Wikileaks - your thoughts - no politics

[Rustic23]

Dex,
As NW-Bound said, I was speaking in computer terms. The read/write permission for the files. It could easily be that he never actually saw the documents. I am not a computer expert, however, he might not have had permission to actually open the documents, but did have permission to move them around on the hard drives, make backup copies, and otherwise perform actions to 'protect' the data. I am not sure if that is possible. But if his job was that of a IT tech. he would have access to the documents in bulk. In fact, assuming, this is the guilty party, he did not appear to actually look at the documents, just copy all he could.

 

[dex]

Dex,
As NW-Bound said, I was speaking in computer terms. The read/write permission for the files.

Does that mean that WikiLeaks also broke an encryption? If so, I would guess they would have needed help to do that.

 

[Rustic23]

I don't have a clue. One would think the data would have been encrypted but, as I am not in that business, and never had reason to deal with classified data on an electronic system, I don't know. It could also be the tech had access to the encryption keys as a part of his job. Someone with current knowledge of the accused and his job description would have to answer that.

 

[NW-Bound]

We don't really know if the original files were encrypted or not. Same as some other posters, I simply expected them to be. I just now looked at a few reports on that site about the Afghan war. Could it be that these day-to-day operational reports were deemed low enough level that they did not require encryption?

And then even with encryption, if the files are to be accessible to many authorized readers, then I guess that means any of those readers could give away the key. If any of the forum surfers here know what the procedure is, they might not dare divulge that.

 

[Westernskies]

If any of the forum surfers here know what the procedure is, they might not dare divulge that.

"Don't ask, don't tell"

 

[obgyn65]

I agree. I also look forward to hearing more about Assange's "insurance file".

But I hope he dumps those Banks leaks out there quickly before he is caught. I want to see some a few more bankers get what they deserve...

 

[clifp]

We don't really know if the original files were encrypted or not. Same as some other posters, I simply expected them to be. I just now looked at a few reports on that site about the Afghan war. Could it be that these day-to-day operational reports were deemed low enough level that they did not require encryption?

And then even with encryption, if the files are to be accessible to many authorized readers, then I guess that means any of those readers could give away the key. If any of the forum surfers here know what the procedure is, they might not dare divulge that.

I don't know what the procedure is either, but I do know that for the last 20+ years attempt to control the circulation of digital information, that is already pretty widely circulated (e.g. CDs DVDs, games, movies, Kindle books etc.) has been pretty much exercise in futility. Digital information is just to easy too copy, and while copy protection, passwords, encryption, digital rights management and classifying material as secret etc all work to some extent. They have limited value.

They are roughly the equivalent of locking your front door. It is enough to prevent casual theft and serve as deterrent to keep basically honest to people from doing illegal activities. However a determined thief will be able to defeat them. It is important that we don't be so obsessed with security that we make the hassle factor too high for legitimate users.

I think of Wikileaks as a fence. Police do shut down fencing operations and I expect the government do some work and they appear to have done so with getting Paypal to cancel connections to Wikileaks etc. However, far more important is destroy their reputations and most importantly go after the real criminals the leakers. Fence don't staying in business if they give up the names of criminals who buy or sell their customers. If the government hackers can find out the names of all the suppliers of information to wikileak, then I predict most of these leakers will think several times before supplying them with information.

The good news so far is that none of the Wikileaks as been really secret stuff. I hope/pray that the really important government secrets are not hooked up to the internet.

 

[RonBoyd]

WikiLeaks' Julian Assange arrested in London on rape charges

 

[Tigger]

WikiLeaks' Julian Assange arrested in London on rape charges

I'm curious to hear how much of what is being written is true:

Wikileaks Julian Assange rape charge for not using condoms : Zennie Abraham : City Brights

Assange Accuser Worked with US-Funded, CIA-Tied Anti-Castro Group | MyFDL

 

[Texas Proud]

I don't disagree with anything you said, but let me play devils advocate and explain why I think it is a important that 600,000 people have access to information in wikileaks.

We've been in Afghanistan for 10 years and over that time I bet the average Afghan tribal commander has seen 1/2 dozen or maybe dozen US/NATO commander in his region. He has made lots of deals with them, some Afghan leaders have good guys, some are really Taliban, and many other try and figure which way the wind is blowing.

A Army captain takes command of area and the outgoing captains tells him that village leader Joe is good guy. That is useful info, but far more useful is a database of local Afghan leaders. In the database is the last 1/2 commanders reports on Joe which show he has been loyal ally, that Bob, his father in law, who is the leader of the next village seems to be neutral. What is more important is finding out that Bill another tribal leader although pretending to be anti-Taliban is strongly suspect of being a Taliban leader. So how do you limit access to this material. Is access restricted to captain and above serving in a particular region in Afghanistan?. What about Captain in the US who are deploying to Afghanistan shouldn't they have access to the info?. What about State Department employee who is doing research on the tribal structure and genealogy in Afghanistan? You really don't want to cut him of the loop because this guy that figures out that Bill and Joe are cousin, and while Joe maybe a real American ally he is almost certainly going to not betray his cousin even if he has kept this fact secret for many years.

So how do we classify the information about Bill, Bob, and Joe? It ain't the launch code for nuclear missile but it isn't information that we want getting back to Bill and Joe. It seems to me that stamping it secret or top secret and letting people with this level of clearance and some plausible connection to Afghanistan access is the best way.

The question is how do you fix the problem? The private in question worked in Army IT, not sure how you keep a pretty clever programmer from getting access to a database about Afghanistan. The fix Assange hopes will occur is that the US will compartmentalize our information so that the future Army captain ask Bill to help him catch Joe not realizing they are cousins and our troops run into an ambush.

This will make America a less effective authoritative government, which maybe a good thing unless you happened to be related to one of the American soldiers killed or wounded in the ambush.

Someone else responded.... but I will add.... why does a PRIVATE in Afghanistan need access to the state dept memos from every country


Your example shows that the Captain or whatever level he is needs that info on the tribal leaders... but he does NOT need to know our plans in Russia or Isreal or even if we plan on bombing Iran because Saudi Arabia thinks we should...


There should be some people who does have access to all the info... but they should be secured someplace and not allowed to willy nilly download 100s of thousand of pages of documents without the systems screaming to everybody what is happening....

 

[Texas Proud]

Our company requires that if you have a laptop the whole laptop is encrypted.... it is a 256 key encription (IIRC)... I have asked our tech person what if the person forgets their password... she said we would have to rebuild the computer as we could not get access to the data...

All of our important data is on our secured servers with a copy on a secured backup server with tape backups in a fireproof safe...


It just does not seem that the data was encrypted... and there was no alarms when the data was copied... but if he was the DBA, then he probably was the one who would have been informed that there was a massive copying of data if they had that in place..

 

[clifp]

Someone else responded.... but I will add.... why does a PRIVATE in Afghanistan need access to the state dept memos from every country


Your example shows that the Captain or whatever level he is needs that info on the tribal leaders... but he does NOT need to know our plans in Russia or Isreal or even if we plan on bombing Iran because Saudi Arabia thinks we should...


There should be some people who does have access to all the info... but they should be secured someplace and not allowed to willy nilly download 100s of thousand of pages of documents without the systems screaming to everybody what is happening....

I think because rather than state department having there own database of Afghan tribal leaders and the military having its own database, at the suggestion of 9/11 commission they either have merged the databases or allowed easy access to anybody with secret or top secret clearance.

They have not concluded that Private Bradley Munning is responsible for all the leaked info, AFAIK he is only the prime suspect for the Afghanistan related dumps. If he is responsible for both than I'd say they have gone too far in the sharing department.

My SWAG is that the reason Private Munning is in custody is because the computer system did in fact keep log of all of the files that were copied. However, I am not sure that IT guy copying a large number of files would raise a red flag, cause it doesn't seem all that unusual. After all on "24" they always catch the CTI mole by reviewing the logs never by the system saying an email saying Cloe O'Brian is copying files in the server room.

 

[Rustic23]

A little off subject, but I was speaking with an accountant friend the other day, and he said that most of the audit rules, and accounting procedures were there to catch the thief, not necessarily prevent the theft. i.e. it would leave a trail that could be followed to the thief, but it would not necessarily stop the original theft. The security procedures need to do both. This is a very difficult task and still make sure the end user get the data they need.

 

[dex]

A little off subject, but I was speaking with an accountant friend the other day, and he said that most of the audit rules, and accounting procedures were there to catch the thief, not necessarily prevent the theft. i.e. it would leave a trail that could be followed to the thief, but it would not necessarily stop the original theft. The security procedures need to do both. This is a very difficult task and still make sure the end user get the data they need.

That is not correct and paints accounting as backwards looking. Good accountants review the policies and procedures, and recommends best practices to their clients. You have encountered them every day - cashier giving you a receipt and being monitored so that they do it; at the movies you purchase a ticket from one person and give it to another. No system is foolproof and employees are one of the major areas of theft.

Just as there is no way to stop a determined suicide bomber there is no way to stop a determined thief.

 

[Rustic23]

Dex, agree, and he said that also. However, we were talking more to your last sentence. You ae not going to stop the thief, but you will catch him.

 

[youbet]

employees are one of the major areas of theft.

.

This is confusing. A concurrent thread on this forum indicates that every negative event in a company is the result of a "boss."

 

[clifp]

This is confusing. A concurrent thread on this forum indicates that every negative event in a company is the result of a "boss."

Maybe because some of these evil bosses are preventing corporate asset shrinkage.

 

[kcowan]

Every system relies on honesty at some level. Just look at the Wall Street payouts. When everyone is corrupt, the system fails.

 

[eridanus]

He's a journalist. He's committed no crimes in releasing classified information given to him.

New York Times Co. v. United States - Wikipedia, the free encyclopedia

That the US is ignoring a Supreme Court decision is not really a surprise; I assume it expects a 40 year precedent will be overturned with the current court.

As for those who want to throw him in prison or execute him posthaste, Freedom of Speech (and Freedom of the Press) is not for those who agree with you.

 

[dex]

He's a journalist. He's committed no crimes in releasing classified information given to him.

New York Times Co. v. United States - Wikipedia, the free encyclopedia

That the US is ignoring a Supreme Court decision is not really a surprise; I assume it expects a 40 year precedent will be overturned with the current court.

As for those who want to throw him in prison or execute him posthaste, Freedom of Speech (and Freedom of the Press) is not for those who agree with you.

'Journalist' is to journalism as 'Artist' is to art. No one can define art so every practitioner is an 'artist'. Every blogger is a journalist. Everyone who posts here is a journalist. If I never wrote a word yet said I am a journalist could I be proven wrong?

 

[eridanus]

If I never wrote a word yet said I am a journalist could I be proven wrong?

Yes.

 

[M Paquette]

He's a journalist. He's committed no crimes in releasing classified information given to him.

New York Times Co. v. United States - Wikipedia, the free encyclopedia

That the US is ignoring a Supreme Court decision is not really a surprise; I assume it expects a 40 year precedent will be overturned with the current court.

As for those who want to throw him in prison or execute him posthaste, Freedom of Speech (and Freedom of the Press) is not for those who agree with you.

Oh, they're just anticipating the SHIELD Act. It's just a little tiny tweak to the Espionage Act to make it illegal to publish information on the identity of classified sources or informants, or any information concerning human intelligence activities of the United States or any foreign government. (Yeah, kids, you heard right. Rat out a North Korean spook and go to jail.)

Leaking this sort of information is already a crime under the Espionage Act. This is aimed at shutting down publishers, like that pesky New York Times that eridanus mentioned, or of course Wikileaks, should we find a way to put it under US jurisdiction.

While I applaud the enthusiasm of those who have suggested various rather immediate remedies for Mr. Assange and his source, I would still prefer to see the US act under the rule of law. That's just me, though. I'm not a big fan of putting the comfort and convenience of The State over the rights of individuals.

 

[Alan]

In regards to access to confidential data.

Readily available data sharing and e-mail systems such as the one my Megacorp used have excellent and easy to implement 64-bit encryption tools. Properly implemented, even the highest level system administrators don't have the encryption keys to databases of sensitive information. Servers and system administrators don't need the keys to backup and otherwise manage the encrypted databases (they can read all the 1's and 0's but cannot decrypt them into anyting meaningful). Of course, collusion among individuals is always possible no matter how the segregation of duties is organized.

For those who are interested I'll give a brief example from my IT business background. Some senior executives need to share data on mergers and aquisitions (MA). Very sensitive information, dangers of insider trading etc, should the information get out.

IT developers have full rights to all databases they create on development servers but no rights to databases on the production servers. A member of the MA team requests an encrypted database and is given the instructions to create an encrytion key. (It is a simple, 1 minute task to create a key and give it a name - all keys you create are held within your id file that is stored on your laptop and is password protected. That key is e-mailed to a developer without the ability for him to forward it to anyone else. The MA guy also sends copies of the key to everyone else that needs access, and he is told to send copies that to trusted individuals that have the right to forward the key - these are his back-up personnel.

The IT developer then uses the key to encrypt a database on the development server and, after testing, requests that the database be deployed onto a production server. The access control list (ACL) for the server is set up by the server admins as per instructions from the MA team data owner. The ACL is very transparent to the MA team so they can see that the IT developer is not listed. Other IT folks are the server admins, but they do not have the key to read the data and cannot be given the key by anyone within the IT department.

Note - If you forget the password to your id file, no-one has the ability to reset it. The IT admins can create a new id file and send it to you, but you cannot access anything that is encrypted including any e-mail that you encrypted. To access the databases that are encrypted you need to have those database owners send you the keys. You can see the subject lines and distribution on all your encrypted e-mail but not the content, therefore you will need to request that people who sent you the e-mail will need to send you a new copy.

 

[samclem]

That the US is ignoring a Supreme Court decision is not really a surprise;

The whole country is ignoring a Supreme Court decision? How does that happen? Or were you just using "US" to refer to the present administration and a few elected representatives?

 

[samclem]

Helping Wikileaks

So, Wikileaks is asking everyone to donate funds to help them. Poor guys. I"m wondering if there would be anything illegal about writing them a note expressing my support for their work and indicating how much I'd like to help. Like maybe send them this note on one of the old checks I've got left over from a long-closed checking account. Fill in my gift of karmic support, and an illegible signature of a Disney character. Is it illegal to write a bogus check for a contribution for which you receive nothing in return?