Privacy and Security

Could internal whistleblower platforms prevent public scandal?

abstract network security

The recent leaks of information detailing National Security Agency domestic surveillance activities inevitably raise questions that echo those of previous, similar scandals: How did this information get out?

In recent years, such leaks have come at the hands of workers with access to government networks and sensitive information. The revelations are made through public avenues for a variety of reasons, including distrust of internal processes, scarce protections for the whistleblower and, perhaps most of all, the absence of anonymity.

But what if that anonymity was readily available inside an organization? What if whistleblowers did not have to go outside of an agency to report wrongdoing without being identified?

Some government entities have such mechanisms in place. The Securities and Exchange Commission, for example, provides ways to anonymously submit information through the whistleblower program mandated in 2010's Dodd-Frank Wall Street Reform and Consumer Protection Act. However, doing so requires legal representation and completed paperwork provided to the attorney "signed under penalty of perjury at the time you make your anonymous submission."

It is not hard to see why leakers and whistleblowers may instead decide to turn to the Internet's cloak of obscurity, whether real or perceived.

"The U.S. has roots in whistleblower protection; it's just a matter of execution in some cases," said Volker Roth, computer science professor at Freie Universität Berlin and a member of the team behind AdLeaks, an online whistleblowing project that aims to provide undetectable, encrypted communication capabilities.

While whistleblowing protections exist in U.S. law, it is often limited to designated areas – tax fraud, for example – and hinges on particular regulations and procedures.

"It can be difficult to navigate, and risky if one makes a mistake and those protections end up not applying," Volker said. "It creates tension in having to take risks and make concerns known within an organization, including possibly to people who could be in position to" retaliate.

WikiLeaks broke the mold in terms of public awareness in whistleblowing, and despite its subsequent demise, websites and programs, not unlike AdLeaks, have cropped up to facilitate those looking to anonymously expose wrongdoing. In the wake of WikiLeaks, a dual-focused movement in technology and transparency is yielding options that agencies could use to channel potentially dangerous exposés into reform efforts.

"We, as information and privacy experts, have analyzed the requirements from the security point of view, therefore what we're aiming for is not just software, but a wider project also involving advocacy in personal security for dealing with sensitive documents," Claudio Agosti, president of the Hermes Center for Transparency and Digital Human Rights and a developer with its GlobaLeaks project, told Radio Free Europe/Radio Liberty last year.

GlobaLeaks provides open-source software framework that companies and public agencies can use for free. The Hermes Center's Fabio Pietrosanti told FCW that one of the center's other projects, the LeakDirectory wiki with links to whistleblowing information and websites, will also be part of a forthcoming release of national security whistleblowing guidelines.

Other online platforms continue to emerge, many of them noted in LeakDirectory. Among them are companies and organizations that offer whistleblowing software as a service, usually built on anonymous Internet-based reporting tools, web applications and software like GlobaLeaks. But as Pietrosanti points out, platforms alone may not be enough for effective internal whistleblowing measures.

"The platform does provide a means to let whistleblowers to send the user of a web browser or smartphone," Pietrosanti said. "However, it's very important to underline that GlobaLeaks is a tool that facilitates the implementation of whistleblowing procedures, but it does not substitute the needed transparency policies and business process engineering activities for the setup of whistleblowing practices."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected