The Guardian and the Wikileaks Encryption Key

← Back to Stories (view on slashdot.org)

The Guardian and the Wikileaks Encryption Key

Posted by timothy on Friday September 2, 2011 @10:50AM from the cascade-of-decisions dept.

rtfa-troll writes "Bruce Schneier has a good article explaining how the Guardian released the encryption key for the WikiLeaks cables and destroyed the main protection against the release of informers' personal information. The comments in Schneier's blog fill in details of how exactly WikiLeaks' secondary file security protections were also bypassed. Now the Guardian has an article that Assange risks arrest by Australia over the latest leaks, which include information about an Australian intelligence officer. They even say, 'We deplore the decision of WikiLeaks to publish the unredacted state department cables, which may put sources at risk,' and go on to state that 'The decision to publish by Julian Assange was his, and his alone,' something which seems clearly debunked in the analysis on Schneier's blog."

53 of 196 comments (clear)

Min score:

Reason:

Sort:

Links & hints to the data by mcantsin · 2011-09-02 10:56 · Score: 5, Informative

http://cryptome.org/z/z.7z (368MB) pwd: ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay# http://pastebin.com/SBq9Xpsr http://cryptome.org/xyz/x.gpg.torrent (Returns xyz_x.gpg, 409MB. No passphrase yet) http://cryptome.org/xyz/y.gpg.torrent (Returns xyz_y.gpg, 88MB. No passphrase yet) http://cryptome.org/xyz/y-docs.gpg.torrent (Returns xyz_y-docs.gpg, 8MB. No passphrase yet) http://cryptome.org/xyz/z.gpg.torrent (Returns xyz_z.gpg, 368MB. Passphrase below) "xyz_z.gpg" and "z.gpg" appear to be identical and both decrypt to "z.7z." The decrypted file is "z.7z," 368MB, which unzips to "cables.csv," about 1.7GB in size, dated 4/12/2010.
1. Re:Links & hints to the data by Ironchew · 2011-09-02 11:12 · Score: 5, Insightful
  
  They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.
2. Re:Links & hints to the data by rtfa-troll · 2011-09-02 11:19 · Score: 3, Insightful
  
  people will die as a result of these leaked cables.
  Maybe. The question is, will more or less die as a result of Wikileaks making it public knowledge that they have leaked. As DarkOX already pointed out the secret services already have the files so they are looking for the sources already. Now it's possible for a source to simply type in their name and know if they are in there.
  The other question is; who should take the blame. The US government which kept the names in plaintext in a database with millions of people having access; the Guardian which when trusted with secret data seems to have failed to put their IT security people on the case (how the hell else could they expect the password to an encrypted archive to change) or Wikileaks.
  P.S. If you are a source and want to check if you are in there, do this on a local copy of the archives or at least do it over https. Remember that searching the archives for your name may be enough to trigger someone coming knocking.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
3. Re:Links & hints to the data by YesIAmAScript · 2011-09-02 11:20 · Score: 3, Interesting
  
  Not everyone in these documents was involved in covert operations.
  I personally know a person who was mentioned in these documents. He can't be the only one who was innocently roped into this.
  
  --
  http://lkml.org/lkml/2005/8/20/95
4. Re:Links & hints to the data by lgarner · 2011-09-02 11:25 · Score: 2
  
  Those who assist the killers are equally responsible.
5. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-02 11:26 · Score: 5, Interesting
  
  These leaked cables are about HAVING KILLED PEOPLE!
  Including the point-blank firing of weapons into the heads of toddlers.
  Including Israeli lies about killing "terrorists" being revealed as bombing and killing 16 civilian villagers, at prayer.
  Like most reactionary cranks, you fret SO over the theoretical loss of life that might occur, if illegal and anti-democratic secrecy is not punitively enforced.
  Where is your concern, passion and outrage about the ACTUAL callous and criminal loss of life, that would have initiated any such threat?
  Your hypocrisy and disingenuous moral posturing stinks like the foetid pool of death that you defend.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
6. Re:Links & hints to the data by a_nonamiss · 2011-09-02 11:33 · Score: 4, Insightful
  
  I'm sure you're correct in that most of the damage has already been done. I am, however, reacting to the cavalier attitude with which people seem to be treating this data. People have and will be killed over this information, and more importantly, next time someone is considering leaking something that may benefit the public as a whole, they're going to think twice about doing it. Because of that, this leak is a terrible thing for the world.
  
  --
  -Arthur
  Cave ne ante ullas catapultas ambules
7. Re:Links & hints to the data by Jah-Wren+Ryel · 2011-09-02 11:38 · Score: 4, Insightful
  
  Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.
  You've said that twice now. How do you know it to be true? These cables weren't internal CIA reports, most of them were not even classified and those few that were had only the lowest level of classification.
  Furthermore, the information was "leaked" by the Guardian's careless publication of a password. Wikileaks officially publishing them now in an easily searchable form means anyone at risk has the ability to check for themselves if their names are mentioned - the bad guys have had the cables since at least last week, if not for the last few months following the publication of the password in February.
  
  --
  When information is power, privacy is freedom.
8. Re:Links & hints to the data by Oxford_Comma_Lover · 2011-09-02 11:42 · Score: 5, Insightful
  
  They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.
  If your ex will kill you if he/she knows where you live, and I know your ex will do that, and I tell your ex where you live, I am *not* blameless
  If the country you're in will kill you if it knows what you do, and I know the country will do that, and I tell them what you do, I am not blameless.
  Saying someone accepted the risk of a bad result does not mean that other people who cause that result are inherently blameless. You may accept the risk of an accident when you drive to work in the morning, but if I hit you with my car, it may still be my fault.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
9. Re:Links & hints to the data by he-sk · 2011-09-02 11:52 · Score: 5, Funny
  
  Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.
  You've said that twice now. How do you know it to be true?
  It's true because it's in bold.
  
  --
  Free Manning, jail Obama.
10. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-02 12:10 · Score: 5, Interesting
  
  Look at this from the tin-hat angle:
  David Leigh/Guardian is working in the interest of CIA/MI6 and looking not to collaborate with WikiLeaks, but to ensnare him for prosecution.
  Clue: DL Insisting on seeing the actual files
  Clue: DL Pressing for the GPG passphrase
  Clue: DL Publishing the ENTIRE proceeding and passphrase in a book
  Dumbshit-Borg is either a long-time mole or was "turned"
  Clue: D-B had full access to all unredacted material
  Clue: D-B acrimoniously split with Assange/WikiLeaks over ego-boundary shit and speculative "risk" issues
  Clue: D-B in his schism is part of the probable exposure of these cables - portrayed as an "accident", while he was unilaterally and admittedly sabotaging WikiLeaks
  Clue: D-B can now say "I told you so" over this exposure of sources - pointing to this as evidence, rather than a situation he perpetrated
  The US Army Counterintelligence Agency said in 2008 that WikiLeaks was"a potential force protection, counterintelligence, OPSEC, and INFOSEC threat to the US Army" and PLANNED OPERATIONS to neutralise/discredit WikiLeaks:
  "The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public."
  http://www.scribd.com/doc/28385794/Us-Intel-Wikileaks
  Question: Do you think that the Agency makes these declarations in vain, for their entertainment value?
  Question: Do you think they are alone, and that there are not equivalent planned and current operations by the CIA, etc.?
  Question: Are the combined actions of DL and D-B implausible as the intended outcome of a counter-WikiLeaks strategy, set in motion by one or more intelligence agencies, including US Army Counterintelligence?
  Think about it. Once they set this down IN PRINT, internally, and don't have a "positive" outcome? Sombody goes through the ringer.
  This is likely all a setup. One with a scenario that is similar to the one indicated here, if not completely identical. It is one where where David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings.
  Either way, this is a noose fabricated of intentional actions with plausible deniability. Identify WikiLeaks with Assange's personality, and attack the personality. Attack the credibility of WikiLeaks methodology while distracting from their effectiveness and success in exposing filth, corruption and illegal government action.
  I know the will get Assange one way or another. They just created the circumstance to have him charged in Australia - their one sure bet. But watch out, DL and D-B.
  When your mysterious, untimely deaths occur, I will look at it as confirmation of these speculations.
  And proudly burnish my tin-hat...
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
11. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-02 12:16 · Score: 2
  
  OK. Go back to shooting babies in the head, and forget I said anything.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
12. Re:Links & hints to the data by Anonymous+Brave+Guy · 2011-09-02 12:25 · Score: 3, Insightful
  
  They accepted the risks when they engaged in the covert operations to begin with.
  OK, here's a new plan.
  Firstly, we must stop using human intelligence sources to anticipate and try to prevent criminal acts, because the sources are often inherently at risk and you don't want to protect them.
  Because the public will not stand for the damaging acts that are likely to result, we need a new source of information to help prevent them. Let's make disclosure of all communications to the state mandatory, declare any use of encryption in communications or storage reasonable grounds to suspect criminal intent, and treat anyone who does it as a suspected terrorist until proven otherwise. If you've got nothing to hide, you've got nothing to fear, so obviously this won't have any chilling effects.
  Also, we should stop conducting quiet diplomacy behind closed doors, because not everyone knows what their government is doing under those circumstances, and that is just wrong. Everyone needs to know everything that goes on in government immediately or the very fabric of society is at risk.
  Instead of making deals with the devil, we must ensure that we fight any opposing philosophy to the bitter end, no matter the cost and no matter how long it takes. We have, after all, been highly successful in places like the Middle East using that strategy. Meanwhile, it's not as if developments like the Northern Irish peace process started with a few brave individuals on both sides meeting secretly to see if decades of bloodshed could be brought to an end or anything. That probably didn't save anyone's life or improve the quality of life across a whole country anyway.
  While we're at it, we should probably also ban witness protection programmes. Courts must be open and impartial, and there is no risk to their effectiveness in cases relating to gang violence, sexual assaults, and corruption if everything is always heard with the press present.
  Finally, we should definitely televise all official government meetings in real time. Politics can be kept at bay, and we are bound to wind up with more sensible policies if decisions are made based on which sound-bite will sound best on the evening news rather than the considered opinions of experts who are familiar with more subtle arguments than "Five minutes ago you agreed with part of something I almost said in another discussion, so if you don't back me up now that's a U-turn!!!!111!eleven!"
  OK, here's another plan.
  First, we could use just the tiniest bit of common sense. Some things are secret for good reasons, and whatever the conspiracy theorists like to say, I'm betting that most people in government, in the police, in the security services, and in the armed forces in my country are basically decent people doing their best to protect the rest of us from not-so-decent people. Those who abuse authority should be dealt with appropriately, but we could consider a less black-and-white view and not throw out the whole fridge because a bit of cheese got mouldy.
  Transparency is important, and checks and balances are important, and oversight is important, and respect for democratic roots is important, and secrets should only be kept from the general public for legitimate reasons and for as long as absolutely necessary. However, I don't think we would like to live in a world where only the bad guys kept secrets at all, and I don't think we would like to live in a world where no-one was brave enough to stand up for what is right for fear of the repercussions when they were inevitably compromised.
  
  --
  If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
13. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-02 12:31 · Score: 4, Insightful
  
  Just an aside here, I don't know how relevant it is.
  I love how all the small-government types - the ones who think that the notions of commonwealth are somehow equivalent to boogieman socialism - get all righteously pro-State, when it comes to WikiLeaks. It is a curious kind of cognitive dissonance.
  I propose that this psychological maladaptation is the expected outcome of an authoritarian personality forming in the context of what is, nominally, a republic.
  George Orwell was impossibly subtle and perceptive in his fictional exposition of this as "DoubleThink". He demonstrates it as obvious, oxymoronic contradiction - a caricature of the actual mental state of those who enable and support totalitarian positions.
  "Freedom isn't Free" Christ! That's the knee-jerk truism for "War is Peace", "Freedom is Slavery" and "Ignorance is Strength" in one, compact portmanteau!
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
14. Re:Links & hints to the data by FoolishOwl · 2011-09-02 12:42 · Score: 4, Informative
  
  Including the point-blank firing of weapons into the heads of toddlers.
  I'm guessing you meant this:
  WikiLeaks: Iraqi children in U.S. raid shot in head, U.N. says
  Bradley Manning did the right thing.
15. Re:Links & hints to the data by a_nonamiss · 2011-09-02 12:42 · Score: 2
  
  Most of the damning information in the cables about corrupt governments and civilian casualties was leaked over a year ago. What was leaked in February, and recently publicized, were the sources of those leaks. So all the moral people who risked their lives and the lives of their families to expose corruption are now being rooted out and killed by said corrupt governments.
  
  So next time someone comes across something horrible and thinks about leaking it, they'll probably remember this incident and all of the attention that it generated and think better of doing it. Where's your indignation over that?
  
  --
  -Arthur
  Cave ne ante ullas catapultas ambules
16. Re:Links & hints to the data by Pseudonym · 2011-09-02 12:46 · Score: 4, Insightful
  
  It's been a year, and so far, nobody has died as a result of the leaked cables. Not saying it won't happen, but it hasn't happened so far.
  On the other hand, the cables contain information about people who have been murdered. These crimes would not be known, nor their murderers known, were it not for the release of the cables. So you seem to be advocating the cover-up an actual crime to potentially stop a future, theoretical crime. That'd be a great one for an undergraduate philosophy class to work through.
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
17. Re:Links & hints to the data by ToasterMonkey · 2011-09-02 12:48 · Score: 2
  
  Furthermore, the information was "leaked" by the Guardian's careless publication of a password. Wikileaks officially publishing them now in an easily searchable form means anyone at risk has the ability to check for themselves if their names are mentioned - the bad guys have had the cables since at least last week, if not for the last few months following the publication of the password in February.
  It was encrypted _once_ with a symmetric key algorithm apparently, and the same encrypted data was distributed to multiple parties and the whole Internet, as an insurance policy.
  _S_t_u_p_i_d_
  If Wikileaks REALLY cared that this would happen (they didn't) they would have encrypted it with a different symmetric key per recipient, or used a PKI system.
  I'm not going to add to all the "journalists shouldn't be expected to understand crypto" malarky. They were told the password was temporary which would have been true if their cipher text wasn't spread to the far corners of the Internet. Since it was all encrypted with the same key, who knows who spread the data, it does't even matter. Bad crypto practice, BAD!
  Everyone wondering "who really torrented the symmetrically encrypted data" is a retard. The word "Guardian" could have been put in the passphrase, problem solved. Trust me, WL did not give a shit that this would eventually happen.
  
  the bad guys have had the cables since at least last week
  I like how "bad guys" getting the data matters only when you think the buck can be safely passed. Hilarious.
  Before this it was all "good guys" reading it right?
18. Re:Links & hints to the data by Pseudonym · 2011-09-02 12:49 · Score: 2
  
  On the other hand, if the information in the cables isn't released, people who have already committed actual crimes will go unpunished.
  It's unfortunate that they weren't redacted before release, but the genie is out of the bottle now. I'll wager that evil dictator governments, amoral multinational corporations, organised crime gangs and terrorist organisations won't be getting their copy from the Slashdot comments.
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
19. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-02 12:57 · Score: 4, Informative
  
  No "few bad apples".
  An airstrike was called in, to try and destroy evidence of the scene.
  These are beginning to emerge as "business as usual" occurrences from Iraq and Afghanistan.
  But, in history, we revile the Wehrmacht of Nazis for this same activity.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
20. Re:Links & hints to the data by MimeticLie · 2011-09-02 13:08 · Score: 2
  
  I know the will get Assange one way or another. They just created the circumstance to have him charged in Australia - their one sure bet.
  If that does happen, it'll be Assange's own fault. I don't buy for a minute that shadowy TLAs forced him into this; they just gave him an excuse to do what he wanted to do anyway: http://www.reuters.com/article/2011/09/02/us-wikileaks-cables-assange-idUSTRE7816SM20110902
21. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-02 13:28 · Score: 2
  
  Heh.
  I want to contrast reactions. That is one of three postings of this theory.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
22. Re:Links & hints to the data by bhcompy · 2011-09-02 14:11 · Score: 2
  
  Assange already claimed responsibility for that one. No citation necessary.
23. Re:Links & hints to the data by ATMAvatar · 2011-09-02 14:18 · Score: 3, Insightful
  
  When dealing with a trusted keeper of secrets, there is a very fine line between "common sense, let them keep secrets" and simply being a dupe to a predatory and potentially crimial entity. Wikileaks wouldn't exist if the various governments of the world gave us even the slightest reason to trust them.
  In the US, our elected officials are one step shy of openly taking bribes, and in the last few months, two of the three branches have been mired in what boils down to little more than a dick waving contest. We have spent a decade occupying two countries we invaded without the slightest bit of reliable intel that would give us reason to do so. Our economy was raped by Wall Street parasites that subsequently got written a big check and left without so much as a slap on the wrist.
  I have absolutely zero faith that our government has the best interests of its people in mind. While I would not personally go as far as actively work to release classified documents, I find it particularly difficult to chastise anyone who believes they need to do so for the good of the public.
  
  --
  "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
24. Re:Links & hints to the data by SteveTheNewbie · 2011-09-02 16:23 · Score: 2
  
  Following that logic, so too would the US State Department
  Can we also blame the Guardian and anyone that downloaded the files ?
  Also, has anyone actually been hurt from this as yet ? or is this more posturing on the side of the ignorant masses ? (that's actually a serious question)
25. Re:Links & hints to the data by bhcompy · 2011-09-02 16:28 · Score: 2
  
  See Nuremberg. When the US is the authority, it doesn't punish itself. When it's on the losing side, you can sure bet it will be punished.
  
  As far anyone being hurt, from the horses mouth: "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange regarding a leak dealing with Kenya
26. Re:Links & hints to the data by DavidTC · 2011-09-02 16:34 · Score: 2
  
  There is nothing in the story that supports the idea that Wikileaks used the same password for all the encrypted files they gave out, you idiot. The file decrypted was the file they gave the Guardian, and the password was the one they gave the Guardian.
  What happened is the Wikileaks site was attacked and hence mirrors were made of the site, including a mirror of the ciphertext by accident. Which is not any sort of security breach...in the actual real world, having the ciphertext lets you do jack-squat, and the assumption should be that intelligence agencies have downloads from the Wikileaks site intercepted anyway. You're not supposed to worry about copies of ciphertext...they get backed up and stored all over the damn place, although admittedly ending up as a torrent is a bit extreme. (The idea of [hostile country] sending their equivalent of the CIA to break into the Guardian, however, is not extreme at all.)
  And then the Guardian and David Leigh published the password. Let's pretend it hadn't been torrented: They had personally accounted for every copy of ciphertext and made sure they weren't in the wrong hand. Right? They made sure that Wikileaks didn't have any copies laying around, or that the internet hadn't cached it. Right? Every backup erased, every hard drive wiped, all NSA taps disabled before download, every janitor who had access to their computer while they weren't there memory-scanned, that no one broke in and made a copy of the file. Right?
  Oh, wait, no, that would be impossible, and more importantly, they're idiots. Idiots who just fucking published all the information that Wikileaks carefully had newspapers redact because the goddamn password would make it a more exciting story, and they didn't understand in this day of cloud storage and backups and giant hard drives and browser caches, the way we keep encrypted information secret is to not give out the password to it, not control the fucking ciphertext. (If we could control that, we wouldn't need encryption.) The password that Wikileaks carefully transferred by hand and speech, in what was possibly the most paranoid manner I've ever seen.
  In their universe, the real 'secret' was the file that had moved over the internet, and it's impossible that anyone could have intercepted that or made copies of that. Because they're goddamn imbeciles that no knowing about the internet and that no one should ever trust again.
  If the file hadn't been torrented, we never would have realized that was the real password, and Iran would have happily continued to decrypt the file they had someone steal off the Guardian's backup server. (For a hypothetical.)
  
  --
  If corporations are people, aren't stockholders guilty of slavery?
27. Re:Links & hints to the data by bhcompy · 2011-09-02 17:00 · Score: 2
  
  I wasn't indicating that the US was the authority, just that when you're on the losing side, you pay for your crimes, just like any other criminal. As long as, today, the US is the authority(or has authority), it won't be the criminal
28. Re:Links & hints to the data by Jah-Wren+Ryel · 2011-09-02 18:20 · Score: 2
  
  If Wikileaks REALLY cared that this would happen (they didn't) they would have encrypted it with a different symmetric key per recipient, or used a PKI system.
  And that's precisely what they did - the file was intended ONLY for The Guardian and they got the password hand-delivered to them. You've confused the "insurance" file with the file that the Guardian's password decrypted.
  That The Guardian's individualised file made out into the wild would not have been a problem if they had kept the password to themselves. After all, that's why it was encrypted especially for them in the first place - on the chance that somewhere, somehow it would be intercepted.
  
  Trust me, WL did not give a shit that this would eventually happen.
  Given your rather poor understanding of events, I don't think anyone should trust what you have to say about them.
  
  --
  When information is power, privacy is freedom.
29. Re:Links & hints to the data by AliasMarlowe · 2011-09-02 18:33 · Score: 4, Informative
  
  I love how all the small-government types - the ones who think that the notions of commonwealth are somehow equivalent to boogieman socialism - get all righteously pro-State, when it comes to WikiLeaks. It is a curious kind of cognitive dissonance.
  It is a cognitive dissonance which forms part of a larger pattern. There is even a freely downloadable book on the topic, written by a psychology professor.
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
30. Re:Links & hints to the data by hxnwix · 2011-09-02 20:10 · Score: 4, Informative
  
  "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information..."
  1,300 accessories to murder, I'd say.
  Let's put that in context:
  
  The leak exposed massive corruption by Daniel Arap Moi, and the Kenyan people sat up and took notice. In the ensuing elections, in which corruption became a major issue, violence swept the country. "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information and 40,000 children a year die of malaria in Kenya. And many more die of money being pulled out of Kenya, and as a result of the Kenyan shilling being debased."
  Removing the context as you did such that Assange apparently confessed to murder strikes me as rather dishonest. Assange has made real mistakes; focus on those unless your intent is merely to discredit his critics.
31. Re:Links & hints to the data by rtfa-troll · 2011-09-02 20:17 · Score: 2
  
  Nice the way we don't bother to give the context and at the same time cut off the statement at the point that it's about to claim part of reducing tens of thousands more deaths (looks even worse when we see the way you've done it twice)
  
  The leak exposed massive corruption by Daniel Arap Moi, and the Kenyan people sat up and took notice. In the ensuing elections, in which corruption became a major issue, violence swept the country. "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information and 40,000 children a year die of malaria in Kenya. And many more die of money being pulled out of Kenya, and as a result of the Kenyan shilling being debased."
  Selective quotation does not help your credibility. By the way, which of the the Founding Fathers would you charge with war for their involvement in the American Civil War?
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
32. Re:Links & hints to the data by rtfa-troll · 2011-09-02 20:44 · Score: 2
  
  There is nothing in the story that supports the idea that Wikileaks used the same password for all the encrypted files they gave out, you idiot.
  This. Only even more, the good thing about the Schneier article is that he and his posters have actually traced this down and verified that the password does not work for the insurance file.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
33. Re:Links & hints to the data by SteveTheNewbie · 2011-09-02 22:27 · Score: 3, Insightful
  
  I had a long drawn out reply to this that got eaten. You'll have to live with the short form, sorry.
  Your 1300 quoted is only half the text, you should read and consider the rest in the context it was said. People are trying to claim that the cables reveal names of possible informants who's lives subsequently become in danger. Can you please point to where the Kenya cables listed these 1300 people ? or was it possibly that the data highlighted corruption in the government that subsequently lead to an uprising in which 1300 people were killed ? Hopefully I really don't need to point out the difference to you in finer detail.
  Added to this, I am puzzled by the focus on Assange as a figure to hate. In all the releases up until recently (and there is a reason that changed - Thanks Guardian, not Assange) the media were handling the releases, not Assange, if there were names not redacted, then the Media outlets that posted the cables are responsible for any harmful outcome, not Assange. If you want to hold Assange responsible then you could also equally hold the original leaker responsible, as well as the people that improperly secured the data, and while you are at it, the embassy for not obsficating things a little better, or maybe the original government that perpetrated these crimes (or individuals in many cases).
  Why the hate on Assange ? it almost seems irrational.
34. Re:Links & hints to the data by mcvos · 2011-09-02 22:40 · Score: 2
  
  He may originally intended to release them unredacted, but he clearly changed his mind, quite possibly because a lot of human rights organisations insisted that they needed to be redacted. The plans to redact them have now been ruined by a combination of Assange's (probably justified) paranoia (publishing the encrypted files, but not the encryption key), and The Guardian's ill-conceived publication of the encryption key.
35. Re:Links & hints to the data by countertrolling · 2011-09-03 01:13 · Score: 2
  
  Don't be so sure about that
  
  --
  For justice, we must go to Don Corleone
36. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-03 02:23 · Score: 2
  
  This incident occurred. It has outside corroboration and photographs.
  The cable indicates the level of collusion on this level of atrocity.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
37. Re:Links & hints to the data by Jeremiah+Cornelius · 2011-09-03 02:52 · Score: 2
  
  But he didn't publish them - or distribute them - in encrypted form. This occurred because of Domshite-Berg's (Dumbshit-Borg) deliberate subterfuge and co-option of WikiLeaks.
  He's been spinning like crazy, saying that he destroyed data, because he couldn't trust Assange to safeguard it.
  In fact, this was to divert attention from the possible discovery that he had already distributed the PGP file in question, and prepare the ground for assigning blame to Assange/WikiLeaks.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
Wikileaks did the right thing sorta by DarkOx · 2011-09-02 11:04 · Score: 4, Interesting

They were stupid to let the Guardian to get the key in the first place but once it was out making it more available was the right call.
When you had to get the data and key together that require time, and some computer skills. People who might retaliate against leakers have the resources to marry the key and copy of the data they either already had or could get from torrents.
That might be much harder to do for some poor tribesman who has limited or intermittent access to the internet. By making the information easier to get at, it lowers the bar, makes it easier for potential victims to know if they have been outed, and need to protect themselves.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
the guardian by Anonymous Coward · 2011-09-02 11:05 · Score: 3, Interesting

are playing a stupid game right now.
In their JA will face arrest in Australia article they earlier said something like "the Guardian unknowingly publish the password in the Guardian's book" etc,
now that phrase is nowhere to be found from the article...
DER SPIEGEL has a much better writeup by SmilingBoy · 2011-09-02 11:08 · Score: 4, Informative

The Schneier article is very speculative and doesn't have many facts.
DER SPIEGEL has a much better and more detailed account: http://www.spiegel.de/international/world/0,1518,783778,00.html
1. Re:DER SPIEGEL has a much better writeup by rtfa-troll · 2011-09-02 11:33 · Score: 4, Informative
  
  The Spiegel article is referenced by Schneier so it's there for people to read. However, in one, but the most crucial, aspect the Spiegel article is wrong. It accepts the statement that the Guardian believed password was temporary at face value.
  
  In a statement the Guardian rejected the accusations from Wikileaks, explaining that the paper had been told the password was temporary and would be deleted within hours. "No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files," the statement said. "That they didn't do so clearly shows the problem was not caused by the Guardian's book."
  What's new in Schneier's article is that that is pretty clearly debunked. This was a standard GPG/PGP archive which had already been distributed. There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
2. Re:DER SPIEGEL has a much better writeup by rtfa-troll · 2011-09-02 11:54 · Score: 2
  
  why would the Guardian publish the key if they new[sic] it would unlock everything for everyone?
  Nobody is saying that the Guardian knew this would unlock the file. What I am saying was that you never publish your encryption keys even if you don't know anything more.
  The key new thing from Schneier is in this small fragment
  
  Memo to the Guardian: Publishing encryption keys is almost always a bad idea.
  Here you have a respected crypto expert repeating a thing he has said in standard textbooks (applied cryptography) which should be known to all IT security people. This makes it 100% clear the Guardian messed up. Saying that this is a "journo" who "knows nothing about IT" beside the point. A signed agreement was made between Wikileaks and the Guardian. They should have had IT security people vetting all related communications. The journalist should not have been allowed to mess up alone.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
3. Re:DER SPIEGEL has a much better writeup by flonker · 2011-09-02 15:01 · Score: 2
  
  http://xkcd.com/936/
  Password entropy is not intuitive. This is my estimate of the entropy of the password. "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#"
  Capital Letters at the start of every word: 1 bit
  10 domain specific words in grammatical context: 6 bits each = 60 bits
  Year in recent history: 7 bits
  Random no-space or underscore between words: 9 bits
  punctuation mark at the end: 4 bits
  1+60+7+9+4 = 81 bits of entropy
  2^81 / 1000 / 86400 / 365 =
  7.6Ã--10^13 years to brute force @ 1000 guesses per second
  Length trumps gibberish. It is not a bad pass-phrase.
  With all that said, the extra verbal word, "Diplomatic" adds 10 bits of entropy, which is pretty much inconsequential. (6 for the word, 4 for position) It's a privacy lock, pretty much only good for keeping out the curious and people who stumble upon it.
4. Re:DER SPIEGEL has a much better writeup by rtfa-troll · 2011-09-02 19:34 · Score: 2
  
  There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.
  You mean, like when Julian handed out the password to the Guardian?
  Possibly. Julian had a good reason to hand over the encryption key to them; they were supposed to get the archive in order to help him to filter the messages. However I have no idea (and nor do you I suspect) whether he took reasonable care to check that the people in the Guardian he was handing the data over to had adequate security to deal with it. If he failed to do that then, I personally think he was at least careless.
  However, there's a meme that's going around suggesting that he should have handed out different keys to different people. That for each person he should make a separate encrypted archive. It's really important to realise that every time Assange does this he has to decrypt the archive (at least it's secret key) and re-encrypt. This is a very dangerous operation especially when you bear in mind that he was under active investigation by various secret services at the time. Furthermore, the mere existence of different keys to the same material increases cryptographic risk. Finally, there are other security problems that Assange had; perhaps he needed the ability to hand on this password in order to ensure Wikileaks could continue in the face of threat from secret services.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Clarification by I(rispee_I(reme · 2011-09-02 11:17 · Score: 4, Informative

This is not the Wikileaks insurance file, which remains encrypted.
This is a different file, that the Guardian was privy to, and was then mirrored.
The password to this other file was published in a book.
I only mention this because the previous /. post on this topic had a lot of replies with the mentality that wikileaks has surrendered its insurance. Such is not the case.
RIP journalism by E+IS+mC(Square) · 2011-09-02 11:21 · Score: 5, Insightful

Among other revealations during this ordeal, one thing stands out - I now know how morally bankrupt main stream media have become, irrespective of how right or wrong assange is.
Guardian won awards for all the work done by wikileaks/manning, and now they just backstabbed them, and still have guts to defend their own actions.
NYT is even worse.
Whisleblowing investigative journalism is dead, sold out to big governments and corporations.
One thing by joh · 2011-09-02 11:37 · Score: 3, Insightful

The redacting that was done by The Guardian and others was just a reasonable thing to do, but it had one disadvantage: They published only selected and redacted cables and such you couldn't look for certain things by yourself. There's been more interesting stuff in the past centuries than The Guadian or Der Spiegel would recognize.
What's now possible is others sieving through these cables and I'm pretty sure that people will find interesting things. While it's not really a good thing for names of informants being published all this centralized knowledge and decisionmaking about what is good for the public to know is really getting on my nerves lately.
The key was not for the insurance file, however... by kandresen · 2011-09-02 12:53 · Score: 3, Interesting

From what is stated;
1) The key given to the reporter was not the key for the insurance file
2) The Assange had provided a backup method for others to recover the data in the case he was a) killed, b) otherwise rendered incapable to act by other than having the group act on his behalf
3) Whereas it is easy to revoke access to content on a central server, it is impossible to revoke access to a file that cannot be changed (a password can simply not be revoked unless you can write to it) In other words you cannot revoke passwords for content that is available on bit torrent etc.
4) The way encryption usually work is through two sets of keys, i.e. LUKS. The real key is essentially always 512bits, but nobody including you ever use this key - you have a password and a separate key that releases the 512bit key!!!
No, we do not know if there was a second pass-phrase key on the content provided to the reporter, but if it was, having one key which gives access to the full 512bit key and content might be used to reveal alternative keys to get the real key. One of which might cascade to the key used in the insurance file. Which is why it was truly irresponsible of the reporter to publish the key regardless!!! That is as far as I see neglect, and being clueless is under no circumstance justification. Yes, the password could be revoked on access, but any backup prior to revocation can as stated above would retain access with that key whether it is a tape, an USB copy, or bit torrent.
Anyway, it is not for sure there where any alternative keys combined with that content, however, we do know the group had access to release the content of the insurance file in case something did happen to Assange anyway...
That the Insurance file was released on Bit torrent was most certainly not a mistake, however, it will have been a mistake if an alternative key used on the content given to the reporter could cascade to this key somehow. (From what I have learned of the case, I kind of don't think the problem was here).
So that leaves the people who where on the inside with the knowledge necessary to release the key...
Sure, there has been a lot of mistakes happening; we can blame Assange for believing in the fools who left for OpenLeaks. They were likely always the number 1 threat to the whistle blowers: Internals who sabotage, steal and try to destroy the original organization with internal knowledge.
stuff that might happen vs reality by decora · 2011-09-02 12:54 · Score: 2

people said wikileaks would cause casualties. well, its been a year+ since alot of this stuff was released. who has died? can anyone name a single person who has died so far?
"Destabilising sensitive negotiations and compromising sources will almost certainly result in more deaths, though, not just for the sources and their families but because the work they were doing was undermined."
im not saying i dont believe you. im just asking for evidence.
there are a lot of kids in pakistan who have died because of drone strokes. they didn't "theoretically die", in the mind of some internet blogger, they actually died, in real life, with their guts hanging out all over the floor, screaming for their parents who were probably splattered all over the adjacent wall.
why should i be more concerned over something that theoretically, might happen, (and i have been waiting a year for it to happen) versus something that happens every other week, in reality? this is my problem with this argument. this is where i fall down actually giving a shit about the 'crimes of wikileaks'.
I think the difference is ... by khasim · 2011-09-02 13:52 · Score: 2

I think the difference in this "outrage" is whether the dead are "them" or not.
1 potential threat to even one of "us"
is worth far more than
1,000's of actual injuries or deaths to "them".
Mirror, mirror... by AliasMarlowe · 2011-09-02 19:00 · Score: 3, Interesting

David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings
Indeed. According to Der Spiegel , the encrypted file was among those taken from Wikileaks by Domscheit-Berg when he acrimoniously left to start his own rival Openleaks site. It was then released by Openleaks using volunteers to seed torrents of many of their files. Meanwhile, David Leigh of The Guardian published the password which Assange had given him, thereby apparently breaking an agreement of confidentiality. Later, an Openleaks-associated news site let people know where the key to this particular file could be found.
Smelly sticky shit is indeed flying, but it looks like a side effect of Assange/Wikileaks being stabbed in the back by Domscheit-Berg/Openleaks and David Leigh of The Guardian. Whether the stabbing occurred by coordinated malice or combined stupidity and incompetence is still a little uncertain. Either way, it's hard to blame this directly on Assange/Wikileaks.

--
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Good book by zooblethorpe · 2011-09-03 16:15 · Score: 2

I've read that same work; it's a solid dissection of the authoritarian phenomenon, from both sides -- those who cheer on the bullying leaders, and the bullying leaders themselves. It's not terribly short, but not overly long, and it's actually written in an approachable and reasonably legible style, which is unusual for high-end academia types. Well backed up, with footnotes and a bibliography for those so inclined. The author also explicitly released the book online for free, out of the view that he wants his findings as widely available as possible.
Worth the read. That's my 2p, anyway.
Cheers,

--
"What in the name of Fats Waller is that?"
"A four-foot prune."