15 June 2010

http://www.weeklystandard.com/blogs/wikileaks-secure

Is Wikileaks Secure? And beyond the law?

BY Gabriel Schoenfeld

Is there nothing we can do about Wikileaks? Is it really a website where anyone can post any U.S. government secret no matter how injurious it is to American security?

Wikileaks is much in the news because of the young Army intelligence officer accused of providing it with a massive trove of diplomatic cables and sensitive military videos. The website’s organizers boast that it “combines the protection and anonymity of cutting-edge cryptographic technologies with the comfortable presentation style of Wikipedia.” They convey an assumption that its servers are beyond the reach of law enforcement, and that those who post to it cannot be tracked down.

But the history of warfare—including information warfare—teaches that every measure elicits a countermeasure. An interesting and highly relevant detail emerges from the indictment of Thomas Drake, the senior National Security Agency employee recently charged under the Espionage Act for passing classified information to the Baltimore Sun.

To communicate covertly with the Sun reporter, Drake opened up a Hushmail account and she apparently did the same. Hushmail is a web service that, as it advertises itself, “looks and feels just like any other web-mail site, but adds strong encryption to your emails to protect your secrets from prying eyes.”

Yet when the prying eyes are federal investigators, it turns out that Hushmail is not quite so secure. The indictment of Drake makes plain that the feds pierced Hushmail’s encryption either via technological or legal means, noting, among other things, that “defendant DRAKE scanned and emailed Reporter A electronic copies of certain classified and unclassified documents.”

Wikileaks makes claims about its inviolability that are strikingly like those made by Hushmail. Whether it can be pierced by technological means is unknown. But warfare is not a static thing. Even “cutting-edge cryptographic technologies” may not cut it when facing the huge decryption resources of powerful states.

Gabriel Schoenfeld is the author of Necessary Secrets: National Security, the Media, and the Rule of Law.

__________

http://www.weeklystandard.com/send-comment?id=481716

Send a response to the editor.

Blog Title: Is Wikileaks Secure?

Your Email Address: jya[at]pipeline.com

Your Comment:

Wikileaks communications security is well beyond that of Hushmail which is known to be weak by comsec followers. This is not to suggest that national-grade countermeasures could not break Wikileaks protection. More likely is that national-grade surveillance of Wikileaks and similar providers of hard to get governmental and banned information is a continuing covert operation.

Online surveillance by authorities is common, either by direct access to worldwide Internet infrastructure or by cooperation of Internet Service Providers and commercial firms which provide hardware and software for digital communications and are obliged by law to provide lawful access to user data. There are a number of lawful spying guides available on the Internet, many hosted on Cryptome.org and elsewhere.

Wikileaks is assuredly aware of these invasive practices and its protection for communications is far superior to commercially-provided protection which is so weak that it verges on being criminally deceptive.

National authorities unfortunately are not accountable to the public for its surveillance of lawful activities, and Wikileaks is justified in helping increase accountability, including that related to national security which is excessively hidden from the public by secrecy amok.

John Young
Cryptome.org
212-873-8700

Thank you for your comments! Your email message has been sent to the Editor.