This is ridiculous. I don’t know how any whistleblower could trust Wikileaks after what has happened during the last few weeks.
There clearly is a need for a competent whistleblower website. Wikileaks has shown itself to be incapable of filling that role. Egos shouldn’t be more important than leaks.
Pretty disgusting how this entire press release amounts to political posturing and taking credit for the Arab Spring, with, what, one sentence about how terrible it is that names are now being released unredacted?
You can argue that Wikileaks isn't the one ultimately responsible for this, that it's the Guardian or the US government or whatever, but in their response they seem almost totally unconcerned with protecting individuals, and overwhelmingly concerned with getting credit for political revolutions.
This is like asking for spoilers for The Titanic. The news of the leak has only been the biggest single news event on the planet for the past eighteen months. If you suspect it to implicate you and you didn't already do your best to escape there isn't much that can be done.
Remember though, that the USA shared more information with the worst of these dictators, till close to the end, than the leaked cables reveal in total. This whole FUD about Wikileaks killing whistleblowers is just a smokescreen. Our government still routinely drone-bombs more innocents weekly than have ever been suggested to be in danger, let alone dead, because of anything WikiLeaks has ever done.
Excuse my ignorance, but what has happened over the last few weeks? I didn't have an uplink and it's not like there's a reliable archive of important news stories.
The Guardian isn't saying PGP passwords are temporary. They're saying they had assumed the PGP-encrypted file they were provided was single-use, intended only for them and removed after they copied it.
That's a reasonable assumption. Why wasn't it single-use? Aren't people's lives presumably at stake here? How many lives do you need to risk before it becomes worth it to re-encrypt a data set? Why, after disclosing the encryption key to a journalist, did Assange retain the (now tainted) file?
Even if those at the Guardian believed the password only applied to their copy, publishing the password amounts to the Guardian making their copy a target to be copied/stolen. Why should the Guardian think they have better protection against copying their copy than the U.S. gov did in not allowing the cables to be copied in the first place?
This is a good reason for not simply giving The Guardian a giant encrypted dump of all the data. Either way, The Guardian's lack of opsec doesn't set the bar for Wikileaks.
Wasn't the whole idea behind Wikileaks supposed to be that it was run by people with the greatest possible opsec/tradecraft crediblity? How does it make sense for that group to literally delegate all their security to a news publishing organization?
And having done that, by their own admission, how does pointing the finger at The Guardian's lack of opsec capability exonerate Wikileaks?
If Domscheit-Berg wasn't meant to have access to the data, why did he have access to the data? The way both parties relate the story, Domscheit-Berg's exposure to the data appears to have been "accidental": Assange left the unredacted data set on a Wikileaks-owned server that Domscheit-Berg managed, trusting a obscured directory name to protect them.
By Der Spiegel's recounting, it hardly matters what Domscheit-Berg's intentions were, because the files were unknowingly swept up in Wikileaks BitTorrent disaster recovery process. At that point, it became simply a matter of time before the contents of the data set became public, with or without Domscheit-Berg's promotion.
The personality conflicts here between Domscheit-Berg and Assange and Rusbridger and Leigh are probably a red herring. The evidence we have now strongly suggests that Wikileaks was not a careful steward of the data they had; that Wikileaks own convenience trumped tradecraft and security.
That's fine and human and normal for most types of data. But most of the time, we're not dealing with the names of informants and whistleblowers in the world's most repressive countries.
I’m not outraged, more amused. Wikileaks has to take responsibility and communicate better. Especially their communication has been a disaster.
If they want to be a respected whistleblower website they have to show that they are competent. I’m sorry, but I just cannot see how Wikileaks has done that during the last few weeks and months. Based on that I personally wouldn’t trust them with anything. I wouldn’t be surprised if many other people (who, unlike me, actually have something important to leak) think the same way.
(I don’t even want to say anything about DDB.)
But I guess saying something critical about Wikileaks (even if you support the idea of a place for anyone to safely leak stuff) isn’t very popular around these parts. Ah, well.
Wikileaks was the source of the data, and not only distributed extremely sensitive information in a permanently retrievable form to a person who did not understand the implications related to handling that data, but they also (lazily) left the file available online, in a place where it was accidentally included in at least some of the WL archives circulating BitTorrent. Wikileaks certainly holds the larger portion of the blame, though the publication of the password was ridiculously reckless.
There clearly is a need for a competent whistleblower website. Wikileaks has shown itself to be incapable of filling that role. Egos shouldn’t be more important than leaks.