back to article Snowden journo's boyfriend 'had crypto key for thumb-drive files written down' - cops

Journalists and their associates involved in the Edward Snowden NSA leaks affair followed almost unbelievably poor security practices while handling top-secret government files, according to a statement made in court by a British official today. The hearing was looking into the case of David Miranda, the partner of journalist …

COMMENTS

This topic is closed for new posts.
  1. disgruntled yank

    Write me down a mule

    Not wise, but it seems a bit much for the intelligence agencies to beef about someone else's security discipline.

    1. AndrueC Silver badge
      Joke

      Re: Write me down a mule

      Yeah, it's not like he left it on a bus or anything.

      1. Anonymous Coward
        Anonymous Coward

        Re: Write me down a mule

        After forcing down the plane of a head of state over Europe; I don't believe anything they say. "He was carrying hologrammatic child porn; terroristic plans for orphanages; and the passwords he carried unlocked the secret to undoing YOUR way of life".

        Meh.

        1. Matt Bryant Silver badge
          FAIL

          Re: moiety Re: Write me down a mule

          "After forcing down the plane of a head of state over Europe....." Sorry to correct your hysterical shrieking but no such event happened. The Bolivian aircraft was merely refused permission to cross airspace, then was requested to submit to a passenger check. The Bolivians could have refused and returned to Russia but needed to refuel, but no-one was "forced down". Please do try to keep at least one foot in reality whilst bleating.

          1. Yet Another Anonymous coward Silver badge

            Re: moiety Write me down a mule

            So if say Canada merely refused permission for any flights to the US to enter it's airspace - leaving Americans only able to fly to S.E. Asia - that would be merely an adminsitrative matter?

            1. Matt Bryant Silver badge
              Boffin

              Re: YAAC Re: moiety Write me down a mule

              "So if say Canada merely refused permission for any flights to the US to enter it's airspace....." Yes, Canada has complete sovereinty of its airspace so it is within the rights of the Canadian government to close their airpsace to US flights. But diplomaticy they would need to supply a reason for doing so. In the case of Morale's aircraft, it was because he was suspected of transporting a person not on the passenger manifest, which is in breach of the Chicago Convention. Rather than go for a request for a search, France and Spain seem to have taken the slightly less diplomaticly upsetting refusal for overflight, as is their right. Austria simply added the request that if the Bolivian aircraft landed to refuel then the Austrians would exercise their right to check the manifest against the actual people on the aircraft. Morales could have refused and returned to Russia but decided to accept the Austrian request.

    2. Matt Bryant Silver badge
      Facepalm

      Re: disgruntled yank Re: Write me down a mule

      "....it seems a bit much for the intelligence agencies to beef about someone else's security discipline." Actually, the files in question seem to have come from Snowden, and he was a contract employee of the NSA, not GCHQ, so a Yank security problem, thank you.

  2. Anonymous Coward
    Anonymous Coward

    Ouch!

    Still, given what's going on, one imagines that they will learn from their mistakes quite quickly; maybe the guardian should invest in hiring an amazingly paranoid InfoSec adviser.

    Still, given that these documents are almost certainly the contents of the latest wiki leaks insurance file, the possibility remains open that all of the information will be released to the public sooner or later no matter what they do - intimidation and accusations of criminality only increase the likelihood of this happening more quickly, as would any attempt to extradite/render Snowden or anyone connected with him against their will.

    1. Brangdon

      Guardian learning?

      They apparently didn't learn anything from the last time. It was a Guardian journalist who published the password to 250,000 unredacted US government cables.

      Admittedly he didn't know the password for his file would unlock the "insurance" file, and WikiLeaks are at fault for reusing passwords (another basic fail), but he shouldn't have published the password anyway. Just knowing the general form that WikiLeaks uses (eg, that it contained a date in verbose format), would help someone trying to crack other WikiLeaks files. (See http://www.wikileaks.org/Guardian-journalist-negligently.html.)

      Whether this justifies the interference with the press is another matter.

      1. 142
        Stop

        Re: Guardian learning?

        Brangon: Source for your statement that the previous password leak was the password for the insurance file?

      2. Anonymous Coward
        Anonymous Coward

        Re: Guardian learning?

        My understanding was that the Guardian journalist published his WikiLeaks password because he assumed for some reason that his access was short-term and that they had deleted his account. I don't believe that WikiLeaks was at fault or had lax security.

      3. Matt Bryant Silver badge
        Stop

        Re: Brangdon Re: Guardian learning?

        ".....Whether this justifies the interference with the press is another matter." Whilst you're right about both the Guardian journos and Dickileaks making far too many assumptions around security (and it the Guardian's case seemingly pretty uninformed about simple tech like zipped files), I would have to point out that Mr Miranda was not a Guardian employee nor a registered journalist, so no "interference with the press" took place.

  3. Anonymous Coward
    Anonymous Coward

    Highly sensitive UK documents? Really?

    Well, I suppose those thumb drives now have whatever the government says was on those thumb drives. However, since Snowden primarily leaked NSA documents, you can paint me sceptical.

    My spider senses are telling me there's a stitch up in progress. Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history).

    Anon, because I just know the honourable peeps at El Reg can be trusted not to leak my identify.

    1. gazthejourno (Written by Reg staff)

      Re: Highly sensitive UK documents? Really?

      Right y'are there Bob!

      (wait a sec...)

      1. Sir Runcible Spoon

        Re: Highly sensitive UK documents? Really?

        " "highly classified UK intelligence documents"."

        This is the bit that's really confusing me. The Uk Gov keep going on about how Snowden has all these top security uk documents, but didn't he just dump a large part of the NSA database?

        At what point did he access UK GCHQ servers?

        This all smells to high heaven, and I personally think that the uk spooks just wanted to know what the US spooks knew about them (they don't tell each other *everything* obviously).

        As a bonus they get loads of US-centric stuff too to boost their own intel. All the while they are dressing this up as some kind of crime by Snowden against the UK. They haven't said that exactly, but that seems to be the impression they are trying to portray.

        1. Chris Miller

          @Sir Runcible

          The UK and US (and Canada, Australia and New Zealand) have long-standing arrangements to share much* of their intelligence information. So it's perfectly possible that NSA databases would contain sensitive UK material.

          * Not everything, of course, material may be marked as NOFORN (at least, in the US where they're public about their security classification) - often stuff that says rude things about partner governments or intelligence services :)

        2. jonathanb Silver badge

          Re: Highly sensitive UK documents? Really?

          GCHQ and the NSA aren't allowed to spy on their own citizens, so they spy on each other's citizens and exchange the information they receive. That's why the top secret uk documents would be on the NSA server.

          1. Scorchio!!
            Thumb Up

            Re: Highly sensitive UK documents? Really?

            Correct. In brief, when Margaret Thatcher wanted a couple of her senior ministers checked out for suspect associations, she passed the job on to either the Americans or the Canadians. I think the latter, but can't be sure. Dammit, I have to say it; Echelon is one of the facilities at work here, but no one seems to worry about it.

            Oh that's better. Almost as good as a man dump. Now for a post work shower.

        3. RobHib

          @Sir Runcible -- Re: Highly sensitive UK documents? Really?

          I'd reckon Chris Miller is correct. Remember this League of Gentlemen has been swapping vigorously since at least WWII. (Governments have even said so from time to time.)

    2. TopOnePercent
      Thumb Up

      Re: Highly sensitive UK documents? Really?

      "Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history)."

      One can live in hope that its forced out of existence ASAP. Its a hopless comic for communists with all the journalistic integrity of a teenage girls blog. I'm constantly amazed that its readers don't comprehend its being the left wing Dail Mail.

      1. Brewster's Angle Grinder Silver badge

        Re: Highly sensitive UK documents? Really?

        El Graun is a "...a hopless comic for communists with all the journalistic integrity of a teenage girls blog."

        In fairness, 50% of their content is the blogs of teenage girls who've grown up.

        1. jonathanb Silver badge

          Re: Highly sensitive UK documents? Really?

          And 98% of El Reg is from teenage boys who have grown up. Doesn't really tell you anything other than they are about 50% female.

          1. Yet Another Anonymous coward Silver badge

            Re: Highly sensitive UK documents? Really?

            >And 98% of El Reg is from teenage boys who have grown up

            haven't

      2. Former KowloonTonger
        Childcatcher

        Re: Highly sensitive UK documents? Really?

        Not only that, but a general scan of the comments here indicate electric-Pavlovian-knee-jerk supportive comments of each other, all trying to be witty [while remaining ....generally unwitting...gotcha!..]

        It's my guess that they're all quite young and have never had any real hands-on responsibility for much of anything.

        When was the last time they posted pics of their genitals on the Internet?

        Kiddies! Share your awesomeness! Here!

        Mo'! Commenters! Are! Standin'! By!

      3. Yet Another Commentard

        Re: Highly sensitive UK documents? Really?

        "Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history)."

        Sadly given its recent financial performance and insistence on throwing more and more money at the loss making online edition it may well do this to itself.

  4. Oliver Mayes

    "very poor information security practice"

    This, coming from a government who refuse to use any form of encryption themselves?

    A government who repeatedly leave huge quantities of sensitive information on trains, taxis, park benches, public bins?

    1. John G Imrie

      Re: "very poor information security practice"

      A government who repeatedly leave huge quantities of sensitive information on trains, taxis, park benches, public bins?

      Well yes, they've had a lot of practice and know what they are talking about :-)

    2. Scorchio!!

      Re: "very poor information security practice"

      Wasn't that under Labour? Mind you, it's happened so often that keeping records is difficult. However, the reason why we know so much is the speed and pervasiveness of digital news gathering and reporting. In the past it was a 'dark figure'.

  5. Dan 55 Silver badge
    Black Helicopters

    It was formatted with TrueCrypt...

    ... so there's always the possibility of a hidden volume or two. They might have found enough to keep them happy and let him go but not everything.

    1. wowfood

      Re: It was formatted with TrueCrypt...

      Well they did say the password unlocked a portion of the documents. Quite possible there was a hidden partition with the remaining docs locked away still. Miranda wouldn't even need to be aware of it. In his knowledge he gave them the password to the information.

  6. JimmyPage Silver badge
    Facepalm

    .

    See icon ->

  7. Tom Wood

    Pot, meet kettle

    et cetera

  8. Michael H.F. Wilkinson Silver badge
    Facepalm

    Crypto key written down!!!!!!!

    Crypto key written down!!!!!!!

    ID 10T error code

  9. Pen-y-gors

    Windscale is now Sellafield

    Special Branch is now 'Counter Terrorism', to justify giving it excessive powers which they will then still manage to abuse.

    Next week the traffic wardens will be renamed "Directorate of Anti-Paedophile Operations"

    1. a cynic writes...

      Re: Windscale is now Sellafield

      It has been since 2006. Originally it was the Special Irish Branch until they decided it wasn't just the Fenians they wanted to keep an eye on.

  10. Magnus_Pym

    Passwords or Jail

    Given that if you must hand over passwords when requested under threat of immediate imprisonment, (and possibly Gitmo if they think what you are hiding is dangerous enough) and that covers ANY password on any device you have or own. I think I might take precautions against forgetting the odd password.

    1. DrXym

      Re: Passwords or Jail

      I wonder why they even need a mule. There are so many places that documents can be dumped, and if they were signed and encrypted, then the recipient could be sure they had not been read or tampered with.

      And even if they did use a mule they should give the mule the passphrase. And if they had to give him a passphrase, it should be to a shadow file which contains plausibly sensitive but harmless information while keeping the real data safe.

    2. vagabondo

      Re: Passwords or Jail

      > if they think what you are hiding is dangerous enough

      s/dangerous/embarrassing/

  11. Anonymous Coward
    Anonymous Coward

    "It will not escape Reg readers' consideration that while the Guardian's security may have been poor, it was the US and UK governments' security regimes which allowed the information to escape in the first place."

    Bingo. And unlike some mule and friend/partner of a newspaper journalist, the people surrounding the initial leaks are professionals in data security. Or supposed to be anyway.

    On top of that it's foolish to believe that the some 58,000 documents do not exist anywhere else. And they certainly have never been stored on the graphics card in the picture published by the Guardian re destruction of data....

    Assuming that digital data is gone once destroyed/seized is mid-20th century logic.

    Seriously, who are the governments and authorities trying to fool.... their own "actors" (aka officials, MPs and up)?

  12. Anonymous Coward
    FAIL

    B*llocks!

    Detained under anti-terrorism law and now criminal charges? He "had" the key write down on a piece of paper? They found "highly sensitive information"? WTF?? The UK and the rest of the world really need a Vendetta!

  13. Thomas 4

    Does it actually matter?

    They collared the guy before knowing anything about what he was carrying or how well protected it was. 9 hours being interrogated by spooks was going to cough a password either way, whether it had been written down or not.

    If it had been written down and the password was immediately available, why the need to hold him for 9 hours?

    1. John 62

      Re: Does it actually matter?

      Apparently he spent 8 of those 9 hours waiting for his lawyer, not being questioned.

      1. Anonymous Coward
        Anonymous Coward

        Re: Does it actually matter?

        "Apparently he spent 8 of those 9 hours waiting for his lawyer, not being questioned."

        Nope, he was flat-out denied legal counsel immediately, which is possible because he was in the legal no-man's-land of an international airport terminal.

        1. Anonymous Coward
          Anonymous Coward

          Re: Does it actually matter?

          As I understood it, I think this came from Radio 4 news, he was offered legal representation as soon as he was arrested, but turned it down in preference for his personal lawyer.

      2. Bobthe2nd
        WTF?

        Re: Does it actually matter?

        "Apparently he spent 8 of those 9 hours waiting for his lawyer, not being questioned."

        I thought part of the "terrorism" act meant you didnt get access to a lawyer unless you were charged?

    2. Anonymous Coward
      Anonymous Coward

      Re: Does it actually matter?

      I think it looks like a targeted arrest, I don't believe they should have used anti-terror laws, but it does appear that Miranda had a whole load of classified documents. It doesn't matter if other people have them as well, he had them. I'm only surprised that he was allowed to proceed as he was obviously being used as a courier for classified information.

      In other comments: Who the hell sends their partner with classified material through an airport, they must have realised that the Police would want to have a chat with him as he'd be a prime suspect.

      1. oolor

        Re: other comments

        >Who the hell sends their partner with classified material through an airport

        Someone trying to bait the powers that be into doing something pointless and dumb. It has been heavily speculated on Schneier's blog comments section that this was indeed the case, what with Greenwald releasing a little info, the spies scrambling to 'explain', Greenwald then shows how the 'explanation' is false with more evidence, cycle repeats.

        Classic trolling, just give them more rope, they will invariably tie a noose. Hopefully if they get enough rope the head will just pop off when the trap door opens.

    3. RobHib

      @Thomas 4 -- Re: Does it actually matter?

      And I've probably capitulated in the circumstances.

      But if I'd have been the mule, as would anyone with any sense, I'd have isolated myself from the encryption and password process then I could genuinely claim that I wasn't lying. What's more, I could even give particulars and they'd be little the wiser and no closer to the docs.

      ...And why didn't he (or others) send the stuff electronically beforehand (so there was nothing to intercept)? Also, why did he go via the U.K. anyway?

      Essentially, Miranda is a fool or awfully naive.

      If Miranda is not a fool then perhaps we're all being fed a fairytale and actual events are quite different.

      1. Andy Mc

        Re: @Thomas 4 -- Does it actually matter?

        The whole not knowing the encryption key thing doesn't help you if the security services believe otherwise... How can you prove you don't know it?

        1. Matt Bryant Silver badge
          Go

          Re Andy Mc Re: @Thomas 4 -- Does it actually matter?

          "The whole not knowing the encryption key thing doesn't help you if the security services believe otherwise...." Indeed, the law states you have to provide the key, and is not conditional that you are the originator or that you know it yourself, so if the encryption has been done by others you still have to convince those others to hand over the key or suffer the consequences yourself.

          1. RobHib

            @Matt Bryant - Re: Re Andy Mc @Thomas 4 -- Does it actually matter?

            Correct, but there have been many martyrs throughout history.

            The fact remains that the security services are still left without the key. Even torture won't help them (expect to make them feel better of course).

            1. Matt Bryant Silver badge
              WTF?

              Re: RobHib Re: @Matt Bryant - Re Andy Mc @Thomas 4 -- Does it actually matter?

              "....there have been many martyrs throughout history....." Que? If you seriously believe Greenwald and co have any interest in martyrdom then I have some prime Florida river-side real estate to sell you! Greenwald's motivations are a lot more basic and monetary.

              ".....The fact remains that the security services are still left without the key....." So what? The prime aim is to stop the transfer of secret docs, so locking up all the people involved goes a long way towards that. It's also a powerful disincentive to others. You are forgetting that the NSA and GCHQ already know what's in the docs since they are their docs, what they want is to track down and arrest the people involved in stealing and distributing said docs. Tracking coms between them tells them all they need to know (conspirators' identities) without the need to decrypt docs. Once they then arrest (or stop under Schedule 7) a conspirator they can root through hiis or her data at their leisure. The ability to decrypt even a little of the docs for court evidence is a bonus, otherwise the authorities will settle for sending them to prison for several years at a time in repeat cycles until they do give up any keys. I bet the FBI are quite jealous of the UK police powers.

              ".....Even torture won't help them (expect to make them feel better of course)." Why do they need to torture anyone? It's kinda hard to be "an international journalist/film-maker/toyboy, tirelessly fighting the fight for the right" when you're locked up at HMG's pleasure.

  14. Tom7

    Honestly? How hard is this?

    1. Generate public-private key pair.

    2. Write down the public key and take it to Germany. Or put it on a web site. Whatever.

    3. Encrypt the data using the public key.

    4. Transfer the data to the thumb drive.

    5. Carry the thumb drive back to Brazil.

    6. Get held at Heathrow but don't disclose the decryption key because YOU DON'T HAVE IT.

    1. chris lively

      Re: Honestly? How hard is this?

      I had a similar thought. Sending both the encrypted files along the same route as the decryption key was a bad choice.

      It would have been trivial to use the regular postal mail to send the thumb drive to the guardian. It would have also be trivial to send the decryption key that way. Neither of which would have been jacked with.

      OR you could have sent 2 reporters in. One to get the decryption key and another to get the drive.

      The reporters on this are showing that they still have no clue what security is.

      1. Adam 1
        Coat

        Re: Honestly? How hard is this?

        From what I understand, UK has laws that give you a choice between jail and handing over the password. All of these fancy measures of not carrying the private key or sending the key and data with different reporters doesn't get around this.

        The reporters may well not understand security, or maybe the revealed password was just the decoy volume of a hidden truecrypt operating system (see http://www.truecrypt.org/docs/hidden-volume). The mule need not even have known about this; one or two believable files in the outer volume that would explain the need for its encryption.

        ... and this way they get to post about the day their office got trashed.

        Mine's the one with the mobile phone that definitely doesn't have a micro SD card inside it where these files could have been hidden had they not wanted this trouble.

        1. Anonymous Coward
          Anonymous Coward

          Re: Honestly? How hard is this?

          @Adam 1 - Do you really think that the police wouldn't look in a mobile phone when they were looking for data? This is akin to the people who think that they can hide stuff under the floorboards and the coppers will never find it "cuz there all stoopid".

    2. Jason Bloomberg Silver badge

      Re: Honestly? How hard is this?

      It does beg the question; ignorance, naivety, stupidity, or deliberately planned?

      No matter which it seems we now know a lot about how the authorities consider those documents which we would not know had Miranda been carrying nothing.

      1. Destroy All Monsters Silver badge
        Holmes

        Re: Honestly? How hard is this?

        > 5. Carry the thumb drive back to Brazil.

        "You may want to take one of those modern train coaches, my good friend. I heard the horse-drawn carriages are increasingly being controlled by political police."

  15. Pierson
    WTF?

    No one can be that incompetent, surely?

    I'd love to believe that this is just HMG trying to do a snowjob(*) on Miranda, Rushbridger et al, or that the journo's are working a sophisticated sting against the spooks; but, to be honest, it really does seem that the Graun and its fellow travellers are a bunch of incompetent innocents who aren't fit to be allowed near an abacus, let alone a sensitive computer system.

    These documents would probably have been a lot more secure if Rushbridger and his crew had simply communicated with each other, carefully, via PGP/GPG encrypted emails.

    It reminds me of that sniffy comment by Gandalf in LOTR about his exaggerated fear of Sauron vs. his overoptimistic faith in the Innkeeper Butterbur...

    (*) well, they are anyway, but I simply can't stack up the comments by the Graun, Miranda and others and still assume that they are in any way competent.

  16. ed2020

    Eh?

    So they were taking many flights because they were concerned about the NSA and GCHQ eavesdropping on electronic communications. Presumably this means they were concerned the NSA could decrypt electronic communications so the point of encrypting the thumb drive was what...?

    1. Anonymous Coward
      Anonymous Coward

      Re: Eh?

      To be generous to them: They could have encrypted the drive because they didn't want joe public to come across the information and let it leak onto the internet that way. That said, even if they believed the security services could decrypt the data, surely they were under the impression that the security services knew they had it anyway. More to this, even if they were just trying to keep Joe public away from the unredacted data - Why did they write down the key and sent it on the same flight? I'm not sure I understand any of the reasoning in this piss-poor example of IT security.

    2. Don Jefe

      Re: Eh?

      Taking many flights to escape GCHQ but transferring at Heathrow? That's not how I would have done it...

  17. GreyWolf
    Holmes

    Where do you hide a book?

    ...in a library...

    1. I want to get a copy of secret files out of UK reach

    2. I make up up a shiney-shiney, a distraction, a bauble to attract the eye of spooks

    3. I "hide" the real files among the shiney-shiney (encrypted differently).

    4. I let it fall into the hands of GCHQ/NSA

    5. Spooks are satisfied, but they don't know that the real thing has passed them by.

    If you are going to Brazil from Germany, there are surely direct flights - if not, you go via Schiphol, not Heathrow. The only reason to go via Heathrow is to wave the shiney-shiney under the noses of the spooks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Where do you hide a book?

      If you're going to be that cunning, you'd not have the encryption key written down on a piece of paper, because that's just blindingly obvious isn't it? You'd make them work for it a bit.

      No, I'm going to fall on the side of the fence marked "incompetent".

    2. DrXym

      Re: Where do you hide a book?

      The classic example of this is the Cullinan diamond. A big fanfair was made of it being transported by ship from South Africa to England. It was to be locked in the captain's safe and under constant guard for its entire journey. The safe only contained a fake and was a diversion - the real diamond had been sent as registered post with the rest of the mail.

    3. knarf

      Re: Where do you hide a book?

      Eh.. No.... its sad say but people really that stupid. How else do you explain X-Factor!

    4. Anonymous Coward
      Anonymous Coward

      Re: Where do you hide a book?

      You're not thinking like a journalist thinks.

      They'll fly Heathrow cos they always fly Heathrow or because they have a regular flyer bonus or are collecting air miles.

      They don't think like a character from a thriller normally, though one or two have written thrillers.

    5. Brian Miller

      Re: Where do you hide a book?

      Why bother doing that? You could have a 128Gb drive full of stupid vacation photos, encrypt the files, and then use a steganography utility to hide the files in the vacation pics. Plod grabs device, looks, and only sees stupid vacation snaps. Lo and behold, plod is satisfied. You want their attention? Have a bunch of obviously encrypted files.

      But yeah, we are talking about journalists here who might as well have not bothered with encryption at all. Usually it's hard enough to get them to get the facts straight, let alone follow any reasonable protocol for handling data.

    6. Chris 244
      Facepalm

      Re: Direct Flights

      LH 500

      Took me longer to post this comment than it did to find a direct flight from Frankfurt to Rio.

  18. Anomalous Cowshed

    Police confiscated disks and other items capable of holding data:

    A notebook.

    A few loose pieces of paper.

    Two palms of a hand.

    One potentially tattooed skin.

    A brain.

  19. This post has been deleted by its author

  20. Frankee Llonnygog

    The Gov's slagging the Guardian for poor security

    Had the Guardian's security been top notch, I doubt the Gov would have congratulated them.

    This is rather like telling off a pickpocket for keeping your wallet in the back pocket of his jeans.

  21. Anonymous Coward
    Anonymous Coward

    So let me sum this up

    UK gov't uses their powers to access this guy's encrypted data and then complains that the encrypted data was accessed. Uhh, so whose fault is that?

  22. Wang N Staines
    Facepalm

    LOL.

  23. CABVolunteer
    WTF?

    Look more closely at what the government's submission said

    To expand on what this government representative actually claimed in his submission, quoted in the BBC news item:

    "[a] piece of paper containing basic instructions for accessing some data, together with a piece of paper that included the password for decrypting one of the encrypted files on the external hard drive".

    ONE of the files?

    Could it be that the file which Miranda had instructions on how to open contained contact information for a lawyer to assist if detained or even Rusbridger's phone number?

    The government stooge also said that "many of the files were encrypted". So what was so damaging in the unencrypted files that their contents haven't been leaked by the government? His shopping list perhaps?

  24. Anonymous Coward
    Anonymous Coward

    "poor security practices"

    Who cares? The "secrets" weren't secret any longer.

    The only point of security regarding this now-not-secret information might be its commercial value as news material to The Guardian and/or the involved journalists, and what they do or don't do to protect that is entirely up to them.

  25. Anonymous Coward
    Anonymous Coward

    Someone has been duped

    He is transiting through the UK with stuff and he knows that under RIPA he will go to jail if he doesnt give up the passwords so he brings a handy one with him to decrypt something.

    Included in that data was the information that magically made its way to the independent newspaper.

    Set a trap to catch a rat and it worked very well.

    1. Destroy All Monsters Silver badge
      Holmes

      Re: Someone has been duped

      I say, my good fellow.

  26. Anonymous Coward
    Anonymous Coward

    Homophobia

    Can you please stop referring to David Miranda as "Snowden Journo's Boyfriend" in your headlines.

    It says more about The Register and the people who write for it than the content of the story that appears below. them.

    1. gazthejourno (Written by Reg staff)

      Re: Homophobia

      Noted - we'll stop calling him a journalist.

      Homophobia? For pointing out a simple relationship which both parties have acknowledged? Jog on, matey.

  27. davefb

    So , why does the UK feel that NSA documents have anything to do with them anyway, surely they didn't look at them then told the NSA they'd been destroyed?

    Let alone the fact repeating these comments just goes to show they even admit they didn't have any concerns about Miranda being a terrorist, so should have used the correct laws.

  28. John Doe 6
    FAIL

    It really doesn't matter...

    ...does it ?

    Those "secrets" were no longer secrets, because mr. Snowden intended to make them public when he copied them at NSA...

  29. Anonymous Coward
    Facepalm

    Miranda rights

    Or in this case "Miranda wrong"

    (Doh!!)

  30. This post has been deleted by its author

  31. Anonymous Coward
    Anonymous Coward

    Where's the micro SD Card?

    Thumbdrives? Yeah those are sure to go unnoticed<snark>.

    From day one of the Miranda drama, my question has been: where were the MicroSD card(s) hidden? Even a quick scan of TrueCrypt's own doc on plausible deniability reads like a script that Miranda executed fairly well.

    Did the spooks strip his luggage down to the metal frame to discover the aluminum foil wrapped MicroSD card(s) that the xray scanner missed?

  32. jonfr

    Cat photos

    So the UK cops got access to 58.000 cat photos and refuse to acknowledge it. No surprise there.

  33. C. P. Cosgrove

    Ummm . . .

    "Metropolitan Police Service Counter Terrorism Command is now carrying out a criminal investigation, which is at an early stage."

    Fascinating. Against whom might they be preparing this (possible) case ? Against the heads of NSA and GCHQ for crininal negligence ? For breaches of the Official Secrets Acts ? For aiding and comforting terrorists ?

    Or are they working on behalf of Data Protection Commissioner, preparing a case under the Data Protection Laws ?

    Chris Cosgrove

    1. Anonymous Coward
      Anonymous Coward

      Re: Ummm . . .

      If you're found with stolen goods, it doesn't matter how you got them, you'll be prosecuted not the person they are stolen from.

  34. Anonymous Coward
    Anonymous Coward

    fwiw Greenwald says Miranda was not carrying a password which allowed access to the "documents"

    https://twitter.com/ggreenwald/status/373451644794449922

    so the claim that he was carrying "some 58,000 highly classified UK intelligence documents" would appear to be speculation at best

    1. Anonymous Coward
      Anonymous Coward

      Are you actually citing what someone said on Twitter as evidence?

  35. HippyFreetard

    And Snowden a Sysadmin?

    "Here's the encrypted files. Here's the password for the files. Here's some instructions on how to use the password."

    Does seem a bit weird. Either incredibly stupid or incredibly clever.

    Scenario 1. The real shit's just a big encrypted file, uploaded to the cloud, and all that needs to be muled is the password. Decoy Dave is sent to look all nervous with a bagful of hard disks, the password, and, in case the police are extra slow, some instructions on how to open it.

    Scenario 2. Snowden's been offered assylum, so he washes his hands of the whole thing, phones Greenwald in a panic, and says "get on over here and take it. I want nothing to do with it anymore. Passwords too..."

    I can't decide...

  36. Anonymous Coward
    Anonymous Coward

    No so bright

    The perps ain't as smart as they usually think they are and that's what leads to their downfall. It's going to make for good theatre seeing Snowden suffer a long, slow, painful death probably via radiation poisoning, KGB style.

  37. Anonymous Coward
    Unhappy

    Security not the issue - government over-reach is.

    The issue is that the UK used a flimsy pretext and a total lack of moral authority to arrest and detain someone for reasons that are utterly unclear but cannot reasonably be thought to be in the "national interest." That excuse, as was shown in Parliament on Thursday, is now viewed with extreme scepticism, as is the immediate compliance with US military/security establishment demands. Stories from gov sources changing the agenda should be seen as such.

  38. Michael Habel

    Heres hoping that...

    Snowden grows a pair, and finds a place to dump everything out there into the wild. The ensuing drama would be priceless!

  39. Robinson

    Remarkable.

    It's remarkable to me that certain people here seem to hate their own countries more than those who are actually despotic, enough to support Snowden in his vainglorious attempt to get recognition. I mean the guy is HIDING IN RUSSIA, a country that tends to shoot awkward journalists rather than hold them at airports for a few hours.

    You people DISGUST ME.

    1. Volker Hett
      Thumb Down

      Re: Remarkable.

      >It's remarkable to me that certain people here seem to hate their own countries more than those who are actually despotic, enough to support Snowden in his vainglorious attempt to get recognition.

      Funny you say that, I do love my country within reasonable limits. I really don't like GCHQ and PRISM to spy on me. Both are breaking german law doing it!

    2. CABVolunteer

      Re: Remarkable.

      I have to fundamentally disagree with you.

      Whilst I might find the actions of a despotic regime in a foreign country obnoxious, I have no standing. However, when the actions of the government of the country of which I am a citizen go beyond the limits of civilized behaviour, I have the right, indeed the duty, to protest.

    3. Anonymous Coward
      Anonymous Coward

      So you believe we should all "Follow the Government, right or wrong" then?

      That way lies death, destruction and genocide.

      A good human being will do whatever is in their power to stop a government that starts upon that road.

      First they came for the...

    4. Red Bren
      Unhappy

      Even more remarkable...

      that certain governments seem to hate their own citizens more than those who are actually despotic.

      It's well known that Russia is no bastion of human rights, but that doesn't justify abuses by western governments because "it's not as bad as Russia." If you were mugged, would you be satisfied if your attacker escaped justice on the grounds that they only hit you, in some places they might have shot you?

      You depress me.

      1. Matt Bryant Silver badge
        FAIL

        Re: Red Bren Re: Even more remarkable...

        ".....If you were mugged, would you be satisfied if your attacker escaped justice on the grounds that they only hit you, in some places they might have shot you?...." Yeah, so please show us on the doll where you were hit? Oh, you can't, becase no-one is interested in reading your delusional blatherings. You haven't been "mugged", you are just hapiilly living in some fantasy where you like to imagine you are just so gosh-darn cool and rebellious that the security services would consider you a top priority intercept target, when the reality is they have real fish to fry, not wannabes. Get over yourself.

  40. RobHib

    Bloody amateur

    Miranda has to a bloody amateur. I'm not even in that game and I'd not do that.

    Why didn't he just encrypt it first then email it to himself then collect later? Walking through customs with nothing would seem much more prudent.

  41. Anonymous Coward
    Anonymous Coward

    Bwaaaahahaha...

    "They found the password and fell for it. Our hilarious quadruple-cross is working."

  42. Suricou Raven

    Alternate theory.

    It's possible that the Guardian were so useless they had the password written down. But it's stretching things a little - that's incompetence of comic proportions.

    I've a theory to offer: The investigators actually got the password through another channel, one of dubious legality. Perhaps they have phone and email monitoring operations on everyone who works for the Guardian (I would be very surprised if they do not) or even bugs in the offices, or maybe someone on the inside leaking details, or perhaps GCHQ were able to use some advanced cryptoanalytics magic to find the key left behind in the swap file. However they got it, they don't want to admit how - so the 'password on a postit' line is just a lie made up to give a plausible explanation for how the investigators got that password, thus protecting the secrecy of whatever cloak-and-dagger operations they have going on. It even has the added bonus of making the Guardian look like a bunch of idiots.

    Or the documents found might just be a plant, and he wasn't really carrying anything at all. At this point I think we've demonstrated that both US and UK governments are more than willing to outright lie to the public and frequently violate their own laws - planting evidence isn't that much of a leap. Being able to threaten Miranda with jail time could be a way to apply pressure to Greenwald. He may already have recieved the deniable communication: 'One way or another your boyfriend is going to jail for a few months - but if you publish any more documents, we'll see to it that he is locked up for five years before he so much as sees a trial, and thirty more after that.'

    Wild speculation is quite acceptable here because we now know that government *lies* - even more so than was previously thought.

  43. Anonymous Coward
    Anonymous Coward

    As originally stated even by the GCHQ (P take?), they were naive amateurs

    Use PKI for all data transport between parties and it doesn't matter who intercepts the data.

    The credit card business could learn from this too!

  44. John 98

    I'm not a legal eagle BUT

    What does the UK charge him with? These files were not taken from any UK system, or within the UK, may not even be UK material, so I'm not sure how they can prosecute. They can try some vague thing about making terrorism easier but a jury (not abolished yet despite the obvious danger to NATIONAL SECURITY) might have the cheek to boot the case out the courtroom window. Which might be why they didn't arrest him after their nine hours of intimidation. After all the defence can claim, that since the alledgedly dangerous material was never a state secret, the prosecution can't refuse to disclose it

    1. Matt Bryant Silver badge
      FAIL

      Re: John 98 Re: I'm not a legal eagle BUT

      "What does the UK charge him with?...." If he is in possession of material covered by the Official Secrets Act, regardless of how they came to be in his possession, then he is in breach of that law.

      "....These files were not taken from any UK system, or within the UK, may not even be UK material, so I'm not sure how they can prosecute...." Go read the relevant Act, it matters not one jot how the material was stolen, just that you have it in your possession and are not authorised to have it in your possession. If you show intent to distribute it that makes it worse.

      "....They can try some vague thing about making terrorism...." The terrorism angle was simply used to stop him, it will be the OSA used to prosecute. They could go the extra mile in court and, if they can show that Miranda and co knew the material would be of interest to terrorists and still distributed it, charge them with material support of terrorism, but they don't need to when they can go to town with the OSA charges.

      "....Which might be why they didn't arrest him after their nine hours...." I would suggest that the volume of documentation meant they simply hadn't processed enough to charge Miranda with inside the nine hours, so they let him go whilst still examining the data. It seems they ahve found plenty since as they are preparing a criminal case.

  45. Dexter
    Holmes

    I thought if you wanted to send crypto keys secretly you used the old Greek system:

    1. Shave head (of slave in Greek case, but hey, anyone will do)

    2. Tattoo the key onto scalp (maybe just a permanent marker would do in this day and age)

    3. Wait a week or two for hair to grow.

    4. Off you go. Searches find nothing

    5. Get to other end, shave head, et voila.

  46. Nym

    Hah

    They followed you guys' advice--always write down your password and carry it with you. Writing it backwards on your forehead should be sufficient encryption. 8]-

This topic is closed for new posts.

Other stories you might like