Electric Indigo on Wed, 1 Dec 2010 11:13:06 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> Julian Assange: the Forbes cover story & interview |
COVERSTORY - interview below Andy Greenberg SECURITY WikiLeaksâ Julian Assange Wants To Spill Your Corporate Secrets Nov. 29 2010 - 5:04 pm In a rare interview, Assange tells Forbes that the release of Pentagon and State Department documents are just the beginning. His next target: big business. Early next year, Julian Assange says, a major American bank will suddenly find itself turned inside out. Tens of thousands of its internal documents will be exposed on Wikileaks.org with no polite requests for executivesâ response or other forewarnings. The data dump will lay bare the finance firmâs secrets on the Web for every customer, every competitor, every regulator to examine and pass judgment on. When? Which bank? What documents? Cagey as always, Assange wonât say, so his claim is impossible to verify. But he has always followed through on his threats. Sitting for a rare interview in a London garden flat on a rainy November day, he compares what he is ready to unleash to the damning e-mails that poured out of the Enron trial: a comprehensive vivisection of corporate bad behavior. âYou could call it the ecosystem of corruption,â he says, refusing to characterize the coming release in more detail. âBut itâs also all the regular decision making that turns a blind eye to and supports unethical practices: the oversight thatâs not done, the priorities of executives, how they think theyâre fulfilling their own self-interest.â This is Assange: a moral ideologue, a champion of openness, a control freak. He pauses to thinkâa process that occasionally puts our conversation on hold for awkwardly long interludes. The slim 39-year-old Wiki Leaks founder wears a navy suit over his 6-foot-2 frame, and his once shaggy white hair, recently dyed brown, has been cropped to a sandy patchwork of blonde and tan. He says he colors it when heâs âbeing tracked.â âThese big-package releases. There should be a cute name for them,â he says, then pauses again. âMegaleaks?â I suggest, trying to move things along. âYes, thatâs goodâmegaleaks.â His voice is a hoarse, Aussie-tinged baritone. As a teenage hacker in Melbourne its pitch helped him impersonate IT staff to trick companiesâ employees into revealing their passwords over the phone, and today itâs deeper still after a recent bout of flu. âThese megaleaks . . . theyâre an important phenomenon. And theyâre only going to increase.â Heâll see to that. By the time youâre reading this another giant dump of classified U.S. documents may well be public. Assange refused to discuss the leak at the time FORBES went to press, but he claims it is part of a series that will have the greatest impact of any WikiLeaks release yet. Assange calls the shots: choosing the media outlets that splash his exposÃs, holding them to a strict embargo, running the leaks simultaneously on his site. Past megaleaks from his information insurgency over the last year have included 76,000 secret Afghan war documents and another trove of 392,000 files from the Iraq war. Those data explosions, the largest classified military security breaches in history, have roused antiwar activists and enraged the Pentagon. Admire Assange or revile him, he is the prophet of a coming age of involuntary transparency. Having exposed military misconduct on a grand scale, he is now gunning for corporate America. Does Assange have unpublished, damaging documents on pharmaceutical companies? Yes, he says. Finance? Yes, many more than the single bank scandal weâve been discussing. Energy? Plenty, on everything from BP to an Albanian oil firm that he says attempted to sabotage its competitorsâ wells. Like informational IEDs, these damaging revelations can be detonated at will. Long gone are the days when Daniel Ellsberg had to photocopy thousands of Vietnam War documents to leak the Pentagon Papers. Modern whistleblowers, or employees with a grudge, can zip up their troves of incriminating documents on a laptop, USB stick or portable hard drive, spirit them out through personal e-mail accounts or online drop sitesâor simply submit them directly to WikiLeaks. What do large companies think of the threat? If theyâre terrified, theyâre not saying. None would talk to us. Nor would the U.S. Chamber of Commerce. WikiLeaks âis high profile, legally insulated and transnational,â says former Commerce Department official James Lewis, who follows cybersecurity for the Center for Strategic & International Studies. âThat adds up to a reputational risk that companies didnât have to think about a year ago.â Already U.S. laws wrapped into financial reform this year expand whistleblower incentives to offer six- and seven-digit rewards to staffers in any industry who report malfeasance. Wiki Leaks adds another, new form of corporate data breach: It offers the conscience-stricken and vindictive alike a chance to publish documents largely unfiltered, without censors or personal repercussions, thanks to privacy and encryption technologies that make anonymity easier than ever before. Wiki Leaksâ technical and ideological example has inspired copycats from Africa to China and rallied transparency advocates to push for a new, legal promised land in the unlikely haven of Iceland. Itâs also fueling a race in the cyber security industry and in Washington to find technology that can plug information leaks once for all. Today Assange looks tired, his eyes narrowed and the skin beneath them puffy, as if heâs unused to even Englandâs gloomy daylight. He has no permanent home. âWeâre like a traveling production company; everyone moves somewhere, and we put on a production,â he sighs. âWe havenât had any rest since April.â In Sweden, where many of the groupâs servers are based, a warrant has now been issued for his arrest on rape charges. Heâs denied the accusations, arguing they amount to smear tactics. Heâs also afraid to set foot in several other countries, including the U.S., fearing that officials will find reasons to detain him. No question that Wiki Leaks would be in trouble if he were jailed: A spokeswoman says it has a âcontingency plan,â but without Assange there is no public face. Meanwhile, his resources have been drained by defections from his organization; some old friends and associates have taken issue with his autocratic style. None of which has stopped him from picking new fights. The promised release of bank documents would be the largest assault by WikiLeaks on the corporate sector, and Assange says the business community should expect plenty of sequels. In early October the site shut down its document-submission system; Assange says it was receiving more information than it could find resources to publish, thousands of additions a day at some points. The total is more gigabytes of data than he can count. âOur pipeline of leaks has been increasing exponentially as our profile rises,â he says, drawing a curve upward in the air with one hand. If even a fraction of his claims are borne out, heâs already sitting on a crypt of data any three-letter spy agency would kill for. The worldâs most vocal transparency advocate is now one of the worldâs biggest keepers of secrets. And about half of those revelations, says Assange, relate to the private sector. Over the last four years he has been so busy embarrassing various governments, from Washington to the corrupt Kenyan regime of Daniel arap Moi, that many forget the corporate scandals already on WikiLeaksâ trophy wall. In January 2008 the site posted documents alleging that the Swiss bank Julius Baer hid clientsâ profits from even the Swiss government, concealing them in what seemed to be shell companies in the Cayman Islands. The bank filed a lawsuit against WikiLeaks for publishing data stolen from its clients. Baer later dropped the suitâbut managed to stir up embarrassing publicity for itself. The next year WikiLeaks published documents from a pharma trade group implying that its lobbyists were receiving confidential documents from and exerting influence over a World Health Organization project to fund drug research in the developing world. The resulting attention helped crater the WHO project. In September 2009 commodities giant Trafigura filed an injunction that prevented British media from mentioning a damaging internal report. The memo showed the company had dumped tons of toxic waste in the Ivory Coast, chemicals that allegedly sickened 100,000 locals. But it couldnât stop WikiLeaks from publishing the information. Trafigura eventually paid more than $200 million in settlements. How can an American corporation respond to a Wiki attack? Lawsuits wonât work: WikiLeaks is legally shielded in the U.S. by its role as a mere conduit for documents. Even if a company somehow won a judgment against WikiLeaks, that wouldnât shut it down. Assange spreads the siteâs assets over many countries. âThereâs no single target to drop a bomb on,â says Eric Goldman, a law professor at Santa Clara University. The best protection? With a dash of irony Icelandic Wiki Leaks staffer Kristinn Hrafnsson suggests that companies change their ways to avoid targeting. âThey should resist the temptation to enter into corruption,â he says. Don Tapscott, coauthor of The Naked Corporation (Free Press, 2003), agrees. His simplistic conclusion: âOpen your own kimono. Youâre going to be naked. So you have to dig deep, look at your whole operation, make sure that integrity is part of your bones.â Most corporations, instead, are turning to cybersecurity to shield their private parts. Despite dozens of calls to companies in tech, energy and finance, none wanted to talk about antileaking strategies. But a Forrester Research study found that about a quarter of companies in the U.S., the U.K., France, Germany and Canada were implementing leak- focused security software in 2010, and another third are considering that option. A study last year by the Ponemon Institute, a privacy-research consultancy in Traverse City, Mich., found that 60% of employees admit to taking sensitive data before they leave a company. *** SOME OF THE MORE INTRIGUING ANTILEAK work is being done by Uncle Sam. In an unmarked government building on the edge of a residential Arlington, Va. neighborhood, a cybersecurity researcher named Peiter Zatko shows just how easily leaks can occur. He lays out a blow-by-blow history of one insider data theft: The suspect searched broadly over the network to find anything related to critical infrastructure, then returned to manually probe a few interesting files. âThen he walked away with enough information to shut down big chunks of the telephone systems in the United States,â Zatko says matter-of-factly. Who was that shadowy data smuggler? âThat was me,â says the 39-year-old researcher, giggling bashfully. Zatko is not your typical Department of Defense employee. Even in his new Beltway digs, he prefers to be called âMudge,â the hacker handle he used during decades of exploring the dark corners of the Internet. Frank Heidt, a former security staffer at MCI and several military contractors, says that when he first read Zatkoâs exploit research in mid-1990s hacker zines, he thought that Mudge must be the pseudonym of a group. âHe was so prolific that I thought he couldnât be one person,â Heidt says. In 1998, as part of the L0pht hacker think tank, Zatko testified in a congressional hearing that he and his friends could shut down the Internet in 30 minutes. Since March Zatko has also been a lead cybersecurity researcher at the Defense Advanced Research Projects Agency, the mad-scientist wing of the Pentagon devoted to projects that occasionally result in breakthroughs like the Internet and GPS. Zatkoâs new pet project may be equally ambitious: He aims to rid the world of digital leaks. The telephone system theft case that Zatko dissected in a Darpa conference room was a test, demonstrating that anyone with access to a network could steal data without detection, despite the systemâs expensive security software. Now his challenge is to fix the problem. Since August he has led a project known as the Cyber Insider Threat, or Cinder. Like most Darpa initiatives itâs an X-Prize-style open invitation for ideas; recipients typically get tens of millions of dollars in government funding. Thirty-five entrants, mostly tiny companies, have already publicly signed up, many more in secret. âWeâre looking to everyone from academia to startups to large government contractors,â says Zatko. âWeâre not looking for evolutionary improvement. We want to pull the rug out from the problem altogether.â Itâs a well-worn carpet. Since late 2007 every major security software vendor, from McAfee to Symantec to Trend Micro, has spent hundreds of millions of dollars to acquire companies in the so-called Data-Leak Prevention (DLP) industryâsoftware designed to locate and tag sensitive information, and then guard against its escape at the edges of a firmâs network. The problem: DLP doesnât work. Data is simply created too quickly, and moved around too often, for a mere filter to catch it, says Richard Stiennon, an analyst for security consultancy IT-Harvest, in Birmingham, Mich. âFor DLP to function, all the stars have to align,â he says. âThis is a huge problem that canât be stopped with a single layer of infrastructure.â More fashionable now is network forensics: the process of constantly collecting every fingerprint on a companyâs servers to trace an intruder or leaker after the factâand, perhaps, deter the next one. Thatâs a bit like fighting the next war according to the last one. Still, revenue at NetWitness, a prominent Herndon, Va. startup in that budding field, has leaped from $250,000 to $40 million since 2006. While the software generally gathers data and makes it easily available to queries, it doesnât pinpoint culprits. âThereâs nothing in current technology that can do this in an automated fashion,â says Shawn Carpenter, principal forensics analyst at Net Witness. âYou need a Columbo.â Or, better yet, a robo-Columbo. Darpaâs Zatko has been working on a system of automatically identifying what he calls âmalicious missionsâ: insider activity aimed at stealing data from inside a companyâs firewall, whether itâs a Dell PC remotely hijacked by a Chinese cyberspy or Bradley Mannings, the U.S. soldier accused of leaking classified documents about combat in Afghanistan to WikiLeaks. Zatkoâs system would monitor networks in real-time for just the sort of data-stealing behavior he would perform himself: steps like scouring large areas of the network for a certain file, dumping piles of data to external storage hardware or sending encrypted files out over the Internet. No single episode would signal a leak; instead, the software would link acts in a probabilistic chain, triggering an alert only if a string of events points to purposeful data theft. Some of that leaky behavior isnât what a casual observer might expect. Consider the cyber footprints left by Robert Hanssen, a former FBI agent serving a life sentence in a Colorado supermax prison for selling intelligence to the Soviets over two decades. Every few days Hanssen would stop his normal activities and make a single query to a server across the network, a pattern he repeated for years. That server, Zatko says, held the counterintelligence database. Hanssen was searching for himself, a routine check to see if heâd finally been found out. âYou put all these things together into the different components of the mission,â says Zatko. âIâm looking for these new rhythms, new tells, new interrelations and requirements.â Cinder wasnât created to combat WikiLeaksâin fact, it predates WikiLeaksâ biggest military scandals. But Zatko has nonetheless found himself squarely in opposition to Assangeâs missionâa strange face-off, given that the two men once traveled in the same hacker circles, during the years when Assange went by the hacker handle Mendax (a Latin reference to the âsplendidly deceptiveâ in the poet Horaceâs Odes) and reveled in accessing corporate and government systems without authorization. Neither will reveal much about their past encounters, but Assange says that they âwere in the same milieu.â Asked about Assange, Zatko says only, âI have very pleasant memories of those old days.â WikiLeaksâ founder, in fact, seems to have trouble accepting that Mudge is working for the other side. âHeâs a clever guy, and heâs also highly ethical,â says Assange. âI suspect he would have concerns about creating a system to conceal genuine abuses.â He dismisses Cinder as just another system of digital censorship. And those systems, he says, will always fail, just as Chinaâs Great Firewall canât stop well-informed and determined dissident Internet users. âCensorship might work for the average person but not for highly motivated people,â Assange says. âAnd our people are highly motivated.â *** SHUTTING DOWN WIKILEAKS WOULDNâT STOP the growing movement of transparency agitators. They now have a nation-size ally: Iceland. Since WikiLeaks scored a major scoop unearthing the corrupt loans that helped destroy that countryâs largest bank, the volcanic island is fast on its way to becoming the conduit for a global flood of leaks. It began when Kaupthing Bank collapsed in October 2008âa calamitous chain reaction that has strapped Iceland with $128 billion in debts, around $400,000 per capita. Ten months later Bogi Agustsson, a Walter Cronkite-ish anchor for Icelandic national broadcaster RUV, appeared on the evening news and explained that a legal injunction had prevented the station from airing a prepared exposà on Kaupthing. Viewers who wanted to see the material, he suggested, should visit a site called Wikileaks.org. Those who took Agustssonâs advice found a summary of Kaupthingâs loan book posted on the site, detailing more than $6 billion funneled from Kaupthingâs coffers to its own proprietors and companies they owned, often with little or no collateral; $900 million went to Olafur Olafsson, a major investor in Kaupthing who, on his birthday, flew in Elton John from England, along with a grand piano, for a one-hour concert. âThe banks had been eaten from the inside out,â says Kristinn Hrafnsson, a former investigative reporter in Reykjavik who now works with WikiLeaks. A government investigation is still going on; no criminal charges have been filed. But WikiLeaks became a household name in Iceland. In December 2009 Assange and Daniel Domscheit-Berg, a German who then worked with Wiki Leaks, were invited to keynote a free-speech conference in Reykjavik. Their talk echoed an idea from American cyber libertarian John Perry Barlow, calling for a âSwitzerland of bits.â Iceland, with its independent spirit and recent taste of explosive whistle-blowing, they suggested, could become the digital doppelgÃnger of a tax haven: a safe harbor for transparency, where itâs open season on government and business secretsâand leakers are protected by law. The idea might have gone nowhere if not for Birgitta Jonsdottir. Assangeâs message captivated the 43-year-old poet and self-styled ârealist-anarchist.â She wasnât just another idealistic protester with a goth wardrobe and hipster haircut. In the chaotic political environment that followed the national financial crisis, Jonsdottir had been elected to Icelandâs parliament, the Althingi, in April 2009. Working with the countryâs transparency activists, she pulled together the Icelandic Modern Media Initiative, or Immi. The initiative would bring to Iceland all the source-protection, freedom of information and transparency laws from around the world and even set up a Nobel-style international award for work in the field of free expression. Jonsdottir pushed through a unanimous resolution to create a series of bills to implement Immi. They would also make Iceland the most friendly legal base for whistleblowers on Earth. Velkomin, as Icelanders would say, to Leakistan. âThe more that companies resist, the more information will get out about them,â says Jonsdottir when we meet in Reykjavikâs Hressingarskalinn cafÃ, around the corner from the parliament building. âThey canât hide anymore. The war is over. They lost.â In Jonsdottirâs vision Iceland will attract both mainstream media and Wiki Leaks-like organizations to move their data to Iceland, enjoying legal protection, just as another firm might incorporate in a tax-sheltering island in the Caribbean. She may be getting a bit ahead of herself. Immi has yet to become law, though it has backing from powerful figures, including both Icelandâs minister of justice and the head of its progressive party. Even if it does, Immi likely wouldnât offer much legal protection to organizations whose assets and staff arenât physically in the country; they could still be sued anywhere else in the world, given that their digital and print publications could appear globally. Immi could also face resistance from the U.S. and the EUâparticularly when it comes to military matters. As Marc Thiessen, a conservative pundit, wrote on the blog of the American Enterprise Institute in August, âImmi calls into question Icelandâs seriousness as a NATO ally, and Iceland needs to realize there will be consequences for its actions.â There could be a backlash for exposing corporate secrets, too. Alastair Mullis, a professor of law at East Anglia University in Britain, says, âItâs possible that Iceland will become the defamation capital of the world.â Jonsdottir and fellow Immi creator Smari McCarthy are pushing ahead anyway. Immi, they say, doesnât fashion new laws; it cherry-picks existing statutes from around the world (source shields from Sweden, libel protection from New York State, protected communications with journalists from Belgium, among them). âWeâre basing our legislation on laws that have already withstood attacks,â says Jonsdottir. Defamation and other concerns like child pornography and copyright violations, she argues, would still be illegal in Iceland and wouldnât be sheltered. Nor is the idea to protect WikiLeaks itself, Jonsdottir points out. The site doesnât need help: Its data and submissions process are carefully encrypted, and its infrastructure is spread over enough countriesâincluding some servers in a bombproof, underground bunker in Swedenâthat taking it offline is already nearly impossible.âInstead Immi would foster a new wave of media organizations and whistleblower outlets that donât rely on Wiki Leaksâ technical savvy or resources. Already a handful of smaller, leak-focused conduitsâregional sites like Africa-focused SaharaReporters or Thaileaks.infoâhave published damning data. Immiâs McCarthy says heâs been approached by media organizations from Rwanda to Chechnya. German WikiLeaks staffer Daniel Domscheit-Berg, disgruntled with Assangeâs laser focus on infrequent megaleaks, has left the organization along with several others to create his own spinoff. âIn the end there must be a thousand WikiLeaks,â he told Der Spiegel in September. Iceland certainly has the infrastructure for a lot of informational mischief. Half an hour outside Reykjavik, on a landscape that resembles Mars covered in snow, the Thor Data Center is preparing for an influx of bytes. By 2011 it hopes to have thousands of servers in its aluminum-plant-turned-server-farm, powered by ultracheap geothermal energy and cooled by free arctic air. Icelandâs biggest Web host, ironically named 1984 Web Hosting, is excited about the boost Immi could give its business. âI created this company to prevent thought control,â says Mordur Ingolfsson, its chief executive. âIn my humble opinion, Immi is the most important thing to happen to this godforsaken island since the Sagas were written.â (Thatâs 600-plus years.) Jonsdottir agrees: âWikiLeaks was an important icebreaker. It was the tip. Immi is the rest of the wedge, and it will open up everything.â (She is less thrilled to learn that Assange speaks of Immi as his personal creation.)I ask Assange how he expects companies to cope with a world where hundreds of WikiLeak-alikes may soon exist. His three-part prescription is earnestâif a bit patronizing: âDo things to encourage leaks from dishonest competitors. Be as open and honest as possible. Treat your employees well.ââHe also wants to clear up a misunderstanding. Despite his revolutionary reputation, heâs not antibusiness. He bristles at the mediaâs focus on his teenage years as a computer hacker who broke into dozens of systems, from the Department of Defense to Nortel, and was eventually convicted on 25 charges of computer fraud and fined thousands of dollars. Instead, he prefers to think of himself as an entrepreneur. He tells the story of a free-speech-focused Internet service provider he cofounded in 1993, known as Suburbia. It was, to hear him tell it, the blueprint for WikiLeaksâin one instance, when the Church of Scientology demanded to know who had posted antichurch information on one site, he refused to help. (âHe has titanium balls,â says David Gerard, that siteâs creator.) âI saw it early on, without realizing it: potentiating people to reveal their information, creating a conduit,â Assange says. âWithout having any other robust publisher in the market, people came to us.â Leaks merely lubricate the free market, he says, settling into the couch and clearly enjoying giving me a lecture on economics. (Later, as a 45-minute interview pushes into two hours, he ignores his handler, who keeps urging him to leave for his next appointment.) He cites the example of the Chinese Sanlu Group, whose milk powder contained toxic melamine in 2008. While poisoning its customers, Sanlu also gained an advantage over competitors and might have forced more of them to taint their products, too, or go bankruptâif Sanlu hadnât been exposed in the Chinese press. âIn the struggle between open and honest companies and dishonest and closed companies, weâre creating a tremendous reputational tax on the unethical companies,â he says. Of course, Assangeâs tax isnât as equitable as it sounds. He alone decides where to apply the penalty, choosing the targets and when to expose them with a touch of theatrical grandstandingâand with zero accountability. For betterâand worseâWikiLeaks has become the Julian Assange Show. As a photographer begins shooting, Assange wonders aloud if the coat heâs wearing might have been produced by a labor-exploiting company. A few minutes later he jokes about his âmessiah complex.â Like any true believer, Assange sees his work in simple terms. Markets, he reminds me, canât exist without information. Business will come to appreciate what he offers. And if that requires a few painful scandals in the process? Assange doesnât miss a beat. âPain for the guilty.â INTERVIEW An Interview With WikiLeaksâ Julian Assange Nov. 29 2010 - 5:02 pm Admire him or revile him, WikiLeaksâ Julian Assange is the prophet of a coming age of involuntary transparency, the leader of an organization devoted to divulging the worldâs secrets using technology unimagined a generation ago. Over the last year his information insurgency has dumped 76,000 secret Afghan war documents and another trove of 392,000 files from the Iraq war into the public domainâthe largest classified military security breaches in history. Sunday, WikiLeaks made the first of 250,000 classified U.S. State Department cables public, offering an unprecedented view of how Americaâs top diplomats view enemies and friends alike. But, as Assange explained to me earlier this month, the Pentagon and State Department leaks are just the start. In a rare, two-hour interview conducted in London on November 11, Assange said that heâs still sitting on a trove of secret documents, about half of which relate to the private sector. And WikiLeaksâ next target will be a major American bank. âIt will give a true and representative insight into how banks behave at the executive level in a way that will stimulate investigations and reforms, I presume,â he said, adding: âFor this, thereâs only one similar example. Itâs like the Enron emails.â Here is an edited transcript of that discussion: Forbes: To start, is it true youâre sitting on trove of unpublished documents? Julian Assange: Sure. Thatâs usually the case. As weâve gotten more successful, thereâs a gap between the speed of our publishing pipeline and the speed of our receiving submissions pipeline. Our pipeline of leaks has been increasing exponentially as our profile rises, and our ability to publish is increasing linearly. You mean as your personal profile rises? Yeah, the rising profile of the organization and my rising profile also. And thereâs a network effect for anything to do with trust. Once something starts going around and being considered trustworthy in a particular arena, and you meet someone and they say âI heard this is trustworthy,â then all of a sudden it reconfirms your suspicion that the thing is trustworthy. So thatâs why brand is so important, just as it is with anything you have to trust. And this gap between your publishing resources and your submissions is why the siteâs submission function has been down since October? We have too much. Before you turned off submissions, how many leaks were you getting a day? As I said, it was increasing exponentially. When we get lots of press, we can get a spike of hundreds or thousands. The quality is sometimes not as high. If the front page of the Pirate Bay links to us, as they have done on occasion, we can get a lot of submissions, but the quality is not as high. How much of this trove of documents that youâre sitting on is related to the private sector? About fifty percent. Youâve been focused on the U.S. military mostly in the last year. Does that mean you have private sector-focused leaks in the works? Yes. If you think about it, we have a publishing pipeline thatâs increasing linearly, and an exponential number of leaks, so weâre in a position where we have to prioritize our resources so that the biggest impact stuff gets released first. So do you have very high impact corporate stuff to release then? Yes, but maybe not as high impactâI mean, it could take down a bank or two. That sounds like high impact. But not as big an impact as the history of a whole war. But it depends on how you measure these things. When will WikiLeaks return to its older model of more frequent leaks of smaller amounts of material? If you look at the average number of documents weâre releasing, weâre vastly exceeding what we did last year. These are huge datasets. So itâs actually very efficient for us to do that. If you look at the number of packages, the number of packages has decreased. But if you look at the average number of documents, thatâs tremendously increased. So will you return to the model of higher number of targets and sources? Yes. Though I do actually thinkâ[pauses] These big package releases. There should be a cute name for them. Megaleaks? Megaleaks. Thatâs good. These megaleaksâTheyâre an important phenomenon, and theyâre only going to increase. When thereâs a tremendous dataset, covering a whole period of history or affecting a whole group of people, thatâs worth specializing on and doing a unique production for each one, which is what weâve done. Weâre totally source dependent. We get what we get. As our profile rises in a certain area, we get more in a particular area. People say, why donât you release more leaks from the Taliban. So I say hey, help us, tell more Taliban dissidents about us. These megaleaks, as you call them, we havenât seen any of those from the private sector. No, not at the same scale as for the military. Will we? Yes. We have one related to a bank coming up, thatâs a megaleak. Itâs not as big a scale as the Iraq material, but itâs either tens or hundreds of thousands of documents depending on how you define it. Is it a U.S. bank? Yes, itâs a U.S. bank. One that still exists? â Yes, a big U.S. bank. The biggest U.S. bank? No comment. When will it happen? Early next year. I wonât say more. What do you want to be the result of this release? [Pauses] Iâm not sure. It will give a true and representative insight into how banks behave at the executive level in a way that will stimulate investigations and reforms, I presume. Usually when you get leaks at this level, itâs about one particular case or one particular violation. For this, thereâs only one similar example. Itâs like the Enron emails. Why were these so valuable? When Enron collapsed, through court processes, thousands and thousands of emails came out that were internal, and it provided a window into how the whole company was managed. It was all the little decisions that supported the flagrant violations. This will be like that. Yes, there will be some flagrant violations, unethical practices that will be revealed, but it will also be all the supporting decision-making structures and the internal executive ethos that cames out, and thatâs tremendously valuable. Like the Iraq War Logs, yes there were mass casualty incidents that were very newsworthy, but the great value is seeing the full spectrum of the war. You could call it the ecosystem of corruption. But itâs also all the regular decision making that turns a blind eye to and supports unethical practices: the oversight thatâs not done, the priorities of executives, how they think theyâre fulfilling their own self-interest. The way they talk about it. How many dollars were at stake in this? Weâre still investigating. All I can say is itâs clear there were unethical practices, but itâs too early to suggest thereâs criminality. We have to be careful about applying criminal labels to people until weâre very sure. Can you tell me anything about what kind of unethical behavior weâre talking about? No. You once said to one of my colleagues that WikiLeaks has material on BP. What have you got? Weâve got lots now, but we havenât determined how much is original. Thereâs been a lot of press on the BP issue, and lawyers, and people are pulling out a lot of stuff. So I suspect the material we have on BP may not be that original. Weâll have to see whether our stuff is especially unique. The Russian press has reported that you plan to target Russian companies and politicians. Iâve heard from other WikiLeaks sources that this was blown out of proportion. It was blown out of proportion when the FSB reportedly said not to worry, that they could take us down. But yes, we have material on many business and governments, including in Russia. Itâs not right to say thereâs going to be a particular focus on Russia. Letâs just walk through other industries. What about pharmaceutical companies? Yes. To be clear, we have so much unprocessed stuff, Iâm not even sure about all of it. These are just things Iâve briefly looked at or that one of our people have told me about. How much stuff do you have? How many gigs or terabytes? Iâm not sure. I havenât had time to calculate. Continuing then: The tech industry? We have some material on spying by a major government on the tech industry. Industrial espionage. U.S.? China? The U.S. is one of the victims. What about the energy industry? Yes. Aside from BP? Yes. On environmental issues? A whole range of issues. Can you give me some examples? One example: It began with something we released last year, quite an interesting case that wasnât really picked up by anyone. Thereâs a Texas Canadian oil company whose name escapes me. And they had these wells in Albania that had been blowing. Quite serious. We got this report from a consultant engineer into what was happening, saying vans were turning up in the middle of the night doing something to them. They were being sabotaged. The Albanian government was involved with another company; There were two rival producers and one was government-owned and the other was privately owned. So when we got this report; It didnât have a header. It didnât say the name of the firm, or even who the wells belonged to. So it wasnât picked up because it was missing key data. At the time, yeah. So I said, what the hell do we do with this thing? Itâs impossible to verify if we donât even know who it came from. It could have been one company trying to frame the other one. So we did something very unusual, and published it and said âWeâve got this thing, looks like it could have been written by a rival company aiming to defame the other, but we canât verify it. We want more information.â Whether itâs a fake document or real one, something was going on. Either one company is trying to frame the other, which is interesting, or itâs true, which is also very interesting. Thatâs where the matter sat until we got a letter of inquiry from an engineering consulting company asking how to get rid of it. We demanded that they first prove that they were the owner. It sounds like when Apple confirmed that the lost iPhone 4 was real, by demanding that Gizmodo return it. Yes, like Apple and the iPhone. They sent us a screen capture with the missing header and other information. What were they thinking? I donât know. So the full publication is coming up? Yes. Do you have more on finance? We have a lot of finance related things. Of the commercial sectors weâve covered, finance is the most significant. Before the banks went bust in Dubai, we put out a number of leaks showing they were unhealthy. They threatened to send us to prison in Dubai, which is a little serious, if we went there. Just to review, what would you say are the biggest five private sector leaks in WikiLeaksâ history? It depends on the importance of the material vs. the impact. Kaupthing was one of the most important, because of the chain of effects it set off, the scrutiny in Iceland and the rest of Scandinvia. The Bank Julius Baer case was also important. The Kaupthing leak was a very good leak. The loanbook described in very frank terms the credit worthiness of all these big companies and billionaires and borrowers, not just internal to the bank, but a broad spectrum all over the world, an assessment of a whole bunch of businesses around the world. It was quite an interesting leak. It didnât just expose Kaupthing, it exposed many companies. The bank Julius Baer exposed high net worth individuals hiding assets in the Cayman Islands, and we went on to do a series that exposed bank Julius Baerâs own internal tax structure. Itâs interesting that Swiss banks also hide their assets from the Swiss by using offshore bank structuring. We had some quite good stuff in there. It set off a chain of regulatory investigations, possibly resulting in some changes. It triggered a lot of interesting scrutiny. Regulation: Is that what youâre after? Iâm not a big fan of regulation: anyone who likes freedom of the press canât be. But there are some abuses that should be regulated, and this is one. With regard to these corporate leaks, I should say: Thereâs an overlap between corporate and government leaks. When we released the Kroll report on three to four billion smuggled out by the former Kenyan president Daniel arap Moi and his cronies, where did the money go? Thereâs no megacorruptionâas they call it in Africa, itâs a bit sensational but youâre talking about billionsâwithout support from Western banks and companies. That money went into London properties, Swiss banks, property in New York, companies that had been set up to move this money. We had another interesting one from the pharmaceutical industry: It was quite self-referential. The lobbyists had been getting leaks from the WHO. They were getting their own internal intelligence report affecting investment regulation. We were leaked a copy. It was a meta-leak. That was quite influential, though it was a relatively small leakâit was published in Nature and other pharma journals. What do you think WikiLeaks mean for business? How do businesses need to adjust to a world where WikiLeaks exists? WikiLeaks means itâs easier to run a good business and harder to run a bad business, and all CEOs should be encouraged by this. I think about the case in China where milk powder companies started cutting the protein in milk powder with plastics. That happened at a number of separate manufacturers. Letâs say you want to run a good company. Itâs nice to have an ethical workplace. Your employees are much less likely to screw you over if theyâre not screwing other people over. Then one company starts cutting their milk powder with melamine, and becomes more profitable. You can follow suit, or slowly go bankrupt and the one thatâs cutting its milk powder will take you over. Thatâs the worst of all possible outcomes. The other possibility is that the first one to cut its milk powder is exposed. Then you donât have to cut your milk powder. Thereâs a threat of regulation that produces self-regulation. It just means that itâs easier for honest CEOs to run an honest business, if the dishonest businesses are more effected negatively by leaks than honest businesses. Thatâs the whole idea. In the struggle between open and honest companies and dishonest and closed companies, weâre creating a tremendous reputational tax on the unethical companies. No one wants to have their own things leaked. It pains us when we have internal leaks. But across any given industry, it is both good for the whole industry to have those leaks and itâs especially good for the good players. But aside from the market as a whole, how should companies change their behavior understanding that leaks will increase? Do things to encourage leaks from dishonest competitors. Be as open and honest as possible. Treat your employees well. I think itâs extremely positive. You end up with a situation where honest companies producing quality products are more competitive than dishonest companies producing bad products. And companies that treat their employees well do better than those that treat them badly. Would you call yourself a free market proponent? Absolutely. I have mixed attitudes towards capitalism, but I love markets. Having lived and worked in many countries, I can see the tremendous vibrancy in, say, the Malaysian telecom sector compared to U.S. sector. In the U.S. everything is vertically integrated and sewn up, so you donât have a free market. In Malaysia, you have a broad spectrum of players, and you can see the benefits for all as a result. How do your leaks fit into that? To put it simply, in order for there to be a market, there has to be information. A perfect market requires perfect information. Thereâs the famous lemon example in the used car market. Itâs hard for buyers to tell lemons from good cars, and sellers canât get a good price, even when they have a good car. By making it easier to see where the problems are inside of companies, we identify the lemons. That means thereâs a better market for good companies. For a market to be free, people have to know who theyâre dealing with. Youâve developed a reputation as anti-establishment and anti-institution. Not at all. Creating a well-run establishment is a difficult thing to do, and Iâve been in countries where institutions are in a state of collapse, so I understand the difficulty of running a company. Institutions donât come from nowhere. Itâs not correct to put me in any one philosophical or economic camp, because Iâve learned from many. But one is American libertarianism, market libertarianism. So as far as markets are concerned Iâm a libertarian, but I have enough expertise in politics and history to understand that a free market ends up as monopoly unless you force them to be free. WikiLeaks is designed to make capitalism more free and ethical. But in the meantime, there could be a lot of pain from these scandals, obviously. Pain for the guilty. Do you derive pleasure from these scandals that you expose and the companies you shame? Itâs tremendously satisfying work to see reforms being engaged in and stimulating those reforms. To see opportunists and abusers brought to account. You were a traditional computer hacker. How did you find this new model of getting information out of companies? Itâs a bit annoying, actually. Because I cowrote a book about [being a hacker], there are documentaries about that, people talk about that a lot. They can cut and paste. But that was 20 years ago. Itâs very annoying to see modern day articles calling me a computer hacker. Iâm not ashamed of it, Iâm quite proud of it. But I understand the reason they suggest Iâm a computer hacker now. Thereâs a very specific reason. I started one of the first ISPs in Australia, known as Suburbia, in 1993. Since that time, Iâve been a publisher, and at various moments a journalist. Thereâs a deliberate attempt to redefine what weâre doing not as publishing, which is protected in many countries, or the journalist activities, which is protected in other ways, as something which doesnât have a protection, like computer hacking, and to therefore split us off from the rest of the press and from these legal protections. Itâs done quite deliberately by some of our opponents. Itâs also done because of fear, from publishers like The New York Times that theyâll be regulated and investigated if they include our activities in publishing and journalism. Iâm not arguing youâre a hacker now. But if we say that both what you were doing then and now are both about gaining access to information, when did you change your strategy from going in and getting it to simply asking for it? That hacker mindset was very valuable to me. But the insiders know where the bodies are. Itâs much more efficient to have insiders. They know the problems, they understand how to expose them. How did you start to approach your leak strategy? When we started Suburbia in 1993, I knew that bringing information to the people was very important. We facilitated many groups: We were the electronic printer if you like for many companies and individuals who were using us to publish information. They were bringing us information, and some of them were activist groups, lawyers. And some bringing forth information about companies, like Telstra, the Australian telecommunications giant. We published information on them. Thatâs something I was doing in the 1990s. We were the free speech ISP in Australia. An Australian Anti-church of Scientology website was hounded out of Victoria University by legal threats from California, and hounded out of a lot of places. Eventually they came to us. People were fleeing from ISPs that would fold under legal threats, even from a cult in the U.S. Thatâs something I saw early on, without realizing it: potentiating people to reveal their information, creating a conduit. Without having any other robust publisher in the market, people came to us. I wanted to ask you about [Peiter Zatko, a legendary hacker and security researcher who also goes by] âMudge.â Yeah, I know Mudge. Heâs a very sharp guy. Mudge is now leading a project at the Pentagonâs Defense Advanced Research Projects Agency to find a technology that can stop leaks, which seems pretty relative to your organization. Can you tell me about your past relationship with Mudge? Well, Iâno comment. Were you part of the same scene of hackers? When you were a computer hacker, you must have known him well. We were in the same milieu. I spoke with everyone in that milieu. What do you think of his current work to prevent digital leaks inside of organizations, a project called Cyber Insider Threat or Cinder? I know nothing about it. But what do you of the potential of any technology designed to prevent leaks? Marginal. What do you mean? New formats and new ways of communicating are constantly cropping up. Stopping leaks is a new form of censorship. And in the same manner that very significant resources spent on Chinaâs firewall, the result is that anyone whoâs motivated can work around it. Not just the small fraction of users, but anyone who really wants to can work around it. Censorship circumvention tools [like the program Tor] also focus on leaks. They facilitate leaking. Airgapped networks are different. Where thereâs literally no connection between the network and the internet. You may need a human being to carry something. But they donât have to intentionally carry it. It could be a virus on a USB stick, as the Stuxnet worm showed, though it went in the other direction. You could pass the information out via someone who doesnât know theyâre a mule. Back to Mudge and Cinder: Do you think, knowing his intelligence personally, that he can solve the problem of leaks? No, but that doesnât mean that the difficulty canât be increased. But I think itâs a very difficult case, and the reason I suggest itâs an impossible case to solve completely is that most people do not leak. And the various threats and penalties already mean they have to be highly motivated to deal with those threats and penalties. These are highly motivated people. Censoring might work for the average person, but not for highly motivated people. And our people are highly motivated. Mudge is a clever guy, and heâs also highly ethical. I suspect he would have concerns about creating a system to conceal genuine abuses. But his goal of preventing leaks doesnât differentiate among different types of content. It would stop whistleblowers just as much as it stops exfiltration of data by foreign hackers. Iâm sure heâll tell you China spies on the U.S., Russia, France. There are genuine concerns about those powers exfiltrating data. And itâs possibly ethical to combat that process. But spying is also stabilizing to relationships. Your fears about where a country is or is not are always worse than the reality. If you only have a black box, you can put all your fears into it, particularly opportunists in government or private industry who want to address a problem that may not exist. If you know what a government is doing, that can reduce tensions. There have been reports that Daniel Domscheit-Berg, a German who used to work with WikiLeaks, has left to create his own WikiLeaks-type organization. The Wall Street Journal described him as a âcompetitorâ to WikiLeaks. Do you see him as competition? The supply of leaks is very large. Itâs helpful for us to have more people in this industry. Itâs protective to us. What do you think of the idea of WikiLeaks copycats and spinoffs? â There have been a few over time, and theyâve been very dangerous. Itâs not something thatâs easy to do right. Thatâs the problem. Recently we saw a Chinese WikiLeaks. We encouraged them to come to us to work with us. It would be nice to have more Chinese speakers working with us in a dedicated way. But what theyâd set up had no meaningful security. They have no reputation you can trust. Itâs very easy and very dangerous to do it wrong. Do you think that the Icelandic Modern Media Initiative [a series of bills to make Iceland the most free-speech and whistleblower-protective country in the world] would make it easier to do this right if it passes? Not at the highest level. We deal with organizations that do not obey the rule of law. So laws donât matter. Intelligence agencies keep things secret because they often violate the rule of law or of good behavior. What about corporate leaks? For corporate leaks, yes, free speech laws could make things easier. Not for military contractors, because theyâre in bed with intelligence agencies. If a spy agencyâs involved, IMMI wonât help you. Except it may increase the diplomatic cost a little, if theyâre caught. Thatâs why our primary defense isnât law, but technology. Are there any other leaking organizations that you do endorse? âNo, there are none. Do you hope that IMMI will foster a new generation of WikiLeaks-type organizations? More than WikiLeaks: general publishing. Weâre the canary in the coalmine. Weâre at the vanguard. But the attacks against publishers in general are severe. If you had a wishlist of what industries or governments, what are you looking for from leakers? All governments, all industries. We accept all material of diplomatic, historical or ethical significance that hasnât been released before and is under active suppression. Thereâs a question about which industries have the greatest potential for reform. Those may be the ones we havenât heard about yet. So whatâs the big thing around the corner? The real answer is I donât know. No one in the public knows. But someone on the inside does know. But there are also industries that just have more secrecy, so you must know there are things you want that you havenât gotten. Thatâs right. Within the intelligence industry is one example. They have a higher level of secrecy. And thatâs also true of the banking industry. Other industries that are extremely well paid, say Goldman Sachs, might have higher incentives not to lose their jobs. So itâs only the obvious things that we want: Things concerning intelligence and war, and mass financial fraud. Because they affect so many people so severely. And theyâre harder leaks to get. Intelligence particularly, because the penalties are so severe. Although very few people have been caught, itâs worth noting. The penalties may be severe, but nearly everyone gets away with it. To keep people in control, you only need to make them scared. The CIA is not scared as an institution of people leaking. Itâs scared that people will know that people are leaking and getting away with it. If that happens, the management loses control. And WikiLeaks has the opposite strategy? Thatâs right. Itâs summed up by the phrase âcourage is contagious.â If you demonstrate that individuals can leak something and go on to live a good life, itâs tremendously incentivizing to people. # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mail.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime@kein.org