Guardian journalist accused of recklessly disclosing password


Jerome Taylor
Friday 02 September 2011 00:00 BST

An uncensored version of the entire US State Department's cable database obtained by WikiLeaks last year has been circulating on the internet, prompting fears that lives have been put at risk.

Access to an unencrypted 1.73-gigabyte file containing more than 251,000 uncensored diplomatic cables has been made possible thanks to the distribution of a password that unlocks a secret cache.

The emergence of an accessible and fully unredacted database has raised fears that the lives of informants in countries that are hostile to the US may now be put at risk. It also highlights the inherent difficulties of protecting data in a digital age where copies can be made with ease.

Yesterday an acrimonious spat broke out between WikiLeaks and The Guardian newspaper as both organisations blamed each other for the data breach. The two groups once worked closely together in co-ordinating the release of WikiLeaks exposés, but they fell out publicly late last year.

WikiLeaks has blamed David Leigh, The Guardian's investigations editor, for publishing a password given to him by the group last year in a book he wrote with his fellow journalist Luke Harding about his time working with the whistle-blowing website.

The newspaper hit back by blaming WikiLeaks for using sloppy security protocols, adding that the unencrypted version of the cables now on the web was not the one accessed by the paper last year.

But in a 1,600-word statement WikiLeaks accused Leigh of "recklessly, and... knowingly" disclosing the decryption password in his book, which was published in February. The organisation added: "Knowledge of The Guardian disclosure has spread privately over several months but reached critical mass last week."

WikiLeaks accused The Guardian of undoing months of work that its team had done with partner media organisations and human rights groups in redacting sensitive files. A source close to the group told The Independent that only three people had been given access to the encryption password: Julian Assange, Leigh and one other WikiLeaks staffer.

But yesterday The Guardian denied those claims, stating that it had gone to great lengths to persuade WikiLeaks to take the protection of informants and confidential sources more seriously. Blaming WikiLeaks for using the same password to access different databases, the newspaper claimed that the file to which it was given access in July 2010 would only be on a secure server for a few hours and then taken off. "It appears that two versions of this file were subsequently posted to a peer-to-peer file-sharing network using the same password," the newspaper said.

Yesterday, Mr Assange said he was unable to comment further because of "ongoing legal issues". But he denied that the password he gave to the newspaper was temporary.

"Encryption is no more temporary than the translation of a book into another language," he said. "It's no more temporary than cutting off an arm."

Internet security experts have expressed dismay that WikiLeaks would either give out a password to an uncensored database or use the same password for two different caches.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in