sábado, 31 de agosto de 2013

UK government says Greenwald partner practiced terrible security - Washington Post (blog)

Glenn Greenwald (Vincent Yu/AP)

Glenn Greenwald (Vincent Yu/AP)

David Miranda, Glenn Greenwald's Brazilian partner, did a terrible job of safeguarding classified documents leaked by NSA leaker Edward Snowden. At least, that's the view of the UK government.

In a written statement to a British court Friday, Oliver Robbins, deputy national security adviser in the Cabinet Office, said that the the UK government had managed to access some of the documents Miranda had been carrying in encrypted form.

While most of the files remained encrypted, it was possible to access a portion of files on the hard drive because a piece of paper containing basic instructions for accessing some of the data that included a password for decrypting one of the files was among Miranda's things.

Robbins said assessments by GCHQ had shown that the number of documents on the hard drive seized from Miranda was consistent with the number that Snowden would have had access to when working at the NSA and that he "indiscriminately appropriated material in bulk", and that at least some of that was being couriered by Miranda.

Robbins "believes the data may have already been obtained by one or more of the countries through which Snowden has passed since he fled the US," including China and Russia.

But the government's statement raises as many questions as it answers. For example, the government claims that Miranda was carrying 58,000 encrypted documents. Yet David Barrett of the Telegraph  quotes the government saying that so far, "only 75 documents have been reconstructed." If the government had the password used to encrypt the documents, they should have been able to unscramble all 58,000 documents. If not, how did they know how many files he was carrying?

One possibility is that the file encrypted with the recovered password had already been deleted. Deleted files can sometimes be reconstructed with forensic techniques, but it's not a fast or foolproof process.

1 comentario: