Privacy and Security

Could internal whistleblower platforms prevent public scandal?

abstract network security

The recent leaks of information detailing National Security Agency domestic surveillance activities inevitably raise questions that echo those of previous, similar scandals: How did this information get out?

In recent years, such leaks have come at the hands of workers with access to government networks and sensitive information. The revelations are made through public avenues for a variety of reasons, including distrust of internal processes, scarce protections for the whistleblower and, perhaps most of all, the absence of anonymity.

But what if that anonymity was readily available inside an organization? What if whistleblowers did not have to go outside of an agency to report wrongdoing without being identified?

Some government entities have such mechanisms in place. The Securities and Exchange Commission, for example, provides ways to anonymously submit information through the whistleblower program mandated in 2010's Dodd-Frank Wall Street Reform and Consumer Protection Act. However, doing so requires legal representation and completed paperwork provided to the attorney "signed under penalty of perjury at the time you make your anonymous submission."

It is not hard to see why leakers and whistleblowers may instead decide to turn to the Internet's cloak of obscurity, whether real or perceived.

"The U.S. has roots in whistleblower protection; it's just a matter of execution in some cases," said Volker Roth, computer science professor at Freie Universität Berlin and a member of the team behind AdLeaks, an online whistleblowing project that aims to provide undetectable, encrypted communication capabilities.

While whistleblowing protections exist in U.S. law, it is often limited to designated areas – tax fraud, for example – and hinges on particular regulations and procedures.

"It can be difficult to navigate, and risky if one makes a mistake and those protections end up not applying," Volker said. "It creates tension in having to take risks and make concerns known within an organization, including possibly to people who could be in position to" retaliate.

WikiLeaks broke the mold in terms of public awareness in whistleblowing, and despite its subsequent demise, websites and programs, not unlike AdLeaks, have cropped up to facilitate those looking to anonymously expose wrongdoing. In the wake of WikiLeaks, a dual-focused movement in technology and transparency is yielding options that agencies could use to channel potentially dangerous exposés into reform efforts.

"We, as information and privacy experts, have analyzed the requirements from the security point of view, therefore what we're aiming for is not just software, but a wider project also involving advocacy in personal security for dealing with sensitive documents," Claudio Agosti, president of the Hermes Center for Transparency and Digital Human Rights and a developer with its GlobaLeaks project, told Radio Free Europe/Radio Liberty last year.

GlobaLeaks provides open-source software framework that companies and public agencies can use for free. The Hermes Center's Fabio Pietrosanti told FCW that one of the center's other projects, the LeakDirectory wiki with links to whistleblowing information and websites, will also be part of a forthcoming release of national security whistleblowing guidelines.

Other online platforms continue to emerge, many of them noted in LeakDirectory. Among them are companies and organizations that offer whistleblowing software as a service, usually built on anonymous Internet-based reporting tools, web applications and software like GlobaLeaks. But as Pietrosanti points out, platforms alone may not be enough for effective internal whistleblowing measures.

"The platform does provide a means to let whistleblowers to send tips...by the user of a web browser or smartphone," Pietrosanti said. "However, it's very important to underline that GlobaLeaks is a tool that facilitates the implementation of whistleblowing procedures, but it does not substitute the needed transparency policies and business process engineering activities for the setup of whistleblowing practices."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Wed, Jun 12, 2013 K PA

Whistle blowing out in the open media of "Highly Classified" data should never be an acceptable practice. There are many avenues within an agency and within the government that can address most issues (IG offices, etc.). The tough part is where the Justice Department believes something is "legally correct" yet an individually knows that it is completely morally wrong, then it is a tough decision that a Whistle blower has. I agree with a previous post here that honest management concerned with doing the right thing and serving the american public would have no problem adddressing internally or externally an issue in the ultimate goal of fixing a problem or even just a perceived problem. But once you throw politics into it, then we have problems, and it becomes more difficult to find solutions.

Wed, Jun 12, 2013

Whistle blowing is only embarassing if there has been cover-up. For honest mistakes that come to light - OK lets fix them. But cover-ups as in the NSA issues, the IRS schandal, and numerous other obvious intential cover-ups the CYA factor kicks in. As for an internal whistle blowers platform, most organizations that I have worked for have open door policies that issues can be addressed if management is honest. Whistle blowing results when trying to deal with dishonest management. (Oops, it's not PC to infer that government leaders are liars.)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group