Privacy and Security

Could internal whistleblower platforms prevent public scandal?

abstract network security

The recent leaks of information detailing National Security Agency domestic surveillance activities inevitably raise questions that echo those of previous, similar scandals: How did this information get out?

In recent years, such leaks have come at the hands of workers with access to government networks and sensitive information. The revelations are made through public avenues for a variety of reasons, including distrust of internal processes, scarce protections for the whistleblower and, perhaps most of all, the absence of anonymity.

But what if that anonymity was readily available inside an organization? What if whistleblowers did not have to go outside of an agency to report wrongdoing without being identified?

Some government entities have such mechanisms in place. The Securities and Exchange Commission, for example, provides ways to anonymously submit information through the whistleblower program mandated in 2010's Dodd-Frank Wall Street Reform and Consumer Protection Act. However, doing so requires legal representation and completed paperwork provided to the attorney "signed under penalty of perjury at the time you make your anonymous submission."

It is not hard to see why leakers and whistleblowers may instead decide to turn to the Internet's cloak of obscurity, whether real or perceived.

"The U.S. has roots in whistleblower protection; it's just a matter of execution in some cases," said Volker Roth, computer science professor at Freie Universität Berlin and a member of the team behind AdLeaks, an online whistleblowing project that aims to provide undetectable, encrypted communication capabilities.

While whistleblowing protections exist in U.S. law, it is often limited to designated areas – tax fraud, for example – and hinges on particular regulations and procedures.

"It can be difficult to navigate, and risky if one makes a mistake and those protections end up not applying," Volker said. "It creates tension in having to take risks and make concerns known within an organization, including possibly to people who could be in position to" retaliate.

WikiLeaks broke the mold in terms of public awareness in whistleblowing, and despite its subsequent demise, websites and programs, not unlike AdLeaks, have cropped up to facilitate those looking to anonymously expose wrongdoing. In the wake of WikiLeaks, a dual-focused movement in technology and transparency is yielding options that agencies could use to channel potentially dangerous exposés into reform efforts.

"We, as information and privacy experts, have analyzed the requirements from the security point of view, therefore what we're aiming for is not just software, but a wider project also involving advocacy in personal security for dealing with sensitive documents," Claudio Agosti, president of the Hermes Center for Transparency and Digital Human Rights and a developer with its GlobaLeaks project, told Radio Free Europe/Radio Liberty last year.

GlobaLeaks provides open-source software framework that companies and public agencies can use for free. The Hermes Center's Fabio Pietrosanti told FCW that one of the center's other projects, the LeakDirectory wiki with links to whistleblowing information and websites, will also be part of a forthcoming release of national security whistleblowing guidelines.

Other online platforms continue to emerge, many of them noted in LeakDirectory. Among them are companies and organizations that offer whistleblowing software as a service, usually built on anonymous Internet-based reporting tools, web applications and software like GlobaLeaks. But as Pietrosanti points out, platforms alone may not be enough for effective internal whistleblowing measures.

"The platform does provide a means to let whistleblowers to send tips...by the user of a web browser or smartphone," Pietrosanti said. "However, it's very important to underline that GlobaLeaks is a tool that facilitates the implementation of whistleblowing procedures, but it does not substitute the needed transparency policies and business process engineering activities for the setup of whistleblowing practices."

Reader comments

Wed, Jun 12, 2013 K PA

Whistle blowing out in the open media of "Highly Classified" data should never be an acceptable practice. There are many avenues within an agency and within the government that can address most issues (IG offices, etc.). The tough part is where the Justice Department believes something is "legally correct" yet an individually knows that it is completely morally wrong, then it is a tough decision that a Whistle blower has. I agree with a previous post here that honest management concerned with doing the right thing and serving the american public would have no problem adddressing internally or externally an issue in the ultimate goal of fixing a problem or even just a perceived problem. But once you throw politics into it, then we have problems, and it becomes more difficult to find solutions.

Wed, Jun 12, 2013

Whistle blowing is only embarassing if there has been cover-up. For honest mistakes that come to light - OK lets fix them. But cover-ups as in the NSA issues, the IRS schandal, and numerous other obvious intential cover-ups the CYA factor kicks in. As for an internal whistle blowers platform, most organizations that I have worked for have open door policies that issues can be addressed if management is honest. Whistle blowing results when trying to deal with dishonest management. (Oops, it's not PC to infer that government leaders are liars.)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above