Teasing my armchair thoughts out of my head: - If another article @grendel just posted is true, then the Office of Personnel Management also has blood on its hands by the standards of the "senior Home Office official" quoted in the Sunday Times: - If the insurance file was cracked, then that is a pretty dire situation. It suggests that: a) Encryption is so hard to do that someone like Snowden can fail at it in a situation where they feel their life might depend on doing it well. This suggests that most encryption is poorly done (technically or socially). There is evidance in favor of this point. Assange has had one file compromised, and he is adept in this area. b) The Chinese and the Russians are extremely sophisticated. Insurance files would then be an obvious target. If they can break Snowden's insurance file, have they broken others? Wikileaks has 300+ gb of insurance files floating around.
- If you agree with Schneier on the dangers of having an insurance file (I do), the fact that Assange and Snowden are both still walking around would support the idea that these files are vulnerable enough that physically attacking them to prompt key release isn't worth it. One senior Home Office official accused Snowden of having “blood on his hands”, although Downing Street said there was “no evidence of anyone being harmed”.
His file was compromised because someone he trusted published the decryption key in a book. This was either deliberate or a human error (and it was an error in Assange's judgement to give the guy the key). This example doesn't provide evidence that encryption is usually technically flawed. The Sunday Times article smacks of propaganda. Any claim it makes that the Chinese and Russians have cracked some encrypted trove of Snowden's files should be approached with a sensible amount of skepticism. This guy puts it well: http://notes.rjgallagher.co.uk/2015/06/sunday-times-snowden-china-russia-questions.html Assange has had one file compromised, and he is adept in this area.
Which is why I said "This suggests that most encryption is poorly done (technically or socially)". The encryption itself is technical, but sharing the resulting data is a social act. Doing both parts right is hard, as Assange demonstrated. And failure in either aspect breaks the whole shebang. It is interesting to note that there are technical solutions to prevent what happened in that case. But hindsight is also 20/20. ---- I agree that the Sunday Times article smacks of propaganda. His file was compromised because someone he trusted published the decryption key in a book. This was either deliberate or a human error (and it was an error in Assange's judgement to give the guy the key). This example doesn't provide evidence that encryption is usually technically flawed.