To: Wharf Rat who wrote (10132 ) 2/23/2012 1:59:26 PM From: Brumar89 Read Replies (1) | Respond to Anthony Watts & other skeptics shows what ethical people do when they find private information belonging to others: February 23, 2012 Anthony Watts I too was recently in receipt of private documents through a security lapse presented in the Climategate 2 emails. I (and many other WUWT readers who notified me about it) had full and open access in Dr. Phil Jones Journal of Physical Research (JGR) author account, which showed all of his papers (including some not published yet) plus comments from reviewers. Who gets the most access to network data (like emails at CRU)? Dr. Phil Jones and others at CRU sent some emails out years ago that linked to papers under review at the Journal of Geophysical Research. Some WUWT readers found these early on, and sure enough, such links from years ago in the CG2 emails still worked . A few days ago I made the issue known to Dr. Phil Jones and to the JGR journal staff so they could close this security hole. As far as I know, all have been closed. I’ve tested again tonight and the live link fails now. Now that they have been closed, I can talk about it safely without putting JGR’s manuscript system at risk.From: Anthony Sent: Thursday, November 24, 2011 5:10 PM To: p.jones@uea.xxxx.xxx Cc: grlonline@xxxx.xxx ; jgr-atmospheres@xxxxx.xxx Subject: password enabled JGR links in Climategate 2 filesDear Dr. Jones, I know that you know me, and probably do not like me for my views and publications. Regardless of what you may think of me and my work, it has been brought to my attention by a reader of my blog that there are open access links to your manuscripts at JGR included in the email that are now in the public view. Therefore, it is my duty to inform you that in the recent release of Climategate 2 files there are links to JGR journal review pages for your publications and also for the publications for Dr. Keith Briffa. For example, this link: jgr-atmospheres-submit.agu.org [access code redacted] I have verified that in fact that link opens your JGR account and provides full access to your JGR account. In fact there are 35 different emails in this release that contain live links to JGR/AGU author pages. Similar other links exist, such as for Dr. Keith Briffa and others at CRU. This of course is an unintended and unacceptable consequence of the email release. I am cc:ing Joost de Gouw Editor, JGR Atmospheres in hopes that he can take action to close this open access to these accounts. It is a holiday here in the USA (Thanksgiving) and there may not be office hours on Friday but hopefully he is monitoring emails. JGR should immediately change all passwords access for these CRU members and I would advise against allowing transmission of live links such as the one above in the future. JGR might also consider a more secure method of manuscript sharing for review. The open nature of these links is not publicly “on the radar” even though they are in fact public as a part of the email cache, and I do not plan on divulging them for any reason. Any mention of these links will be deleted from any public comments on my blog should any appear. Dr. de Gouw (or anyone at JGR) and Dr. Jones, please acknowledge receipt of this email. Thank you for your consideration. Best regards, Anthony Watts So clearly, CRU and others in the emails didn’t think twice about sending around open access live links. As David M. Hoffer points out in his article, the researchers don’t seem to have a clue about security. They also leave “sensitive” files they don’t want to share under FOIA requests lying about on open FTP servers UPDATE: Many people in comments think I’m doing something wrong by writing to Phil Jones and AGU/JGR. In Phil Jones reply to me, he wrote: A couple of other people sent me emails about this issue. Hemispheric and large-scale land surface air temperature variations: An extensive revision and an update to 2010 Abstract PDF no skeptic I know of, including me, has yet “outed” the early drafts and author notes contained in Phil Jones JGR account. It would have been easy to do so, to publish Dr. Jones first submitted draft for the broadest peer review possible on the Internet. But no skeptic (that I know of as of this writing) did. wattsupwiththat.com
