Slashdot Mirror
WikiLeaks Sues the Guardian Over Leak
An anonymous reader writes "WikiLeaks complaining of a leak is hard to get one's head around. That it's suing The Guardian — its great ally — is even harder. That The Guardian did such a ridiculous thing to warrant litigation in the first place almost defies belief."
Update: 09/01 04:59 GMT by S : Changed the first link to point to the statement on WikiLeaks' website. The Guardian has denied the allegations, saying, "Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours."
Sorry, it's been redacted.
There is no honor amongst thieves.
Either you support leaks or you do not. Selective leaking is simply propaganda dressed up to look pretty.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"...Free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master. "
No this is a huge issue for Wikileaks. They got most of their documents from people on the inside who needed and WANTED the ASSURANCE that some of what they were handing wikileaks would be redacted, like operative names, and informant information. They wanted it to be a RESPONSIBLE release of information, one that doesn't have to be OK'd by the very people it would embarrass.
Now that wikileaks can't be trusted with keeping the UNREDACTED versions safe, they will lose a lot of sources.
I swapped out the original link with one pointing to the statement on their website, so it should work now.
The supposed password, as it appears on page 148 of the pdf version of the book, is ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
Supposedly applies to "cables.csv" but not to the insurance.aes torrent released last year by Wikileaks.
FTFA:
Wikileaks complaining of a leak?
Yes, and damned well they should unless your moral views are very shallow.
How many US politicians are laughing at the Wikileaks/Guardian partnership exploding so spectacularly?
I'd say it's the CIA laughing. This is incredibly valuable for them. They lose some secrets, but they discredit the messenger (And anyone who tries to replace them) to prevent future leaks. If I was running the CIA, I'd certainly run a program to discredit Wikileaks. A few rape allegations here, an ideological schism in the organization alleging untrustworthiness, some unveiling of sources to make future sources afraid...
Does Wikileaks finally realise there's a need for secrecy/privacy in the world?
Finally? They've said that all along. That's why they were redacting the documents in the first place.
Does privacy/secrecy all boil down to where someone draws an arbitrary line in the sand?
Yes. The world is a fuzzy place and doesn't lend itself to simple morals where you can divide things into the dark side and the light side. At some point it just comes down to someone looking at the situation and doing what they feel is right.
Should a lack of privacy/secrecy be all or nothing?
Of course not. In general, I believe that the larger an entity is, the less privacy they deserve.
Is Wikileaks cementing views that it is or isn't an organisation of journalists who are guided by traditional journalistic ethics?
They publish the truth and protect sources who need protection. They've pretty much always been in that camp.
Assange is on record stating that he doesnt think there should be ANY secrets at all. A large number of slashdotters have reinforced that belief.
Why the hypocrisy all of a sudden?
Who in their right mind would think it okay to publish a password and publish the correct one? They could have published the same book with a fake password all the same, yet obviously it was the password.
As for it being temporary, it wasn't an access password, but a decryption password. And in the eyes of the law, why would what Wikileaks said even matter if non-disclosure was part of their arrangement?
The point of leaking is to expose malfeasance.
Not necessarily. Leaking is also a tool of embarrassment, harassment, political manipulation, etc. When leaking selectively, one side and not the other, the point may be entirely political.
Just from curiosity: is the identity of the original leakers also subject to your postulate on selective leaking?
The names of many people who would not have like to have been named were in the documents leaked and released. I do not see why the person leaking should expect any special treatment in that regard; of course an organization that leaks that would see fewer leaks come in to be sure, but it is fair game if someone ELSE can extract it from the site data is leaked to...
You have to figure as a leaker it is more likely than not someone will figure out it is you, and be prepared for that eventuality. If the leak is truly important enough, that will not matter.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If Wikileaks allowed a third party to have access to unredacted ANYTHING they are idiots.
Said third party might have government moles or spies looking to bust whoever leaked the stuff...or enemy moles looking to use the sensitive stuff to inflict damage.
Your post basically answers itself. They did change their position on the issue because they got a lot of heat for not redacting the cables. That is why for the past year (with the Cablegate cables) they have been working with news organisations to carefully redact them before releasing, and releasing them in small batches a few at a time. That has consistently been WL's position for the past year. Complaining that The Guardian released the cables that were supposedly sent to them for the sole purpose of redacting them is not inconsistent with their recent position.
(I have often said that one is not a hypocrite for changing one's beliefs, only for simultaneously saying one thing and doing another.)
After I wrote this, a great quote came to mind:
There it is. That's the ten word answer my staff's been looking for for two weeks. There it is. Ten-word answers can kill you in political campaigns. They're the tip of the sword. Here's my question: What are the next ten words of your answer? Your taxes are too high? So are mine. Give me the next ten words. How are we going to do it? Give me ten after that, I'll drop out of the race right now. Every once in a while... every once in a while, there's a day with an absolute right and an absolute wrong, but those days almost always include body counts. Other than that, there aren't very many unnuanced moments in leading a country that's way too big for ten words. I'm the President of the United States, not the President of the people who agree with me. And by the way, if the left has a problem with that, they should vote for somebody else.
--President Josiah "Jed" Bartlet, from The West Wing
Sorry, the first part was meant to be funny... As for the second, according to the Guardian at http://www.guardian.co.uk/world/2011/sep/01/unredacted-us-embassy-cables-online
"The embassy cables were shared with the Guardian through a secure server for a period of hours, after which the server was taken offline and all files removed, as was previously agreed by both parties. This is considered a basic security precaution when handling sensitive files. But unknown to anyone at the Guardian, the same file with the same password was republished later on BitTorrent, a network typically used to distribute films and music. This file's contents were never publicised, nor was it linked online to WikiLeaks in any way.
"Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours.
So 1) WikiLeaks knew the password was out there many months ago, 2) if they were TOLD the password was temporary they didn't misunderstand anything...
Si hoc legere scis nimium eruditionis habes.
This is eerily parallel to RMS with respect to copyright. Ideally, he would prefer that copyright not exist, but it is the basis for the GPL/copyleft model of enforced sharing.
Utilizing a resource which you would prefer not exist, but it does, to derive benefits in the meantime while you wait for it to be abolished, is not hypocrisy in my eyes --- providing that you do not claim that the resource is wholly bad, there is no problem with this. It only becomes hypocrisy if you add the additional logical error of "false dichotomy". Since I don't know anything about Assange's statement or its context, it's impossible for me to know whether it was absolute enough to warrant calling his position hypocritical.
You are attempting to claim Wikileaks is 100% pure here.
No, I'm claiming that "Wikileaks [ ... ] realizes there's a need for secrecy/privacy in the world", and providing evidence to support that claim.
And yes, the job's too big for one person... that's why they were farming it out to reasonably respectable news organizations which are (well, should have been) capable of handling this level of journalistic ethics.
Have a look at the actual leaks. The redactions aren't like the black pages you get back on an FOIA request. They're omitting names and other specifics, but leaving the intention of the documents perfectly well intact. Sure, that can still be used to hide an agenda on WL's part, but that just calls for critical thinking skills.
I'm not giving them a free pass, but it does appear that they're trying to do the right thing. How could they even cheat at this? Tell their press partners "hey, we need to redact these documents but, uh, could you do it with this other agenda in mind?"
For better or worse, we'll find out: since the raw information is now available, we can see what was redacted and if it was done with an agenda.
Ah yes, the NYTimes - The Nixonian henchmen of today
Apparently, faced with hundreds of thousands of documents vividly highlighting stomach-turning war crimes and abuses -- death squads and widespread torture and civilian slaughter all as part of a war he admired for years and which his newspaper did more than any other single media outlet to enable -- John Burns and his NYT editors decided that the most pressing question from this leak is this: what's Julian Assange really like?
How exactly do you propose they change a password in a file has already been downloaded by thousands of people?
You can't take the sky from me.
I've written a full post on this issue here, but I'll respond to your individual points.
I agree, it is somewhat unusual for WL to have disseminated the cables in an encrypted archive, deleted the archive, then at a later time shared the same encrypted archive rather than creating a new one. It might have been better to create a new one with a new password, and may have added some extra layers of security, but from a cryptographic standpoint this was perfectly reasonable behaviour.
You need to consider this as a cryptographic system (as I'm sure Julian Assange did), and that means considering what information is public and what information is secret. The archive was encrypted, and the ciphertext was shared across the open Internet (I assume over SSL, but still not requiring authentication). Therefore, we must assume that the encrypted archive is public from that point forwards. The password that unlocked that archive was kept secret and treated as extremely sensitive by WL. By Leigh's own description, JA handed it to him in person on a piece of paper, and then verbally gave him a salt to apply to the password. It's strange that the passphrase wasn't a collection of random letters, but apart from that, all of this makes cryptographic sense.
Now let's suppose that you need to send the exact same document to another journalist at a later date. While maybe you should re-encrypt it, cryptographically it doesn't make any difference, because we are operating under the assumption that the original encrypted archive was public from the last time we put it on the open network. Therefore, reusing the same archive again with the same passphrase doesn't weaken our security very much. To put it another way, even if WL had destroyed that archive and never reused the passphrase, someone in the general public could theoretically have a copy of it from the one time it was shared, and therefore could have decrypted it when Leigh disclosed the passphrase.
Technically it is too late by this point. Once you have put it on the open internet for a short period of time, you have to assume that it is public, and rely on the encryption on the archive itself, and your endpoint not to disclose the passphrase. They could have set up a login system that requires the client to authenticate. That would have guarded against the contact disclosing the password at some point in the future. But is there any reason to have planned for that scenario? You are already giving the full dump of sensitive documents to your contact, so cryptographically it makes no difference whether you do it by an authenticated login or by transmitting an encrypted document. The end result is the same -- only you and your contact have the plaintext -- assuming your contact is not malicious or stupid. If your contact is malicious or stupid, you're fucked anyway because he has the documents. To put it another way, the system would have been secure if Leigh had not disclosed the password, which Leigh was contractually obliged not to do. Any other system would have required the same level of trust in Leigh. This was an error on Leigh's part, not WikiLeaks and not the technology.
Assange is on record stating that he doesnt think there should be ANY secrets at all
Let me see if I can dumb it down for you:
1. Chicken is yummy
2. Chicken hatch other baby chicken
3. You eat all yummy chicken -> No baby chicken -> You die of starvation X-(
4. You save some chicken -> Yummy chicken year around
The goal of complete openness is not achievable while fighting against large conspiracies, just like the goal of complete non-violence is infeasible when fighting for peace against a violent aggressor. Recognizing this, Wikileaks maintains the least secrecy necessary in order to maximize the total quantity of leaked information. Leaking more than this level is detrimental to their long term goal. In their quest for openness Wikileaks is willing to settle for a practical goal, and if it turns out they can't protect sources that practical goal is compromised. And what practical results those were ! They played a major role, maybe a decisive one in starting the Arab Spring.
The position of The Guardian who leaked the password for the widely disseminated Cablegate file under the pretence that "a password isn't harmful by itself" is laughable. Here Wikileaks recognized it's inability to correctly disseminate the large volume of data, and brought in traditional media, only to be betrayed and embarrassed by their sheer negligence or malevolence.
ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
This only confirms what kind of hypocrits the wikileaks guys are.. Leaking other people's secrets is ok, but if you leak theirs....
Using a firearm to defend others is ok, but it makes you a hypocrite if you protest others using a firearm to commit murder.
Questions raise, answers kill. Raise questions to stay alive.
That's just false.
Assange advocates for public knowledge and control about the things that governments and enterprises are doing. He also advocates for personal privacy.
Please, read what Assange says before writing nonsense about his believes.
Have you bothered looking at wikileaks from before, say, 2010? Assange has no qualms about releasing private personal information, such as hacked emails, from people he doesn't like.
Not quite.
Assange is ALL FOR leaks of information about Western Democracies and corporations, especially the US, but I have yet to see a leak from him of Russian or Chinese secrets. That because he knows such a leak would result in his unfortunate "accidental" death.
Crying about leaks concerning his operations is the height of arrogance and hypocrisy.
I would imagine that if his leaks of Western information results in the deaths of one or more ordinary people mentioned by name in those leaked documents then several members of the Wikileaks organization might experience unfortunate "accidents". They can't hide for any length of time.
Running with Linux for over 20 years!
He leaks information primarily about the US because he has an axe to grind with us. He may along the way leak genuinely good things (either from the US or other countries), but lets not pretend he isnt really pro-tearing-the-us-down.
Please, read what Assange says before writing nonsense about his believes.
Really? I call bullshit. His history shows the exact opposite. This is the fucking douche who lost his kid ... for being a fucking douche, and then campaigned to make ALL CHILD CUSTODY RECORDS PUBLIC INFORMATION so he could get something to use against the mother of his child. He didn't give a flying fuck about what that meant to the children.
He believes in personal privacy for Julian Assange, no one else. If you think he wants you to have personal privacy, you're completely out of touch with reality.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager