Slashdot Mirror
WikiLeaks Publishes Cable Archive In Full
We recently discussed news that WikiLeaks had complained of a password leak which threatened the encryption of unredacted documents contained in the Cablegate archive. Now, reader solanum writes with this update:
"According to the Guardian, 'WikiLeaks has published its full archive of 251,000 secret US diplomatic cables, without redactions, potentially exposing thousands of individuals named in the documents to detention, harm or putting their lives in danger. The move has been strongly condemned by the five previous media partners – the Guardian, New York Times, El Pais, Der Spiegel and Le Monde – who have worked with WikiLeaks publishing carefully selected and redacted documents.' In the same article The Guardian gives further explanation of the controversy reported earlier, suggesting that Assange went against standard protocol in providing the master password to the newspaper."
The guardian password thing was a mistake. A big mistake.
The solution however is NOT to go all in and betray the trust of the sources. This sort of thing is just what you'd need to kill Wikileaks forever.
If it was due to a mistake, an accident or hacking, we might move on, but this is big stuff.
The Guardian essentially pretends now that Wikileaks have taken this decision and by doing so have placed a lot of people at risk.
This deceit is evident several places in the article. That is the deceitful picture they are trying to paint.
The truth is that all of the cables were already accessible to anyone who wanted that access worldwide, including intelligence agencies.
You can argue about "blame": was the blame on Assange who apparently reused a password, on the Wikileaks people who spread that file around as a form of "insurance", or on the person from The Guardian who wrote what the password was in his book?
But you can't argue that Wikileaks now has sole responsibility for placing people at risk. That responsibility is down to all the aforementioned participants.
The exact division of blame can be argued about, but a picture that Wikileaks now places someone at risk that wasn't placed at risk earlier through joint efforts is monumentally deceitful.
So by your example I shouldn't have protection of anonymity for informing the police of a local drug dealer... even though I'd have reasonable fear of reprisals for doing so....
Huh?
Nah... a few folks will have a good reason to be worried, but otherwise the world at large won't see the effects for a long time, if ever.
Now Wikileaks OTOH, is about to be labeled a terrorist organization and removed from the face of the Earth by any means necessary - legal or not legal. They had a shot at being left to remain in existence when they had some sort of underdog nobility to play on, but now? I suspect someone at the CIA, Interpol, and various other places around the globe are quietly whispering the same thing 'Oh, it's *on* now, bitches...'
(rightly or wrongly, I suspect that's how it's going to be played out).
Quo usque tandem abutere, Nimbus, patientia nostra?
And it shows, of course, that wikileaks can't be trusted to protect lives. It further shows that extreme measures are justified to protect potentially damaging secrets.
Besides, It unfortunately shows US politicians, sadly, are not that bad, compared to others ...
They were thinking something along the lines of "the Guardian already gave the bad guys our secrets, so let's make sure the people at risk have a chance to look through the cables, see if they're mentioned, and take appropriate self-defensive measures, since we don't have the resources to approach them all privately."
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Well, the intelligence world was already trying to spank Wikileaks...effectively without a real quality excuse.
Now they have the excuse, and lives really are on the line. Bye Wikileaks!
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
No. It means that hey want to cover up the fuckup which JA and *only* JA is responsible for to the media.
He gave the password without specific instructions. He put the files somewhere where they don't belong (i think not mixing redacted and unredacted material would be a good principle) and did not inform the administrator that these are there. He lacked responsiveness in communicating with the responsible admistrator. He lacked openness to address the issue and take control of it of give the responsibility in a controlled way to somebody else. He did not delete the documents which he put there. He chose a single, simple password instead of a two-factor authorization. He did not (as would have been appropriate) use a physically safe way of transferring the data to the journalist (1 DVD would have been enough). He did not make sure the journalists computer is safe.
Wikileaks made the encrypted archive available long ago so shouldn't the headline here point out the newer and more interesting bit - that the Guardian released the key after signing an agreement not to?
First the Guardian published the master password for the cables.csv file, which made all those names of informants and what not publicly available. Now that Wikileaks is also making the same information available that the Guardian first made public to everyone, the Guardian is trying to paint this disclosure of information as an irresponsible move by Wikileaks.
The only thing you can blame Wikileaks for, afaik, is to make that same information available via a search interface (besides the fact that they gave the real password to the Guardian). But it's not like people who had really bad intentions for uses of that information couldn't set something like that up themselves (and probably already did), which I assume is what motivated them to do this.
Donate free food here
We're not trading lives for oil. we're trading lives for power, and this President is no different than GWB, Clinton, GHWB, Reagan, Carter, Nixon, Johnson ... in this regard.
The only thing people like you do, is bury your head in the sand, because the ends justify the means in your world.
The Constitution hasn't mattered in a very long time. When people are looking at INTERNATIONAL law as superseding it, or when they view it as a "living changing document".
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I think what happened is that the Guardian stabbed them in the back and gave all the governments in the world the excuse they needed to go after Wikileaks.
So now Wikileaks is deciding to go out with a bang before someone slits their throat and denies them even a whimper.
The Constitution was always intended to be, and IS, a living changing document. That's why it can be amended!
-- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
You are so wrong over here.
He gave the password to the Insurance file. That part was wrong. True. Not sure why he gave him that password, but that's his mistake.
The files were ENCRYPTED and public. The idea was that if wikileaks was pulled down by the government, or shut down by the ISP or whatever - which was VERY probable, lots of people would have the files. Think of it as a guarantee. Its useless pulling down the site, because the data will still be there. Two factor authentication would be useless for this purpose.
Now, HOW WOULD YOU delete the files? Pull down the torrent? Ask everyone nicely? Hack everyone's computers and delete the files?
There was nothing he could do after the leak. Nothing.
I know it's an AC, but I'm replying anyway because this is a widely held belief in certain circles.
When media asked Assange about the risks to human lives because of their first releases, Assange stated that he didn't care and that their deaths served his purposes well. Assange is a sociopath and repeatedly on recorded saying people deserve to die for his cause and that its a just death.
Complete bullshit. I know exactly what story you're talking about: http://wikileaks.foreignpolicy.com/posts/2010/12/07/which_is_it_mr_assange The deaths occurred because the Kenyan people decided to riot and face death of their own accord, a decision they based on information leaked on Wikileaks. These people actively chose to fight a tyrant. They weren't executed based on information in the leak.
In short, just the fuck up. You don't have a clue.
Those who can, do. Those who can't, sue.
Note that the link, is from the Guardian, from the same guy who deliberately published the document in the first place.
Guardian is after wikileaks, bigtime. It's incredibly damning of them.
We don't know when the password and the file were put together by any potential black hats. We know the password was published some time ago, it just became news recently. It isn't like now that the release was official, only at that moment did it fall into the wrong hands.
In any case, this is a tremendous loss. There's no way to guess how many valuable intelligence sources were compromised, and Wikileaks continues to be primarily focused around embarrassing and damaging the Unites States' national security, and not that of other nations or malevolent entities, as their facade is supposed to show.
Good luck with that... we're talking (potentially) thousands of informants globally, many of whom are not in a position (for various but legitimate reasons) to simply pack their families up and go.
If you've ever tried any sort of large logistics operation on short notice, you'd discover pretty quickly just how tough it is to get anything done on a large scale. It would take a month or so at best, and multiple months at worst. Now, try moving a global-wide network of different people, most of whom you may or may not have contact with on a regular (let alone frequent) basis. A huge percentage of these informants have no access to the Internet in order to even check on their own (see also North Korea, Pakistan, etc) Long story short, it would be frickin' impossible on short notice.
Sorry, but the fault lies with the leaker for treason, The Guardian for incompetence, with Wikileaks for being narcissistic idiots and broadcasting the potential hit list in plain daylight, and with all the idealistic useful idiots who, without thinking it through, wholeheartedly and unreservedly supported them.
Quo usque tandem abutere, Nimbus, patientia nostra?
No i am not. follow the full story and you get a different picture.
a) Torrenting is just a very spectacular way to insure the existence of a document. Among all possible ways it is the least preferable. The preferred on involves copying the data on 50 DVDs and sending or giving these to the partner newspapers. The decision to use torrent in this way was the wrong one, no matter if you agree with it or not, since it only left one barrier (obtaining a not-so-high entropy password) for any interested party.
b) the standard way to handle encrypted material is *not* to give pwds directly. The standard way is to hand over the key, which is protected by a passphrase, and give this passphrase separately. This was the standard procedure in the last company where i worked for something as mundane as .pk12 certificates for wlan clients, or ssh certificates.
c) mixing the functions of being secured by the torrent and transmitting it to the journalist in a cool way was completely irresponsible. It was JAs decision to transmit key material for a secret document to this person. It was his decision alone. He did *not* communicate it to others, he did not ask for permission, and as far as i understood this was one of the points which made the conflict with DDB more severe. AFAIU JA always resisted rules inside WL to which he could be bound. But believe me, rules, even informal ones are a god thing. Rules like 'who can take money' 'who has access the servers' 'which persons share the key material in a way that only a majority of them can reconstruct the key'. But this would have pushed JA from a throne of a king to the chair of a leader.
d) AFAIU the persons torrenting in a wave of unqualified paranoia were not aware that these documents are contained within the file they are torrenting since JA did not inform anybody on this. I take this point with a grain of salt, since it is DDBs interpretation, but the German Lawyer of WL only complained to DDB about htese severe claims and did not ask him for a "unterlassungserklaerung" (a legal binding document which you can use to stop somebody for making flase statements which harm you). This fact tells me DDBs story is essentially right.
Executing anyone is always an assassination, regardless of how you try to justify it.
Dilbert RSS feed
Everything goes somewhere, and I go everywhere.
There is no news. There is only the truth of the signal. What I see. And, there's the puppet theater the Parliament jesters foist on the somnambulant public.
Killing someone is killing someone, whether 'lawfully' or not. Do you think it is right to kill someone because they embarrassed you? No? Then why should those in power be able to do so?
You should look into some anger management. All that bad temper is just going to give you a heart attack.
Those who can, do. Those who can't, sue.
They were thinking ... that The Guardian had already published the password to the "insurance" file in a book so they might as well let everybody have access, not just the bad guys.
My understanding is that the Guardian did not publish the password to the insurance file, that it published the password to a temporary file that Assange said would only exist for a few hours. The password was interesting in that it provides some insight into Assange's thinking. Assange giving the password to the Guardian was also insightful, demonstrating great contempt for journalists (can you remember this missing word). What the Guardian did not know, and what Assange is greatly negligent and responsible for is the recycling/reuse of the password for other files and/or the failure to delete the temporary file. This is terribly amateurish handling of extremely critical data.
Actually the whole archive was already available on piratebay, and we had the discussion about how bad it was to let that happen yesterday. The fact that the documents were available means that anyone who wanted to do anything unpleasant to any of the informants etc. in them was going to already. People who want that kind of information would have been the first to know. The only difference wikileaks is making by releasing it now is that the general public who dont know how to torrent can see them too.
Excepting in recent years its been changed via active judiciaries, bypassing the amendment process. There's a reason it's HARD to pass an amendment. Meanwhile we've allowed men in black robes to effectively alter our founding documents based on how they feel.
This is the way the system was designed. Those "men in black robes" have the power and the mandate to interpret the law, including the Constitution.
I won't sit here and act like they don't ever screw up. Indeed, a lot of times they do. Sometimes the system needs correction. Plessy v. Ferguson, anyone? But when such is the case, the solution isn't to sit around whining about "active judiciaries," that's just stupid. If judiciaries weren't active, they wouldn't be upholding their Constitutional duty. The solution is to use the checks and balances system to rectify the situation, to put people in office with similar ideals to yours so that you will get judges who are aligned with what you think our society needs. Brown v. Board of Education, anyone?
I can't tell you how frustrating it is to see people whining about "activist judges." That's just a cop-out codeword for, "they didn't rule how I wanted them to."
It was only the password on the Guardian's file. Unfortunately that file got distributed. See the Der Speigel article.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)