Whistleblowing in the Security Sector

Blowing in the Wind? Whistleblowing in the Security Sector

Benjamin S. Buckland and Aidan Wills (DCAF)

Working Draft (September 2012) Not for citation without prior permission

Contents

Contents ...... 2

List of Acronyms ...... 5

1. Introduction ...... 8

1.1 Scope and definitions ...... 9

1.2 Context and relevance ...... 12

1.2.1 Timeliness ...... 12

1.2.2 The special case of the security sector ...... 15

1.2.3 Whistleblowing and accountability ...... 17

1.2.4 Whistleblowing and human rights ...... 20

1.3 The legal framework ...... 21

1.4 Structure of the study ...... 24

2. Obstacles to whistleblowing ...... 25

2.1 Inadequate legal framework ...... 25

2.2 Adverse consequences ...... 26

2.2.1 Prosecution...... 26

2.2.2 Retaliation ...... 28

2.2.3 Lack of faith in procedures and mechanisms ...... 29

2.2.4 Increasing reach and strength of state secrecy laws ...... 30

2.2.5 Judicial deference to the executive on national security...... 30

2.3 Practical impediments ...... 31

2.4 Cultural aversion to whistleblowers ...... 33

3. Coverage of protected disclosure legislation ...... 35

3.1 Types of wrongdoing ...... 35

3.2 Classification and confidentiality...... 39

3.3 Motive ...... 40

3.4 Proof ...... 42

3.5 Who may make a disclosure? ...... 43

3.6 An obligation to make a disclosure? ...... 45

4. Internal disclosures ...... 47

5. Inspectors general ...... 50

6. Disclosures to independent oversight bodies ...... 54

6.1 The importance of external channels for making disclosures ...... 56

6.2 Disclosures to parliament ...... 58

6.3 Disclosures to specialised non-parliamentary oversight bodies ...... 62

6.4 Accessing independent oversight bodies ...... 65

7. Reprisals ...... 70

8. Protections...... 77

8.1 Legal protections against reprisals ...... 77

8.2 Confidentiality ...... 79

8.3 Penalties for retaliation against whistleblowers ...... 80

8.4 Capacity of internal and independent bodies to provide protection ...... 82

8.5 Burden of proof regarding retaliation ...... 82

9. Disclosures to the media and public at large ...... 84

9.1 The media as a (more effective) last resort? ...... 85

9.2 Disclosures to the media outside the security sector ...... 86

9.3 Disclosures to the media by security sector personnel ...... 88

10. Criminal law defences for unauthorised disclosures to the media and public at large .... 91

10.1 Necessity and other defences ...... 92

10.2 Public interest defence ...... 94

10.2.1 Why the public interest defence matters ...... 95

10.2.2 The components of a public interest defence ...... 96

10.2.3 Arguments against the public interest defence ...... 103

11. Conclusions ...... 109

Annex 1: Selected Whistleblowing Cases ...... 113

Bibliography ...... 119

List of Acronyms

ACLU – American Civil Liberties Union

AFP – Australian Federal Police

CIA – Central Intelligence Agency

CSE – Communications Security Establishment

CSRA – Civil Service Reform Act

CTIVD – Dutch Review Committee on the Intelligence and Security Services

DCAF – Geneva Centre for the Democratic Control of Armed Forces

ECHR – European Convention on Human Rights

ECtHR – European Court of Human Rights

ETA - Euskadi Ta Askatasuna

EU – European Union

FAIR – Federal Accountability Initiative for Reform

FBI – Federal Bureau of Intelligence

HMSO – Her Majesty's Stationery Office

ICCPR – International Covenant on Civil and Political Rights

ICWPA – Intelligence Community Whistleblower Protection Act

IG – Inspector General

IGIS – Inspector General of Intelligence and Security

IPCC – Independent Police Complaints Commission

ISC – Intelligence and Security Committee

KIA – Kosovo Intelligence Agency

LPSK – Witness and Victim Protection Agency

MP – Member of Parliament

MSPB – Merit Systems Protection Board

NSA – National Security Agency

NSW – New South Wales

OSA – Official Secrets Act

OSC – Office of Special Counsel

OSF-JI – Open Society Foundations, Justice Initiative

PID – Public Interest Defence

PIDA – Public Interest Disclosure Act

PACE – Parliamentary Assembly of the Council of Europe

PSDPA – Public Servants Disclosure Protection Act

POGO – Project on Government Oversight

SIA – Security of Information Act

SIRC – Canadian Security Intelligence Review Committee

UK – United Kingdom

UKHL – United Kingdom House of Lords

UN – United Nations 6

US – United States

USC – United States Supreme Court

RCMP – Royal Canadian Mounted Police

TI – Transparency International

WMD – Weapons of Mass Destruction

WPA – Whistleblower Protection Act

1. Introduction ∗∗∗

This study provides a comparative analysis of legal and institutional frameworks for making protected disclosures of information showing wrongdoing in the security sector. This research was originally undertaken in support of the Open Society Foundations – Justice Initiative (OSF-JI) Principles on National Security and the Right to Information .1 The study’s aims are: to analyse the function of whistleblower protection mechanisms as they apply to the security sector (for a definition of this term see below); to identify good practice from relevant law, jurisprudence and the academic literature; and to make an initial contribution to filling a significant gap in the literature with regards to whistleblowing in the security sector.

In pursuit of these aims, we have drawn upon legal and institutional frameworks primarily from Australia, Canada, New Zealand, South Africa, United Kingdom, and the United States. To a lesser extent, we have drawn upon examples from Africa (Kenya and Sierra Leone), Asia (Hong Kong, India, Indonesia, Malaysia and the Republic of Korea), and Europe (Belgium, the Czech Republic, Denmark, Germany, Italy, the Netherlands, Romania, Slovenia and Spain) insofar as whistleblower protection regimes exist.

∗ Benjamin Buckland is a Project Officer in DCAF’s Research Division; Aidan Wills is a Project Coordinator in DCAF’s Research Division. The authors would like to express their thanks to the following persons who provided invaluable comments and/or directed us towards relevant material in various jurisdictions: Sarah Albertin, Matthew Alexander, David Banisar, Iain Cameron, Sandra Coliver, Emil Greve, Federico Fabbrini, Teodora Fuior, Adam Földes, Morton H. Halperin, Amy Jacobsen, Emi MacLean, Venkatesh Nayak, Frank Raue, Susana Sanchez, Ashley Savage, Howard Whitton, Andrew Wilkie, Julian Wyatt, So-yeong Yoon, and the participants in the DCAF-OSI workshop on access to information by security sector oversight institutions. The opinions expressed in this study are those of the authors and do not necessarily reflect the position of DCAF or of any other individual or organisation. All errors and omissions remain our own; comments and corrections would be most welcome and may be sent to: [email protected] and [email protected] . 1 More information about the draft principles can be found at: http://right2info.org/exceptions-to- access/national-security 8

It should be noted at the outset that laws and institutions in this area are still in their infancy. Even the oft-cited UK Public Interest Disclosure Act (PIDA) was only enacted slightly more than a decade ago. Whistleblower protection legislation covering the security sector is often younger still.2 Despite the fact that a great deal of sharing and cross-pollination of laws is occurring (aided by the agendas of international and regional organisations which increasingly require member states to pass whistleblower protection laws), the number of laws and cases from which examples can be drawn remains very small.

In this introductory section we will first define the term whistleblowing, as well as the scope of the study. We then turn to the context and relevance of the study before, finally, examining the legal framework for whistleblower protection in the security sector.

1.1 Scope and definitions The term ‘whistleblower’ is subject to a multitude of definitions and does not translate well into many languages. There are however, a number of common elements which can be distilled from legislation and other sources. These elements make up the core of the whistleblowing definition used in this text.

(1) Definitions commonly make reference to the types of conduct that may be disclosed; namely, real or perceived wrongdoing including (unlawful, irregular, immoral or illegitimate conduct) within a given organisation. 3

2 Parliamentary Assembly of the Council of Europe, Committee on Legal Affairs and Human Rights. “The protection of whistle-blowers,” Rapporteur: Mr Pieter Omtzigt, Doc. 12006, 14 September 2009. 3 South Africa Protected Disclosures Act, 2000; John Bowers, Martin Fodder, Jeremy Lewis, Jack Mitchell, Whistleblowing: Law and Practice (Oxford: Oxford University Press, 2010), 1; Transparency International, Recommended Draft Principles for Whistleblowing Legislation (Berlin: TI, November 2009), Principle 1; Roberts, Olsen and Brown, “Whistling while they work,” 12; Japan “Public Interest Speak Up Advisors” in Richard Calland and Guy Dehn, eds., Whistleblowing Around the World: Law, Culture and Practice (Cape Town and London: ODAC/PCAW, 2004); M. P. Miceli and J. P. Near, “The Relationships Among Beliefs, Organisational Position and Whistle-blowing Status: A Discriminant Analysis” Academy of Management Journal 27, no. 4 (1984): 689. 9

(2) Definitions frequently refer to the character of the wrongdoing being disclosed. Notably, definitions often make reference to the fact that wrongdoing (or potential wrongdoing) being disclosed must adversely affect (directly or indirectly) the public interest, as opposed to interests which are merely personal or private. 4 This aspect of the definition is reflected in the fact that a great deal of legislation on the issue includes the phrase public interest in the title. 5

(3) Definitions generally refer to the fact that disclosures are made by members or former members (individuals or groups) of an organisation. 6

More specifically, this paper focuses on the disclosure of information showing wrongdoing (hereafter whistleblowing ) by employees, former employees, conscripts, and contractors of security sector organisations such as the police, military and intelligence services (hereafter, security sector personnel ), as well as members of the executive branch working in national security related departments. We will address disclosures of such information made to: (a) internal bodies, i.e., those which are internal to an organisation from which a disclosure originates; (b) designated independent bodies, ¨(i.e., those that are autonomous and external to both the organisations from which disclosures are made and the executive); and (c) the media and public at large.

Given that this study is being drafted as part of a project on access to information and national security, it will discuss issues relating to the disclosure of classified or

4 Roberts, Olsen and Brown, “Whistling while they work,” 12; Peter Boden “Submission to the House of Representatives Standing Committee on Legal and Constitutional Affairs’ Inquiry into Whistleblowing Protections within the Australian Government Public Sector,” 29. 5 See, for example, the Indian Public Interest Disclosure and Protection to Persons Making the Disclosure Bill 2010; New Zealand Protected Disclosures Act 2000; and the British Public Interest Disclosure Act 1998. 6 South Africa Protected Disclosures Act, 2000; Bowers, Fodder, Lewis, Mitchell, Whistleblowing: Law and Practice , 1; Roberts, Olsen and Brown, “Whistling while they work,” 12; M. P. Miceli and J. P. Near, “The Relationships Among Beliefs, Organisational Position and Whistle-blowing Status: A Discriminant Analysis” Academy of Management Journal 27, no. 4 (1984): 689. 10

otherwise confidential information. Also relevant are disclosures made by security sector personnel which do not include such information but are nonetheless treated differently (to disclosures made by employees in other areas of the public sector) by virtue of the fact that they are made by for example, employees of intelligence and security agencies. 7 It is imperative to underline that while the level of classification of information may have procedural implications for a disclosure, it is not germane to the question of whether a disclosure can (or cannot) be considered to be whistleblowing.

We define the security sector narrowly to include the armed forces, paramilitary forces, gendarmeries, intelligence and security services, and law enforcement bodies such as border protection agencies and police forces (hereafter referred to collectively as security sector organisations ). Although many definitions of the security sector include legislative bodies and other independent oversight bodies, the authors favour a narrower definition for several reasons, including conceptual clarity.8 While disclosures made by, for example, members of parliamentary oversight committees and ombuds institutions are salient to the broader questions raised by this paper, we have opted not to include them here. Equally, we will not address so-called “secondary disclosures;” that is, the re-disclosure of information (to the public) by, for example, journalists. This subject is nevertheless, closely related to whistleblowing by security sector personnel because they sometimes disclose information to the media which then make a secondary disclosure when revealing it to the public at large.

7 In this regard, see for example, the UK Official Secrets Act, 1989. 8 For further discussion, see UN General Assembly/UN Security Council, ‘Securing Peace and Development: The Role of the United Nations in Supporting Security Sector Reform,’ 23 January 2008, A/62/659-S/2008/39, 5-6.; Heiner Hänggi, ‘Making Sense of Security Sector Governance,’ in Challenges of Security Governance , eds. H. Hänggi and T.H. Winkler (Münster: LIT Verlag, 2003), 18. 11

1.2 Context and relevance 1.2.1 Timeliness Very little work has been done on this topic outside of the United States, and there is scant comparative literature on this subject. In particular, little is known about the functioning of internal whistleblower mechanisms within security sector organisations or indeed about the functioning of mechanisms for disclosures to independent bodies by security sector personnel. The fact that there are limited examples or jurisprudence involving disclosures made by security sector personnel, makes this a challenging area of research. In view of this, our analysis focuses primarily on the legal and institutional frameworks for whistleblowing in the security sector, rather than on how these laws and mechanisms work in practice. This is a worthy area for future research but one that would be extremely challenging due to the often classified nature of such issues.

A comparative examination of whistleblowing in the context of the security sector and, indeed, whistleblowing more generally, is particularly timely for a number of reasons.

First and most prominent among these, is the ongoing furore created by WikiLeaks publishing classified US government documents (particularly the release of diplomatic cables), which were allegedly supplied by, among others, Bradley Manning, a member of the armed forces. WikiLeaks has clearly facilitated the disclosure of information showing serious wrongdoing, the revelation of which is unquestionably in the public interest. In most cases, the information from diplomatic cables disclosed to and published by WikiLeaks does not pertain to wrongdoing and is thus not an example of whistleblowing stricto sensu. Indeed, the public disclosure of this type of information may have damaged the cause of security sector whistleblowers, particularly in the US It does, however, raise important questions about disclosures of classified information showing wrongdoing, as well as the secondary disclosure of this information by media and

similar outlets. The Manning case aside, the advent of WikiLeaks and the willingness of some security sector personnel to leak information to the site can be seen as evidence that legal and institutional frameworks for protected disclosures are either inexistent or inadequate. 9

Secondly, a number of states are currently considering legislation which has important implications for whistleblowing in the security sector. On a positive note, relatively comprehensive legislation on the protection of whistleblowers recently came into force in the Republic of Korea. 10 On a more worrying note, the South African parliament is considering a protection of information bill which has obvious implications for security sector personnel wishing to disclose information showing wrongdoing. 11 Additionally, the United States Congress has discussed (and as recently as December 2010 almost passed) a number of bills which would strengthen protections afforded to employees of certain security sector organisations who disclose information showing wrongdoing. 12 In Indonesia, too, Leaders of the Witness and Victim Protection Agency (LPSK), the Supreme Court, the National Police, the Justice and Human Rights Ministry, the Attorney General’s Office and the Corruption Eradication Commission signed a statement in 2011 on providing security for whistleblowers, including in the security sector. 13 Improving whistleblower protection systems has since been included as one of nine major priorities in the government’s Bureaucratic Reform Roadmap 2010–2014. 14

9 See, for example, Stephen Vladeck, “Left out in the cold: the chilling of speech, association, and the press in post-9/11 America,” American University Law Review , 57 (June 2008). 10 Kim Dok-Man, “Better Protection for Whistleblowers,” Korea Times, 12 Feb 2011; Republic of Korea, Act on the Protection of Public Interest Whistleblowers, Act no. 10472, March 29, 2011. 11 Republic of South Africa, Protection of State Information Bill, [B 6B—2010] as introduced in the National Assembly; Government Gazette No.32999 of March 2010, Minister of State Security, 13 September 2011. For a cogent critique of this bill see, for example, Dario Milo, “Information bill needed - just not this one,” Times Live , 27 November 2011. 12 R. Jeffrey Smith, “Bill to protect whistleblowers fails in Senate,” The Washington Post, Thursday, December 23, 2010. 13 Thin Lei Win, “Indonesia to Give Whistleblowers More Protection- Report,” Trust Law, 20 July 2011, http://www.trust.org/trustlaw/news/indonesia-to-give-whistleblowers-more-protection- report/ 14 Eko Prasojo, “Accelerating Bureaucratic Reform,” The Jakarta Post, 5 June 2012, http://www.thejakartapost.com/news/2012/06/05/accelerating-bureaucratic-reform.html 13

Thirdly, the importance of whistleblower protections have been increasingly recognised by international organisations and their member states. The United Nations Convention Against Corruption, for example, requires that states party consider the establishment of “measures and systems to facilitate the reporting by public officials of acts of corruption to appropriate authorities” 15 Similarly, the Parliamentary Assembly of the Council of Europe (PACE), a body which unites parliamentary representatives from all 47 member states of the Council, recently promulgated a Resolution on the Protection of Whistleblowers which outlined the elements of appropriate legislation, as well as invited member states to review extant laws with a view to strengthening whistleblower protection throughout Europe (although not specifically in the context of the security sector).16 Additionally, in 2010, the UN Special Rapporteur on The Protection and Promotion of Human Rights while Countering Terrorism promulgated (at the request of the UN Human Rights Council) a compilation of intelligence services and their oversight. This compilation included specific guidance on disclosures from within intelligence and security services, noting that:

There are internal procedures in place for members of intelligence services to report wrongdoing. These are complemented by an independent body that has a mandate and access to the necessary information to fully investigate and take action to address wrongdoing when internal procedures have proved inadequate. Members of intelligence services who, acting in good faith, report wrongdoing are legally protected from any form of reprisal. These protections extend to disclosures made to the media or the public at

15 United Nations Convention Against Corruption , Adopted by United Nations General Assembly Resolution 58/4. Merida (Mexico), 23 October 2003, Article 8(4). 16 Parliamentary Assembly of the Council of Europe, Resolution 1729 on the ‘Protection of “whistleblowers,”’ 29 April 2010; Parliamentary Assembly of the Council of Europe, Committee on Legal Affairs and Human Rights. “The protection of whistle-blowers,” Rapporteur: Mr Pieter Omtzigt, Doc. 12006, 14 September 2009. See also Recommendation 1916 (2010). 14

large if they are made as a last resort and pertain to matters of significant public concern. 17

More recently still, the G20 Anti-Corruption Working Group has recognised the importance of effective whistleblower protection laws. At the Seoul Summit, G20 leaders, in their Anti-Corruption Action Plan, called on countries to protect whistleblowers from discrimination and retaliation and to enact and implement whistleblower protection rules by the end of 2012. 18

1.2.2 The special case of the security sector Many states treat security sector personnel as a fundamentally different category of employee from others working for the government. As a result, they are often not afforded equivalent rights and protections to those afforded to whistleblowers in other areas of government.19

In every state examined during the course of this research, the rules regarding the disclosure of information showing wrongdoing apply differently to security sector personnel than they do to other public sector personnel. In most states, legislation on the protection of whistleblowers simply does not apply to security sector personnel. Often, they are explicitly excluded from the legislation. 20 Alternatively, the law may contain a provision stating that its protections do not apply to disclosures which would ordinarily constitute a criminal offence. This, by definition,

17 United Nations Human Rights Council, Compilation of good practices on legal and institutional frameworks and measures that ensure respect for human rights by intelligence agencies while countering terrorism, including on their oversight , Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, Martin Scheinin. A/HRC/14/46, 17 May 2010. 18 G20 Anti-Corruption Action Plan, Point 7. 19 For a good overview of this situation in the United States, see : Richard Moberly, “Whistleblowers and the Obama Presidency: The National Security Dilemma,” Employment Rights and Policy Journal (forthcoming). 20 United Kingdom, Public Interest Disclosure Act, 1998; Canadian Public Servants Disclosures Act, Section 2 (Stipulates that the Act doesn’t cover members of the Canadian forces or the intelligence agencies). 15

excludes most disclosures that could be made by security sector personnel, even where they do not concern classified information.

Some states have adopted specific legislation regulating protected disclosures in the security sector. 21 Such legislation is generally much narrower and far less permissive than that covering other public sector personnel. Notably, there are often strict limitations on the bodies to which protected disclosures can be made, the types of information subject to protected disclosure, and the extent of protections against reprisals. Such limitations are widely viewed to be legitimate given the sensitive nature of the information dealt with by security sector personnel. 22

Security sector institutions undertake a broad range of sensitive activities, including the investigation of serious criminal activity, the planning and execution of military operations, counter-terrorism and counter-espionage. Much of the information relating to these activities must necessarily be kept secret because its dissemination may violate privacy and fair trial rights, endanger the personal safety of operatives, jeopardise the prosecution of criminal offences and may undermine the capacity of security sector organisations to fulfil their mandates. Accordingly, the law generally criminalises the disclosure of such information without proper authorisation. In view of this, security sector personnel face stiffer penalties for the unauthorised disclosure of information that relates to their work than most other public sector personnel. Consequently, security sector personnel are less likely to be willing to disclose information which shows wrongdoing. This reality necessitates special legal and institutional mechanisms for disclosures made by these persons. It is these mechanisms that we shall go on to describe in the proceeding sections.

21 The United States ICWPA is the most widely known example. 22 See for example, Melissa Khemani, The Protection of National Security Whistleblowers: Imperative but Impossible: A Critical Appraisal of the Scope and Adequacy of Whistleblower Protection Laws for National Security Whistleblowers (Washington DC: Georgetown University Law Center, 2009). 16

1.2.3 Whistleblowing and accountability The literature on security sector governance makes frequent reference to four “layers” of governance. These include internal control and oversight mechanisms, the executive, parliament, the judiciary, specialised oversight institutions, and the media and civil society. In a democratic polity, these different actors should ensure that security sector organisations are effective and efficient, conduct their work in accordance with the rule of law, and are accountable for their actions. 23 This existing conceptualisation of security sector governance, however, ignores the role that is played by individuals and, in particular by security sector personnel, in the good governance of security sector organisations.

This paper will demonstrate that employees of organisations, such as the police, intelligence and security agencies and the armed forces, are key part of a wider system of checks and balances and can serve to compliment and strengthen the governance structures mentioned above. 24 In this regard, they fulfil two principal functions.

First, security sector personnel are often in the best position to know what is occurring inside their organisations. Accordingly, they can be invaluable sources of information about the activities of their organisation, including possible wrongdoing.25 In this sense, security sector personnel can be considered to be the public’s “eyes and ears.” They are the persons who may be best placed to sound the alarm in cases of wrongdoing.26. Indeed, as US Supreme Court Justice, Sandra Day O’Connor, asserted in the case of Waters v. Churchill, “[g]overnment employees are often in the best position to know what ails the agencies for which they work; public

23 See, for example, Heiner Hänggi, ‘Making Sense of Security Sector Governance,’ in Challenges of Security Governance , eds. H. Hänggi and T.H. Winkler (Münster: LIT Verlag, 2003); Organisation for Economic Co-operation and Development, OECD DAC Handbook on Security System Reform : Supporting Security and Justice (Paris: OECD, 2007), 112–115; 21–22. 24 Khemani, The Protection of National Security Whistleblowers, 3. 25 See, for example, Elaine Kaplan, “The International Emergence of Legal Protections for Whistleblowers,” Journal of Public Inquiry, (Fall/Winter 2001): 37-42. 26 POGO “Homeland and National Security WB Protections,” http://www.pogo.org/investigations/whistleblower-issues/ 17

debate may gain much from their informed opinions.”27 Additionally, information provided by whistleblowers can be invaluable for the work of oversight and control mechanisms which have a mandate to hold security sector organisations and the executive to account.

As is argued in much of the literature on accountability processes, information underpins the capacity of any body to hold another organisation or individual to account. 28 Information can be seen as the lifeblood of oversight institutions. It is central to the work of the oversight mechanisms mentioned above and is essential to the good governance of the security sector. In view of their privileged access to information, security sector personnel should be understood as crucial to the strength and effectiveness of statutory oversight mechanisms where cases of wrongdoing are concerned.

Second, because security agencies are all too often able to shield themselves behind veil of secrecy and formidable classification powers 29 normal processes of public oversight by, inter alia , parliament, the media and civil society, may not be as effective as in other areas of the public sector. This lack of openness can render such agencies more vulnerable to wrongdoing and mismanagement, which may then be concealed. 30 Where there is a “lack of effective internal and external accountability structures, whistle-blowing may be the only way in which attention can be brought to bear on wrongdoing.” 31 This has been well illustrated by the fact that the vast

27 Waters v. Churchill, 511 U.S 661 (1994). 28 See, for example, Richard Mulgan, “The Processes of Public Accountability,” Australian Journal of Public Administration 56, no.1 (1997): 26–27; Jean-Paul Brodeur, “Accountability: The Search for a Theoretical Framework,” in Democratic Policing and Accountability: Global Perspectives, eds. Errol P. Mendes, Joaquin Zuckerberg, Susan Lecorre, Anne Gabriel and Jeffrey A. Clark (Aldershot: Ashgate, 1999), 142; Aidan Wills and Benjamin S. Buckland, Access to Information by Intelligence and Security Service Oversight Bodies (Geneva: DCAF, OSF, 2012). 29 Khemani, The Protection of National Security Whistleblowers , 5-6. 30 Federal Accountability Initiative for Reform (FAIR), “What’s Wrong with Canada’s Federal Whistleblower Legislation: An analysis of the Public Servants Disclosure Protection Act (PSDPA)” (Ottawa, February 2011), 5. http://fairwhistleblower.ca/files/fair/docs/psdpa/whats_wrong_with_the_psdpa.pdf. 31 Article 19 and Liberty, “Secrets, Spies and Whistleblowers: Freedom of Expression in the UK” (London, 2000), 7.1. 18

majority of the most serious cases of wrongdoing within security sector organisations have only been brought to light because information has been disclosed by employees. Cases in point include revelations about illegal British arms sales to Iraq in the 1980s, extraordinary rendition and secret detention in the context of the “war on terror,” illegal surveillance by the National Security Agency, the Iran Contra Affair, and Watergate. 32

These functions of whistleblowers are particularly important in the context of the security sector because of the formidable powers which organisations such as the police, armed forces and intelligence services possess. These include the use of force, powers of arrest, covert surveillance, the interception of communications, and the power to enter private property. These measures may significantly limit or even violate human rights, including the rights to life, liberty, privacy, fair trial, freedom of association and expression, and the right not to be subject to torture or other inhumane and degrading treatment. In view of this, it is especially necessary that any inappropriate and/or unlawful use of such powers is reported to appropriate bodies and dealt with accordingly. Employees of the security sector organisations that use these powers are often best placed to raise the alarm.

Finally, it is worth mentioning that security sector organisations consume significant amounts of public money, and areas such as defence procurement have historically been crucibles of corruption. 33 Security sector organisations are also involved in financial transactions which are not always subject to the same procurement and financial management rules as apply in other areas of the public

32 See, for example, Richard Scott, Report of the Inquiry into the Export of Defence Equipment and Dual-Use Goods to Iraq and Related Prosecutions (London: HMSO, 1996); Ryan Check and Afsheen John Radsan, “One Lantern in the Darkest Night: The CIA’s Inspector General,” Journal of National Security Law and Policy 4 (2010): 287-288. See also Michael Scharf and Colin McLaughlin, “On Terrorism and Whistleblowing,” Case W. Res Journal of International Law, 573 (2006-2007), 552-573; See also Khemani, The Protection of National Security Whistleblowers, 5; Fisher, National Security Whistleblowers, 11. 33 For further information, see, for example, the Transparency International, International Defence and Security Programme, www.ti-defence.org. See also Andrew Feinstein, The Shadow World: Inside The Global Arms Trade (London: Tantor Media, 2011). 19

sector. This is for example, the case with regards to covertly purchasing goods and services by intelligence and security services. 34 Due to the lack of transparency and public oversight in these areas, whistleblowers can sometimes fulfil an important role in exposing possible wrongdoing in this area of the public sector.

1.2.4 Whistleblowing and human rights Disclosing or imparting information is a form of expression and is thus protected under international and regional human rights instruments. The International Covenant on Civil and Political Rights (ICCPR) and the European Convention on Human Rights (ECHR) define the right to freedom of expression as including the freedom to seek, receive and impart information and ideas of all kinds. These treaties and associated jurisprudence permit certain limitations on this right, including for reasons of national security.35 Such limitations are of particular relevance to public interest disclosures (PID) because most employers impose some duty of confidentiality on their employees.

The Siracusa Principles – which provide guidance on how states can lawfully restrict or derogate from the rights found in the ICCPR – state that this right may not be restricted (including on national security grounds) unless such a restriction is both prescribed by law and necessary in a democratic society. 36 However, even

34 See for example, South Africa, Ministerial Review Commission on Intelligence. Intelligence in a Constitutional Democracy: final report to the Minister for Intelligence Services, September 2008, 218- 22 3. 35 For example, Article 10 of the ECHR states that: 1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises. 2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary. 36 United Nations, Economic and Social Council: UN Sub-Commission on Prevention of Discrimination and Protection of Minorities, Siracusa Principles on the Limitation and Derogation of Provisions in the International Covenant on Civil and Political Rights , Annex to UN Doc E/CN.4/1984/4 (1984). 20

when such conditions are met, the European Court of Human Rights (ECtHR) has ruled that “there is little scope under Article 10 § 2 of the Convention for restrictions on debate on questions of public interest.” 37 The Johannesburg Principles [on National Security, Freedom of Expression and Access to Information] provide further guidance in this regard. The Principles state that seeking to restrict freedom of expression on national security grounds is not legitimate if the purpose of such a restriction is to protect a government from, inter alia , embarrassment or exposure of wrongdoing. 38

The exercise of the right to freedom of expression is particularly important with regards to persons who, by virtue, of their work may possess information the disclosure of which is a matter of public interest. US Supreme Court Justice Souter recognised this in his dissenting opinion in the case of Garcetti vs Ceballos when he argued that: [t]his significant, albeit qualified, protection of public employees who irritate the government is understood to flow from the First Amendment, in part, because a government paycheck does nothing to eliminate the value to an individual of speaking on public matters, and there is no good reason for categorically discounting a speaker’s interest in commenting on a matter of public concern just because the government employs him. 39

1.3 The legal framework It is not sufficient to analyse whistleblower protection regimes by referring exclusively to specific laws on the subject, which are often labelled as “public interest disclosure,” “protected disclosure,” or “whistleblower protection” legislation. In order to fully understand the legal framework which regulates the

37 Stoll v. Switzerland [GC], no. 69698/01, ECHR 2007. 38 Johannesburg Principles on National Security, Freedom of Expression and Access to Information . October 1995, 1-2. 39 Garcetti v. Ceballos , 547 U.S. 410 (2006) (Souter J). For further discussion of this case see, for example, Melissa Goodman, Catherine Crump and Sara Corris, Disavowed: The Government’s Unchecked Retaliation Against National Security Whistleblowers (Washington DC: ACLU, 2007), 9. 21

(protected) disclosure of information by security sector personnel, it is imperative to look beyond this narrow category of laws. Indeed, it is possible to identify four categories of legislation which constitute the legal mosaic relevant to this discussion. 40

First, a growing number of states have promulgated specific legislation on the protection of disclosures of information showing wrongdoing made by both public and private sector personnel.41 These are generally common law jurisdictions. 42 Given the legal clarity that such laws can afford and the prominence that they can give to whistleblowing, this is probably the best approach to whistleblower protection. The OECD has praised such laws for these reasons. 43 Nevertheless, as we shall discuss below, such laws often do not extend protections to security sector personnel.

Second, laws which establish and regulate the work of independent oversight bodies (such as, ombuds institutions, specialised parliamentary and non- parliamentary oversight committees, and complaints-handling institutions) sometimes authorise security sector personnel to approach these bodies with information about possible wrongdoing (see the section on independent mechanisms for further details). It follows that such laws normally empower these bodies to investigate complaints that come to their attention, and also to examine possible reprisals against security sector personnel relating to disclosures they have made.

40 Paul Latimer and A.J. Brown, “Whistleblower Laws: International Best Practice,” University of New South Wales Law Journal 31, no.3 (2008): 771-772. 41 Anja Osterhaus and Craig Fagan, Alternative to Silence: Whistleblower Protection in 10 European Countries (Berlin: Transparency International, 2009). 42 See, for example, Richard Calland and Guy Dehn, eds. Whistleblowing Around the World: Law, Culture and Practice , (Cape Town and London: ODAC/PCaW, 2004). 43 OECD, Study on G20 Whistleblower Protection Frameworks: Compendium of Best Practices and Guiding Principles for Legislation (Paris: OECD, 2012), 7. 22

Third, criminal codes and other instruments of law, such as official secrets legislation, contain provisions proscribing and stipulating sanctions for the unauthorised disclosure of certain types of information. Most relevant for our purposes, are provisions on the disclosure of classified or otherwise confidential information (e.g., information pertaining to criminal or judicial proceedings). More specifically, laws which regulate the activities of security sector organisations and oversight bodies often contain a number of provisions which prohibit the unauthorised disclosure of information by both current and former employees.44 In an increasing number of states, the law covers not only the disclosure of such information by security sector personnel and other government bodies, but also the secondary disclosure of this information by other individuals such as journalists. This has obvious implications for personnel considering disclosing information about possible wrongdoing within the security sector.

Finally, “sectoral” laws on: anti-corruption, regulation of competition, environmental protection and employment/labour laws. In particular, in many employment or labour laws recognise a fiduciary duty that is owed (usually through a contract) by employees to their employers. This duty imports (or implies) an obligation to safeguard the confidentiality of information about their employer’s affairs. 45 Law in some states, however, has developed to the extent that such obligations are not absolute and may not apply in cases where the information concerns wrongdoing. 46

44 See, for example, Australian Intelligence Services Act 2001 (Act No. 152 of 2001); Netherlands, Act of 7 February 2002, providing for rules relating to the intelligence and security services and amendment of several acts (Intelligence and Security Services Act 2002); South African Police Services Act, No. 1527, 4 October 1995, para. 70. 45 See, for example, Gillhams Solicitors, “Business & Commercial Confidential Information: Whistleblowers and Disclosure of Confidential Information.” 46 In the UK case of Gartside v . Outram [1856] 26 L.J. Ch. 113, for example, the Court held that “[t]he true doctrine is that there is no confidence as to the disclosure of an iniquity. You cannot make me the confident of a crime or fraud, and be entitled to close up my lips upon any secret which you have the audacity to disclose to me relating to any fraudulent intention on your part.” In the UK, the ruling in this case has developed as a kind of public interest defence which may justify the disclosure of confidential information showing ‘iniquity’ that would otherwise be prohibited by contractual obligation.” 23

1.4 Structure of the study This study is divided into ten further sections. It begins with an examination of some of the reasons for which security sector personnel are reluctant to disclose information showing wrongdoing. An understanding of the obstacles to whistleblowing is essential if lawmakers are to fully understand what is required when developing a whistleblower protection regime. The third section of the study turns to examine what is covered by legal frameworks for protected disclosures. This includes an overview of the types of information that may be subject to protected disclosure, the categories of person who can make disclosures, and questions of motive and proof relating to protected disclosures. This is followed by three sections which address disclosures to a variety of internal (section four), quasi-internal (section five) and independent bodies (section six). These sections include a discussion of the role played by such bodies in both investigating disclosures and protecting persons who make disclosures. The seventh and eighth sections of the study examine reprisals against whistleblowers, as well as mechanisms for protecting them from reprisals. These sections are followed by an examination of disclosures to the media and public at large, including the question of how rules on such disclosures differ inside and outside the security sector (section nine), and an assessment of the criminal law defences that may be available to persons prosecuted for the disclosure of information (section ten). The latter section provides a detailed analysis of the public interest defence, which was the subject of significant debate during the drafting of the Global Principles on National Security and the Right to Information . The study ends with a concluding section and an annexed table detailing some prominent examples of security sector whistleblowers.

2. Obstacles to whistleblowing

While whistleblowing can play a valuable role in exposing wrongdoing, the practice remains relatively rare in the security sector. This has important negative ramifications for transparency, accountability and oversight in this area. The fact that very few security sector personnel make disclosures can be largely explained by the manifold obstacles they face. Such obstacles either prevent whistleblowing completely or otherwise have a significant chilling effect. In the following section, we explore a number of these obstacles, including: the lack of adequate legal protections; the fear of consequences (prosecution, retaliation); lack of faith in established mechanisms; the reach and strength of state secrecy laws; judicial deference to the executive in the security domain; practical impediments; and cultural aversion to whistleblowing.

2.1 Inadequate legal framework As we have noted above, laws offering protection to those who disclose information showing wrongdoing simply do not exist in many jurisdictions. Where protections are available, they are commonly deficient in one or several of the following areas. First, laws may not cover members of security sector organisations (e.g., UK PIDA, US WPA). Second, laws may exclude from protection disclosures showing wrongdoing which include classified or otherwise confidential information (e.g., Indian Public Interest Disclosure and Protection to Persons Making the Disclosures Bill). Third, the law may not provide for independent review and investigation of information disclosed, or for independent protections against reprisal (e.g., US Inspector General system). Fourth, while laws may prescribe channels through which protected disclosures can be made, they may not provide concomitant protections to those making use of such avenues (e.g., Australian Inspector General of Intelligence and Security Law, US Intelligence Community Whistleblower

Protection Act - ICWPA).47 Fifth, while laws may permit disclosures and offer protection, they may impose unduly onerous procedural requirements. Lastly, laws may only protect disclosures of information showing an overly narrow range of wrongdoing.

These weaknesses in legal frameworks are likely to discourage, if not prevent, persons working within security sector organisations from disclosing information showing wrongdoing. Most obviously, the lack of an explicit legal authorisation and/or established procedures for the disclosure of information showing wrongdoing is likely to mean that those making such disclosures do so at significant risk of negative consequences, including prosecution and disciplinary action, as will now be discussed (see table in annexe 1).

2.2 Adverse consequences 2.2.1 Prosecution One of the most significant barriers to disclosure of information showing wrongdoing by security sector personnel is the risk of prosecution for the unauthorised disclosure of information. Some states, such as the UK, even criminalise the disclosure of any information by employees of particular agencies, regardless of whether or not such information is classified. 48

In addition to prosecution under state secrecy laws, whistleblowers may even be prosecuted for espionage. This has, for example, been the approach taken in recent years by US federal prosecutors, who have used the 1917 Espionage Act to bring charges against such persons, including a record number of cases under President Obama;49 hence Scott Horton’s description of this act as the “ultimate anti-

47 See Khemani, The Protection of National Security Whistleblowers, 15; A major discussion of this question is also found in: Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection. 48 United Kingdom, Official Secrets Act 1989 , Section 1.1.09. 49 Scott Shane, “Leak Offers Look at Efforts by US to Spy on Israel,” New York Times , 5 September 2011. 26

whistleblower tool.” 50 This is compounded by the fact that very few jurisdictions offer the possibility of a public interest defence in the event of prosecution for such a disclosure (see discussion below).

Criminal law has discouraged would-be whistleblowers in many jurisdictions. Even though successful prosecutions may be rare, they introduce an element of uncertainty that is, in itself, a significant deterrent.51 Indeed, Article 19 and Liberty have gone as far as to suggest that the UK government has pursued a deliberate policy of “seeking to chill” whistleblowers, supported by a willingness on the part of the judiciary to impose sentences for the purposes of deterrence. 52 This is a point that has been reaffirmed by the UN Committee on Human Rights, which stated that “[p]owers under the Official Secrets Act have been ‘exercised to frustrate former employees of the crown from bringing into the public domain issues of genuine public interest, and can be exercised to prevent the media from publishing such matters’.” 53

The chilling effect that prosecutions (or the threat of prosecution) has on would-be whistleblowers also has important secondary effects on the media. If the (increased) threat of prosecution causes whistleblowers to disclose less information to journalists, this will inevitably hamper the ability of the media to investigate and report on matters of public interest.54

50 Scott Horton, “A Setback for Obama’s War on Whistleblowers,” Harpers, 9 August 2011; see also, Morton H. Halperin, “Criminal Penalties for Disclosing Classified Information in the United States,” Open Society Foundations, 2012. 51 Sibel Edmonds, “Paul Reveres or Benedict Arnolds: Whistleblowing in the Post-9/11 Age” (speech at the American Library Association Annual Conference and Exhibition. Washington DC, June 21-27, 2007); Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection, 82. 52 Article 19 and Liberty, “Secrets, Spies and Whistleblowers,” 3.0 and 6.1. 53 UN Committee on Human Rights, cited in Duncan Campbell, “Labour Warned Over Limits to Free Expression,” The Guardian, 15 August 2008, http://www.guardian.co.uk/politics/2008/aug/15/labour.idcards 54 See comments of Jesselyn Radack on the Al-Jazeera programme The Listening Post, Blowing the Whistle on Obama's America . http://youtu.be/8b6eEES5BN4 27

2.2.2 Retaliation A second and related obstacle to those considering making a disclosure is the fear of retaliation, which can include harassment (ranging from violence against the person to workplace bullying – in one notable Australian case, a policeman who exposed corruption in the Queensland force was fed dog food by his colleagues), 55 isolation, reassignment (including geographically), demotion or lack of promotion, suspension or removal of security clearance, retaliatory investigations, and even dismissal. 56 Indeed, the fear was cited as one of two main reasons for not making a disclosure by US public sector personnel (the other being a belief that nothing would be done). In Roberts, Olsen and Brown’s comprehensive Australian report, it was likewise found that fear of reprisal and a desire to protect one’s career and avoid workplace conflict was a significant obstacle to the reporting of wrongdoing (the other main reason being, again, a belief that nothing would be done). 57

This is particularly problematic when we consider that those who experience retaliation often have no effective remedy or channel through which to seek independent redress, even when they initially made their disclosure through designated(authorised) channels. This is the case, as the American Civil Liberties Union reports, with regards to those making disclosures under the US ICWPA.58 Similarly, in the ten European countries looked at for a 2009 Transparency International report, “none… [had] a comprehensive and clear set of whistleblower protection procedures.” 59

55 Jared Owens, “Police Whistleblower ‘Dog-Meat’,” The Australian, 24 September 2010. 56 For comprehensive lists, see David Banisar, “Whistleblowing: International Standards and Developments,” in Irma E. Sandoval, ed. Corruption and Transparency: Debating the Frontiers Between State, Market and Society, Washington DC: World Bank Institute for Social Research, forthcoming; Osterhaus and Fagan, Alternative to Silence, 76. 57 Paul Roberts, Jane Olsen and A. J. Brown, “Whistling while they work: towards best practice, whistleblowing programs in public sector organisations,” Draft Report, Griffith University, 2009, 42, 51. 58 Goodman, Crump and Corris, Disavowed, 10. 59 Osterhaus and Fagan, Alternative to Silence. 28

A good example of this also exists in Canada, where FAIR, a whistleblower protection NGO, has highlighted the problems faced by members of the Royal Canadian Mounted Police (RCMP), the federal police force. While they are, in principle, offered protection by the Public Service Disclosure Protection Act, they are, in practical terms, exempted, due to the fact that, “[they] cannot submit complaints of reprisal directly to the Commissioner: they must first exhaust their organization’s internal complaints procedures [Section 19.1(5)]. But the RCMP has a track record of using these internal procedures to punish whistleblowers (and anyone else who falls out of favour with their bosses), and these proceedings can take a very long time. Thus it is unlikely that any RCMP employee will ever obtain any kind of protection from reprisal under this law, even years after the event.” 60 Needless to say, if security sector personnel are aware of such realities, this is likely to dissuade them from coming forward with information showing wrongdoing.

2.2.3 Lack of faith in procedures and mechanisms In addition to the fear of prosecution or reprisals, prospective whistleblowers may be deterred by a lack of faith in established procedures and mechanisms. Indeed, a survey of public sector employers in Australia and the US, found that this fear was the second most common reason for failing to make disclosures. 61 A lack of faith in established procedures pertains primarily to a lack of confidence in the ability and/or will of internal and/or independent bodies to properly investigate concerns raised by disclosures and to ensure that remedial action is taken. 62 Would-be whistleblowers may also be concerned about the capacity and/or desire of these bodies to treat disclosures in a confidential manner, as well as to protect them against possible reprisals. 63 As we will discuss in some detail below, this fear has led

60 FAIR, “What’s Wrong with Canada’s Federal Whistleblower Legislation” 61 Scharf and McLaughlin, “On Terrorism and Whistleblowing,” 576; Roberts, Olsen and Brown, “Whistling while they work,” 42, 51. See also: Osterhaus and Fagan, Alternative to Silence, 5. 62 Roberts, Olsen and Brown, “Whistling while they work,” 51. 63 Khemani, The Protection of National Security Whistleblowers, 7; Stephen Vladeck, “Left out in the cold: the chilling of speech, association, and the press in post-9/11 America,” American University Law Review, 57 (June 2008). 29

many whistleblowers to address their disclosures to the media rather through established internal and external channels.

2.2.4 Increasing reach and strength of state secrecy laws A further problem, which has been particularly apparent in the US, is the increasing use of classification powers to frustrate efforts by whistleblowers to seek redress through the courts for harm suffered as a result of their disclosures. Representative Carolyn Maloney captured this issue when she explained that in “[o]ur system, when we classify things, it’s supposed to be used for national security, not to punish whistleblowers or cover up a mistake possibly in an agency … every single agency that may have a whistleblower that they want to silence … can just sit there and classify everything about that person so they can’t even express their situation.” 64 Indeed, this occurred in the case of Sibel Edmonds, an FBI contractor who disclosed information about espionage within the agency and was subsequently fired. Her efforts to seek redress were impeded by the fact that the Justice Department sought to classify every detail of her case, including such mundane details as her date of birth and the languages she spoke. 65 This is emblematic of a general trend, involving the growing reach of state secrecy and increasing classification of material related to the security sector. 66

2.2.5 Judicial deference to the executive on national security. The chilling effect produced by the threat of prosecution is reinforced by the well established fact that courts across the world have a tendency to defer to the executive branch in matters of national security. 67 This may affect whistleblowers in

64 Cited in Khemani, The Protection of National Security Whistleblowers, 21. 65 Edmonds, “Paul Reveres or Benedict Arnolds.” 66 For an overview of some of the key issues, see Parliamentary Assembly of the Council of Europe, “Abuse of state secrecy and national security: obstacles to parliamentary and judicial scrutiny of human rights violations,” Rapporteur: Dick Marty, Doc. 12714, 16 September 2011.

67 Ian Leigh, “National Courts and International Intelligence Cooperation,” in International Intelligence Cooperation and Accountability , eds. Hans Born, Ian Leigh and Aidan Wills (London: Routledge, 2011), 232–234. See also, for example, comments made in: Department of the Navy v. Thomas E. Egan, 484 U.S. 518 (1988), 4-5, 13, 15-16, 18; This fact was remarked upon even at the 30

several ways. First, it makes courts more likely to rule in favour of the executive in criminal proceedings against whistleblowers. Second, it makes it harder for whistleblowers to seek redress through the courts when they have suffered reprisals as a result of disclosures of information showing wrongdoing. Finally, judicial deference to the executive in matters of national security makes it less likely that information which comes to light as a result of disclosures will result in successful civil action against executive bodies. In some cases, judges may even abstain from evaluating whether national security actually justifies a particular restriction imposed by the executive; the mere fact that the government would have to disclose sensitive information is often enough to defeat proceedings. 68

Recent jurisprudence in the US has shown that judicial deference in this area represents a major obstacle to the capacity of whistleblowers to seek redress for reprisals made against them arising from their disclosure of information showing wrongdoing. 69 In the case of ACLU vs NSA , for example, use of the states secrets privilege prevented plaintiffs from establishing standing to challenge NSA domestic wiretapping. Likewise, a challenge to CIA extraordinary rendition in the case of El Masri vs United States was dismissed on similar grounds. 70

2.3 Practical impediments A raft of practical impediments can also serve as an obstacle to members of security sector organisations disclosing information showing wrongdoing; we shall mention several of these. At a most basic level, would-be whistleblowers may not know where or how to report concerns. 71 In response, some organisations, such as the Australian Federal Police, make detailed guidance on these matters available to

time of the Pentagon Papers. See, for example, Charles R. Nesson, “Aspects of the Executive's Power over National Security Matters: Secrecy Classification and Foreign Intelligence Wiretaps,” Indiana Law Journal 49 (1973-1974), 399. 68 See, for example, Arar v. Ashcroft, 414 F.Supp.2d 250 (E.D. N.Y. 2006). 69 American Civil Liberties Union et al. v. National Security Agency , 493 F.3d 644 (6th Cir. 2007); Khaled El-Masri v. United States of America, No. 06-1667 (4th Cir. 2007). 70 Khaled El-Masri v. United States of America, No. 06-1667 (4th Cir. 2007). 71 Roberts, Olsen and Brown, “Whistling while they work,” 51-52. 31

their employees and have even established contact points to provide employees with advice on how and where to make disclosures. 72 However, it is our impression that this is not standard practice in many security sector organisations. This can perhaps be explained by the fact that these organisations do not wish to encourage whistleblowers, even where protected disclosures may be provided for and protected by law.

A further example of this kind of uncertainty exists in the UK, where neither the PIDA nor the OSA suggest that members of the security services can approach the ISC (a committee of parliament) with information showing wrongdoing. However, in the case of Regina vs Shayler , Lord Bingham suggested that they could legally use such a channel. This lack of clarity and legal uncertainty is precisely what deters whistleblowing.

A related problem is that it can be difficult for would-be whistleblowers to seek independent legal advice because seeking counsel may entail the revelation of classified or otherwise confidential information to a person not authorised to receive it. In the absence of such advice, a would-be whistleblower may be unsure as to whether their disclosure would qualify for protection. This uncertainty is likely to deter such disclosures. This difficulty could potentially be resolved by approaching lawyers who have received security clearance. Nevertheless, such lawyers are rare, expensive, and may be difficult to quickly identify in the absence of an established system for legal advice for would-be whistleblowers. Furthermore, even security- cleared lawyers may not be considered to have a “need to know” information discussed with them by a would-be whistleblower and may not therefore, be authorised to receive such information.

72 The New Zealand Protected Disclosures Act 2000, section 6(B) covers the role of the ombudsman in providing such advice and guidance to whistleblowers. 32

2.4 Cultural aversion to whistleblowers Attitudes to whistleblowers differ greatly between states and across the public and private sectors. Such attitudes can be considered at a societal and organisational level. 73

Security sector organisations such as the armed forces, intelligence agencies and the police and renowned for prioritising values such as secrecy, loyalty, comradeship, team spirit and respect for the chain of command. Consequently, such organisations and their employees may have particularly negative views towards those who would disclose information about colleagues or the organisation, particularly when such disclosures are made to outsiders. Hence, the use of derogatory terms such as “snitch” “turncoat” “tattletale” and so forth. Such organisational cultures are likely to militate against the disclosure of information showing wrongdoing, even where such wrongdoing is of a serious nature.

Societal values may also discourage whistleblower in certain contexts and likely influence whether whistleblower protection laws are even adopted in the first place. 74 To take just one example, a societal aversion to whistleblowing is said to exist in many post-Communist states of Eastern Europe. In these states disclosures to public authorities may be associated with the role played by collaborators and informers during Communist times. 75 Any person considering making a disclosure, which may cause them considerable hardship, is likely to want to feel that their actions are valued by the society in which they live. In environments where whistleblowing is not culturally accepted, this will inevitably present a further impediment to persons considering coming forward.

73 Kaplan, “The International Emergence of Legal Protections for Whistleblowers,” 38; Roberts, Olsen and Brown, “Whistling while they work,” 24. 74 Khemani, The Protection of National Security Whistleblowers, 6. 75 Osterhaus and Fagan, “Alternative to Silence,” 7. See also Parliamentary Assembly of the Council of Europe, Resolution 1729 on the ‘Protection of “whistle-blowers,”’ 29 April 2010, 9. 33

3. Coverage of protected disclosure legislation

This section will provide an overview of how protected disclosures are regulated. We will begin by examining the scope of the categories of wrongdoing which may be disclosed under protected disclosure legislation. The second sub-section will consider the impact that classification and confidentiality of information has on the protections afforded to whistleblowers. This is followed by assessment of two issues that are central to whistleblowing: motive and the question of proof. Finally, we will speak to the debate on whether or not public sector personnel should be under an obligation to disclose information showing wrongdoing.

3.1 Types of wrongdoing Among the states examined as part of this study, the systems of protected disclosure which best protect whistleblowers and encourage disclosures, are those that define as broadly as possible the types of wrongdoing that can be disclosed, as one expert consulted for this study remarked: “the funnel should be as big as possible.” 76

Legislation that encourages disclosures tends to be worded in a way that is unambiguous about which types of information showing wrongdoing will be subject to protected disclosure, so as not to leave a potential whistleblower guessing about whether the information they hold is covered by the law. This is particularly important in the security sector, where the classified or otherwise confidential nature of the material can make it difficult or, indeed, impossible for a potential whistleblower to obtain independent legal or other advice before making a disclosure.

As well as defining categories of information as broadly and unambiguously as possible, legislation designed to encourage disclosures also tends to clearly state that the seriousness or otherwise of an allegations should not affect whether or not

76 Roberts, Olsen and Brown, “Whistling while they work,” 45. 35

a disclosure is protected. 77 Those tasked with receiving and investigating disclosures, rather than any individual employee of a security sector organisation, should make a determination as to whether it is worth investigating further. The law should encourage as many people as possible to use desginated channels to disclose information showing wrongdoing.

National legislation varies in terms of the range wrongdoing and the level of detail about wrongdoing which may be subject to protected disclosure. 78 While some disclosure regimes focus on very specific categories of wrongdoing (e.g., corruption), the majority of whistleblower protection laws are much broader and cover a similar range of issues. Typical categories of wrongdoing included in legislation include the following categories, whether they have taken place, are taking place or are likely to take place: 79

1. criminal offences (some jurisdictions have chosen to define this broadly, while others have sought to carefully list every example that the law might cover).80

77 Australian Federal Police. “Submission to the House of Representatives Standing Committee on Legal and Constitutional Affairs’ Inquiry into Whistleblowing Protections within the Australian Government Public Sector.” http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committe es?url=/laca/whistleblowing/subs.htm 78 Romanian law, for example, includes granular detail about the different categories of wrongoing covered by the law. See Romania, Law on the Protection of Public Officials Complaining About Violations of the Law. Law 571/2004, Article 5. 79 These provisions are drawn from, inter alia, Romania, Law on the Protection of Public Officials Complaining About Violations of the Law. Law 571/2004, Article 5; Canada, Public Servants Disclosure Protection Act, 2005, c.46, Article 8; United Kingdom, Public Interest Disclosure Act, 1998. Chapter 23, Section 43b; South Africa, Protected Disclosures Act, Act no.26 of 2000, Section 1(i). See for a detailed overview of different categories of wrongdoing, see also, Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection. 80 With regard to corruption, for example, this approach has been taken by the Australian (NSW) Independent Commission Against Corruption Act of 1988, which provides an extremely exhaustive list of relevant activities. The Independent Commission Against Corruption Act (Act 35 of 1988) defines corruption in Section 8(2) as: “any conduct of any person (whether or not a public official) that affects ‘the honest or impartial exercise of official functions by any public official … or any public authority’. official misconduct (including breach of trust, fraud in office, nonfeasance, misfeasance, malfeasance, oppression, extortion or imposition); bribery; blackmail; obtaining or offering secret commissions; fraud; theft; perverting the course of justice; embezzlement; election bribery; election funding offences; election fraud; treating; tax evasion; revenue evasion; currency violations; illegal 36

2. dangers to public health and safety; 3. dangers to the environment; 4. abuse of public office; 5. miscarriages of justice; 6. significant mismanagement; 7. other matters in the public interest; and 8. deliberate concealment of any matter falling into to one of the above categories.

It is also important that the law captures the temporal element of wrongdoing. In the Republic of Korea, for instance, the law refers to crimes that have been committed, are being committed or are even likely to be committed. 81

The question of whether violations of international law would be covered by the protections offered by a disclosure regime requires a more speculative response. Of course, states may have implemented international legal obligations (particularly in the human rights domain) into domestic law. This cannot, however, be taken for granted and domestic law often does not reflect the full gamut of international legal obligations. This is particularly true on issues such as the characterisation of a particular situation as an “armed conflict,” the extra-territorial application of human rights law, and the use of force. While this issue should be explored in more detail in future research and is generally beyond the scope of this study, it is worth reflecting on one hypothetical. Namely, would a disclosure relating to the pending assassination of Osama Bin Laden be protected? His pending assassination surely would have met some of the criteria defined in whistleblowing legislation (including

drug dealings; illegal gambling; obtaining financial benefit by vice engaged in by others; bankruptcy and company violations; harbouring criminals; forgery; treason or other offences against the Sovereign; homicide or violence; matters of the same or a similar nature to any listed above or any conspiracy or attempt in relation to any of the above.” 81 Republic of Korea, Act on the Protection of Public Interest Whistleblowers, Act no. 10472, March 29, 2011, Article 6. See also the United Kingdom, Public Interest Disclosure Act, 1998. 37

criteria of illegality and imminent danger to human life) and could thus have been disclosed to an independent body.

Two areas that are not covered by whistleblower protection laws are: employment related grievances and policy disputes. Employment related grievances are not normally considered to be PIDs. Nevertheless, in some cases the line between employment-related grievances and wrongdoing with a broader impact is blurred.82 The case of FBI agent Bassem Youssef is instructive in this regard, because, while his disclosure primarily related to discrimination against him (on account of his ethnic background) the issues raised clearly had broader resonance and implications (in that the effectiveness of the FBI counterterrorism unit was undermined by the discriminatory practices highlighted by his own case) (see table in Annexe 1 for more information on this and other cases).

The question of disclosing information about perceived policy failures is more contested. Indeed, disclosures of information relating to policy have been the subject of several high-profile whistleblower cases, including that of Andrew Wilkie (now a member of the Australian Parliament). Wilkie resigned from his position and made public disclosures in the run up to the 2003 Iraq war relating to what he saw as undue political interference in the work of the Office of National Assessments (an intelligence analysis organisation). 83 Similarly, in Denmark, Frank Grevil disclosed information to newspapers revealing that threat assessments relating to Iraq and WMDs produced by the intelligence community contradicted the Danish government’s public justification for its participation in the war. Grevil was

82 Australia. Inspector General of Intelligence and Security. “Submission to House of Representatives Standing Committee on Legal and Constitutional Affairs’ Inquiry into Whistleblowing Protections Within the Australian Government Public Sector,” 17 July 2008. http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committe es?url=/laca/whistleblowing/subs.htm , para 13. 83 Andrew Wilkie, Axis of Deceit : The Story of the Intelligence Officer Who Risked All to Tell The Truth about WMD and Iraq (Melbourne : Schwartz Publishing, 2004), 14. 38

prosecuted and unsuccessfully claimed a public interest defence. 84 While the characterisation of this information is contested, the majority of national laws do not protect disclosures about policy choices and disagreements.85 In our view, however, there is a difference between policy disputes and a situation where, for example, a government has misled the public or parliament about the contents of reports produced by the intelligence services. This second type of situation should clearly be covered by disclosure regimes.

One final point can be made regarding categories of information. It is important that disclosure regimes provide automatic and unambiguous protection for anyone making a disclosure of information showing wrongdoing that falls into one of the categories defined by law. There is a clear danger, with regards to disclosures made by security sector personnel, that national security concerns are invoked to override the proper investigation of wrongdoing. If a disclosure regime clearly identifies categories of wrongdoing that are sufficiently serious (and establishes proper channels for disclosing such information), then a national security “imperative” should never form the basis of a justification for reprisal or prosecution, so long as the whistleblower makes use of such channels. In our view, information showing serious wrongdoing, such as torture (to take a perhaps obvious example) should be disclosed regardless of the damage or embarrassment such a disclosure may cause.

3.2 Classification and confidentiality In relation to disclosures in the security sector, there is a tendency to think immediately about classified information. Certainly, the cases that have attracted the most media attention in the past concern these types of information. It is important to recognise, however, that we are here concerned with much broader

84 Prosecutors v. T (Frank Grevil) , Eastern High Court of Denmark, no. U2006.65Ø - TfK2005.796/1 (2005). 85 Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection, 64-66. 39

classes of information. Of interest, of course, is information which cannot be disclosed because it pertains, for example, to an ongoing criminal investigation. Beyond information that is classified or otherwise confidential, it should be noted that many types of information that security sector whistleblowers might be seeking to disclose are neither classified nor related to ongoing operations or investigations. A common assumption exists that when we talk about security sector whistleblowing, we are automatically talking about classified information of a highly sensitive nature. The reality can be (and perhaps mostly is) much more mundane. In this sense, protected disclosures of information in the security sector are much closer to those in other parts of government than might be assumed from a cursory look at what aspects of the issue are covered in the press.

3.3 Motive A person’s motive for disclosing information showing wrongdoing is sometimes viewed as a relevant factor in determining whether a disclosure should be protected. Whistleblowers may have any number of reasons for making a disclosure including, for instance, malice or financial gain. Ultimately, however, these motives are irrelevant as long as a disclosure brings to light information showing wrongdoing. By way of example, the fact that a police officer loathes her or his superior (and may very well wish to see her or him leave the force) should not mean that the officer’s disclosure is less likely to qualify for protection when they disclose information showing wrongdoing. Indeed, in draft legislation currently being debated in the US Congress it is clearly stated that, under the WPA, motive is not grounds for losing protection. 86

Whistleblower protection legislation does not normally protect disclosures motivated by personal gain, 87 except where financial inducements are provided for

86 United States Senate, Report of the Committee on Homeland Security and Government Affairs, to accompany S. 743 . Report 112-155, 19 April 2012, 5. 87 By way of example, see: Canada, Public Servants Disclosure Protection Act , 2005, c.46, Section 2; United Kingdom, Public Interest Disclosure Act, 1998. Chapter 23, Section 43G(c). 40

by law. 88 However, it could be argued that the fact a whistleblower is partly motivated by, for instance, an unofficial payment from an investigative journalist, should not necessarily disqualify him/her from protection so long as they disclose wrongdoing that is clearly in the public interest. The fact someone was paid to reveal information about illegal activities does not diminish the public interest in bringing to light such activities.

In most jurisdictions with whistleblower protection legislation, the motives behind a disclosure are not considered important so long as the motivations behind a disclosure are not vexatious or malicious. South Africa, Romania, Canada and the UK, for example, impose what is known as a good faith test. Under British law, disclosures pass this test when they are made “honestly and not maliciously.” 89 As South African courts have ruled, it should not be incumbent upon a whistleblower to demonstrate that they made their disclosure in good faith. 90 A good faith test is problematic when the burden of proof is placed on the person making a disclosure to show that they acted in good faith. This is because it is difficult, if not impossible, to prove good faith and it is very hard to assess someone’s motive.

The possibility that questions about motive may be raised in court may have a significant chilling affect on the willingness of persons to come forward with information showing wrongdoing. Public Concern at Work (a British whistleblower protection charity) has even argued that the good faith requirement tempts lawyers to argue about motives in every case. 91 As Dame Janet Smith stated in the UK’s Shipman Inquiry, the good faith test should be either very loosely interpreted or disregarded entirely to “avoid the possibility that concerns will not come to light because an individual might lose protection if [his or her] motives can be

88 See, for example, Republic of Korea, Act on the Protection of Public Interest Whistleblowers, Act no. 10472, March 29, 2011, Chapter IV. 89 See Public Concern at Work, “Good faith” - case law on PIDA, http://www.pcaw.co.uk/law/goodfaith.htm . 90 Tshishonga v. Minister of Justice and Constitutional Development and Another (JS898/04) [2006] ZALC. 91 See Public Concern at Work, “Good faith” - case law on PIDA. 41

impugned.” 92 This may explain why such a test is not included in the public interest disclosure statutes of the Republic of Korea and New Zealand. 93 3.4 Proof With regards to the question of whether or not a whistleblower needs to provide proof to substantiate their disclosure, national law is fairly consistent. Most states opt for some variation on the “honest and reasonable belief” test. This standard requires that a person making a disclosure should have “an honest and reasonable belief” that his/her disclosure relates to a category of wrongdoing that is set out in the law. 94 Such a standard excludes from protection disclosures that are knowingly false 95 but still protects those that are not ultimately substantiated. 96

A person making a disclosure should not be expected to prove that their information is accurate in order for their disclosure to be protected. What matters is that it was made in the reasonable belief that it was correct. 97 There are several key reasons for this. First, demanding proof from a person making a disclosure may encourage them to engage in illegal or contractually prohibited behaviour (such as accessing and retaining files that they are not authorised to have in their possession). Second, by gathering evidence, they may, in fact, taint it to the point that it is unusable by any official investigation. Third, attempts to gather proof may alert any wrongdoers that their activities have been discovered, thus leading to the destruction of evidence. It is much better, as one expert interviewed for this study

92 Public Concern at Work, Where’s Whistleblowing Now? 10 Years of Legal Protection for Whistleblowers (London” PCAW, 2010), 5. 93 Republic of Korea, Act on the Protection of Public Interest Whistleblowers, Act no. 10472, March 29, 2011; New Zealand, Protected Disclosures Act, 2000. 94 OECD, Study on G20 Whistleblower Protection Frameworks: Compendium of Best Practices and Guiding Principles for Legislation (Paris: OECD, 2012), 8. 95 See, for example, Republic of Korea, Act on the Protection of Public Interest Whistleblowers, Act no. 10472, March 29, 2011, Article 2.2(a); see also, Parliament of Australia, Whistleblower protection, 85. 96 Parliament of Australia, Whistleblower protection, 75. 97 For supporting examples, see Kaplan, “The International Emergence of Legal Protections for Whistleblowers,” 38; Transparency International, “Recommended Draft Principles for Whistleblowing Legislation,” 2009, principle 6. Australian Law Reform Commission, Secrecy Laws and Open Government in Australia , 60. 42

quipped, that investigators find incriminating material in the company safe than an employee, seeking proof, breaks into it in the dead of night. 98

This view has not always been shared by the courts. In the case of Lachance vs White, a US Federal Circuit Court of Appeal held that protection should only be afforded to those who support their claims with “irrefragable proof” (i.e. impossible to refute). The court suggested that unless such proof was available, there should be a "presumption that public officers perform their duties correctly, fairly, in good faith, and in accordance with the law and governing regulations” 99 For many of the reasons cited immediately above, demanding such proof significantly diminishes the chance that whistleblowers would be successful before the Merit Systems Protection Board (MSPB), with the proportion of successful appeals dropping from 36 to 7 percent after the decision. 100 Fortunately, US lawmakers have now declared their intention to address this issue through legislation. A bill currently before Congress codifies the objective “reasonable belief” test, meaning that a disclosure is protected if the whistleblower reasonably believes it evidences wrongdoing. 101

3.5 Who may make a disclosure? There is a great deal of variation in national law, regarding who is eligible for protection from reprisals under protected disclosure regimes. Many jurisdictions limit protection to employees of public organisations, while others cover consultants, contractors, part-time staff, secondees, job applicants and family members. The UK, for example, covers contractors under section 230(3) of the Employment Rights Act, for example, while the South African Protected Disclosures Act does not. This has become a particularly important issue given the exponential increase in the number of contractors employed in the intelligence and security

98 Interview with Howard Whitton, April 2011. 99 Lachance v . White , No. 98-3249 (Fed. Cir. 1999). 100 Khemani, The Protection of National Security Whistleblowers. 101 United States Senate, Report of the Committee on Homeland Security and Government Affairs, 9-10. 43

domain. 102 Some jurisdictions go (or have attempted to go) even further. The [Australian] Northern Territory Law Reform Committee, for example, recommends protecting disclosures by “any person,” as is the case in the South Australian legislation. 103

In our view (and given the arguments made above about the desirability of a “broad funnel” approach) legislation in this area should cover current and former employees, conscripts, contractors and sub-contractors of agencies involved in the provision of national security, as well as employees of relevant ministries or departments. They are not only those most likely to have access to classified or otherwise confidential information, but they are those most vulnerable to reprisals. Whistleblowing in the security sector is, in our view, predominantly about disclosures by security sector personnel 104 and that members of the public are better protected through standard anti-reprisal provisions in criminal law, mirroring existing offences such as perversion of the course of justice and witness intimidation. 105

Whether or not anonymous disclosures are useful and/or should be permitted is a matter for debate. In jurisdictions where such disclosures are restricted, it is possible that doing so makes whistleblowers more accountable and, also, easier to protect. It seems more logical, however, to allow receiving agencies to assess the information they receive on its merits and choose to investigate anonymous disclosures when such an investigation seems likely to uncover wrongdoing. Furthermore, it may be appropriate to make provisions for anonymous disclosures in environments where the rule of law is weak and where protection from reprisals is unlikely to be particularly effective. In both Kenya and Sierra Leone, for example,

102 For a detailed discussion of this situation, see the extensive “Top Secret America” investigation in The Washington Post. See also, Tim Shorrock, Spies for Hire: The Secret World of Intelligence Outsourcing (New York: Simon and Schuster, 2008). 103 Northern Territory Law Reform Committee, Report on Whistleblowers Legislation , Report no.26, (Darwin: December 2002); South Australia, Whistleblowers Protection Act, 1993, 17. 104 Latimer and Brown, “Whistleblower Laws: International Best Practice,” 775. 105 Idem, 776. 44

the Anti-Corruption Commissions run anonymous websites for reporting of fraud and corruption. 106

It is worth noting here that even where anonymous disclosures are permitted, there may be limits to how thoroughly such disclosures can be investigated. It is also worth underlining that it is usually difficult or impossible for whistleblowers to remain anonymous. Those who receive disclosures have a duty to keep them confidential but safeguarding someone’s anonymity is unlikely to be possible in a large number of cases.

3.6 An obligation to make a disclosure? A number of states require public sector personnel to report certain types of wrongdoing. Such obligations are most commonly placed on particular professions, such as auditors and accounting officers. 107 More broadly, this is done via a code of conduct or ethics, outlining a general obligation. This is the case in the US, for example, where Executive Order 12731, asserts that “[federal] [e]mployees shall disclose waste, fraud, abuse, and corruption to appropriate authorities.” 108 Likewise, in France, public officials are required to report knowledge of illegal activities to a prosecutor but they cannot be punished for failing to do so. 109 Some states, such as Italy, for example, go further and allow the possibility that public sector personnel can be fined for failing to report wrongdoing. 110 In Romania, it may even be a criminal offence to fail to report criminal wrongdoing to a prosecutor. 111 Security sector specific examples are rare, although the Australian Federal Police (AFP) is one example of a security agency that requires appointees (after the AFP Act of

106 See the reporting sections of the relevant commission websites here: http://www.kacc.go.ke/default.asp?pageid=16 and here: http://www.anticorruption.gov.sl/reportcorruption.17. 107 See, for example, the South Africa, Public Finance Management Act, 1999. 108 Executive Order 12731, “Principles of Ethical Conduct for Government Officers and Employees,” 17 October 1990, 1(k). 109 France. Code de procédure pénale [Code of Criminal Procedure], Article 40. 110 cited in Osterhaus and Fagan, Alternative to Silence, 9-10. 111 Romanian Criminal Code, adopted in 2004 and entered into force in July 2005, Art.339. 45

1979) to report any breaches of professional standards or behaviour that is contrary to the AFP’s core values to a designated person. 112

It is important that any duty, particularly if it is of a contractual or legal nature, be mirrored by a protection regime that is strong and effective. It would be patently unfair to require employees to report wrongdoing and fail to provide proper protections against retaliation that may occur as a result. The Czech Republic is one example of a state where public servants are obliged to report wrongdoing but are not properly protected by the law when they do so. 113 This has also been the case in the US, where the government has been sending mixed messages to potential whistleblowers for some time. The 1958 Code of Ethics, for example, directs government employees to “expose corruption wherever discovered” which is admirable until one considers the number of government employees who have been fired, transferred, reprimanded, denied promotion, or harassed for doing just this. 114 Furthermore, it should also be pointed out that the existence of a general obligation to disclose wrongdoing may not solve the problem of non-reporting. Any duty to report, whether legal or otherwise, needs to be reinforced and supported by senior management and relevant independent bodies.115

112 Cited in Australian Federal Police, “Submission to the House of Representatives Standing Committee.” 113 Osterhaus and Fagan, Alternative to Silence, 10. 114 Louis Fisher, National Security Whistleblowers . Congressional Research Service (Washington DC: The Library of Congress, 30 December 2005). 115 Roberts, Olsen and Brown, “Whistling while they work,” 46

4. Internal disclosures

It is good practice for organisations to set up their own internal procedures for reporting and investigating allegations of wrongdoing, alongside statutory laws. 116 In some states, such as Norway and Romania, the law even obliges organisations to do this. 117 Internal bodies to which disclosures can be made might include: supervisors, employee representatives, human resources officers, lawyers, or even a dedicated internal complaints unit.

Internal procedures have two functions. Firstly, they provide a channel through which disclosures can be made and hopefully acted upon. If effective, internal channels can be the simplest and most effective means of addressing wrongdoing. Indeed, it is often regarded as preferable to resolve problems at the lowest level possible. When classified or otherwise confidential information is involved, good internal procedures can ensure that information never leaves the ring of secrecy, while still providing an opportunity for security sector personnel to report wrongdoing (although this can also be achieved if disclosures are made to designated independent bodies; see the following section for details). Secondly, strong internal procedures are an important way for an organisation to demonstrate a commitment to whistleblowing in general, even if employees ultimately choose to make disclosures to independent bodies instead. Indeed, as Roberts et al. emphasise, “an essential ingredient in any whistleblowing program is the commitment from each organisation to encourage reporting, act on the reports where they have been verified and to protect reporters from adverse consequences.” Roberts et al. discuss notions such as the “ethical climate of an organisation” and a “culture of integrity”, which can only be created by the

116 Parliamentary Assembly of the Council of Europe, Committee on Legal Affairs and Human Rights. “The protection of whistle-blowers,” 21. 117 Romania, Law on the Protection of Public Officials Complaining About Violations of the Law 2004 ; Norway, Working Environment Act 2005 and ethical guidelines for the public service. 47

establishment of strong and widely advertised internal procedures for the handling of disclosures. 118

In an ideal situation, concerns raised about wrongdoing would be dealt with efficiently and effectively by a line manager within the organisation concerned. 119 As the Australian Commonwealth Ombudsman has argued, this should remain the preference, both legislatively and practically. 120 However, while the existence of internal procedures is essential for the reasons outlined above, they are also problematic for several reasons. As Lord Hope stated in the case of Regina vs. Shayler: there must [...] be some doubt as to whether a whistle-blower who believes that he has good grounds for asserting that abuses are being perpetrated by the security or intelligence services will be able to persuade those to whom he can make disclosures to take his allegations seriously, to persevere with them and to effect the changes which, if these is substance in them, are necessary. […] one must be realistic […] institutions tend to protect their own and to resist criticism from wherever it may come. Where this occurs it may require the injection of a breath of fresh air from outside before institutional defects are recognized and rectified. 121

Furthermore, there are obvious problems when people within the chain of command are complicit in wrongdoing. This is a problem that the US Federal Circuit alluded to in the case of Huffman vs Office of Personnel Management . The court ruled that the Whistleblower Protection Act does not protect disclosures made to one’s superiors about wrongdoing in which they may be complicit because “the purpose of the [WPA] is to encourage disclosures that are likely to remedy the wrong [and]

118 Roberts, Olsen and Brown, “Whistling while they work,” 23-24. 119 Roberts, Olsen and Brown, “Whistling while they work,” 48. 120 see Australian Law Reform Commission. Keeping Secrets: The Protection of Classified Information and Security Sensitive Information , Report 98 (Canberra, May 2004), 81. 121 Lord Hope at para 70 in R v. Shayler [2002] UKHL 11. 48

the wrongdoer is not such a person.” 122 Of course, the impact of this and other Federal Circuit rulings has been to seriously undermine whistleblower protection in the US but the narrow point here is broadly correct – that disclosures made through internal channels are unlikely to be effective, particularly if members of the chain of command are complicit in wrongdoing.

Some of these problems have been addressed by what we might term “hybrid” models, in which independent oversight bodies have a role in overseeing the proper functioning of an internal disclosure process. Such a system exists in the UK, where the Service Complaints Commissioner (for the armed forces) oversees the functioning of otherwise internal complaints handling processes. 123 Similarly, the former Australian IGIS has suggested that just such a model could work in the Australian intelligence community, with an internal mechanism being required to report internal disclosures and the handling of such disclosures to an independent body like the IGIS. 124

A further role that internal mechanisms can usefully play is the provision of advice and support to actual or potential whistleblowers. In the Australian Federal Police, for example, a “confidant network” operates to provide advice, including on whether a disclosure may merit protection. 125 Such systems can be a useful supplement to independent advice bodies (such as the UK charity, Public Concern at Work, which offers help and free legal advice), particularly as they may allow potential whistleblowers to get advice without leaving the ring of secrecy.

122 Huffman v. Office of Personnel Management, 263 F.3d 1341, 1350 (Fed. Cir. 2001), cited in Goodman, Crump and Corris, Disavowed, 9. 123 United Kingdom Service Complaints Commissioner for the Armed Forces, Annual Report 2011 (London: SCC, 2011). 124 Australian Inspector General of Intelligence and Security, “Submission to House of Representatives Standing Committee on Legal and Constitutional Affairs’ Inquiry into Whistleblowing Protections Within the Australian Government Public Sector,” 17 July 2008. 125 Australian Federal Police, “Submission to the House of Representatives Standing Committee.” 49

5. Inspectors general

Inspectors general are normally responsible for overseeing the activities of particular government agencies or departments, as well as handling complaints pertaining to these bodies. Their functions often include receiving and investigating disclosures made by whistleblowers, and investigating possible retaliation against whistleblowers. It is important to note however, that the term “inspector general” (IG) has different meanings in different jurisdictions. The most notable differences relate to the level of independence an IG has from the organisation which it oversees. In the military context, IGs (such as the IGs for the Dutch and Belgian armed forces) are normally embedded into the chain of command and thus, not organisationally independent from the branch of the armed forces they oversee. Elsewhere, by contrast, IGs (e.g., the Australian Inspector General for Intelligence and Security – IGIS) can be fully institutionally and operationally independent from the organisations which they oversee. For this reason, it is difficult to classify them as either internal or independent bodies for receiving and investigating disclosures made by whistleblowers. These more independent IGs will be considered in more detail in the next section, on disclosures to independent bodies.

The 1978 US Inspector General Act created several IGs with jurisdiction over the security sector (although it was not until 1982 that the Department of Defence got its own IG, a civilian). In common with such offices elsewhere, they are authorised to receive and investigate complaints relating to a range of wrongdoing, including the “possible existence of an activity constituting a violation of law, rules, or regulations, or mismanagement, gross waste of funds, abuse of authority or a substantial and specific danger to the public health and safety.” 126 The Act also stipulates that employees shall not be subject to reprisals for making disclosures to IGs. It does not, however, elaborate further on ways in which the IG may prevent them from occurring, beyond suggesting that the IG should keep the identity of

126 Fisher, National Security Whistleblowers, 9. 50

whistleblowers secret, “unless the Inspector General determines such disclosure is un-avoidable during the course of the investigation.” 127

One possible advantage of an IG system is that they (depending on the exact model) are often seen as an internal channel, which research in the US has shown, employees prefer to use where possible. This system may encourage security sector personnel to report wrongdoing. 128 Furthermore, unlike independent oversight bodies, IGs for the armed forces are often deployed as part of or alongside military units. In consequence, they are perhaps more likely to be easily accessible, particularly when units are deployed remotely. The US Department of Justice IG has suggested, however, that this advantage is undermined by the fact that the military does not make the IG system a priority, particularly when it is engaged in action. 129

The system of IGs in the US armed forces and intelligence community have been heavily criticised as institutions for receiving and investigating disclosures of information showing wrongdoing. Critics highlight three main weaknesses, many of which also apply to IGs in other jurisdictions. 130

First among these is the question of independence. This is something that may be extremely problematic where a disclosure concerns the actions of a whistleblower’s superiors. Moreover, many of the IGs in US government departments (such as the Department for Justice) and agencies (such as the Central Intelligence Agency) are subordinate to those agencies’ directors and, in some circumstances, their work can be halted by the agency director to protect “vital security interests.” Similarly, the effectiveness of the US Military IG system has been questioned due to a perceived

127 Title 5. Government Organization and Employees Title 5—Appendix, United States, 5 USC § 1034, 5a USC § §§ 1—13. ( Inspector General Act of 1978 ). 128 Fisher, National Security Whistleblowers, 10. 129 United States Department of Justice, Office of the Inspector General, “A Review of the Department of Defense Office of Inspector General’s Process for Handling Military Whistleblower Reprisal Allegations,” (Washington D.C., 2009), 19-12. 130 See, for example, Benjamin S. Buckland and William McDermott, Ombuds Institutions for the Armed Forces : A Handbook, (Geneva: DCAF, 2012), particularly Chapter 4 on Models and Chapter 5 on Independence. 51

inability to conduct independent investigations, particularly with regards to reprisals (see point three below). This is also the case in Kosovo, for example, where the IG of the Kosovo Intelligence Agency (KIA) is under the authority of the agency director who “can prohibit the Inspector General from initiating, carrying out or completing an inspection or audit should the KIA director determine that this would be necessary to protect the vital security interests of Kosovo.” 131

The second common criticism of IGs with regards to whistleblowing is that they are often weak with regards to enforcing the results of their investigations. The US Defence IG, for example, does not have the authority to require the military to take action. The individual concerned still needs to apply to the service’s board of correction to have a personnel action dealt with. 132 This is among the reasons for which whistleblowers often resort to disclosures to the media – this option is seen as not only faster but also as a more effective means of “punishing” violators. 133

Thirdly, IGs are often required to report complaints to agency heads. This makes it hard (if not impossible) for them to maintain the confidentiality of whistleblowers. For intelligence community whistleblowers in the US, the fact that the IG has to report credible cases to agency heads, means they have no chance of staying anonymous, which dramatically increases their chance of being retaliated against. 134 The US military IG system has some minimum safeguards in this regard. For example, the Defence IG must ensure that the investigating IG is outside the immediate chain of command of the person submitting the allegation and the person alleged to have taken retaliatory action and service IGs have to notify the

131 Kosovo Centre for Security Studies, Control Functions of Independent State Institutions in the Security Sector in Kosovo, 103; see also the role of the inspector general in the Republic of Montenegro, Montenegro Law on the National Security Agency, Article 42, and see also Rajko Radevic, “Western Balkans Intelligence Oversight Case Study: Montenegro,” in Intelligence Oversight in the Western Balkans (forthcoming 2012). 132 United States Department of Justice, Office of the Inspector General, “A Review of the Department of Defense Office of Inspector General’s Process for Handling Military Whistleblower Reprisal Allegations,” 21. 133 Check and Radsan, “One Lantern in the Darkest Night,” 287-288. 134 Khemani, The Protection of National Security Whistleblowers, 18. 52

Defence IG upon receipt of reprisal allegations. 135 Furthermore, a Defence Department Directorate for Military Reprisals Investigations exists, staffed by civilians. The directorate can conduct its own investigations but usually refers allegations back to a service IG and oversees the way they are conducted, unless they are of a very serious nature. It has a tendency, however, to endorse service IGs’ findings and IGs have only had limited success in mitigating the problem of retaliation.136 Finally, in a worst case scenario, IGs may be used by agencies as instruments of retaliation. They may be asked, for example, to investigate whistleblowers.137

135 United States, 5 USC § 1034, Section (c)(5). 136 United States Department of Justice, Office of the Inspector General, “A Review of the Department of Defense Office of Inspector General’s Process for Handling Military Whistleblower Reprisal Allegations,” 7, 14, 88. 137 Goodman, Crump and Corris, Disavowed, 52 53

6. Disclosures to independent oversight bodies

For the purposes of this study, “independent oversight bodies” are defined as entities that are both institutionally and operationally independent from the agency and/or department that the person works for. They are bodies that are not only external to the security sector organisation concerned but are also outside the executive branch ministry or department that has political responsibility for a particular organisation. This section will begin outlining the different types of independent oversight body involved in the reception and investigation of disclosures, as well as the principal roles they play with regards to whistleblowers. Building on this introduction, we will explain the fundamental importance of external channels for whistleblowing in the security sector. This discussion is followed by a detailed examination of disclosures to both parliamentary and non- parliamentary bodies. The section will conclude by addressing the key issue of “accessing” independent oversight bodies.

The independent oversight bodies to which whistleblowers may make disclosures fall into three broad categories: 1. institutions that are established for the specific purpose of receiving and investigating disclosures from whistleblowers (e.g., the Canadian Public Sector Integrity Commissioner and the US Office of Special Counsel); 2. institutions with a mandate to oversee the agency or sector concerned (for example, some inspectors general, and parliamentary committees); and 3. bodies which have a mandate to oversee and receive complaints from all areas of the public (and sometimes private) sector (for example, general ombuds institutions and anti-corruption commissions).

The independent oversight bodies that are authorised to receive and investigate disclosures from members of security sector organisations are normally different from those authorised to receive disclosures from public sector organisations more generally. These bodies are typically authorised to handle classified information and 54

usually have a legal mandate to oversee the work of particular security sector organisations. This distinction can largely be explained by the understandable desire of governments to protect information. The US is a good case in point. Public sector workers may ordinarily disclose information showing wrongdoing to the Office of Special Counsel. Members of most intelligence agencies are not however, authorised to do so 138 and must instead approach a designated inspector general and, ultimately, the intelligence committees of Congress. 139 Similarly, under the New Zealand Protected Disclosures Act, employees of an intelligence or security agency may only make disclosures to the Inspector General of Intelligence and Security, 140 an oversight body which is officially independent from the intelligence and security agencies and the executive. 141

In some jurisdictions security sector personnel may also disclose information (including classified material) showing wrongdoing to law enforcement authorities but this will not be addressed in this section. We will focus on the role played by parliament and specialised non-parliamentary oversight bodies.

Theoretically, independent oversight bodies can play three principal roles regarding whistleblowers: 1. they are authorised to receive and investigate information showing wrongdoing from whistleblowers; 2. they formulate recommendations and may even be empowered to issue orders to address wrongdoing raised by whistleblowers; 3. they may address claims of retaliation against whistleblowers taken as a result of their disclosures.

138 United States, 5 USC § 2302; Fisher, National Security Whistleblowers, 5. 139 United States, Pub. L. 105-272 , Oct. 20, 1998, 112 Stat. 2396, Title VII. ( Intelligence Community Whistleblower Protection Act of 1998 ), Section 702. 140 New Zealand, Protected Disclosures Act, 2000, S.12. 141 It should be noted that the independence of this body has been challenged, see for example, Zaoui v. Greig, High Court of New Zealand, CIV-2004-404-317, 31 March 2004. 55

In the security sector, most independent oversight bodies focus on the first of these three roles. In the states examined for this study, we did not identify any examples of bodies that have a clear mandate to perform the third of the above roles, with regards to disclosures made by security sector personnel. Making recommendations to agencies and to the executive (as well as the power to “go public”) is usually the extent of their power with regards to whistleblower cases. In other words, independent oversight bodies are not normally empowered to issue binding orders to security sector organisations.

6.1 The importance of external channels for making disclosures The desire of governments and their agencies to protect information pertaining to the work of security sector organisations has, unfortunately, led to significant limitations (and in some cases outright prohibitions) on disclosures to external bodies by employees of such agencies. This is problematic because, in the security sector, it is particularly important for personnel to have the option of disclosing information showing wrongdoing to an independent oversight body authorised to receive and investigate this information, even when such information is classified or otherwise confidential. This is for a number of reasons.

Firstly, in any system for the reception and investigation of complaints or concerns it is not optimal for complaints to be investigated by the same body implicated in these complaints. There is an inevitable risk that there will be a conflict of interests if disclosures of information showing wrongdoing within an organisation are handled exclusively within the organisation. Desires to protect reputations, friendships and career prospects are likely to conflict with the need for allegations of wrongdoing to be fully investigated and addressed. Additionally, disclosures made internally may be more likely to result in the destruction of evidence or other practices which would compromise the proper investigation and rectification of wrongdoing.

Secondly, research has demonstrated that in many contexts would-be whistleblowers lack faith in the capacity of internal mechanisms to both fully investigate allegations of wrongdoing and to protect them from reprisals in doing so. 142 This is closely related to the fact that, as we have already noted, organisational cultures within security sector organisations tend to deride whistleblowing. As a result, disclosures made internally are highly likely to result in retaliatory action against the whistleblower.

Thirdly, the discretionary nature of the powers available to security sector organisations and the potential that the misuse of such powers can result corruption or in serious human rights violations, makes it all the more important that wrongdoing can be disclosed to an independent body.

Finally, as we will discuss in more detail below, the availability of effective independent bodies for the receipt and investigation of information showing wrongdoing may make it less likely that whistleblowers will turn to the media. This is ultimately, in the interests of the whistleblower (who is unlikely to face prosecution for the unauthorised disclosure of information), security sector organisations and the public at large (both of whom have an interest in the protection of information that is properly classified).

While independent oversight bodies provide an essential outlet for security sector personnel to raise concerns, whistleblowers can also contribute to the work of these oversight bodies by providing them with information. Indeed, whistleblowers can play a key role in alerting overseers to potential problems which need to be examined and/or may form part of broader investigations they are undertaking. Former member of the US House of Representatives (and now Senator), Barbara Boxer, has stated that: “[…] without whistleblowers, frankly, we [Congress] really could not do our job because … we need information and we need a free flow of

142 Roberts, Olsen and Brown, “Whistling while they work,” 5. 57

information from federal employees, be they military or civilian.” 143 Independent oversight bodies are typically mandated to assess security sector organisations’ compliance with the law, and/or their effectiveness and efficiency. In making such assessments, independent oversight bodies rely on a combination of information that is proactively disclosed by agencies and the executive branch, as well as their own power to demand access to information they deem relevant.144 Although some oversight bodies have the authority to question any employee of a given agency, most of their information comes from senior management and the executive branch. Yet, as Louis Fisher correctly points out: “Congress [and overseers more generally] needs access to not only the information an agency head is willing to release, but things from the middle and the bottom, and that’s whistle-blowing. In a time of war and emergencies, it’s particularly important because when you concentrate power, the chance of abuse and mistakes increases.”145

If a system of disclosures to independent oversight bodies works properly, whistleblowers can function as an ‘early warning system’ for overseers by providing them with information about serious problems which may not be readily reported to them by agency directors or the executive branch.

6.2 Disclosures to parliament In some states whistleblowers are authorised by law to disclose information showing wrongdoing to members of committees of parliament. Most commonly, disclosures have to be made to designated parliamentary oversight committees in order for them to be protected. Such committees are typically those responsible for security matters, for example, intelligence oversight committees, armed forces committees and internal security committees. These committees usually operate

143 Cited in Fisher, National Security Whistleblowers, 22. 144 Wills and Buckland, Access to Information. 145 Louis Fisher, senior specialist in the separation of powers at the CRS, cited in Alexandra Marks, “National Security vs. Whistle-Blowing,” The Christian Science Monitor, 24 January 2004. 58

within the ring of secrecy, meaning that they are ordinarily able to view classified information. Accordingly, such committees hold some or all meetings in camera, have appropriate physical measures in place to protect information, have a security cleared staff to receive disclosures and, depending on the system, may also have security cleared members. An example of this is in Germany, where members of the security and intelligence agencies can disclose information showing wrongdoing to the Bundestag’s Parliamentary Control Panel, which is responsible for the oversight of these agencies. Yet, employees of these agencies must, at the same time, make the disclosure to the relevant ministry. 146 Needless to say, this may seriously undermine the willingness of persons to make disclosures, particularly given that German law does not explicitly provide protection to whistleblowers in most cases.

Elsewhere, disclosures made to parliament are characterised as being equivalent to disclosures to the public. This is most likely the case in states where no parliamentarians are permitted to access classified information, as is the situation, for example, in Ireland. Thus, it goes without saying that, in such states, members of security sector organisations are neither authorised to make disclosures which involve the transmission of classified information to parliamentarians nor protected if they do so.

Whether or not whistleblowers are legally permitted to disclosure information to parliament depends largely on the question of whether a particular member of parliament or parliamentary entity is competent to view classified information. Such competence is typically conferred by virtue of a parliamentarian’s membership of a certain committee (for example, the Italian Parliament’s Committee for the Security of the Republic) or by their status a party leader and/or a speaker of parliament. 147 Whether or not an MP has security clearance is of limited relevance

146 Germany, Act Governing the Parliamentary Control of Intelligence Activities by the German Federation Parliamentary Control Panel Act (PKGrG) , as revised on July 29, 2009 (Federal Law Gazette I, p. 2346), Section 8 (60). 147 Aidan Wills and Mathias Vermeulen, Parliamentary Oversight of Security and Intelligence Agencies in the European Union , (Brussels: European Parliament 2011), Section 4.5. 59

to this question. A minority of states require that members of certain committees are vetted and given clearance in order to access classified information (this is the case, for example, in many post-communist states in Eastern Europe). In the majority of states in the EU, as well as the US, however, parliamentarians do not require a security clearance to access classified information as part of their work. In these cases, parliamentarians are deemed competent to view such information by virtue of their position as democratically elected representatives. 148

Notwithstanding the fact that parliamentarians may have the right to access classified information in certain areas, many states do not authorise whistleblowers to contact members of parliament directly. In some jurisdictions whistleblowers have even been prosecuted for disclosures made to parliament. A notable example of this is the case of Clive Ponting, a UK former civil servant, who was prosecuted (although ultimately acquitted) for disclosing classified information relating to the armed forces to a member of parliament (see Annex 1 for additional cases).149

A further consideration, which may be considered relevant in some contexts, is the question of whether given parliamentarians may have a “need to know” particular information. We argue that, at the very least, membership of a committee with responsibility for security or security sector organisations confers a manifest “need to know” information originating from these entities. Hence, members have a clear “need to know” with regards to information that might be disclosed to them by a whistleblower. More generally, it can be contended that all parliamentarians have a need/right to know information about wrongdoing within the executive branch and its agencies (across all policy areas) by simple virtue of their status as democratically elected representatives. 150 While we do not agree entirely with this second viewpoint, we feel that parliament plays a crucial role in any comprehensive whistleblower protection regime and that whistleblowers should always be

148 Wills and Buckland, Access to Information. 149 R v. Ponting [1985] Crim LR 318. 150 Khemani, The Protection of National Security Whistleblowers, 13. 60

authorised to make disclosures of classified or otherwise confidential information to at least some subset of a parliament’s members.

An example that supports this view is that of Russ Tice, who was warned by the National Security Agency (NSA), before he approached members of the US Congress, that the information he planned to disclose was so sensitive that, even members of the congressional intelligence committees lacked sufficient authority to receive it. Notwithstanding these observations, whistleblowers cannot be expected to make precise assessments of a particular member of parliament or parliamentary committee’s information needs and requirements.

While parliamentary committees can provide a valuable channel for the disclosure of information showing wrongdoing, their effectiveness is often limited by a number of factors. Parliamentary committees are invariably dominated by the governing parties. As a consequence, they may not be well-suited to the impartial examination of certain types of information provided by whistleblowers. Indeed, members of parliamentary committees may have clear political incentives for not wishing to investigate or expose issues which may be acutely embarrassing for their colleagues in government or opposition, as well as detrimental to their own political futures. Furthermore, parliamentarians are not commonly specialists in security-related issues and, in many states, are not supported by adequate specialist staff. As a result, parliamentary committees may not have the requisite knowledge or expertise to conduct investigations relating to information showing wrongdoing in the security sector. The latter problem is compounded by the fact that parliamentarians are often overburdened and may be unable to devote the time or resources required to adequately exercise their oversight functions. 151

Parliaments can, nevertheless, play a useful role in the investigation of information showing wrongdoing. Partisanship can (even when used for political point-scoring)

151 Wills and Vermeulen, Parliamentary Oversight of Security and Intelligence Agencies in the European Union. 61

help to ensure that even embarrassing information is exposed. Furthermore, due to their legislative and budgetary powers, parliaments may be well-positioned to promote compliance with their wishes regarding the righting of wrongs, as well as the protection of whistleblowers.

Finally, the parliamentary privilege can also help to make parliamentary committees a useful forum for the disclosure and discussion of information showing wrongdoing. This privilege, which exists in many states, provides parliamentarians with immunity from civil or criminal action and examination in legal proceedings arising from their speech within the context of parliamentary proceedings. 152 The privilege protects parliamentarians but it may also offer some protection to those making disclosures of classified or otherwise confidential information to parliamentary committees, given that it, in some jurisdictions, covers all speech made in the context of parliamentary proceedings. The extent to which these protections may extend to parliamentarians and other parties depends, however, on the extent to which parliaments in different jurisdictions have legislated to abrogate the privilege where the disclosure of classified information is concerned. 153

6.3 Disclosures to specialised non-parliamentary oversight bodies Beyond parliamentary committees, some states have established specialised independent bodies to oversee various aspects of the work of security sector organisations. These non-parliamentary oversight bodies are generally led by one or a small group of senior public figures (e.g. former judges, former prosecutors, and former politicians) supported by a professional staff. Such bodies have become increasingly common in the oversight of security and intelligence and police

152 See, for example, Section 36 of the German Criminal Code. “Parliamentary Utterances” which states that: “Members of the Bundestag (Federal Parliament), the Federal Assembly or a legislative body of a Land (constituent state), may at no time be subject to liability outside of the body because of their vote or an utterance which they made within the body or one of its committees. This shall not apply to slanderous insults.” See also, art 9 of the Bill of Rights 1688 (UK). 153 Australian Law Reform Commission, Secrecy Laws and Open Government in Australia , 593-7. For the importance of the privilege in the context of protecting free speech, see Manfred Nowak, Human Rights Handbook for Parliamentarians (Geneva: IPU/OHCHR, 2005), 64. 62

services. Notable examples include: the Canadian Security Intelligence Review Committee (SIRC), and the Dutch Review Committee on the Intelligence and Security Services (CTIVD), and the Belgian Permanent Oversight Committee on the Police Services.

These specialised oversight bodies are normally authorised to receive disclosures from personnel of the agencies which they oversee and to investigate them accordingly. Yet, it is our understanding that these overseers receive very few if any disclosures of information showing wrongdoing. This may, of course, be indicative of the high standards of professionalism within these particular systems or of the existence of good internal systems. Alternatively, it may also point to the fact that employees of security and intelligence agencies are not aware that they may report concerns to a designated independent body. In the context of specialised independent oversight of armed forces, this role is performed by, for example, the German, Norwegian and Austrian Parliamentary Commissioners for the Armed Forces. While these bodies receive far more complaints from members of armed forces than their colleagues in the field of intelligence oversight, it is evident that most complaints pertain to their own treatment and work conditions, rather than to the types of serious wrongdoing discussed throughout this paper and more often associated with whistleblowing.154

There are significant advantages associated with making disclosures to specialised independent oversight bodies from the perspective of both the executive and, more importantly, the whistleblower.

Firstly, specialised independent oversight bodies are well-placed to examine disclosures of information showing wrongdoing because they have a mandate to oversee a particular service or sector on an ongoing basis. These mandates give them an understanding of the broader context and issues associated with a given

154 See Buckland and McDermott, Ombuds Institutions for the Armed Forces. 63

agency or sector and this awareness may help them to spot linkages between information disclosed by a whistleblower and findings derived from their general oversight functions.

Specialised independent oversight bodies may also be better placed than their parliamentary counterparts to investigate disclosures of information showing wrongdoing because they are usually composed of subject matter experts. This is reinforced by the fact that they operate on a full-time basis and are typically better resourced than parliamentary committees with similar mandates.

Secondly, whistleblowers may be more likely to disclose information to an oversight body which is known and (hopefully) trusted to members of their organisation. In well-established oversight systems, security sector personnel should know that such bodies are authorised (and competent) to handle sensitive information. Nevertheless, a careful balance must be struck between the potential advantages of familiarity and the need for independence. Familiarity may be a disadvantage if the oversight body is too close to the senior leadership of the organisation.

Finally, specialised independent oversight bodies may be better placed to protect classified or confidential information than both their parliamentary counterparts and institutions that handle disclosures from the public sector more generally. While they are institutionally and operationally independent, such bodies may nevertheless operate within the ring of secrecy. In other words, they are authorised to receive and handle the highest level of classified or otherwise confidential information and have procedures in place to do so. From the point of view of security sector organisations and personnel, this capacity to handle classified information (in combination with their small size) may make them preferable to other bodies as a channel for making external disclosures. Bodies that do not have a mandate to oversee the security sector may not have procedures in place to

properly handle information of this type or may simply be unsure of to how to proceed when presented with such information.

6.4 Accessing independent oversight bodies A first requirement for access to independent bodies by whistleblowers is that such channels must be “visible.” The right of security sector personnel to make disclosures to external bodies is not always spelled out in law. Notably, in the UK, the security and intelligence agencies are (according to the House of Lords) permitted to make disclosures to parliament’s Intelligence and Security Committee, although this is not explicitly authorised in any statute. 155 Similarly, in the Netherlands, members of the intelligence agencies have the right to disclose information to the CTIVD but this is not set out in the relevant statutes.

With this in mind, the former Australian Inspector General of Intelligence and Security’s suggestion of ensuring that induction courses include briefings from the overseer (in this case the IGIS) on making protected disclosures, could be beneficial. 156 A 2010 US Senate bill (which narrowly failed to be enacted) on the protection of whistleblowers included an innovative proposal to establish a “Whistleblower Protection Ombudsman,” who would be tasked with educating agency employees about available channels, rights and remedies. 157 Such initiatives would not only help to ensure that wrongdoing is disclosed, but it could also reduce the likelihood of disclosures being made to an independent body that is not authorised to receive it (in some contexts a whistleblower could be prosecuted for making disclosures to such bodies).

Assuming that an independent oversight body is “visible” to potential whistleblowers, a second important consideration relating to access is whether or

155 R v. Shayler [2002] UKHL 11, 27. 156 Australian Inspector General of Intelligence and Security, “Submission to House of Representatives Standing Committee on Legal and Constitutional Affairs’,” para 12. 157 United States, Whistleblower Protection Enhancement Act of 2012, S.743, 112 Cong, (2012), Section 120(c). 65

not members of security sector organisations have to exhaust, or at the very least, make use of internal disclosure mechanisms before approaching independent bodies.

This is for example the case in the US intelligence community, where would-be whistleblowers much first make disclosures to the agency head or inspector general (not, in our view, an independent body) before they can make a disclosure to the congressional intelligence committees – the designated independent body. 158 Similarly, under the Canadian Public Servants Disclosures Act, RCMP officers must first exhaust internal mechanisms for raising complaints relating to reprisals before approaching the Public Service Integrity Commissioner. 159 According to FAIR (a Canadian whistleblower protection organisation) this is highly problematic because the internal procedures are ineffective and overly lengthy. Furthermore, FAIR asserts that the RCMP has a track record of using these internal procedures to punish whistleblowers. 160

The likely rationale for imposing such requirements is that problems are, in the first instance, most appropriately investigated at the lowest level, i.e., within an organisation. This may be seen as particularly important when matters are highly sensitive (or even highly embarrassing) for the agency concerned. There is, however, nothing to prevent an independent body – which receives information showing wrongdoing relating to a particular organisation – from referring the matter back to that organisation for an initial investigation. This is for example, the practice followed by the Independent Police Complaints Commission (IPCC) in England and Wales (albeit not in the specific context of whistleblowing). Upon receiving information showing wrongdoing (from a police office or member of the public) by the police, the IPCC can: (i) investigate the matter directly; (ii) refer the matter back to the police professional standards department, which must then

158 Khemani, The Protection of National Security Whistleblowers, 20. 159 Canada, Public Servants Disclosure Protection Act, S.C. 2005, c. 46, Section 19(1).5. 160 FAIR, “What’s Wrong with Canada’s Federal Whistleblower Legislation,” 5. 66

investigate the matter. It must do so: (i) under the supervision of the IPCC; (ii) independently but according to terms of reference set out by the IPPC; (iii) or fully independently. 161 The use of such procedures need not lead to the wider disclosure of classified or otherwise confidential information.

Several overseers at a recent DCAF-OSF workshop argued that it is essential that security sector personnel have direct, unfettered access to independent bodies, should they wish to raise complaints or report concerns showing wrongdoing. 162 Indeed, it is noteworthy that legislation that applies to disclosures made outside the context of the security sector does not impose a requirement for a disclosure to first be made internally, particularly where such a disclosure pertains to a highly time sensitive issue, where a disclosure made through internal channels is likely to result in the destruction on concealment of evidence, or where an internal disclosure would be likely to result in reprisals against the individual making the disclosure. 163 In view of this and for the reasons outlined above (relating to the important of external channels for making protected disclosures), we are of the opinion that such persons should not have to first make a disclosure to a superior, e.g., through the chain of command in the armed forces, or to an internal (or “quasi-internal”) body.

An alternative to the requirement that whistleblowers first make use of internal channels is the imposition of requirement that disclosures made to an independent oversight body must be “copied” to the relevant director or head of agency. This is the case for example, in Germany where members of the intelligence agencies can make disclosures to the Parliamentary Control Panel (an intelligence oversight committee) but these must be immediately passed onto the relevant agency

161 Independent Police Complaints Commission website: http://www.ipcc.gov.uk/en/Pages/investigations.aspx. See also, Roberts, Olsen and Brown, “Whistling while they work,” 52. 162 DCAF-OSF workshop held in Geneva, 4-5 May 2011. 163 United Kingdom, Public Interest Disclosure Act 1998 , Chapter 23, Section 43g; South Africa, Protected Disclosures Act 2000 ., Section 9; Canada, Public Servants Disclosure Protection Act, 2005, c.46, Section 16. This approach is also endorsed by the Parliamentary Assembly of the Council of Europe, Resolution 1729 on the ‘Protection of “whistle-blowers,”’ 29 April 2010, paragraph, 6.2.3. 67

director. While this procedure is of course preferable to a requirement that disclosures be first made internally, it is nevertheless, problematic given the abovementioned risks associated with internal disclosures. 164

A final point relating to accessing independent bodies relates to what such bodies must do with information they have received. It is clearly not sufficient for the law to simply designate or establish independent oversight bodies to which whistleblowers can make protected disclosures. These bodies also need clear guidance on what they are required to do with information received from whistleblowers. An examination of national laws and practice reveals that often, the law and subsidiary regulations give little guidance on these issues. In the Canadian case, for example, the law and subsidiary regulations do not state what either the Security Intelligence Review Committee (SIRC) or the Communications Security Establishment (CSE) Commissioner are meant to do with information pertaining to serious wrongdoing that they receive from whistleblowers. 165 Accordingly, the Canadian Senate has recommended that the government clarify what the agency head, SIRC and the CSE Commissioner is supposed to do when they receive notice of concern from a person making a disclosure. 166

A related point is the question of whether an obligation should exist to take action on the part of independent oversdight bodies. In the UK, for example, under the 1998 PIDA, Ministers (like other designated recipients) have no duty to take any action. 167 There is certainly the potential that, if such an obligation exists, it could be detrimental to oversight, because it may prevent overseers from asking questions

164 Hans De With and Erhard Kathmann, “Parliamentary and Specialised Oversight of Security and Intelligence Agencies in Germany” in Parliamentary Oversight of Security and Intelligence Agencies in the European Union, Aidan Wills and Mathias Vermeulen (Brussels: European Parliament, 2011). 165 Under section 15 of the Canadian Security of Information Act , government employees with privileged access to information, can disclose information showing serious wrongdoing to these bodies. 166 Susan Pollock, (Executive Director of the Security Intelligence Review Committee), Testimony to the Canadian Senate Special Committee on the Anti-Terrorism Act, Monday 18 April 2006. 167 David Lewis and Stephen Homewood, “Five Years of the Public Interest Disclosure Act in the UK: Are Whistleblowers Adequately Protected,” Journal of Current Legal Issues 5 (2000). 68

and/or investigating certain issues in order to avoid uncovering information which they would then have to disclose. 168 This is an interesting question, into which further research is required. In its absence, however, it would seem that this danger is outweighed by the risk that issues raised in a disclosure go un-investigated. At a minimum, we would argue that overseers have a duty to properly assess all disclosures they receive, to determine whether they require further investigation by themselves or another competent body. 169

168 Charlotte Lepri, “Parliamentary and Specialised Oversight of Security and Intelligence Agencies in France” in Parliamentary Oversight of Security and Intelligence Agencies in the European Union, Aidan Wills and Mathias Vermeulen (Brussels: European Parliament, 2011), 88. 169 Buckland and McDermott, Ombuds Institutions for the Armed Forces, Chapter 6. 69

7. Reprisals

Whistleblower protection legislation is premised on the recognition of two realities. First, some employers will retaliate against employees (and persons linked to them) for disclosing information showing wrongdoing within their organisation. Second, most employees with such information showing wrongdoing will not bring it to light unless they feel that they will be protected against possible reprisals for making a disclosure. Accordingly, whistleblower protection legislation aims to deter employers from retaliating against whistleblowers, and to provide recourse when reprisals do occur. This section will begin by addressing some general concerns regarding the effect of reprisals on (would-be) whistleblowers and the lack of protection there from. We will then address particular types of reprisals and how they can be prohibited by law. Particular attention will be paid to the suspension and revocation of security clearances as a form of reprisal because this is a major issue with regards to whistleblowing in the security sector. The proceeding section will explore in more detail how whistleblowers can be protected from reprisals.

Speaking at the 1985 House Hearings on the implementation of the CSRA, presiding officer Pat Schroeder, remarked that, in the US context: “[t]here is no dispute – whistleblowers have no protection. We urge them to come forward, we hail them as the salvation of our budget trauma, and we promise them their place in heaven. But we let them be eaten alive.” 170 At the same hearings, K. William O’Connor, Special Counsel of the Merit Systems Protection Board (MSPB) was asked whether he would advise whistleblowers to come forward. He responded by remarking dryly that, “I’d say that unless you’re in a position to retire or are independently wealthy, don’t do it. Don’t put your head up because it will get blown off.” 171

In the few decades since these remarks were made, the situation regarding reprisals against whistleblowers – particularly those from within the security sector – has

170 Cited in Fisher, National Security Whistleblowers, 14. 171 Ibid., 16. 70

scarcely improved. This is the case in three main respects. First, protections offered by the law may be comprehensive but not adequately implemented. Second, legal protections may not go far enough to protect against common types of reprisal. Finally, the law in some states may offer no protection at all.

The lack of protection afforded to whistleblowers is particularly problematic because it can have a chilling effect on the likelihood that whistleblowers will come forward. This is supported by evidence such as one study of whistleblowers which found that 70 per cent of US federal employees claiming knowledge of corruption chose not to report it due to fear of reprisal. 172

Some states encourage whistleblowing by providing channels through which disclosures can be made – the clear implication being that someone making a disclosure in this way will be protected for doing so. This is the case in the US, where the ICWPA creates channels for disclosure, yet fails to prohibit or adequately prevent retaliation against persons making such disclosures. 173 This situation also exists in Australia, where members of the security and intelligence community are authorised to make disclosures to the IGIS, despite the fact that, when doing so, they may not be legally protected from reprisals. 174

Of even greater concern, is the fact that a lack of protection from reprisals is sometimes accompanied by a requirement to make disclosures. In the Republic of Korea, for example, the “Code of Conduct For Maintaining the Integrity of Public Officials” creates obligations for public servants to make disclosures of information showing wrongdoing, without provision for concurrent protections. 175 Likewise, in the Czech Republic, the failure of public sector employees to report a crime is considered a criminal offence, yet other legal codes criminalise the making of “false

172 Khemani, The Protection of National Security Whistleblowers. 173 Goodman, Crump and Corris, Disavowed, 10. 174 See Australia, Inspector-General of Intelligence and Security Act 1986 (Cth), sections 8, 9, 9A. 175 Republic of Korea, Code Of Conduct For Maintaining The Integrity Of Public Officials , Presidential Decree No. 17906, 18. 71

disclosures” (i.e., disclosures of information that is later found to be incorrect, or situations in which the person accused of wrongdoing opts to file a counter suit of slander before any investigation begins). 176

National laws use a litany of terms to refer to reprisals; these range from “occupational detriment,”177 “disadvantageous measures,” 178 and “personnel actions.” 179 Notwithstanding these semantic differences, all of these terms refer to negative actions taken in retaliation for the disclosure of information showing wrongdoing. Before turning to the types of action that may constitute a reprisal, it is important to make it clear that we are talking about reprisals resulting from disclosures made both externally and internally. 180 A comprehensive list of forms of reprisal (which should be prohibited) can be found in the Korean Act on the Protection of Public Interest Whistleblowers. The South African Protected Disclosures Act is similarly comprehensive and makes reference to the following forms of reprisal: a) being subjected to any disciplinary action; b) being dismissed, suspended, demoted, harassed or intimidated; c) being transferred against his or her will; d) being refused transfer or promotion; e) being subjected to a term or condition of employment or retirement which is altered or kept altered to his or her disadvantage; f) being refused a reference or being provided with an adverse reference, from his or her employer; g) being denied appointment to any employment, profession or office; h) being threatened with any of the actions referred to paragraphs (a) to (g) above; or

176 Czech Republic. Criminal Code (Act No. 40/2009), para. 167, 168. Cited in Fagan, Alternative to Silence. 177 South Africa, Protected Disclosures Act 2000 , Section 1(v). 178 Republic of Korea, Act on the Protection of Public Interest Whistleblowers 2011 . 179 United States, 5 USC § 2302. 180 Parliamentary Assembly of the Council of Europe, Committee on Legal Affairs and Human Rights. “The protection of whistle-blowers,” 9. 72

i) being otherwise adversely affected in respect of his or her employment, profession or office, including employment opportunities and work security; 181

To this list we can add the following forms of reprisal, based on research on security sector whistleblowers (see table in Annex 1 for examples): • conducting retaliatory investigations in order to divert attention from the issues that the whistleblower is trying to expose; • ordering psychiatric tests or examinations; 182 • conducting unlawful surveillance (particularly of an employee’s communications with an independent oversight body);183 • physical and emotional abuse and intimidation; and • security clearance suspension or revocation.184

Given their widespread use of revocation and suspension of security clearances in retaliation against security sector whistleblowers, it is worth examining these in more detail. In many cases, suspension or revocation of a security clearance may be tantamount to firing as, without their clearance, many security sector personnel are simply unable to perform their jobs. 185 This has been recognised in current draft US legislation, which “forbids an agency to take, fail to take or threaten to take or fail to take any action with respect to any employee’s security clearance or access [to information] determination because of a protected disclosure.” 186 The Korean Act on the Protection of Public Interest Whistleblowers already contains such a prohibition. Indeed, Korean legislation states that “the suspension of access to security information or classified information; the cancellation of authorization to

181 See also the United States, 5 USC § 2302. 182 United States, 5 USC § 2302. 183 United States Office of Special Counsel, “Memorandum for Executive Departments and Agencies,” 20 June 2012. 184 See Republic of Korea, Act on the Protection of Public Interest Whistleblowers 2011 , Article 6(e). 185 United States Senate, Report of the Committee on Homeland Security and Government Affairs, 35. 186 Ibid. , 37. 73

handle security information or classified information” 187 shall be punished “by imprisonment for not more than two years or by a fine not exceeding 20 million won.” 188

FAIR, a Canadian whistleblower organisation, has warned of the ease with which this type of reprisal can be used against members of the security sector because security sector organisations are often able to resist outside scrutiny of such actions, which are also difficult to challenge. 189

In the US case, revocation or suspension of a security clearance has not, until recently, been considered a reprisal for the purposes of protection 190 a situation that Special Counsel Elaine Kaplan called “Kafkaesque” before a Congressional hearing on the matter. 191 Russell Tice is one prominent example of this type of retaliation (see Annex 1). Tice had his clearance revoked after making an internal disclosure about suspected espionage by a colleague. Subsequently, he was still able to work at the NSA but the only jobs available to him without a clearance were in the warehouse or as a driver in the NSA motor pool. Suspension of a security clearance may be even more pernicious as, unlike outright revocation, it is less likely to be subject to appeal or outside review, despite the fact that a suspension may be indefinite.

The issue of judicial deference to the executive on matters of national security is salient to the question of security clearances because it is an area where, in the US at least, the courts have been very reluctant to intervene. In the case of Department of the Navy vs Egan, for example, the Supreme Court upheld the Navy’s action (in

187 Republic of Korea, Act on the Protection of Public Interest Whistleblowers 2011 , Article 6(e). 188 Republic of Korea, Act on the Protection of Public Interest Whistleblowers 2011 , Article 30(2)1. 189 FAIR, “What’s Wrong with Canada’s Federal Whistleblower Legislation.” 190 Memorandum for Michael J. O’Neill, General Counsel, Central Intelligence Agency, from Christopher H. Schroeder, Acting Assistant Attorney General, “Access to Classified Information,” 26 November 1996, 6. cited in Fisher, National Security Whistleblowers, 31. This OLC memo led to the passing of the 1998 CIA WB Act. 191 United States Senate, Report of the Committee on Homeland Security and Government Affairs, 35. 74

revoking Egan’s security clearance) when it ruled that granting a clearance is “a sensitive and inherently discretionary judgement call, [and] is committed by law to the appropriate agency of the Executive Branch.” 192 Similarly, the US Court of Federal Claims ruled in the 2002 case of Barlow vs United States that security clearances are about predicting an individual’s future behaviour and are, as a result, highly subjective and requiring necessary expertise. The court asserted that, to deny the executive full discretion in such matters “would inevitably draw the court into improperly second-guessing executive branch officers in a highly discretionary function” and declined to do so. 193

There is a difference, however, between permitting some executive discretion over the specific issue of security clearances and guaranteeing due process more generally. This difference has recently been recognised in two decisions by the MSPB. In McGriff v. Department of the Navy and in Buelna v. Department of Homeland Security , the MSPB ruled that employees are “entitled to constitutional due process when the agency indefinitely suspend[s] [them] from federal employment based on a suspension of access to classified information.” 194 Notably, the decision recognises that, while the MSPB cannot review security clearance decisions themselves, whistleblowers nevertheless have recourse to the MSPB for violations of their due process rights. 195

While these recent decisions by the MSPB represent significant progress in the US context, there is no reason why an independent body cannot be nominated to go further still and to review substantive issues relating to the granting, revocation and/or suspension of a security clearances. Indeed the roles played by the Belgian Standing Intelligence Agencies Review Committee and the Canadian Security

192 Department of the Navy v. Thomas E. Egan, 484 U.S. 518 (1988). 193 Barlow v. United States, 51 Fed.Cl. 380, 384 n. 6 (2002). 194 Buelna v. Department of Homeland Security , MSPB 63 Docket No. DA-0752-11-0701-I-1 (2012); McGriff v. Department of the Navy , MSPB 62 Docket No. DC-0752-09-0816-I-1 (2012). 195 Richard Renner, “MSPB Holds it Can Address Due Process in Security Clearance Cases.” Whistleblower Protection Blog, The National Whistleblowers Legal Defense and Education Fund, 3 May 2012. 75

Intelligence Review Committee are instructive in this regard. Both bodies are competent to review security clearance related decisions and issue binding orders. 196 The need for independent review has been recognised by current US draft legislation, which provides for a two stage review of allegedly retaliatory security clearance decisions, first by within an agency itself and secondly by an independent panel within the Office of the Director of National Intelligence. 197

196 Belgium, Act Establishing an Appeal Body for Security Clearances, Certificates and Advice 1998 ; Canada, Security Intelligence Service Act , R.S.C., 1985, c. 23, Section 42. 197 United States Senate, Report of the Committee on Homeland Security and Government Affairs, 36-7. 76

8. Protections

Closely related to the preceding section on reprisals is the question of how whistleblowers can be protected from such actions. This discussion of protections will be broken down into five parts: legal provisions prohibiting reprisals; confidentiality as a mechanism for protecting whistleblowers; penalties for persons who retaliate against whistleblowers; a discussion of the importance of internal and independent bodies having the capacity to act to protect whistleblowers; and the issue of where the burden proof lies in demonstrating retaliation (or the lack thereof) against a whistleblower.

8.1 Legal protections against reprisals Protections against the types of reprisal outlined in the previous section are typically provided for by law but their scope differs significantly across jurisdictions. The exact phrasing of such legal protections varies across jurisdictions, with some laws placing the obligation on persons not to retaliate against whistleblowers and others framing it as a negative right, i.e. the right not to be retaliated against. Canadian law, for example, states that “no person shall take any reprisal against a public servant or direct that one be taken against a public servant.” 198 British law, on the other hand, stipulates that “[a] worker has the right not to be subjected to any detriment by any act, or any deliberate failure to act, by his employer done on the ground that the worker has made a protected disclosure.”199

Protection may be even stronger if the law explicitly provides whistleblowers with immunity from civil and criminal liability, as well as disciplinary proceedings arising from the disclosure of information showing wrongdoing in accordance with

198 Canada, Public Servants Disclosure Protection Act , S.C. 2005, c. 46. 199 United Kingdom, Public Interest Disclosure Act 1998 . 77

proscribed procedures.200 The New Zealand Protected Disclosures Act is an example of a piece of legislation which provides such protection. It states that those making disclosures should not be “liable to any civil or criminal proceeding or to a disciplinary proceeding by reason of having made or referred that disclosure of information” and that such protections should apply “despite any prohibition of or restriction on the disclosure of information under any enactment, rule of law, contract, oath, or practice.” 201 Employees of the New Zealand intelligence and security services are only permitted to make external disclosures to the Inspector General for Intelligence and Security. In doing so, they are protected against “any penalty or discriminatory treatment of any kind in relation to his or her employment” unless the IG determines that they did not act in good faith. 202 Thus, protections apply to those who disclose information through proscribed channels regardless of its level of sensitivity or classification.

Needless to say, in New Zealand and elsewhere, legal provisions granting immunity from prosecution need to be read alongside other legal provisions that strictly limit the channels through which protected disclosures can be made by members of security sector organisations. Immunity would not ordinarily extend to disclosures which entail the commission of a criminal offence pertaining to the unauthorised release of classified or otherwise confidential information.

Another form of protection that is protection from libel and defamation suits arising from the disclosure of information showing wrongdoing. Such protection exists in the Republic of Korea, for example, where the Act on the Protection of Public Interest Whistleblowers (PPIW Act) provides protection against libel and defamation, although this is tied to provisions which prevent anonymous disclosures. 203

200 Transparency International, Recommended Draft Principles, principle 15. 201 Protected Disclosures Act 2000 . 202 New Zealand, Inspector-General of Intelligence and Security Act 1996, Section 12. 203 Kim Dok-Man, “Better Protection for Whistleblowers,” Korea Times, 12 Feb 2011. 78

Disclosures made through the “wrong channels” are often not protected. This problem can arise when the law establishes or designates specific independent bodies to receive disclosures from whistleblowers but does not protect disclosures made to other independent bodies. In our view, this is problematic because making disclosures to the “correct” independent body is predicated on the whistleblower having a good understanding of the system. Such an understanding cannot be taken for granted, especially as it is often very difficult for those considering making a disclosure to seek advice internally or on where and how to make disclosures outside their organisation. For this reason, whistleblowers should ordinarily be protected if they unwittingly make a disclosure to the incorrect independent body. In such cases, it ought to be incumbent upon the recipient body to either transmit the disclosure to the appropriate body or advise the whistleblower of where and how they should make the disclosure. 204

8.2 Confidentiality Confidentiality relating to disclosures is another element of protection for whistleblowers. In general, this means that bodies tasked with receiving and investigating protected disclosures must not release information that might identify a whistleblower. The logic behind such requirements is that organisations cannot retaliate against employees for making disclosures if they cannot identify the person who made a disclosure.

There are exceptions to the general rule of confidentiality regarding disclosures. Most obviously, the whistleblower may give his/her consent (in writing) to his/her identity being revealed. The law may also authorise the body receiving a protected disclosure to identify a whistleblower if, for example, this is deemed to be necessary for the “effective investigation of the allegations,” “to prevent serious risk to public

204 The latter requirement is included in the South Africa, Protected Disclosures Act 2000 , Section 8(2). 79

health or public safety or the environment” or with “regard to the principles of natural justice.”205

It is worth noting that, in the security sector, provisions on confidentiality may be largely symbolic. A minimum amount of information will often need to be shared with relevant parties as part of an investigation into a disclosure (made either internally or externally). In many cases, this will provide sufficient information for someone (e.g., a senior manager) with inside knowledge of an organisation’s work to identify who made the disclosure. This is in large part due to the strict compartmentalisation of information within many security sector organisations, which means that very few people have access to information about specific programmes or activities. Moreover, in many states, security and intelligence services have relatively few personnel. This, of course, makes it easier for management to ascertain who made a disclosure. Also relevant is the fact that many security sector organisations specialise in information protection and investigation and they therefore have skills that facilitate the identification of whistleblower. In view of these considerations, we must remain cautious about the practical effect of legal guarantees of confidentiality for whistleblowers.

8.3 Penalties for retaliation against whistleblowers In many jurisdictions, the law does not make clear exactly what penalties (if any) apply to those who retaliate against whistleblowers. Whether those who retaliate face consequences relies, in many jurisdictions, on the willingness or ability of the whistleblower to take action in court or to refer the issue to another independent body. In some jurisdictions, however, retaliation against whistleblowers is penalised or even criminalised. 206 This is the case, for example, in Hungary where the law states that “[a]ny person who takes any detrimental action against a person who has made an announcement of public concern is guilty of a misdemeanor and

205 New Zealand, Protected Disclosures Act 2000 , Section 19. 206 Parliamentary Assembly of the Council of Europe, Committee on Legal Affairs and Human Rights. “The protection of whistle-blowers.” 80

may be punished by imprisonment not to exceed two years, work in community service or a fine.”207 Similarly, in the Republic of Korea, the law states that retaliation against whistleblowers shall be punished “by imprisonment for not more than two years or by a fine not exceeding 20 million won.” 208 Some prominent organisations, including Transparency International (in its Recommended Draft Principles for Whistleblower Legislation), have advocated such a practice although it remains controversial, with many suggesting that such penalties may be disproportionate.209

While criminalisation may be disproportionate, ad hoc protection is clearly no substitute for the existence of clearly defined and automatic penalties for those who retaliate against whistleblowers. Ad hoc protection often happens on the basis of a negotiation between the body to which a disclosure was made and the agency or government department concerned and leaves whistleblowers in a situation of uncertainty.210 A good example of this is the case of Coleen Rowley, a former FBI agent. Rowley testified to Congress on the mishandling of information by the FBI relating to the September 11 attacks. During these hearings (and due to FBI exemptions from whistleblower protection laws) Senator Leahy directly asked FBI Director Mueller to: “[P]ersonally assure this committee unequivocally there will be no retaliation of any kind against either Coleen Rowley or Kenneth Williams or any FBI employee because they provided information to the Congress or the inspector general or any supervisory FBI official about counterterrorism efforts.” 211

207 Hungary, Act IV of 1978 on the Criminal Code , Section 257. 208 Republic of Korea, Act on the Protection of Public Interest Whistleblowers 2011 , Article 30(2)1. 209 Transparency International, “Recommended Draft Principles for Whistleblowing Legislation,” 2009, Principle 3. 210 See Australian Law Reform Commission, Keeping Secrets, 77, 80. 211 United States Senate, Judiciary Committee, Hearing on FBI counterterrorism efforts, Thursday, June 6 2007, 20-7. 81

8.4 Capacity of internal and independent bodies to provide protection Even where protections are provided for by law, a lack of capacity or of robust legal powers may still hamper internal or independent bodies’ efforts to enforce them. It is particularly important that bodies to which protected disclosures can be made have real powers to protect whistleblowers from retaliation and the capacity to investigate and act against those who carry out such retaliation. The Australian Commonwealth Ombudsman and the Australian IGIS are examples of bodies that are authorised to receive disclosures of information showing wrongdoing but are said to lack the proper powers to prevent reprisals.212 This weakness is shared by bodies in a number of other jurisdictions, including Germany and Belgium. For example, the Belgian Standing Intelligence Agencies Review Committee cannot take any direct action relating to retaliation against whistleblowers. It can only report matters to the judiciary or the relevant minister when cases of retaliation come to its attention.

8.5 Burden of proof regarding retaliation Finally, there is some debate concerning where the burden of proof should lie regarding claims of retaliation against those who have made disclosures of information showing wrongdoing. It would be venturing too far to suggest that any disclosure of information showing wrongdoing should somehow immunise a whistleblower from all forms of adverse employment-related action for the rest of their career. Yet, at the same time, the burden of responsibility must lie with the employer to show that any adverse employment-related action is not precipitated by the fact that the person concerned has made a protected disclosure. This is the standard adopted by the Parliamentary Assembly of the Council of Europe, which has argued that “[i]t shall be up to the employer to establish beyond reasonable doubt that any measures taken to the detriment of the whistleblower were

212 Australian Law Reform Commission, Keeping Secrets, 82. 82

motivated by reasons other than the action of the whistleblower.”213 Likewise, under the US Whistleblower Protection Act (which does not apply to the security sector), the suggested standard is only that the disclosure and the retaliation must take place “within a period of time such that a reasonable person could conclude that the disclosure was a contributing factor in the personnel action.” Given the information and power asymmetries inherent in any employee-employer relationship, it is clearly problematic to expect employees to go further than the Council of Europe or WPA standards and demonstrate that reprisals have occurred or are occurring as a result of their actions in making a disclosure.

213 Parliamentary Assembly of the Council of Europe, Committee on Legal Affairs and Human Rights. “The protection of whistle-blowers,” 3. 83

9. Disclosures to the media and public at large

“Sometimes, inevitably, those involved in the conduct of government, as in any other walk of life, are guilty of error, incompetence, misbehaviour, dereliction of duty, even dishonesty and malpractice. Those concerned may very strongly wish that the facts relating to such matters are not made public. Publicity may reflect discredit on them or their predecessors. It may embarrass the authorities. It may impede the process of administration. Experience however shows, in this country and elsewhere, that publicity is a powerful disinfectant. Where abuses are exposed, they can be remedied. Even where abuses have already been remedied, the public may be entitled to know that they occurred. The role of the press in exposing abuses and miscarriages of justice has been a potent and honourable one. But the press cannot expose that of which it is denied knowledge.” 214

In addition to disclosures made through internal channels and to designated independent bodies (as discussed above), security sector personnel may choose to disclose information showing wrongdoing to the media and public at large. While doing so may be in violation of the law, historically, disclosures to the media have been instrumental in bringing to light a number of the most serious examples of wrongdoing in the security sector. Notable cases include the Iran Contra affair, Watergate, rendition and secret detention of suspected terrorists after 9/11, warrantless wiretapping, trafficking by international police contractors in Bosnia and Herzegovina, and the illegal surveillance of UN officials by a member state. Disclosures to the media and public at large are an essential alternative to disclosures to prescribed internal and independent bodies (discussed above) and should be regulated as part of a comprehensive approach to whistleblowing. The media relies on such disclosures to perform its function of holding government to account.

214 R v. Shayler [2002] UKHL 11, 12. 84

This section will begin by considering whether or not disclosures to the media may sometimes be an option of last resort that is more effective at getting wrongdoing addressed. This is followed by an examination of selected legal provisions on the disclosure of information to the media outside the context of the security sector. Finally, we will address the delicate issue of disclosures made to the media by security sector personnel.

9.1 The media as a (more effective) last resort? This section will show that disclosures are most commonly made to the media when persons with information showing wrongdoing made disclosures internally or to designated independent bodies, and not received a satisfactory response. Such persons may also approach the media directly because they believe that making disclosures to designated internal and/or external bodies would either lead to reprisals or would be ineffective. There have been numerous instances of this in the United States, including that of Thomas Drake, a former employee of the National Security Agency, who had information demonstrating that several major programmes within the organisation were both an inefficient use of public money and violation of human rights (see Annex 1 for more details). Drake first attempted to raise these concerns with his superiors and, later, with the relevant congressional committee and the Department of Defense Inspector General. When these institutions failed to act upon his concerns, Drake passed the relevant information to a newspaper, the Baltimore Sun. 215

Disclosures to the media and public at large can be viewed as an essential ‘safety valve’ when established procedures for receiving and investigating information showing wrongdoing are either inexistent or ineffective. They may also be considered when other options for bringing concerns to light have failed or would be futile.

215 Jane Mayer, “The Secret Sharer: Is Thomas Drake an enemy of the state?” The New Yorker, May 23, 2011, 20-31 85

Some commentators have asserted that the media is more effective at ensuring that concerns raised by whistleblowers receive due attention and are addressed in an appropriate manner. 216 The disclosure of information to the media may also expedite responses to allegations of serious wrongdoing, where persons have made disclosures through prescribed (internal or external) channels and the issues raised have not been investigated or addressed in a timely manner. 217 According to Ryan Check and Afsheen Radshan, “CIA whistleblowers may feel that taking their issues to the press is not only faster, but serves as greater punishment of the alleged violators.” 218 Media organisations may also be more effective at exposing misconduct as well as at ensuring that the identities of persons making disclosures are concealed in order to reduce the risk of retaliation. 219

9.2 Disclosures to the media outside the security sector It is instructive to look at legislation on protected disclosures outside the specific context of the security sector which ordinarily protects disclosures of information to the media and the public at large. In our view, such legislation provides good practices which could potentially be extended to the security sector. In general, such legislation is based on considerations of the public interest. As was noted by the Australian parliamentary inquiry into public sector whistleblowing:

“[i]n determining the appropriateness of protecting disclosures made to the media, the primary consideration must be how such disclosures could serve the public interest. If disclosure to a third part cannot promote

216 See, for example, Stephen Vladeck, “Left out in the cold: the chilling of speech, association, and the press in post-9/11 America,” American University Law Review , 57 (June 2008). 217 Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection, 163. 218 Check and Radsan, “One Lantern in the Darkest Night,” 288. 219 Cited in Khemani, The Protection of National Security Whistleblowers, 164. 86

accountability and integrity in public administration, or otherwise serve the public interest, then the disclosure does not warrant protection.” 220

Such legislation typically requires two sets of criteria to be met in order for a disclosure made to the media or public at large to be protected. The first set of criteria relates to the substance of the disclosure. The information must show wrongdoing of a particularly serious nature such as a serious violation of the law and/or an imminent risk of substantial danger to a person’s life, health or safety, or the environment.

The second set of criteria concern procedural matters. Under most legislation, the person making the disclosure must make it in good faith and on reasonable grounds. In addition, the information must meet one of the following conditions: • The information is particularly time sensitive, thus not allowing for prior disclosure through internal channels or to designated independent bodies. • The disclosure must have already been made through regular channels without a satisfactory or timely response having been received. • A disclosure made internally or to a designated independent body is likely to result in the destruction or concealment of evidence. • A disclosure through one of these channels would be likely to result in reprisals against the individual making the disclosure. • There are no designated internal or independent bodies authorised to receive disclosures.221

The above mentioned requirements (or close variations thereof) for making disclosures to the media and public at large are found in the legislation of several

220 Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection, 162-3. 221 United Kingdom, Public Interest Disclosure Act 1998 , Chapter 23, Section 43g; South Africa, Protected Disclosures Act 2000 , Section 9; Canada, Public Servants Disclosure Protection Act , S.C. 2005, c. 46, Section 16. This approach is also endorsed by the Parliamentary Assembly of the Council of Europe, Resolution 1729 on the ‘Protection of “whistle-blowers,”’ 29 April 2010, para., 6.2.3. 87

common law jurisdictions, including the UK, Canada and South Africa. Laws in other states, such as Romania and Norway, however, do not impose the same preconditions and allow disclosures to the media in the first instance, where the “good faith and reasonable belief tests” have been met. 222

9.3 Disclosures to the media by security sector personnel Disclosures to the media and public at large give rise to particular concern in the context of the security sector. This is primarily due to the highly sensitive nature of some of information held by security sector organisations and the possible damage (including to the capacity and effectiveness of security sector organisations as well as to the public interest more generally) which could be caused by its release. The release of information about operational methods could, for example, compromise prosecutions or give criminals a tactical advantage vis-à-vis the police. Furthermore, as the Australian Parliamentary inquiry on this issue pointed out: “disclosures to the media concerning […] national security, intelligence and defence could interfere with proper processes of government and in extreme circumstances put lives at risk.” 223

Information disclosed to the public may have implications for human rights. There are several ways in which the right to privacy could be infringed by the disclosure of personal data. A person’s right to fair trial could be compromised by the disclosure of information relating to their case. Perhaps most seriously, one can envisage situations where the right to life could be endangered by inter alia the disclosure of information pertaining to sources used by police and intelligence agencies, the operational plans of the armed forces or, more generally, by diminishing the overall capacity of the security sector organisations to protect the right to life.

222 Romania, Law on the Protection of Public Officials Complaining About Violations of the Law 2004 ; Norway, Working Environment Act 2005 . Cited in Venkatesh Nayak, Public Interest Disclosure and Protection to Persons Making the Disclosures Bill 2010: A Comparison with International Best Practice Standards (New Delhi: Commonwealth Human Rights Initiative, 2011), 7. 223 Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection, 162-3. 88

Opponents of allowing those with access to classified or otherwise confidential information to make disclosures of information showing wrongdoing to the media or public at large would likely argue that individuals within security sector organisations are not well placed to judge the possible harm that would arise from the public dissemination of certain information. Indeed, the way that many security sector organisations are structured means that many personnel only have access to “compartmentalised” information and this may make it difficult for them to arrive at a comprehensive picture that takes into account the full impact of their actions in making a public disclosure.

In view of these considerations, most examples of legislation on protected disclosures (which ordinarily allow disclosures to the media and public at large) do not extend protections to persons making disclosures of classified or otherwise confidential information. In fact, the overwhelming majority of states criminalise such disclosures. In view of this, it is unsurprising that most persons wishing to disclose information showing wrongdoing only turn to the media as a last resort. 224

Some legislation on official secrets (e.g., the UK Official Secrets Act) and public access to information allows for the possibility that permission can be granted to authorise the release of particular information to the public. This option was discussed extensively in the case of Regina v. Shayler before the UK House of Lords, where the law lords underlined that this avenue is open to members (and former members) of the security services who wish to disclose information showing wrongdoing. The Law Lords argued that, in cases where documents or information “revealed matters which, however scandalous or embarrassing, would not damage any security or intelligence interest or impede the effective discharge by the service of its very important public functions”, a decision to release them may be

224 Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection, 11. 89

appropriate. 225 However, it is extremely unlikely that such a public disclosure of information would ever, in practice, be authorised, particularly as it seems likely that the revelation of any information showing serious wrongdoing may also be construed as damaging to intelligence or security interests. Thus, in practice, unauthorised disclosure to the media or public at large may be the only option available.

The fact that, in many states, the disclosure of classified or otherwise confidential information (or even of any information by employees of particular agencies) may result in criminal prosecution makes it necessary to consider the defences that may be available to persons making such disclosures. In the absence of possible defences for the unauthorised disclosure of information, disclosures to the media and public at large will remain extremely risky for the person concerned and thus relatively rare. This is both to the detriment of the role of the media in exposing wrongdoing as well as to the broader aim of promoting good governance and the rule of law in the security domain. These defences are the subject of the next section.

225 R v. Shayler [2002] UKHL 11. 90

10. Criminal law defences for unauthorised disclosures to the media and public at large

Members of security sector organisations who disclose information that is classified or otherwise confidential may face prosecution for a broad range of offences including breaches of state secrecy laws, espionage and even treason. While such disclosures are rare, in the few instances in which they have been made, prosecutors have commonly used state secrecy laws to punish whistleblowers. This occurred in Denmark, for example, in the case of Frank Grevil and in the United Kingdom in that of Clive Ponting. Equally, as we mentioned above, prosecution under the Espionage Act has become the approach of the US Justice Department in nearly all cases concerning disclosures to the media by public officials. 226 This is despite the fact that the Act is held by many to apply only to actual espionage (i.e., conduct designed to provide information to a foreign government). 227

The types of offences with which such persons may be charged vary not only according to the circumstances and the national system of criminal law, but also between civilians and members of the armed forces. The latter category of persons is likely to be prosecuted under military law, which provides for various offences that cannot ordinarily be committed by civilians, such as “aiding the enemy.” This paper will however, only address defences against charges of breaching certain criminal law provisions proscribing the unauthorised disclosure of classified or otherwise confidential information.

A number of legal defences may be available to persons facing prosecution for the unauthorised disclosure of classified or otherwise confidential information. It should, nevertheless, be acknowledged, however, that the range of available

226 Scott Shane, “Leak Offers Look at Efforts by US to Spy on Israel,” New York Times , 5 September 2011. 227 Halperin, “Criminal Penalties.” 91

defences will likely depend on the specific offence with which the individual is charged. This section will primarily focus on the public interest defence (as this is the defence most commonly cited in relation to whistleblower cases); this will include a discussion on why we believe the public interest defence is important, an analysis of components of the PID and, finally, an evaluation of the principal arguments against this defence. However, before embarking on this discussion, we shall give brief mention to several other defences which might be used in the context of criminal proceedings brought for the unauthorised disclosure of information.

10.1 Necessity and other defences Slovenian, German and Spanish law, for example, provides that, in some circumstances, information pertaining to criminal offences cannot be considered to be protected by official secrets legislation and can therefore be disclosed. Thus, persons who make unauthorised disclosures of such types of information may be able to make this argument in their defence. 228

Similarly, the criminal law of some states, such as Italy, may be construed as protecting individuals from criminal sanctions, including those for breaching state secrecy provisions, if they make public such information in the exercise of a right or fulfilment of a duty, such as by disclosing illegal activity. 229

A necessity defence may be available in some circumstances in the context of persons being prosecuted for disclosing information showing wrongdoing, in violation of state secrecy laws. The precise parameters of a necessity defence differ between jurisdictions; however, a necessity defence normally permits someone who has committed an unlawful act (although not murder) to argue that the act was

228 Case No. 921/2006, Tribunal Supremo, Sala de lo Penal, Madrid [Supreme Court of Spain Criminal Division], (2006); Germany. Criminal Code , last amended by Article 3 of the Law of 2 October 2009, (Federal Law Gazette I p. 3214), Section 93(2); Slovenia, Classified Information Act 2001 , Article 6. 229 See Italy, Codice Penale [Penal Code], Article 51; Italy, Law 124/2007, Article 39, which limits the use of state secrets to protect crimes. 92

necessary to prevent serious harm to themselves or another person. 230 This would therefore, preclude a person for invoking a necessity defence when prosecuting for disclosing classified information showing, for example, corruption or flawed decision-making processes in government. Yet it may, for instance, apply to disclosures aimed exposing and bringing a stop to ongoing torture of persons in police custody or targeted assassinations by intelligence officials.

A number of conditions normally apply to any invocation of the necessity defence. First, it usually requires that the danger is immediate and pressing, and that the person did not create the danger which they acted to avert. 231 By way of example, if an employee of an intelligence service disclosed information showing that his or her agency had a cooperation agreement with a particularly odious intelligence service in another country, this would probably not comport with this requirement. Second, there can be no reasonable legal alternative to the act constituting offence in order for it to be considered necessary. In the context of whistleblowing, this would likely require that the whistleblower had made a disclosure to a designated internal or external body (and that such a body had failed to take action) before disclosing classified information to the public. Finally, the necessity defence normally, for example, under German criminal law, includes a proportionality test whereby a court would have assess whether the harm averted by the commission of an offence outweighed the harm caused by the offence. 232 In the context of making a disclosure to the public at large, this would involve an assessment of whether the disclosure averted harm to a particular person and whether the importance of this outweighed any harm done by the disclosure of this information.

230 R v. Dudley & Stephens [1884] 14 QBD 273 DC.; see also German Criminal Code, Title Four. 231 See for example, see the Canadian cases of Perka v. The Queen . [1984] 2 S.C.R. 232, and R v Cole (1994) Crim. LR 582; see also Germany. Criminal Code , last amended by Article 3 of the Law of 2 October 2009, (Federal Law Gazette I p. 3214), Title Four, Section 35; New York State Penal Law. § 35.05. 232 Germany. Criminal Code , last amended by Article 3 of the Law of 2 October 2009, (Federal Law Gazette I p. 3214), Title Four, Section 34, see Perka v. The Queen [1984] 2 S.C.R. 232; New York State Penal Law § 35.05. 93

There is scant jurisprudence on the use of the necessity defence by whistleblowers in the security sector. It is however, worth mentioning two British cases where the necessity defence has been used. Most notably, Clive Ponting, a civil servant at the UK’s Ministry of Defence, successfully invoked a necessity defence when prosecuted (under the 1911 Official Secrets Act ) for disclosures he made relating to the sinking of the Argentine naval vessel, Belgrano, during the 1982 Falklands war. 233 Similarly, former UK Government Security Headquarters translator, Katharine Gun, lodged a defence of necessity after she was charged with breaches the 1989 Official Secrets Act for disclosing information about the United States spying on officials at the UN Security Council. However, the case was dropped by the prosecution before the merits of the case were argued in court. 234

10.2 Public interest defence The public interest defence is the defence most commonly discussed in the context of national security whistleblowing. In some jurisdictions, a person prosecuted for the unauthorised disclosure of information may attempt to assert that the public interest in the information disclosed outweighs any harm caused by its disclosure. This requires judges to weigh the benefits as well as the harm of a disclosure. This defence is most likely to be invoked in relation to disclosures made to the media but might also be used with regards to disclosures which do not comply with regulations on protected disclosures in a given jurisdiction. For example, in some circumstances, whistleblowers may be prosecuted for addressing their concerns to the wrong independent body, such as to a parliamentarian or parliamentary committee who/which is not authorised to receive the information.

While we have only examined select jurisdictions, there can be little doubt that very few legal systems provide for a public interest defence in this context. Canada and Denmark are the most notable examples in this regard. Denmark’s Criminal Code

233 R v. Ponting [1985] Crim LR 318. 234 Fraser Nelson, “I’d do it again, says GCHQ whistleblower,” The Scotsman , 26 February 2004. 94

provides a public interest defence which can be invoked to avoid sanction if a person is found guilty of disclosing state secrets.235 Similarly, Canadian law (the Security of Information Act 1985) provides that persons may not be guilty of breaches of secrecy regulations if they can establish that they acted in the public interest and complied with a strict set of conditions (described in more detail below).

It is noteworthy that the European Court of Human Rights has also recognised the right to a public interest defence in a case pertaining to the disclosure of wrongdoing in the work of a public prosecutor. 236 In light of this decision, defendants in Council of Europe member states may be able to contend that Article 10 of the European Convention on Human Rights (and related jurisprudence) provides them with a defence when the public interest in a disclosure clearly outweighs the harm done.

10.2.1 Why the public interest defence matters It is generally preferable for disclosures of information showing wrongdoing to be made to and fully investigated by internal and/or independent bodies that can protect the person making the disclosure and can also prevent the release of information which could cause serious harm.237 Accordingly, it is of primary importance to develop and strengthen mechanisms through which whistleblowers can make protected disclosures to internal and external bodies, although. Yet, alongside such mechanisms, the public interest defence should be enshrined in law in order to provide a “safety net” and last resort in a narrow range of cases relating to the unauthorised disclosure of information by security sector whistleblowers.

This position is supported by several prominent organisations, including Article 19 and Liberty, which have gone as far as to argue that a failure to incorporate (in

235 Denmark. Criminal Code [Straffeloven] NR.1235 of 26 October 2010, Article 152 (esp. 152e). 236 Guja v. Moldova [GC] no. 14277/04, ECHR 2008. 237 Cited in Australian Law Reform Commission, Secrecy Laws and Open Government in Australia , 255. 95

national law ) a public interest defence and/or a harm test pertaining to disclosures, is incompatible with international standards, including Article 15 of the Johannesburg Principles, which states that:

No person may be punished on national security grounds for disclosure of information if (1) the disclosure does not actually harm and is not likely to harm a legitimate national security interest, or (2) the public interest in knowing the information outweighs the harm from disclosure. 238

All too often, the reality is that internal and independent oversight bodies tasked with receiving and investigating disclosures from whistleblowers fail to do so properly and/or fail to ensure that it is acted upon by the organisations involved. Moreover, in many states independent bodies – to which security sector personnel can make protected disclosures – do not exist and, where they do exist, are compromised by a lack of independence and/or hamstrung by a lack of investigative powers, resources and expertise. In view of these realities, the PID is perhaps best conceptualised as a “safety valve,” which becomes necessary when information showing serious wrongdoing in the security sector has not been properly investigated elsewhere. Ultimately, the need to rely on a public interest defence is likely to be symptomatic of the inexistence of or failures in the system for protected disclosures.

10.2.2 The components of a public interest defence Given the limited amount of jurisprudence involving the use of a public interest defence, particularly in the case of disclosures of classified or otherwise confidential information, it is difficult to precisely assess how it works in practice. We can however, examine the main components of the PID, as outlined in law and in the limited jurisprudence available (including from outside the security domain). To

238 Article 19 and Liberty, “Secrets, Spies and Whistleblowers” 96

our knowledge, the Canadian Security of Information Act (SIA) of 1985 is the only national law which (in the context of prosecutions for unauthorised disclosure of information) enumerates detailed criteria of what factors a court should consider in deciding whether a public interest defence should be successful. In the following paragraphs, we shall use this Act as a rough framework, while also highlighting examples from other jurisdictions and contexts. It should be noted that these criteria are broadly similar to the abovementioned criteria enshrined in British, South African and Canadian law for determining whether disclosures made to the media – outside the context of national security/the security sector – should be considered protected.

The principal thrust of Section 15 of the SIA is that a person is not guilty of an offence pertaining to the unauthorised disclosure of classified or otherwise confidential information if they can demonstrate that they acted in the public interest. A determination of whether any disclosure of information showing wrongdoing is in the public interest can be based on a two part assessment.

The type and gravity of the wrongdoing disclosed Firstly, it must be determined that the person acted to disclose information showing wrongdoing falling into one of several categories provided for by law. With regards to disclosures involving classified or confidential information, Canadian law limits the availability of the PID to disclosures revealing an “offence under an Act of Parliament that he or she reasonably believes has been, or is about to be committed by another person in the purported performance of that person’s duties in functions for, or on behalf of, the Government of Canada.” This is clearly narrower than the information showing wrongdoing that may be disclosed to internal and independent bodies under protected disclosure legislation discussed above. It is also more limited than the categories of wrongdoing that may, in some systems, be disclosed to the media and public at large (e.g., in the UK under PIDA).

In our view, the law need not further circumscribe the categories of information, the disclosure of which may enable a whistleblower to rely upon the PID. The categories commonly found in whistleblower protection legislation are already sufficiently narrow and relate to types of information that are likely to be in the public interest should they be disclosed.

Weighing the interests in disclosure v. non-disclosure Secondly, assuming that the whistleblower acted to disclose information falling into a prescribed category, a court must then determine whether the public interest in making such a disclosure outweighed the public interest in non-disclosure. This weighing of the public interest is the approach that was taken by the European Court of Human Rights (ECtHR) in the case of Guja v. Moldova and recently reaffirmed in Heinisch v. Germany . The court has stated that it must “weigh the damage, if any, suffered by the public authority as a result of the disclosure in question and assess whether such damage outweighed the interest of the public in having the information revealed.” 239 The court added that “the interest that the public may have in particular information can sometimes be so strong as to override even a legally imposed duty of confidence.” 240 In some circumstances, this may extend to disclosures which include classified information.

There are clearly many issues which would not meet the public interest threshold, particularly where they involve the disclosure of classified information. For example, disagreements over policy may fall into this category. In one of the few examples of jurisprudence in a state that has a public interest defence, a Danish court ruled that Frank Grevil (a former intelligence officer) failed to meet the requirement of demonstrating “an obvious public interest” because his disclosure of information about the inexistence of WMDs in Iraq in the run-up to the invasion did not reveal any illegal activity or other circumstances of a similar severity. Indeed,

239 Guja v. Moldova [GC] no. 14277/04, ECHR 2008, para. 76; Heinisch v. Germany , no. 28274/08, ECHR 2011, para. 68. 240 Guja v. Moldova [GC] no. 14277/04, ECHR 2008, para. 74. 98

the court ruled that information concerning the political discussions on Denmark’s involvement in military actions in Iraq was not sufficient to meet the requirement of “an obvious public interest.” 241

In determining whether the public interest in a disclosure outweighs the public interest in non-disclosure, a number of factors must be considered.242 These include: whether the person had reasonable grounds to believe that the disclosure would be in the public interest; the extent of the harm or risk of harm created by the disclosure; and the existence of exigent circumstances justifying the disclosure. There are two additional factors which are of particular interest in the case of security sector whistleblowers: the amount of information disclosed and prior disclosure internally or to designated independent bodies. These will be discussed below.

Amount of information disclosed Under Canadian law, the court must consider whether the “extent of the disclosure is no more than reasonably necessary to disclose the offence or prevent the commission or continuation of the alleged offence.” This is provision is designed to take account of whether a disclosure was sufficiently “targeted” towards revealing a particular issue and may help to dissuade whistleblowers from disclosing excessive volumes of information. This is particularly relevant to security sector whistleblowers given that classified or confidential information should only be

241 Prosecutors v. T (Frank Grevil) , Eastern High Court of Denmark, no. U2006.65Ø - TfK2005.796/1 (2005). 242 The Canada Security of Information Act , R.S.C., 1985, c. O-5, Section 15(4) contains an extensive list of relevant factors that should be considered. The law states that: In deciding whether the public interest in the disclosure outweighs the public interest in non-disclosure, a judge or court must consider: (a) whether the extent of the disclosure is no more than is reasonably necessary to disclose the alleged offence or prevent the commission or continuation of the alleged offence, as the case may be; (b) the seriousness of the alleged offence; (c) whether the person resorted to other reasonably accessible alternatives before making the disclosure and, in doing so, whether the person complied with any relevant guidelines, policies or laws that applied to the person; (d) whether the person had reasonable grounds to believe that the disclosure would be in the public interest; (e) the public interest intended to be served by the disclosure; (f) the extent of the harm or risk of harm created by the disclosure; and (g) the existence of exigent circumstances justifying the disclosure. 99

disclosed to the minimum extent necessary to reveal the wrongdoing concerned. This would be relevant in a case such the disclosures made by Bradley Manning, who appears to have disclosed enormous amounts of information to WikiLeaks, without focussing on particular instances of wrongdoing. The indiscriminate nature of much of the information revealed is likely to mean that this disclosure would fail to meet a necessity test. It is however, entirely possible that a court could break down a disclosure into its component parts and decide, for example, that some of the information revealed is in the public interest, while other elements are not. This could be taken into account in any sentencing decision.

Prior disclosure using authorised channels The Canadian SIA instructs the court to consider whether a whistleblower resorted to other reasonably accessible alternatives before making the disclosure, as well as whether they complied with applicable guidelines in doing so. The SIA goes as far as to require that a public interest defence can only be considered if the person has first made a disclosure through authorised channels. In this case, this is a two step process, requiring that the disclosure is made through specific internal and external channels and that a response is not received within a reasonable time. 243 In Canadian law, there is a very limited exception to this requirement if a disclosure is necessary to avoid “grievous bodily harm or death.”

243 The full text of section 15.5 states that: (a) the person has, before communicating or confirming the information, brought his or her concern to, and provided all relevant information in his or her possession to, his or her deputy head or, if not reasonably practical in the circumstances, the Deputy Attorney General of Canada; and (b) the person has, if he or she has not received a response from the deputy head or the Deputy Attorney General of Canada, as the case may be, within a reasonable time, brought his or her concern to, and provided all relevant information in the person’s possession to, (i) the Security Intelligence Review Committee, if the person’s concern relates to an alleged offence that has been, is being or is about to be committed by another person in the purported performance of that person’s duties and functions of service for, or on behalf of, the Government of Canada, other than a person who is a member of the Communications Security Establishment, and he or she has not received a response from the Security Intelligence Review Committee within a reasonable time, or (ii) the Communications Security Establishment Commissioner, if the person’s concern relates to an alleged offence that has been, is being or is about to be committed by a member of the Communications Security Establishment, in the purported performance of that person’s duties and functions of service for, or on behalf of, the Communications Security Establishment, and he or she has not received a response from the Communications Security Establishment Commissioner within a reasonable time. 100

There is considerable debate as to whether persons should first have to make disclosures through internal channels or to a designated independent body, in order to be able to benefit from the PID. While there is no PID available under the UK’s Official Secrets Act, it is noteworthy that the UK House of Lords ruled (in the case of Regina v. Shayler ) that a (former) member of the security services cannot defend themselves by contending that any disclosures made through authorised channels would have been futile. 244

It is important, however, that disclosures of information (including classified or otherwise confidential information) can in some circumstances be made directly to the media and public at large. This view was evinced by the ECtHR, which ruled that, while an internal disclosure (e.g. to a superior) or a disclosure to a competent independent body is preferable, if such avenues are unavailable or would be “clearly impracticable … the information can, as a last resort, be disclosed to the public.” 245 A similar argument is made by Michael Scharf and Colin McLaughlin, who argue that US federal law should protect whistleblowers who go to the media if they, among other things, believe that a disclosure would lead to retaliatory action being taken against them, or would lead to the concealment or destruction of evidence. 246 As we have already outlined, such provisions are enshrined in British, South African and Canadian law on the protection of disclosures made to the media outside the context of the security sector. 247

244 R v. Shayler [2002] UKHL 11, para 36. 245 Guja v. Moldova, ECtHR [2008], Application 14277/04, para. 73; see also Heinisch v. Germany , no. 28274/08, ECHR 2011, para. 65. 246 Scharf and McLaughlin, “On Terrorism and Whistleblowing,” 580; see also, A.J. Brown, “Privacy and the public interest disclosure: when is it reasonable to protect whistleblowing to the media?” Privacy Law Bulletin 4 (2007): 24. 247 United Kingdom, Public Interest Disclosure Act 1998 , Chapter 23, Section 43g; South Africa, Protected Disclosures Act 2000 , Section 9; Canada, Public Servants Disclosure Protection Act , S.C. 2005, c.46, Section 16. This approach is also endorsed by the Parliamentary Assembly of the Council of Europe in Resolution 1729 (2010) Protection of Whistle-blowers, paragraph, 6.2.3. 101

The ability to make disclosures directly to the media or public at large is particularly important in contexts where particular agencies are known to retaliate against whistleblowers. It is also important in contexts where designated independent bodies have a poor track record of addressing concerns raised by whistleblowers and may even be involved in retaliatory action.

Finally, when assessing whether the public interest defence applies, it may also be relevant to consider the more fundamental issue of whether internal and independent bodies even exist, let alone have the capacity and competence to properly investigate and act upon disclosures. As A.J. Brown points out, albeit not in specific reference to the security sector, disclosures to the media should be protected if other channels for making a disclosure are not “reasonably” open to the person concerned. 248 This is clearly the case in a number of jurisdictions which have no or limited whistleblower protection systems.

Furthermore, as critiques of the Canadian SIA have made clear, it is also important that the law clearly defines what internal and independent bodies (tasked with receiving information from whistleblowers) must do with this information and how this affects the assessment of whether a public interest defence can be successful. As Craig Forcese points out, the aforementioned SIA provision does not address whether the public interest defence would apply if the responses received from bodies authorised to receive disclosures of information showing wrongdoing are inadequate. 249 Whether or not a person making a disclosure had reasonable grounds for believing that no appropriate action has been or will be taken on their internal disclosure or their disclosure to an independent agency should be a factor assessed by a court/judge. 250 Yet, in the Canadian context, it is not clear what the Security Intelligence Review Committee (SIRC) or Communications Security Establishment (CSE) Commissioner (two of the bodies designated to receive

248 Brown, “Privacy and the public interest disclosure,” 24. 249 Craig Forcese, ‘“Clouding Accountability: Canada’s Government Secrecy and National Security Law “Complex”’ Ottawa Law Review 36 (2005): 70. 250 Brown, “Privacy and the public interest disclosure,” 24. 102

disclosures under the Act) are required to do with the information received from whistleblowers. The law gives them no guidance on what action they should take. Accordingly, the Canadian Senate has recommended that the government clarify what the agency head, SIRC and the CSE Commissioner is supposed to do when they receive notice of concern from a person making a disclosure. 251

Canadian law is also silent on the timeframe within which prescribed bodies must act upon information they have received. 252 This is a significant problem because any matters which are serious enough to qualify for the protection offered by the PID are likely to be highly time-sensitive. In some jurisdictions, the law stipulates a maximum amount of time (e.g., six months) within which a response must be provided by an internal or independent body to concerns raised by a whistleblower, before they can legitimately make a disclosure to the public. 253 Such stipulations are not however, made in specific reference to PIDs.

Such clarity in law is crucial to the proper functioning of any whistleblower protection system. In the absence of clear guidelines regarding the handling of information by designated internal and independent bodies, it is obviously difficult for someone making a disclosure to know when they can legitimately make the disclosure to the public at large with the possibility of being able to rely on the public interest defence.

10.2.3 Arguments against the public interest defence This final sub-section will consider some of the many arguments that have been made against the PID in the context of prosecutions for unauthorised disclosures of classified or otherwise confidential information. These arguments may go some way to explaining why most states offer no public interest defence in this area. Yet, as we

251 See, Canadian Senate Special Committee on the Anti-Terrorism Act, “Fundamental Justice in Extraordinary Times: Main Report of the Special Senate Committee on the Anti-Terrorism Act,” Ottawa, February 2007, 93. 252 See for example, Forcese, “Clouding Accountability,” 70. 253 Australia, Public Interest Disclosure Act 2010 (Qld), Part 4(20)(ii4). 103

will demonstrate, there are compelling rebuttals to each of these claims and, in sum, they should not be considered as sufficient grounds for not including a PID in national law.

The PID permits unilateral assessments of the public interest First, it may be contended that employees of public bodies, and particularly those that work in the security domain, should not be permitted to unilaterally decide on what information is in the public interest. Moreover, such individuals may not be able to judge the precise extent of information that may need to be disclosed in order to serve the public interest. This argument is undermined by the fact that protections offered by a public interest defence are never automatically available and a person is unlikely risk prosecution by disclosing information to the public unless they are very confident it pertains to wrongdoing of a sufficiently serious nature. Such a defence requires a court to weigh the public interest in the disclosure of information versus the public interest in keeping it secret, as well as whether the amount of information disclosed is appropriate – this is done in accordance with statutorily defined criteria. Therefore, the decision is not “unilateral.” Equally, the decision on what is in the public interest should not be the exclusive prerogative of the state, as was suggested by the judge in the case of Regina v. Ponting , when he directed the jury that “the public interest is what the government of the day says it is.” 254

A PID may encourage unauthorised disclosures Second, it could be argued that the possibility of invoking a public interest defence could serve to precipitate an increase in the amount of classified or otherwise confidential information leaked to the media. 255 This argument can be challenged on

254 R v. Ponting [1985] Crim LR 318. Clive Ponting was a civil servant within the British Ministry of Defence who successfully invoked a public interest defence (under the 1911 Official Secrets Act) when, in a celebrated case, he disclosed documents to a member of parliament relating to the sinking of the Argentine naval vessel “Belgrano.” His acquittal was fundamental to the British government’s decision to not include such a defence in the new Official Secrets Act 1989 . 255 HC Deb, 2 February 1989, c523. 104

two levels. Most obviously, disclosures to the media still occur in states with no public interest defence; this is often the result of failings with designated internal and independent bodies.

Perhaps more significantly, a public interest defence is only ever a last and (very) uncertain resort. Resorting to the PID will always entail significant risk for the whistleblower because a court may rule that the public interest in non-disclosure of information and/or that the harm done by a disclosure outweighed the public interest in bringing the information to light. In fact, this seems particularly likely given the widespread tendency of judiciaries to defer to the executive on matters of national security. With this mind, persons considering making a disclosure outside authorised channels are very unlikely to find much encouragement in the possibility that they may be able to successfully invoke the PID.

The PID requires prosecutors to reveal additional sensitive information to demonstrate the public interest in non-disclosure Third, it may argued that it is difficult very difficult for prosecutors to demonstrate that the public interest in not disclosing information was greater than the public interest in seeing the information come to light, without disclosing or (at a minimum) making reference to even more confidential or otherwise classified information. A prosecutor’s unwillingness to do this may lead to the collapse of cases. 256 It is noteworthy that the UK government has consistently argued (albeit in the slightly different context of debates about the creation of closed proceedings in civil cases) that the discussion of sensitive security matters in open court often leads to the disclosure of additional classified information, which hampers its ability to take cases to court. 257

256 Cited in paragraph 39 of R v. Shayler [2002] UKHL 11 . See also United Kingdom Government, Justice and Security Green Paper (London: Stationary Office, October 2011), 7. 257 UK Government, Justice and Security Green Paper , 12–13, 17. 105

In view of the paucity of jurisprudence in relation to the use of the public interest defence in this area it is difficult to fully assess the validity of this claim. Yet, given the fact that the public interest defence is an affirmative one 258 and there is a significant imbalance in the resources and information available to each side, the strength of this argument is undermined.

The PID gives rise to a lack of clarity in the law on official secrets A fourth argument against a public interest defence was made in the context of UK debates on the 1989 Official Secrets Act. During these debates, it was argued that the inclusion of such a defence would fundamentally undermine the clarity of the proposed law and its application. 259 This is because the law would, on the one hand, serve to discourage the disclosure of certain categories of information yet, on the other hand, give the impression that it is acceptable to disclose this information in some circumstances. This point was also cited by the Hong Kong Legislative Council’s Bills Committee when it rejected the inclusion of a public interest defence in Hong Kong law, arguing that: “[t]o therefore include a defence allowing that such a damaging disclosure is in the public interest is self-contradictory.” 260 We argue however, that if a public interest defence is clearly and precisely defined in law it need not undermine the criminalisation of unauthorised disclosures; it merely provides a narrow exception to such proscriptions in very specific circumstances. Clearly, it could only be successful if a court decided that making the information public outweighed any damage caused by its disclosure.

258 In this context, an affirmative defence implies that it is incumbent upon the defendant to demonstrate that their disclosure fits the relevant criteria rather than the prosecution having to demonstrate that a particular disclosure was not in the public interest. 259 HC Deb, 21 December 1988, c465. 260 Hong Kong Parliament, Bills Committee, cited in Hong Kong Special Administrative Region of the People’s Republic of China, ‘National Security (Legislative Provisions) Bill: unauthorized disclosure of protected information and the public interest,’ April 2003, http://www.basiclaw23.gov.hk/english/resources/legco/legco_article/article17.htm (accessed, 1 July 2011). 106

A whistleblower’s motive does not determine criminality of a disclosure Fifth, and along similar lines, a UK Government white paper on the revision of the 1911 Official Secrets Act, reiterated the widely accepted principle that the criminality of a particular act depends on the nature and degree of the harm it causes, rather than the motive of the person committing the crime. In other words, if it is a criminal offence to disclose classified information, it should remain an offence even when someone may feel they have good reasons for breaking the law. 261 This assertion may be rebutted by the fact that a person’s motive for disclosing information to the public is not the main factor which must be assessed by a court in determining whether a public interest defence should succeed.

The PID is not necessary if secrecy laws are narrowly drawn A final argument against the public interest defence, which was elaborated by both the British parliament and Hong Kong Legislative Council, is that it is unnecessary if the law only criminalises the disclosure of very narrow and specific categories of information.262 Such information might include agents’ identities, nuclear weapon design data, intelligence sources, codes and methods, or information about imminent law enforcement operations. The disclosures of this information would almost always cause harm that would not be outweighed by any public interest in knowing the information. 263 The Hong Kong Legislative Council’s Bills Committee asserted that “[w]e have deliberately defined these areas [of protected information] in narrow terms, so that the unlawful disclosure of information concerning one of these areas would, in itself, cause or be likely to cause substantial harm to the public interest.” 264 While we strongly agree that the law should only criminalise the

261 Cited in paragraphs 58-60 of R v. Shayler [2002] UKHL 11. 262 See for example the categories of information outlined in the US Intelligence Identities Protection Act, 50 USC § 421-426. 263 HC Deb, 21 December 1988, c465. 264 Hong Kong Parliament, Bills Committee, cited in Hong Kong Special Administrative Region of the People’s Republic of China, ‘National Security (Legislative Provisions) Bill : unauthorized disclosure of protected information and the public interest,’ April 2003, http://www.basiclaw23.gov.hk/english/resources/legco/legco_article/article17.htm (accessed, 1 July 2011). 107

disclosure of narrow categories of information, this is simply not the case in the vast majority of jurisdictions. Even where statutory definitions may appear to be narrowly drawn, the risk remains that they could be broadly interpreted. Perhaps more significantly, we are not convinced that one can definitively state that there are no circumstances in which the disclosure of even these narrow categories of information would be in the public interest.

108

11. Conclusions

This study has provided an overview of whistleblower procedures and protections as they apply to security sector organisations such as the police, intelligence and security agencies and the armed forces. This is a subject has, until now, received scant scholarly attention.

We have tried to demonstrate that systems designed to facilitate, investigate and protect the disclosure of information showing wrongdoing by security sector organisations are essential to promoting accountability, transparency and respect for the rule of law in this sector. Indeed, we have contended that existing conceptualisations of security sector governance ignore the role played by individual security sector personnel in the good governance of security sector organisations. Such persons are often best placed identify wrongdoing (such as corruption and human rights abuses) committed by/within these institutions. In this sense, they are invaluable to both the effectiveness of statutory oversight institutions, as well as being the public’s eyes and ears within organisations which are often shrouded in secrecy.

This treatment of the issue of whistleblowers in the security sector is particularly timely in view of the storm created by the disclosure of classified and otherwise confidential information to organisations such as Wikileaks. Much (but by no means all) of this information has nothing to do with wrongdoing. This may have done more harm than good to legitimate whistleblowing. We have argued that the rise of Wikileaks has revealed that existing systems for the protected disclosure of information showing wrongdoing are, in many states, seriously flawed. Yet, rather than serving as an argument against whistleblowing, WikiLeaks should serve as a catalyst for the development of legal and institutional frameworks that promote and protect the disclosure of information showing wrongdoing. When built in accordance with international good practice, whistleblower protection regimes can

109

achieve these goals while also ensuring that classified and otherwise confidential information is handled properly.

A well-built system for protected disclosures is not only in the interests of the public writ large but also of the security sector itself. A properly constructed whistleblower protection system should benefit the security sector in two main ways. First, it should prevent the public release of information which is properly classified or confidential by providing proper channels through which information showing wrongdoing can be disclosed and investigated. Second, such a system should help to uncover waste, corruption, mismanagement, human rights abuses, criminal activity and other wrongdoing. Such malfeasance is obviously harmful to a security sector organisation on many levels. It may, for instance, leave them open to potentially costly lawsuits, employees may be subject to criminal proceedings, and finite resources may be wasted at a time when budgets are shrinking. Perhaps more harmful is the damage done to organisations’ reputations, particularly in the eyes of the public whose help is support is required if the police, security services and other security sector organisations are to function effectively. Thus, the disclosure, investigation and resolution of wrongdoing are patently in the interests of these organisations.

Despite these compelling arguments, this study has shown that, in most jurisdictions, whistleblower protections are woefully inadequate. Whistleblower protections either do not exist, do not extend to the security sector, or (perhaps worst of all) offer protection on paper while, in reality, leaving those who disclose information showing wrongdoing open to reprisals or even prosecution. As we have demonstrated, this lack of protection is just one of a number of formidable obstacles which face those who wish to come forward. In many contexts, would-be whistleblowers are confronted with myriad cultural, legal and practical obstacles to disclosing information.

110

This study has also addressed the question of disclosures to the media and public at large and, in particular, the use of the public interest defence. While few states have a public interest defence on their statute books, we put forward a detailed set of arguments for why such a defence should be available as a last-resort. It is clearly preferable that disclosures are made to designated internal and/or independent bodies. Yet, the lamentable state of affairs described immediately above makes a public interest defence of crucial importance, as a last-resort in a narrow range of cases relating to very serious wrongdoing.

In conducting this research we have attempted to fill some of the obvious gaps in the literature but there is clearly scope for further research. This study focussed to large extent on mapping and analysing the legal and institutional mechanisms for whistleblowing and it addressed some examples of jurisprudence. Future research needs to “drill down” deeper into how these mechanisms function in practice across a range of jurisdictions. While the authors interviewed a number of whistleblowers and members of security sector oversight bodies with direct experience of the systems described in this study, further work should include more such interviews from a broader range of organisations and jurisdictions. Additionally, more work needs to be done to better understand the workings of security sector organisations’ internal disclosure systems. It would also be useful to know more about the obstacles faced by those wishing to make disclosures to independent bodies because it is clear that very few such disclosures are made in this sector.

Despite the serious problems we identify and the lack of protection for security sector whistleblowers that exists in many jurisdictions, this study has demonstrated that good practice can, nevertheless, be gleaned from a number of sources. By looking at legislation and whistleblower cases in more than twenty states, as well as at a large number of articles, reports and comparative studies, we have drawn out a number of principles (see the Global Principles on National Security and the Right to Information ) which, we believe, should serve as a guide to legislation and practice in

111

this area. While not tracking the individual principles directly, this study serves to document supporting law and practice, as well as to establish the principles on a solid and reasoned footing. Finally, although these principles are clearly at the cutting edge of good practice they have not crept “ahead of curve;” we remain confident that each principle is supported by examples from at least one jurisdiction. It is our hope that this study will serve to buttress the Global Principles and will make a contribution to raising awareness of the value of robust whistleblower protection mechanisms in the security sector.

112

Annex 1: Selected Whistleblowing Cases

Name State Agency Subject of disclosure Approach to making Retaliation Outcome disclosure suffered? Sibel USA FBI Espionage/Corruption of Reported concerns to Fired. Senate Judiciary Edmonds agency officials management, then later to Committee held hearings the FBI Office of on the matter in 2002 Professional Responsibility and called for an and the Justice Department independent audit of the Inspector General. unit for which Edmonds worked. A lawsuit filed by Edmonds, was dismissed after the Justice Department and the FBI invoked the states secrets privilege. The FBI also sought to retroactively classify as top secret all information relating to her case. 265

Russell USA NSA Surveillance programme in Raised concerns about a Ordered to Contract terminated. 266 Tice violation of federal statutes suspected double-agent undertake a and the constitution within the DIA with the psychological agency’s evaluation. counterintelligence office. Suspension of Later contacted the IG of security clearance, the Pentagon’s Civil relegation to Reprisal Investigation Unit. working in the NSA

265 Kevin Bohn, “FBI Translator Suit Dismissed Over Security Issues,” CNN Justice, 7 July 2004; ACLU, “Sibel Edmonds: A Patriot Silenced, Unjustly Fired but Fighting Back to Help Keep America Safe, 26 January 2005. 266 Scott Shane, “Leak of Classified Information Prompts Inquiry,” The New York Times, 29 July 2006. 113

car pool and then to unloading furniture at an NSA warehouse.

Katharine UK GCHQ Planned illegal Leaked email to the GCHQ terminated her Gun was prosecuted for Gun surveillance/bugging (by the Observer newspaper. contract of breaching the official U.S with British support) of Gun elected not to first use employment. secrets act. However, the foreign diplomatic officials’ authorised internal case was dropped upon homes and offices (in alleged channels because she Prosecuted reaching court because violation of the Vienna believed they would be the prosecution declined Convention) in the run up to ineffective. to provide evidence. 267 the vote on invasion of Iraq. Allan AUS Airport Information showing serious Allegedly (he still denies Was already retired Kessing received a ninth Kessing Customs security failures at Sydney this) leaked a report – when the months suspended airport which had been which he had written and information was prison term. 268 ignored by the customs initially submitted to his published. service. superiors – to the Australian newspaper. Prosecuted Kessing also made the disclosure to the staffer of Revelations led to a an MP, who took no action. AUS$200m overhaul of airport security

Thomas USA NSA Information showing that a Initially followed Forced to leave his Prosecuted under the Drake proposed surveillance procedures outlined under job at the National espionage act for programme violated the law, the ICWPA. He first made Defense University. retaining (rather than and financial the disclosure internally, transmitting) classified mismanagement relating to then to the NSA Inspector Security clearance information. The case these programmes. General, then to revoked. was later dropped after

267 BBC Newsnight, Interview with Katharine Gun, 26 February 2004. http://news.bbc.co.uk/2/hi/programmes/newsnight/3489568.stm ; Oliver Burkeman and Richard Norton Taylor, “The spy who wouldn't keep a secret,” The Guardian, 26 February 2004. http://www.guardian.co.uk/politics/2004/feb/26/interviews.iraq. 268 Chris Merritt, “Allan Kessing in 'wrongful conviction,'” The Australian, March 04, 2011; Annabel Stafford, “Shooting the messenger,” The Age, 19 April, 2008. 114

Department of Defense Drake agreed to plead Inspector General and later guilty to the to two Congressional misdemeanor charge of committees. When these misusing the NSA’s efforts failed to resolve the computer system. 269 issue (in several cases he received no response), Drake passed information to a Baltimore Sun Reporter. Richard CAN Diplomatic Information showing the Made the disclosure Warned by Later provided testimony Colvin Service detainees transferred from internally within the government lawyers to a parliamentary Canadian military custody to Department for Foreign not to provide committee investigating the custody of the Afghan Affairs and International testimony to the the issue. 270 Still works authorities were likely to be Trade, and to other senior Military Police for DFAIT. tortured. government officials. Later Complaints subpoenaed by the Military Commission. These Police Complaints warnings deterred all Commission – Colvin was subpoenaed officials the only subpoenaed apart from Colvin official to provide from testifying. testimony. Sean CAN Air Force Information showing flaws Public Service Integrity Government officials Bruyea ultimately Bruyea Intelligence in the Canadian military’s Commissioner refused to accessed his medical received an official programme for the investigate his case. records and apology and treatment of injured distributed them to compensation for the soldiers. more than 800 misuse of his personal people (in the data. Department of Veterans Affairs) in

269 Scott Shane, “Obama Takes a Hard Line Against Leaks to Press,” New York Times, June 11, 2010; Jane Mayer, “The Secret Sharer: Is Thomas Drake an enemy of the state?” The New Yorker, May 23, 2011. 270 Steven Chase, “Ottawa leaned on diplomat to stop Afghan testimony: lawyer,” Globe and Mail, Tuesday, Oct. 13, 2009; Janice Tibbetts, “Canadian diplomat reported Afghan prisoner abuse in 2006,” Canwest News Service, October 13, 2009. FAIR Canada website on the Richard Colvin case: http://fairwhistleblower.ca/cases/richard_colvin. 115

retaliation for his disclosures. Robert CAN Police - Information showing that an Read made the disclosure Read was initially The RCMP rejected a Read Royal RCMP investigation into internally to the assistant transferred from recommendation by the Canadian serious corruption at the commissioner of the RCMP, investigative work to RCMP External Review Mounted Canadian High Commission to the attorney general, to a desk job. Committee to reinstate Police in Hong Kong was other government agencies, Read. (RCMP) mishandled. This included and to the RCMP Public After making the information showing that Complaints Commission. disclosure public, he A Federal Court ruled serious breaches of security When the problem was not was suspended with against Read and the were not properly addressed he made the pay by the RCMP and Supreme Court refused to investigated. disclosure to the media. later fired. hear his case. 271 Bassem USA FBI Information showing that Internal disclosure to Youssef was denied Justice Department’s Youssef discriminatory practices agency director. Later he career advancement, Office for Professional within the FBI were made the disclosure to including not being Responsibility found that undermining the Congress. placed in an the FBI had illegally effectiveness of America’s operational retaliated against Youssef counterterrorism efforts. Youssef also filed a lawsuit counterterrorism for disclosures he made Senior counter-terrorism for discrimination. position. to the FBI director and officials did not have basic Congress. 272 knowledge and/or linguistic FBI tried to prevent expertise required to work Youssef from In 2002, Youssef filed a on issues relating to the speaking about complaint with the Equal Middle East. Youssef failings within the Employment Opportunity disclosed that he was agency. Commission (EEOC) that discriminated against, in the FBI discriminated violation of federal law, against him. In 2008, the because his expertise not District Court entered utilised after 9/11 due to his summary judgment

271 FAIR Whistle blowers Canada: http://fairwhistleblower.ca/wbers/canadian_wbs.html; CBC News, “RCMP whistle-blower fighting for job,” January 17, 2002; CBC News, “Top court dismisses RCMP whistleblower's appeal,” May 10, 2007. 272 US Department of Justice Office of Professional Responsibility, “Report of Investigation of Whistleblower Allegations by FBI Agent Bassem Youssef,” July 3, 2006; John Soloman, “FBI Picks Terrorism Expert to Lead Agency's National Security Sector,” Washington Post, January 12, 2008; Evan Perez, “Official says FBI trying to silence him,” Wall Street Journal, 1 December 2008; see also National Whistleblowers Center page on Bassem Youssef: http://www.whistleblowers.org/index.php?option=com_content&task=view&id=85&Itemid=108. 116

ethnicity. against Mr. Youssef's discrimination claim. The Court of Appeals reversed this decision. In July 2012, the Court of Appeals for the District of Columbia issued a decision remanding the case back to the District Court for further proceedings. Frank Denmark Danish Leaked classified Went directly to the press. Resigned but was Grevil Military information to the media discovered and fired Intelligence relating to FE’s assessment during his notice (FE) of WMDs in Iraq, which ran period. Subsequently, contrary the government’s he was sentenced to position. 4 months imprisonment. Teresa US Police Spoke to the Washington Spoke directly to the press. Suspended and later After an 8 year legal Chambers Post about concerns that a fired. battle, the MSPB ordered new policing policy would the force to reinstate her, decrease security. as well as granting her retroactive pay and legal fees. 273 Clive UK Ministry of Information which: (a) Disclosed documents to an Prosecuted under the Ponting successfully Ponting Defence brought into question the opposition member of 1911 Official Secrets argued that the necessity of the British parliament. Act. disclosure was in the navy’s attack on an public interest, and that Argentine naval vessel – the Put on “half-pay” disclosure of information General Belgrano – during once legal to an MP did not the Falklands war; and (b) proceedings began. constitute an authorised illustrated that senior disclosure: He was ministers misled parliament Security clearance acquitted by the jury and and the public about the revoked. paid compensation by

273 Ed O’Keefe, “Fired Park Police Chief Teresa Chambers Ordered Reinstated,” The Washington Post, 11 January 2011. 117

timing of the sinking and the Ministry of Defence. locations of warships. He resigned after his acquittal. 274

274 BBC News, “1985: Falklands' row civil servant resigns,” 16 February 1985. http://news.bbc.co.uk/onthisday/hi/dates/stories/february/16/newsid_2545000/2545907.stm. 118

Bibliography

Al-Jazeera, The Listening Post, Blowing the Whistle on Obama's America . http://youtu.be/8b6eEES5BN4

Article 19 and Liberty. “Secrets, Spies and Whistleblowers: Freedom of Expression in the UK.” London, 2000.

Australian Federal Police. “Submission to the House of Representatives Standing Committee on Legal and Constitutional Affairs’ Inquiry into Whistleblowing Protections within the Australian Government Public Sector.” http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_ Committees?url=/laca/whistleblowing/subs.htm

Australia. Inspector General of Intelligence and Security. “Submission to House of Representatives Standing Committee on Legal and Constitutional Affairs’ Inquiry into Whistleblowing Protections Within the Australian Government Public Sector.” 17 July 2008. http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_ Committees?url=/laca/whistleblowing/subs.htm

Australian Law Reform Commission. Keeping Secrets: The Protection of Classified Information and Security Sensitive Information . Report 98. Canberra, May 2004.

–––. Secrecy Laws and Open Government in Australia . Report 112. Canberra, December 2009.

Banisar, David. “Whistleblowing: International Standards and Developments.” In Corruption and Transparency: Debating the Frontiers Between State, Market and Society, edited by Irma E. Sandoval. Washington DC: World Bank Institute for Social Research, (forthcoming).

Bowden, Peter. “Submission to the House of Representatives Standing Committee on Legal and Constitutional Affairs Inquiry into Whistleblowing Protections within the Australian Government Public Sector.” 7 August 2008. http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_ Committees?url=/laca/whistleblowing/subs.htm

Brown, A.J. “Privacy and the public interest disclosure: when is it reasonable to protect whistleblowing to the media?” Privacy Law Bulletin 4 (2007).

Buckland, Benjamin S. and William McDermott. Ombuds Insitutions for the Armed Forces: A Handbook. Geneva: DCAF, 2012.

119

Canadian Senate Special Committee on the Anti-Terrorism Act, Fundamental Justice in Extraordinary Times: Main Report of the Special Senate Committee on the Anti-Terrorism Act . Ottawa: February 2007.

John Bowers, Martin Fodder, Jeremy Lewis, Jack Mitchell. Whistleblowing: Law and Practice. Oxford: Oxford University Press, 2010.

Brodeur, Jean-Paul. “Accountability: The Search for a Theoretical Framework.” In Democratic Policing and Accountability: Global Perspectives, edited by Errol P. Mendes, Joaquin Zuckerberg, Susan Lecorre, Anne Gabriel and Jeffrey A. Clark. Aldershot: Ashgate, 1999.

Calland, Richard and Guy Dehn, eds. Whistleblowing Around the World: Law, Culture and Practice . Cape Town and London: ODAC/PCAW, 2004.

Check, Ryan and Afsheen John Radsan. “One Lantern in the Darkest Night: The CIA’s Inspector General.” Journal of National Security Law and Policy 4, 287-288

De With, Hans and Erhard Kathmann. “Parliamentary and Specialised Oversight of Security and Intelligence Agencies in Germany.” In Annex A of Aidan Wills and Mathias Vermeulen. Parliamentary Oversight of Security and Intelligence Agencies in the European Union . Brussels: European Parliament, 2011.

Edmonds, Sibel. “Paul Reveres or Benedict Arnolds: Whistleblowing in the Post-9/11 Age.” (speech at the American Library Association Annual Conference and Exhibition). Washington DC, June 21-27, 2007.

Federal Accountability Initiative for Reform (FAIR). “What’s Wrong with Canada’s Federal Whistleblower Legislation: An analysis of the Public Servants Disclosure Protection Act (PSDPA),” Ottawa, February 2011.

Feinstein, Andrew. The Shadow World: Inside The Global Arms Trade. London: Tantor Media, 2011.

Fisher, Louis. National Security Whistleblowers . Congressional Research Service. Washington DC: The Library of Congress, 30 December 2005

Forcese, Craig. ‘“Clouding Accountability: Canada’s Government Secrecy and National Security Law “Complex.”’ Ottawa Law Review 36:1.

Goodman, Melissa. Catherine Crump and Sara Corris, Disavowed: The Government’s Unchecked Retaliation Against National Security Whistleblowers . Washington DC: ACLU, 2007.

120

Halperin, Morton H. “Criminal Penalties for Disclosing Classified Information in the United States.” Open Society Foundations, 2012. http://right2info.org/resources/publications/

Hänggi, Heiner. ‘Making Sense of Security Sector Governance,’ in Challenges of Security Governance , eds. H. Hänggi and T.H. Winkler. Münster: LIT Verlag, 2003.

Hong Kong Special Administrative Region of the People’s Republic of China, Department of Justice. “National Security (Legislative Provisions) Bill: unauthorized disclosure of protected information and the public interest.” April 2003. http://www.basiclaw23.gov.hk/english/resources/legco/legco_article/article17.htm (accessed, 1 July 2011).

Johannesburg Principles on National Security, Freedom of Expression and Access to Information . October 1995.

Kaplan, Elaine. “The International Emergence of Legal Protections for Whistleblowers,” Journal of Public Inquiry, Fall/Winter 2001.

Kosovo Centre for Security Studies. Control Functions of Independent State Institutions in the Security Sector in Kosovo . Pristina: KCSS, 2010.

Khemani, Melissa. The Protection of National Security Whistleblowers: Imperative but Impossible: A critical Appraisal of the Scope and Adequacy of Whistleblower Protection Laws for National Security Whistleblowers. Washington DC: Georgetown university Law Center, 2009.

Latimer, Paul and A.J. Brown. “Whistleblower Laws: International Best Practice.” University of New South Wales Law Journal 31, no.3 (2008).

Leigh, Ian.“National Courts and International Intelligence Cooperation.” In International Intelligence Cooperation and Accountability , edited by Hans Born, Ian Leigh and Aidan Wills. London: Routledge, 2011.

Lepri, Charlotte. “Parliamentary and Specialised Oversight of Security and Intelligence Agencies in France.” In Annex A of Aidan Wills and Mathias Vermeulen. Parliamentary Oversight of Security and Intelligence Agencies in the European Union . Brussels: European Parliament, 2011.

Lewis, David and Stephen Homewood. “Five Years of the Public Interest Disclosure Act in the UK: Are Whistleblowers Adequately Protected.” Journal of Current Legal Issues 5 (2000).

Moberly, Richard. “Whistleblowers and the Obama Presidency: The National Security Dilemma.” Employment Rights and Policy Journal (forthcoming).

121

Mulgan, Richard. “The Processes of Public Accountability.” Australian Journal of Public Administration 56, no.1 (1997).

Miceli, M. P and J. P. Near. “The Relationships Among Beliefs, Organisational Position and Whistle-blowing Status: A Discriminant Analysis.” Academy of Management Journal 27, no. 4 (1984).

Nayak, Venkatesh. Public Interest Disclosure and Protection to Persons Making the Disclosures Bill 2010: A Comparison with International Best Practice Standards . New Delhi: Commonwealth Human Rights Initiative, 2011.

Nesson, Charles R. “Aspects of the Executive's Power over National Security Matters: Secrecy Classification and Foreign Intelligence Wiretaps.” Indiana Law Journal 49 (1973- 1974).

Northern Territory Law Reform Committee. Report on Whistleblowers Legislation . Report no.26, Darwin: December 2002.

Nowak, Manfred. Human Rights Handbook for Parliamentarians . Geneva: IPU/OHCHR, 2005.

Organisation for Economic Co-operation and Development. OECD DAC Handbook on Security System Reform : Supporting Security and Justice . OECD: Paris, 2007.

Organisation for Economic Co-operation and Development. Study on G20 Whistleblower Protection Frameworks: Compendium of Best Practices and Guiding Principles for Legislation. Paris: OECD, 2012.

Osterhaus, Anja and Craig Fagan. Alternative to Silence: Whistleblower Protection in 10 European Countries . Berlin: Transparency International, 2009.

Parliamentary Assembly of the Council of Europe. Resolution 1729 on the ‘Protection of “whistle-blowers.”’ 29 April 2010.

Parliamentary Assembly of the Council of Europe, Committee on Legal Affairs and Human Rights. “The protection of whistle-blowers,.” (Rapporteur: Mr Pieter Omtzigt).Doc. 12006. 14 September 2009.

–––. “Abuse of state secrecy and national security: obstacles to parliamentary and judicial scrutiny of human rights violations.” (Rapporteur: Dick Marty). Doc. 12714. 16 September 2011.

Parliament of Australia, House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower protection: a comprehensive scheme for the

122

Commonwealth public sector, Report of the Inquiry into whistleblowing protection within the Australian Government public sector . Canberra: February 2009.

Pollock, Susan (Executive Director of the Security Intelligence Review Committee). Testimony to the Canadian Senate Special Committee on the Anti-Terrorism Act. Monday 18 April 2006.

Project on Government Oversight. Homeland and National Security Whistleblower Protections: The Unfinished Agenda . Washington, DC: April 28, 2005.

Public Concern at Work. Where’s Whistleblowing Now? 10 Years of Legal Protection for Whistleblowers. London” PCAW, 2010.

Radevic, Rajko. “Intelligence Governance in Montenegro.” in Intelligence Governance in the Western Balkans , edited by Hans Born, Miroslav Hadzic and Aidan Wills. (Geneva: DCAF, forthcoming).

Roberts, Paul, Jane Olsen and A. J. Brown. “Whistling while they work: towards best practice, whistleblowing programs in public sector organisations.” Draft Report. Griffith University, 2009.

Scharf, Michael and Colin McLaughlin. “On Terrorism and Whistleblowing.” Case W. Res Journal of International Law, 573 (2006-2007).

Scott, Richard. Report of the Inquiry into the Export of Defence Equipment and Dual-Use Goods to Iraq and Related Prosecutions, London: HMSO, 1996. 6 vols.

Shorrock, Tim. Spies for Hire: The Secret World of Intelligence Outsourcing. New York: Simon and Schuster, 2008.

South Africa, Ministerial Review Commission on Intelligence. Intelligence in a Constitutional Democracy: final report to the Minister for Intelligence Services. September 2008.

Transparency International, Recommended Draft Principles for Whistleblowing Legislation . Berlin: November 2009.

United Nations Human Rights Council. Compilation of good practices on legal and institutional frameworks and measures that ensure respect for human rights by intelligence agencies while countering terrorism, including on their oversight . Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, Martin Scheinin. A/HRC/14/46. 17 May 2010.

123

United Nations, Economic and Social Council: UN Sub-Commission on Prevention of Discrimination and Protection of Minorities. Siracusa Principles on the Limitation and Derogation of Provisions in the International Covenant on Civil and Political Rights , Annex to UN Doc E/CN.4/1984/4 (1984).

United Nations Security Council. Securing Peace and Development: The Role of the United Nations in Supporting Security Sector Reform . A/62/659-S/2008/39. 23 January 2008.

United Kingdom. Hansard Parliamentary Debates . vol 146 (1989).

United Kingdom Government. Justice and Security Green Paper . London: Stationary Office, October 2011.

United Kingdom Service Complaints Commissioner for the Armed Forces. Annual Report 2011. London 2011.

United States Department of Justice, Office of the Inspector General. “A Review of the Depatement of Defense Office of Inspector General’s Process for Handling Military Whistleblower Reprisal Allegations.” Washington D.C: 2009

United States Department of Justice, Office of Professional Responsibility. “Report of Investigation of Whistleblower Allegations by FBI Agent Bassem Youssef.” July 3, 2006.

United States Office of Special Counsel. “Memorandum for Executive Departments and Agencies.” 20 June 2012

United States Senate, Judiciary Committee. Hearing on FBI counterterrorism efforts. Thursday, June 6 2007.

United States Senate. Report of the Committee on Homeland Security and Government Affairs, to accompany S. 743 . Report 112-155. 19 April 2012.

Vladeck, Stephen. “Left out in the cold: the chilling of speech, association, and the press in post-9/11 America.” American University Law Review , 57 (June 2008).

Wilkie, Andrew. Axis of Deceit: The Story of the Intelligence Officer Who Risked All to Tell The Truth about WMD and Iraq . Melbourne: Schwartz Publishing, 2004.

Wills, Aidan and Benjamin S. Buckland, Access to Information by Intelligence and Security Service Oversight Bodies . Geneva: DCAF/OSF, 2012.

Wills, Aidan and Mathias Vermeulen. Parliamentary Oversight of Security and Intelligence Agencies in the European Union . Brussels: European Parliament, 2011.

124

Win, Thin Lei. “Indonesia to Give Whistleblowers More Protection- Report,” Trust Law, 20 July 2011. http://www.trust.org/trustlaw/news/indonesia-to-give-whistleblowers-more- protection-report/

Case law

American Civil Liberties Union et al. v. National Security Agency , 493 F.3d 644 (6th Cir. 2007).

Buelna v. Department of Homeland Security , MSPB 63 Docket No. DA-0752-11-0701-I-1 (2012).

Arar v. Ashcroft, 414 F.Supp.2d 250 (E.D. N.Y. 2006).

Barlow v. United States, 51 Fed.Cl. 380, 384 n. 6 (2002)

Department of the Navy v. Thomas E. Egan, 484 U.S. 518 (1988).

Garcetti v. Ceballos , 547 U.S. 410 (2006) (Souter J).

Gartside v . Outram [1856] 26 L.J. Ch. 113.

Guja v. Moldova [GC] no. 14277/04, ECHR 2008.

Heinisch v. Germany , no. 28274/08, ECHR 2011.

Huffman v. Office of Personnel Management, 263 F.3d 1341, 1350 (Fed. Cir. 2001).

Khaled El-Masri v. United States of America, No. 06-1667 (4th Cir. 2007).

Lachance v . White , No. 98-3249 (Fed. Cir. 1999).

McGriff v. Department of the Navy , MSPB 62 Docket No. DC-0752-09-0816-I-1 (2012).

Perka v. The Queen [1984] 2 S.C.R. 232.

Prosecutors v. T (Frank Grevil) , Eastern High Court of Denmark, no. U2006.65Ø - TfK2005.796/1 (2005).

R v. Cole [1994] Crim. LR 582.

R v. Dudley & Stephens [1884] 14 QBD 273 DC.

125

R v. Ponting [1985] Crim LR 318.

R v. Shayler [2002] UKHL 11.

Stoll v. Switzerland [GC], no. 69698/01, ECHR 2007.

Tshishonga v. Minister of Justice and Constitutional Development and Another (JS898/04) [2006] ZALC.

Waters v. Churchill, 511 U.S 661 (1994).

Zaoui v Greig and Attorney-General [2004], High Court, Auckland Registry, CIV-2004-404- 317.

Case No. 921/2006, Tribunal Supremo, Sala de lo Penal, Madrid [Supreme Court of Spain Criminal Division], (2006).

Legislation and bills

Belgium. Act Establishing an Appeal Body for Security Clearances, Certificates and Advice 1998.

Australia. Independent Commission Against Corruption Act 1988 (NSW).

–––. Inspector-General of Intelligence and Security Act 1986 (Cth).

–––. Whistleblowers Protection Act 1993 (SA).

––– . Intelligence Services Act 2001 (Cth).

––– . Public Interest Disclosure Act 2010 (Qld).

Canada. Security of Information Act , R.S.C., 1985, c. O-5.

––– . Security Intelligence Service Act , R.S.C., 1985, c. 23.

––– . Public Servants Disclosure Protection Act , S.C. 2005, c. 46.

Czech Republic. Criminal Code (Act No. 40/2009).

Denmark. Criminal Code [Straffeloven] NR.1235 of 26 October 2010.

Korea (Republic of). Act on the Protection of Public Interest Whistleblowers 2011 .

126

–––. Code Of Conduct For Maintaining The Integrity Of Public Officials , Presidential Decree No. 17906, 18 February 2003.

France. Code de procédure pénale [Code of Criminal Procedure].

Germany. Criminal Code , last amended by Article 3 of the Law of 2 October 2009, (Federal Law Gazette I p. 3214).

–––. Act Governing the Parliamentary Control of Intelligence Activities by the German Federation Parliamentary Control Panel Act (PKGrG) , as revised on July 29, 2009 (Federal Law Gazette I, p. 2346).

Hungary. Act IV of 1978 on the Criminal Code .

India. Public Interest Disclosure and Protection to Persons Making the Disclosures Bill 2010 (as introduced in Lok Sabha on 26th August 2010).

Italy, Codice Penale [Penal Code].

–––. Law 124/2007.

The Netherlands, Intelligence and Security Services Act 2002.

Norway, Working Environment Act 2005.

–––. Ethical guidelines for the public service issued by the Ministry of Modernisation, 7 September 2005.

Montenegro, Law on the National Security Agency 2005 .

Romania, Law on the Protection of Public Officials Complaining About Violations of the Law 2004.

–––. Criminal Code .

Slovenia, Classified Information Act 2001 .

South Africa, Police Services Act 1995 .

–––. Public Finance Management Act 1999 .

–––. Protected Disclosures Act 2000 .

–––. Protection of State Information Bill, as presented by the Ad Hoc Committee on Protection of Information Bill (National Assembly) 2011.

127

New Zealand, Inspector-General of Intelligence and Security Act 1996.

–––.Protected Disclosures Act 2000 .

United Kingdom, Bill of Rights 1688 .

–––.Public Interest Disclosure Act 1998 .

–––. Official Secrets Act 1989 .

United States, 5 USC § 1034.

–––. 5 USC § 2302.

–––.5a USC § §§ 1—13. ( Inspector General Act of 1978 )

–––.New York State Penal Law.

–––.Executive Order 12731, 17 October 1990.

–––.Pub. L. 105-272 , Oct. 20, 1998, 112 Stat. 2396, Title VII. ( Intelligence Community Whistleblower Protection Act of 1998 ).

–––.Whistleblower Protection Enhancement Act of 2012, S.743, 112 Cong, (2012).

Treaties

Convention for the Protection of Human Rights and Fundamental Freedoms , Rome, 4 November 1950, (entered into force, 3 September 1953).

United Nations Convention Against Corruption . Adopted by United Nations General Assembly Resolution 58/4. Merida (Mexico). 23 October 2003.

Websites

Article 19 (International): http://www.article19.org/

FAIR (Federal Accountability Initiative for Reform) (Canada): http://fairwhistleblower.ca/

Government Accountability Project (USA): http://www.whistleblower.org/

128

National Whistleblowers Center (USA): http://www.whistleblowers.org/

Project on Government Oversight, page on “Whistleblower Issues:” http://www.pogo.org/investigations/whistleblower-issues/

Public Concern at Work (UK): http://www.pcaw.org.uk/

Transparency International, International Defence and Security Programme (International): www.ti-defence.org .

129