Whistleblower protection in the digital age - why “anonymous” is not enough.
From technology to a wider view of governance
Keywords:whistleblowing, digital age, communications
When technology enters applications and processes with a long tradition of controversial societal debate, multi- faceted new ethical and legal questions arise. This paper focusses on the process of whistleblowing, an activity with large impacts on democracy and business. Computer science can, for the first time in history, provide for truly anonymous communication. We investigate this in relation to the values and rights of accountability, fairness and data protection, focusing on opportunities and limitations of the anonymity that can be provided computationally; possible consequences of outsourcing whistleblowing support; and challenges for the interpretation and use of some relevant laws. We conclude that to address these questions, whistleblowing and anonymous whistleblowing must rest on three pillars, forming a “triangle of whistleblowing protection and incentivisation” that combines anonymity in a formal and technical sense; whistleblower protection through laws; and other norms and practices including organisational error culture.
ACM/IEEE The Software Engineering Code of Ethics and Professional Practice. New York: ACM https://ethics.acm.org/code-of-ethics/software-engineering-code/
Adamsky, F., Schiffner, S., and Engel, T. "Tracking Without Traces - Fingerprinting in an Era of Individualism and Complexity". In Privacy Technologies and Policy - 8th Annual Privacy Forum, APF 2020, Lisbon, Portugal, October 22-23, 2020, Proceedings. LNCS 12121. Cham, Springer 2020. 201-212.
ANAC (Autorità Nazionale Anticorruzione) 4° Rapporto annuale sull’applicazione del whistleblowing. 2019. http://www.anticorruzione.it/portal/rest/jcr/repository/collaboration/Digital%20Assets/anacdocs/Comunicazio ne/Eventi/2019/Anac.nota.RapportoWB.pdf
Article 19 Open letter to Róbert Spanó, President of the European Court of Human Rights, Re: Grand Chamber referral in Gawlik v. Liechtenstein (Application no1 23922/19). 2021. https://www.whistleblower-net.de/wp- content/uploads/2021/06/2021_05_28_Letter-Grand-Chamber-Supporting-Gawlik-Request-Referral.pdf
Bazzichelli, T. Whistleblowing for Change. Exposing Systems of Power & Injustice. Bielefeld: Transcript Verlag 2022. Available at https://www.disruptionlab.org/book
Butler, J.V., Serra, D., and Spagnolo, G. “Motivating Whistleblowers”. Management Science, 66(2), 2020. 605- 621. https://doi.org/10.1287/mnsc.2018.3240
Cesare, N. Grant, C., Nguyen, Q., Lee, H., and Nsoesie, E.O. “How well can machine learning predict demographics of social media users?” CoRR abs/1702.01807, 2017. https://arxiv.org/abs/1702.01807
Colenso, M. Kaizen Strategies for Improving Team Performance. London, Pearson Education Limited 2000.
Coliver, S. National Security Whistleblowers: The U.S. Response to Manning and Snowden Examined. Open Society Justice Initiative. 2013. https://www.justiceinitiative.org/voices/national-security-whistleblowers-us- response-manning-and-snowden-examined
Delmas, C. “The ethics of government whistleblowing”. Social Theory and Practice, 41(1), 2015. 77-105.
de Sousa Costa, R. and de Castro Ruivo, I. “Preliminary Remarks and Practical Insights on How the Whistleblower Protection Directive Adopts the GDPR Principles”. In Privacy Technologies and Policy - 8th Annual Privacy Forum, APF 2020, Lisbon, Portugal, October 22-23, 2020, Proceedings. LNCS 12121. Cham: Springer, 2020. 95-109
Dingledine, R., Mathewson, N., and Syverson, P. “Tor: The second-generation onion router.” In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, 2004. https://www.usenix.org/conference/13th-usenix-security-symposium/tor-second-generation-onion-router
Elliston, F.A. “Anonymous whistleblowing: An ethical analysis [with Commentary]”. Business & Professional Ethics Journal, 1(2), 1982. 39-60.
European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 2016. https://eur- lex.europa.eu/eli/reg/2016/679/oj
European Union. Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law. 2019. https://eur-lex.europa.eu/legal- content/EN/TXT/PDF/?uri=CELEX:32019L1937
Flanagan, J.C. “The critical incident technique”. Psychological Bulletin, 51, 1954. 327-358
Gesley, J. “Liechtenstein: European Court of Human Rights Rules Whistleblower’s Dismissal Did Not Infringe Freedom of Expression”. Global Legal Monitor, 17 March 2021. https://www.loc.gov/law/foreign- news/article/liechtenstein-european-court-of-human-rights-rules-whistleblowers-dismissal-did-not-infringe- freedom-of-expression/
Gotterbarn, D., Miller, K., and Rogerson. S. “Software engineering code of ethics”. Communications of the ACM 40, 1997, 110-118.
Haas, L., Gießler, S., and Thiel, V. In the realm of paper tigers – exploring the failings of AI ethics guidelines. Berlin: AlgorithmWatch 2020. https://algorithmwatch.org/en/ai-ethics-guidelines-inventory-upgrade-2020/
Hagendorff, T. “The ethics of AI ethics: An evaluation of guidelines”. Minds and Machines 30, 99–120, 2020.
Hauser, C., Hergovits, N., and Blumer, H. Whistleblowing Report 2019. Chur: HTW Chur Verlag 2019. https://whistleblowingreport.eqs.com/en/home
IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems. Ethically Aligned Design: A Vision for Prioritizing Human Wellbeing with Artificial Intelligence and Autonomous Systems, Version 1 for public discussion. New York, IEEE 2016, Available at https://algorithmwatch.org/de/wp- content/uploads/2019/03/IEEE-EAD1e.pdf
Kuhn, C., Beck, M., Schiffner, S., Jorswieck, E.A., and Strufe, T. “On privacy notions in anonymous communication”. Proceedings of Privacy Enhancing Technologies, 2019 (2). 105-125
Lipman, F.D. Whistleblowers: Incentives, Disincentives, and Protection Strategies. Hoboken, NJ, John Wiley & Sons 2012.
Marcum, T.M., Young, J., and Kirner, E.T. “Blowing the whistle in the digital age: Are you really anonymous? The perils and pitfalls of anonymity in whistleblowing law”. DePaul Business and Commercial Law Journal, 17 (1), Article 1, 2020.
Park, H. and Lewis, D. “The Motivations of External Whistleblowers and Their Impact on the Intention to Blow the Whistle Again”. Business Ethics: A European Review, 28 (3), 2019. 379-390. Available at SSRN: https://ssrn.com/abstract=3587843 or http://dx.doi.org/10.1111/beer.12224
Pfitzmann, A. and Hansen, M. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. 2010. https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf
Pogrebna G and Skilton M. Existing solutions summary. In: Navigating New Cyber Risks. Cham, Palgrave Macmillan 2019. https://doi.org/10.1007/978-3-030-13527-0_5
Raab C. “The meaning of ‘accountability” in the information privacy context. In D. Guagnin, L. Hempel, C. Ilten, I. Kroener, D. Neyland, H. Postigo (Eds.). Managing Privacy through Accountability. London, Palgrave Macmillan 2012.
Radack, J. and McClellan, K. The criminalization of whistleblowing. Labor & Employment Law Forum, 2(1), 2011. 57-77.
Satter, R. U.S. court: Mass surveillance program exposed by Snowden was illegal. Reuters. 2020. https://www.reuters.com/article/us-usa-nsa-spying-idUSKBN25T3CK
Schüttelkopf, E.M. „Erfolgsstrategie Fehlerkultur. Wie Organisationen durch einen professionellen Umgang mit Fehlern ihre Performance optimieren“. In: G. Ebner, P. Heimerl, and E.M. Schüttelkopf. Fehler · Lernen · Unternehmen. Wie Sie die Fehlerkultur und Lernreife Ihrer Organisation wahrnehmen und gestalten. Frankfurt (Main), Peter Lang 2008. 151–314.
Steph. Italian Anti-Corruption Authority (ANAC) Adopts Onion Services. Tor Blog. 2018. https://blog.torproject.org/italian-anti-corruption-authority-anac-adopts-onion-services
Veale, M., Binns, R., and Ausloos, J. “When data protection by design and data subject rights clash”. International Data Privacy Law, 8 (2), 2018, 105–123. https://doi.org/10.1093/idpl/ipy002
Weingardt, M. Fehler zeichnen uns aus. Transdisziplinäre Grundlagen zur Theorie und Produktivität des Fehlers in Schule und Arbeitswelt. Bad Heilbrunn, Verlag Julius Klinkhardt 2004.
Wemple, E. "Did the Intercept bungle the NSA leak?" The Washington Post. 6 June 2017. https://www.washingtonpost.com/blogs/erik-wemple/wp/2017/06/06/did-the-intercept-bungle-nsa-leak/
Westin, A.F. Whistleblowing. Loyalty and Dissent in the Corporation. New York etc., McGraw-Hill 1981.
Whittaker, M. et al. AI Now Report 2018. New York: AI Now Institute. https://ainowinstitute.org/AI_Now_2018_Report.pdf 2018
Wikipedia contributors (2021). Me Too movement. In Wikipedia, The Free Encyclopedia. 23 August 2021. https://en.wikipedia.org/w/index.php?title=Me_Too_movement&oldid=1040248001