Wikileaks blames newspaper over 'insurance' file password disclosure

Wikileaks blames newspaper over 'insurance' file password disclosure

Summary: Legal action is under way by Wikileaks against the Guardian newspaper, after the whistleblowing organisation alleges an editor published the 'insurance' file password in a book.

TOPICS: Servers

Wikileaks, the whistleblowing organisation, has acknowledged that it "has commenced pre-litigation action" against the Guardian newspaper and an individual in Germany -- believed to be former Wikileaks spokesperson Daniel Domscheit-Berg -- for disclosing the password to the 'insurance' file "for personal gain".

The 'insurance' file, created by Wikileaks and published on the web in a highly encrypted format, contained the full U.S. diplomatic cables cache.

A book, written by David Leigh and published in February 2011, disclosed the password.

As Wikileaks claims:

"Guardian investigations editor, David Leigh, recklessly, and without gaining our approval, knowingly disclosed the decryption passwords in a book published by the Guardian. Leigh states the book was rushed forward to be written in three weeks—the rights were then sold to Hollywood."

Wikileaks claims that the disclosure of the password is a "violation of the confidentiality agreement between Wikileaks and [the editor-in-chief] of the Guardian".

The Guardian newspaper, one of the few partnered media organisations to receive the diplomatic cables before they were released, wholly denies the allegations.

Wikileaks said it contacted the U.S. Department of State late last month to warn that the full publication of the cables "may be imminent", and checked to see whether the department had a programme to inform potential sources and informants was operational.

What appears to be the case is this.

Wikileaks, or someone close to Wikileaks, distributed the 'insurance' file, in a highly encrypted format over the BitTorrent network, which could only be cracked by a password.

That password appeared to be in the hands of David Leigh, the Guardian editor, who worked on getting the cables out into the public domain. Leigh had the unredacted cables, and forwarded them on elsewhere to other media organisations, it is believed. All media outlets then redacted and blacked out the cables manually to prevent the names of sources and informants from being exposed.

While the Guardian noted in a statement that it accepted Leigh's book contained the password, it added:

"...but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours."

That password went into the book, while the Guardian believed that it was only a temporary password -- not knowing that the same password was holding together the encrypted 'insurance' file that was distributed on the web.

The Guardian reports the measures of security it undertook to ensure that the files were transferred and stored securely.

"The embassy cables were shared with the Guardian through a secure server for a period of hours, after which the server was taken offline and all files removed, as was previously agreed by both parties. This is considered a basic security precaution when handling sensitive files.

But unknown to anyone at the Guardian, the same file with the same password was republished later on BitTorrent, a network typically used to distribute films and music. This file's contents were never publicised, nor was it linked online to WikiLeaks in any way."

It seems that one giant miscommunication stuff-up may have released the unredacted U.S. diplomatic cables.

Interestingly, however, while Wikileaks denied that the "'insurance' files have not been decrypted" in a tweet, it appears that indeed they were -- leading to further questions about Wikileaks' stand of trustworthiness.

Related content:

Topic: Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Speaking of reckless disregard

    What is Wikileaks legal claim to the information contained within the documents in the first place? After all, Wikileaks recklessly, and without gaining the approval, knowingly stole the data to begin with. This case should be summarily dismissed as Wikileaks has no legal standing for the claim.
    Your Non Advocate
    • RE: Wikileaks blames newspaper over 'insurance' file password disclosure

      Since when did Wikileaks "steal" the data? They were simply a journalist intermediary in a similar vein as the recipients from Deep Throat. They are not guilty of the crime you accuse them of ... I guess the facts be damned in justifying your dismission.
      • RE: Wikileaks blames newspaper over 'insurance' file password disclosure

        @Vapur9 Repositioning wikileaks as a "journalistic intermediary" is, in fact, a new phenomenon. Assange is nothing more than a convicted hacker. When he began Wikileaks in 2006, his stated aim was not journalism but anarchic attacks on Western communications technology. He will shortly find himself hoisted on his own petard.
        Your Non Advocate
    • This is funny.....

      Just like the criminal who calls the police because somebody stole his drug supply. What a joke!
      linux for me
  • WikiLeaks is a news organization

    They take information and publish it to the public.
    That makes them a legitimate news agency.
    • RE: Wikileaks blames newspaper over 'insurance' file password disclosure

      @Dr_Zinj Nice! Let me just track your userid and find out your real name, address, phone number, and bank account/other personally identifying information and publish that to the public. Then, when you complain, I'll just tell the authorities that I'm a legitimate news agency because I took your information and published it to the public.

      Logic never was your strong suit, was it?
    • RE: Wikileaks blames newspaper over 'insurance' file password disclosure

      @Dr_Zinj They don't take it; they steal it.
      el vego
    • RE: Wikileaks blames newspaper over 'insurance' file password disclosure

      @Dr_Zinj ... Sooo, if I did likedwise, I would be a legitmate news agency? What the heill field is YOUR doctorate in? You must have missed a LOT of assignments! I can almost imagine what your last thesiis contained.
  • So the thieves suddenly feel theived?

    It sucks when stuff you own is taken from you, doesn't it?
  • RE: Wikileaks blames newspaper over 'insurance' file password disclosure

    el vego
  • Nonsense personified

    Just my opinion.
  • Wikileaks

    has always said they are against secrecy. So, were they lying then...or now? Whenever, they clearly were lying.
    Further, since the "asset" was stolen, they clearly had no legal title to it, at least not under US law, and clearly have no standing to sue anyone about use or distribution of the data they knew was stolen property when they accepted it. Extreme sports: hypocrisy division.