Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Blowing the whistle without blowing your career

Cindy Waxer | Oct. 8, 2014
How techies can bring data mishandling and abuses to light without putting their careers in jeopardy.

Walton says she wishes whistleblower hotlines were available back in 2005 when she decided to tell her employer about her concerns about data security. "I honestly think that a [whistleblowing] channel would have opened [the case] up to people that were more interested in protecting the data rather than protecting their own jobs," she says.

Even so, while more and more organizations are providing internal communication platforms and incentives for whistleblowing, the real motive behind many of these initiatives is to ensure corporate missteps are handled in-house and not brought to the attention of authorities.

The rationale behind many of these internal programs "is to motivate whistleblowers to report internally first before going to the SEC," says Ahmed. "Companies are grappling with the fact that reports can be made directly to the SEC. Most are uncomfortable with the notion that they don't know what's being reported about them and that the first time they find out is from a regulator."

Solutions hidden in plain sight
If today's internal whistleblowing tools fail to instill confidence in IT leaders, there's a growing crop of third-party sites and submission systems to choose from.

Tor (previously known as The Onion Router), for example, is an anonymizing program that routes traffic through a network of multiple nodes -- or virtual tunnels -- to anonymize the identities of its users.

According to the Tor website, the technology bounces communications around a distributed network of relays operated by volunteers around the world. Tor prevents websites from tracking users, be they CIOs or political dissidents, so those individuals can remain undetected if they want to, say, communicate sensitive information to journalists, connect with authorities or browse whistleblowing sites.

Another option is GlobaLeaks, an open-source whistleblowing framework that's designed to help IT professionals report wrongdoing without having to rely on in-house tools or technologies. "Whistleblowing is risky," says Marco Calamari, a member of the Hermes Center for Transparency and Digital Human Rights in Milan, Italy, which developed the innovative technology. "GlobaLeaks is a highly configurable software built on the foundation of Tor, which allows for anonymous browsing of the Internet." The upside of GlobaLeaks, which boasts 5,000 voluntary servers and 1 million users, is its ease of use, which allows even nontechnical people to set up their own anonymous whistleblowing sites.

One of today's more innovative submission systems is an online advertising network called AdLeaks. Unlike tools such as Tor, which rely on SSL connections over an anonymizing network to mask a user's identity, AdLeaks works by embedding AdLeaks ads onto a website.

These ads contain code that encrypts a whistleblower's messages, which are then delivered back to AdLeaks as small packets of encrypted information. By letting a whistleblower's browser substitute messages with encrypted parts of a disclosure, AdLeaks ensures the sender is completely unobservable and that eavesdroppers can't distinguish between a regular browser's transmissions and those of a whistleblower's browser.


Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.