UNITED STATES V. JULIAN PAUL ASSANGE
Total Page:16
File Type:pdf, Size:1020Kb
UNITED STATES v. JULIAN PAUL ASSANGE Clarification Statement of Christian Grothoff 1. I am Professor of Computer Science at the University of Applied Sciences in Bern. My main area of research is network security, including peer-to-peer networks and applied cryptography. I have a PhD from UCLA, was Assistant Professor at the University of Denver, and lead research groups in the area of network security at the Technical University of Munich and INRIA. 2. I was asked by the legal team of Julian Assange (Birnberg Peirce) to clarify some details about my previous statement to the court. 3. I have read Part 19 of the Criminal Procedure Rules relating to expert evidence and believe that my opinion is compliant with the rules. I understand that my duty as an expert witness is to try to help the court by providing objective analysis on matters within my expertise. 4. In points (11)-(14) I pointed out that the “xyz_z.gpg” file was publicly available via the file sharing system BitTorrent (for example in December via the well-known site https://thepiratebay.org/description.php?id=6040906) which due to its decentralized design makes it impossible for Wikileaks to limit its distribution. However, the file was available from multiple other sources, as anyone who downloaded it could easily republish the encrypted archive via other means. For example, https://twitter.com/p0bailey/status/13615673599070208 mentions that this archive was also downloadable via HTTP in December 2010. Thus, it was possible to download the encrypted archive from multiple sources independent of Wikileaks long before the disclosure of the passphrase in David Leigh’s book. 5. Many sites linked already in December 2010 to the various Wikileaks mirrors. For example, http://pittsburgh.indymedia.org/news/2010/12/36684.php lists a total of 800 mirrors, including the one at http://193.198.207.6/. So this archive was not obscure at the time when David Leigh published his book, but what the encrypted file in the archive contained was not known to the public. 6. In point (18) of my previous statement, I said that “at the time when the Wikileaks site republished the unredacted cables, the information was already easily available to any technically competent person, for example from the cryptome.org site”. To clarify, “technically competent” in this case involves being able to open a browser and entering the URL “cryptome.org” in to the URL bar and to unpack a compressed archive (which is a routine operation for Internet users, as compression is commonly used to reduce file size and thereby improve download speed on the Internet). 7. In adddition to the file being easily accessible via cryptome.org, http://cables.mrkva.eu/ provided an easily searchable Web version before Wikileaks made the archive available. 8. Making a version searchable on the Web also hardly changes how accessible the information is, as users who downloaded the archive could simply install Desktop search software – which was already widely available at the time (https://en.wikipedia.org/wiki/List_of_search_engines#Desktop_search_engines) – which enables anyone (with modest technical competency) to create a local search index after downloading and unpacking the archive. 9. In point (7) of my previous statement I mentioned that “cryptome.org and others report on the specific passphrase”. I want to clarify that the “cryptome.org” Web site was and is a rather well-known New York based Web site providing a curated library. Researching site popularity data, I found https://siterankdata.com/cryptome.org which reports that the cryptome.org site was consistently in the top 50,000 Web sites in the world in 2011-2014 (the site was turned off in 2014). For comparison, on July 10th 2011 Wikileaks.org had a ranking of 13,252 with (according to SiteRankData.com), while for the same day Cryptome.org had a ranking of 33,439. The New York Times cited cryptome.org as early as June 16th 2000 in an article. I asked a journalist to search LexisNexis, a press article index, for mentions for cryptome.org in the press. The journalist reported to me that there were 1385 mentions of the site in the press. According to genios.de, a similar service for German press articles, the German press alone cited cryptome.org before September 1st 2011 at least 69 times, with Süddeutsche Zeitung being the first major German newspaper referencing the site as early as December 1999. 10. The defense recently provided me with an excerpt from a FOIA response “Leopold et. al. v. NSA et. al. - Civil Action Number 1-15-cv-00999-APM” with a “Report of Investigation 2010-CID221-10117-5Y”. This report demonstrates that the US government itself obtained a copy of the unredacted and decrypted cable archive from the previously mentioned Pirate Bay mirror, an encrypted copy of the archive from the 193.198.207.6 mirror and the passphrase to decrypt the encrypted copy (from the book by David Leigh) at “about 0700, 1 Sep” of 2011. The US government was thus aware of several of the various public versions of the documents and the publication of the passphrase in David Leigh’s book before the Wikileaks publication. 11. In point (5) of my previous statement I mentioned that the “key required for decryption is fixed at the time of encryption”. To make clear, in contrast, the URL of the Web site used by Wikileaks to provide its media partners access to an encrypted copy of the full archive can be temporary (and was indeed eventually disabled, the exact date I could not determine): it is relatively easy to remove or change the URL of a Web site. However, the passphrase itself could not be temporary, as after an encrypted file has been published it is not possible to change the encryption key for copies of an encrypted file that has already been distributed to other parties. Thus, after the publication of the passphrase in David Leigh’s book, Wikileaks had no chance to change the passphrase on the encrypted file that was already copied by and in control of a multitude of unknown third parties. 12. In point (6) of my previous statement, I pointed out that “distributing the ciphertext via the Web site was a safe choice”. I want to clarify what this means with respect to the intent of the distributor. The distribution of encrypted files on the Internet without the intent of their contents ever becoming public is routine. Some banking protocols include the transmission of encrypted archives of private transaction records. Doctors, hospitals and laboratories use encryption to exchange private medical data over the Internet. In some cases, the files are encrypted only during transmission, but in other cases they are encrypted at rest when they are stored on disk. Many popular word processing formats (Microsoft Word, OpenOffice, Acrobat PDF) include passphrase encryption as a mechanism to enable sharing of confidential business documents over insecure channels (such as Web sites or plaintext e-mail). Uploading a properly encrypted file to the Internet does not make the contents available to the public. Thus, it makes no sense to consider the upload of an encrypted file as equivalent to publishing its (encrypted) contents. 13. I would also point out that disclosing such an encryption passphrase is never advisable, because of the possibility of the data transfer of the encrypted file being intercepted. Anyone who intercepted David Leigh’s transfer would have been able to decrypt the file, and in this case it would have been easy for them to figure out which data transfer the password decrypted. Thus, no information security professional should have deemed the disclosure of this passphrase to be safe, even without the knowledge of the existence of the many mirrors. Signed: _______________________ Christian Grothoff _______________________ Dated 8/20/2020 Phillip Bailey on Twitter: "ONLINE the 20GB wikileaks archive http://193.198.207.6/wikileaks/ #wikileaks #cablegate #imwikileaks" /… Tweet Phillip Bailey @p0bailey ONLINE the 20GB wikileaks archive http://193.198.207.6/wikileaks/ #wikileaks #cablegate #imwikileaks 3:26 PM · Dec 11, 2010 · Twitter Web Client 9 Retweets 1 Like Don’t miss what’s happening Log in Sign up People on Twitter are the first to know. https://twitter.com/p0bailey/status/13615673599070208 1/1 8/20/2020 Many ways to wikileaks : Pittsburgh Indymedia community-based, non-corporate, participatory media PGHIMC - Pittsburgh Independent Media Center Participate Publish make media participate subscribe chat About Contact Us Policies Mailing Lists Radio Video Publish! Calendar Search Many ways to wikileaks by General Joe and friends Monday, Dec. 06, 2010 at 4:15 AM Use the web addresses below to get to wikileaks. Some may not be active, but many will be. Now go get the information. The mainstream media would have you believe that there is nothing new or eye poping there. They always tell the truth don't they? A people as free as ours can rely on the media, can't we? But maybe you had better look, anyway. Send to friends,family, and beyond. Way beyond. General Joe WikiLeaks Mirrors! Good: 30 Outdated: 473 Down: 297 Total: 800 Please add your mirror. This site automatically checks mirrors for uptime and number of cables once an hour. Add New Mirror! URL Is mirror up? Number of Cables http://wikileaks.pepin.pl/ True 931 http://wikileaks.no-ip.co.uk/ True 931 http://wikileaks.lookante.net/ True 931 http://wikileaks.littledrummerboy.info/ True 931 http://wikileaks.liazo.fr/ True 931 http://wikileaks.karlesnine.com/ True 931 http://wikileaks.jbfavre.net True 931 http://e--u.eu