Write me down a mule
Not wise, but it seems a bit much for the intelligence agencies to beef about someone else's security discipline.
Journalists and their associates involved in the Edward Snowden NSA leaks affair followed almost unbelievably poor security practices while handling top-secret government files, according to a statement made in court by a British official today. The hearing was looking into the case of David Miranda, the partner of journalist …
"After forcing down the plane of a head of state over Europe....." Sorry to correct your hysterical shrieking but no such event happened. The Bolivian aircraft was merely refused permission to cross airspace, then was requested to submit to a passenger check. The Bolivians could have refused and returned to Russia but needed to refuel, but no-one was "forced down". Please do try to keep at least one foot in reality whilst bleating.
"So if say Canada merely refused permission for any flights to the US to enter it's airspace....." Yes, Canada has complete sovereinty of its airspace so it is within the rights of the Canadian government to close their airpsace to US flights. But diplomaticy they would need to supply a reason for doing so. In the case of Morale's aircraft, it was because he was suspected of transporting a person not on the passenger manifest, which is in breach of the Chicago Convention. Rather than go for a request for a search, France and Spain seem to have taken the slightly less diplomaticly upsetting refusal for overflight, as is their right. Austria simply added the request that if the Bolivian aircraft landed to refuel then the Austrians would exercise their right to check the manifest against the actual people on the aircraft. Morales could have refused and returned to Russia but decided to accept the Austrian request.
"....it seems a bit much for the intelligence agencies to beef about someone else's security discipline." Actually, the files in question seem to have come from Snowden, and he was a contract employee of the NSA, not GCHQ, so a Yank security problem, thank you.
Ouch!
Still, given what's going on, one imagines that they will learn from their mistakes quite quickly; maybe the guardian should invest in hiring an amazingly paranoid InfoSec adviser.
Still, given that these documents are almost certainly the contents of the latest wiki leaks insurance file, the possibility remains open that all of the information will be released to the public sooner or later no matter what they do - intimidation and accusations of criminality only increase the likelihood of this happening more quickly, as would any attempt to extradite/render Snowden or anyone connected with him against their will.
They apparently didn't learn anything from the last time. It was a Guardian journalist who published the password to 250,000 unredacted US government cables.
Admittedly he didn't know the password for his file would unlock the "insurance" file, and WikiLeaks are at fault for reusing passwords (another basic fail), but he shouldn't have published the password anyway. Just knowing the general form that WikiLeaks uses (eg, that it contained a date in verbose format), would help someone trying to crack other WikiLeaks files. (See http://www.wikileaks.org/Guardian-journalist-negligently.html.)
Whether this justifies the interference with the press is another matter.
".....Whether this justifies the interference with the press is another matter." Whilst you're right about both the Guardian journos and Dickileaks making far too many assumptions around security (and it the Guardian's case seemingly pretty uninformed about simple tech like zipped files), I would have to point out that Mr Miranda was not a Guardian employee nor a registered journalist, so no "interference with the press" took place.
Well, I suppose those thumb drives now have whatever the government says was on those thumb drives. However, since Snowden primarily leaked NSA documents, you can paint me sceptical.
My spider senses are telling me there's a stitch up in progress. Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history).
Anon, because I just know the honourable peeps at El Reg can be trusted not to leak my identify.
" "highly classified UK intelligence documents"."
This is the bit that's really confusing me. The Uk Gov keep going on about how Snowden has all these top security uk documents, but didn't he just dump a large part of the NSA database?
At what point did he access UK GCHQ servers?
This all smells to high heaven, and I personally think that the uk spooks just wanted to know what the US spooks knew about them (they don't tell each other *everything* obviously).
As a bonus they get loads of US-centric stuff too to boost their own intel. All the while they are dressing this up as some kind of crime by Snowden against the UK. They haven't said that exactly, but that seems to be the impression they are trying to portray.
The UK and US (and Canada, Australia and New Zealand) have long-standing arrangements to share much* of their intelligence information. So it's perfectly possible that NSA databases would contain sensitive UK material.
* Not everything, of course, material may be marked as NOFORN (at least, in the US where they're public about their security classification) - often stuff that says rude things about partner governments or intelligence services :)
Correct. In brief, when Margaret Thatcher wanted a couple of her senior ministers checked out for suspect associations, she passed the job on to either the Americans or the Canadians. I think the latter, but can't be sure. Dammit, I have to say it; Echelon is one of the facilities at work here, but no one seems to worry about it.
Oh that's better. Almost as good as a man dump. Now for a post work shower.
"Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history)."
One can live in hope that its forced out of existence ASAP. Its a hopless comic for communists with all the journalistic integrity of a teenage girls blog. I'm constantly amazed that its readers don't comprehend its being the left wing Dail Mail.
Not only that, but a general scan of the comments here indicate electric-Pavlovian-knee-jerk supportive comments of each other, all trying to be witty [while remaining ....generally unwitting...gotcha!..]
It's my guess that they're all quite young and have never had any real hands-on responsibility for much of anything.
When was the last time they posted pics of their genitals on the Internet?
Kiddies! Share your awesomeness! Here!
Mo'! Commenters! Are! Standin'! By!
"Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history)."
Sadly given its recent financial performance and insistence on throwing more and more money at the loss making online edition it may well do this to itself.
Well they did say the password unlocked a portion of the documents. Quite possible there was a hidden partition with the remaining docs locked away still. Miranda wouldn't even need to be aware of it. In his knowledge he gave them the password to the information.
Given that if you must hand over passwords when requested under threat of immediate imprisonment, (and possibly Gitmo if they think what you are hiding is dangerous enough) and that covers ANY password on any device you have or own. I think I might take precautions against forgetting the odd password.
I wonder why they even need a mule. There are so many places that documents can be dumped, and if they were signed and encrypted, then the recipient could be sure they had not been read or tampered with.
And even if they did use a mule they should give the mule the passphrase. And if they had to give him a passphrase, it should be to a shadow file which contains plausibly sensitive but harmless information while keeping the real data safe.
"It will not escape Reg readers' consideration that while the Guardian's security may have been poor, it was the US and UK governments' security regimes which allowed the information to escape in the first place."
Bingo. And unlike some mule and friend/partner of a newspaper journalist, the people surrounding the initial leaks are professionals in data security. Or supposed to be anyway.
On top of that it's foolish to believe that the some 58,000 documents do not exist anywhere else. And they certainly have never been stored on the graphics card in the picture published by the Guardian re destruction of data....
Assuming that digital data is gone once destroyed/seized is mid-20th century logic.
Seriously, who are the governments and authorities trying to fool.... their own "actors" (aka officials, MPs and up)?
They collared the guy before knowing anything about what he was carrying or how well protected it was. 9 hours being interrogated by spooks was going to cough a password either way, whether it had been written down or not.
If it had been written down and the password was immediately available, why the need to hold him for 9 hours?
I think it looks like a targeted arrest, I don't believe they should have used anti-terror laws, but it does appear that Miranda had a whole load of classified documents. It doesn't matter if other people have them as well, he had them. I'm only surprised that he was allowed to proceed as he was obviously being used as a courier for classified information.
In other comments: Who the hell sends their partner with classified material through an airport, they must have realised that the Police would want to have a chat with him as he'd be a prime suspect.
>Who the hell sends their partner with classified material through an airport
Someone trying to bait the powers that be into doing something pointless and dumb. It has been heavily speculated on Schneier's blog comments section that this was indeed the case, what with Greenwald releasing a little info, the spies scrambling to 'explain', Greenwald then shows how the 'explanation' is false with more evidence, cycle repeats.
Classic trolling, just give them more rope, they will invariably tie a noose. Hopefully if they get enough rope the head will just pop off when the trap door opens.
And I've probably capitulated in the circumstances.
But if I'd have been the mule, as would anyone with any sense, I'd have isolated myself from the encryption and password process then I could genuinely claim that I wasn't lying. What's more, I could even give particulars and they'd be little the wiser and no closer to the docs.
...And why didn't he (or others) send the stuff electronically beforehand (so there was nothing to intercept)? Also, why did he go via the U.K. anyway?
Essentially, Miranda is a fool or awfully naive.
If Miranda is not a fool then perhaps we're all being fed a fairytale and actual events are quite different.
"The whole not knowing the encryption key thing doesn't help you if the security services believe otherwise...." Indeed, the law states you have to provide the key, and is not conditional that you are the originator or that you know it yourself, so if the encryption has been done by others you still have to convince those others to hand over the key or suffer the consequences yourself.