Getty Images

WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist

Stefania Maurizi says in written evidence that Julian Assange pioneered the use of encryption by journalists to protect sources. Her work shows that the US put pressure on Italy to stop the extradition and prosecution of CIA officers responsible for the extrajudicial kidnapping and torture of an Egyptian cleric

WikiLeaks pioneered the use of encryption and air-gapped computers to protect sources and confidential documents later used in mainstream news rooms, according to evidence by an Italian investigative journalist.

Stefania Maurizi said that the organisation had taken extensive measures to protect thousands of state department documents leaked by Chelsea Manning in 2010.

She gave written evidence during the four-week extradition trial of Julian Assange at the Old Bailey, which ended 1 October 2020.

According to her evidence, US cables published by WikiLeaks showed that the US had successfully placed pressure on Italian politicians not to extradite and prosecute the CIA officers responsible for the kidnap and torture of an Egyptian cleric seized from the streets of Milan.

Assange is accused of offences under the Computer Fraud and Abuse Act and 17 counts under the Espionage Act after receiving and publishing thousands of classified documents from former US army intelligence analyst Chelsea Manning.

US prosecutors have alleged that Assange knowingly published thousands of unredacted state department documents which put US informants at risk.

Maurizi, a journalist with newspapers l’Espresso and La Repubblicaworked as a media partner with WikiLeaks for more than 9 months to analyse US State Department cables related to Italy, and used local knowledge to redact the names of individuals who might be at risk if their names were disclosed.

Pioneering cryptography

Maurizi, who has a degree in maths and wrote a dissertation on cryptography, said that WikiLeaks had pioneered the use of encryption to protect journalistic sources.

“Julian Assange and WikiLeaks were pioneering the use of encryption to protect journalistic sources, and this was of great interest to me both as an investigative journalist and a mathematician,” she said.

At the time, no major newsroom was using cryptography to systematically protect sources, and it would be years before other newsrooms – such as the Guardian and the Washington Post – introduced cryptography.

WikiLeaks made original documents available on its websites so that people could access the original documentation and check the accuracy of published media reports. Assange called it “scientific journalism”, said Maurizi.

The journalist worked with Assange on the Iraq War logs in 2010 and was given access to more than 4,000 State Department cables in 2011.

“I was given an encrypted USB stick and once I returned to Italy I was given a password that would then allow opening the file. Everything was done with the utmost responsibility and attention,” she said.

Maurizi used an air-gapped computer, which she never left unattended, to analyse the cables, and adopted other security measures.

“Even the work done by close colleagues on stories regarding the Italian Mafia requiring extreme caution and security never reached these levels,” she said.

Maurizi said that she redacted any sensitive names – using 12 X’s, so that the length of the name did not provide any clue to the identity – before they were published by WikiLeaks.

US put pressure on Italy to prevent extradition of CIA suspects

The diplomatic cables shed light on “extremely serious human rights violations” including torture and kidnapping, said Maurizi.

They revealed that the US had put pressure on Italian politicians not to extradite US citizens and CIA agents held responsible for the kidnapping and extraordinary rendition of Abu Omar from the streets of Milan.

Omar was taken to Egypt in 2003 where he was held in cell, blindfolded, handcuffed and repeatedly tortured for 14 months, according to an investigation by Mother Jones

Omar was sentenced in his absence to six years on terrorism charges in a decision confirmed by the Italian Supreme Court in 2015.

Thanks to a series of blunders by the US agents, Italian prosecutors identified 26 US citizens, mostly CIA officers, responsible for the kidnapping.

They were tried in absentia and convicted by the Italian supreme court between 2012 and 2014 to sentences of between six and nine years.

Under US pressure, successive Italian justice ministers refused to issue extradition requests to the US to put the suspects on trial in Italy, and several of the suspects received presidential pardons.

Without WikiLeaks publication of US diplomatic cables, “it would have been impossible to acquire factual and solid evidence about the US pressures on the Italian politicians”, said Maurizi.

Mistakes led to publication of unredacted documents

Maurizi said that she learned that one of WikiLeaks media partner’s passwords had been compromised during a trip to visit Assange, who was then a guest at Ellingham Hall, a country house in Norfolk, in August 2011.

The password had been disclosed in a book on WikiLeaks, Inside Julian Assange’s war on secrecy, written by Guardian journalists David Leigh and Luke Harding.

Later, the German newspaper Der Freitag published a story that did not reveal the password, but made it possible for “people to connect the dots”.

“There was an ever-widening awareness that the files, until then considered to be safely encrypted, might nonetheless be public very soon,” said Maurizi. 

Copies of an encrypted file containing the unredacted State Department documents had been circulating on the internet.

Christian Grothoff, an expert in network security from the University of Applied Sciences in Bern, told the court on 21 September that the file was likely to have been distributed after people mirrored the contents of WikiLeaks following a denial-of-service (DDoS) attack.

Maurizi said: “WikiLeaks was in the position of its own data having been irreversibly and repeatedly embedded in the internet and it could not undo what had happened.”

She said that Assange was acutely troubled by the situation and made urgent attempts to inform the State Department that information was circulating out of control.

When WikiLeaks published the unredacted documents, following their publication on the US web site Cryptome, Maurizi contacted security expert Bruce Schneier.

According to extracts quoted in Maurizi’s evidence, Schneier said in an email that “both parties made dumb mistakes”. He said that “if I were to assess the blame, the Guardian made the worse mistake”. Without the key, no one would have been able to brute force the file. “No one, probably not even aliens with a planet-sized computer,” he added.

A judge will rule whether the UK should grant the US request to extradite Assange on 4 January 2021.

Read more about Julian Assange’s September extradition hearing at the Old Bailey

Read more on IT risk management