There Are Many Reasons To Be Concerned About The Impact On Press Freedoms In The Assange Indictment

from the normal-journalistic-activity dept

Yesterday, we wrote a bit about the Julian Assange indictment, noting that it was focused on CFAA and conspiracy arguments, rather than (what many people expected) Espionage Act claims. The CFAA charge of trying to help hack a hashed CIA password that Assange instructed Chelsea Manning to supply does raise some real legal questions. However, as we noted, there were still some significant press freedom concerns linked to the case (and we fully expect those concerns to grow as the inevitable superseding indictment is released).

Among the many concerns are that from what’s in the initial indictment, it appears that the DOJ is, in fact, presenting perfectly normal, reasonable and legal, steps that many journalists take to cultivate and protect sources, and using that as evidence of the “conspiracy” here. From the indictment:

It was part of the conspiracy that Assange and Manning used the “Jabber” online chat service to collaborate on the acquisition and dissemination of the classified records, and to enter into the agreement to crack the password stored on the United States Department of Defense computers connected to the Secret Internet Protocol Network.

It was part of the conspiracy that Assange and Manning took measures to conceal Manning as the source of the disclosure of classified records to WikiLeaks, including removing usernames from the disclosed information and deleting chat logs between Assange and Manning.

It was part of the conspiracy that Assange encouraged Manning to provide information and records from departments and agencies of the United States.

It was part of the conspiracy that Assange and Manning used a special folder on a cloud drop box of WikiLeaks to transmit classified records containing information related to the national defense of the United States.

Again, the CFAA claims of a failed attempt to actually crack a password seem like they could be problematic for Assange (even if the maximum sentence for such things is less than Assange has already spent locked up in the Ecuadoran embassy in London). That goes beyond standard journalism practices. But basically everything else described above as evidence of the “conspiracy” are very standard journalistic practices around cultivating and protecting sources.

Many press freedom organizations are reasonably worried. The Freedom of the Press Foundation put out the following statement:

For years, the Obama administration considered indicting WikiLeaks publisher Julian Assange, before rightly concluding it could not do so without encroaching on core press freedoms. Now almost nine years in, the Trump administration has used the same information to manufacture a flimsy and pretextual indictment involving a ?conspiracy? to violate the Computer Fraud and Abuse Act?based entirely on alleged conversations between a journalist and source. While the Trump administration has so far not attempted to explicitly declare the act of publishing illegal, a core part of its argument would criminalize many common journalist-source interactions that reporters rely on all the time. Requesting more documents from a source, using an encrypted chat messenger, or trying to keep a source?s identity anonymous are not crimes; they are vital to the journalistic process. Whether or not you like Assange, the charge against him is a serious press freedom threat and should be vigorously protested by all those who care about the First Amendment.

The Committee to Protect Journalists is similarly concerned about the same issues:

“The potential implications for press freedom of this allegation of conspiracy between publisher and source are deeply troubling,” said Robert Mahoney, deputy director of the Committee to Protect Journalists. “With this prosecution of Julian Assange, the U.S. government could set out broad legal arguments about journalists soliciting information or interacting with sources that could have chilling consequences for investigative reporting and the publication of information of public interest.”

The Knight First Amendment Center also raises similar concerns:

?The indictment and the Justice Department?s press release treat everyday journalistic practices as part of a criminal conspiracy. Whether the government will be able to establish a violation of the hacking statute remains to be seen, but it?s very troubling that the indictment sweeps in activities that are not just lawful but essential to press freedom?activities like cultivating sources, protecting sources? identities, and communicating with sources securely.?

EFF is also concerned:

While the indictment of Julian Assange centers on an alleged attempt to break a password?an attempt that was not apparently successful?it is still, at root, an attack on the publication of leaked material and the most recent act in an almost decade-long effort to punish a whistleblower and the publisher of her leaked material. Several parts of the indictment describe very common journalistic behavior, like using cloud storage or knowingly receiving classified information or redacting identifying information about a source. Other parts make common free software tools like Linux and Jabber seem suspect. And while we are relieved that the government has not chosen to include publication-based charges today, if Assange is indeed extradited, the government can issue superseding indictments. It should not do so. Leaks are a vital part of the free flow of information that is essential to our democracy. Reporting on leaked materials, including reporting on classified information, is an essential role of American journalism.

So, yes, the DOJ could have gone farther and did not. But the very fact that it has spent all this time and the best thing it could come up with to charge Assange was an alleged attempt to hack a password, is pretty weak. The attempt to puff even that up into a “conspiracy” by describing common journalistic practices is a real worry, as is anything the DOJ later decides to throw on the pile with future charges.

Filed Under: , , , , , , ,
Companies: wikileaks

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “There Are Many Reasons To Be Concerned About The Impact On Press Freedoms In The Assange Indictment”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: unjust law

the whole concept and application of U.S. "Conspiracy" law is a relatively new invention.
It contradicts the traditional principles of Anglo_American law.

Prosecutors love Conspiracy indictments because their legal basis is so ill-defined, broad, and easily applied.
The U.S. Government very rarely loses its court prosecutions no matter what the circumstances or guilt/innocence of the defendant.

Vermont IP Lawyer (profile) says:

Re: Re: unjust law

The concept of conspiracy as a crime is not so new. For example, here it is in a Massachusetts case in 1922 (Commonwealth v. Dyer): That case cites back to numerous earlier cases. I do not have a citation to offer but I would wager one could find discussions of the crime of conspiracy in English common law dating back at least to the 1800s. The Dyer case quotes an earlier case confirming a point made by Graham J above: "It is not always essential that the acts … should constitute a criminal offence, for which, without the element of conspiracy, one alone could be indicted … . "

Anonymous Coward says:

Re: Re: Re: unjust law

Under centuries-old Anglo-American law, becoming a "criminal" required a person to physically ‘act’ with deliberate ‘intent’ to violate the law with awareness of the illegal nature of that action.

Lawful conviction of a crime required fair judicial proof beyond a reasonable doubt of both:

‘Actus Reus’ {… a bad act} & ‘Mens Rea'{… a guilty mind}

American Conspiracy Law ignores Actus Reus, revoking the classic definition of "crime".

Anonymous Coward says:

This had to be a conspiracy charge because the illegal act under the CFAA ("cracking" a password) was not committed by Assange, it was committed by Manning. Conspiracies are only illegal if they are in pursuit of an illegal activity. Conspiring to obtain information is absolutely a typical press activity, but generally such a conspiracy is not in pursuit of an illegal act and so shouldn’t be impacted by this. If your concern is that this infringes on press freedoms because a typical press activity is to encourage and conspire to perform illegal activities, then I suppose so… but perhaps we should rather look into why one would think it is needed for the press to encourage illegal acts.

Anonymous Coward says:

Re: Re: Re:

"All leaks of secret information can be described as a conspiracy between a leaker and a reporter, as is being done here."

What is it called when information becomes public knowledge due to oversight, mistake, blunder, mis-marked …. are these called gaffs?

Remember when the existence of stealth airplanes became public knowledge … wasn’t a preseident’s off hand comment to the press that indicated the existence of stealth? I forget who it was, anyway – they called it a leak didn’t they?

Stephen T. Stone (profile) says:


The argument being made is not that the press is encouraging illegal acts — it is that legal actions often performed by the press are being treated as proof of a conspiracy to commit an illegal act. The worry is that if the government’s argument on this front is accepted by the courts, the safeguards reporters implement to cultivate and protect their sources will all be considered illegal acts if said reporters are ever dragged into court. Such a precedent would create a chilling effect on journalism of all kinds, but especially of the kind that reports on government wrongdoing.

Anonymous Coward says:

Re: Re: Re:

Just like tenant-blacklisting creates a chilling effect on tenants who might otherwise warn that their building was structurally unsound and about to collapse. Instead, they’ll just move out and let the building fall on the apathetic masses. Then, when some judge’s kid winds up in one of these buildings, the laws will be changed.

Bamboo Harvester (profile) says:

Re: Re:

Well put.

If Manning had succeeded in cracking the password, Assange wouldn’t be hit with Conspiracy charges alone, but also as an Accessory before the fact for supplying the hash.

The Conspiracy charge will stick if it makes it to court – the two of them conspired to breach a secure government system.

That "journalists" "do this all the time" is either an indictment of the "journalist" community if they really DO conspire to break laws, or a heaping spoon of hyperbole.

I see "protect sources" and other "journalist rights" mentioned. Those "rights" don’t exist. Never did. Nor do "journalists" have some sort of special right to induce, coerce, or bribe "sources" to illegally disclose information to them.

Stephen T. Stone (profile) says:

Re: Re:

That "journalists" "do this all the time" is either an indictment of the "journalist" community if they really DO conspire to break laws, or a heaping spoon of hyperbole.

What journalists do “all the time” are the legal actions described in the indictment as proof of a conspiracy (e.g., using encrypted communications and deleting chat logs). The concern is that those actions could become evidence of a criminal conspiracy if a journalist is dragged into court because their source did something illegal without being prompted or coerced. That would have a rather chilling effect on the speech of journalists across the country, regardless of whether they are doing anything illegal.

Bamboo Harvester (profile) says:

Re: Re: Re: Re:

Conspiracy laws have been around a looooong time.

That YOUR particular ox is being gored on this one doesn’t change that.

Assange crossed a line when he conspired with Manning to illegally access a government system.

There’s a good explanation of the various charges that can be filed floating around using a pair of stoners in the vein of Cheech & Chong. "Cops are here, flush the weed" – Conspiracy.

YES, people conspire all the time legally. Once they "legally" conspire to commit an illegal act, a charge of Conspiracy can be filed, and if there’s actual evidence of such, they’ll probably be convicted.

A "journalist" attempting to get a "source" to commit a crime by disclosing or obtaining information for them in an illegal manner is guilty of Conspiracy.

Anonymous Coward says:

Re: Re: Re:2 Re:

Do you think the same logic could be applied to all the leaks about Trump? If a “journalist” at the NYT or WAPO encouraged a “source” to illegally leak, did they conspire in a criminal fashion?

Given that the journalist makes Money for such things, I would think they would have a Lot of liability.

Maybe Barr will be Very Busy, no? That would be good. Someone should be enforcing the Law.

Stephen T. Stone (profile) says:

Re: Re: Re:2

A "journalist" attempting to get a "source" to commit a crime by disclosing or obtaining information for them in an illegal manner is guilty of Conspiracy.

Assume a source commits an illegal act of their own volition and without a journalist’s foreknowledge. If the source goes to the journalist after the criminal act and offers up information without saying the info was obtained illegally, what should happen to that journalist if they publish that information and refuse to give up their source? How should we view the actions taken by that journalist to protect the identity of their source — actions routinely done by journalists all the time, actions described in the indictment as proof of a criminal conspiracy — if the journalist had no idea that a crime was committed beforehand?

Matthew Cline (profile) says:

Re: Re: Re:4 Re:

IANAL, but my understanding is that if the reporter knew that the source had committed a crime in obtaining the information, but the reporter had in no way encouraged the commission of the crime, then the reporter publishing it is not a crime, as if it were a crime to publish it that would be prior restraint. In New York Times Co. v. United States (June 30, 1971) the Supreme Court held that the New York Time was allowed to publish information about the Pentagon Paper even though Daniel Ellsberg had not yet been cleared of acting criminally in sharing the Pentagon Papers with the press (which happened in May 11, 1973).

Anonymous Coward says:

Re: Re: Re:5 Re:

So in this case, with Manning and Assange, and their knowledge and cooperation in an attempt to break the law, it’s an actual crime.

Go to jail. Go directly go jail. Do no pass Go, or change your sex again.

Unless you want to of course. But don’t ask the US Government to pay for it.

Oh wait. We did already pay for it. What’s with that, anyway. A convicted traitor gets a free sex change operation, while everyone else has to pay through their teeth.

Hardly seems fair. Why does Mike like her so much, anyway?

Bamboo Harvester (profile) says:

Re: Re: Re:3 Re:

You’ve just equated a "journalist" with a petty "fence".

One thing that I haven’t seen come up – criminal charges are prosecuted at the discretion of the District Attorney.

Which, YES, means that a lot of charges will never be filed.

THESE charges would likely never have been filed if they hadn’t attempted to hack a CIA system.

Stephen T. Stone (profile) says:

Re: Re: Re:4

You’ve just equated a "journalist" with a petty "fence".

Two things.

  1. You can stop with the scare quotes around the word journalist.
  2. A journalist who doesn’t break the law, doesn’t encourage breaking the law, and has no foreknowledge of an impending crime but receives and publishes information gained by someone else breaking the law should not be prosecuted for conspiracy. If that opinion means I have compared a journalist to a “fence”, so be it.
Bamboo Harvester (profile) says:

Re: Re: Re:5 Re:

One, they’re not "scare quotes". I’ve yet to see a legal definition of a "journalist", so it’s an undefined yet over-used "title".

Two, if a "journalist" who doesn’t break the law…

Receipt of stolen goods. Possession of stolen goods. Resale of stolen goods. Accessory before/after the fact.

You’re trying to claim a difference between stolen data and stolen money (or watches).

In the eyes of the Law, there is no difference.

Anonymous Coward says:

Re: Re: Re:8 Re:

You seem deluded.

Is one considered to be complicit when they are aware of illegal activity and do not disclose same to authorities?

What do people in these situations do when the material is sensitive or otherwise under an NDA or other such secret agreements?

Caught between a rock and a hard place? Well, it seems that this is a common occurrence so how are people instructed to act in these situations? Damed if you do, damed if you dont …. many simply fall back upon what they think is right and you want them to go to jail.

You own private prison stock?

Bamboo Harvester (profile) says:

Re: Re: Re:9 Re:

As to complicity through awareness, it’s case-dependent. For the purposes of this article, the answer is yes.

NDA’s are null and void when it comes to illegal acts.

Say you run out and buy yourself a cell phone, instantly making yourself a "journalist". You hear a rumor that the government agency I work for is covering up Blue’s dumping of Unobtanium in a public water supply.

You can’t prove any of it, it’s just a rumor.

If I go to you and say it’s all true – but you can’t use my name, you could report it as "unconfirmed from a government source on condition of anonymity", and about a third of the US population would take it as unquestionably true. No problem, nothing was stolen, nobody was urged, coerced, etc into a crime.

However, IF you insist I get you "the proof" and I steal a copy of the documentation from a Gov’t server, YES, you’re going to be charged along with me. It doesn’t matter if it saves bazillions of minority children, one crime doesn’t make up for another crime. The kids are saved, we all go to prison.

Anonymous Coward says:

Re: Re: Re:6 Re:

Actually under US law stolen data is sometimes treated differently than stolen money, particularly when that data is not ordinarily used in commerce.

18 USC 2315 is the Federal statute covering receipt/possession of stolen goods. It states: "Whoever receives, possesses, conceals, stores, barters, sells, or disposes of any goods, wares, or merchandise, securities, or money of the value of $5,000 or more…"

"Goods, Wares and Merchandise" traditionally covers tangible goods ordinarily sold in commerce, and has been extended to include information such as trade secrets, maps and chemical formulas. It has been allowed that some intangible goods can sometimes be covered if they are fixed in a tangible medium prior to the termination of interstate transport (wire transfers are the main example here). In the realm of copyright law, unauthorized reproductions of legally obtained copyright covered works are not included (regardless of whether they are tangible).

Notably, in 446 F.2d 244 (2d Cir. 1971) stolen FBI documents were not included because they are not ordinarily used in commerce. This is still, as far as I can tell, the governing decision on this issue as far as government documents are concerned.

The individual states may define possession of stolen goods differently, though in this particular context they are increasingly irrelevant due to jurisdictional limitations.

Stephen T. Stone (profile) says:

Re: Re: Re:6

I’ve yet to see a legal definition of a "journalist", so it’s an undefined yet over-used "title".

What other professions will you be putting in scare quotes out of incalculable pedantry?

Receipt of stolen goods. Possession of stolen goods. Resale of stolen goods. Accessory before/after the fact.

Then explain how the Pentagon Papers were published without any journalist who published that information going to jail for any of those crimes.

Anonymous Coward says:

Re: Re: Re:8 Re:

Not prosecuting the pentagon paper leak was a whimsy?
I don’t think so Tim

Not prosecuting the 2008 bankers and friends was a whimsy?

Selective enforcement of the law is in direct contradiction to the strongly held belief that this is a rule of law nation, it re-enforces the claim that it is law of man. Guess it depends upon your pov because it is a multi-tired system of injustice.

Anonymous Coward says:

Re: no criminal "Act"

Conspiracy, in common law, is an agreement between two or more persons to commit an unlawful act .

Conspiracy is the most vague area in American criminal law.
Its terms are absent from the western continental European legal codes.
In most civil-law countries, prosecution of agreements to commit offenses, regardless of whether the criminal "act" was actually attempted or executed, is mostly limited to "political offenses" against the government.

Anonymous Coward says:

Re: Re: Re:3 no criminal "Act"

I don’t know about your house but mine, built in 2002, is loaded with "bugs". Worse, the large scale renovations done to the same house just 5 years ago created lots of new ones. Of course the architect drawings were perfect. It was the builders who suck at following the drawings and are even worse at simple things like 90 degree corners.

If you look closely many commercial buildings are just as bad. Skyscrapers have less leeway for such shoddy construction techniques but are also designed in such a way as to nearly eliminate potential for error (tab A – slot B kind of construction). The cosmetic parts are often less than perfect, sometimes glaringly so.

You’re right about software, of course, and it annoys me, as a professional programmer for 30 years, that software has become such a comedy of errors. But most other professions are just as guilty. Also, architects don’t build anything 🙂

Anonymous Coward says:

Re: Re: Re:4 no criminal "Act"

Architects are not precluded from building anything. This is America, not Russia, despite what CNN says. If Architects want to Build Buildings, they CAN.

Does it make you crazy that you have to use three remotes to turn on and control your stereo, TV and Apple TV? And their cooperation seems to come and go, come and go. Sometimes the Apple TV turns on the Stereo, sometimes, the TV, sometimes both, sometimes neither, AHHH!!

You and I should go write some code that works, how about that?

Anonymous Coward says:

Re: Re: Re:5 no criminal "Act"

I didn’t say architects can’t build anything, only that they don’t. At least not in a general sense.

There are "universal" remotes (of course there are limitations to what they can do so not truly universal) that can replace your pile of single-device remotes with just one that does everything. The fancier ones let you create macros and customize the UI so you can do things like press "Watch TV" and your sound system is turned on, volume set at a reasonable default, screen turned on and set to the correct input, the input device turned on and whatever else you like. They’re pretty awesome if you have a home theater system 🙂

I try every day to write code that works and doesn’t rely on patches and updates to be made functional. I blame Agile Programming for the state we’re in today, where the motto seems to be "Minimum Viable Product (And We’ll Fix It Later)". Results in garbage, unreliable product and you only get one shot at a first impression.

Anonymous Coward says:

Re: Re: Re:6 no criminal "Act"

I blame Agile Programming for the state we’re in today,

What do you make of the way the Linux and its applications are developed then, as there is often less planning than involved with agile.?

To a large extent agile was an attempt to get out from under the heavy bureaucracy that controlled the waterfall method of development, but it got formalized and bureaucracy took over its running.

Also, when ,management is always chasing the new shiny, quickly written code to test an idea or requirement tend to become the code that is never cleaned up, but patched and patched because management see no benefit it cleaning up working code until it falls apart,

Anonymous Coward says:

Re: Re: Re:7 no criminal "Act"

Linux development is open source. Nothing gets into the kernel or drivers that isn’t vetted by experts or at least professionals in that area. The developers are held to a pretty high standard and the end result is typically fairly robust. Still, garbage gets through as it has for the whole history of software. There is no such thing as bug-free code.

The "Oooooo, shiny!" mentality in project management is what drives a lot if not most of the fail in software today. Few things are as disruptive to development as dropping what you’re doing to go work on something else. Sometimes it is justified, often it is not. Going back to pick up where you left off is a recipe for disaster, too.

At least as much software fail is created by terrible developers. The universities of the world are cranking out developers who don’t know what a "for loop" is. No shit, I interviewed a supposed Masters graduate with 7 years of experience who could not explain what a "for loop" was or how to list a directory on a Linux machine. These are the "developers of tomorrow". We’re in for a world of hurt.

Anonymous Coward says:

Re: Re: Re:6 no criminal "Act"

I blame Agile Programming for the state we’re in today, where the motto seems to be "Minimum Viable Product (And We’ll Fix It Later)"

LOL – yes!

Agile is huge joke for many in the software field, but now it seems to be spreading into other departments and they are not happy about it.
I had the privilege of attending the Sys Admin scrum for a while …. their user stories were a hoot!.

Sponge Bob says:

The US has declared is two tier oligarchical nature front and centre.

All information publishers, TD too, should be shuddering in their boots.

Assange attempts to, and fails, cracking a password hash in the effort of concealing the identity of the source as the source attempts to continue to gather information.

Yeah, lets prosecute that.

This is Evil.

Anonymous Coward says:

what the hell has happened to America? nothing is more important now than having the people be seen to be bad and the government and it’s legal teams be seen to be right! not quite sure what sort of society this is (authoritarian, totalitarian, dictatorship etc) but it sure as hell isn’t ‘Land of the free, home of the brave’ anymore! privacy and freedoms were most important and justice was always but now, making sure that the establishment is always the winner, regardless of how the people are affected has taken president! i wonder how long this can continue before there is serious backlash? maybe it wont happen but maybe things will become how they were in Germany and anyone who was suspected of wanting to rebel, of speaking against the government were rounded up in the dead of night, never to be heard of or from again!

Anonymous Coward says:

Re: Re:

"I think it’s a very good thing that the United States government is communicating that it may take a while to get to you, but if you violate our secrets, if you endanger our national security, if you put the country at risk, or if you put the word ‘shit’ in too many headlines, we’re going to come after you until we get you"

True for Assange, true for Manning, True For Techdirt.

Anonymous Coward says:

is it just an odd coincidence that Assange will be tried in the Alexandria Division of the Eastern District of Virginis? A place with a huge percentage of retired military and people who work in the military-industrial complex, to draw a jury pool from. A conviction rate of around 95%, and for people branded "enemies of the state" to sit in judgement in front of a likely jingoistic jury, perhaps much higher.

Actual charges don’t matter much when the court serves primarily as a rubber stamp for government authorities, as few people would want to risk their career and lucrative government pensions by daring to spit in the face of the US government by finding Assange not guilty.

Anonymous Coward says:

Re: Re:

I lived in Alexandria when I was a young man, commuted every day through the Pentagon and then took a bus back to my condo. It was the first time I saw with my own eyes how an old fat bald man could be escorted with 2 young beautiful sexy ladies if he was powerful enough in DC. It kind of set the tone of my whole professional career and retirement goals.

Yeah, Assange is cooked if he is tried there. You are absolutely right.

Anonymous Anonymous Coward (profile) says:

Too early to tell

I am gonna wait and see what evidence is presented to the court. That is if the DOJ doesn’t pull out that national security crap and claim everything they say is secret.

From the statements in the article, the accused used encrypted communications, deleted their conversations, removed identifying information, and supposedly tried and failed to unhash a hash. Is the DOJ claiming it broke the encryption, recovered the deleted conversations, restored identifying information, and have some evidence of who was re-hashing that hash? We won’t actually know until, and if, there is a trial that isn’t confabulated with ‘but this is too secret for the public to know’ bullshit.

Anonymous Coward says:

Re: Too early to tell

Allow me to clear up a misunderstanding before it becomes disinformation:

A hash such as that used in password security is a one-way calculation that takes the user’s password, sometimes also takes a server-side secret value, does a little math on it and results in what is effectively a gibberish and almost meaningless code. This is a one-way calculation. The hash value cannot be "un-hashed" or decrypted to arrive at the original password.

A hash is "cracked" by brute force. If you have the hash value AND you know the formula used to create the hash (there are several well-known methods of hashing) you can use what is known as a "dictionary attack" or simply use an alphanumeric-symbolic progression starting with "A" and and running to "****" until you get a hash result that matches your target. When you do you just might have the original password, countless combinations later. The range of possible inputs can be reduced if you also know the password rules for the target system, e.g. minimum length, minimum letters, numbers, special characters, etc.

There’s nothing high-tech about such a "crack" and I put the word crack in quotes for that reason. It’s child’s play, kind of a My First Crack kind of thing. It can take a very long time to find a match and even then, if you misunderstood the hashing algorithm in use by the target system then you’ve wasted your time because that target system will get a different hash for the input value you’ve come up with than you did.

You’re actually better off feeding your dictionary attack or character progression directly into the target system until it lets you in. But this is also why secure systems impose a limit on the number of failed logins that are allowed before locking out the target account.

Anonymous Anonymous Coward (profile) says:

Re: Re: Too early to tell

Thank you for that explanation. If I understand you correctly, unless there is a direct dictionary type attack on the computer you wish to enter or many attempts to use a presumed password (which in theory would create a log of the attempts), then all of these actions would be taking place on a second or third computer.

Then, unless the prosecutors have that second or third computer with logs or the actual computations attempted, how would they know if "…crack the password stored on the United States Department of Defense computers connected to the Secret Internet Protocol Network." it was actually attempted? Oh, and chain of custody intact, with nothing showing that the computer was used since that supposed attempt.

I am not presuming that you know the answer to this, I am questioning the statement by the DOJ that they have evidence that cracking the password was attempted, rather than mere accusation. Any thoughts?

Anonymous Coward says:

Re: Re: Re: Too early to tell

Hey, while you’re at it, how about solving this mystery: How does the government get access to lots of encrypted stuff on lots of people’s systems? Could it be that DES, Triple DES, AES and pretty much Everything That Has Been Open Source is already CRACKED?

Is that way Academics demand that Encryption be Open Sourced to be Valid? So the Government Can SPY ON US?


Anonymous Coward says:

Re: Re: Re:2 Too early to tell

Is that way Academics demand that Encryption be Open Sourced to be Valid? So the Government Can SPY ON US?

Uh, no. Not at all.

Open sourcing software allows other experts in the field to review what you’ve written and fix or illuminate bugs or other more serious problems. Open source is partly about making better software and partly about sharing for broader adoption.

Having the source to encryption software be open doesn’t make it more defeatable. Quite the opposite. The algorithms that have been "cracked" as you put it were simply too weak and vulnerable, flawed from the start. Thus new stronger ones are created with the learnings from those that have been compromised. All thanks to open source.

Anonymous Coward says:

Re: Re: Re:4 Too early to tell

Yeah, security via transparency is better. That makes perfect sense. Do you have a degree?

Tell me again how many security levels are used for government documents, and how many are transparent?

Is it true that the US Government depends on obscurity for the most classified material?

Or did I dream that?

Matthew Cline (profile) says:

Re: Re: Re:2 Too early to tell

Academics demand that the encryption algorithm be public; and implementation of the algorithm can be closed source. And the reason why academics want the algorithms to be public is that it’s very easy to make bad encryption algorithms, so ideally an algorithm should be vetted by as many people as possible to minimize the chance that there’s anything wrong with it.

Academics also see no point in keeping encryption algorithms secret, since security through obscurity won’t work: the government has enough resources to reverse engineer any secret encryption algorithm used, so keeping the algorithms secret doesn’t do any good.

Anonymous Coward says:

Re: Re: Re:

Can you prove that hashes are only one way?

You might be able to prove that hashes can overlap with each other, that is, that different original data can result in the same hash, but are you SURE there is NO WAY to narrow the reverse search using the hash value itself?

For ALL hashes?

I think not. Hashing is a general term, and many hashes can be reversed successfully.

Anonymous Coward says:

Re: Re: Re: Re:

"Can you prove that hashes are only one way?"

  • Please explain how you calculate the inverse of said hash

"hashes can overlap with each other, that is, that different original data can result in the same hash"

  • This is referred to as a collision.
  • For example, a bug in MD5 is capable of causing collisions

"narrow the reverse search using the hash value itself?"

  • You are talking about a brute force attack?

"many hashes can be reversed successfully."

  • Again – please explain in detail how you are capable of doing this, because if true you will be famous
Anonymous Coward says:

Re: Re: Re:

Ok, no gold star for me. I guess I called out this phrase because your other writing seemed so careful and correct, but then you went in a literary rather than mathematical direction in this key phrase. You do seem very knowledgeable. Maybe you could share your informed opinion.

Here’s a question – consider some hashing scheme of the type you are describing. And then consider the special case where the password being encrypted is the same length as the hash value that is stored.

I believe that if you consider the original password as a polynomial in some Galois Field space, there exists some matrix by which the transformation of the password to the hash value could be described. That is, assuming the hash is good at transforming the bits and not mapping many original values to the same has value (bad for security, I think you would agree), then there exists some table using some primitive polynomial that will accurately map the original value to the hashed value.

Then the question becomes is it possible to construct a reverse table (in this special case of the hash length being the same as the encoded password length) that will reliably make the trip back to the original value. Are you saying that in fact this is impossible, such a table cannot exist, or are you saying it is non-obvious to derive such a table.

There is a big different between saying something is hard to find and something cannot exist.

Anonymous Coward says:

Re: Re: Re:2 Re:

sigh who’s being a pedant?

Consider the case I gave you – the length of the hash value is the same length as the value being hashed.

From one point of view, this is one set of bits being mapped to another set of bits.

This type of mapping can be accomplished using Galois Fields, where the bits are viewed as either the coefficients or the values of a polynomial, and a square matrix the same dimension as the length of the hash (and the password) is used to compute the result of a matrix multiply.

With me so far? Map the original value to the hash value using a matrix based on standard GF operations.

Are you trying to say that such a matrix cannot exist? If such a matrix can exist, then are you saying that the inverse of that matrix cannot exist?

Anonymous Coward says:

Re: Re: Re:3 Re:

This article/post began discussing the Assange indictment story, a part of which involves attempting to crack a password. This can be accomplished in many ways.

The post also points to "The CFAA charge of trying to help hack a hashed CIA password ".

Assuming that standard operating systems and applications are being used here the hash function has no inverse.

It seems you are attempting to discuss some theoretical function. Why would you want your hash to be the same length as your password? That sees to be less secure – no? What is the cost/benefit analysis of your proposed method of hashing as I do not see any benefit at all.

Anonymous Coward says:

RICO laws were not written for the internet, but for a time when conspirators couldn’t just open up an internet chat. Applied literally to the internet, we’d have an exponentially higher number of cases because literally everyone can "conspire" now.

The court might wind up with a nonprecedential decision on this which says Assange crossed lines but most journalists do not.

Anonymous Coward says:

Stinky poop-smearing rapist Assange is headed to a torture cage. I just hope they livestream it so that I can sit back with a nice pinot noir and enjoy his screams of agony. No mercy. No pity. No release. Just pain, unending pain and humiliation forever.

That would be just and fair. It’s what he deserves.

That One Guy (profile) says:

Re: Re:

How’s that saying go? ‘It is better to be thought a repulsive, disgusting and vile example of a human being, than to post a comment in favor of hearing the screams of agony of another human being and remove all doubt.’

I mean, ever so infinitesimal points for at least being honest about how utterly disgusting a person you are, and doing so in public no less, that’s… something I guess?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »