* If Wikileaks edits the content it can be criticized for tampering.
* If Wikileaks leaves malware in it can be criticized for circulating malware.
It may also give an excuse to search engines and other partners of the government to block the site on account of it hosting files that are infected.
A pretty nasty no-win situation.
Also think about what this means for the sources of the documents. It means that the surveillance and intelligence information from these firms was likely compromised. Yikes.
What's wrong with providing one dump without malware, and a second dump of just the infected files, which when put together gives you the whole thing? That way you have full disclosure, the people who want the infected files can easily get it, and the people who don't want it can easily avoid it.
Critics might be able to say that Wikileaks BOTH hosts malware AND tampers with evidence - but if Wikileaks has a voice to respond it has a pretty good reply.
Filters and services sometimes block entire domains because one page hosts malware. So it might be that the excuse could still be used to block Wikileaks if they did host both - but again agreed that hosting both is pretty good.
It does increase the work staff at Wikileaks must do and the amount of data they have to host/manage.
But yeah overall if this becomes a problem for them doing both seems like a pretty good solution.
Practice safe computing instead of expecting others to do it for you.
What malware 'is" can even be a difficult question. Is a RAT malware, or a way to log people snooping on your computer? Also, new malware is discovered. So it'd have to be a curated collection.
Even if you practice safe computing it's likely that your information will be compromised - especially in the long term and especially if you are an organization.
That's not to say this practice isn't important. It's just that it's not enough. We need both of these things (and more).
The state of computer security is fundamentally asymmetric.
In the case the pre-screener is honest, having them pre-check the work only saves you downloading a few virus executables at the cost of some work.
If the case the pre-screener isn't honest, it's saved you nothing at all and cost you a lot because you're likely to be less cautious.
Do you remember the tagline (roughly) "Outgoing email scanned and verified by AVG"? That was 100% worthless and actually very counterproductive. Expecting someone to check leaks like that is just as bad.
Scan everything. You've got the same technology they do.
You're correct but this is not an argument against screening on the distribution end. Not everybody will do this and if you can protect them from problems due to their own lack of screening then you should.
Just because you can avoid problems on one end if you do everything right doesn't mean you shouldn't also try to avoid problems on the other end.
It's a pretty easy win-win situation–offer both, inform users appropriately. And then provide a third set: a list of the sanitized files not present in the virus-free dump. I think a quick spot check through those would show whether any editorializing was going on.
I have serious concerns about their publishing the private emails of employees of a private company that, from all I can gather, turned out to be pretty non-evil. But the virus issues, while not Stratfor's or Wikileaks's direct fault, could have been mitigated by Wikileaks pretty easily.
(Disclosure: I've subscribed to them for many years, but have no interest beyond that.)
The emails from SONY had some controversial stuff in them.
For example here is an interaction between the CEO and the State Department about setting up a group of media executives to develop US propaganda for the Middle East and Russia: https://wikileaks.org/sony/emails/emailid/117082
Of course it was also revealed that The Interview was a propaganda product aimed at destabilizing North Korea (in anticipation of the upcoming planned unification).
These sorts of things can only be found when there's wide access given to journalists. It's also true that the emails were available via torrent and hosted other places online.
To play the other side, 99% of the SONY leaks were innocuous. While it is a company with management that works, like most US international corporations, with the US government on 'shady things', it is also in large part also a private company with the usual mundane concerns of a corporation.
> Of course it was also revealed that The Interview was a propaganda product aimed at destabilizing North Korea (in anticipation of the upcoming planned unification).
I missed all that–can you point me in the right direction?
> These sorts of things can only be found when there's wide access given to journalists.
Sure, but there's an argument to be made that the only way to end domestic violence is to place cameras inside all homes. Obviously that tradeoff is one most people aren't willing to make, and I don't think that leaking the private emails of employees of a private company is ultimately morally defensible.
Whistleblowing is one (very important) thing–bulk dumps of 99% of innocuous stuff became there's 1% of stuff in there that isn't great (but probably isn't all that bad, in the grand scheme of things) is both tactically questionable–leaking something with a 1:99 S/N ratio is a terrible way to get your message across–it's also morally suspect.
If Wikileaks & Co. truly wanted to change the world (and it wasn't about garnering attention and giving indiscriminate anger an outlet), they'd be approaching things differently.
> I missed all that–can you point me in the right direction?
Sure!
The CEO of SONY, high level state department officials, RAND specialist on nuclear deproliferation, regime change and North Korea, and Special Envoy to Korea discussed what direction the ending of the movie should go for it to most optimally destabilize the Kim regime. Special Envoy talked about plans (and RAND specialist Bennett) mention plans to seed the film into NK:
The decision to name the leader of NK in the film came down from executives - in the original script it had entirely fictional names (http://www.scpr.org/programs/the-frame/2014/12/15/40758/how-...). This is also confirmed by the SONY leaks, which have the executives trade emails concerned about the appearance of their having brought up the idea.
This all came out pretty early during the hacks but unfortunately the skepticism over it having been NK behind the hacks overwhelmed the media at the time. (It did turn out to be pretty definitively North Korea, or at least sympathizers, after all).
> 99% v. 1%
I happen to agree with you wholeheartedly. I do like the way that Wikileaks operates, though. They don't want to be the people in charge of curating and censoring information because they feel that this process can become politicized. So they publish everything.
The cost of their publications is extremely high. The returns are also high and IMO the ROI is good so in general I'm for them. But yeah if the ROI wasn't very good I would question it a lot more.
Definitely Wikileaks operates in pretty challenging legal waters.
* If Wikileaks edits the content it can be criticized for tampering.
* If Wikileaks leaves malware in it can be criticized for circulating malware.
It may also give an excuse to search engines and other partners of the government to block the site on account of it hosting files that are infected.
A pretty nasty no-win situation.
Also think about what this means for the sources of the documents. It means that the surveillance and intelligence information from these firms was likely compromised. Yikes.