by Andy Greenberg

Forbes

December 2010

Admire him or revile him, WikiLeaks’ Julian Assange is the prophet of a coming age of involuntary transparency, the leader of an organization devoted to divulging the world’s secrets using technology unimagined a generation ago.Over the last year his information insurgency has dumped 76,000 secret Afghan war documents and another trove of 392,000 files from the Iraq war into the public domain–the largest classified military security breaches in history. Sunday, WikiLeaks made the first of 250,000 classified U.S. State Department cables public, offering an unprecedented view of how America’s top diplomats view enemies and friends alike.

But, as Assange explained to me earlier this month, the Pentagon and State Department leaks are just the start.

For our cover story on Assange and the coming age of leaks, click here.

In a rare, two-hour interview conducted in London on November 11, Assange said that he’s still sitting on a trove of secret documents, about half of which relate to the private sector. And WikiLeaks’ next target will be a major American bank. “It will give a true and representative insight into how banks behave at the executive level in a way that will stimulate investigations and reforms, I presume,” he said, adding: “For this, there’s only one similar example. It’s like the Enron emails.”

Here is an edited transcript of that discussion:

Forbes: To start, is it true you’re sitting on trove of unpublished documents?

Julian Assange: Sure. That’s usually the case. As we’ve gotten more successful, there’s a gap between the speed of our publishing pipeline and the speed of our receiving submissions pipeline. Our pipeline of leaks has been increasing exponentially as our profile rises, and our ability to publish is increasing linearly.

You mean as your personal profile rises?

Yeah, the rising profile of the organization and my rising profile also. And there’s a network effect for anything to do with trust. Once something starts going around and being considered trustworthy in a particular arena, and you meet someone and they say “I heard this is trustworthy,” then all of a sudden it reconfirms your suspicion that the thing is trustworthy.

So that’s why brand is so important, just as it is with anything you have to trust.

And this gap between your publishing resources and your submissions is why the site’s submission function has been down since October?

We have too much.

Before you turned off submissions, how many leaks were you getting a day?

As I said, it was increasing exponentially. When we get lots of press, we can get a spike of hundreds or thousands. The quality is sometimes not as high. If the front page of the Pirate Bay links to us, as they have done on occasion, we can get a lot of submissions, but the quality is not as high.

How much of this trove of documents that you’re sitting on is related to the private sector?

About fifty percent.

You’ve been focused on the U.S. military mostly in the last year. Does that mean you have private sector-focused leaks in the works?

Yes. If you think about it, we have a publishing pipeline that’s increasing linearly, and an exponential number of leaks, so we’re in a position where we have to prioritize our resources so that the biggest impact stuff gets released first.

So do you have very high impact corporate stuff to release then?

Yes, but maybe not as high impact…I mean, it could take down a bank or two.

That sounds like high impact.

But not as big an impact as the history of a whole war. But it depends on how you measure these things.

When will WikiLeaks return to its older model of more frequent leaks of smaller amounts of material?

If you look at the average number of documents we’re releasing, we’re vastly exceeding what we did last year. These are huge datasets. So it’s actually very efficient for us to do that.

If you look at the number of packages, the number of packages has decreased. But if you look at the average number of documents, that’s tremendously increased.

So will you return to the model of higher number of targets and sources?

Yes. Though I do actually think…[pauses] These big package releases. There should be a cute name for them.

Megaleaks?

Megaleaks. That’s good. These megaleaks…They’re an important phenomenon, and they’re only going to increase. When there’s a tremendous dataset, covering a whole period of history or affecting a whole group of people, that’s worth specializing on and doing a unique production for each one, which is what we’ve done.

We’re totally source dependent. We get what we get. As our profile rises in a certain area, we get more in a particular area. People say why don’t you release more leaks form the Taliban. So I say hey, help us, tell more Taliban dissidents about us.

These megaleaks, as you call them that, we haven’t seen any of those from the private sector.

No, not at the same scale for the military.

Will we?

Yes. We have one related to a bank coming up, that’s a megaleak. It’s not as big a scale as the Iraq material, but it’s either tens or hundreds of thousands of documents depending on how you define it.

Is it a U.S. bank?

Yes, it’s a U.S. bank.

One that still exists?

Yes, a big U.S. bank.

The biggest U.S. bank?

No comment.

When will it happen?

Early next year. I won’t say more.

What do you want to be the result of this release?

[Pauses] I’m not sure.

It will give a true and representative insight into how banks behave at the executive level in a way that will stimulate investigations and reforms, I presume. Usually when you get leaks at this level, it’s about one particular case or one particular violation.

For this, there’s only one similar example. It’s like the Enron emails. Why were these so valuable? When Enron collapsed, through court processes, thousands and thousands of emails came out that were internal, and it provided a window into how the whole company was managed. It was all the little decisions that supported the flagrant violations.

This will be like that. Yes, there will be some flagrant violations, unethical practices that will be revealed, but it will also be all the supporting decision-making structures and the internal executive ethos that cames out, and that’s tremendously valuable. Like the Iraq War Logs, yes there were mass casualty incidents that were very newsworthy, but the great value is seeing the full spectrum of the war.

You could call it the ecosystem of corruption. But it’s also all the regular decision making that turns a blind eye to and supports unethical practices: the oversight that’s not

done, the priorities of executives, how they think they’re fulfilling their own self-interest. But it’s also all the regular decision making that turns a blind eye to and supports unethical practices: the oversight that’s not done, the priorities of executives, how they think they’re fulfilling their own self-interest. The way they talk about it.

How many dollars were at stake in this?

We’re still investigating. All I can say is it’s clear there were unethical practices, but it’s too early to suggest there’s criminality. We have to be careful about applying criminal labels to people until we’re very sure.

Can you tell me anything about what kind of unethical behavior we’re talking about?

No.

You once said to one of my colleagues that WikiLeaks has material on BP. What have you got?

We’ve got lots now, but we haven’t determined how much is original. There’s been a lot of press on the BP issue, and lawyers, and people are pulling out a lot of stuff. So I suspect the material we have on BP may not be that original. We’ll have to see whether our stuff is especially unique.

The Russian press has reported that you plan to target Russian companies and politicians. I’ve heard from other WikiLeaks sources that this was blown out of proportion.

It was blown out of proportion when the FSB reportedly said not to worry, that they could take us down. But yes, we have material on many business and governments, including in Russia. It’s not right to say there’s going to be a particular focus on Russia.

Let’s just walk through other industries. What about pharmaceutical companies?

Yes. To be clear, we have so much unprocessed stuff, I’m not even sure about all of it. These are just things I’ve briefly looked at or that one of our people have told me about.

How much stuff do you have? How many gigs or terabytes?

I’m not sure. I haven’t had time to calculate.

Continuing then: The tech industry?

We have some material on spying by a major government on the tech industry. Industrial espionage.

U.S.? China?

The U.S. is one of the victims.

What about the energy industry?

Yes.

Aside from BP?

Yes.

On environmental issues?

A whole range of issues.

Can you give me some examples?

One example: It began with something we released last year, quite an interesting case that wasn’t really picked up by anyone. There’s a Texas Canadian oil company whose name escapes me. And they had these wells in Albania that had been blowing. Quite serious. We got this report from a consultant engineer into what was happening, saying vans were turning up in the middle of the night doing something to them. They were being sabotaged. The Albanian government was involved with another company; There were two rival producers and one was government-owned and the other was privately owned.

So when we got this report; It didn’t have a header. It didn’t say the name of the firm, or even who the wells belonged to.

So it wasn’t picked up because it was missing key data.

At the time, yeah. So I said, what the hell do we do with this thing? It’s impossible to verify if we don’t even know who it came from. It could have been one company trying to frame the other one. So we did something very unusual, and published it and said “We’ve got this thing, looks like it could have been written by a rival company aiming to defame the other, but we can’t verify it. We want more information.” Whether it’s a fake document or real one, something was going on. Either one company is trying to frame the other, which is interesting, or it’s true, which is also very interesting.

That’s where the matter sat until we got a letter of inquiry from an engineering consulting company asking how to get rid of it. We demanded that they first prove that they were the owner.

It sounds like when Apple confirmed that the lost iPhone 4 was real, by demanding that Gizmodo return it.

Yes, like Apple and the iPhone. They sent us a screen capture with the missing header and other information.

What were they thinking?

I don’t know.

So the full publication is coming up?

Yes.

Do you have more on finance?

We have a lot of finance related things. Of the commercial sectors we’ve covered, finance is the most significant.

Before the banks went bust in Dubai, we put out a number of leaks showing they were unhealthy. They threatened to send us to prison in Dubai, which is a little serious, if we went there.

Just to review, what would you say are the biggest five private sector leaks in WikiLeaks’ history?

It depends on the importance of the material vs. the impact. Kaupthing was one of the most important, because of the chain of effects it set off, the scrutiny in Iceland and the rest of Scandinvia. The Bank Julius Baer case was also important.

The Kaupthing leak was a very good leak. The loanbook described in very frank terms the credit worthiness of all these big companies and billionaires and borrowers, not just internal to the bank, but a broad spectrum all over the world, an assessment of a whole bunch of businesses around the world. It was quite an interesting leak. It didn’t just expose Kaupthing, it exposed many companies.

The bank Julius Baer exposed high network individuals hiding assets in the Cyaman islands, and we went on to do a series that exposed bank Julius Baer’s own internal tax structure. It’s interesting that Swiss banks also hide their assets from the Swiss by using offshore bank structuring. We had some quite good stuff in there.

It set off a chain of regulatory investigations, possibly resulting in some changes. It triggered a lot of interesting scrutiny.

Regulation: Is that what you’re after?

I’m not a big fan of regulation: anyone who likes freedom of the press can’t be. But there are some abuses that should be regulated, and this is one.

With regard to these corporate leaks, I should say: There’s an overlap between corporate and government leaks. When we released the Kroll report on three to four billion smuggled out by the former Kenyan president Daniel arap Moi and his cronies, where did the money go? There’s no megacorruption–as they call it in Africa, it’s a bit sensational but you’re talking about billions–without support from Western banks and companies.

That money went into London properties, Swiss banks, property in New York, companies that had been set up to move this movie.

We had another interesting one from the pharmaceutical industry: It was quite self-referential. The lobbyists had been getting leaks from the WHO. They were getting their own internal intelligence report affecting investment regulation. We were leaked a copy. It was a meta-leak. That was quite influential, though it was a relatively small leak–it was published in Nature and other pharma journals.

What do you think WikiLeaks mean for business? How do businesses need to adjust to a world where WikiLeaks exists?

WikiLeaks means it’s easier to run a good business and harder to run a bad business, and all CEOs should be encouraged by this. I think about the case in China where milk powder companies started cutting the protein in milk powder with plastics. That happened at a number of separate manufacturers.

Let’s say you want to run a good company. It’s nice to have an ethical workplace. Your employees are much less likely to screw you over if they’re not screwing other people over.

Then one company starts cutting their milk powder with melamine, and becomes more profitable. You can follow suit, or slowly go bankrupt and the one that’s cutting its milk powder will take you over. That’s the worst of all possible outcomes.

The other possibility is that the first one to cut its milk powder is exposed. Then you don’t have to cut your milk powder. There’s a threat of regulation that produces self-regulation.

It just means that it’s easier for honest CEOs to run an honest business, if the dishonest businesses are more effected negatively by leaks than honest businesses. That’s the whole idea. In the struggle between open and honest companies and dishonest and closed companies, we’re creating a tremendous reputational tax on the unethical companies.

No one wants to have their own things leaked. It pains us when we have internal leaks. But across any given industry, it is both good for the whole industry to have those leaks and it’s especially good for the good players.

But aside from the market as a whole, how should companies change their behavior understanding that leaks will increase?

Do things to encourage leaks from dishonest competitors. Be as open and honest as possible. Treat your employees well.

I think it’s extremely positive. You end up with a situation where honest companies producing quality products are more competitive than dishonest companies producing bad products. And companies that treat their employees well do better than those that treat them badly.

Would you call yourself a free market proponent?

Absolutely. I have mixed attitudes towards capitalism, but I love markets. Having lived and worked in many countries, I can see the tremendous vibrancy in, say, the Malaysian telecom sector compared to U.S. sector. In the U.S. everything is vertically integrated and sewn up, so you don’t have a free market. In Malaysia, you have a broad spectrum of players, and you can see the benefits for all as a result.

How do your leaks fit into that?

To put it simply, in order for there to be a market, there has to be information. A perfect market requires perfect information.

There’s the famous lemon example in the used car market. It’s hard for buyers to tell lemons from good cars, and sellers can’t get a good price, even when they have a good car.

By making it easier to see where the problems are inside of companies, we identify the lemons. That means there’s a better market for good companies. For a market to be free, people have to know who they’re dealing with.

You’ve developed a reputation as anti-establishment and anti-institution.

Not at all. Creating a well-run establishment is a different thing to do, and I’ve been in countries where inst are in a state of collapse, so I understand the difficulty of running a company. Institutions don’t come from nowhere.

It’s not correct to put me in any one philosophical or economic camp, because I’ve learned from many. But one is American libertarianism, market libertarianism. So as far as markets are concerned I’m a libertarian, but I have enough expertise in politics and history to understand that a free market ends up as monopoly unless you force them to be free.

WikiLeaks is designed to make capitalism more free and ethical.

But in the meantime, there could be a lot of pain from these scandals, obviously.

Pain for the guilty.

Do you derive pleasure from these scandals that you expose and the companies you shame?

It’s tremendously satisfying work to see reforms being engaged in and stimulating those reforms. To see opportunists and abusers brought to account.

You were a traditional computer hacker. How did you find this new model of getting information out of companies?

It’s a bit annoying, actually. Because I cowrote a book about [being a hacker], there are documentaries about that, people talk about that a lot. They can cut and paste. But that was 20 years ago. It’s very annoying to see modern day articles calling me a computer hacker. I’m not ashamed of it, I’m quite proud of it.

But I understand the reason they suggest I’m a computer hacker now. There’s a very specific reason.

I started one of the first ISPs in Australia, known as Suburbia, in 1993. Since that time, I’ve been a publisher since that time, and at various moments a journalist. There’s a deliberate attempt to redefine what we’re doing not as publishing, which is protected in many countries, or the journalist activities, which is protected in other ways, as something which doesn’t have a protection, like computer hacking, and to therefore split us off from the rest of the press and from these legal protections. It’s done quite deliberately by some of our opponents. It’s also done because of fear, from publishers like The New York Times that they’ll be regulated and investigated if they include our activities in publishing and journalism.

I’m not arguing you’re a hacker now. But if we say that both what you were doing then and now are both about gaining access to information, when did you change your strategy from going in and getting it to simply asking for it?

That hacker mindset was very valuable to me. But the insiders know where the bodies are. It’s much more efficient to have insiders. They know the problems, they understand how to expose them.

How did you start to approach your leak strategy?

When we started Suburbia in 1993, I knew that bringing information to the people was very important. We facilitated many groups: We were the electronic printer if you like for many companies and individuals who were using us to publish information. They were bringing us information, and some of them were activist groups, lawyers. And some bringing forth information about companies, like Telstra, the Australian telecommunications giant. We published information on them. That’s something I was doing in the 1990s.

We were the free speech ISP in Australia. An Australian Anti-church of Scientology website was hounded out of Victoria University by legal threats from California, and hounded out of a lot of places. Eventually they came to us.

People were fleeing from ISPs that would fold under legal threats, even from a cult in the U.S. That’s something I saw early on, without realizing it: potentiating people to reveal their information, creating a conduit. Without having any other robust publisher in the market, people came to us.

I wanted to ask you about [Peiter Zatko, a legendary hacker and security researcher who also goes by] “Mudge.”

Yeah, I know Mudge. He’s a very sharp guy.

Mudge is now leading a project at the Pentagon’s Defense Advanced Research Projects Agency to find a technology that can stop leaks, which seems pretty relative to your organization. Can you tell me about your past relationship with Mudge?

Well, I…no comment.

Were you part of the same scene of hackers? When you were a computer hacker, you must have known him well.

We were in the same milieu. I spoke with everyone in that milieu.

What do you think of his current work to prevent digital leaks inside of organizations, a project called Cyber Insider Threat or Cinder?

I know nothing about it.

But what do you of the potential of any technology designed to prevent leaks?

Marginal.

What do you mean?

New formats and new ways of communicating are constantly cropping up. Stopping leaks is a new form of censorship. And in the same manner that very significant resources spent on China’s firewall, the result is that anyone who’s motivated can work around it. Not just the small fraction of users, but anyone who really wants to can work around it.

Censorship circumvention tools [like the program Tor] also focus on leaks. They facilitate leaking.

Airgapped networks are different. Where there’s literally no connection between the network and the internet. You may need a human being to carry something. But they don’t have to intentionally carry it. It could be a virus on a USB stick, as the Stuxnet worm showed, though it went in the other direction. You could pass the information out via someone who doesn’t know they’re a mule.

Back to Mudge and Cinder: Do you think, knowing his intelligence personally, that he can solve the problem of leaks?

No, but that doesn’t mean that the difficulty can’t be increased. But I think it’s a very difficult case, and the reason I suggest it’s an impossible case to solve completely is that most people do not leak. And the various threats and penalties already mean they have to be highly motivated to deal with those threats and penalties. These are highly motivated people. Censoring might work for the average person, but not for highly motivated people. And our people are highly motivated.

Mudge is a clever guy, and he’s also highly ethical. I suspect he would have concerns about creating a system to conceal genuine abuses.

But his goal of preventing leaks doesn’t differentiate among different types of content. It would stop whistleblowers just as much as it stops exfiltration of data by foreign hackers.

I’m sure he’ll tell you China spies on the U.S., Russia, France. There are genuine concerns about those powers exfiltrating data. And it’s possibly ethical to combat that process. But spying is also stabilizing to relationships. Your fears about where a country is or is not are always worse than the reality. If you only have a black box, you can put all your fears into it, particularly opportunists in government or private industry who want to address a problem that may not exist. If you know what a government is doing, that can reduce tensions.

There have been reports that Daniel Domscheit-Berg, a German who used to work with WikiLeaks, has left to create his own WikiLeaks-type organization. The Wall Street Journal described him as a “competitor” to WikiLeaks. Do you see him as competition?

The supply of leaks is very large. It’s helpful for us to have more people in this industry. It’s protective to us.

What do you think of the idea of WikiLeaks copycats and spinoffs?

There have been a few over time, and they’ve been very dangerous. It’s not something that’s easy to do right. That’s the problem. Recently we saw a Chinese WikiLeaks. We encouraged them to come to us to work with us. It would be nice to have more Chinese speakers working with us in a dedicated way. But what they’d set up had no meaningful security. They have no reputation you can trust. It’s very easy and very dangerous to do it wrong.

Do you think that the Icelandic Modern Media Initiative [a series of bills to make Iceland the most free-speech and whistleblower-protective country in the world] would make it easier to do this right if it passes?

Not at the highest level. We deal with organizations that do not obey the rule of law. So laws don’t matter.

Intelligence agencies keep things secret because they often violate the rule of law or of good behavior.

What about corporate leaks?

For corporate leaks, yes, free speech laws could make things easier. Not for military contractors, because they’re in bed with intelligence agencies. If a spy agency’s involved, IMMI won’t help you. Except it may increase the diplomatic cost a little, if they’re caught.

That’s why our primary defense isn’t law, but technology.

Are there any other leaking organizations that you do endorse?

No, there are none.

Do you hope that IMMI will foster a new generation of WikiLeaks-type organizations?

More than WikiLeaks: general publishing. We’re the canary in the coalmine. We’re at the vanguard. But the attacks against publishers in general are severe.

If you had a wishlist of what industries or governments, what are you looking for from leakers?

All governments, all industries. We accept all material of diplomatic, historical or ethical significance that hasn’t been released before and is under active suppression.

There’s a question about which industries have the greatest potential for reform. Those may be the ones we haven’t heard about yet. So what’s the big thing around the corner? The real answer is I don’t know. No one in the public knows. But someone on the inside does know.

But there are also industries that just have more secrecy, so you must know there are things you want that you haven’t gotten.

That’s right. Within the intelligence industry is one example. They have a higher level of secrecy. And that’s also true of the banking industry.

Other industries that are extremely well paid, say Goldman Sachs, might have higher incentives not to lose their jobs.

So it’s only the obvious things that we want: Things concerning intelligence and war, and mass financial fraud. Because they affect so many people so severely.

And they’re harder leaks to get.

Intelligence particularly, because the penalties are so severe. Although very few people have been caught, it’s worth noting. The penalties may be severe, but nearly everyone gets away with it.

To keep people in control, you only need to make them scared. The CIA is not scared as an institution of people leaking. It’s scared that people will know that people are leaking and getting away with it. If that happens, the management loses control.

And WikiLeaks has the opposite strategy?

That’s right. It’s summed up by the phrase “courage is contagious.” If you demonstrate that individuals can leak something and go on to live a good life, it’s tremendously incentivizing to people.