you meant this:
WikiLeaks: Iraqi children in U.S. raid shot in head, U.N. says [mcclatchydc.com]
Bradley Manning did the right thing.
Re:Links & hints to the data (Score:5, Informative)
No "few bad apples".
An airstrike was called in, to try and destroy evidence of the scene.
These are beginning to emerge as "business as usual" occurrences from Iraq and Afghanistan.
But, in history, we revile the Wehrmacht of Nazis for this same activity.
Re: (Score:2)
There's no proof for anything in that cable. It's essentially a copy-and-paste of a request received at the Embassy.
I'm not making excuses for anyone. If the accounts are true, then someone should have faced court-martial and given the death penalty if found guilty (my opinion). The evidence isn't in that cable, though, imo.
Re: (Score:3)
This incident occurred. It has outside corroboration and photographs.
The cable indicates the level of collusion on this level of atrocity.
Re: (Score:2)
Re: (Score:2)
Don't be so sure about that
Re: (Score:2)
That "cable" is documenting a letter received by the Embassy asking if the account of the scenario is true. The letter is asking, "hey, I heard this happened. Can you confirm or deny?" There is no documentation as to what the response was, either from the military or the embassy.
I have no idea what happened, but rather than this being proof in the cables of assassinations, it's simply someone documenting a request received at the Embassy.
Re: (Score:2)
Actually, this article [guardian.co.uk] has more details on the response, or lack of one. This is still a "known" event and the cable provides another second hand account of what allegedly happened.
Re: (Score:3)
So next time someone comes across something horrible and thinks about leaking it, they'll probably remember this incident and all of t
Re: (Score:2)
I propose that this "leak" was the planned outcome of an operation, probably by the US Army Counterintelligence Agency. This agency has documents that revealed their plan to cause this EXACT kind of exposure, to discredit and subvert WikiLeaks.
url:http://www.scribd.com/doc/28385794/Us-Intel-Wikileaks
When two of the three critical players, Dumbshit-Borg and David Leigh have demonstrated themselves to be mendacious, disingenuous, self-serving and un-trustworthy? I look to them, with their insider roles, to
Re: (Score:3)
OK. Go back to shooting babies in the head, and forget I said anything.
Re:Links & hints to the data (Score:5, Insightful)
Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.
You've said that twice now. How do you know it to be true? These cables weren't internal CIA reports, most of them were not even classified and those few that were had only the lowest level of classification.
Furthermore, the information was "leaked" by the Guardian's careless publication of a password. Wikileaks officially publishing them now in an easily searchable form means anyone at risk has the ability to check for themselves if their names are mentioned - the bad guys have had the cables since at least last week, if not for the last few months following the publication of the password in February.
Re:Links & hints to the data (Score:5, Funny)
Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.
You've said that twice now. How do you know it to be true?
It's true because it's in bold.
Re: (Score:3)
Furthermore, the information was "leaked" by the Guardian's careless publication of a password. Wikileaks officially publishing them now in an easily searchable form means anyone at risk has the ability to check for themselves if their names are mentioned - the bad guys have had the cables since at least last week, if not for the last few months following the publication of the password in February.
It was encrypted _once_ with a symmetric key algorithm apparently, and the same encrypted data was distributed to multiple parties and the whole Internet, as an insurance policy.
_S_t_u_p_i_d_
If Wikileaks REALLY cared that this would happen (they didn't) they would have encrypted it with a different symmetric key per recipient, or used a PKI system.
I'm not going to add to all the "journalists shouldn't be expected to understand crypto" malarky. They were told the password was temporary which would have been
Re: (Score:3)
There is nothing in the story that supports the idea that Wikileaks used the same password for all the encrypted files they gave out, you idiot. The file decrypted was the file they gave the Guardian, and the password was the one they gave the Guardian.
What happened is the Wikileaks site was attacked and hence mirrors were made of the site, including a mirror of the ciphertext by accident. Which is not any sort of security breach...in the actual real world, having the ciphertext lets you do jack-squat, and
Re: (Score:3)
There is nothing in the story that supports the idea that Wikileaks used the same password for all the encrypted files they gave out, you idiot.
This. Only even more, the good thing about the Schneier article is that he and his posters have actually traced this down and verified that the password does not work for the insurance file.
Re: (Score:3)
If Wikileaks REALLY cared that this would happen (they didn't) they would have encrypted it with a different symmetric key per recipient, or used a PKI system.
And that's precisely what they did - the file was intended ONLY for The Guardian and they got the password hand-delivered to them. You've confused the "insurance" file with the file that the Guardian's password decrypted.
That The Guardian's individualised file made out into the wild would not have been a problem if they had kept the password to themselves. After all, that's why it was encrypted especially for them in the first place - on the chance that somewhere, somehow it would be intercepted.
Trust me, WL did not give a shit that this would eventually happen.
Given you
millions of people -have died- from govt lies (Score:2)
and secrecy. it is the history of the twentieth century.
Patrice Lumumba being a perfect example.
im not saying Wikileaks did the right thing, im just saying to be 'outraged' is a little hard to understand.
Re: (Score:2)
Yes, they have.
But screwing over a whole bunch of other people who are trying to make the world a better place just because you can isn't going to bring the dead back.
Destabilising sensitive negotiations and compromising sources will almost certainly result in more deaths, though, not just for the sources and their families but because the work they were doing was undermined.
Most of the Wikileaks stuff that came out before wasn't particularly damning, in the sense of exposing great wrong-doings by governmen
stuff that might happen vs reality (Score:3)
people said wikileaks would cause casualties. well, its been a year+ since alot of this stuff was released. who has died? can anyone name a single person who has died so far?
"Destabilising sensitive negotiations and compromising sources will almost certainly result in more deaths, though, not just for the sources and their families but because the work they were doing was undermined."
im not saying i dont believe you. im just asking for evidence.
there are a lot of kids in pakistan who have died because of dr
Re: (Score:2)
people said wikileaks would cause casualties. well, its been a year+ since alot of this stuff was released. who has died?
It's hasn't been a year since the release of the uncensored data, and even if the authorities in hostile states had gotten hold it of seven months ago, the sheer volume of it would limit how quickly they could react. It is far too soon to even claim that no harm has been done, leaving aside the fact that given the nature of those involved, any friendly casualties would probably be kept very quiet.
However, as of the past couple of days we already know that many people considered at risk and marked for protec
Re: (Score:2)
"I doubt any Wikileaks releases have prevented any drone strikes"
well they COULD, in THEORY... which is the only standard of evidence we are dealing with.
Re: (Score:2)
Well, now it's obvious you're just trolling.
To give one obvious example from this week, the Libyan rebels have found prison facilities in Tripoli where hundreds of political prisoners have apparently been executed before or during the uprising. There is no doubt that compromising the identity of people who oppose the ruling classes in many nations is a life-threatening activity.
On the other hand, successive administrations in various Western nations have carried on with their drone strikes and numerous othe
Re: (Score:2)
...people will die as a result of these leaked cables.
Will more people die as a result of more widespread distribution - in your opinion? Do you have any evidence that genuine assassins need help from Slashdot to gain access to leaked intelligence data?
My perspective is that this seems weird... JA and Wikileaks went to great lengths not to release non-redacted data... I don't believe that the Guardian mistakenly published the key... I can hardly believe that JA/Wikileaks gave it to them - and I find it inconceivable that they did this without making clear th
Re:Links & hints to the data (Score:5, Insightful)
It's been a year, and so far, nobody has died as a result of the leaked cables. Not saying it won't happen, but it hasn't happened so far.
On the other hand, the cables contain information about people who have been murdered. These crimes would not be known, nor their murderers known, were it not for the release of the cables. So you seem to be advocating the cover-up an actual crime to potentially stop a future, theoretical crime. That'd be a great one for an undergraduate philosophy class to work through.
I think the difference is ... (Score:3)
I think the difference in this "outrage" is whether the dead are "them" or not.
1 potential threat to even one of "us"
is worth far more than
1,000's of actual injuries or deaths to "them".
Re: (Score:2)
Which cables show that? Please provide links.
Re: (Score:2)
Here's the latest one. [guardian.co.uk]
Re: (Score:2)
The cable provides a new second hand account of what allegedly happened. It appears that this was already a "known" event, although maybe not reported to the public or covered in enough detail Valid example of a potential murder, though... I'll give you that.
I guess I'm still waiting / looking for the "big secret coverup" cable to be found that details some atrocity that was never known about by anyone but those privy to this "secret" cable network... Something that would really justify a whistleblowing cam
Re:Links & hints to the data (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
Assange has claimed responsibility for a death? Whose?
Re: (Score:2, Informative)
1,300 accessories to murder, I'd say.
Re:Links & hints to the data (Score:5, Informative)
"1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information..."
1,300 accessories to murder, I'd say.
Let's put that in context:
Removing the context as you did such that Assange apparently confessed to murder strikes me as rather dishonest. Assange has made real mistakes; focus on those unless your intent is merely to discredit his critics.
Re: (Score:3)
Nice the way we don't bother to give the context [guardian.co.uk] and at the same time cut off the statement at the point that it's about to claim part of reducing tens of thousands more deaths (looks even worse when we see the way you've done it twice [slashdot.org])
The leak exposed massive corruption by Daniel Arap Moi, and the Kenyan people sat up and took notice. In the ensuing elections, in which corruption became a major issue, violence swept the country. "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information and 40,000 children a year die of malaria in Kenya. And many more die of money being pulled out of Kenya, and as a result of the Kenyan shilling being debased."
Selective quotation does not help your credibility. By the way, which of the the Founding Fathers would you charge with war for their involvement in the American Civil War?
Wikileaks did the right thing sorta (Score:5, Interesting)
They were stupid to let the Guardian to get the key in the first place but once it was out making it more available was the right call.
When you had to get the data and key together that require time, and some computer skills. People who might retaliate against leakers have the resources to marry the key and copy of the data they either already had or could get from torrents.
That might be much harder to do for some poor tribesman who has limited or intermittent access to the internet. By making the information easier to get at, it lowers the bar, makes it easier for potential victims to know if they have been outed, and need to protect themselves.
Re: (Score:2)
When you had to get the data and key together that require time, and some computer skills
Not really, the file was on TPB (among many other places) and the password was being relayed all over the net. Millions of people - and I mean that literally - have the required access and skill if they have the slightest bit of interest then they'll be able to get the decrypted information. Very shortly - if not alreadty - there'd be torrents with the unencrypted information. And it'd be no hard than starting any other torrent, which I consider a rather basic task today.
the guardian (Score:3, Interesting)
are playing a stupid game right now.
In their JA will face arrest in Australia article they earlier said something like "the Guardian unknowingly publish the password in the Guardian's book" etc,
now that phrase is nowhere to be found from the article...
DER SPIEGEL has a much better writeup (Score:5, Informative)
The Schneier article is very speculative and doesn't have many facts.
DER SPIEGEL has a much better and more detailed account: http://www.spiegel.de/international/world/0,1518,783778,00.html [spiegel.de]
Re:DER SPIEGEL has a much better writeup (Score:5, Informative)
In a statement the Guardian rejected the accusations from Wikileaks, explaining that the paper had been told the password was temporary and would be deleted within hours. "No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files," the statement said. "That they didn't do so clearly shows the problem was not caused by the Guardian's book."
What's new in Schneier's article is that that is pretty clearly debunked. This was a standard GPG/PGP archive which had already been distributed. There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.
Re: (Score:3)
why would the Guardian publish the key if they new[sic] it would unlock everything for everyone?
Nobody is saying that the Guardian knew this would unlock the file. What I am saying was that you never publish your encryption keys even if you don't know anything more.
The key new thing from Schneier is in this small fragment
Memo to the Guardian: Publishing encryption keys is almost always a bad idea.
Here you have a respected crypto expert repeating a thing he has said in standard textbooks (applied cryptography) which should be known to all IT security people. This makes it 100% clear the Guardian messed up. Saying that this is a "journo" who "knows nothing about IT" beside
Re: (Score:2)
In public key encryption, you're supposed to publish your public key. So the "never publish your encryption keys" rule is not absolute. Obviously that isn't what happened here, but I don't expect a clueless journalist to be aware of these nuances, and so I wouldn't judge his behavior based on a "default' rule which is by no means absolute.
Re: (Score:2)
Why are you accepting what the Guardian writers are telling you at face value? From what I've read elsewhere there was at least a misunderstanding -- the Guardian thought the password was temporary but WL meant that the download site was temporary.
Whatever the case, what was the Guardian author thinking when he published the password?! That's clearly negligent.
Re: (Score:2)
Since when is PGP cycling passphrases without re-encryption?
That was a poor mistake - but maybe D-B is the fly in the ointment, and he deliberately copied the file, before re-keying it to a new passphrase.
He certainly owned up to other acts of subversion and data-manipulation, contrary to his trusted role in WikiLeaks. He goes all Hal-9000 in his explanation: how he had to kill Cmdr. Poole to fulfil the mission.
Fuck the little traitor. He's either an intelligence agency mole, or a dupe.
Re: (Score:3)
http://xkcd.com/936/ [xkcd.com]
Password entropy is not intuitive. This is my estimate of the entropy of the password. "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#"
Capital Letters at the start of every word: 1 bit
10 domain specific words in grammatical context: 6 bits each = 60 bits
Year in recent history: 7 bits
Random no-space or underscore between words: 9 bits
punctuation mark at the end: 4 bits
1+60+7+9+4 = 81 bits of entropy
2^81 / 1000 / 86400 / 365 =
7.6Ã--10^13 years to brute force @ 1000 guess
Re: (Score:2)
Re: (Score:3)
There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.
You mean, like when Julian handed out the password to the Guardian?
Possibly. Julian had a good reason to hand over the encryption key to them; they were supposed to get the archive in order to help him to filter the messages. However I have no idea (and nor do you I suspect) whether he took reasonable care to check that the people in the Guardian he was handing the data over to had adequate security to deal with it. If he failed to do that then, I personally think he was at least careless.
However, there's a meme that's going around suggesting that he should have hand
Re: (Score:2)
Besides the fact that the Spiegel (as a WL partner) is heavily involved in mud-slinging towards OL/DDB.
To me it is obvious that OL/DDB had nothing to do with this problem. I get more and more the feeling that this problem was the reason DDB left.
The idea that any intelligence agency needed the help of openleaks to test the guardian pwd against any encrypted document they find is funny.
no first reading? (Score:2)
So whatever happened to books, or the relevant chapters, being given out privately to the people in them prior to publishing? I thought that was standard practice.
I suppose it got put to the wayside since it was only relevant when the concepts of truth and balanced reporting were practised. As far as papers go, the Guardian is still far from the worst offender, but it used to be a high quality liberal broadsheet. The last few years it has seemed to put most value on web hits over quality paper journalism. S
Clarification (Score:5, Informative)
This is not the Wikileaks insurance file, which remains encrypted.
This is a different file, that the Guardian was privy to, and was then mirrored.
The password to this other file was published in a book.
I only mention this because the previous /. post on this topic had a lot of replies with the mentality that wikileaks has surrendered its insurance. Such is not the case.
RIP journalism (Score:5, Insightful)
Among other revealations during this ordeal, one thing stands out - I now know how morally bankrupt main stream media have become, irrespective of how right or wrong assange is.
Guardian won awards for all the work done by wikileaks/manning, and now they just backstabbed them, and still have guts to defend their own actions.
NYT is even worse.
Whisleblowing investigative journalism is dead, sold out to big governments and corporations.
One thing (Score:4, Insightful)
The redacting that was done by The Guardian and others was just a reasonable thing to do, but it had one disadvantage: They published only selected and redacted cables and such you couldn't look for certain things by yourself. There's been more interesting stuff in the past centuries than The Guadian or Der Spiegel would recognize.
What's now possible is others sieving through these cables and I'm pretty sure that people will find interesting things. While it's not really a good thing for names of informants being published all this centralized knowledge and decisionmaking about what is good for the public to know is really getting on my nerves lately.
Media & Law Makers (Score:2)
"...and go on to state that 'The decision to publish by Julian Assange was his, and his alone,' something which seems clearly debunked in the analysis on Schneier's blog."
Neither the media nor law makers will ever let the facts get in the way of their objectives. And because law enforcement has no small stake in this, either because their own fat is in this frying pan, or due to marching orders from the law makers, neither will they.
Verified? (Score:2)
Amazon book review (Score:2)
Here's an Amazon book review [amazon.com] critical of the disclosure of the password in the book. I registered my support for the critique with a 'helpful' click.
The key was not for the insurance file, however... (Score:4, Interesting)
From what is stated;
1) The key given to the reporter was not the key for the insurance file
2) The Assange had provided a backup method for others to recover the data in the case he was a) killed, b) otherwise rendered incapable to act by other than having the group act on his behalf
3) Whereas it is easy to revoke access to content on a central server, it is impossible to revoke access to a file that cannot be changed (a password can simply not be revoked unless you can write to it) In other words you cannot revoke passwords for content that is available on bit torrent etc.
4) The way encryption usually work is through two sets of keys, i.e. LUKS. The real key is essentially always 512bits, but nobody including you ever use this key - you have a password and a separate key that releases the 512bit key!!!
No, we do not know if there was a second pass-phrase key on the content provided to the reporter, but if it was, having one key which gives access to the full 512bit key and content might be used to reveal alternative keys to get the real key. One of which might cascade to the key used in the insurance file. Which is why it was truly irresponsible of the reporter to publish the key regardless!!! That is as far as I see neglect, and being clueless is under no circumstance justification. Yes, the password could be revoked on access, but any backup prior to revocation can as stated above would retain access with that key whether it is a tape, an USB copy, or bit torrent.
Anyway, it is not for sure there where any alternative keys combined with that content, however, we do know the group had access to release the content of the insurance file in case something did happen to Assange anyway...
That the Insurance file was released on Bit torrent was most certainly not a mistake, however, it will have been a mistake if an alternative key used on the content given to the reporter could cascade to this key somehow. (From what I have learned of the case, I kind of don't think the problem was here).
So that leaves the people who where on the inside with the knowledge necessary to release the key...
Sure, there has been a lot of mistakes happening; we can blame Assange for believing in the fools who left for OpenLeaks. They were likely always the number 1 threat to the whistle blowers: Internals who sabotage, steal and try to destroy the original organization with internal knowledge.
Wikileaks trusted the Gaurdian.They released it. (Score:2)
They made secure efforts in transmitting the data. It was the Guardian that betrayed the trust of Wikileaks and all those identities that were suppose to be withheld. The Guardian kept the data file and let it leak and then published the password... In effect the Guardian published everything in the clear. They are the ones to be held responsible.
"(Strictly protect)" (Score:2)
Just reading through a few of the cables that have leaked regarding my country and I came across several cables that have named names of sources with the tag "(strictly protect)". Now, in my country, their lives are certainly not in danger, but their jobs certainly are.
The biggest achievement of cablegate would be to make everyone think twice about talking to any US diplomats.
Re: (Score:2)
The cat's out of the bag. People will still read these, despite your baseless FUD.
Re: (Score:2)
z7 is not an encryption; it is a compression format. The file was compressed to z7, and then encrypted with gpg.