>The group's recent release of emails from the Democratic National Committee exposed things such as the credit card numbers, social security numbers and passport numbers of some donors -- putting them at risk of identity theft.
It is not like any of the people that wrote the information in the emails has any fault, right? It is not Wikileaks' job to save DNC's collective ass.
You put your donor's info in jeopardy - you are to blame. If there was common sense in the DNC - the leak would not have been possible.
Well, if we are talking about common sense. I should never make a payment transaction online. Never send personal details to doctors, freinds or family. Never provide information under nda to parties online.
This isnt a problem of common sense, this is a problem of encryption, who has access and how easy it is to force access. Saving emails could also prove things in the courts defensively if necessary
Never do it .. unless its encrypted. (Hint: you can do this pretty easily, if you learn how.)
Email is not, by default, encrypted. Anyone on any of the networks between the send and the recipient of any of those emails could have seen this data.
The security failure happened when the person composing the email typed in the data that should have been protected. People - especially people in power - need to realize that email is NOT private by default - it is by its very nature, an open and public line of transmission, and can be very, very easily intercepted by interested third parties.
So, lets stay focused on the real point where the security failure occurred: whoever typed the data in, in the first place, while composing their 'very important' emails ..
Your expecting people who have spent their lives climbing the political ladder and understanding / memorizing / interpreting law to then be able to know that their emails are viewable by a man in the middle or anyone able to read the harddrive?
If anything, this is a problem with their IT staff. Now that being said, the DNC may have not made it obvious that this was necessary and thats where the burden can rest. They knew that everything needed to be secure but either assumed incorrectly that it was encrypted or didnt want to inform IT that there are sensetive materials
>Your expecting people who have spent their lives climbing the political ladder and understanding / memorizing / interpreting law to then be able to know that their emails are viewable by a man in the middle or anyone able to read the harddrive?
Yes, indeed, I do expect that level of competence from people who aspire to govern the subject.
> Your expecting people who have spent their lives climbing the political ladder and understanding / memorizing / interpreting law to then be able to know that their emails are viewable by a man in the middle or anyone able to read the harddrive?
Yes, yes I do. It takes less than an hour to learn how to use pgp.
It takes less than a second to understand why you don't put passwords, credit card details or root passwords in email.
Is that so much to ask from the nation's Ivy League elite?
Some of that data was almost certainly sent encrypted. I'd be slightly surprised to find that their internal emails weren't encrypted at the transport layer. If they were using Exchange or even GApps, that'd be the default.
It looks like a few individual mailboxes were popped. So even with a secure network, the result would have been the same.
It's not Wikileaks' job to save the DNC, but they could claim more moral authority if they didn't so brazenly also play a role in disseminating donor financial information.
That's essentially what Snowden is saying. Go ahead and expose things worthy of exposure (by all means!), but doing so in a way that puts others at risk is irresponsible.
If your home gets broken into because the door was left unlocked, is the thief innocent because "you are to blame"? No. Sure, you bear some responsibility for not being more responsible and exercising better judgment; but you're not the one who committed the theft.
The problem is, the word 'theft'. There is no theft possible in an open protocol such as email. There is only interception and observation - which occurs inherently as a part of the way email is handled.
If the original author of the leaked emails had used encryption, none of this would matter. The fact that they chose not to encrypt the contents of the email, instead stupidly thinking that email was secure by nature (it most definitely is NOT), is the real issue here.
If I hear you shouting your social security number at the top of your voice to your friend across the room, its not my responsibility that your information is no longer secure or protected. Its yours, and yours alone.
The technological incompetence of the authors of DNC emails is the issue here, people. Do you really want someone running the country who can't even fathom the most basic, basic aspects of the technology that runs the world?
No, this is wrong from a legal standpoint, at least with US law and many EU laws as well. Ownership laws are fairly clear and have lots of precedent in regards to email, and there are also clearly defined cases of theft and violations of the CFAA.
Your analogy breaks down in that the leaks are are a result of a breach, most certainly a violation of CFAA. No current understanding of law shares your opinion that because it's an open protocol that you no longer have agency over the content. Security measures were put in place, though certainly not enough to prevent a major leak. Though I hate bringing in analogies, you're not more culpable for your house being broken into just because you don't have 6 cm steel shutters for all openings; it's certainly more secure, but illegal access is illegal access.
I say this next part not to be demeaning but to state an assumption of mine, but I'm going to assume you probably dislike the CFAA; I do as well, but to say there's no theft possible is a naive notion in the face of labyrinthine laws. The world has been dealing with email breaches since your average hacker got a home connection fast enough to move a few megabytes of data without timing out. The law's opinion on theft of email is incredibly different from your own.
>The law's opinion on theft of email is incredibly different from your own.
Fair enough. But since when was the DNC officially a part of the US Federal Government? Also, since when was Hillarys' personal email server covered by the same facet?
As an outsider looking in, it doesn't appear to me that CFAA applies: are the DNC computers exclusively for the use of the US Gov't? Was Hillarys' email server?
I think these are very interesting questions .. and I ask them in earnest, since I'm clearly naive about the CFAA (and thank you for making this point clear..)
CFAA applies to basically all computers in the US (technically it doesn't if no network traffic crosses state borders, but that seems hard to argue in the days of the internet), not just those under government control. The requirement is either government use or interstate communication, not both.
>Fair enough. But since when was the DNC officially a part of the US Federal Government?
U.S. Law (U.S. Code or "U.S.C.") doesn't just cover the government. It covers, well, the U.S. Were you thinking Constitutional Law, which limits the powers of the government?
The issue here is that the hackers are foreign. Had you compromised DNC (or RNC! or Goldman Sachs') servers and were an American, you can rest assured there'd be some not-so-friendly men in suits at your door.
It's one among a body of laws that makes black hat hacking and theft of private information illegal. That doesn't strike me as overreaching. I'd prefer that my computer (or my bank's servers) not be hacked – and that there be criminal laws in place to deter it. Just like how I should protect myself such that I'm not a victim of homicide... but I still appreciate homicide laws in place.
Sure, both I and the bank should have proper security protocols in place, but there should also be some criminal recourse for those who decide to commit such crimes.
>Everybody that has spent more than 3 hours on the internet already knows that everyone is out there to get you.
Yes, just like every adult knows thieves are out there to get to your valuables. It means you should secure them, sure, but that doesn't absolve them of guilt if/when they successfully steal based on your failure to store everything in an underground vault.
I understand the metaphor but its really disgusting that you have this kind of language on what should be a superior environment. Delete the comment or explain the metaphor in depth would be preferable over the caustic form its in right now. If I could downvote, I certainly would
The metaphor strikes me as somewhat self-explanatory. They could have done more to prevent it, sure, (just like a woman could avoid situations where rape is possible [I guess? I don't even think that's feasible]), but since the crime was committed against them, blaming the victim is just that: victim blaming.
It implies the only actor with agency in this scenario is the injured party. As though somehow the perpetrator was naturally bound to commit such an act – and is therefore absolved of guilt.
Exactly. It is victim blaming. But there is no need to bring in such a vision. When I come to this site I expect people to argue about macro politics, building scalable architectures and education. I dont expect to see an offhand comment relating an act on the political scale to someone being physically and emotionally abused.
Repeat from above: The whole point is that those personal details had nothing to do with the robbery, and leaking them had nothing to do with revealing the robbery.
I swear, hyperbole will be the death of us all this election season.
AFAIK, what has everyone so riled up is that DNC staffers were talking about how they could hypothetically spin their PR in favor of Clinton and against Sanders. That's somewhat troubling -- I can't say I blame them for not being totally supportive of someone who has shown so little loyalty to the Democratic party, but the tactics they proposed were pretty shady.
Be that as it may, it is miles and miles away from "rigging an election", and framing it as such is toxic to legitimate political discourse.
Moreover, this is what political parties do! They try to influence elections; they don't rig them such that votes aren't counted, like some banana republic. (Sanders supporters will no doubt point out some voting anomalies, which ought to be clarified, though Sanders was still trounced in every measure of support; from delegates to popular votes, etc. etc.)
Just look at the RNC and their attempts to interdict Trump's rise. Now that he's the nominee, they have no choice but to throw their money behind him (though support-wise, many other prominent Republicans are still holding out).
The DNC has largely treated Bernie the same way the RNC has treated Trump. If you're the DNC, responsible for electing Democrats up and down the ticket, who are you going to support: someone who's spent a few decades raising money on behalf of/campaigning with other democrats (not out of altruism, of course, but still)? Or someone who joined the party a year ago for the sake of having a major party's megaphone during election season?
The situation is even more stark on the other side. Trump wrote checks to Democrats before "coming out" as a birther in 2012.
And yet, in the case of the Republican party, the primary voters chose Trump. In the Democrats' case, Hillary. Both attempted to throw their weight around – because that's their job. And it's very distinct from "throwing" or "rigging" an election.
But isn't the complaint more akin to complaining that the bank revealed the individual account balance for its customers? It shouldn't be necessary to do that to prove the bank was robbed.
Since the furor is over HRC's campaign being bought by wealthy interests and conspiring with the DNC to beat Bernie, outing her donors does serve the public interest, though I'd argue they probably should have blanked out the CC numbers. Then again I don't know what the context is - if they were freely emailing CC numbers that's gross negligence, and on the DNC.
Sorry Dan, I actually made a mistake - I was trying to respond to https://news.ycombinator.com/item?id=12197796 from my mobile but somehow the comment came out at top level. Thanks for detaching it (it even didn't make sense like that...).
Yes, when comments break the site guidelines, we often detach the resulting subthreads from their original parent and mark them off-topic so they fall to the bottom of the page.
Your comment broke the site guidelines by taking an already-divisive topic in an even more inflammatory direction. There's no way that a rape-victim-blaming analogy (especially one casually tossed in, as you did) can possibly improve a discussion like this either in civility or substantiveness, which are the two things we care about.
I really don't understand what sense does it make to leave the comment still visible to new readers, but out of context - if it is offensive then more people are going to read it and get offended, and without context it just doesn't make sense. Unless the idea is to use this as a form of shaming.
I managed a political online forum for a couple years, and IMHO it's much more correct to just remove or detach the thread so that it's not visible in the original discussion. Just my two cents.
From:kaplanj@dnc.org
To: RangappaA@dnc.org
Date: 2015-09-22 13:29
Subject: Re: WaPo Party
Great - we were never going to list since the lawyers told us we cannot do it.
We are waiting
===
They aren’t going to give us a price per ticket and do not want their party to be listed in any package we are selling to donors. If we let them know we have donors in town who will be at the debate, we can add them to the list for the party.
This is really illustrative of the motivations of Snowden VS Wikileaks. Wikileaks was founded under the idea that you could disrupt governments by leaking their private data so that they become so paranoid that they can't function. Thats why they don't do any curation.
Snowden's motivation is to reform the Intelligence Organizations in the United States. Thats why he supports curation and attempted to make the information that he leaked only have the information to reform.
It's not nice, but if those people get harassed, then that'll put more pressure on the parties. So it still helps the goal of making it hard for government orgs to operate.
Yeah, and if some Republican's daughter gets an abortion, we should totally publish her medical records to prove he's a hypocrite. Maybe next time she'll choose a better father.
If Wikileaks believe an organisation is bad, they would of course also think that the supporters of this organisation (the donors in this case) are bad. We can argue whether their initial belief is appropriate or not, but their actions appear to be consistent.
DNC policies affects way more people in the world that they should (innocent people in Syria and Libia, for example), so I see the leak as a problem that DNC is responsible, not the "leaker".
>Wikileaks was founded under the idea that you could disrupt governments by leaking their private data so that they become so paranoid that they can't function.
Except for Russia and China, for some reason (clearly not for the lack of leaks).
I'm amazed anything that's slightest pro-hillary gets so much attention but nobody talks about how she's paying $6M quarterly to manipulate votes on Reddit
Even though I think, Snowden is on the right here, lets not kid ourselves, they using Snowden right now to trash Wikileaks, anyone remember when Snowden leaks came out, he was a russian spy, who apparently went to Russia by himself and dumped American intelligence documents to them.
now according to most mainstream publications Wikileaks are shill for Putin, cold war era rhetoric in 2016.
Big media outlets and the DNC? CNN even had their frontpage with Trump and Putin pictures side by side saying "Russia Helping Trump?" The actual story was more clear that it was just someone in a campaign accusing Russia. But the headline and setup was obviously intended to convey a different idea.
It's illuminating that this isn't framed as Snowden vs. Assange. Certainly if they could frame it that way for their juicy story, they would.
We don't know (at least here on HN) who personally posted that reply on the WikiLeaks Twitter feed. It seems reasonable to assume that there are internal differences today just as there were a few years ago when Assange publicly battled a top ex-WikiLeaker, among other conflicts.
72 comments
[ 3.9 ms ] story [ 149 ms ] threadIt is not like any of the people that wrote the information in the emails has any fault, right? It is not Wikileaks' job to save DNC's collective ass.
You put your donor's info in jeopardy - you are to blame. If there was common sense in the DNC - the leak would not have been possible.
This isnt a problem of common sense, this is a problem of encryption, who has access and how easy it is to force access. Saving emails could also prove things in the courts defensively if necessary
Email is not, by default, encrypted. Anyone on any of the networks between the send and the recipient of any of those emails could have seen this data.
The security failure happened when the person composing the email typed in the data that should have been protected. People - especially people in power - need to realize that email is NOT private by default - it is by its very nature, an open and public line of transmission, and can be very, very easily intercepted by interested third parties.
So, lets stay focused on the real point where the security failure occurred: whoever typed the data in, in the first place, while composing their 'very important' emails ..
If anything, this is a problem with their IT staff. Now that being said, the DNC may have not made it obvious that this was necessary and thats where the burden can rest. They knew that everything needed to be secure but either assumed incorrectly that it was encrypted or didnt want to inform IT that there are sensetive materials
Yes, indeed, I do expect that level of competence from people who aspire to govern the subject.
Yes, yes I do. It takes less than an hour to learn how to use pgp.
It takes less than a second to understand why you don't put passwords, credit card details or root passwords in email.
Is that so much to ask from the nation's Ivy League elite?
It looks like a few individual mailboxes were popped. So even with a secure network, the result would have been the same.
That's essentially what Snowden is saying. Go ahead and expose things worthy of exposure (by all means!), but doing so in a way that puts others at risk is irresponsible.
If your home gets broken into because the door was left unlocked, is the thief innocent because "you are to blame"? No. Sure, you bear some responsibility for not being more responsible and exercising better judgment; but you're not the one who committed the theft.
If the original author of the leaked emails had used encryption, none of this would matter. The fact that they chose not to encrypt the contents of the email, instead stupidly thinking that email was secure by nature (it most definitely is NOT), is the real issue here.
If I hear you shouting your social security number at the top of your voice to your friend across the room, its not my responsibility that your information is no longer secure or protected. Its yours, and yours alone.
The technological incompetence of the authors of DNC emails is the issue here, people. Do you really want someone running the country who can't even fathom the most basic, basic aspects of the technology that runs the world?
Your analogy breaks down in that the leaks are are a result of a breach, most certainly a violation of CFAA. No current understanding of law shares your opinion that because it's an open protocol that you no longer have agency over the content. Security measures were put in place, though certainly not enough to prevent a major leak. Though I hate bringing in analogies, you're not more culpable for your house being broken into just because you don't have 6 cm steel shutters for all openings; it's certainly more secure, but illegal access is illegal access.
I say this next part not to be demeaning but to state an assumption of mine, but I'm going to assume you probably dislike the CFAA; I do as well, but to say there's no theft possible is a naive notion in the face of labyrinthine laws. The world has been dealing with email breaches since your average hacker got a home connection fast enough to move a few megabytes of data without timing out. The law's opinion on theft of email is incredibly different from your own.
Fair enough. But since when was the DNC officially a part of the US Federal Government? Also, since when was Hillarys' personal email server covered by the same facet?
As an outsider looking in, it doesn't appear to me that CFAA applies: are the DNC computers exclusively for the use of the US Gov't? Was Hillarys' email server?
I think these are very interesting questions .. and I ask them in earnest, since I'm clearly naive about the CFAA (and thank you for making this point clear..)
U.S. Law (U.S. Code or "U.S.C.") doesn't just cover the government. It covers, well, the U.S. Were you thinking Constitutional Law, which limits the powers of the government?
The issue here is that the hackers are foreign. Had you compromised DNC (or RNC! or Goldman Sachs') servers and were an American, you can rest assured there'd be some not-so-friendly men in suits at your door.
It's one among a body of laws that makes black hat hacking and theft of private information illegal. That doesn't strike me as overreaching. I'd prefer that my computer (or my bank's servers) not be hacked – and that there be criminal laws in place to deter it. Just like how I should protect myself such that I'm not a victim of homicide... but I still appreciate homicide laws in place.
Sure, both I and the bank should have proper security protocols in place, but there should also be some criminal recourse for those who decide to commit such crimes.
Everybody that has spent more than 3 hours on the internet already knows that everyone is out there to get you.
Yes, just like every adult knows thieves are out there to get to your valuables. It means you should secure them, sure, but that doesn't absolve them of guilt if/when they successfully steal based on your failure to store everything in an underground vault.
no, really, no. This is exactly like blaming a woman who was raped because of how she dressed.
It implies the only actor with agency in this scenario is the injured party. As though somehow the perpetrator was naturally bound to commit such an act – and is therefore absolved of guilt.
You can't throw an election and then pretend to be the victim when you get caught.
[thinking face emoji]
AFAIK, what has everyone so riled up is that DNC staffers were talking about how they could hypothetically spin their PR in favor of Clinton and against Sanders. That's somewhat troubling -- I can't say I blame them for not being totally supportive of someone who has shown so little loyalty to the Democratic party, but the tactics they proposed were pretty shady.
Be that as it may, it is miles and miles away from "rigging an election", and framing it as such is toxic to legitimate political discourse.
Moreover, this is what political parties do! They try to influence elections; they don't rig them such that votes aren't counted, like some banana republic. (Sanders supporters will no doubt point out some voting anomalies, which ought to be clarified, though Sanders was still trounced in every measure of support; from delegates to popular votes, etc. etc.)
Just look at the RNC and their attempts to interdict Trump's rise. Now that he's the nominee, they have no choice but to throw their money behind him (though support-wise, many other prominent Republicans are still holding out).
The DNC has largely treated Bernie the same way the RNC has treated Trump. If you're the DNC, responsible for electing Democrats up and down the ticket, who are you going to support: someone who's spent a few decades raising money on behalf of/campaigning with other democrats (not out of altruism, of course, but still)? Or someone who joined the party a year ago for the sake of having a major party's megaphone during election season?
The situation is even more stark on the other side. Trump wrote checks to Democrats before "coming out" as a birther in 2012.
And yet, in the case of the Republican party, the primary voters chose Trump. In the Democrats' case, Hillary. Both attempted to throw their weight around – because that's their job. And it's very distinct from "throwing" or "rigging" an election.
Instead we're blaming the security cameras for revealing who robbed said bank because the bank robbers are our buddies.
Since the furor is over HRC's campaign being bought by wealthy interests and conspiring with the DNC to beat Bernie, outing her donors does serve the public interest, though I'd argue they probably should have blanked out the CC numbers. Then again I don't know what the context is - if they were freely emailing CC numbers that's gross negligence, and on the DNC.
We detached this subthread from https://news.ycombinator.com/item?id=12197796 and marked it off-topic.
confused
Your comment broke the site guidelines by taking an already-divisive topic in an even more inflammatory direction. There's no way that a rape-victim-blaming analogy (especially one casually tossed in, as you did) can possibly improve a discussion like this either in civility or substantiveness, which are the two things we care about.
I managed a political online forum for a couple years, and IMHO it's much more correct to just remove or detach the thread so that it's not visible in the original discussion. Just my two cents.
That's why we include the context by linking to it.
OK I get it now. Still don't find this system ideal, but at least I get it now.
https://wikileaks.org/dnc-emails/emailid/2699
===
From:kaplanj@dnc.org To: RangappaA@dnc.org Date: 2015-09-22 13:29 Subject: Re: WaPo Party
Great - we were never going to list since the lawyers told us we cannot do it.
We are waiting
===
They aren’t going to give us a price per ticket and do not want their party to be listed in any package we are selling to donors. If we let them know we have donors in town who will be at the debate, we can add them to the list for the party.
Snowden's motivation is to reform the Intelligence Organizations in the United States. Thats why he supports curation and attempted to make the information that he leaked only have the information to reform.
http://cryptome.org/0002/ja-conspiracies.pdf
Sure, that will be lovely
Just remember what might happen if firefighters, police, CDC, FAA, FDA have trouble operating
Same goes for undercover agents whose very life depends on such confidentiality.
Except for Russia and China, for some reason (clearly not for the lack of leaks).
now according to most mainstream publications Wikileaks are shill for Putin, cold war era rhetoric in 2016.
http://www.latimes.com/nation/politics/trailguide/la-na-trai...
http://edition.cnn.com/2016/07/24/politics/robby-mook-russia...
We don't know (at least here on HN) who personally posted that reply on the WikiLeaks Twitter feed. It seems reasonable to assume that there are internal differences today just as there were a few years ago when Assange publicly battled a top ex-WikiLeaker, among other conflicts.
https://en.wikipedia.org/wiki/WikiLeaks#Defections
So what is "WikiLeaks" to us aside from the material they produce?
Aside from that, as has been pointed out, different legitimate tactics can serve different legitimate goals, and in different strategic contexts.