Whistleblowing

A double edged sword

Claudio Agosti

Whistleblowing is an ancient practice that has been called many names and is not ethically bound. It can be the link between the source and the journalist, or between the snitch and the military. In both cases, a reserved information goes in the hands of a person considered trustworthy, which transforms this information into an action. Wikileaks and Snowden have made whistleblowing come back full powered, showing how digital communication can simplify the process and protect the integrity of communications between sources and recipients. Anonymity and encrypted storage technologies have propelled this revolutionary framing.

I say framing because whistleblowing does not have an ethical value per se, what identifies its nature is the political cause that motivates it. So if you are a single person going up against a powerful organisation, like the US state department, the intelligence community, the financial system, or the Vatican, you might be remembered for your heroic behaviour, like Chelsea Manning ¹, Bill Binney ², Herve Falciani ³, Paolo Gabriele and Claudio Sciarpelletti ⁴. Although becoming famous in this field often means you have been caught, denounced or that you are in the run, hopefully those outcomes do not apply to all whistleblowers, as we will see.

Your informations can empower the citizen in understanding the power dynamics in play, but institutions themselves can also take advantage of those. If the ultimate goal of whistleblowing is making society more transparent in the interest of society itself, this might sound fascinating if you want a revolution, but it can be also very irresponsible for other reasons. Nobody really wants a society in which everyone can be a spy or an anonymous snitch.

Such a society would just strengthen the currently established institutions in power. Regimes in which a person can be economically rewarded for snitching on other citizens exemplify such misuse. Added to that, any structure with some type of power, even your small NGO or political team, benefits from agreements and contracts which are kept private because they require some level of confidentiality. No resistance would be possible without well kept secrets.

Transparency for the State (or for “who has enough power to shape our reality”) and privacy for the rest of us? This could work as a nice simplification, but then we should respect this separation in all our political actions and never, ever, expose any private information of other citizens.

I worked with the globaleaks.org team on the creation of its software platform. Our dream, was to create a “portable wikileaks” that could be unleashed in every city, media and public company. After all, white collar crime and other corporate misbehaviour can’t be detected, neither understood, without an insider. My experience comes from deploying it for different groups with different needs. Departing from the made up story below, we will see how digital whistleblowing can enhance your political actions and what you should take into account when planning your leak initiative.

Once upon a time...

There was a river getting heavily polluted. Some facility operates nearby and it is clear they are disposing chemical waste. There are rules, periodic checks, policies – but at the end of the day, flora and fauna are getting poisoned. Someone inside must know, but you don’t know anybody who works at the facility.

Your team creates a campaign and solicit sources, but criticism starts because your Wordpress blog for receiving the leaks is not very secure. Therefore, you set-up a proper platform (SecureDrop or GlobaLeaks ⁵) that can guarantee anonymity for the source, and encryption for the information exchanged. Even a seizure of the server can’t compromise the security of sources nor your active investigations. This is a privacy by design setup. However, despite the platform pick, you know that your initiative is shaking some established power and you fear retaliation. You develop a mitigation plan based on splitting responsibilities among a larger group composed of environmental lawyers, local journalists and some foreign analyst who also receives the leaks. This way, if a person get stopped, the initiative will keep running. However, despite all this security management, after two months you have received zero leaks.

Sadly, we are closed in our bubble, our circles. We try to communicate with our intended audience, but despite our efforts at the end of the day we talk only to persons similar to us. So, nobody working at the facility was in your comfort zone. You’ve to hunt these sources, advertise them personally or massively. In the beginnings, nobody understands why your cause is important. Then you re-frame your message, making clear why it matters for the environment, why their role is important, and after some weeks, the first timid source might arrive.

This is just the beginning and when the first article is published, you know this story will be read by facility employees because they talk about their company. And then you explain again why their role matters, how they can send anonymous tip-offs, that they are not the first and can do it safely. Gradually, step by step, gaining trust from persons with different values and knowledge, you are getting the flow of information that might be transformed in political outrage, strength, actions. After a while, society takes action and the facility has to take responsibility for its environmental impact.

This example can take place in different contexts in which abuses happen. But let's see if all the outcomes of leaking are positive and corrective or if they can be damaging as well?

Practical steps

Suppose you are lucky enough to receive an anonymous document detailing a lobbyist plan to influence the new policy about environmental preservation. The first urge might be to publish it immediately. Let citizens make their own mind, and check if the information contained in the document fits their own knowledge. Some readers might confirm, deny, or integrate new information within the original source.

But this is not journalism and it is not information, it is just a naive action of unmediated radical transparency. Ten years ago, WikiLeaks used to work that way. It was a platform in which sources could upload documents and have other readers perform its analysis, investigation and publication. In 2007, it was a common way of doing things, until Buzzfeed ⁶ does the same in 2017, publishing an unvalidated report about Russians and Donald Trump.

However, such release methods are dangerous and extra tempting if you are operating in the information ecosystem. The speed of messages does not let people evaluate the information in its context, nor understand how much of it is plausible and which are the parties involved. Nowadays only the title, the subtitle, and maybe a small percentage of the actual content is actually spread. It is impossible to ask for a public revision and when unvalidated news goes viral, the effect is to split the audience into two polarized groups.

Trust is key because a leak might not lead to changes. It can be ignored, silenced, accepted as daily life. An anonymous document should be published, but it is expected that a trustworthy person, such as a mainstream media journalist, a visible activist or human rights defender states: “I know the source, I vouch for the source, I’m protecting the source”.

Leaks are information you might use as accountable tools for transparency. They can also be legitimate research tools for civil society. Results can feed into scientific or political processes. Change is not something that can be implemented by technology. On top of technically defined properties, you need to implement your political and ethical values.

Whistleblowing powered campaigns as processes

The best validation method we have seen so far is independent research. If the investigation hasn’t lead anywhere, then the leak has to be considered unconfirmed. You might also need to interact with the source in order to get leads. Luckily, some platforms can keep sources in the loop in order to confirm their submission, request updates, or answer questions raised during the investigation. On the one hand, you can ask for more details. On the other, you will still have to evaluate the proofs, because you cannot rely only on the source. Publishing leaks without understanding the agenda and motivations of the sources can mean being instrumentalised by them. Keep in mind that leaking has been used many times for organising smear campaigns.

Having trustworthy partners among the recipients also greatly helps the initiative. It ensures that the revision, source management and outreach will not be done by only one group, but will be shared through partnerships with local lawyers, journalists, policy makers, researchers. Then your group has to transform investigated and validated leaks into stories. Passionate and understandable stories to engage people and create mass mobilization. Think about the process applied to the Edward Snowden leaks where for three years now there is constant journalistic revision and gradual publications.

One key factor for a successful campaign is to remain focused on a subject, a topic, a challenge. Do not vaguely call for evidence about corruption at large. Frame your specificities in your landing page and targeted towards your audience. Confirmed content should be clearly marked and more visible. And every time you have the opportunity to write for the media, remind to the readers that a safe box for tip-offs is available, because articles are generally read by people involved in the issue.

It is useful to measure what is happening as much as possible. Keep track of the event and monitor its social media presence in order to understand how to improve your campaign based on results collected earlier. By sharing these measurements, you will help other initiatives like yours. Don’t be afraid of your enemy and keep building open data on how your organisation works. Do not address the people, but the numbers, concentrate on the results, achievements and statistics.

Dangerous paths where you should be cautious

An initiative has a time window of existence, it has to define what it is aiming for, what is its next milestone and how it is going. Having unmaintained initiatives might confound future potential sources. If your activity stops, make it very clear, because nothing sounds more sketchy and worrying than a whistleblowing initiative that accepts tips but fails to publish them.

Putting a source at risk is irresponsible, and this can happen if a story contains too many identifiable details. Files need to be sanitized and metadata need to be cleaned, but you also need to ask the source about how many other persons got access to the same information. Depending on the amount (two, twenty or two-hundred) aware of the same secret, different justifications will need to be made up.

It is easy, when you're part of a conflict and you are facing an adversary, to assume that all the persons collaborating with it are your adversaries too. That is a dangerous path. Do not aim at leaking personal information about “low-rank” workers, for instance, because you might just expose innocents to responsibilities they don't own. Just imagine if similar actions were used from an established power to treat a minority or a marginalised group. If you are looking for social justice, spreading whistle-blowing as a way to solve political struggles might just backfire against your agenda.

Attacking an individual is a fascist behaviour, and it has to be stigmatized despite the political reason sustaining the initiative. What has to be exposed is the corruption of a system, not the misery of life. Whoever does the release has the mission also to protect low ranked individuals from public exposure. Otherwise, whistleblowing will just enable a "Kompromat" ⁷, a set of information that might embarrass someone or be used for blackmailing individuals. Every faction in play can make use of it, so it is better to share strong ethical values in order to judge the democratic quality of initiatives.

In theory, a whistleblowing initiative is intended to empower a weak group to shed light ona secretive oppressive organisation. But what defines power, oppression and secrets depends on contextual and subjective evaluations and thus can be rarely used as an assessment and evaluation criteria.

As a conclusion, I really believe whistleblowing can address and make good use of lot of disgruntled employees and the ethical remorse that some ex-workers experience. Being able to empower these voices and transform their stories into changes is a vector of leverage we have to explore, maybe now more than ever.

Successful cases of GlobaLeaks adoption

Interesting experiments have been created by communities around the world. Since 2012, the GlobaLeaks team is keeping track of a list ⁸ but some of the most notable are the submissions collected by WildLeaks, a platform against animal poaching ⁹; the Italian Investigative Reporting Project Italy collecting evidence of public officers on Couch-surfing raping their guests ¹⁰. I mention this just because there are so many corruption cases. The Spanish X-Net ¹¹ was able to prove the complicity of bankrupt bankers and the state and made a theater play out of it. PubLeaks, with the participation of the biggest Dutch media, made a book with all the revelations received in 4 years, and MexicoLeaks ¹², was apparently so frightening that journalists were fired even before the leaks began to flow. And now is up to you. What’s the Pandora’s box you want to open?

References

¹. The most inspiring whistleblower of the last years perhaps? https://en.wikipedia.org/wiki/Chelsea_Manning ↩

². https://en.wikipedia.org/wiki/William_Binney_(U.S._intelligence_official) ↩

³. https://www.theguardian.com/news/2015/nov/27/hsbc-whistleblower-jailed-five-years-herve-falciani ↩

⁴. In 2012, Paolo Gabriele and Claudio Sciarpelletti, working for the Pope, fed journalists with internal and reserved documents about the Vatican management. This lead to Pope Benedict XVI to step down (an event that was not happening since 600 years). ↩

⁵. GlobaLeaks https://globaleaks.org and SecureDrop https://securedrop.org ↩

⁶. https://www.washingtonpost.com/blogs/erik-wemple/wp/2017/01/10/buzzfeeds-ridiculous-rationale-for-publishing-the-trump-russia-dossier ↩

⁷. https://en.wikipedia.org/wiki/Kompromat ↩

⁸. https://www.globaleaks.org/implementations ↩

⁹. https://wildleaks.org/leaks-and-reports/ ↩

¹⁰. https://www.theguardian.com/world/2015/may/29/couchsurfing-rapist-dino-maglio-italian-police-officer-rape-padua ↩

¹¹. https://www.thenation.com/article/simona-levi/ ↩

¹². https://www.occrp.org/en/daily/3776-mexicoleaks-journalists-fired-after-joining-whistleblowing-alliance ↩