What happened here was that their hand was forced by the reckless acts of The Guardian’s Leigh and Domscheit-Berg. One key reason access to these unredacted cables was so widely distributed is that Leigh — in his December, 2010, book about the work he did with WikiLeaks — published the password to these files, which was given to him by Julian Assange to enable his reporting on the cables. Leigh claims — and there’s no reason to doubt him — that he believed the password was only valid for a few days and would have expired by the time his book was published.
That belief turned out to be false because the files had been disseminated on the BitTorrent file sharing network, with that password embedded in them; Leigh’s publication of the WikiLeaks password in his book thus enabled widespread access to the full set of cables. But the key point is this: even if Leigh believed that that particular password would no longer be valid, what possible point is there in publishing to the world the specific password used by WikiLeaks or divulging the types of passwords it uses to safeguard its data? It is reckless for an investigative reporter to gratuitously publish that type of information, and he absolutely deserves a large chunk of the blame for what happened here; read this superb analysis by Nigel Parry to see the full scope of Leigh’s culpability.
(Emphasis mine.)
We have a problem with the principles of cryptography here. It isn’t necessary for for everyone to understand the math, but the way it functions is important. Particularly if you’re accepting sensitive, encrypted information, or even—sorry Greenwald—claiming to inform people on the “facts” and “myths” of a massive failure in information security.
What Leigh has claimed is not just that he believed the password was temporary, but that he was told so by WikiLeaks. This can not possibly be true. WikiLeaks understands cryptography. They produced the encrypted file and there would be no reason for them to say the encryption key for this file was only temporary, since that is impossible.
If you have an encrypted file and a key for decrypting it today, what could prevent that key from working tomorrow? The file is not going to change. The key is not going to change. The math is not going to change. You don’t need to have any idea what is happening under the surface to understand that.
It’s the way encryption software works and has always worked. Have you ever used a password-protected zip file? A pdf? An encrypted hard drive? Millions of people have; the operation of this software is common knowledge among those who deal with sensitive information. You could change the password on a file at any point, but if someone had a copy of the file before you changed it, obviously the old password would still work.
I don’t necessarily expect Leigh to be among the millions of people who know how to password protect a pdf, but it’s amazing and terrible that he recklessly published a password without checking with someone who does. As Greenwald says, this breach happened for no reason whatsoever. It was pointless, stupid, and vain for Leigh to publish the password.
As for the encrypted file—which never had the password “embedded” in it—having escaped control of WikiLeaks and the Guardian, the assumption that exactly that would happen was the whole point of the password protection, with a secure password that was never to be written in full. It was on a server so that the Guardian could access it. WikiLeaks is an extremely valuable target; people were and are constantly probing it for vulnerabilities and inadvertent releases.
Since the file did escape it has been suggested that it was left on the server longer than it should have been. Without evidence, this is an unwarranted guess. It doesn’t matter if the file was on the server for five hours or five months; it could have been discovered and copied, as it was. Computers are fast.
And of course when a file is out there, it’s out there for good. Hard drives are big and there are lots of them in the world; people don’t just erase valuable encrypted files if they can’t crack them in a day or two. Instead they share them, in the hopes that someone else will crack it or that the password eventually surface.
The fact that a newspaper reporter offered up the password for them, by printing it in a book for an extra bit of true-to-life drama is just incredible, and negligent in the extreme. That is supposed to be one of the unique strengths of newspapers, a to-the-grave commitment to protect vulnerable sources.
As this incredible story demonstrates, the technology for securing information has so utterly left newspapers behind that they can no longer perform that role.
