Guardian editor alleged to have leaked Cablegate password
August 31, 2011 5:21 PM   Subscribe

Hey, either you believe in No Secrets, or you don't. Quit with these half-measures. It's all out there now, for better or for worse. Transparency FTW!
posted by hippybear at 5:24 PM on August 31, 2011 [5 favorites]

I thought Greenwald had a good point -- literally millions of people had access to this entire unrestricted database for a very long time. Any information that was in it has almost certainly leaked to foreign intelligence agencies long since. It's only the general public that's likely still ignorant of those cable contents.
posted by Malor at 5:25 PM on August 31, 2011 [12 favorites]

If they're going to take down Bank of America, they better get moving.
posted by Trurl at 5:30 PM on August 31, 2011 [4 favorites]

I like how the Guardian says that if Wikileaks thought this was a problem after the book was published they could have "removed the files". Are they stupid or lying? The whole point of the insurance file was that it was distributed widely and anyone in the world could have downloaded it. What does wikileaks yanking the original file accomplish if millions of other people already have it?
posted by Justinian at 5:43 PM on August 31, 2011 [1 favorite]

Yes and no, Malor. Assange & WikiLeaks succeeded in keeping the informants names secret for almost one year, which isn't too bad considering. I'd hope that any informants in real danger would have mysteriously won some (extended) vacation to U.S. by now, i.e. any deaths are now on the State Dept, not WikiLeaks. Conversely, Assange should have separated the cables by region and used separate keys. Wasn't each paper restricted to sermon cables anyways?

I'm curious if/how Daniel Domscheit-Berg fits into this. Did his departure help create this leak? Or did he depart partially over this coming down the pipe? etc.
posted by jeffburdges at 5:43 PM on August 31, 2011

lol
posted by ryanrs at 5:43 PM on August 31, 2011

I don't understand this story. From what I've pieced together, the password to the file is right there in Leigh's book, helpfully labeled "Assange's 58-character password". That book's been out since February. What is it the password to, though? The "insurance" encrypted file Wikileaks posted months ago? If both the file and the password have been out for months, what took so long for someone to put the two together?

There's a new 550MB WikiLeaks torrent posted to PirateBay yesterday, a different size than the "insurance" file. Is that the actual encrypted cables? If so, why did it only show up yesterday?
posted by Nelson at 5:45 PM on August 31, 2011

According to The Guardian, the 'insurance' file isn't the same thing.

"But unknown to anyone at the Guardian, the same file with the same password was republished later on BitTorrent, a network typically used to distribute films and music. This file's contents were never publicised, nor was it linked online to WikiLeaks in any way."
posted by p3on at 5:49 PM on August 31, 2011

Ah, as usual Threat Level has good info. The encrypted cables file is a 1.73GB file named "cables.csv" which apparently is readily available online. Still not clear if that's the "insurance" file from last year (which is 1.39GB). This source claims that the two files are indeed the same and it's just compression which accounts for the different sizes.

Whatever the case, WTF is the Guardian doing publishing a real password of any sort? Even if you think it's for an irrelevant fire, that seems really stupid. The Guardian has been one of the big participants in the whole WikiLeaks redaction system, no?

Something's really not making sense here.
posted by Nelson at 5:51 PM on August 31, 2011 [2 favorites]

Velmas' gonna need more Vivarin.

The worm has turned. The direction is what still confuses. It makes sense if you want all the data out there, unredacted, then have a newspaper take the blame...is that really the case? Now, is this the wilderness of mirrors, Oh you BETCHA!

someone earned thier pay and thats all I have to say about that.
posted by clavdivs at 5:59 PM on August 31, 2011 [1 favorite]

So what's the password and where's the file? All the bad guys out there already have this information. I want to read some un-redacted cables.
posted by floam at 6:00 PM on August 31, 2011

Hey, either you believe in No Secrets, or you don't

WikiLeaks is invested in more transparent governance, not blind adherence to one side of a false dichotomy.
posted by notion at 6:03 PM on August 31, 2011 [24 favorites]

No need to go through all that trouble: supposedly Wikileaks has published many unredacted cables on their site.
posted by Nelson at 6:04 PM on August 31, 2011

Hey, either you believe in No Secrets, or you don't. Quit with these half-measures. It's all out there now, for better or for worse. Transparency FTW!

This is more serious than that for two reasons.

Fundamentally, Wikileaks works on trust. Whistleblowers trust that the information they give will be handled sensitively. If Wikileaks can no longer assure that that will be the case (and this is a pretty damning case) then whistleblowers will be forced to turn elsewhere or, more likely, not release their information at all. State employee X may well want to release government Y's secrets, but not knowing that doing so will endanger lives. Plus, while this may seem okay here, if Wikileaks is not quite in control of the information it possesses, maybe the submission process isn't as anonymous as it is meant to be? And so on.

Furthermore, Wikileaks needs media outlets that it feels it can trust to help process the information it receives and to present the findings. The diplomatic cables may seem like the extreme example of information overload, but when you consider the backlog of documents that Wikileaks has, there is simply too much for it to strong-arm alone. The Guardian was a major ally (well, to a degree) but if Wikileaks can no longer feels it can trust the Guardian or in fact any third party with any of the documentation it receives (and paranoia, here, is a justifiable defensive position) this will seriously harm its ability to timely process its files. Or process them at all. Submissions have been blocked since October (I think?) and this development won't help that.

It's a double bind made from paranoia and efficiency: Wikileaks needs to seem impervious to secure whistleblowers' trust and needs third parties it can trust to process the documents it receives.

If the Guardian are actually behind this, I'm not sure what they're playing at.
posted by litleozy at 6:19 PM on August 31, 2011 [8 favorites]

"China is currently in the process of building as many as 50 to 60 new nuclear plants by 2020; the vast majority will be the CPR-1000, a copy of 60's era Westinghouse technology that can be built cheaply and quickly and with the majority of parts sourced from Chinese manufacturers."

That's a concern for U.S. nuclear suppliers like Westinghouse and General Electric. With China's vast energy demands and a tightening global market for nuclear power, the country is exceedingly important.

Perhaps that's why one cable seems to be trying the old scare-tactic sales pitch: "China is assuring that rather than building a fleet of state-of-the-art reactors, they will be burdened with technology that by the end of its lifetime will be 100 years old. Finally, by bypassing the passive safety technology of the AP1000, which, according to Westinghouse, is 100 times safer than the CPR-1000, China is vastly increasing the aggregate risk of its nuclear power fleet."

On one hand, GE and Westinghouse are just trying to use the US government to sell parts contracts to China.

But on the other hand, when these kinds of cables get released, we can no longer claim that these cables don't release anything we don't already know, or that these cables tell us nothing of import.

Building 50-odd unsafe reactors is a big deal, at least for interested parties who live downwind of China, who want to, say, live on the west coast of the United States without wearing hazmat suits.
posted by Blazecock Pileon at 6:22 PM on August 31, 2011 [2 favorites]

So what's the password and where's the file?

From "Wikileaks: Inside Julian Assange's War on Secrecy" by David Leigh and Luke Harding, eBook version, page 151:

"Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper:

ACollectionOfHistorySince_1966_ToThe_PresentDay#. “That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’. Can you remember that?”

“I can remember that.”

Leigh set off home, and successfully installed the PGP software. He typed in the lengthy password, and was gratified to be able to download a huge file from Assange’s temporary website. Then he realized it was zipped up – compressed using a format called 7z which he had never heard of, and couldn’t understand. He got back in his car and drove through the deserted London streets in the small hours, to Assange’s headquarters in Southwick Mews. Assange smiled a little pityingly, and unzipped it for him."

(Yeah, I got that off a leaked version of the eBook. Seemed appropriate.)

So the gist of the matter is that both The Guardian and WikiLeaks made a big boo-boo here: The Guardian published the temporary password it had used to originally grab the .csv from the temporary FTP site, and someone at WikiLeaks later re-used that same password as the encryption key to the cables.csv file that has been on BitTorrent for months now. The issue is, who at WikiLeaks re-used the password, and why? Surely Mr. Computer Paranoia himself wouldn't be so stupid as to do that...right? Could it have been former WikiLeaks member turned rogue hacker Daniel Domscheit-Berg?

*gets popcorn, settles in to watch*
posted by Asparagirl at 6:24 PM on August 31, 2011 [5 favorites]

WikiLeaks seeded a new file today and tweeted about it. The password has not been released and no one knows what's in it...yet.

Also, to clarify about my previous post, this is what WikiLeaks had to say recently about Daniel Domscheit-Berg. It seems he may have destroyed some of the material that WikiLeaks was waiting to publish, including the long-rumored Bank of America documents, and admitted to sabotaging some of the WikiLeaks internal systems, including the code that ran the anonymous submission drop point.

Shit goin' down, yo.
posted by Asparagirl at 6:31 PM on August 31, 2011 [4 favorites]

I want to read some un-redacted cables.


According to the information received, American troops
approached Mr. Faiz's home in the early hours of 15 March
¶2006. It would appear that when the MNF approached the
house, shots were fired from it and a confrontation ensued
for some 25 minutes. The MNF troops entered the house,
handcuffed all residents and executed all of them. After the
initial MNF intervention, a US air raid ensued that
destroyed the house.

Iraqi TV stations broadcast from the scene and showed bodies
of the victims (i.e. five children and four women) in the
morgue of Tikrit. Autopsies carries out at the Tikrit
Hospital's morgue revealed that all corpses were shot in the
head and handcuffed.
posted by Trurl at 6:32 PM on August 31, 2011 [5 favorites]

Malor: "I thought Greenwald had a good point -- literally millions of people had access to this entire unrestricted database for a very long time. Any information that was in it has almost certainly leaked to foreign intelligence agencies long since. It's only the general public that's likely still ignorant of those cable contents."

SIPRNET only has about half a million users at any given time - so millions is a pretty big overstatement.

Also, speaking as someone who has SIPRNET access (off and on, depending on my billet) since 1998 I can tell you that unless you knew the database was out there, the odds of coming across it randomly while doing whatever business you have on SIPRNET are extremely low. It's a pretty stovepiped system and while you might have technical access to most of the stuff on there, you pretty much have to know exactly what you're looking for to find it. So I think that assumption is flawed.

I'm also not convinced that even if some foreign intelligence agencies had access to some of the cables that a massive dump of this nature is constructive.
posted by macfly at 6:32 PM on August 31, 2011 [2 favorites]

With no side-taking between DDM and Assange, I do giggle every time I mispronounce DDM's surname as Dumb-Shite.
posted by klangklangston at 6:36 PM on August 31, 2011 [2 favorites]

Fundamentally, Wikileaks works on trust. Whistleblowers trust that the information they give will be handled sensitively. If Wikileaks can no longer assure that that will be the case (and this is a pretty damning case) then whistleblowers will be forced to turn elsewhere or, more likely, not release their information at all.

Seems like a pretty good way to undermine them, in fact, if you were someone who had access to those files, reason to go after Wikileaks, and nothing to lose because they were already out there. ButIdontwanttospeculatebecauseIaintonetogossipanywaysandyouainthearditfromme.
posted by Hoopo at 6:44 PM on August 31, 2011

Oh, Trurl, you left out the best part:

"Without in any way wishing to pre-judge the accuracy of the
information received, I would be grateful for a reply to the
following questions:

¶1. Are the facts alleged in the above summary of the case
accurate?"

Because it wasn't actually an indictment of the Multi-national (American) forces per se (other than that they really shouldn't have been in Iraq to begin with), and presenting it as just that pull quote begs the question asked by the UNHRC Rapporteur Alston.
posted by klangklangston at 6:44 PM on August 31, 2011 [1 favorite]

The thing is, though, that the full file had been passed around to lots of news organizations. I think any serious Intel agency would have gotten their hands on it long ago.
posted by delmoi at 6:45 PM on August 31, 2011

Out of interest - say someone still had this file on their computer at home and say this (totally random) person tried the password successfully, what are the legal repercussions if any?
posted by smithsmith at 6:48 PM on August 31, 2011 [1 favorite]

"I think any serious Intel agency would have gotten their hands on it long ago."

However, those with lower than state level intelligence services, or even state intelligence services that didn't have it, will have it now.

I do think it's interesting how the rationale that there was no risk to sources has quickly morphed to, "Well, everyone already knew it anyway."
posted by klangklangston at 6:49 PM on August 31, 2011 [1 favorite]

There was a risk to the sources and Assange /wkileaks have shown they are unable to protect them. They the BOA data. Their process of review and data cleanup is a joke.
posted by humanfont at 7:02 PM on August 31, 2011

Yes and no, Malor. Assange & WikiLeaks succeeded in keeping the informants names secret for almost one year, which isn't too bad considering.

Tell pro-democracy activists and their families at risk that the extra year they didn't have to be threatened "isn't too bad."

For a long time I've been talking about these dangers. Everyone assured me there'd never be a data loss.

These are real people really at risk. And this is why the polling shows 77 percent of Americans disapproved of the cable leaks and only 20% agree. Wikileaks is anti-democratic in that the public has voted continuously since 1952 to elect presidents who have kept the nation's military and intelligence documents secret. Yet Assange continues on.
posted by Ironmouth at 7:18 PM on August 31, 2011 [4 favorites]

it wasn't actually an indictment of the Multi-national (American) forces per se

Unless the facts alleged in the above summary of the case are false - something you were careful not say - I'd say executing five children strikes me as fairy indictable.
posted by Trurl at 7:18 PM on August 31, 2011 [1 favorite]

Wikileaks is anti-democratic in that the public has voted continuously since 1952 to elect presidents who have kept the nation's military and intelligence documents secret. Yet Assange continues on.

it's almost as if... the US isn't the entire world?
posted by p3on at 7:22 PM on August 31, 2011 [20 favorites]

I have to say that I have a hard time blaming The Guardian on this one. This sounds very much like a WikiLeaks fuckup, and they are scrambling to deflect their failure onto another organization.

Daniel Domscheit-Berg says claims of his data destruction are vastly overstated. Don't get me wrong -- I'm not particularly sympathetic to him either, but Assange has no proof the data was destroyed, he's just flailing.

Every move WikiLeaks has made in the past week has seemed so transparent and so desperate, it's really hard to see them as victims. I have no problem with leaks as long as they're done ethically and responsibly. I see no attempt by Assange to do that.
posted by to sir with millipedes at 7:23 PM on August 31, 2011 [1 favorite]

I like how the Guardian says that if Wikileaks thought this was a problem after the book was published they could have "removed the files". Are they stupid or lying? The whole point of the insurance file was that it was distributed widely and anyone in the world could have downloaded it.

Nobody made them have an "insurance file." No one. Wikileaks left these files out there to be stolen. NO ONE made them do it. They are there for responsible. It's like soaking a house in gasoline and then complaining someone carelessly tossed a match in there.

For all of their whining about transparency creating accountability, this is one group and their supporters that refuses to take responsibility. If there's a way to prosecute Assange, I'm all for it. What's he gonna do, release the insurance file?

Pathetic.
posted by Ironmouth at 7:25 PM on August 31, 2011 [2 favorites]

They're apparently letting the public vote on whether they should release the cables officially:

GLOBAL VOTE: should WikiLeaks IMMEDIATELY release ALL US cables? tweet #WLVoteYes or #WLVoteNo Why: wikileaks.org/Guardian-journ…
posted by ymgve at 7:25 PM on August 31, 2011 [1 favorite]

They're apparently letting the public vote on whether they should release the cables officially

Asking your million twitter followers, a great majority of whom are obviously pro-transparency, to vote on whether documents that have been withheld by the government should be released isn't exactly "polling the public." It's "predictable outcome."
posted by to sir with millipedes at 7:28 PM on August 31, 2011

Wikileaks is anti-democratic in that the public has voted continuously since 1952 to elect presidents who have kept the nation's military and intelligence documents secret. Yet Assange continues on.

it's almost as if... the US isn't the entire world?

So the entire world is entitled to the US's secrets?

Please explain how this is. And how are you magically gonna protect these people now?
posted by Ironmouth at 7:29 PM on August 31, 2011

Curiously enough, this seems to be the event chain that resulted in the documents getting into the wild:

- When Wikileaks were under attack back in 2010, they distributed full mirrors of their site
- One of the files in this mirror was an cryptically named text file which pointed to five other torrent files
- Some people downloaded and seeded the torrents, but since they were encrypted, there wasn't much to do

- Fast forward to now: Leigh, unaware that the files he'd been given access to is also in the public's hands, reveals the passphrase. Cue the WTF.
posted by ymgve at 7:33 PM on August 31, 2011 [5 favorites]

They're apparently letting the public vote on whether they should release the cables officially:

GLOBAL VOTE: should WikiLeaks IMMEDIATELY release ALL US cables? tweet #WLVoteYes or #WLVoteNo Why: wikileaks.org/Guardian-journ…

If this "insurance file" was so important, then how is it it can be released.

Wikileaks is going to be reviled and there will be incredible support for more secrecy in the US. The course of rational, controlled declassification will be derailed.

Assange shoots self in foot. What else is new.
posted by Ironmouth at 7:35 PM on August 31, 2011

Link for 77-20 poll: http://politicalticker.blogs.cnn.com/2010/12/30/cnn-poll-wikileaks-has-few-fans-in-u-s/
posted by Ironmouth at 7:37 PM on August 31, 2011

Slow down, take a deep breath, and linkify your links.
posted by furiousxgeorge at 7:39 PM on August 31, 2011 [2 favorites]

I'm on a mobile. My system doesn't allow me to do that.
posted by Ironmouth at 7:40 PM on August 31, 2011

Anyway, Wikileaks should probably stop working with newspapers now. They don't understand the technical issues and are more interested in the drama than the information. Leigh really shot himself in the foot by revealing this password for no apparent reason.
posted by furiousxgeorge at 7:44 PM on August 31, 2011 [2 favorites]

Leigh really shot himself in the foot by revealing this password for no apparent reason.

Wait up now -- this information was leaked to WikiLeaks. If they had been more careful with it, hadn't reused passwords, had used passwords that expired, etc, this never would have happened. How, again, is this David Leigh's fault?
posted by to sir with millipedes at 7:46 PM on August 31, 2011 [2 favorites]

Wait up now -- this information was leaked to WikiLeaks. If they had been more careful with it, hadn't reused passwords, had used passwords that expired, etc, this never would have happened. How, again, is this David Leigh's fault?

Well, it was Bradley Manning who leaked to Wikileaks, so this is really his fault. Actually, it was the US Government who failed to secure their data, so this is really their fault.

Okay, or maybe it's the fault of who gave out the password.
posted by furiousxgeorge at 7:48 PM on August 31, 2011

WikiLeaks have staked their very reputation on claims that they can responsibly leak material. That was how they enticed Manning to give it to them in the first place. Again, I fail to see why Leigh is responsible.
posted by to sir with millipedes at 7:56 PM on August 31, 2011 [2 favorites]

For a long time I've been talking about these dangers. Everyone assured me there'd never be a data loss.

Honestly, Ironmouth, that's not true. Lots of people have responded to you in lots of ways during your various WikiLeaks discussions here on the blue-- from "You're just speculating that people will suffer" to "You're right!" to "It's worth it" and more. Please don't lie about what others have said, simply to bolster your own position in this particular thread. Make your point on its own merits.
posted by verb at 7:57 PM on August 31, 2011 [14 favorites]

Well, it was Bradley Manning who leaked to Wikileaks, so this is really his fault. Actually, it was the US Government who failed to secure their data, so this is really their fault.

Okay, or maybe it's the fault of who gave out the password.

Where's the taking responsibility? Did Manning put it out there? Did the Guardian? No. St. Assange did. Did Manning give out a torrent location allowing it to be downloaded? No Assange did. Did Manning guard this all with a single password? No. Julian Assange did. Will he take responsibility? Will his supporters admit his responsibility?

Never.
posted by Ironmouth at 7:59 PM on August 31, 2011 [2 favorites]

I'm on a mobile. My system doesn't allow me to do that.

a href. It's what's for breakfast (and links from a mobile).
posted by jaduncan at 7:59 PM on August 31, 2011 [1 favorite]

Wikileaks staked their claim on their ability to protect their informants, not informants to the US government.

Regardless, they can't control if Guardian editors are going to publish passwords or not. The idea that everything should be filtered was developed by their critics who said they need to protect US government informants, which is why they went to the newspapers. It was not a great idea. However, you will not hear those critics looking for a better approach, just continuing with desperate and transparent attacks at Wikileaks.
posted by furiousxgeorge at 8:02 PM on August 31, 2011 [2 favorites]

Assange shoots self in foot. What else is new.

Mistakes made by a newspaper are the fault of someone not affiliated with the paper. Got it.
posted by Blazecock Pileon at 8:03 PM on August 31, 2011 [2 favorites]

Another thing: The insurance file is NOT just the cables. The cables in compressed form are only around 360 megabytes. There's still one gigabyte of data in the insurance file we have no clue about.
posted by ymgve at 8:03 PM on August 31, 2011

As I said, desperate spin and sarcasm instead of taking an honest look at the situation.

Where's the taking responsibility? Did Manning put it out there? Did the Guardian? No. St. Assange did.

It seems like the only person trying to dodge placing personal responsibility is the one trying to pick one point in that chain, the organization they have a longstanding personal drive to attack every time they are ever mentioned, while ignoring the rest.

It's not out there without Manning, it's not unredacted now without the Guardian. Wikileaks has a responsibility to protect sources, so does the Guardian, so did the US government, so did Manning. Everyone has some level of unintentional failure here.
posted by furiousxgeorge at 8:07 PM on August 31, 2011 [2 favorites]

Ironmouth: “I'm on a mobile. My system doesn't allow me to do that.”

Even mobile systems allow you to type <a href="$LINK">text</a>.

Or maybe I'm just a massive nerd.
posted by koeselitz at 8:08 PM on August 31, 2011

"These are real people really at risk. And this is why the polling shows 77 percent of Americans disapproved of the cable leaks and only 20% agree. Wikileaks is anti-democratic in that the public has voted continuously since 1952 to elect presidents who have kept the nation's military and intelligence documents secret. Yet Assange continues on."

Dude, this is a really weird appeal to popularity. People returned Bush to office in 2004, but that doesn't mean that the Iraq War was good or legitimate. And striving to argue that it's "anti-democratic" is an incredibly stretch that undermines your argument.
posted by klangklangston at 8:14 PM on August 31, 2011 [9 favorites]

Blazecock Pileon: “Mistakes made by a newspaper are the fault of someone not affiliated with the paper. Got it.”

It may very well have been someone other than Assange – it's hard to believe he would do something like this – but someone at Wikileaks was a dolt for using the same encryption key on the actual cable dump as was given to the Guardian for a brief FTP pickup. Any way you slice it, that's a massive oversight.

Frankly, I don't see why anybody blames the Guardian at all for this. It's like if you gave me a temporary password for an FTP site that was gone by morning, and I mentioned it to somebody the next week, and you got mad at me because "that was totally my email password, too! Now somebody has the password to my email!"

What the Guardian did here cannot be in any way construed as even an unintentional breach of ethics. A temporary password for an FTP site that existed for ten hours several years ago? Why the hell would it be against any reasonable rules to share such a password? And why would Wikileaks as an organization bungle this so badly?
posted by koeselitz at 8:14 PM on August 31, 2011 [5 favorites]

Where's the taking responsibility? Did Manning put it out there? Did the Guardian? No. St. Assange did.

I blame Herr Schmitt.
posted by homunculus at 8:15 PM on August 31, 2011 [5 favorites]

What the Guardian did here cannot be in any way construed as even an unintentional breach of ethics. A temporary password for an FTP site that existed for ten hours several years ago? Why the hell would it be against any reasonable rules to share such a password? And why would Wikileaks as an organization bungle this so badly?

Why would you take the chance when there is absolutely no benefit to publishing the password? It's not an ethical violation, just a mistake. I don't think publishing passwords of any kind is something people make a habit of, and I'm gonna raise my eyebrow at anyone suggesting otherwise.
posted by furiousxgeorge at 8:19 PM on August 31, 2011 [2 favorites]

"Unless the facts alleged in the above summary of the case are false - something you were careful not say - I'd say executing five children strikes me as fairy indictable."

For someone so adept at hair splitting, I'd think that you'd realize that in the absence of reliable evidence one way or another, it's misleading to post a cable in which someone asks the question as evidence of the answer to the question.

Perhaps you could do with another pass past the wikipedia entry for "begging the question"?
posted by klangklangston at 8:20 PM on August 31, 2011

Fairy Indictable was my stage name back when I was a professional performer, winknudge.
posted by five fresh fish at 8:24 PM on August 31, 2011 [1 favorite]

Ironmouth: “These are real people really at risk. And this is why the polling shows 77 percent of Americans disapproved of the cable leaks and only 20% agree. Wikileaks is anti-democratic in that the public has voted continuously since 1952 to elect presidents who have kept the nation's military and intelligence documents secret. Yet Assange continues on.”

Look, I'm very skeptical about Wikileaks, too, but this argument makes little sense to me; and what's more it completely ignores a very important, vital, and (some of us would say) central strain of politics in America.

Yes, in America. Let's be clear – that's what you're talking about. One of the reasons this paragraph didn't make sense is because you're wildly conflating the world with America. You can't say broadly that Wikileaks is "anti-democratic" based on the actions of a "public" which is actually (though you don't say this) the American public.

Furthermore, to say "the public has voted continuously since 1952 to elect presidents who have kept the nation's military and intelligence documents secret" is to make a very unfounded implication that presidential elections in America are referendums on state secrecy. They may sometimes involve such issues, to more and less a degree; but to simply draw a basic connection is ridiculous. You might as well say that "the public has voted continuously since 1952 to elect presidents who eat meat" or "the public has voted continuously since 1952 to elect presidents who are men" or "the public has voted continuously since 1952 to elect presidents who like living in houses painted white." The correlation is so far from indicating causation that it makes my head hurt.

And I should point this out – polls are not legal elections. They don't mean anything. They aren't laws.

Finally, and most importantly I think, your overall idea that the American public broadly and categorically supports state secrecy completely disregards a long, proud tradition of distrust of the government and of its secrets in America. This distrust, it should be noted, seems to transcend political orientation – and that's really saying something; it really doesn't matter whether people are leftist, libertarian, mainstream conservative, or mainstream liberal, you are likely to find many among them who think the government is covering things up, getting away with injustices, etc, and that it ought to be revealed. If you want, I can quote essays from Harper's in 1949 wherein people argue even then that state secrets were not necessary at all. And even among those who believe that state secrecy is a necessary evil, there have always been many Americans who have believed that, once that secrecy is broken, it's often for the good, and honesty should be the only alternative.

I sympathize somewhat with what you're saying. But after Watergate, I don't think any of us can have an uncomplicated acceptance of state secrecy. The simple fact is that journalistic uncovering of state secrets has often benefited society. So I don't think we can simply hope to shut up people who have uncovered these things.
posted by koeselitz at 8:27 PM on August 31, 2011 [34 favorites]

furiousxgeorge: “I don't think publishing passwords of any kind is something people make a habit of, and I'm gonna raise my eyebrow at anyone suggesting otherwise.&Rdquo;

Yeah, I can agree with that; in this age, when it's been proven that even "security experts" have stupid, stupid passwords, it pays to assume that everyone else is going to slip up and make a mistake like that. In short, it's really not a good idea to share anybody's passwords ever, because password reuse is so prevalent.

I still think the blame in any case lies with the person who chose a bad password. But these are all mistakes, not willfully destructive acts.
posted by koeselitz at 8:30 PM on August 31, 2011

in the absence of reliable evidence one way or another

Your theory being that the five dead children in the Tikrit morgue died of natural causes?
posted by Trurl at 8:31 PM on August 31, 2011

The cables from the Korean embassy suggest fan death is a possibility.
posted by furiousxgeorge at 8:33 PM on August 31, 2011 [3 favorites]

Editing a MetaFilter post on mobile or even a tablet is a painful experience. It's not like having to use copy-and-paste or right-clicking on the un=link-ified text is such a big burden; I'd rather the site had a UI makeover anyway.

As for leaking the password, someone as paranoid and as steeped in security protocols as Assange should surely know better than to deliver a payload with a single point of failure. Splitting the insurance across multiple files, or using a book code, or a progressive cipher, or any number of other approaches besides using a single darn password. Human beings are well known as the most likely point of failure, and Assange had no way of knowing that any individual he dealt with was a) wholly on the level or b) wholly competent. The claim that Leigh was so computer-clueless that he went back to Assange's house to get help opening a 7zip file instead of just searching for and downloading a copy of WinZip makes me think that Assange might as well have just written it on a napkin or a shirt-cuff. It's entirely possible, indeed plausible, that Leigh thought that particular password was deprecated within 24 hours of his using it.

Not recycling your passwords is just about as basic a rule of computer security as there is.
posted by anigbrowl at 8:40 PM on August 31, 2011

I'm on a mobile. My system doesn't allow me to do that.

Put your mobile in your pocket, and raise your arms as you inhale. That will help with the breathing :)
posted by Chuckles at 8:41 PM on August 31, 2011 [2 favorites]

Why would you take the chance when there is absolutely no benefit to publishing the password? It's not an ethical violation, just a mistake.

First, there is a benefit to publishing the password: Concrete facts tell a better story. Asparagirl quoted the relevant passage above. Those specifics fatten the story and make the prose read better. And second, the phrase "Why would [they] take the chance" seems to assume that the Guardian or its staff bears some responsibility for protecting WikiLeaks' secrets. But this isn't an instance of sources being promised protection and then hung out to dry, or anything similar to that.

I don't see a mistake that was made. I understand exactly why a writer would include the password, and I don't see any reason they should have reconsidered.
posted by cribcage at 8:51 PM on August 31, 2011

Ironmouth: You're seriously misunderstanding what Wikileaks is about. More secrecy isn't a problem, more secrecy is the point. Seriously. Here's a quote from the man himself just after Wikileaks released its first document in 2006:

"The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption."

The purpose of Wikileaks is to make secrets sufficiently at risk of being exposed that the systems that rely on them are no longer capable of operating efficiently. The last two paragraphs of this article from the Guardian are pretty revealing in that context. The cables were available to be leaked in the first place because intragovernmental information sharing was consider a crucial response to the the threat of terrorism. Once the leaks happened, the US government locked down access to potentially critical data, meaning that the state apparatus has been handicapped.
posted by Ictus at 8:57 PM on August 31, 2011 [2 favorites]

First, there is a benefit to publishing the password: Concrete facts tell a better story. Asparagirl quoted the relevant passage above. Those specifics fatten the story and make the prose read better.

There is no reason you can't substitute in a similar password and let your readers know you changed it. There is a risk involved in publishing any sort of password. The Guardian is heavily involved in publishing and reviewing the cables and have a responsibility to protect informants just like Wikileaks does, protecting the secrets in the documents was the entire reason to let the papers have the archives in the first place.
posted by furiousxgeorge at 8:58 PM on August 31, 2011 [1 favorite]

The cables were available to be leaked in the first place because intragovernmental information sharing was consider a crucial response to the the threat of terrorism. Once the leaks happened, the US government locked down access to potentially critical data, meaning that the state apparatus has been handicapped.

Pretty much, the more people who can see the data the more likely it is to be leaked. Has always and will always be that way.

So of course once Wikileaks was trying to protect information spread out to multiple papers instead of internally, their security broke down. The US goes one way to be more secure, Wikileaks goes the other and starts to leak.
posted by furiousxgeorge at 9:02 PM on August 31, 2011

z.gpg link is to the file, don't click if you aren't legally allowed to click on that sort of thing.

Cryptome has decrypted the "z.gpg" file from the Wikileaks Archive using the passphrase obtained from several sources:

ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#
posted by furiousxgeorge at 9:09 PM on August 31, 2011

So the entire world is entitled to the US's secrets?

Please explain how this is. And how are you magically gonna protect these people now?
posted by Ironmouth at 9:29 PM

what the heck makes you think the democratic will of citizens of the united states is what should govern the actions of a non-american entity operating outside of america founded by a non-american releasing information about the way the US government interacts with other countries?
posted by p3on at 9:21 PM on August 31, 2011 [6 favorites]

Then he realized it was zipped up – compressed using a format called 7z which he had never heard of, and couldn’t understand. He got back in his car and drove through the deserted London streets in the small hours, to Assange’s headquarters in Southwick Mews. Assange smiled a little pityingly, and unzipped it for him.

Hint for thickies: If you type "7z" into Google, the official 7-Zip website is the first hit.
posted by Sys Rq at 9:22 PM on August 31, 2011 [9 favorites]

If the United States wasn't in the business of meddling in the politics of every country on earth, I'd think it was grossly unfair to target the US's secrets this way, but as it is, the world has a right to know what we're doing, and in many cases, what their own politicians are doing to them. Release all of them.
posted by empath at 9:22 PM on August 31, 2011 [4 favorites]

There is a risk involved in publishing any sort of password.

But there's also a risk in issuing any sort of password. It's not like the Guardian or Leigh had any formal agreement with Assange on password security (that we know of). Even in Roman times it was well understood that secrets are hard to keep and that passwords needed to be changed on a daily basis.

You don't have to assume bad faith; the risk that someone could get hit by a bus, burgled, or that a written password could find its way into the trash is bad enough. So Assange didn't write down the exact password used to open the file - big deal. Any kind of espionage organization would have the patience and computing resources to automatically try umpteen variants on that likely candidate. You've got to assume something bad will happen and that any password you give out will get compromised sooner or later, so why on earth would anyone put out an insurance file and recycle what was supposed to be a throwaway password?

Assuming, of course, that you actually want to keep this stuff secret in the first place. I'm still open to the possibility that the whole thing is an elaborate strip-tease.
posted by anigbrowl at 9:23 PM on August 31, 2011

So, if you are not a member of the US government, US military, or US intelligence agencies, can you grab your own copy of the files and go play Lois Lane without fear of prosecution? If so, I'm looking forward to some light reading when my eight-month-old daughter inevitably wakes me up at all hours tonight.
posted by Asparagirl at 9:25 PM on August 31, 2011

It's not like the Guardian or Leigh had any formal agreement with Assange on password security (that we know of). Even in Roman times it was well understood that secrets are hard to keep and that passwords needed to be changed on a daily basis.

You don't have to assume bad faith;

I think you are talking past me here, I'm not talking about bad faith. We aren't talking about broken agreements between journalistic groups. We are talking about informants to the US in Afghanistan. Everyone involved has a responsibility to engage in an over-abundance of caution.
posted by furiousxgeorge at 9:29 PM on August 31, 2011

So, if you are not a member of the US government, US military, or US intelligence agencies, can you grab your own copy of the files and go play Lois Lane without fear of prosecution?

Yes, as far as I know, not a lawyer and all that. It's publicly available for the world to see now and we have freedom of the press in the US.
posted by furiousxgeorge at 9:31 PM on August 31, 2011

I disagree that a newspaper or its staff has any responsibility "to engage in an over-abundance of caution" in protecting a political organization's security. And inasmuch as that's your ultimate point, I think there's just an agree-to-disagree stalemate.

If the Guardian were revealing the identities of sources whom it had agreed to protect, then I'd concur in your criticism of them. This was, to all reasonable understanding, throwaway information. I totally get why a writer would want to include it to flesh-out a narrative, and I see absolutely no responsibility for him to have engaged in some kind of "Certain Facts Have Been Changed" asterisk.
posted by cribcage at 9:38 PM on August 31, 2011

I disagree that a newspaper or its staff has any responsibility "to engage in an over-abundance of caution" in protecting a political organization's security.

Guys, the Guardian were partners in publishing and examining information that could put the informants in Afghanistan at risk for their lives. If they did not want that risk, all they had to do was tell Wikileaks they did not want to be involved and not take the data in the first place.

They were handed data by a source just like Wikileaks was. They had the same responsibility as Wikileaks. If you think that is none, well I believe that was where Wikileaks started before everyone started calling them accessories to potential murder.
posted by furiousxgeorge at 9:47 PM on August 31, 2011 [2 favorites]

I think you are talking past me here, I'm not talking about bad faith. We aren't talking about broken agreements between journalistic groups.

Breaking an agreement is a classic example of operating in bad faith. But my point is that the Guardian editor is clearly rather fuzzy-headed on computer topics in the first place, and seems not to have appreciated the security ramifications of what he was told was a one-day password. The guy isn't even clear on how to open a common zip file format, for heaven's sake. The password could easily have been revealed by accident.

What perplexes me is that Assange doesn't seem to have employed more than a rudimentary level of caution, despite being a world-class expert on security and crypto. 'Don't use the same password for every secret login/file' is about the most basic security precaution there is. It's the kind of thing they put in kids' books on how to be a secret agent. It's the sort of thing they put in filler articles on how consumers can protect themselves on the internet.
posted by anigbrowl at 10:06 PM on August 31, 2011 [1 favorite]

There are about 800 million points and thoughts to be shared about secrecy, leaks and such, but I wouldn't trust Assange with anything of consequence.
posted by ambient2 at 10:14 PM on August 31, 2011

I've shifted my position a bit. If there is blame in the disclosure of this information let it rest with the US government who collected it, stored it and then let some 19 year old kid with significant mental health issues have unlimited access to it. Are we really to accept that Bradley Manning was the only disgruntled person in the whole government who was leaking this stuff? I'm going to assume that real professional trained intelligence organizations had long since been reading these messages.

I remain critical of Wikileaks for other reasons, and I don't think it is a good idea. I've moved past blaming them for endangering lives by disclosing information. Perhaps it is denial on my part, but I just can't accept that these guys won some amazing leak lottery. Manning was able to take the information easily and wouldn't have been caught if he didn't say something. A person motivated purely by greed and ego could have taken much more. The ease of Manning's theft, forces me to conclude that he wasn't the only one stealing.
posted by humanfont at 10:33 PM on August 31, 2011 [2 favorites]

To extend my soaked gasoline metaphor further--those who try to blame this one on anyone but Julian Assange have it wrong.

Bradley Manning gave Assange a gas can. Assange, for "insurance" soaked the house in gasoline. When a cohort smoked a cigarette Assange gave him and threw the match into the house, lighting it on fire, those supporting wikileaks here blame the smoker and Bradley Manning, in that order.

No one made Assange create the "insurance" file. He could have just kept it all on a thumb drive and had a copy. Assange, of his own volition, put it on the internet and let everyone download a piece, while insisting it was safe--indeed while insisting he needed it to keep himself safe from some sort of black helicopter outfit. If that was so, why was he so careless with the thing that was supposed to protect him? You would think, if his protection was so vital, he would make sure that his threat to disseminate the materials would have to be intact.

Since it isn't, it makes you wonder about his real motivations.
posted by Ironmouth at 10:36 PM on August 31, 2011

I wonder if Assange's real motivation is to make some people on Metafilter have frowny faces.
posted by Blazecock Pileon at 11:00 PM on August 31, 2011 [3 favorites]

Assange's real motivations are transparent. His motivations are fame, sexual conquest and an fuelif his own ego. The rest of it is all bullshit and patter to distract you from his con.
posted by humanfont at 11:04 PM on August 31, 2011 [1 favorite]

Yeah, those unsafe Chinese reactors are bullshit and patter, definitely.
posted by Blazecock Pileon at 11:11 PM on August 31, 2011 [1 favorite]

Don't forget all the criminal activity revealed in the various leaks. That might be more bullshitty than conny on the humanfont scale though.
posted by Purposeful Grimace at 11:16 PM on August 31, 2011

The bullshit is the hypocritical philosophy of total transparency for everyone else, his claims of elite crypto and security skills and other nonsense about changing the world. The drama of insurance files, etc.
posted by humanfont at 11:47 PM on August 31, 2011 [1 favorite]

"The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption."

Not trying to pick sides here, but ever since that second-in-command dude's story popped up, I've been amazed as to closely this secret tax thing applies to Wikileaks as an organization in itself.
posted by the cydonian at 11:58 PM on August 31, 2011 [2 favorites]

Can we start planning for the Hollywood movie yet? I nominate Bill Maher to play Assange...
posted by mek at 12:22 AM on September 1, 2011 [1 favorite]

"Your theory being that the five dead children in the Tikrit morgue died of natural causes?"

Why do you think they died of natural causes? I didn't see that anywhere in the letter.

I also didn't see it in my comment. Are you having one of your cough-syrup induced hallucinations again? Should we call someone to come to your house?
posted by klangklangston at 12:29 AM on September 1, 2011

"His motivations are fame, sexual conquest and an fuelif his own ego."

I think Freud pretty well figured that the second one was the motivation for every human being. As well as any sexually reproducing creature. The first and third ones are just pleasure stimuli that relate to and reinforce the second one.

And

Oh God, I don't think I can eat much more popcorn.
posted by Xoebe at 12:42 AM on September 1, 2011 [3 favorites]

The Cydonian: Yeah, that quote really stuck out to me too. I really disagree with the aims of it (I prefer a functional diplomatic corps) but it's pretty ironic how it came back to bite Assange.

Ironmouth: "Bradley Manning gave Assange a gas can. Assange, for "insurance" soaked the house in gasoline. When a cohort smoked a cigarette Assange gave him and threw the match into the house, lighting it on fire, those supporting wikileaks here blame the smoker and Bradley Manning, in that order. "

This is silly. You've taken so many leaps here that even Carl Lewis couldn't hop along. Assange et al. made a pretty amateur blunder, but it goes along with the sense that I've had that a lot of these guys, Assange in particular, really have no idea what the hell they're doing outside of a fairly narrow specialty (echoed to a lesser extent in the remedial leaking of the password). They make dumb mistakes, get wrapped up in their own bullshit, and have shot their credibility in the important sense that it's pretty impossible for them to claim they can protect sources now.

But a smoker, toker, midnight joker analogy with gas cans and a gratuitous swipe at Assange for ego? You're not making your case, you're just coming across as emotional.

"Assange's real motivations are transparent. His motivations are fame, sexual conquest and an fuelif his own ego. The rest of it is all bullshit and patter to distract you from his con."

That's pretty laughable too — Why not take Assange at his word? He's been pretty open about his motives. This backseat Freudianism is silly.
posted by klangklangston at 12:45 AM on September 1, 2011 [1 favorite]

Hint for thickies: If you type "7z" into Google, the official 7-Zip website is the first hit.

It blows my mind, but I've also had these sort of WTF moments with people that I thought were fully capable humans. The guy is a journalist, isn't his whole skillset supposed to be researching and finding out stuff? Google is right there, people!

My theory is that some "non-techie" people have a sort of stupidifaction field that engulfs their brains when confronted by computer stuff...
posted by Meatbomb at 1:07 AM on September 1, 2011 [4 favorites]

Just to be clear on some of the details: I don't think we're talking about the Insurance file. Assange wouldn't have gives the password to that to a Guardian journalist. We're talking about an encrypted copy of the cables, which perhaps got into the wild via the mechanism ymgve describes.

Also, I expect the password is the decrpytion key to the file, rather than an FTP access password. The Guardian write up is a bit confused about exactly what password did what, but they mention PGP. So I suspect that its not so much that wikileaks re-used the password, its more that the same encrypted file got into the wild somehow. And then the Guardian gave away the password not realising that it still mattered.
posted by memebake at 1:17 AM on September 1, 2011 [1 favorite]

"Hint for thickies: If you type "7z" into Google, the official 7-Zip website is the first hit."

"It blows my mind, but I've also had these sort of WTF moments with people that I thought were fully capable humans."

Or maybe he has a Mac, and it was an oversimplification of the fact the 7zip home page states only Windows 7 / Vista / XP / 2008 / 2003 / 2000 / NT / ME / 98 & Linux are supported, and the other common 3^rd-party Mac archive programs like The Unarchiver don't handle encrypted 7z?

(Although if you forge ahead onto the 7zip download page and scroll down, it appears there's a Mac CLI client & a few GUIs. Dunno if they're any good, but the point is they're not obvious…)
posted by Pinback at 2:29 AM on September 1, 2011

"Hint for thickies: If you type "7z" into Google, the official 7-Zip website is the first hit."

If he got the same file that everyone else, it was only named xyz_z after decryption, with no extension and no hint of what file type it was. Honest mistake for someone not a computer expert.
posted by ymgve at 4:25 AM on September 1, 2011

klangklangston: They make dumb mistakes, get wrapped up in their own bullshit, and have shot their credibility in the important sense that it's pretty impossible for them to claim they can protect sources now.

I don't see any particular sign that that's the case. They've released more data than they intended, but as far as I know, no leaker identities have gotten out. If Manning was the cable leaker (which is unproven), then he outed himself, Wikileaks had nothing to do with it.

You can argue that they're not doing quite what they intended, but I don't think you can make the claim that they've compromised their own sources.

There's a good chance that Wikileaks themselves won't know who they are; such is the nature of the Internet.
posted by Malor at 4:44 AM on September 1, 2011 [2 favorites]

So the entire world is entitled to the US's secrets?

Please explain how this is. And how are you magically gonna protect these people now?
posted by Ironmouth at 9:29 PM

what the heck makes you think the democratic will of citizens of the united states is what should govern the actions of a non-american entity operating outside of america founded by a non-american releasing information about the way the US government interacts with other countries?

drones, bombs and coca cola?
posted by infini at 5:12 AM on September 1, 2011

Hear hear, infini
posted by to sir with millipedes at 5:20 AM on September 1, 2011

Some confirmation of what I said above ...

Wikileaks twitter confirms that the password is the PGP password for the file, not an FTP access password:

It is false that the passphrase was temporary or was ever described as such. That is not how PGP files work. Ask any expert.

Wikileaks also confirming that we're not talking about the Insurance file. If that had been decrpyted we'd know about it by now.

WikiLeaks 'insurance' files have not been decrypted. All press are currently misreporting. There is an issue, but not that issue.

So I think it went something like:
- Assange gives journalist temporary access to password encrypted cables file
- Journalist isn't too hot on how encryption works
- Journalist thinks password was temporary, publishes it in book
- Meanwhile, original file escapes into the wild, somehow (various rumours)

Clearly there are mistakes being made here, but the mistakes do not pertain to the deliberately-distributed Insurance file. Meanwhile, Wikileaks is asking people to download another encrypted insurance file ...
posted by memebake at 5:46 AM on September 1, 2011 [4 favorites]

ymgve, can you post a source for your description of how the file got into the wild?
posted by memebake at 5:53 AM on September 1, 2011

Are you having one of your cough-syrup induced hallucinations again?

Ah, yes. "Critics of the government must be on drugs." The classics never go out of style.

You said there was "no reliable evidence" to support the several reports of Good Guy forces executing children. That requires you to explain away the kiddie-sized corpses broadcast on Iraqi TV and identified as the victims.

Well? What say you? Someone is lying to make our Heroes look bad?
posted by Trurl at 6:38 AM on September 1, 2011 [1 favorite]

Can one of you tech dudes explain PGP to me quickly and simply?
posted by to sir with millipedes at 6:46 AM on September 1, 2011

ymgve, can you post a source for your description of how the file got into the wild?

It's basically my own research. It all starts with a file called "xyz-magnets.txt" which can be found in various wikileaks archives.

This didn't go unnoticed - at least the people at abovetopsecret discovered the torrents (magnet links are a way of distributing torrents without needing to give out the full .torrent file), but without the password they weren't of much use. These torrents were kept alive and seeded, though. And then, somewhere someone gets the bright idea of testing the password in the book on those files.


My opinion is that Leigh is not that guilty - This part is only speculation, but I assume he got access (via web/ftp) to a file he thought was made available only to himself, and he might even have checked that the file got removed from the location after he'd downloaded it. So he assumed that the password was for a file created specifically for himself, and there wouldn't be much harm in releasing it. Of course, this wasn't the reality, where he was given the exact same file that was available to the public.
posted by ymgve at 6:55 AM on September 1, 2011 [1 favorite]

To sir: this is a slightly odd use of PHP since there's nothing in the story to suggest that public key encryption was used at all. PHP does have a straightforward "encrypt with this password" mode however, so I suspect that's what was being used. I can't remember which encryption algorithm it uses, but it's probably secure enough.
posted by pharm at 6:56 AM on September 1, 2011

To extend my soaked gasoline metaphor further--those who try to blame this one on anyone but Julian Assange have it wrong.

Bradley Manning gave Assange a gas can. Assange, for "insurance" soaked the house in gasoline.

...but since we aren't actually talking about the insurance file, it sounds like maybe you are the one who has it wrong? And maybe should get the story straight first before figuring out how you are going to blame Assange for it?
posted by furiousxgeorge at 6:59 AM on September 1, 2011 [1 favorite]

ymgve: My opinion is that Leigh is not that guilty ...

Yeah, Leigh just seems pretty naive about passwords. I mean, writing one on a post-it note attached to your monitor is one thing. Publishing one in a book is quite another. Even if he thought it was a temporary password, it still might give away useful information (such as that Assange favours pass-phrases with underscores that end in a hash and describe the contents of the file in an unusual way).

I imagine Assange, at that time, was juggling a bunch of large encrypted files on various servers all over the world. He's an expert in encryption so perhaps he started to trust it too much, and then lost track of things (such as then Wikileaks was mirrored) and left encrypted files exposed to the internet when they didn't need to be. It seems like something along those lines happened. He knew the passwords were unguessable, but didn't take a journalist's naivety into account.

So, perhaps he's guilty of dropping one of his heavily-encrypted juggling balls and trusting a journalists computer literacy too much.
posted by memebake at 7:20 AM on September 1, 2011 [1 favorite]

- Meanwhile, original file escapes into the wild, somehow (various rumours)

Who cares if its the insurance file? A file is not an animal. It cannot "escape." There is no "wild" for it to "escape" too. Using this language of "somehow" and "escapes" hides the true facts. the file was in the possession of Wikileaks and Wikileaks, by negligence or design, released it to members of the public over which it had no control.

These are the risks of handling such material. And this is why Wikileaks is responsilbe.

Note the above is true according to Wikileaks own account. Rumors? So Wikileaks has no idea how its file got out there so the PGP key could be used?
posted by Ironmouth at 7:27 AM on September 1, 2011

Ironmouth: Yes, I agree that Wikileaks made a mistake here. The file was in their possession and somehow it got out. I just wanted to point out it was not the deliberately-distributed insurance file.
posted by memebake at 7:30 AM on September 1, 2011

Also, I suspect Assange knows how the file got out (likely explanation: it was always 'out' out the net, he just assumed the password was secure, which to his mind would mean the file was still safe), and so he will do his best to obfuscate and point the focus at the journalist who made a howler.
posted by memebake at 7:34 AM on September 1, 2011

I think it's dubious that ignorance and incompetence were the reason that this has occurred. There's too much at stake, and these are intelligent people. Intelligent, shifty people.
posted by heatvision at 7:35 AM on September 1, 2011

Ironmouth: Yes, I agree that Wikileaks made a mistake here. The file was in their possession and somehow it got out. I just wanted to point out it was not the deliberately-distributed insurance file.

Does it matter? From the descriptions above, Assange made the file available in his archives.

In the end what does it matter. If you mark the box "insurance" or "magnet xyz," if you leave the door open and put a sign saying "Wikileaks Archives, come on in!" on it, you are responsible for its theft. He assumed a duty of guarding those files and told us they would be dealt with responsibly. They were not.
posted by Ironmouth at 7:35 AM on September 1, 2011

heatvision: true. Wikileaks now gets to do what it wanted to do in the first place, which is release the whole lot unredacted. I dont think they subscribe to the idea that releasing the unredacted cables is dangerous - they just went along with the redaction thing for PR reasons.
posted by memebake at 7:38 AM on September 1, 2011

Ironmouth: btw, I have a lot of respect for your position, which (as I understand it from past wikileaks threads) is: there are laws, people who appear to break them should be investigated/prosecuted, and special pleading of exceptionalism should be treated with suspicion.
posted by memebake at 7:41 AM on September 1, 2011

Even if he thought it was a temporary password, it still might give away useful information (such as that Assange favours pass-phrases with underscores that end in a hash and describe the contents of the file in an unusual way).

Fair enough, but I'm still not sure how that reveals Leigh to be irresponsible, or to have made a mistake, or to be naive about passwords. Why would he be responsible for protecting the fact that Assange favors passwords with underscores? Journalists are responsible for protecting anonymity promised to sources, sure. But they're not responsible for protecting anything that "might give away useful information," since it's not their job to protect "useful information."

Imagine turning the dial all the way: A reporter for the New York Times turns in a thoroughly researched story listing all the passwords that Mitt Romney has ever used in his lifetime that reveals he always uses some permutation of the word "Vertigo." Does the newspaper have a responsibility not to run that story, because it might give away useful information? I don't think so.
posted by cribcage at 7:43 AM on September 1, 2011

Who cares if its the insurance file?

You did, of course, with the intentional-gasoline metaphor you repeatedly posted, until it turned out that wasn't what we are talking about. Now my field goal is gonna be short.

So Wikileaks has no idea how its file got out there so the PGP key could be used?

It remains unclear: How? A document containing the full set of over a quarter of a million cables was placed online in encrypted form late last year. In what circumstances is unclear — according to different sources, it was done either by Julian Assange himself or, it now seems more likely, posted unwittingly by a WikiLeaks supporter, after material taken by Domscheit-Berg was returned to WikiLeaks. By that time, full unencrypted sets of the cables had already been passed by WikiLeaks to the The Guardian, which passed them to The New York Times against Assange’s wishes.

It seems clear this file was not meant to be out there as insurance, this was not intentional gas pouring as you repeatedly posted. As for who is trying to do something intentionally here?

However, it has taken an extended period for people to link up the material that is available, with the key. Enter Daniel Domscheit-Berg, whose “Open Leaks” project has flamed out spectacularly in recent weeks. According to Der Spiegel, someone from Domscheit-Berg’s group — which narrows the suspects very rapidly — has in recent days been drawing attention to the connection between the file online — long since mirrored and distributed beyond hope of retrieval — and the password.
posted by furiousxgeorge at 7:43 AM on September 1, 2011

der Spiegel, a wikileaks partner, has a plain language account of how the file got out and the other events of this incident.
posted by Rumple at 7:47 AM on September 1, 2011 [1 favorite]

Imagine turning the dial all the way: A reporter for the New York Times turns in a thoroughly researched story listing all the passwords that Mitt Romney has ever used in his lifetime that reveals he always uses some permutation of the word "Vertigo." Does the newspaper have a responsibility not to run that story, because it might give away useful information? I don't think so.

I would think intentionally publishing information that could lead to hacking/identity theft would be a violation of journalistic ethics at least for a serious paper. There is nothing newsworthy there, it's irrelevant personal information. Just say he uses poor password security if you consider personal passwords newsworthy for some reason.

Do you think Wikileaks similarly has no responsibility to protect the US government informants in the cables?
posted by furiousxgeorge at 7:47 AM on September 1, 2011 [2 favorites]

Then someone betrayed the location of the password -- Leigh's book -- to a journalist for German weekly Der Freitag, which is also an OpenLeaks partner. The weekly published a cautiously formulated version of the story, that without naming the exact location of the password, still revealed it was "out in the open and identifiable to those familiar with the material." Speculation on Twitter and elsewhere ran wild, and hobby investigators began to edge closer to which password it could be.

It seems like Berg has a lot to do with the current situation. After he returned the data he stole some folks at Wikileaks didn't quite know what was in it so the encrypted data got published. This was fine as the password was not known. Leigh published it, but it was still hidden in plain site since nobody knew the files were the same. Someone at Openleaks intentionally lets it be known to score points in their war on Assange.
posted by furiousxgeorge at 7:54 AM on September 1, 2011

Can one of you tech dudes explain PGP to me quickly and simply?

It's an encryption program. It uses 'public key' encryption, where all keys have two parts, a 'private' and a 'public' half. PGP uses the public key to encrypt a file, and then even the person who originally encrypted it can no longer get it back without having the other half of the key.

The way it's normally used is for you to send someone the public half of your key, to verify with them over another channel the 'fingerprint' of the key (so that you know he got the right version, that you're not suffering from a Man In The Middle attack), and for them to then use the public key to encrypt something. They send it to you via whatever method they want -- public, private, it doesn't matter who sees it, because only your private key will unlock it. Once you've got it, you can use the private key to restore the original data file.

Normally, private keys are themselves encrypted with a password, so you should need both the physical key on disk plus that password to get access to the file. In this case, I don't think PGP was used for the final layer of encryption. It sounds like it might just be a password for 7Zip -- anyone with the password can decrypt the file, it doesn't take a key as well. That kind of encryption is 'symmetric' -- that is, the same password both locks and unlocks the file.

PGP is asymmetric; something encoded with one half of the key can only be decoded by the other half. So I don't think the encryption is PGP-based in this case.
posted by Malor at 7:55 AM on September 1, 2011

Here's my point:

If you steal classified material and then pretend to protect the named sources within, you are responsible for the consequences. Assange, Domscheit-Berg are one and the same. Amatuers who believe they know better than the elected government of the country that created the secrets in the first place. They think they have the knowledge to protect the people named in the cables, despite not having the background on the situation, and despite being a group of people obviously torn apart by petty jealousies. The hubris is believing that they were immune to any sort of problem and would never give away the store. The OpenLeaks thing, while massively superior to the Wikileaks model, still has the same issues. If an individual whistleblower wants to let the press know, he or she can. It happens all the time. There is no need for the stupid, risky intermediaries of Domscheit-Berg or Assange. All they do is increase the chances for information beyond that desired to get out, with their egos and personal issues.

What these clowns tried to do was convince the world that their "services" ans intermediaries were needed because they thought they knew what needed to get out. They were wrong. Their reassurances were crap.

And they no doubt set back the declassification movement back by getting information out there that should not be out there.

What needs to happen is political pressure on the governments that act in our names to rationally declassify material. There's a reason why that material should first be reviewed--so names like the 100 that need to be protected don't get out.
posted by Ironmouth at 7:59 AM on September 1, 2011 [1 favorite]

(by the way, I'm glossing over some internal details of how PGP actually does encryption, in the interest of preventing confusion... that description is not perfectly accurate, but it's pretty close.)
posted by Malor at 8:00 AM on September 1, 2011

And they no doubt set back the declassification movement back by getting information out there that should not be out there.

Crippling conspiratorial behavior in existing governments - by forcing an ever-tightening net of secrecy - is Assange's stated explicit purpose. Complaining that he's setting back the comparatively milquetoast pro-declassification crowd is like telling Kucinich he's setting back the Blue Dogs.

I find it really strange how loudly, and vigorously, and passionately, you ignore what other people have been saying about this fact since the first WikiLeaks thread. I totally get why someone wouldn't agree with WikiLeaks/Assange's goals or methods, but you can disagree with them on their merits instead of whipping yourself into a huff every time you suspect someone might not agree that Assange is Satan.

You accuse anyone who disagrees with you of being an Assange groupie, of being insufficiently serious about security, of being lawless -- even if they are not subject to the laws you're pointing to. Instead of disagreeing with Assange's own writing about his motives and methods, you appeal repeatedly to armchair freudian analysis. You are making a mockery of your own beliefs, Ironmouth. I want to make your points for you in these threads, just because I feel awkward watching this happen every single time.
posted by verb at 8:27 AM on September 1, 2011 [10 favorites]

It seems like Berg has a lot to do with the current situation. After he returned the data he stole some folks at Wikileaks didn't quite know what was in it so the encrypted data got published. This was fine as the password was not known.

No. It was not fine. The risk that the password would get out existed. These are known risks. This is why you try and handle these documents with care and why amateurs are not to be trusted with them. They have no duty to the material. Manning's long prison term will deter others with a duty. Assange may be caught up, but the deterrence is less.

Seriously even Der Speigel says it was "blunders by Wikileaks and its supporters.
posted by Ironmouth at 8:30 AM on September 1, 2011 [1 favorite]

Rumple, thanks for the link to the Der Spiegel account of the data leak. Sounds like a clusterfuck with plenty of blame to go around.

1. Assange gives the cables + password to Leigh
2. Domscheit-Berg takes a copy of Wikileaks, not knowing the cables are there
3. Wikileaks gets attacked and mirrors all its data on BitTorrent, including the cables
4. Leigh publishes the actual password in his book, thinking it was no longer valuable
5. Someone tips off Der Spiegel that the password actually works
6. Shit blows up

Information wants to be free. Sounds like lots of stupidity here: Leigh for publishing the password, Assange for not deleting the cable file, someone unknown for accidentally mirroring the encrypted cables. Just dumb all around. But not entirely surprising, given the value of the data and how many people had copies.

None of this matters for US security: the WikiLeaks data has long since been spread around. And SIPRnet was never meaningfully secure in the first place. Leigh and the WikiLeaks folks sure look like clowns now though.

Pirate Bay has at least two copies of the decrypted torrents now. 1.6GB uncompressed, 350MB compressed.
posted by Nelson at 8:48 AM on September 1, 2011 [1 favorite]

(BTW, many people are saying that Domscheit-Berg is the one who actually told Der Spiegel about the password actually working on files that were out in the wild. Importantly though, Der Spiegel's own account doesn't directly say that, although I think they are trying to imply it without burning their source.)
posted by Nelson at 8:51 AM on September 1, 2011

You accuse anyone who disagrees with you of being an Assange groupie, of being insufficiently serious about security, of being lawless -- even if they are not subject to the laws you're pointing to. Instead of disagreeing with Assange's own writing about his motives and methods, you appeal repeatedly to armchair freudian analysis.

Please point out where I have:

(1) Called anyone an "Assange groupie" in this thread. (Page search shows you are the only one to use word "groupie."

(2) Accused anyone on this page of being "insufficently serious about security."

(3) Accused any MeFite of being "lawless" in this thread.

(4) Where, anywhere in this thread, I have engaged in "armchair Freudian analysis" of anyone in this thread. I mention no oedipal complex or anything else.

All I do is point out how people somehow will say anything to avoid the obvious: Assange did not secure the material or names as he promised he would. The material on his website was taken and his key compromised. We are told that it was "fine" and not foreseeable, but handling of classified data by private individuals is inherently risky, as is placing that material in a place where it could be released to the public. For that, Assange is responsible.

We are told that Mr. Domscheit-Berg is responsible, that the Guardian is responsible. But Assange put it on the web. He handed over a password he never changed.

Also, Assange has said a lot of self-justifying things--certainly that point about security cost. But then he turned around and responded to security concerns and agreed to work with the Guardian and others. And this "security cost," is apparently the names of 100 people that did not have to be revealed. Is the US supposed to stop working with pro-democracy activists and others?
posted by Ironmouth at 8:52 AM on September 1, 2011 [1 favorite]

If you steal classified material and then pretend to protect the named sources within, you are responsible for the consequences. Assange, Domscheit-Berg are one and the same. Amatuers who believe they know better than the elected government of the country that created the secrets in the first place.

The difference is that Assange didn't steal data, he was passed information by a source just like any other journalist is. It seems that in this case only one person was stealing data. Berg should have been more careful in making sure Wikileaks knew what was in the data he stole when he returned it.

Now, you say they are one in the same now, but of course when it is convenient you praise Berg and Openleaks as a much better organization in order to attack Wikileaks. It is kind of silly. It's transparent how willing you are to adjust your arguments to go after Wikileaks no matter what the facts are, and no matter what you have previously said.

In this case, Berg was the cause of a lot of trouble, just like Manning was for the US Govenrment. That doesn't mean the US Government is incapable of protecting secrets. It means nobody can predict when someone will flake out or make silly mistakes.

Wikileaks never intended to be an intermediary, they wanted to publish themselves. People like you, Ironmouth, told them they had to redact the cables. They went to the papers, shit went south.
posted by furiousxgeorge at 8:57 AM on September 1, 2011 [1 favorite]

This is my favourite leaked cable - I'd support more such information coming to light.

¶2. (C) Assistant Secretary Carson, accompanied by the Ambassador, Special Assistant Cook and Econoff, met with President John Atta-Mills on February 3, 2010. Carson strongly emphasized the need for leadership in ensuring that Ghana's oil resources are managed for the benefit of the country. He stressed the importance of adherence to rule of law and transparency to maintain Ghana's attractiveness for investment and its ultimate success in developing its oil resources. Mills said he is determined to ensure oil will be a blessing, but that a number of corrupt (unnamed) oil company representatives have attempted to bribe him. He said that he refused the money and was offended by their efforts.
posted by infini at 9:04 AM on September 1, 2011 [2 favorites]

"Ah, yes. "Critics of the government must be on drugs." The classics never go out of style."

Actually, "People who invent facts are unreliable." But no, your classic misdirection never does go out of style. Perhaps Balloonjuice has made you soft.

You said there was "no reliable evidence" to support the several reports of Good Guy forces executing children. That requires you to explain away the kiddie-sized corpses broadcast on Iraqi TV and identified as the victims.

Actually, it doesn't. I said that you clearly misrepresented the letter, which you did (and won't admit). Then I pointed out that "begging the question" is, in fact, the very definition of your fallacy here — the letter asks if the facts are accurate, and you take that as evidence that the facts are accurate. I don't dispute that children died (even though it'd be trivial to insist that you prove that too), but as the open question is whether the US/MNF caused those deaths, assuming that they did ignores the actual text of the letter.

This is a common pattern from you, which is why I'm pointing it out — You misrepresent your source, claim it proves something, and then sarcastically impugn anyone who has the gall to point out the difference between allegation and fact. It's very silly, and leads me to believe that either you just don't care about the truth, or that you assume everyone else here just isn't bright enough to understand that, e.g. when a letter asks if allegations are accurate that implicitly means that the author of the letter doesn't know whether those allegations are accurate.

Feel free to demonstrate even a modicum of understanding of this point at any juncture.

Well? What say you? Someone is lying to make our Heroes look bad?

Actually, I didn't say that at all. Once again, you invent things because you realize that your argument is weak without inflammatory fictions. Whether you're doing this because you're fundamentally dishonest or fundamentally stupid, I wish you'd stop.
posted by klangklangston at 9:11 AM on September 1, 2011

I care about the truth, so I expect the US government to reveal the answers to the questions in the memo any day now.
posted by furiousxgeorge at 9:20 AM on September 1, 2011

Whups. Total ital fail. Let's see if I can do better for Malor:

"You can argue that they're not doing quite what they intended, but I don't think you can make the claim that they've compromised their own sources."

That wasn't the point I was making, which is that by losing control of their secrets, they've made it hard for new sources to trust that Wikileaks (or Openleaks) will be able to control their secrets going forward. That the US intelligence sources are getting burned is different and fairly terrible (a lot of effort goes into creating an intelligence network, and by giving out unredacted cables, it allows others to see exactly how the US did it, meaning it's a risk to both named and unnamed sources there too), but not what I'm talking about with my previous comment.

Most whistleblowers are pretty trivial to figure out where they came from even when redacted, and that keeping their identities secret means being responsible with the information they give you. Wikileaks had something they were trying to keep secret, and were unable to do so. If I was a source, I'd be wary of giving them my information even if they told me they could keep it secret.
posted by klangklangston at 9:21 AM on September 1, 2011

Do you think Wikileaks similarly has no responsibility to protect the US government informants in the cables?

If someone gives you a secret and you know sharing that secret will harm someone else, what is your responsibly? If you no longer believe the information is secret do your responsibilities end?
posted by humanfont at 10:28 AM on September 1, 2011

If someone gives you a secret and you know sharing that secret will harm someone else, what is your responsibly? If you no longer believe the information is secret do your responsibilities end?

I'm honestly conflicted on what level of responsibility Wikileaks should take for the government informants, I'm just trying to figure out why some who do have a position on this do not extend the responsibility to the newspapers that partnered with Wikileaks to handle the data.
posted by furiousxgeorge at 10:49 AM on September 1, 2011 [1 favorite]

If someone gives you a secret and you know sharing that secret will harm someone else, what is your responsibly? If you no longer believe the information is secret do your responsibilities end?

I'm honestly conflicted on what level of responsibility Wikileaks should take for the government informants, I'm just trying to figure out why some who do have a position on this do not extend the responsibility to the newspapers that partnered with Wikileaks to handle the data.

Because the data that was released was not put on the web by them. It was Wikileaks that lost the data, not the newspapers. It was Wikileaks that never changed the password. Wikileaks was in control of the data that was lost. Not the newspapers.
posted by Ironmouth at 10:55 AM on September 1, 2011

And Wikileaks never published the password, without which this doesn't happen. In a situation where lives are on the line, and there is little journalistic benefit to publish a password, why do it?

Regardless, my question was for the people who are implying, as far as I can tell, that the Guardian does not have a responsibility to the Afghan informants as well. You, I don't care about so much because if the situations were reversed and Assange had published the password you would shift the entire argument of what is solely to blame because your mission is to spin it that way no matter what.
posted by furiousxgeorge at 11:03 AM on September 1, 2011 [2 favorites]

For instance, were you honest, Ironmouth, you might be considering that Wikileaks published this data accidentally while under duress. They were being pressured routinely by DOS attacks and were having their sources of funding cut off. They didn't know if they could keep their sites up.

If we are losing the spin and just looking at how we got here, we have to give some blame to those hackers who went after Wikileaks as well. Their goal was to keep Wikileaks from revealing any data, and they provoked (accidentally) the exact result they didn't want. AFAIK, these attacks were never even investigated, perhaps because the list of suspects might include groups like this.
posted by furiousxgeorge at 11:13 AM on September 1, 2011 [3 favorites]

(1) Called anyone an "Assange groupie" in this thread. (Page search shows you are the only one to use word "groupie."

I never said that you used the word groupie: my point was that anyone who disagrees with you on the fundamental issues regarding the WikiLeaks meta-saga has, at some point in the last year, been dismissed as infatuated with, overly trusting of, deplorably uncritical of, jealous of, or in some way fixated on the person of Julian Assange.

Would you care to back up the assertion I was responding to? Upthread, you said very specifically: "For a long time I've been talking about these dangers. Everyone assured me there'd never be a data loss."

I never assured you of that. I know of many in the last several threads who never assured you of that. In fact, WikiLeaks critics erected that criteria as the measure by which WikiLeaks should be judged. You may feel that it's a fair metric, but people disagreeing with you on the value of state secrecy, and individual responsibility in the face of leaked information, does not mean that they have accepted the presuppositions you bring to the discussion.
posted by verb at 11:15 AM on September 1, 2011

It was Wikileaks that never changed the password.

Speaking purely technically, I think this isn't quite right. Wikileaks created a file with the cables, then encrypted it. Later, by accident, that encrypted file was posted to the Internet. Once that happens it's done. There's no more changing passwords: the data is out there. But as long as the password remains secret, it's no problem. Unfortunately the Guardian author later published the password, not knowing that it was still useful.

It's like a Reese's peanut butter cup. Wikileaks is the peanut butter, Leigh's book is the chocolate. Need both to make a delicious shitstorm. It was dumb for Wikileaks to let that encrypted file get out, when they'd shared the password with Leigh. It was dumb for Leigh to publish the actual password.

Information wants to be free. It's a bitch keeping it bottled up.
posted by Nelson at 11:17 AM on September 1, 2011 [2 favorites]

And I have to say, maybe this is because of my generation, I'd never publish the actual password to anything. It's just never, ever a good idea.

Which is a shame, because I've got some pretty clever passwords. (Especially since I just had to change them all recently.)
posted by klangklangston at 11:39 AM on September 1, 2011 [4 favorites]

Later, by accident, that encrypted file was posted to the Internet.

This would be the negligence.
posted by Ironmouth at 11:51 AM on September 1, 2011

For instance, were you honest, Ironmouth, you might be considering that Wikileaks published this data accidentally while under duress. They were being pressured routinely by DOS attacks and were having their sources of funding cut off. They didn't know if they could keep their sites up.

why not pull that data down if you are under attack?
posted by Ironmouth at 11:54 AM on September 1, 2011

Information wants to be free. It's a bitch keeping it bottled up.

Information "wants" nothing. It has no mind of its own. It is an inanimate object. Acting like it, on its own volition did this minimizes the responsibility of Wikileaks.
posted by Ironmouth at 11:56 AM on September 1, 2011

Information wants to be free. It's a bitch keeping it bottled up.

Information "wants" nothing. It has no mind of its own. It is an inanimate object. Acting like it, on its own volition did this minimizes the responsibility of Wikileaks.

In this context, Ironmouth, the point is that it flows like water if there is a hole in the container. It's not a value judgement.

why not pull that data down if you are under attack?

Blaming the victim? They are passionate journalists and activists, they are going to try and keep their message going out.
posted by furiousxgeorge at 12:00 PM on September 1, 2011 [1 favorite]

In this context, Ironmouth, the point is that it flows like water if there is a hole in the container. It's not a value judgement.

(And you had to intentionally misread the hell out of that comment to suggest otherwise, it was a technical explanation of the leak not an accusation of blame)
posted by furiousxgeorge at 12:02 PM on September 1, 2011 [1 favorite]

Btw, wikileaks suing the guardian is about the dumbest thing they could possibly do -- I see nothing but an Oscar Wilde-suing-for-slander outcome for them out of it.
posted by empath at 12:05 PM on September 1, 2011 [1 favorite]

What do you mean by "pull that data down"? The thing about information is that it's irrevocable. Once the encrypted file is available to the internet at large, you can't "take it down", and you can't "change the password" on it. If I tell you a secret, I can't un-tell you the secret, and I can't retroactively change what I've told you.

The trouble people have with encryption, I think, is that there's no metaphor that works exactly for it, no analogy to think about it sensibly if you don't fundamentally understand the rules for how information works.
posted by NMcCoy at 12:11 PM on September 1, 2011 [1 favorite]

So many people on the blue talk as though security, civilization, and the legitimacy of elected governmental authority are all right-wing wacko stuff, and really there should be no government control over anything that's not a profit-making enterprise of some kind. So many people tried to defend the leaks and insist that Assange was taking careful measures to prevent anything bad from happening. I felt betrayed (I actually still called myself a liberal until the WikiLeaks incident) and I came on here and flew into a rage about how Assange is not a duly elected custodian of that information, has no accountability, and there is no reason for us to trust him with our safety. I came out of it feeling like an AM talk radio nut job that no one was listening to.

Now, I feel pretty vindicated, since what I thought might happen has actually, literally happened. Christ, I was actually right for once. I'm going to console myself with that thought, even as the entire edifice of Western civilization crumbles around me. And once pacifist fundamentalism succeeds in removing all the threats and leverage we have to work with in dissuading other countries from proliferating nuclear weapons, I guess you'll get your all-natural, sparsely populated, sustainable world.

Think about it this way: if we don't interfere with anyone else's development, won't the rest of the world develop through the same messy trial-and-error process that we did? And how many times did we narrowly dodge global thermonuclear war during our journey here? How many other countries and rivalries on this planet can follow that same dangerous, fully self-determined path to liberal democracy before the world's luck runs out?

I guess the only reason I have the boldness to post this is that the thread is so long probably no one is reading it anymore. I really needed a rage soliloquy after reading this news. Thanks for the therapy, internet version of /dev/null.
posted by Xezlec at 12:23 PM on September 1, 2011

What do you mean by "pull that data down"?

In this case, Wikileaks was afraid their sites would be taken down so they put together a torrent of their already publicly available information. The encrypted file was included unintentionally. There was confusion because files stolen by Berg had been recently returned.

Ironmouth suggests they should have simply given in to the DOS attacks instead. Personally, I think there was nothing wrong with their approach aside from not being careful enough with what files were included. Even so, as long as the password had remained secret the files would have remained safe.

and I came on here and flew into a rage about how Assange is not a duly elected custodian of that information, has no accountability, and there is no reason for us to trust him with our safety

A duly "elected" custodian is who gave the data to Assange, much like information has always been leaked to journalists. Assange faces the same accountability any journalist does.
posted by furiousxgeorge at 12:27 PM on September 1, 2011

and I came on here and flew into a rage about how Assange is not a duly elected custodian of that information, has no accountability, and there is no reason for us to trust him with our safety

We didn't elect the guys running the CIA and NSA either, and most of the people we do elect are as in the dark about what's really going on as the rest of us are.
posted by empath at 12:47 PM on September 1, 2011 [2 favorites]

"I felt betrayed (I actually still called myself a liberal until the WikiLeaks incident) and I came on here and flew into a rage about how Assange is not a duly elected custodian of that information, has no accountability, and there is no reason for us to trust him with our safety. I came out of it feeling like an AM talk radio nut job that no one was listening to."

Look, my general position is that the Wikileaks were about 60 percent good, and 40 percent mistake. I disagree with Assange's underlying philosophy, but also am generally an advocate for transparency and declassification. And I definitely think that from a utilitarian standpoint, the outcome has been on the balance good — most of the Arab Spring stuff has been catalyzed by Wikileaks, and I consider myself lucky to live in a time where I get to see so many historic revolutions taking place. Not five years ago, I was in undergrad studying a lot of these places, and they were basically authoritarian shitholes. I don't think it's right to underplay that. Further, the Wikileaks did bring to public attention a lot of abuses by the US government. Not as many as are spun by some of their supporters, but on the balance, a lot of things that both the American and world populations should be able to know.

Even still, there are a lot of ways that Wikileaks has been less than ideal (or even actively fucked up). I don't think Assange is any great person, and I think the push to make him into a hero has been pretty uncritical and focused more on a shared antipathy towards certain aspects of US foreign policy than an honest appraisal of him and his methods, and I think that both this and the ongoing pissing match over the stolen data with DDM have highlighted a lot of ways that Wikileaks has failed to live up to its initial promise.

So instead of feeling betrayed, I'd advise you to look at what we can actually know now about the overall Wikileaks campaign: Assange has used information to essentially dramatically increase freedom for a large number of people across the globe, and whether he did that through blundering luck or deliberate design doesn't matter nearly as much to me as the ultimate effect. He's also had to deal with a tremendous amount of very powerful people working to undermine his work and discredit him, and to my disappointment, I think that he's given them a lot of ammunition to do so.

I guess that'd be my ultimate emotional takeaway — not betrayed, but disappointed. It's a pretty common feeling for me, honestly, being a liberal and interested in politics. I rarely feel betrayed by Obama so much as disappointed; likewise Democrats in general. Assange and Wikileaks had the potential to do a lot more good if they were able to function like a real organization, but ultimately, they've been largely compromised by their personal squabbles and Assange's foibles (if you can call alleged sexual assault a foible). I was really hoping that the Bank of America documents would come out sometime soon, but by this point, I'm not even sure Assange has them. I'm not sure he has anything more, really, outside of these cables. And that's a shame, because I do think that he had the possibility of doing a lot more good if he'd been able to shut up, treat people decently and manage basic computer security protocol.
posted by klangklangston at 1:03 PM on September 1, 2011 [7 favorites]

The password was CollectionOfHistorySince_1966_ToThe_PresentDay#

Wow, what a crappy password. It's all English, except for a meaningful year number and an appended non-alpha. The position of that last character makes me suspect that it wasn't put there by Assange's choice; it looks like something that a user would add in order to satisfy the password requirements of the encryption software. The characters are in CamelCase so he didn't even randomise the capitalisation.

I bet people running dictionary attacks against his other files have just narrowed their search space considerably. Instead of random strings they now know to focus on things like "This_Is_My_Insurance_File#" or "In_The_Event_Of_My_Capture#".
posted by Joe in Australia at 3:40 PM on September 1, 2011

Bruce Schneier says it is a good key.

Also: Memo to the Guardian: Publishing encryption keys is almost always a bad idea. Memo to WikiLeaks: Using the same key for the Guardian and for the insurance file -- if that's what you did -- was a bad idea.
posted by furiousxgeorge at 3:53 PM on September 1, 2011 [2 favorites]

Joe: despite the English text in it, mathematically that's a very strong password. The non-predictable spacing and extra punctuation would make it extraordinarily difficult to crack. Remember, the attacker doesn't even know how long it is, or that it's even IN that format, and coming up with that precise string, with precisely the right non-alpha characters in precisely the right places, is so close to impossible that it can be safely ignored.

After all, even if you tried CollectionOfDiplomaticHistorySince_1966_To_The_PresentDay#, so close to the real password, it wouldn't work. Off by one character is the same as off by twenty.
posted by Malor at 6:13 PM on September 1, 2011

Malor, I'm not thinking about that key; I'm thinking about the other keys he's produced. The fact that it's a coherent description of the contents implies that other keys will follow the same pattern. It's as if I used "Tax_Records_For_June%" as a key. As long as nobody finds that key then my passwords are safe, but if they find that key they have good reason to try similar ones, like "Tax_Records_For_May&" and "Business_Data_for_2011@" and so forth.
posted by Joe in Australia at 6:19 PM on September 1, 2011 [1 favorite]

Obligatory xkcd link on password strength.
posted by chemoboy at 6:20 PM on September 1, 2011 [1 favorite]

wikileaks WikiLeaks
Note the files are compressed with 7zip. They unpack to 60 GB of material.
1 minute ago

wikileaks WikiLeaks
Start your mirrors! Tweet each mirror with #wlmir mymirrorname.org/cablegate twitlonger.com/show/cptu7b
14 minutes ago

wikileaks WikiLeaks
openssl enc -d -aes-256-cbc outfile
16 minutes ago

wikileaks WikiLeaks
AES256CBC: Gw0whe$PfehwH{W%$%0sfwFGOENqi24yHSFP{NKFwekqzcxGPAEGMq32pfewkjnwrHN}#%Fwedqkdg?WM43\hgwr#$JhowdnwqQELFDWmenhwREWKwqeq$
17 minutes ago
»

wikileaks WikiLeaks
Shining a light on 45 years of US "diplomacy", it is time to open the archives forever. wikileaks.org/cablegate/
posted by furiousxgeorge at 6:40 PM on September 1, 2011

I can't get that password to work. Maybe Twitter messed something up?
posted by ymgve at 6:52 PM on September 1, 2011

Oh, I was mistaken. This is NOT the password to the old insurance.aes256 file they released a year ago, this is the password for the NEW file they released some days ago named sDgo3FDksdGwsrkrS.enc. The password works fine there.
posted by ymgve at 7:04 PM on September 1, 2011

This is the cablegate stuff, purely symbolic at this point.
posted by furiousxgeorge at 7:05 PM on September 1, 2011

The new password is interesting, though.

- It is much longer than it needs to be. It contains several thousand bits of entropy, which while it makes a good password, doesn't matter because it's all compressed down to a 256 bit AES key.
- There are some patterns (like contiguous runs of lower case and upper case letters) indicating that this password might have been generated through keyboard mashing instead of a random password generator.
- It is completely unsuited for transmission through a written note or some other non-electronic form of communication, making it harder to use as an "insurance" password.

This makes me suspect that it's a shallow attempt at telling the world LOOK HOW SECURE WE ARE!_{pleasecontinuesendingusdocuments}
posted by ymgve at 7:47 PM on September 1, 2011 [1 favorite]

via someone on SA, haven't actually looked at the files so I can't confirm:

Well, shit. Just search for (protect), which is helpfully appended to confidential sources in sensitive situations.
posted by furiousxgeorge at 9:14 PM on September 1, 2011

Can someone tell me what the term "minimize" means in the context of an embassy cable? I see it a lot at the very end, and it appears to be referring to specific embassies.
posted by chemoboy at 11:14 PM on September 1, 2011

So, from homonculus' link: "WikiLeaks is also crowd-sourcing the redaction issue, by polling its Twitter followers on whether they favor releasing the remaining cables from its cache without any redaction. Respondent have "favored disclosure at a ratio of of 100 to one," according to the Guardian."

It looks like they may have done that now?
posted by curious nu at 9:14 AM on September 2, 2011

AP: An adviser to Prime Minister Nouri al-Maliki said the government will revive a stalled probe into the 2006 raid. Al-Maliki has said he need more information from the U.S. to fully investigate the raid.

"We will not give up the rights of the Iraqi people, and this subject will be followed," said Ali al-Moussawi, the prime minister's media adviser.

Thanks, Wikileaks.
posted by furiousxgeorge at 10:27 AM on September 2, 2011 [1 favorite]

Moving this discussion here...

Looks like the recent release of a cable from the UN to the US State Department, documenting a possible summary execution of an Iraqi family by US forces could seriously affect a treaty that would allow for a long-term US presence in Iraq:

Iraq's government said Friday it will investigate the new allegations. And some officials said that the document was reason enough for Iraq to force the American military to leave instead of signing a deal allowing troops to stay beyond a year-end departure deadline. . .

"The new report about this crime will have its impact on signing any new agreement," said Sunni lawmaker Aliya Nusayif. She said Iraq's parliament will investigate the new details about the raid and seek to prosecute any U.S. soldiers who commit future crimes in Iraq.

Whether U.S. forces in Iraq will continue to have legal immunity from prosecution if they stay is one of the major stumbling blocks in the ongoing negotiations, as Washington will not allow the military to remain without it.

An adviser to Prime Minister Nouri al-Maliki said the government will revive a stalled probe into the 2006 raid. Al-Maliki has said he needs more information from the U.S. to fully investigate the raid.

"We will not give up the rights of the Iraqi people, and this subject will be followed," said Ali al-Moussawi, the prime minister's media adviser."
posted by markkraft at 10:28 AM on September 2, 2011 [2 favorites]

Guardian: Julian Assange could face prosecution in Australia after publishing sensitive information about government officials amongst the 251,000 unredacted cables released this week.

WikiLeaks published its entire cache of US diplomatic cables without redactions to protect those named within, a move condemned by all five of the whistleblowing website's original media partners.

Australia's attorney general, Robert McClelland, confirmed in a statement on Friday that the new cable release identified at least one individual within the country's intelligence service. He added it is a criminal offence in the country to publish any information which could lead to the identification of an intelligence officer.
posted by furiousxgeorge at 10:44 AM on September 2, 2011

I'm just going to put this here: WikiLeaks posts all US cables unredacted. That's 250,000 cables, to you.

Sorry if this has been covered.
posted by troll at 1:11 PM on September 2, 2011 [2 favorites]

Guardian: Condemnation for WikiLeaks decision to publish US government cables in unredacted form. Contains an assertion that the password was used to encrypt a new file:

It now appears that last December another WikiLeaks employee was responsible for a further leak when he placed the unredacted cables on a peer-to-peer site with an old password – motivated, it seems, by the arrest of Assange on allegations concerning his private life. It is not clear that even Assange – distracted by his legal actions over the Swedish sex allegations – knew of this act. This, to be clear, was not the original file accessed by the Guardian last year, which was, as agreed with WikiLeaks, removed from a secure file server after we had obtained a copy and never compromised.

posted by Nelson at 8:31 AM on September 3, 2011 [1 favorite]

Very strange. It that's true, the question becomes whether said wikileaks employee knew the password was to be published, or simply mirrored any encrypted files they had lying around without understanding that some keys had been circulated. There are fairly good odds David Leigh is simply covering his negligent ass by claiming the file was leaked intentionally.
posted by jeffburdges at 8:56 AM on September 3, 2011 [1 favorite]

"Same file" is a bit ambiguous. It could be the exact same sequence of bits published in a new place, a copy of the original. That seems more likely than some nefarious/stupid WikiLeaker deliberately creating a new file and rooting out an old password that Assange had scribbled on a napkin.
posted by Nelson at 9:11 AM on September 3, 2011

Wow, people were still reading.

So instead of feeling betrayed, I'd advise you to look at what we can actually know now about the overall Wikileaks campaign: Assange has used information to essentially dramatically increase freedom for a large number of people across the globe, and whether he did that through blundering luck or deliberate design doesn't matter nearly as much to me as the ultimate effect.

The ultimate effect has yet to be seen. Our enemies are still analyzing this historically unprecedented treasure trove of unbelievably excellent intelligence and haven't made any use of it so far. Since a large number of strategic vulnerabilities of at least the US have now been revealed, war of some kind may be imminent. Did the leak of nuclear secrets to the Soviets make the world a better place? No, it (eventually) made the Cold War what it was. And now, certain countries whose ambitions tend to run up against the US are going to see slight strategic openings. Some of those will surely be exploited. You may not like the results as much as you think you will. The image of the US as the Evil Empire is so taken for granted that you might not fully realize how much good US power actually does. As bad as we may be, some potential "Evil Empires" could be even worse than us!

I also don't know about the whole "dramatically increase freedom across the globe" line. Three small countries had revolutions that may have had some vague connection to WikiLeaks, and while the rulers who were overthrown were indeed colossal dickheads, it isn't yet clear that any of the three are going to wind up with governments that are an improvement over the previous ones.

I also disagree that how the effect came about doesn't matter. It matters to everyone who has access to classified information, and anyone who has potentially an opportunity to sabotage the American military or economy. If doing things that harm the US were "60% good", then it would be morally right for all Americans to betray their country, and wrong for them not to. Don't tell me that doesn't matter. This event and the public reaction to it will affect the way a lot of young people in my country come to define right and wrong.
posted by Xezlec at 2:01 PM on September 3, 2011

Did the leak of nuclear secrets to the Soviets make the world a better place? No, it (eventually) made the Cold War what it was.

Well, I mean, technically the Cold War did make the world a better place. But that was following 1910-1950, so, not a high standard by any means.
posted by mek at 4:50 PM on September 3, 2011 [1 favorite]

There is afaik no information concerning technology, millitary capacity, or military operations in the leaked cables, well they aren't top secret. Ain't even vaguely the same as nuclear secrets.

Conversely, there isn't afaik any evidence that leaking nuclear secrets has ever benefited the world. Russia developed bombs just fine all by themselves.
posted by jeffburdges at 6:23 PM on September 3, 2011

Since a large number of strategic vulnerabilities of at least the US have now been revealed, war of some kind may be imminent.

Citation needed.
posted by verb at 4:55 AM on September 4, 2011 [1 favorite]

Since a large number of strategic vulnerabilities of at least the US have now been revealed, war of some kind may be imminent.

But nobody else has the same level of military might and global projection of force. Who would dare to anger the last remaining superpower in the world?
posted by infini at 5:02 AM on September 4, 2011

I just downloaded all of them, now to figure out how to read them in excel.

A citation is not needed to outline the various intel agencies who have for years observed americas' defense situation. Just like we have to other countries. It is called a general intelligence package.

But nobody else has the same level of military might and global projection of force. Who would dare to anger the last remaining superpower in the world?

This begs the question as there are 100s of scenerios were america is "outgunned".
posted by clavdivs at 9:57 AM on September 4, 2011

Well scenario planners need something to do.
posted by infini at 10:26 AM on September 4, 2011

Is there a way to search the complete database set? I'd like to see how many times various countries are mentioned.
posted by empath at 12:30 PM on September 4, 2011

"And now, certain countries whose ambitions tend to run up against the US are going to see slight strategic openings. Some of those will surely be exploited."

"will surely"?! In a meaningful way? Not necessarily. In fact, it could actually improve security and close strategic openings significantly.

Quick question:
Which country in the entire world is most capable of getting their hands on the leaked information and having language, security, and data mining experts analyzing it to determine patterns and strategic weaknesses that can be exploited?

China? Russia? Iran?!

No. The answer is the United States of America.
posted by markkraft at 5:01 PM on September 4, 2011 [1 favorite]

(Indeed... if anything, this could be an excellent way to determine and respond to vulnerabilities that have existed for awhile, which our potential enemies are already aware of.)
posted by markkraft at 5:03 PM on September 4, 2011

Markkraft, these are American cables that Bradley Manning (apparently) downloaded from an American computer while working for the American armed forces. I think it is highly probable that they already have complete access to them. On the positive side, the US Army will probably not seek to exploit any strategic weaknesses they reveal about the USA.
posted by Joe in Australia at 5:05 PM on September 4, 2011 [2 favorites]

Markkraft, these are American cables that Bradley Manning (apparently) downloaded from an American computer while working for the American armed forces. I think it is highly probable that they already have complete access to them.

...which only makes markkraft's point all the more true. The US has the resources to find and plug up any vulnerabilities before anyone else can find them and exploit them.
posted by Sys Rq at 5:16 PM on September 4, 2011

A lot of the vulnerabilities are diplomatic ones: evidence that the USA has been playing against both sides, or lying, or otherwise behaving badly. There's no real way to fix this problem. Some other vulnerabilities are caused by dependence on the United States' allies, both individual and national. The secret deals and confidences that were exposed have weakened these allies and made them less likely to trust the USA. I bet some politicians here in Australia have been personally embarrassed at finding out that their cocktail party conversation was recorded and transmitted to the USA, and this will inevitably have repercussions - people will be more careful dealing with your country's representatives.

On the whole I think the leak will end up being a net positive for the USA because so many of the cables show your country doing the right thing, or protesting hypocritical stances, or being concerned about the bad acts of others. But it's silly to think that any negative effects can be prevented by acting quickly.
posted by Joe in Australia at 6:11 PM on September 4, 2011 [1 favorite]

Hopefully this will improve effective soft power capabilities and management
posted by infini at 9:39 PM on September 4, 2011

Yeah thats a good link george. A technology summary from a stackoverflow user who has more SO points than me.

... When we use encryption, it is entirely expected and normal for the encrypted text to be visible to the public. If the encrypted text isn’t visible to the public, it can’t possibly be transmitted. You can’t run a secure system under the assumption that an encrypted file will not be seen by others. The entire point of cryptography is that we transmit the encrypted text “in the clear” (without further encryption). On the flipside, the entire point of cryptography is that we don’t divulge the encryption key. So WikiLeaks was in the right to make the encrypted file public (however that happened), assuming that the passphrase would be kept private. The Guardian was in the wrong to make the passphrase public, assuming that the encrypted file would be kept private. By definition, the encrypted file was public because it was available from a public server for at least a few hours.

Again, Leigh was a non-technical person, so we can’t expect him to have understood all of these subtleties. But let’s remember what we’re dealing with here: arguably the most important secret documents in history. The man should have gotten a better technical understanding of cryptography before he did this, and failing that, given that he was not an expert, he should not have presumed it was safe to disclose the password. Even assuming no technical knowledge, it is completely idiotic to publish any kind of password, even an expired one. If nothing else, it would have been safe in case Assange did re-use the same password again. And just to dig a bit deeper: Assange took the extra step of creating a salt, the additional word that he told Leigh to remember and insert into the password but not write down, for the express purpose of protecting the data in the event that someone got a hold of the piece of paper. The final, clinching, idiotic move is that Leigh wrote the salt in the book as well as the password — the one thing he was never supposed to write down.

posted by memebake at 3:24 AM on September 5, 2011 [3 favorites]

Right, look, I can see where there is some blame for Wikileaks. But it is utterly assinine Leigh is trying to depict himself as a total innocent and getting all offended when he is called out.

I can't believe the anti-Wikileaks feeling is enough to overwhelm common sense for some on this. It's not like the arguments against publishing dangerous confidential information are unknown to them.
posted by furiousxgeorge at 9:08 AM on September 5, 2011 [1 favorite]

What about the one about Mayawati's sandals and that Assange should be in a straightjacket?
posted by infini at 12:20 PM on September 8, 2011