Source: Slate
Credits: Glenn Greenwald
Dated: 2011-09-02

A series of unintentional though negligent acts by multiple parties -- WikiLeaks, The Guardian's investigative reporter David Leigh, and Open Leaks' Daniel Domscheit-Berg -- has resulted in the publication of all 251,287 diplomatic cables, in unredacted form, leaked last year to WikiLeaks (allegedly by Bradley Manning).  Der Spiegel (in English) has the best and most comprehensive step-by-step account of how this occurred. [ Emilie : Center column adjacent ]

This incident is unfortunate in the extreme for multiple reasons: it's possible that diplomatic sources identified in the cables (including whistleblowers and human rights activists) will be harmed; this will be used by enemies of transparency and WikiLeaks to disparage both and even fuel efforts to prosecute the group; it implicates a newspaper, The Guardian, that generally produces very good and responsible journalism; it likely increases political pressure to impose more severe punishment on Bradley Manning if he's found guilty of having leaked these cables; and it will completely obscure the already-ignored, important revelations of serious wrongdoing from these documents.  It's a disaster from every angle.  But as usual with any controversy involving WikiLeaks, there are numerous important points being willfully distorted that need clarification.

Let's begin with the revelations that are being ignored and obscured by this controversy.  Several days ago, WikiLeaks compiled a list of 30 significant revelations from the newly released cables, and that was when only a fraction of them had been published; there are surely many more now, including ones still undiscovered in the trove of documents (here's just one example).  The cable receiving the most attention thus far -- first reported by John Glaser of Antiwar.com -- details a "heinous war crime [by U.S forces] during a house raid in Iraq in 2006, wherein one man, four women, two children, and three infants were summarily executed" and their house thereafter blown up by a U.S. airstrike in order to destroy the evidence.  Back in 2006, the incident was discussed in American papers as a mere unproven "allegation" ("Regardless of which account is correct . . "), and the U.S. military (as usual) cleared itself of any and all wrongdoing.  But the cable contains evidence vesting the allegations of Iraqis with substantial credibility, and that, in turn, has now prompted this:

Iraqi government officials say they will investigate newly surfaced allegations that U.S. soldiers shot women and children, then tried to cover it up with an airstrike, during a 2006 hunt for insurgents.

An adviser to Prime Minister Nouri al-Maliki, Ali Al-Moussawi, said Friday the government will revive its stalled probe now that new information about the March 15, 2006, raid has come to light.

As usual, many of those running around righteously condemning WikiLeaks for the potential, prospective, unintentional harm to innocents caused by this leak will have nothing to say about these actual, deliberate acts of wanton slaughter by the U.S.  The accidental release of these unredacted cables will receive far more attention and more outrage than the extreme, deliberate wrongdoing these cables expose.  That's because many of those condemning WikiLeaks care nothing about harm to civilians as long as it's done by the U.S. government and military; indeed, such acts are endemic to the American wars they routinely cheer on.  What they actually hate is transparency and exposure of wrongdoing by their government; "risk to civilians" is just the pretext for attacking those, such as WikiLeaks, who bring that about. 

That said, and as many well-intentioned transparency supporters correctly point out, WikiLeaks deserves some of the blame for what happened here; any group that devotes itself to enabling leaks has the responsibility to safeguard what it receives and to do everything possible to avoid harm to innocent people.  Regardless of who is at fault -- more on that in a minute -- WikiLeaks, due to insufficient security measures, failed to fulfill that duty here.  There's just no getting around that (although ultimate responsibility for safeguarding the identity of America's diplomatic sources rests with the U.S. Government, which is at least as guilty as WikiLeaks in failing to exerise due care to safeguard these cables; if this information is really so sensitive and one wants to blame someone for inadequate security measures, start with the U.S. Government, which gave full access to these documents to hundreds of thousands of people around the world, at least).

Despite the fault fairly assigned to WikiLeaks, one point should be absolutely clear: there was nothing intentional about WikiLeaks' publication of the cables in unredacted form.  They ultimately had no choice.  Ever since WikiLekas was widely criticized (including by me) for publishing Afghan War documents without redacting the names of some sources (though much blame also lay with the U.S. Government for rebuffing its request for redaction advice), the group has been meticulous about protecting the identity of innocents.  The New York Times' Scott Shane today describes "efforts by WikiLeaks and journalists to remove the names of vulnerable people in repressive countries" in subsequent releases; indeed, WikiLeaks "used software to remove proper names from Iraq war documents and worked with news organizations to redact the cables."  After that Afghan release, the group has demonstrated a serious, diligent commitment to avoiding pointless exposure of innocent people -- certainly far more care than the U.S. Government took in safeguarding these documents.

What happened here was that their hand was forced by the reckless acts of The Guardian's Leigh and Domscheit-Berg.  One key reason access to these unredacted cables was so widely distributed is that Leigh -- in his December, 2010, book about the work he did with WikiLeaks -- published the password to these files, which was given to him by Julian Assange to enable his reporting on the cables.  Leigh claims -- and there's no reason to doubt him -- that he believed the password was only valid for a few days and would have expired by the time his book was published. 

That belief turned out to be false because the files had been disseminated on the BitTorrent file sharing network, with that password embedded in them; Leigh's publication of the WikiLeaks password in his book thus enabled widespread access to the full set of cables.  But the key point is this: even if Leigh believed that that particular password would no longer be valid, what possible point is there in publishing to the world the specific password used by WikiLeaks or divulging the types of passwords it uses to safeguard its data?  It is reckless for an investigative reporter to gratuitously publish that type of information, and he absolutely deserves a large chunk of the blame for what happened here; read this superb analysis by Nigel Parry to see the full scope of Leigh's culpability.

Then there is Domscheit-Berg and "Open Leaks." Last year, Domscheit-Berg left WikiLeaks and started a new group to great media fanfare, even though his group has not produced a single disclosure.  Instead, he and his thus-far-inaccurately-named group seem devoted to only two goals: (1) cashing in on a vindictive, petty, personality-based vendetta against Assange and WikiLeaks; and (2) bolstering secrecy and destroying transparency, as Domscheit-Berg did when he permanently deleted thousands of files previously leaked to WikiLeaks, including documents relating to the Bank of America.  It was Domscheit-Berg who removed the files from the WikiLeaks server, including (apparently unbeknownst to him) the full set of diplomatic cables.

That act by Domscheit-Berg, combined with the publication of its password by Leigh and the dissemination of the files to "mirror sites" by well-intentioned WikiLeaks supporters after cyber-attacks on the group, all combined to enable widespread, unfettered access to these diplomatic cables.  Once WikiLeaks realized what had happened, they notified the State Department, but faced a quandary: virtually every government's intelligence agencies would have had access to these documents as a result of these events, but the rest of the world -- including journalists, whistleblowers and activists identified in the documents -- did not.  At that point, WikiLeaks decided -- quite reasonably -- that the best and safest course was to release all the cables in full, so that not only the world's intelligence agencies but everyone had them, so that steps could be taken to protect the sources and so that the information in them was equally available.

Serious caution is warranted in making claims about the damage caused by publication of these cables.  Recall that Adm. Michael Mullen and others accused WikiLeaks of having "blood on its hands" as a result of publication of the Afghan War documents, but that turned out to be totally false; as Shane noted today in the NYT: "no consequence more serious than dismissal from a job has been reported."  Even Defense Secretary Robert Gates mocked claims about the damage done by WikiLeaks as "significantly overwrought."

That said, there's little doubt that release of all these documents in unredacted form poses real risk to some of the individuals identified in them, and that is truly lamentable.  But it is just as true that WikiLeaks easily remains an important force for good.  The acts of deliberate evil committed by the world's most powerful factions which it has exposed vastly outweigh the mistakes which this still-young and pioneering organization has made.  And the harm caused by corrupt, excessive secrecy easily outweighs the harm caused by unauthorized, inadvisable leaks.

UPDATE:  Several noteworthy points that have arisen from the discussion in the comment section (which is particularly worth reading today) and elsewhere: 

(1) David Leigh appears in the comment section and responds, though he doesn't really address any of the criticisms I voiced; my reply to him is here; 

(2) the information contained in the cable about the killings in Iraq was actually published previously in this report, though the WikiLeaks release has obviously drawn substantially more attention to it, as evidenced by the reaction of the Iraqi Government (on a positive note, it's very possible that the attention being drawn to this incident may thwart the Obama administration's efforts to have Iraq agree to keeping U.S. troops in that country beyond the 2011 deadline, as citizens tend to get angry when foreign armies murder their fellow citizens in cold blood and then air-attack the house where it happened to destroy the evidence);

(3) in terms of assessing harm from publication of the cables, recall -- as several commenters noted -- that the U.S. Government has known about the leak of these cables for more than a year and thus had ample time to warn anyone identified in them of this risk; that doesn't excuse any wrongdoing, but it does reduce the likelihood of serious harm; and,

(4) one of the newly released cables reveal that Israel, according to what it told the U.S., attacked what it claims were Hamas members in Gaza with drones, and accidentally killed 16 people inside a mosque during prayer time.  You won't hear very many people condemning WikiLeaks for "putting civilians at risk" devote much of their attention to this revelation either.

Source: Der Spiegel
Credits: Christian Stöcker
Dated: 2011-09-01

Leak at WikiLeaks

A Dispatch Disaster in Six Acts

Photocredits: Getty Images

Some 250,000 diplomatic dispatches from the US State Department have accidentally been made completely public. The files include the names of informants who now must fear for their lives. It is the result of a series of blunders by WikiLeaks and its supporters. [ Emilie says : Unless the Guardian is included as a "Wikileaks supporter," the clumsiest - or guiltiest -  party may just have been omitted here. ]

In the end, all the efforts at confidentiality came to naught. Everyone who knows a bit about computers can now have a look into the 250,000 US diplomatic dispatches that WikiLeaks made available to select news outlets late last year. All of them. What's more, they are the unedited, unredacted versions complete with the names of US diplomats' informants -- sensitive names from Iran, China, Afghanistan, the Arab world and elsewhere.

SPIEGEL reported on the secrecy slip-up last weekend, but declined to go into detail. Now, however, the story has blown up. And is one that comes as a result of a series of mistakes made by several different people. Together, they add up to a catastrophe. And the series of events reads like the script for a B movie.

Act One: The Whistleblower and the Journalist

The story began with a secret deal. When David Leigh of the Guardian finally found himself sitting across from WikiLeaks founder Julian Assange, as the British journalist recounts in his book "Inside Julian Assange's War on Secrecy", the two agreed that Assange would provide Leigh with a file including all of the diplomatic dispatches received by WikiLeaks.

Assange placed the file on a server and wrote down the password on a slip of paper -- but not the entire password. To make it work, one had to complete the list of characters with a certain word. Can you remember it? Assange asked. Of course, responded Leigh.

It was the first step in a disclosure that became a worldwide sensation. As a result of Leigh's meeting with Assange, not only the Guardian, but also the New York Times, SPIEGEL and other media outlets published carefully chosen -- and redacted -- dispatches. Editors were at pains to black out the names of informants who could be endangered by the publication of the documents.

Act Two: The German Spokesman Takes the Dispatch File when Leaving WikiLeaks

At the time, Daniel Domscheit-Berg, who later founded the site OpenLeaks, was the German spokesman for WikiLeaks. When he and others undertook repairs on the WikiLeaks server, he took a dataset off the server which contained all manner of files and information that had been provided to WikiLeaks. What he apparently didn't know at the time, however, was that the dataset included the complete collection of diplomatic dispatches hidden in a difficult-to-find sub-folder.

After making the data in this hidden sub-folder available to Leigh, Assange apparently simply left it there. After all, it seemed unlikely that anyone would ever find it.

But now, the dataset was in the hands of Domscheit-Berg. And the password was easy to find if one knew where to look. In his book Leigh didn't just describe his meeting with Assange, but he also printed the password Assange wrote down on the slip of paper complete with the portion he had to remember.

Act Three: Well-Meaning Helpers Accidentally Put the Cables into Circulation

Immediately after the first diplomatic dispatches were made public, WikiLeaks became the target of several denial-of-service attacks and several US companies, including Mastercard, PayPal and Amazon, withdrew their support. Quickly, several mirror servers were set up to prevent WikiLeaks from disappearing completely from the Internet. Well-meaning WikiLeaks supporters also put online a compressed version of all data that had been published by WikiLeaks until that time via the filesharing protocol BitTorrent.

BitTorrent is decentralized. Data which ends up on several other computers via the site can essentially no longer be recalled. As a result, WikiLeaks supporters had in their possession the entire dataset that Domscheit-Berg took off the WikiLeaks server, including the hidden data file. Presumably thousands of WikiLeaks sympathizers -- and, one supposes, numerous secret service agents -- now had copies of all previous WikiLeaks publications on their hard drives.

And, what they didn't know, a password-protected copy of all the diplomatic dispatches from the US State Department.

Act Four: Mudslinging between Assange and Domscheit-Berg

To make matters worse, Julian Assange and Daniel Domscheit-Berg then had a falling out. The German spokesman wrote a vengeful book after being thrown out of WikiLeaks in which he portrayed the WikiLeaks founder as an unreliable egomaniac who tended toward latent megalomania.

Predictably, Assange was furious and made several statements that were intended to besmirch Domscheit-Berg. But when he repaired the WikiLeaks server, Domscheit-Berg apparently didn't just take all of the collected WikiLeaks documents, but he also took the secure submission system designed to allow whistleblowers to anonymously submit data. As a result, WikiLeaks was temporarily out of action.

Domscheit-Berg also repeatedly accused Assange of not being sufficiently vigilant about protecting his sources. And he launched a competing platform called OpenLeaks which he is now developing with other former WikiLeaks employees and other supporters.

Act Five : Exposed Disclosures

The conflict between Domscheit-Berg and Assange has become increasingly aggressive. Germany's Chaos Computer Club recently made the surprising decision to revoke Domscheit-Berg's membership because he allegedly misused their name to hype his OpenLeaks project. While that was their official reason, unofficially the tension stems from the data that Domscheit-Berg took with him from Wikileaks.

In an effort to prove that Assange couldn't be trusted, people associated with the OpenLeaks project recently began talking about the hidden diplomatic cables -- and the dataset which has been coursing through the Internet for months, though no one knew about it.

Then someone betrayed the location of the password -- Leigh's book -- to a journalist for German weekly Der Freitag, which is also an OpenLeaks partner. The weekly published a cautiously formulated version of the story, that without naming the exact location of the password, still revealed it was "out in the open and identifiable to those familiar with the material." Speculation on Twitter and elsewhere ran wild, and hobby investigators began to edge closer to which password it could be.

Meanwhile the mudslinging continued unabated between Assange and Domscheit-Berg.

Act Six: Cablegate-Gate

An account of the story of Leigh, the hidden data and the password then cropped up on a platform normally used by open-source developers to exchange programming codes. A link to the entry spread quickly through Twitter. Suddenly, anyone could access the entire "Cablegate" file with a bit of effort.

On Wednesday afternoon the Wikileaks Twitter account announced "important news," and a few hours later character sequences and links were distributed to download an encoded, 550-megabyte file via a BitTorrent client. The password was to be delivered later.

The distribution apparently didn't work at first, and complaints appeared on Twitter. But later the problem was fixed, and the data began to circulate.

It remains unclear whether this was the Cablegate data set. Meanwhile Wikileaks' Twitter account has called on users to vote on whether they agree with the publication of the unredacted cables. They can register their vote with the hashtag "WLVoteYes" or "WLVoteNo" on Twitter.

A Wikileaks statement on Twitter blames the Guardian and Leigh for the fact that the cables are now freely available online. "We have already spoken to the (US) State Department and commenced pre-litigation action," it said, adding that their targets were the Guardian and a person in Germany who gave out the paper's password. Leigh breached a confidentiality agreement between Wikileaks and the Guardian, it added. The US Embassy in London and the US State Department had been notified of the possible publication already on August 25 so that officials could warn informants.

In a statement the Guardian rejected the accusations from Wikileaks, explaining that the paper had been told the password was temporary and would be deleted within hours. "No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files," the statement said. "That they didn't do so clearly shows the problem was not caused by the Guardian's book."

Finale: In the Open

It is possible that intelligence agencies in a number of countries have already gained access to the data. "Any autocratic security service worth its salt" would have already done so, former US Assistant Secretary of State for Public Affairs P.J. Crowley told news agency AP on Wednesday. Intelligence agencies that haven't already gotten their hands on the data "will have it in short order," he added.

By Wednesday evening Crowley's prediction was confirmed. The "Cablegate" cables are now completely public. For many people in totalitarian states this could prove life-threatening. For Wikileaks, OpenLeaks, Julian Assange, Daniel Domscheit-Berg and many others, it is nothing short of a catastrophe.

A chain of careless mistakes, coincidences, indiscretions and confusion now means that no potential whistleblower would feel comfortable turning to a leaking platform right now. They appear to be out of control.