Slashdot Mirror
WikiLeaks Sues the Guardian Over Leak
An anonymous reader writes "WikiLeaks complaining of a leak is hard to get one's head around. That it's suing The Guardian — its great ally — is even harder. That The Guardian did such a ridiculous thing to warrant litigation in the first place almost defies belief."
Update: 09/01 04:59 GMT by S : Changed the first link to point to the statement on WikiLeaks' website. The Guardian has denied the allegations, saying, "Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours."
...this is a leak that can't be redacted or unleaked. Open world. That's what they wanted. Such is the nature of passwords, and basing a security policy on handing them to people you don't control and admonishing them not to divulge them. Cry me a river.
Message not found
Message does not exist. Either you've got a bad link or the poster has deleted the message.
Lovely!
yo dawg, I heard you like leaks, so I leaked your leak, so you could sue while you get sued
There is no honor amongst thieves.
Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"...Free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master. "
The supposed password, as it appears on page 148 of the pdf version of the book, is ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
Supposedly applies to "cables.csv" but not to the insurance.aes torrent released last year by Wikileaks.
We must dissent!
The coastguard?
I'm starting a new website, to be called 'Open-Wiki-Leaks-Leaks'.
FTFA:
Wikileaks complaining of a leak?
Yes, and damned well they should unless your moral views are very shallow.
How many US politicians are laughing at the Wikileaks/Guardian partnership exploding so spectacularly?
I'd say it's the CIA laughing. This is incredibly valuable for them. They lose some secrets, but they discredit the messenger (And anyone who tries to replace them) to prevent future leaks. If I was running the CIA, I'd certainly run a program to discredit Wikileaks. A few rape allegations here, an ideological schism in the organization alleging untrustworthiness, some unveiling of sources to make future sources afraid...
Does Wikileaks finally realise there's a need for secrecy/privacy in the world?
Finally? They've said that all along. That's why they were redacting the documents in the first place.
Does privacy/secrecy all boil down to where someone draws an arbitrary line in the sand?
Yes. The world is a fuzzy place and doesn't lend itself to simple morals where you can divide things into the dark side and the light side. At some point it just comes down to someone looking at the situation and doing what they feel is right.
Should a lack of privacy/secrecy be all or nothing?
Of course not. In general, I believe that the larger an entity is, the less privacy they deserve.
Is Wikileaks cementing views that it is or isn't an organisation of journalists who are guided by traditional journalistic ethics?
They publish the truth and protect sources who need protection. They've pretty much always been in that camp.
Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper: CollectionOfHistorySince_1966_ToThe_PresentDay# “That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’ Can you remember that?” “I can remember that.” Leigh set off home, and successfully installed the PGP software.
Password listed: CollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
Blow em all up, let God sort it out.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
Leaking unredacted documents is exactly what wikileaks was widely criticized for in their first big release (~70k cables). In that case, they staunchly defended the practice. Now they're complaining, and even suing over the exact same thing, only they weren't the ones to expose them this time. When did they change their position on this issue? And if they have changed it, are they now prepared to apologize for their prior behavior?
make imaginary.friends COUNT=100 VISIBLE=false
Who in their right mind would think it okay to publish a password and publish the correct one? They could have published the same book with a fake password all the same, yet obviously it was the password.
As for it being temporary, it wasn't an access password, but a decryption password. And in the eyes of the law, why would what Wikileaks said even matter if non-disclosure was part of their arrangement?
...can someone who illegally obtained classified documents and released them into the public domain then sue someone else for stealing their illegally obtained documents and releasing them into the public domain.
For what it's worth it seems much more likely to me that someone within WikiLeaks who was disaffected them stole the data/password and release them than the Guardian did it. Just because it was the (supposedly) time limited password given to the Guardian doesn't mean no one else had access to it.
Si hoc legere scis nimium eruditionis habes.
The point of leaking is to expose malfeasance.
Not necessarily. Leaking is also a tool of embarrassment, harassment, political manipulation, etc. When leaking selectively, one side and not the other, the point may be entirely political.
Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking?
The names of many people who would not have like to have been named were in the documents leaked and released. I do not see why the person leaking should expect any special treatment in that regard; of course an organization that leaks that would see fewer leaks come in to be sure, but it is fair game if someone ELSE can extract it from the site data is leaked to...
You have to figure as a leaker it is more likely than not someone will figure out it is you, and be prepared for that eventuality. If the leak is truly important enough, that will not matter.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
*Some limitations apply. See store for details.
After I wrote this, a great quote came to mind:
There it is. That's the ten word answer my staff's been looking for for two weeks. There it is. Ten-word answers can kill you in political campaigns. They're the tip of the sword. Here's my question: What are the next ten words of your answer? Your taxes are too high? So are mine. Give me the next ten words. How are we going to do it? Give me ten after that, I'll drop out of the race right now. Every once in a while... every once in a while, there's a day with an absolute right and an absolute wrong, but those days almost always include body counts. Other than that, there aren't very many unnuanced moments in leading a country that's way too big for ten words. I'm the President of the United States, not the President of the people who agree with me. And by the way, if the left has a problem with that, they should vote for somebody else.
--President Josiah "Jed" Bartlet, from The West Wing
It has often been said in security that the first law of security is being clear about what is a secret and what is not. Once we have decided that, we can safely distribute the non-secrets as long as we hide the secrets. This is, for example, why I am perfectly comfortable revealing my public key to everybody on the planet.
So who is to blame? In one corner, WikiLeaks (allegedly... I'm not clear on the details) released this encrypted file to the public. In the other corner, The Guardian released the passphrase. WikiLeaks blames The Guardian for releasing the passphrase, while The Guardian blames WikiLeaks for releasing the enciphered data (it claims that it was a one-time password that should have been safe to give out).
Clearly, from a cryptographic standpoint, WikiLeaks is right here, and The Guardian is at fault. We must be operating under the assumption that the encrypted data file is non-secret, and the passphrase is secret. That is why it was safe to transmit the encrypted data file over the Internet, but Julian wrote the passphrase down on a piece of paper and handed it directly, as well as verbally giving Leigh an unwritten salt.
Finally? They've said that all along. That's why they were redacting the documents in the first place.
You are attempting to claim Wikileaks is 100% pure here.
The reality is no-one can truly judge what should be redacted over thousands of documents. A lot of REALLY bad information was released and not redacted in the documents Wikileaks released. Names were named. Why you are trying to paint WikiLeaks as wholly noble when they are the same shade of grey is a mystery to me.
Yes they tried to redact some stuff, but you also cannot know WHY they redacted what they did - you can never know what ulterior motive Wkileaks might have had for redaction. Michelangelo once famously said when asked how he carved David that "It is easy. You just chip away the stone that doesn't look like David.". Well given enough documents you can tell whwatever story you like through redaction - and don't forget there are two levels at work, the leakers redactions in addition to WikiLeaks.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
...is as dodgy as a 9 dollar note.
ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
"would not have like to have been named " is very different to "were unfairly harmed by being named."
There were at least a few tribal leaders in Afghanistan named who were in fact worried about being killed, far worse than anything the leaker faces.
There is no difference at all, and in fact in many of these documents people are being named that are worried about being killed - also exact positions of military bases useful for mortars, etc.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I think not. Alanis Morrissette never mentioned Wikileaks.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
This is eerily parallel to RMS with respect to copyright. Ideally, he would prefer that copyright not exist, but it is the basis for the GPL/copyleft model of enforced sharing.
Utilizing a resource which you would prefer not exist, but it does, to derive benefits in the meantime while you wait for it to be abolished, is not hypocrisy in my eyes --- providing that you do not claim that the resource is wholly bad, there is no problem with this. It only becomes hypocrisy if you add the additional logical error of "false dichotomy". Since I don't know anything about Assange's statement or its context, it's impossible for me to know whether it was absolute enough to warrant calling his position hypocritical.
. . . performed by lawyers on behalf of their clients?
http://page2rss.com/702be584dd7c81631bcd797202740b73/5612233_5614260/cryptome-has-decrypted-the-
Laws are like sausages. It's better not to see them being made. - Otto von Bismarck
You have denied access to information by your selective redaction of the original quote.
Ah yes, the NYTimes - The Nixonian henchmen of today
Apparently, faced with hundreds of thousands of documents vividly highlighting stomach-turning war crimes and abuses -- death squads and widespread torture and civilian slaughter all as part of a war he admired for years and which his newspaper did more than any other single media outlet to enable -- John Burns and his NYT editors decided that the most pressing question from this leak is this: what's Julian Assange really like?
This only confirms what kind of hypocrits the wikileaks guys are.. Leaking other people's secrets is ok, but if you leak theirs.... All they wanted was some fame, it never was about really doing something right..
so now we have a leak inside a leak. We need to go deeper. We need to have a leak inside a leak inside a leak.
is mighty flexible. There is no way to play this game without innocent casualties, knowing the nature of the regimes involved. I read Assange as a self promoting thief who has now lost the hole card. You may well expect an unfortunate accident in his near future, it is only a pity that his selfish actions have caused much death and suffering to the innocent who, it is inevitable, always get sucked into the meat grinder of history. Wikileaks has now joined that majority of political organizations who have innocent blood on their hands.
The password on the insurance file on The Pirate Bay is, as per The Guardian book, ACollectionOfDiplomaticHistorySince_1966_ToThePresentDay# .
http://boingboing.net/2011/08/31/wikileaks-guardian-journalist-negligently-published-password-to-unredacted-cables.html
Not really confident about the entropy of such passphrase...
If you are going to share extremely sensitive documents with several people, why the FUCK wouldn't you create several *different archives* with different passwords - one for each individual you are sharing the information with?!
Give each individual access for a short period of time, and then DELETE THE INDIVIDUAL FUCKING ARCHIVES FROM YOUR SERVER! This has the additional benefit of being able to trace any future leaks.
Seriously, if you have disseminated the password to your single "master copy" archive to multiple organisations, then it might as well not be encrypted. If they had created different archives + passwords for each recipient this would be a non-issue.
An analogous situation is where you're setting up a webserver which hosts multiple sites/apps. You run the server process of each site as a different user because that way if one site is exploited, the damage is contained to that site only.
I seriously wonder if Wikileaks employees run their desktops as root.
Obviously if you support the concept of leaking information, that would not extend to leaking such information as would likely prevent further leaks.
Those who claim that such a stance would be hypocritical fall into the same category of stupid people as would claim that believers in the free distribution of open source software should also include the right to close source that software, or of the group of people who believe that a democratic system which allows for the electorate to vote away their right to vote is somehow more democratic than one which prevents that right from being abandoned.
On one hand, their anger is understandable. Even when your business is to reveal secrets, you need to also keep some secrets (ask any reporter with an anonymous source). It sounds hypocritical, but it really isn't. You can argue all you want about whether some military secrets endanger national security or the safety of civilians, but it should be clear that, for example, evidence of military or political wrong-doing is in the public interest, while access information to private computers or bank accounts is not (even if the person is guilty of wrong-doing). And on another level, a journalist publishing information given him by a confidential source is fulfilling his journalistic duty, while a journalist publishing information the source told him not to publish (which may possibly identify the source) is breaching trust.
On the other hand, taking this to court is completely fucking retarded. It kills any remaining relations with the newspaper, harms their relations with the other papers, hurts public opinion (because of the appearance of hypocrisy), draws public attention to the very matter they wanted to keep confidential (Streisand effect), and has no chance of stopping the damage.
Also, as the article says, what the hell was the point of publishing the passphrase in the first place?
Having a "doomsday" file out there in case Wikileaks is taken down, everyone arrested and whatnot is a good precaution. Reusing a password that many people in many organizations they've shared it with know is insanely stupid, no matter what. They should have used a password they and only they knew. Because as this case proves, that means they've lost control of their doomsday device. They don't have control over the file and they don't have control over the password.
They should have used a different file for partners, that they controlled tightly with very limited risk even if the password was exposed. Of course they couldn't ultimately have stopped the Guardian if they had revealed both that file and the password, but at least you didn't hand over the keys to your doomsday device. That is just epic fail on the side of Wikileaks, no matter if the Guardian acted stupid or not.
Live today, because you never know what tomorrow brings
JA copies confidential files into a secret directory on a server and does not warn the people who have the right and the access to the parent directory, then does not delete these after transmission, and he chooses a simple password transmitted in a public place AFAIU (instead of a larger key transmitted on a physical medium, like a cd or an sd card) which he does not warn his partner never to reveal it and handle it with care, does not make sure he has the organizational, physical and administrative control over this server.
Holy shit this guy fucked up. For acting cool he compromised *all* security principles. In the company where i worked security was hanging not so high, but putting data, even encrypted to a server outside the companies full control was *strictly* forbidden.
If i would have to design something which is easy to give, i would choose a bootable linux read-only USB stick (so that anybody can just freshly boot) with networking turned off and an encrypted container and instruct my partner to open it on a freshly bought random netbook. Easy, cheap, fast, safe.
But not as cool and you have to explain a few minutes.
Good luck with that. There's a little legal jargon called "unclean hands" which might cause you no end of problems.
Basically, someone doing something illegal which affects you only because you were doing something illegal in the first place is unlikely to be heard in court. It's like a pimp trying to sue his prostitute, or a burglar suing the manufacturer of the television he stole.
And, unlike some litigious countries, the UK courts probably won't tolerate such things and The Guardian only really operates within the jurisdiction of the UK (and any other countries where the book might have been published are equally likely to just laugh at such a lawsuit).
Also, where does Wikileaks think it will find the money to go up against a media giant in the UK? Unless they're planning on using the money the papers gave them for the information in the first place in order to sue those same papers over that information?
It seems odd and pretty much an empty threat. I'd be surprised if it got through without a summary judgement happening very quickly, and be incredibly surprised if they ever manage to prove anything to a courts satisfaction.
This isn't wikileaks suing some third party who gained access to these leaks for publishing this. wikileaks gave this password to the guardian under the agreement that they would not re-publish this.
when has wikileaks ever leaked anything given to them that they agreed beforehand not to release?
i spent five minutes thinking and all i got was this crappy sig
Wikileaks: now YOU know how it feels...but I doubt you'll learn anything from this experience.
The Guardian is being accused of unauthorized access to Wikileaks' computer systems.
TITLE 18 > PART I > CHAPTER 47 > 1030
(a) Whoever (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains (C) information from any protected computer;
The Guardian could be in some hot water soon. If these alligations are true then this is a clear case of illegal conduct.
You can say Wikileaks is breaking the law in what they do but their conduct is another matter and should be treated as such. It is not legal to have unauthorized access to a computer system of alleged criminals (unless you are the CIA/FBI/NSA/DHS/DOD/Spanish Inquisition).
Anons need not reply. Questions end with a question mark.
Funny thing though, the Planetary Datalinks project was one which, when playing an advanced faction, was pursued so as to deny it to rival factions. If you let Yang, Santiago, or god forbid Miriam get to it, you're in for a hard fight all the way to the end.
your thin skin doesn't make me a troll
Assange is a bog-standard anti-American, sheltered, coddled, ignorant Western leftist twerp
And this line makes you sound like a bog-standard anti-'foreign', sheltered, coddled, ignorant, biggotted redneck twerp. Are you sure this was your intention?
A leak website complaining about some leaking documents about it? Delicious!
That's the problem with Assange and Wikileaks..... They are essentially griefers who can't swallow their own medicine. They think it is O.K. leak everybody else's secrets, which they have no right to do, but they run and cower behind lawyers when someone releases WikiLeaks' secrets.
Talk about hypocrites!
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
At least Sister Miriam Godwinson and CEO Nwabudike Morgan weren't in bed together on Planet. On Earth some try to worship capitalism, globalism, and God all at the same time.
I remember hearing or reading about an idea that involved identifying a leaker by seeding different people with documents that contained juicy, unique phrases to tempt journalists into quoting them directly, thereby identifying the source of the document.
Infocom did similar with review copies of games. Someone was posting their review copy on a BBS. We made custom copies for each reviewer with a modified room description for one of the rooms. It was posted, and that reviewer was caught.
And that's why you don't put classified material on a system connected to the internet. Oh, wait...
providing evidence to support that claim.
Since I showed they were not, and you did nothing to counter my assertions, you are trying to cover up for very sloppy redacting.
Again, an organization like WikiLeaks cannot properly redact documents. They might try but you can never know to WHAT standard they are redacting information, or for what reason... and in the end it doesn't matter anyway, just like you can't be "just a little pregnant" you cannot claim Wikileaks is trying to protect privacy while violating the hell out of multiple people's privacy.
As for the fantasy the news organizations are any more capable, again they are not security experts and not fit to judge what is redactable or not.
They're omitting names and other specifics
Really?
You can keep shoveling but the truth is so evident you cannot bury it.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Same thing with the Hunter-Seeker Algorithm. Deny it to Zakarov and you don't even have to bother researching your own tech for the rest of the game.
"Don't feel bad for me child; I'm the monster that hides under your bed."
L E A K C E P T I O N
If there was ever any doubt in my mind that Wikileaks has turned into nothing more than one man's vanity project, it was dispelled the moment I clicked that link and was greeted by the stern visage of Julian Assange. "Keep Us Strong", it says, the text right above a picture of The Man Himself. The message is clear. Assange is WikiLeaks and WikiLeaks is Assange.
WikiLeaks would be better off in the hands of someone who is not so clearly getting off on being seen as the face of the site.
------RM
Karma's a bitch.
Whiny Nancy-boys.
This ultra secret, mega-important, super-leak was protected by a relatively short plaintext password that even references the expected content of the file it "protects"?
And as someone else noted, then this stuff was made available over the public Internet for a newspaper guy to download?
Come on. This is rank amateur bullshit.
Labeling a civilian informant in Afghanistan who provides information on violent extremists a "freelance spy" is a rather transparent attempt to manipulate the discussion. We're talking about people who simply dont want to live under the oppressive boot of fundimentalist radicals.
By your definition Harriet Tubman was a "freelance spy", deserving of the punishment for her calculated crimes of smuggling black slaves from the south northward to freedom.
"But we have to pass the bill so that you can find out what is in it,..." - Nancy Pelosi
Every once in a while, there's a day with an absolute right and an absolute wrong, but those days almost always include body counts.
--Aaron Sorkin
It's a hell of a lot more insightful than most of the things coming out of real politicians' mouths.
I need say no more :)
Well if that isn't the pot calling the kettle black, I don't know what is.
Wikileaks and Assange have their own agenda - they're not noble crusaders in a black and white world either. The damage he's done includes putting individual people in harm's way for his own selfish goals of "reform". He's no different from any other political leader with their own agenda, he just likes to think he's doing a greater good - but don't they all?
Boo frickin' hoo.
You can nitpick that he was careful or selective in what he leaked - but he still stole and leaked information that wasn't his. That much IS black and white. If anything, HE was negligent in how he protected the stolen and sensitive information by just giving it out to a Guardian reporter.
The password is 56 characters in length, given that its plain text, that means you get roughly 4 bits of entropy per character, so we can divide by 2 to get our useful bytes/bits of entropy, or 28 bytes of solid entropy, or 224 bits.
Thats actually a pretty good password, far safer than any place that uses a MD5 or SHA1 hash of your password for verification, SHA1 is only 80 bits of useful entropy once you take all the shortcuts to make it easier to process into account. (160 bits intended, weaknesses make it worth about 80 bits last I heard, could be less now).
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
awesome quote! but a quick search reveals that it's from a video game... kinda embarrasing to pull out in a serious argument with someone who doesn't play civ games...