It is always difficult for those who notice illegal or unethical behavior in their organizations to decide whether or not to blow the whistle.
The biggest reason some people prefer not to is simple fear. Blowing the whistle can be career suicide for some and possibly physically dangerous for others. If you have legitimate cause to blow the whistle, how can you do it in a way that would not expose yourself?
The answer is simple – do it digitally. In this article, we would look at how whistleblowers can use the internet to ensure how they can blow the whistle without endangering themselves.
What is Whistleblowing?
Before going out looking to protect yourself, however, we should take a look at whistleblowing is. Whistleblowing refers to the uncovering and sharing of unethical or illegal behaviors within an organization. This applies to all companies, institutions, and even governments, regardless of ownership, financials, and incorporation status. The most famous example of whistleblowing is likely the case of Edward Snowden; who blew the whistle on the NSA (readers should note that the techniques below cannot protect you if you blow the whistle on a major US spy agency).
Techniques for Protecting Yourself
Aspiring whistleblowers are well aware of risks to whistleblowing. This is why you should do as much as you can to hide your identity, and below are 3 ways to help you do just that:
1. Be mindful of access
For those working in offices, it may be tempting to blow the whistle at your desk. This would be a terrible idea, almost immediately exposing who you are even if no one is looking over your shoulder. The reason is that WiFi networks serve the employers, not the employees. Essentially, everything you do while connected the company network can be tracked by your company unless done under a VPN that encrypts Wi-Fi data. But unless there are no other options, you’re not advised to risk exposing yourself by blowing the whistle at the workspace.
2. Hide your trail
Many actions you take can result in you leaving a trail for your targets to follow, particularly if you are doing so online. While technically more anonymous than perhaps meeting someone in a coffee shop, there are many things you can do that could unravel your plan to stay hidden. Threats abound, from paying with a credit card to simply printing a document with the metadata intact. The way around this is the adopt some of the privacy tools we will cover in a later section.
3. Protect your sources
When you are blowing the whistle, it is tempting to disregard the safety of your sources of information. Journalists are known for protecting their sources, but this should be a high priority for everyone simply as a measure of self-protection. If caught providing information to a whistleblower, your source faces severe consequences and could be easily enticed to turn against you. Hence, even if you are planning to whistleblow anonymously, you should discuss your strategy with your sources offline. This makes your conversations harder to track. You should also provide your source with a signal that only the two of you know so no one can impersonate you. Those communicating online can use a cryptographic key while those doing so offline may want to design a passphrase.
Tools for Protecting Yourself
Secrecy and encryption tools abound and should be used as much as possible when you are blowing the whistle. They should be used in every step of the way since your cyber security and anonymity is only as strong as its weakest link.
Often, in the beginning, some research is necessary and the internet is often the most convenient option. However, online behavior is often tracked by multiple parties; so, how can you get around it? In terms of browsing the internet, a good way would be to use either an Incognito (for Chrome) or Private (for Firefox) window. This leaves you exposed to network admins, ISPs and DNS servers.
To ensure they too cannot see your online activity, you should use a VPN. To further increase security, you can opt for a privacy-oriented search engine like Tor, which routes your traffic in relays all across the world. You can further augment this by first connecting to a VPN before using Tor.
When you are finally ready, you should use encrypted service to send the message that blows the whistle. Examples include SecureDrop, Jabber/XMPP with OTR encryption or Signal. Each ensures that your messages are encrypted before they are delivered to the target destination. To pay for the tools, it is probably safest to do so via cryptocurrency since that is far harder to trace than a credit card.