tip off

It’s done: bruised egos lead to the release of uncensored WikiLeaks cables

The full, unredacted set of WikiLeaks cables is now available online and in readable form, courtesy of a three-way clash of egos between Julian Assange, disgruntled ex-WikiLeaks volunteer Daniel Domscheit-Berg and the Guardian’s senior journalists.

The release places in potentially grave danger US diplomatic sources whose names have been removed from the publicly released cables.

How? A document containing the full set of over a quarter of a million cables was placed online in encrypted form late last year. In what circumstances is unclear — according to different sources, it was done either by Julian Assange himself or, it now seems more likely, posted unwittingly by a WikiLeaks supporter, after material taken by Domscheit-Berg was returned to WikiLeaks. By that time, full unencrypted sets of the cables had already been passed by WikiLeaks to the The Guardian, which passed them to The New York Times against Assange’s wishes.

In any event, the online material at that point was unreadable without a password.

The problem was, the password was made available, by none other than The Guardian’s David Leigh, in his book released in February this year co-written with Luke Harding, WikiLeaks: Inside Julian Assange’s War on Secrecy. An extract from the book, which was published after the encrypted material had gone online:

Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper:

CollectionOfHistorySince_1966_ToThe_PresentDay#

That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’  Can you remember that?” “I can remember that.” Leigh set off home, and successfully installed the PGP software.

Leigh thus, as part of his effort to cash in on his once-intense but by then-soured relationship with Assange, had revealed the key to decrypting the entire set of cables that had been available online.

However, it has taken an extended period for people to link up the material that is available, with the key. Enter Daniel Domscheit-Berg, whose “Open Leaks” project has flamed out spectacularly in recent weeks. According to Der Spiegel, someone from Domscheit-Berg’s group — which narrows the suspects very rapidly — has in recent days been drawing attention to the connection between the file online — long since mirrored and distributed beyond hope of retrieval — and the password.

The vast irony of the breach is that for over a year, WikiLeaks has been accused by sections of the media, governments and foreign policy wonks of placing informants and sources in danger by releasing the cables, in contrast to the “responsible” handling of leaked material by the mainstream media — The New York Times’s Bill Keller actually boasted of lengthy meetings with the State Department to agree which cables his paper would release. Now, it turns out, it was the mainstream media itself that was responsible for distributing the magic password that may well place lives at risk.

This has sparked a remarkable round of recriminations. WikiLeaks — presumably Julian Assange, although it’s unsigned —  has launched an extended spray at The Guardian, Leigh and his editor Alan Rusbridger for the breach, and accused The Guardian (again) of breaching the security conditions WikiLeaks placed on the material. WikiLeaks also says it immediately contacted human rights organisations and the State Department to advise of the breach, and to establish whether the State Department’s source notification program — put in place when the cables were first released last year — had contacted everyone identified as being at risk if their identities were revealed (bizarrely, its action of contacting the State Department was misrepresented by diehard WikiLeaks opponent and US apologist Michael Fullilove as WikiLeaks complaining to the Americans that it had been “hacked”). WikiLeaks also says the breach was behind its sudden, dramatic surge in cables release, which has seen thousands of cables released in the last few days.

In response, The Guardian has rejected all responsibility, in a piece by former WikiLeaks employee-turned-critic James Ball. The Guardian itself released a statement:

Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours. “It was a meaningless piece of information to anyone except the person(s) who created the database. No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files. That they didn’t do so clearly shows the problem was not caused by the Guardian’s book.”

However, The Guardian seems unaware that it would be impossible to “remove the files” once they had been mirrored and made available as a torrent, as if data could simply be pulled back off the internet by the body first posting it regardless of what others had subsequently done with it.

Shortly before deadline, Wikileaks was conducting a global consultation to determine if it should release the unredacted cables itself, with nearly all opinion favouring release.

The leak is the result of the vast egos involved in the WikiLeaks saga and the deep distrust, not to say visceral loathing, that has replaced once close relationships between the fractious Assange and WikiLeaks staff and external collaborators (however much they would reject the term) such as Leigh and his Guardian colleagues. And the latter appear to have preferred big-noting themselves with “meaningless pieces of information” to protecting potentially grave source material as closely as possible.

Note: Crikey has decided not link to the location of the unredacted cables or identify the file name.

6
  • 1
    Rourke
    Posted Thursday, 1 September 2011 at 2:02 pm | Permalink

    I think the Guardian has a point here (as linked to in your later story). It was reasonable to expect that this was a one-off password on a tranche of cables, and lazy of Assange to not re-encrypt the information for their ‘insurance’ file when it was later distributed. Remember that it was not even public knowledge what was in the insurance file. *facepalm* all around, methinks

  • 2
    michael r james
    Posted Thursday, 1 September 2011 at 3:53 pm | Permalink

    @ROURKE Posted Thursday, 1 September 2011 at 2:02 pm

    What part of the following did you not understand?

    However, The Guardian seems unaware that it would be impossible to “remove the files” once they had been mirrored and made available as a torrent, as if data could simply be pulled back off the internet by the body first posting it regardless of what others had subsequently done with it.

    And why on earth publish the password? Just to show that the authors were insiders? And obviously the idea was that the “diplomatic” keyword was never intended to be written or emailed anywhere. This was treachery and ineptitude and hubris on the part of the authors and The Guardian.

    Assange has been proven correct to never trust these journalists. And as it happens his harsh judgment of Daniel Domscheit-Berg who has revealed himself to be weak and ineffective.

  • 3
    bentwonk
    Posted Thursday, 1 September 2011 at 5:16 pm | Permalink

    If the files were already on the net as torrents at the point when Assange gave the Guardians David Leigh the password, Assange could neither change the password later, nor delete the files, which undermines both defensive claims maid by the Guardian. Rather an ironic name given how their reporter felt the need to publish the password (hell if you can’r resist the urge to publish something, then make the password up, and claim it was later changed, as they are now doing).

    As too ” But unknown to anyone at the Guardian, the same file with the same password was republished later on BitTorrent, a network typically used to distribute films and music. This file’s contents were never publicised, nor was it linked online to WikiLeaks in any way.”

    It was well known that wikileaks had put a large encrypted file into the torrent, named insurance or some such, and had issues melodramatic statements along the links of ‘just i case anything happens to us, the password will be released..”

    The Guardians issued defense seems ignorant of both the nature of the technology being used, and the public actions of wikileaks, sloppy, very sloppy.

  • 4
    Rourke
    Posted Friday, 2 September 2011 at 5:40 am | Permalink

    OK I’ve done my own research and stand corrected. The MOU with the Guardian was signed on July 30, 2010, the same day (or the day after) the insurance file was made public having circulated privately for a couple of weeks. The Guardian surely could not fail to realise it was the same file that it was receiving, so yes it has been outrageously negligent for Leigh to publish the password and their denial is implausible and wrong about the timing.

  • 5
    cullos os
    Posted Friday, 2 September 2011 at 11:55 am | Permalink

    Sadly this will be the straw that breaks the back of public opnion and support for Wikileaks. Whether Wiki or the Guardian (or both) are responsible, it proves the claims that they couldnt be trusted with the protection of named people in positions of danger.
    A blow for freedom of information and speech.

  • 6
    pharkit
    Posted Monday, 5 September 2011 at 11:48 am | Permalink

    Assange represents something the traditional-media types can’t pin down.. And that makes them feel threatened. They expected him to behave like any other source - someone they could extract whatever information they deemed worthy - and be done with him. Problem is, he’s NOT any other source. Julian Assange approached The Guardian, not the other way round.
    Assange is interested in something more than a catchy headline. From it’s inception Wikileaks has been about effecting change…. The sort of change lauded by Amnesty International in recent months: http://www.guardian.co.uk/world/2011/may/13/amnesty-international-wikileaks-arab-spring

Womens Agenda

loading...

Smart Company

loading...

StartupSmart

loading...

Property Observer

loading...