WikiLeaks is conducting an online poll of its Twitter followers to decide whether the whistleblowing site should publish in full its unredacted cache of US diplomatic cables.
The site last week released more than 120,000 of its cache of diplomatic cables, with almost no redactions to protect the identity of informants and other individuals. The huge scale of the release, compared with 20,000 cables disclosed in the past nine months, prompted fierce criticism from the Australian government and former US state department spokesman PJ Crowley.
WikiLeaks appeared likely to use the Twitter responses, which it said favoured disclosure at a ratio of 100 to one, to pave the way for imminent disclosure of the remaining material from its cable archive.
The majority of cables published in the past week by WikiLeaks were unclassified but the site released the full archives, including confidential and secret cables, from Sweden and Australia. The Australian cables, which unlike previous releases were not apparently redacted, included a document identifying 23 Australians alleged to have links with al-Qaida, prompting an angry response from Robert McClelland, Australia's attorney general.
"On occasions in the past, WikiLeaks has decided to redact identifying features where security operations or safety could be put at risk. This has not occurred in this case."
"The publication of any information that could compromise Australia's national security, or inhibit the ability of intelligence agencies to monitor potential threats, is incredibly irresponsible," he said.
In a lengthy statement posted online, WikiLeaks said publishing its full cache of cables was necessary because an encrypted file containing the whole database was available online, and the password was in the public domain. It said the Guardian was responsible for this security breach, due to a password published in the Guardian's book WikiLeaks: Inside Julian Assange's War on Secrecy, published in February 2011.
The Guardian urged WikiLeaks not to publish the unredacted documents or to release any further details pointing to where they might be found, and denied involvement in their publication.
"The Guardian calls on Wikileaks not to carry through its plan to release the unredacted state department cables. We believe this would be grossly irresponsible," it said in a statement.
"The paper utterly rejects any suggestion that it is responsible for the release of the unedited cables. The Guardian's book about WikiLeaks was published last February. No concerns about security were expressed when the book was published or at any stage during the past seven months."
The statement added that WikiLeaks had contacted the Guardian's editor-in-chief, Alan Rusbridger, within the last month about future projects – despite the site's claim that it had been aware of security concerns for at least that long. Rusbridger and Assange met on 4 August, the statement reveals.
"The two-hour meeting, which was filmed by Assange's colleague, was cordial. Not only did Assange never mention the supposed security leak, he proposed working with the Guardian again on specific future projects.
"The Guardian and its partners went to great lengths to protect potentially vulnerable sources identified in the WikiLeaks documents throughout their collaboration with the organisation. WikiLeaks should take responsibility for its own pattern of actions and not seek to deflect it elsewhere."
WikiLeaks' allegations centred on details of how the Guardian's investigations editor, David Leigh, obtained the cache of cables from Assange.
The Guardian book revealed the diplomatic files were placed by WikiLeaks on a secure online server in July 2010, which it was agreed would only be online for a matter of hours.
This server held a heavily encrypted file containing the unredacted embassy cables database. Assange had given Leigh the password to unlock this file once he had obtained it, and this password was included in the book – seven months after the temporary file was taken offline. No trace could be found through web links or Google's archives of this file ever being visible through this secure server.
However, at a later stage the same encrypted file and at least one other encrypted with the same password was posted on the peer-to-peer file-sharing network BitTorrent. One of these files was first published on 7 December 2010, just hours before Assange's arrest. In the days running up to his arrest, Assange had spoken of "taking precautions" in the event of anything untoward happening to him.
This file, it was later discovered, was the same file that had been shared with the Guardian via the secure server. It shared the same file name and file size, and could be unlocked using the same password as that given to Leigh.
Daniel Domscheit-Berg, a former member of staff at WikiLeaks who is attempting to set up a rival whistleblowing website, discovered this republished file and shared information on WikiLeaks's security breach with a small group of journalists.
Avoiding the re-use of passwords and avoiding republishing temporary files are both considered basic security procedures among online security experts.
However, the file was not discovered or downloaded by the public. By 10am on Thursday it had been accessed once in the previous 31 days, despite mounting speculation about its existence.
Initial news stories did not give details of the location of files or of passwords. Later, WikiLeaks and some of its supporters published a series of hints about the passwords and files.
At about 11pm on Wednesday an anonymous Twitter user discovered the published password and opened a separate file – not the one shared with the Guardian – that had also been circulating on file-sharing networks for several months.
There was no evidence that any member of the public had sufficient information to find and decrypt the files even hours before their discovery.
In the hours immediately before the document cache was unencrypted, the WikiLeaks twitter feed urged users to download a different encrypted file from BitTorrent, without giving any details as to its contents or password.