After a series of mixups, misunderstandings and disastrous disconnects put a file will all the secret CableGate files onto public servers, then made the password available in excerpts from an upcoming book, WikiLeaks has given up all hope of keeping the names of informants or other sensitive information under wraps and just posted the whole thing online.
The newly posted documents include more than 1,000 with the names of individual activists, 150 identifying whistleblowers and several thousand carrying a tag indicating individuals named in the cable could be in danger if their names became public.
The chain reaction started last fall, when a conflict with founder Julian Assange prompted two WikiLeaks staffers to quit, taking the contents of one server with them. On that server was the only copy WikiLeaks had of of the encrypted file with more than 251,000 State Department cables, according to German daily Der Spiegel.
In December one of the staffers, German spokesperson and Assange deputy Daniel Domscheit-Berg, returned many of the files to Assange, including the encrypted CableGate database, even as he was helping found a WikiLeaks rival called OpenLeak.
Rather than return everything to Assange, who he told German newspapers had made WikiLeaks insecure, Domscheit-Berg reportedly destroyed thousands of unpublished documents given to WikiLeaks.
To avoid being caught by a similar departure, Assange supporters posted the file to a public web site, apparently not realizing it contained all the original cables, not just the 150,000 or so WikiLeaks had already published, minus key bits of info like the names of informants in authoritarian countries.
The file was quickly found and mirrored onto other servers, destroying any chance Assange might have had to re-secure the file.
In February, U.K. daily The Guardian started posting excerpts from an upcoming book analyzing the cables, printing the password for the encrypted file.
In an editorial published earlier this week to defend themselves against accusations from Assange, Guardian staffers said the password was included because they thought it was a temporary one that was no longer valid and that even the encrypted version would be safely hidden away before the excerpt hit the web.
Neither was the case.
Rather than continuing to release the remaining 120,000 cables slowly and in batches small enough that newspapers helping to vet the cables could do so – deleting the names of low-level of informants to protect them as they did so – the whole pile of 251,000-plus cables hit the web in searchable form earlier this week.
The principals knew of the potential problem for months, ever since the encrypted file was first posted and then copied. Neither the file nor the situation became common knowledge until the Der Spiegel story Monday – a revelation that sparked protests from the U.S. State Department, several foreign governments, a DDOS attack on WikiLeaks.org that may or may not have been a proof-of-concept exercise for a new Web attack tool built by Anonymous, and a very public, very bitter round of finger-pointing between WikiLeaks and The Guardian.
According to a WikiLeaks editorial, it was a Guardian investigations editor named David Leigh who "recklessly and without gaining out approval, knowingly disclosed the decryption passwords in a book published by the Guardian."
The Guardian insists it acted properly and it was WikiLeaks whose security was weak and instructions misleading.
The idea that the password was temporary was "strictly false" according to a WikiLeaks Tweet yesterday. "The Guardian must ask for David Leigh's resignation, any other course of action embroils the whole of the Guardian in the misconduct," read another.
The cadre of newspapers that signed up to help vet the documents published a joint statement saying they "deplore the decision of WikiLeaks to publish the unredacted State Department cables, which may put sources at risk.
"Our previous dealings with WikiLeaks were on the clear basis that we would only publish cables which had been subjected to a thorough joint editing and clearance process. We will continue to defend our previous collaborative publishing endeavour. We cannot defend the needless publication of the complete data – indeed, we are united in condemning it.
Either way, the documents are public and it makes no sense to pretend otherwise according to a public statement from WikiLeaks today, announcing it had posted a searchable version of the database.
Response was heavy enough to make the site unavailable and prompt WikiLeaks to ask for contributions to buy more bandwidth and post an alternate site, also searchable.
"Given that the full database file is downloadable from hundreds of sites there is only one internally rational action," the statement announcing release.
If so, it might be the only really rational action in the whole twisted story.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.