The full, unredacted set of WikiLeaks cables is now available online and in readable form, courtesy of a three-way clash of egos between Julian Assange, disgruntled ex-WikiLeaks volunteer Daniel Domscheit-Berg and the Guardian’s senior journalists.
The release places in potentially grave danger US diplomatic sources whose names have been removed from the publicly released cables.
How? A document containing the full set of over a quarter of a million cables was placed online in encrypted form late last year. In what circumstances is unclear — according to different sources, it was done either by Julian Assange himself or, it now seems more likely, posted unwittingly by a WikiLeaks supporter, after material taken by Domscheit-Berg was returned to WikiLeaks. By that time, full unencrypted sets of the cables had already been passed by WikiLeaks to the The Guardian, which passed them to The New York Times against Assange’s wishes.
In any event, the online material at that point was unreadable without a password.
The problem was, the password was made available, by none other than The Guardian’s David Leigh, in his book released in February this year co-written with Luke Harding, WikiLeaks: Inside Julian Assange’s War on Secrecy. An extract from the book, which was published after the encrypted material had gone online:
Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper:
“That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’ Can you remember that?” “I can remember that.” Leigh set off home, and successfully installed the PGP software.
Leigh thus, as part of his effort to cash in on his once-intense but by then-soured relationship with Assange, had revealed the key to decrypting the entire set of cables that had been available online.
However, it has taken an extended period for people to link up the material that is available, with the key. Enter Daniel Domscheit-Berg, whose “Open Leaks” project has flamed out spectacularly in recent weeks. According to Der Spiegel, someone from Domscheit-Berg’s group — which narrows the suspects very rapidly — has in recent days been drawing attention to the connection between the file online — long since mirrored and distributed beyond hope of retrieval — and the password.
The vast irony of the breach is that for over a year, WikiLeaks has been accused by sections of the media, governments and foreign policy wonks of placing informants and sources in danger by releasing the cables, in contrast to the “responsible” handling of leaked material by the mainstream media — TheNew York Times’s Bill Keller actually boasted of lengthy meetings with the State Department to agree which cables his paper would release. Now, it turns out, it was the mainstream media itself that was responsible for distributing the magic password that may well place lives at risk.
This has sparked a remarkable round of recriminations. WikiLeaks — presumably Julian Assange, although it’s unsigned — has launched an extended spray at The Guardian, Leigh and his editor Alan Rusbridger for the breach, and accused The Guardian (again) of breaching the security conditions WikiLeaks placed on the material. WikiLeaks also says it immediately contacted human rights organisations and the State Department to advise of the breach, and to establish whether the State Department’s source notification program — put in place when the cables were first released last year — had contacted everyone identified as being at risk if their identities were revealed (bizarrely, its action of contacting the State Department was misrepresented by diehard WikiLeaks opponent and US apologist Michael Fullilove as WikiLeaks complaining to the Americans that it had been “hacked”). WikiLeaks also says the breach was behind its sudden, dramatic surge in cables release, which has seen thousands of cables released in the last few days.
Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours. “It was a meaningless piece of information to anyone except the person(s) who created the database. No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files. That they didn’t do so clearly shows the problem was not caused by the Guardian’s book.”
However, The Guardian seems unaware that it would be impossible to “remove the files” once they had been mirrored and made available as a torrent, as if data could simply be pulled back off the internet by the body first posting it regardless of what others had subsequently done with it.
The leak is the result of the vast egos involved in the WikiLeaks saga and the deep distrust, not to say visceral loathing, that has replaced once close relationships between the fractious Assange and WikiLeaks staff and external collaborators (however much they would reject the term) such as Leigh and his Guardian colleagues. And the latter appear to have preferred big-noting themselves with “meaningless pieces of information” to protecting potentially grave source material as closely as possible.
Note:Crikey has decided not link to the location of the unredacted cables or identify the file name.