Overview of Whistleblowing Software

U4 Helpdesk Answer

Overview of whistleblowing software

Author: Matthew Jenkins, Transparency International, [email protected] Reviewers: Marie Terracol, Transparency International and Saul Mullard, U4 Anti-Corruption Resource Centre Date: 14 April 2020

The technical demands of setting up a secure and anonymous whistleblowing mechanism can seem daunting. Yet public sector organisations such as anti-corruption agencies do not need to develop their own system from scratch; there are a number of both open-source and proprietary providers of digital whistleblowing platforms that can be deployed by public agencies.

This Helpdesk answer lays out the core principles and practical considerations for online reporting systems, as well as the chief digital threats they face and how various providers’ solutions respond to these threats. Overall, the paper has identified that open source solutions tend to offer the greatest security for whistleblowers themselves, while the propriety software on the market places greater emphasis on usability and integrated case management functionalities.

Ultimately, organisations looking to adopt web-based whistleblowing systems should be mindful of the broader whistleblowing context, such as the legal protections for whistleblowers and the severity of physical and digital threats, as well as their own organisational capacity.

U4 Anti-Corruption Helpdesk A free service for staff from U4 partner agencies

Query Please provide an overview of the most common web-based whistleblower systems, exploring their respective advantages and disadvantages in terms of anonymity, security, accessibility, costs and so on. We are particularly interested in systems that would be appropriate for Anti-Corruption Agencies.

Contents Main points 1. Background a. Advantages of digital reporting — Whistleblowing can act as a crucial systems check on human rights abuses, b. Growing market of provider corporate malfeasance and corruption. 2. Core principles of an effective whistleblowing Despite this, many countries lack legal system frameworks needed to protect a. Practical considerations whistleblowers, which deters people b. Nature of threats from reporting misconduct. c. Selection criteria 3. Overview of providers — Anonymity and ease-of-use are a. Open Source particularly important factors in b. Corporate people’s decisions whether to come c. Custom-built forward with evidence of wrongdoing. 4. Suitability for anti-corruption agencies 5. References — As such, providers of whistleblowing channels, whether analogue or digital, Caveat must make decisions as to the trade-

The assessment of the corporate providers was off between security and usability. based partly on research on publicly available information (predominantly that on their — Open source software tends to websites), as well as on their input to a questionnaire sent to them. prioritise security for the whistleblower, whereas many propriety solutions There is a forthcoming publication entitled Digital Whistleblowing in Journalism by Philip di Salvo place greater emphasis on usability due to appear in June 2020. Those interested in and case management functionality for this topic may find additional relevant information in that book. compliance teams in client organisations. Background

In recent years, policymakers have increasingly growing recognition of its potential as a turned their attention to whistleblower protection preventative measure to reduce the costs of as a crucial component of an effective integrity corruption to the state, businesses and private system in both the public and private sectors (G20 individuals. 2019). Not only can whistleblowing alert relevant authorities to wrongdoing after the fact, but there is

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 2

A 2017 European Commission study, for instance, Advantages of digital reporting systems estimated that the lack of effective whistleblower protection across the European Union costs in the Recent insights from behavioural economics region of €5.8 to €9.6 billion annually in the suggest that there are a number of factors that misuse of public funds in the area of public influence an individual’s decision whether to blow procurement alone (Rossi, McGuinn and the whistle, including the perceived relevance, Fernandes 2017). Another study found that in credibility, safety, accessibility and responsiveness Australia, employee whistleblowing was "the single of a given whistleblowing channel (Transparency most important way in which wrongdoing was International 2019). brought to light in public sector organisations" (Brown 2008). Some of the features of digital whistleblowing platforms such as enhanced protection of identify Nor is this a problem confined to the public sector; and accessibility can encourage people to engage the Association of Certified Fraud Examiners with anti-corruption mechanisms by lowering the (ACFE 2018) estimates that a typical firm loses perceived cost of using them (Transparency approximately five percent of its annual revenues International 2019). Traditional whistleblowing to fraud. At the same time, the ACFE found that channels can be vulnerable to techniques employed while a typical fraudulent scheme went to identify a whistleblower; voice recognition can undiscovered for an average period of 16 months, trace hotline calls, private investigators can use over forty percent were eventually uncovered by handwriting analysis on anonymous letters, while whistleblower tips, a far higher percentage than e-mails can be relatively straightforward to trace any other detection method.1 Moreover, not only (Hussein and Yamanaka, 2017). were organisations with reporting mechanisms more likely to detect fraud as the result of a tip, but While there is general consensus that the most their losses to fraud were 50% smaller than effective means of protecting whistleblowing is organisations without whistleblowing channels ensuring that potential retaliators are not are of (ACFE 2018). Another study revealed that more their identity, there are differing opinions on the than half of reports received via internal relative merits of whistleblowing mechanisms that whistleblowing systems lead to the detection of preserve confidentiality as opposed to allowing “compliance-relevant abuses and misconduct” anonymous reporting (Transparency International (Homann 2018). 2018).

With this growing emphasis on whistleblowing In confidential systems, only the recipient of the systems has come a concomitant focus on whether disclosure is aware of the whistleblower’s identity, existing channels to blow the whistle on and this recipient must seek the explicit consent wrongdoing are fit for purpose, particularly when it from the whistleblower to disclosure their identity. comes to protecting the whistleblower from While confidentiality is the minimum requirement possible retaliation. of any law that seeks to protect whistleblowers, the protection offered by confidentiality alone is not In addition to traditional reporting channels such absolute, and the receiving body should make this as post, email, telephone and ombudspeople, there clear to potential whistleblowers (Transparency is a growing market for digital, web-based International 2018). whistleblowing software intended to improve the efficacy of reporting. In fact, while the literature on In truly anonymous systems, no-one knows the whistleblowing tends to encourage organisations to identity of the whistleblower. The appropriateness provide a combination of different reporting of different system will depend on context. channels to increase access to potential reporters in Confidential systems are better suited to a manner suited to their individual needs (HTW jurisdictions where whistleblowers are required to Chur 2018), there is growing consensus that digital disclose their name by law, particularly where the reporting systems offer clear advantages (EQS disclosure reveals a criminal offence and the 2019a). whistleblower may eventually to called to testify as a witness.

1 The study also found that half of all corruption cases were detected as the result of a tip-off.

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 3

Conversely, in countries with weak legal potential reporters’ cost/benefit assessment in frameworks, low cultural acceptance of favour of reporting wrongdoing they have whistleblowing and high threat levels to would-be witnessed. whistleblowers, anonymous reporting systems are preferable. Where anonymous whistleblowers’ In addition to lowering the inhibition threshold of identities come to light, Transparency potential whistleblowers, digital reporting systems International (2018) states that these people offer a number of backend advantages over should “be granted the same rights and protections analogue channels in terms of improved case as other whistleblowers.” management functionality. Firstly, compared to whistleblowing channels that rely on post, email, Regardless of whether the intention is to encourage telephone and ombudspeople, it is comparatively confidential or truly anonymous reporting, online straightforward to ensure that incoming reports platforms offer advantages over traditional take the form of structured data. Web-based channels. This is because although online platforms platforms can require reporters to provide their are not impervious to attempts to uncover a input via online forms and questionnaires with whistleblower’s identity, many providers of digital narrowly set parameters, which can help filter out whistleblowing systems offer software that spurious reports while ensuring that the receives, tracks and processes reports of information provided is actionable and minimising wrongdoing without collecting data that could be the risk that the reporter can be identified (EQS used to identify the reporter. Instead, 2019a). whistleblowers are typically assigned a personal incident number and password in order to facilitate As many providers of digital whistleblowing encrypted access to their case files and allow software offer integrated case management confidential two-way communication with relevant options, the structured approach to data collection authorities (EQS 2019a; Süsse 2014). This can be also simplifies the follow-up process. Generally, all crucial in order to allow investigators – whether anonymised reports are stored in a secure manner, internal or external to an organisation – to follow and access to the whole report or parts thereof can up on initial reports where there is insufficient be granted to relevant stakeholders as required to information for effective investigation, as well as to investigate the claims made in the whistleblower’s provide the whistleblower an opportunity to give disclosure (EQS 2019a). Moreover, by collating and feedback on how the case is being conducted aggregating anonymised reports, digital reporting (Kossow and Dykes 2018). systems can also be used to identify patterns and trends, such as where misconduct is prevalent. The possibility to disclosure wrongdoing Some solutions include analytics tools to assist confidentialy/anonymously is a pivotal feature of organisations to generate statistics on their any effective whistleblowing system. This is whistleblowing reports (Homann 2018). because while whistleblower protection legislation can help stimulate the use of whistleblowing Growing markets of providers platforms, to date relatively few countries have adopted comprehensive measures to protect Recent legislative changes in many jurisdictions whistleblowers from retaliation (Kossow and Dykes have extended the requirement to establish 2018). Even where such laws exist, they often only whistleblowing channels to the private sector. This protect whistleblowers who disclose their identity is most notably the case in the European Union, and thus offer no safeguards to anonymous where the Directive on Whistleblower Protection whistleblowers should they be exposed later (The entered force in December 2019. The Directive Tor Project 2018). obliges all public entities2 and enterprises with more than 50 employees to take measures to Therefore, when combined with greater round-the- establish secure and confidential internal reporting clock accessibility from any location with an channels, develop procedures to rigorously follow- internet connection and local language up on reports of alleged wrongdoing and provide customisation options, the anonymity guaranteed timely feedback to reporters (Official Journal of the by many digital whistleblowing systems can tip

2 Member States can decide not to apply this obligation to municipalities with fewer than 10,000 inhabitants or fewer than 50 workers.

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 4

European Union. 2019; EQS 2019b; Bacher and Before turning to consider the strengths and Popp 2019). weaknesses of some of the major providers of digital reporting systems, it is therefore instructive These kind of legislative reforms in the past few to consider some of the core principles of an years have been accompanied by a considerable effective whistleblowing system that each potential growth in the number and scope of digital solution should adhere to, regardless of how whistleblowing platforms on the market, many of technologically advanced it is. Ultimately, which are design to cater to the needs of private technological needs should be defined in line with companies seeking to comply with their new broader strategic considerations around whistleblowing obligations. These vendors offer accessibility and target audience. Moreover, packages that range from simply providing access institutional capacity in the areas of data protection to a secure web platform to an entirely outsourced and cyber risks should be assessed, including the service that receives, assesses, investigates and resource requirements to establish and maintain follows up on whistleblower reports (G2 2020). A these systems in the longer term (Transparency recent comparative study of whistleblowing International 2016). platforms in sport found that there was a great diversity in terms of how whistleblowing platforms Core principles for an effective are managed (whether they are internal or external to the organisation), the channels through which whistleblowing system an informant could make disclosure (website, mobile apps and so on), the respective levels of Whistleblowing mechanisms can be designed to digital security, and well as how much personal facilitate three main types of reporting (UNODC information a whistleblower had to disclose (Leeds 2020): Beckett University 2018). - internally within a given organisation, For many organisations in both the private and - externally to regulators, law enforcement or public sectors looking to adopt digital anti-corruption agencies, whistleblowing platforms, the question therefore - public disclosure, particularly to the media arises which of the many providers offers the most and civil society organisations. appropriate solution. Regardless of its intended function, to be truly The answer to this question is, however, not effective any whistleblowing mechanism must be straightforward. In general, the most appropriate aligned with the core principles of accessibility, reporting channel will depend on the legal relevance, credibility, safety and responsiveness environment and sector in which an organisation (Transparency International 2019). operates, as well as its size and structure. Accessibility While digital reporting platforms offer some significant comparative advantages over analogue Prospective reporters should be able access the channels, the decision which whistleblowing whistleblowing mechanism without difficulty or system to adopt should not be solely financial cost. Whether digital or analogue, technologically driven. Organisations must whistleblowing channels must be “recognisable, consider their likely use cases; a sophisticated reachable and understandable to people with cloud-based digital reporting channel is likely to be different literacy levels” (Transparency of little use to a garment manufacturer employing International 2019). Ideally, each whistleblowing hundreds of staff with limited literacy and little system should provide a range contact options (in- access to the internet. Likewise in contexts where person, telephone, web-based) tailored to the needs repressive regimes conduct extensive internet of potential reporters. To the extent possible, data surveillance and there is no legal protection for collection should be available offline and from whistleblowers, a flashy web-based solution may remote locations to allow whistleblowers to report initially look attractive. Yet, without robust digital in areas with no or limited connectivity. security measures such as end-to-end encryption, such web platforms may have the perverse effect of In terms of digital reporting systems, availability is encouraging whistleblowers to come forward a key component of accessibility. Uddholm (2016) without being able to ensure their anonymity or stresses that the whistleblowing platform must not safety.

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 5

go offline in the event of system errors or manage the inflow of disclosures and ensure determined denial-of-service attacks. effective follow-up.

Usability is equally important. Potential In the private sector, many firms have resorted to whistleblowers should not be deterred from simply outsourcing these compliance functions to a reporting wrongdoing because the processes is third party who is made responsible to handle the difficult or too technically challenging. disclosure, maintain the whistleblower’s anonymity and in some cases to conduct follow-up Relevance investigations into the whistleblower’s claims (Hussein and Yamanaka 2017). Clear guidelines should be available to potential whistleblowers, including: who can submit a Security report, what rights and protections they are entitled to, how and where disclosures can be Those adopting, implementing and operating made, who has access to the information filed, what whistleblowing channels have a duty of care to possible outcomes can be expected, and which whistleblowers, whose needs should be at the other bodies they can make protected disclosures centre of any whistleblowing system. to. Potential whistleblowers should be advised of Whistleblowers face a range of legal, physical, the possibility of filing a disclosure anonymously as digital and social risks and a key mitigation well as the implications of this and the measure is to ensure anonymity and/or consequences for follow-up investigations confidentiality to the maximum possible extent. (Transparency International 2016). Furthermore, Data protection is therefore vital; and the following each channel should provide information clearly minimum standards should be in place: stating the mandate of the body receiving the disclosure, specifying which kind of wrongdoing  Control who is authorised to access data, falls within the scope of protected disclosure, and establish distinct user roles and permissions, as outlining the process involved once a report has well as identification and authentication been lodged. Finally, bodies in charge of operating procedures. Data submitted to the system internal and external whistleblowing channels should be immutable in that it is not able to be should publicly disclose anonymised statistics on altered or deleted by any user. the number and outcome of previous whistleblower  Implement measures to protect sensitive data disclosures, ideally in an open data format from unsolicited access, such as hacks on (Transparency International 2016). databases stored in the cloud.  Establish channels to share sensitive data in a Credibility secure fashion, using end-to-end encryption.  Ensure regular security monitoring through A whistleblowing channel has to be perceived as audits, and develop incident management credible by prospective reporters. Credibility is protocols in case of data security breaches, as likely to be higher in the eyes of potential well as procedures to recover data in case of whistleblowers where the mechanism is clearly security failures or mishandling incidents. An fully autonomous and operates independently of insecure application could itself become the external pressures, such as those from government host for attacks to compromise users’ or management. In this regard, information on who anonymity and/or confidentiality, as well as the receives and processes whistleblowers’ disclosures availability of the service (Uddholm 2016). should be made clear. This is vital, as the body charged with investigating whistleblower reports According to Pfitzmann and Hansen (2010), those must be widely perceived as independent from the receiving whistleblower disclosures should be parties implicated in the whistleblower’s unable to identify the reporter; senders of disclosure, so the case management system should information should be unobservable when provide for potential conflicts of interest to be interacting with the whistleblowing system. This is avoided or mitigated (Transparency International not always possible in practice as certain 2016). Ensuring that at least two members of staff jurisdictions that require personal identifiers to be conduct independent reviews of the whistleblower’s recorded when filing a whistleblowing report. report can help in this regard. A related point is Where this is the case, personal information should that whistleblowing channels must also be be split from the actual details of the case and the adequately resourced to ensure that they are able to two elements handled by different agencies, so that

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 6

one body records the identifying information, while receipt of the disclosure as soon as possible, a separate body charged with investigating the and inform them as the case progresses. complaint receives the report and a dummy Where a decision is taken to close the case, identity for the whistleblower. this communication channel should be used to provide the whistleblower with a Where anonymous reporting is either not possible clear rationale for the decision and point or not desirable, the person handling the report them to alternative redress mechanisms should be aware of the whistleblower’s identity to where appropriate. provide protection during the process of  Handle data in a secure manner, both investigation to guard against retaliation online and, where relevant, offline (Transparency International 2018). information due to be synced to cloud storage. Responsiveness  Refer cases to other organisational units (compliance, legal, finance) and, where Once secure, encrypted two-way communication relevant, competent external institutions has been established between the whistleblower such as law enforcement bodies. and the relevant authority, timely and forthright updates are important throughout the process so Establishing a whistleblowing channel that adheres that the reporter can track the progress of the case. closely to the principles and incorporates the This may reduce the chance that the whistleblower functionalities mentioned above can mean that escalates their report to other available channels, whistleblowers are more likely to come forward which could potentially be external to their with information about wrongdoing that can harm organisation. an organisation, and that the organisation itself can address such issues more efficiently (Transparency Practical considerations International 2016).

In addition to these core principles, there are a Having surveyed the core principles and practical number of practical functionalities that should considerations, it is instructive to consider the type feature in whistleblowing solutions that of threats web-based whistleblowing systems are incorporate case management elements. These exposed to. include the ability to (Transparency International 2016): Nature of threats to the security of a digital

whistleblowing platform  Log all incoming reports with a unique identifier, date of disclosure and a timeline for response. Subsequently, record all There are range of threats to whistleblower relevant follow-up activities, anonymity and/or confidentiality that can stem correspondence and findings from one of five main sources in an interaction chronologically in order to track the between a whistleblower and the recipient of a progress of cases. whistleblower’s disclosure.

 Assess the disclosure against a checklist These are termed by Uddholm (2016) the authority, based on clear, predefined criteria to the journalist (which could also be understood determine whether the reported more broadly as the receiver), the server wrongdoing falls within the scope of the administrator, outside observers and the whistleblowing mechanism. whistleblower themselves (see Figure 1).  Establish two-way secure communication with the whistleblower to acknowledge

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 7

Figure 1: the threat model (taken from Uddholm 2016)

The authority in control of the network from which malware to try to gain access to the system in order the whistleblower connects may have the ability to to identify other whistleblowers who have used the monitor or interfere in outgoing traffic from that service or at least read the reports submitted by network. other whistleblowers.

The journalist/receiver may themselves identify In terms of the technical nature of the security whistleblower. This can be taking place unwittingly threats a web-based whistleblowing application as a result of inadequate security protocols, as was faces, some of the most common include an IP leak, the case for John McAfree, who was apprehend by DNS leak, URL leak, lookup leak, software usage police after the metadata in a picture taken by anonymity leak, HTTP confidentiality and integrity journalists revealed GPS coordinates (Wired 2012). risks, third-part services, server confidentiality and Equally, recipients of whistleblower data may integrity risks, traffic analysis leaks and who-had- intentionally disclose their identity, as was the case access leaks (Uddholm 2016). The assessment of when Adrian Lamo disclosed Chelsea Manning’s this technical security threats goes beyond the identity to U.S. authorities (Pilkington 2013). scope of this Helpdesk answer, but a good overview is provided in Uddholm (2016), and individual The administrator of a server may additionally digital reporting systems should be assessed monitor usage of the server to track IP addresses against all of these threats as part of a security and related information, and may disclose this audit. information to third parties. It is worth noting that the two open source Outside observers, such as law enforcement whistleblowing applications covered in this agencies or security services may attempt to hack Helpdesk answer (GlobaLeaks and SecureDrop) the system in order to uncover the identity of the have measures in place to address most of these whistleblower. types of security threat (Uddholm 2016).

Finally, whistleblowers themselves may be malicious, in the sense that they could submit

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 8

Criteria to assess and select a suitable Open source software digital reporting system There are a number of open source software Before turning to an overview of different web- solutions designed to enable anonymous and based whistleblowing platforms, it is worth secure communication between whistleblowers and reflecting on a number of preferences for digital those they want to inform of wrongdoing. Two of reporting systems identified by experts consulted the most prominent are SecureDrop and for this Helpdesk answer. The following could be GlobaLeaks, which share many common features considered as criteria to help select a software but in practice have served two slightly different solution appropriate to an organisation’s needs and use cases. Whereas, SecureDrop focuses primarily use cases. on facilitating investigative journalism by bringing new, confidential or otherwise sensitive stories to  Is the software open source or proprietary? light, GlobaLeaks has been more broadly applied, If an organisation cannot see the including in the field of anti-corruption.3 underlying code, it cannot be entirely sure what it is doing. Although neither exclude the possibility that the  Is there a vibrant community developing, whistleblower’s disclosure will make it into the updating and patching the software? This is public domain, either in its entirety or in part, both an important consideration when are intended to first of all bring wrongdoing to the evaluating sustainability and longevity. attention of specific individuals or organisations,  Is the software centrally controlled or be these investigate journalists or public officials. delocalised? In addition, to SecureDrop and GlobaLeaks, which  Has the software been subjected to security both rely on intermediaries between the audits? whistleblower and the broader public to review the  Is the software new on the market or is it an disclosure, there are a range of dedicated leaking established product? Newer software is platforms that operate more in line with the notion more likely to be faulty as it is of “radical transparency.” Radical transparency is comparatively untested. the notion that potentially sensitive and  Is the software an off-the-shelf package or a compromising information should be available to bespoke solution? Boilerplate software may the public without being first screened and curated be more reliable but less sensitive to the by moderators (Gilsinan 2018), which translates specific needs of a given organisation. into a strategy that critics allege simply amounts to  How customisable is the software? For “leak, publish, and wait for the inevitable outrage” instance, can the data input fields (Roberts 2012). whistleblowers fill in in order to make a disclosure be adjusted to suit different Like SecureDrop and GlobaLeaks, these platforms operational contexts? seek to ensure the complete anonymity of the whistleblower. Unlike those options, they seek to Overview of providers ensure that the full, uncensored versions are archived and available for everyone to view online. Web-based whistleblowing systems can be divided The most famous of these is WikiLeaks, but there into three broad categories: open source software, have been numerous spin-offs, with both for-profit packages marketed at private firms, and geographic and thematic focus.4 custom-built bespoke platforms. The following section provides an overview of the various options, As these leaking platforms tend to operate on the before assessing which would be most suited to the basis of publishing all information received by needs of Anti-Corruption Agencies. default, they are less suited to forming part of a coherent whistleblowing system operated by an

3 GlobaLeaks has also been adopted by some media outlets, countries), MagyarLeaks (Hungary), pirateleaks.cz including by fifteen news organisations in the Netherlands (Czechia) ,Leakymails (Argentina), RuLeaks (Russia), who collectively support an instance of GlobaLeaks call TunisLeaks (Tunisia), IsraeliLink (Israel), PinoyLeaks (The PubLeaks. Phillipines), IndoLeaks (Indonesia). 4 Geographic: AfriLeaks (Africa), MexicoLeaks (Mexico) Thematic: ArtLeaks, UniLeaks. SwissWhistleblower (Switzerland), balkanleaks (Balkan For further details, see UNODC 2015.

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 9

organisation. For this reason, this section on open support to set-up and maintain SecureDrop source software concentrates on GlobaLeaks and (Yawnbox 2016). SecureDrop. Nonetheless, as stressed above, technology alone Yet before turning to consider each of them in cannot address all of the fraught issues blowing the detail, it is instructive to look at their many shared whistle entails. Both options necessitate careful features and qualities. Both are free, open source consideration about the broader legal and policy projects that offer a secure web interface that environment, as well as physical security and whistleblowers, journalists and others can use to organisation use cases and procedures (Yawnbox communicate. Both systems work primarily over 2016). the Tor network, a free and open source software design to enable anonymous communication, and Globaleaks they rely on the anonymity provided by Tor (Uddholm 2016). GlobaLeaks is an increasingly dominant player in the world of open source whistleblowing platforms. Both systems are regularly audited by independent Launched as a project in 2012 by the Hermes software security companies and publish the Center for Transparency and Digital Human findings of these audits, also known as penetration Rights, it has been widely adopted by both private tests (Berret 2016). In response to the results of and public organisations. Since 2014, GlobaLeaks these tests, both require frequent administration has been deployed in various anti-corruption and updates to maintain security (Yawnbox 2016). projects in order to encourage those aware of corruption to come forward and report it to Users are not required to register or otherwise relevant authorities in a secure and anonymous disclose information that could be used to identify manner (Kossow and Dykes 2018). GlobaLeaks has them. Once a document or other tip has been been broadly acclaimed as offering users (both submitted anonymously, an automatically whistleblowers and receivers) a good balance of generated passphrase can be used by the security, usability, and customisation options whistleblower to add additional information or (Yawnbox 2016). look for correspondence from the journalist or other receiver (Schwartz 2020). Security

Another advantage when it comes to ensuring GlobaLeaks has sought to embed security features anonymity is that unlike other messaging apps and in the technological design of the website whistleblowing channels that may store metadata framework itself, which is written in Python and on servers owned by the messaging system, JavaScript (Uddholm 2016). The platform itself is GlobaLeaks and SecureDrop collect hardly any fully geared to preserving user anonymity, as its metadata. What little metadata is collected is itself design makes it impossible to trace the IP encrypted and in the case of SecureDrop it is then addresses of whistleblowers. Moreover, data stored on a server on the organisation’s premises, ownership is left to the organisation operating the making interception by authorities more difficult specific instance of GlobaLeaks, and no data (Schwartz 2020). transfer occurs between that organisation and the Hermes Center (Kossow and Dykes 2018). Overall, the security features of GobaLeaks and SecureDrop mean that most of the technical threats The software encrypts all incoming submissions by and security risks described earlier that confront default, thereby protecting all elements of the whistleblowers are avoided by running either of whistleblower’s disclosure, from answers to the these applications correctly (Uddholm 2016). A initial questionnaire, comments, attachments, and comparative assessment of both systems concluded related metadata, as well as any eventual that whereas SecureDrop was a more appropriate correspondence between receiver and solution for those looking to “defend legally whistleblower (GlobaLeaks 2020b). In this way, privileged work, or when utmost security is GlobaLeaks attempts to prevent any instances of needed”, GlobaLeaks was a more viable option for plaintext data being stored (Uddholm 2016). Each organisations who need “internal auditing and/or GlobaLeaks instance includes a default data whistleblowing platform, a survey/questionnaire retention policy that automatically securely deletes platform, or a file submission platform” and does submissions after a certain period of time to further not possess the necessary dedicated technical

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 10

minimise the risk of security being compromised as submission statuses (GlobaLeaks 2020a). (GlobaLeaks 2020a). GlobaLeaks reportedly also has the capacity to integrate with other case management systems, GlobaLeaks has been subjected to regular security such as the one used by Transparency audits (GitHub 2020a), the most recent of which in International’s Advocacy and Legal Advice Centre 2018 identified no high impact security issues, and network, which is due to operate on SalesForce. one medium impact issue that has since been resolved (GitHub 2020b). Encouragingly, there is Customisation evidence of an active community of developers on github dedicated to continuously refining and Another advantage of GlobaLeaks over SecureDrop improving the software (GitHub 2020c). is that it is highly adaptable, and each organisation can customise the free, open source software to suit While an administrator can decide to install their their own needs while receiving technical support instance of GlobaLeaks in a cloud computing from the Hermes Center (Kossow and Dykes 2018; system, observers note that using shared virtual Schwartz 2020). Driven by the concern that hosting environments can bring additional security “whistleblowing should be as local as possible to and legal risks, as it often means that a third party give a voice to concerned citizens in their local manages the service (Yawnbox 2016). context” (GlobaLeaks 2020d), each installation can be tailored to suit a specific audience and subject Usability matter by customising the questionnaire into which whistleblowers enter their disclosures (Open GlobaLeaks is considered easier than SecureDrop Technology Fund 2019). In addition, software has for less technical users to operate. It is more been fully translated into twenty-two different straightforward to install (Berret 2016), and the languages (Transifex 2020). Different forms of interface itself is more advanced as it permits attachments, from documents to audio and video whistleblowers to choose who should receive their recordings can be submitted via the platform disclosures (Uddholm 2016). The software then (SportsLeaks 2020). encrypts the whistleblower’s disclosure using the chosen recipient’s keys, meaning the whistleblower GlobaLeaks has been customised by journalists has more control over who reads their data than in both working with a geographic focus, as is the case SecureDrop (Uddholm 2016). in the Netherlands where fifteen news organisations collectively support an instance of While GlobaLeaks previously operated exclusively GlobaLeaks call PubLeaks (Berret 2016), as well as on Tor (Uddholm 2016), in 2017 HTTPS was thematically, such as the journalists running integrated into the platform, making it accessible to SportLeaks. many more organisations for whom configuring the Tor browser presented an additional hurdle (Open Yet the flexibility of the GlobaLeaks system has Technology Fund 2019). The Open Technology enabled it to be adopted not only by media outlets Fund notes that using HTTPS can often be less and non-governmental organisations but also by risky that employing Tor to protect anonymity in public authorities such as the Barcelona City countries with low internet penetration or Council and the Italian Anti-Corruption Agency as advanced surveillance (Open Technology Fund well as private firms like Edison (GlobaLeaks 2019). For its part, GlobaLeaks differentiates 2020e). The software is now in operation as places between “anonymous submissions” made via Tor as diverse as Ukraine, Angola, and Madagascar, and “confidential submissions” made via HTTPs while the International Criminal Court is using (GlobaLeaks 2020c), and displays a warning to GlobaLeaks to uncover crimes against humanity in users access the site without using Tor in order to the Central African Republic (Open Technology safeguard non-technical users who might not Fund 2019). otherwise comprehend the security risks (Uddholm 2016). Perhaps most notably, GlobaLeaks’ recent introduction of a so-called “multitenancy feature” Unlike SecureDrop, GlobaLeaks also offers some enables the creation of a single platform that basic case management functions to record cases provides every public agency with their own and track their status. Recipients can define their bespoke anti-corruption whistleblowing channel own taxonomy for disclosures they have received; (Open Technology Fund 2019). An Italian by default the system includes New/Open/Closed initiative, whistleblowing.it, has taken this

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 11

approach and currently over 600 public Security institutions have adopted this whistleblowing platform. (Transparency International Italia 2020). In comparison to GlobaLeaks, SecureDrop The Open Technology Fund, which has funded emphasises security above usability (Uddholm GlobaLeaks, argues that the “streamlined 2016). The system works using two physical encryption model and multitenancy capability has servers, one public server to store, receive and resulted in massive, organic scaling” and notes that encrypt messages using PGP and a second server to more than 60% of GlobaLeaks current projects are monitor the security of the public server. The created by external users without the support of the public server is a web application coded in Python GlobaLeaks team (Open Technology Fund 2019). that is only accessible using Tor, thereby hiding whistleblowers’ identities from both the SecureDrop server itself as well as any other SecureDrop (potentially hostile) third-parties (SecureDrop SecureDrop is an open-source whistleblower 2020a). The SecureDrop application itself is submission system that is designed primarily to designed to be part of a larger system architecture, allow journalists to securely and anonymously which includes so-called “air-gaps” in which data is receive documents from and communicate with physically transferred from a computer linked the sources. Managed by the Freedom of the Press SecureDrop application to a “secure viewing Foundation since 2013, it is primarily used by station.” A secure viewing station is a computer media outlets including the New York Times and with no access to the internet and no hard drive on the Guardian, though some public accountability which data could be stored. Journalists or other organisations such as the Project on Government recipients use the secure viewing station to decrypt Oversight and ExposeFacts also run it (Schwartz and read the disclosure, creating an additional 2020). layer of security intended to prevent hackers who have gained access to the network from being able to access the data included in the disclosure itself (Uddholm 2016).

Figure 2: SecureDrop architecture

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 12

In addition, SecureDrop features mandatory two- offered above, these solutions are proprietary and factor authentication for the journalists in the form many of them are intended to be fully-outsourced of TOTP and uses additional application to further systems that manage whistleblower disclosure from enhance security of the application itself, including secure receipt of the initial report to case GRSecurity, OSSEC, iptables and AppArmor management and follow-up investigations. (Uddholm 2016). Like GlobaLeaks, the software is frequently audited by security firms. The most As alluded to above, there has been a rapid growth recent audit in 2018 did not find any critical or in the market for these systems to keep pace with high-severity issues in the system (Softwerx 2018). the changing regulatory environment in many jurisdictions that increasingly require companies to Usability adopt whistleblowing protection into corporate governance standards and risk management Although also available in around twenty languages measures (Sillaman and Bernadi 2018). Notably in (SecureDrop 2020b), SecureDrop is more complex 2016, the International Standards Organisation to use than GlobaLeaks. Operating the system introduced a new standard on Anti-Bribery requires some Linux system administration Management Systems that obliges companies to expertise, and once it has been deployed, only local enable anonymous reporting (International administration is possible and is command line Standards Organisation 2020). only (Yawnbox 2016). Consequentially to meet this growing demand, Disclosures are less targeted than those made via various vendors have emerged offering GlobaLeaks. From the whistleblower side, a user is differentiated solutions for whistleblowing ethics granted access to a form to upload files and leave a and reporting management (O’Leary and Pike message, but it is not possible to specify which 2018). journalist or other recipient should have access to the disclosure (Uddholm 2016). For this Helpdesk answer thirteen private sector providers5 were contacted and asked to complete a Recipients such as journalists are then presented self-assessment questionnaire against some criteria with a list of all anonymised sources and their developed in consultation with whistleblowing and submissions, each of which displays a thread of IT specialists at Transparency International. Not all downloadable messages and files encrypted with of the vendors replied, in which case the author of GPG. To read the contents of the disclosure, this Helpdesk answer collected as much recipients of disclosures are obliged to download information as possible in the public domain, each encrypted message separately, then manually chiefly drawing on the companies’ own websites. transfer it to a secure viewing station in order to decrypt and verify the contents. Observers point A review of these providers’ solutions found that out that this process is labour intensive and prone unlike the two open source solutions mentioned to abuse by spammers (Uddholm 2016). For an above, many of the corporate providers place less organisation that expects to receive large numbers emphasis on security in favour of greater usability. of whistleblower disclosures, this could be an unwieldy or even unmanageable system. Studies of For instance, a number of providers primarily whistleblowing mechanisms run by Anti- offered whistleblowing channels such as mobile Corruption Agencies in Kenya and Indonesia found apps and SMS that are inherently less secure than that they average several thousand submissions per web-based platforms. In certain contexts they can year (Kossow and Dykes 2018). compromise a whistleblower’s anonymity; merely the fact of having the app on one’s mobile could be Corporate grounds for suspicion. In addition, email addresses are often needed in order to download mobile apps. The second category of digital reporting systems Thus while vendors of many of the mobile apps are are those primarily designed for the private sector, at pains to stress that their software does not itself which often feature as part of a broader IP addresses or require personal information to governance, risk and compliance system (G2 download the app, it often is unclear what security 2020). As opposed to the open-source systems protocols they have put in place to prevent

5 Alethia, BKMS, Canary Whistleblowing, Convercent, Intouch, RedFlag Group, Whispli, WhistleB and Ethics Global, Ethicontrol, ExpoLink, Got Ethics, People WhistleblowerSecurity

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 13

potentially hostile third parties from tracking this about the backend security measures (Leeds information. Beckett University 2018).

In addition, the corporate providers place greater In general, custom-built platforms are likely to only emphasis on integrated case management be suitable for large organisations with bountiful functionalities than their open source counterparts. resources, or organisations with very specific and However, in order to generate the aggregated niche requirements. While they offer boundless statistics and assess trends, data analytics tools rely customisation options, they are less likely to be on data retention, which could constitute both a built using tried and tested security protocols, and security risk and a legal risk from a data protection in the long run are unlikely to prove sustainable. point of view. For this reason, GlobaLeaks includes a default data retention setting that wipes Suitability for Anti-Corruption disclosures after fixed period of time. Agencies Moreover, some of these corporate solutions rely on third party services, such as the use of Amazon, The reporting of corruption by witnesses, victims Microsoft or IBM cloud computing, or external and even perpetrators themselves is an important translation services. Again, this renders means of promoting transparency, accountability whistleblowers’ disclosures more vulnerable to and participation. As such, it is an important interception. means of promoting trust, be this between directors and shareholders in the private sector, or Finally, while a system that provides anonymous between citizens and government in the public means of communication might appear to be sector (Chansarkar 2020). secure on the surface, a whistleblower’s identity can nonetheless be compromised unless the As well as being a means of preventing, arresting solution provides clear instructions and protocols and remedying wrongdoing, an effective for less technical users. whistleblowing mechanism can be a key part of an anti-corruption agency’s arsenal as a way to gather For instance, systems that require a prospective information about the extent and forms of whistleblower to download a specific client or corruption, as well as trends and patterns. application should first of all communicate clearly Whistleblowing channels can thus complement that these activities should also be conducted on other accountability mechanisms like social audits, secure channels, otherwise a user that viewed public expenditure and tracking surveys, e- instructions on how to file a report could be government tools, and service delivery correlated to the disclosure itself due to DNS, IP or questionnaires (Kossow and Dykes 2018). Yet while URL leaks that reveal when and from where a user these other forms of “crowd-sourced” data about viewed this information (Uddholm 2016). This is corruption focus chiefly on petty corruption, not always the case with some of the corporate whistleblowing mechanisms can be better suited to providers. uncovering cases of more serious bureaucratic or political corruption. By producing targeted and Custom-built platforms detailed information about significant corruption cases, whistleblowing channels can serve as the In addition to the open source and corporate vital first step in a successful prosecution, and solution, some organisations choose to custom thereby improve vertical accountability between build their own whistleblowing platforms. The citizens and the state (Chansarkar 2020). World Anti-Doping Agency (2020), for instance, launched its own doping-specific whistleblowing This is recognised in the recent G20 High-Level platform, Speak Up! Principles for the Effective Protection of Whistleblowers, which encourage countries to Whistleblowers to the Speak Up! platform submit adopt “diverse, highly visible and easily accessible their disclosure through a secure online post box reporting channels…and extend protection to all through which they can communicate with WADA eligible persons reporting through those channels” while remaining anonymous. Although WADA (G20 2019). The Principles also state that G20 offers advice to help whistleblowers remain should consider ways to enable whistleblowers to anonymous such as filing reports from personal “make a report without revealing their own identity computers, there is little available information

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 14

while being able to communicate with the recipient Anti-Corruption Agencies, not least given that it of the report” (G20 2019). does not charge fees. The increasing adoption of GlobaLeaks by municipal governments and public The technical demands of setting up a secure and agencies can therefore be expected to continue anonymous whistleblowing mechanism can seem (The Tor Project 2018). daunting. Yet public sector organisations such as anti-corruption agencies do not need to develop The propriety software on the market places their own system from scratch. As illustrated greater emphasis on usability and integrated case above, there are a number of both open-source and management functionalities, which offers proprietary providers of digital whistleblowing advantages to organisations looking to improve platforms that can be deployed by public agencies. internal integrity and compliance. This focus on the recipients of whistleblower disclosures is perhaps Organisations looking to adopt web-based unsurprising, given that the corporate solutions are whistleblowing systems should be mindful of the marketed at organisations rather than broader whistleblowing context, such as the legal whistleblowers. The fee structure of many of the protections for whistleblowers, the severity of private sector providers of whistleblowing solutions physical and digital threats, as well as may complicate their adoption by public sector organisational capacity vis a vis the anticipated bodies, as they tend to charge a fixed amount by volume of reports and the relative sophistication of user or number of employees. It is unclear how technical infrastructure needed. Chosen solutions they would charge an organisation like an anti- should therefore be tailored to local contexts and corruption agency, which provides a channel for organisational needs to ensure that whistleblowers potentially millions of citizens to file are provided with the most useable means to report whistleblowing reports. wrongdoing that simultaneously provides the greatest level of security feasible in order to protect Limited consideration was given in this Helpdesk their identity. answer to custom-built bespoke whistleblowing platforms developed by individual organisations. In This Helpdesk answer has laid out the core general, these are only likely to be suitable for principles and practical considerations for online organisations with large resources to dedicate to reporting systems, as well as the chief digital the system or very niche organisational threats they face and how various providers’ requirements. It is expected that bespoke platforms solutions respond to these threats. Overall, the are typically less secure and less sustainable than paper has identified that of the three main types of their open source or proprietary counterparts. providers, the open source solutions tend to offer the greatest security for whistleblowers themselves. GlobaLeaks in particular offers itself as a viable solution for public sector organisations like

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 15

References Ethicontrol. 2020b. “Pricing.” Association of Certified Fraud Examiners. 2018. https://ethicontrol.com/en/pricing Report to the nations: 2018 global study on occupational fraud and abuse. https://s3-us-west- Ethicontrol. 2020c. “FAQ.” 2.amazonaws.com/acfepublic/2018-report-to-the- https://ethicontrol.com/en/faq nations.pdf Ethics Global. 2020a. “Reporting Channels.” Bacher, P. And Popp, V. 2019. “New standards for https://www.ethicsglobal.com/en/reporting- whistleblower protection in the upcoming EU channels.html directive – practical implications for companies”, International Bar Association. Ethics Global. 2020b. “Ethics Global History.” https://www.ibanet.org/Article/NewDetail.aspx?A https://www.ethicsglobal.com/en/ethicsglobal- rticleUid=6FF2ECE9-7FAD-4119-AD2E- history.html 41BDEE44B2CB#_edn5 ExpoLink. 2020. “Protecting Whistleblowing Berret, C. 2016. “Guide to SecureDrop”, TOW Data.” Centre for Digital Journalism. https://www.expolink.co.uk/whistleblowing- https://www.cjr.org/tow_center_reports/guide_to hotline/protecting-whistleblowing-data/ _securedrop.php ExposeIT. 2019. “Whistleblowing Data Protection.” Brown, A. J. 2008. Whistleblowing in the https://xtnd.co.za/wp- Australian Public Sector. Enhancing the Theory content/uploads/2019/05/Whistleblower-Data- and Practice of Internal Witness Management in Protection.pdf Public Sector Organizations. Australian National University Press ExposeIT. 2020. “ExposeIT Homepage.” https://xtnd.co.za/exposeit-faq/ Canary Whistleblowing. 2020. “Security.” https://www.canary-whistleblowing.com/security- G2. 2020. “Best whistleblowing software.” data-retention/ https://www.g2.com/categories/whistleblowing?ut f8=%E2%9C%93&order=alphabetical Chansarkar, M. 2020. “Governance and Technologies – Role in Corruption Control”, G20. 2019. “High-Level Principles for the Effective International Conference on E-Business, E- Protection of Whistleblowers”. Management, E-Education and E-Governance. https://www.bmjv.de/SharedDocs/Downloads/EN https://tinyurl.com/wykful7 /G20/G20_2019_High-Level- Principles_Whistleblowers.pdf?__blob=publicatio Convercent. 2017. Convercent Ethics Cloud: nFile&v=1 Security and Business Continuity Overview. https://www.convercent.com/resource/Convercent Gilsinan, K. 2018. “The Radical Evolution of _Security_Business_Continuity_Solution_Overvie WikiLeaks”, The Atlantic. w.pdf https://www.theatlantic.com/international/archiv e/2018/11/assange-wikileaks-trump-clinton- EQS. 2019a. Which reporting channels are suitable transparency-election-iraq/576115/ for your organisation? https://www.eqs.com/knowledge/white- GitHub. 2020a. “GlobaLeaks: Penetration Tests.” papers/reporting-channels-for-internal- https://github.com/globaleaks/GlobaLeaks/wiki/P whistleblowing/ enetration-Tests

EQS. 2019b. “EU Whistleblower Protection: How GitHub. 2020b. “GlobaLeaks: Security Audit 5: to meet the new requirements”, EQS Blog. Team Subgraph.” https://www.eqs.com/solutions/products/whistleb https://github.com/globaleaks/GlobaLeaks/wiki/S lowing-system/eu-whistleblower-protection/ ecurity-Audit-5:-Team-Subgraph

Ethicontrol. 2020a. “Service Privacy Policy.” GitHub. 2020c. “GlobaLeaks.” https://ethicontrol.com/en/service-privacy-policy https://github.com/globaleaks/GlobaLeaks

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 16

GlobaLeaks. 2020. “Encryption.” Leeds Beckett University. 2018. Global https://docs.globaleaks.org/en/latest/gettingstarte Whistleblowing Landscape for Reporting Doping d/Encryption.html in Sport. https://www.wada- ama.org/sites/default/files/resources/files/leeds_ GlobaLeaks. 2020. “Homepage.” beckett_wada_report_on_whistleblowing_platfor https://www.globaleaks.org/ ms_july_2018.pdf

GlobaLeaks. 2020. “Who uses it?” O’Leary, R. and Pike, S. 2018. IDC Innovators: https://www.globaleaks.org/who-uses-it/ Whistleblower Ethics and Reporting Management. https://www.idc.com/getdoc.jsp?containerId=US4 GlobaLeaks. 2020a. “Case Management.” 4376318 https://docs.globaleaks.org/en/latest/user/admin/ UserInterface.html#case-management Official Journal of the European Union. 2019. Directive (EU) 2019/1937 of the European GlobaLeaks. 2020c. “Features.” Parliament and of the Council of 23 October 2019 https://docs.globaleaks.org/en/latest/gettingstarte on the protection of persons who report breaches d/Features.html of Union law. https://eur-lex.europa.eu/legal- content/EN/TXT/?uri=CELEX:32019L1937 Got Ethics/ 2020. “Security.” https://www.gotethics.com/security Open Technology Fund. 2019. “Taking anonymous online: Whistleblowing Global.” Homann, M. 2018. “Do I need a digital https://www.opentech.fund/news/taking- whistleblowing system?”, EQS Blog. anonymous-online-whistleblowing-global/ https://blog.eqs.com/do-i-need-a-digital- whistleblowing-system Pfitzmann, A. and Hansen, M. 2010. A terminology for talking about privacy by data minimization: HTW Chur. 2018. Whistleblowing Report 2018. Anonymity, unlinkability, undetectability, https://www.eqs.com/en-GB/knowledge/white- unobservability, pseudonymity, and identity papers/whistleblowing-report-2018/ management. https://dud.inf.tu- dresden.de/literatur/Anon_Terminology_v0.34.pd Hussein, M. and Yamanaka, T. 2017. f “Whistleblowing at work: Can ICT encourage whistleblowing?”. Pilkington, E. 2013. “Adrian Lamo on Bradley https://www.jstage.jst.go.jp/article/jsik/27/2/27_ Manning: ’I knew my actions might cost him his 2017_017/_article life’.” http://www.theguardian.com/world/2013/jan/03/ IntegraCall. 2020a. “Homepage.” adrian-lamo-bradley-manning-q-and-a https://www.integracall.com/ Pupic, T. 2019. “Bringing Ethics Back to Business: IntegraCall. 2020b. “Security Overview.” Alethia”, Entrepreneur. https://www.integracall.com/security-overview https://www.entrepreneur.com/article/344350

IntegraCall. 2020c. “Products and Services.” Recurity Labs. 2019. “Continuous Web Application https://www.integracall.com/products-services Audit Confirmation of Business Keeper AG’s BKMS Sysyem.” https://www.business- International Standards Organisation. 2020. “ISO keeper.com/fileadmin/user_upload/Confirmation 37001: Anti-Bribery Management Systems.” _Penetration_Test_and_Retest.pdf https://www.iso.org/iso-37001-anti-bribery- management.html Roberts, A. 2012. ‘WikiLeaks: the illusion of transparency’, International Review of Kossow, N. and Dykes, V. 2018. Embracing Adminstrative Sciences, vol. 78(1): 116-133. Digitalisation: How to use ICT to strengthen Anti- https://journals.sagepub.com/doi/abs/10.1177/00 Corruption, GIZ. 20852311429428?journalCode=rasb https://www.giz.de/de/downloads/giz2018- eng_ICT-to-strengthen-Anti-Corruption.pdf

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 17

Rossi, L., McGuinn, J. and Fernandes, M. 2017. https://knowledgehub.transparency.org/assets/upl Estimating the economic benefits of whistleblower oads/kproducts/ti_document_- protection in public procurement. _guide_complaint_mechanisms_final.pdf https://op.europa.eu/en/publication-detail/- /publication/8d5955bd-9378-11e7-b92d- Transparency International. 2018. A best practice 01aa75ed71a1/language-en guide for whistleblowing legislation. Berlin: Transparency International. Schwartz, T. 2020. A Public Service: https://www.transparency.org/whatwedo/publicat Whistleblowing, Disclosure and Anonymity, OR ion/best_practice_guide_for_whistleblowing_legi Books. slation

SecureDrop. 2020. “Configuring Localization for Transparency International. 2019. Five Principles the Source Interface and the Journalist Interface.” for Engaging Citizens in Anti-Corruption https://docs.securedrop.org/en/latest/admin.html Mechanisms. Berlin: Transparency International. #configuring-localization-for-the-source-interface- https://www.transparency.org/whatwedo/publicat and-the-journalist-interface ion/five_principles_for_engaging_citizens_in_ant i_corruption_mechanisms SecureDrop. 2020a. “About SecureDrop.” https://securedrop.org/faq/about-securedrop/ Uddholm, J. 2016. Anonymous Javascript Cryptography and Cover Traffic in Sillaman, B. and Bernadi, A. 2018. “Italy steps up Whistleblowing Applications, The Royal Institute whistleblowing regulation”, The FCPA Blog. of Technology, School of Computer Science and https://fcpablog.com/2018/1/11/sillaman-and- Communication. http://www.diva- bernardi-italy-steps-up-whistleblowing-regulati/ portal.org/smash/get/diva2:953534/FULLTEXT01 .pdf Sofwerx. 2018. SecureDrop Security Analysis: Final Report. Unabhängiges Landeszentrum für Datenschutz https://securedrop.org/documents/14/Sofwerx_Se Schleswig-Holstein. 2019. “Datenschutz-Gütesiegel cureDrop_Security_Review_- der Firma Business Keeper AG.” _Public_Distribution_.pdf https://www.business- keeper.com/fileadmin/user_upload/Downloads/4 Sportsleaks. 2020. “Homepage.” _ULD-Datenschutz_Gtesiegel_BKMS-System.pdf https://www.sportsleaks.com/ UNODC. 2015. Resource Guide on Good Practices Süsse, S. 2014. ‘Whistleblowing - in the Protection of Reporting Persons. Hinweisgebersysteme als Bestandteil eines https://www.unodc.org/documents/corruption/Pu effektiven Compliance-Managements’, Compliance blications/2015/15- Officer, pp 195-217. 04741_Person_Guide_eBook.pdf https://link.springer.com/chapter/10.1007/978-3- 658-01270-0_8 UNODC. 2020. “Whistleblowing systems and protections.” https://www.unodc.org/e4j/en/anti- The Tor Project. 2018. “Italian Anti-Corruption corruption/module-6/key-issues/whistle-blowing- Authority (ANAC) Adopts Onion Services.” systems-and-protections.html https://blog.torproject.org/italian-anti-corruption- authority-anac-adopts-onion-services Whispli. 2020 “Our Trust Center.” https://whispli.com/trust-center/ Transifex. 2020. “GlobaLeaks.” https://www.transifex.com/otf/globaleaks/ WhistleB. 2020a. “WhistleB Trust Centre.” https://whistleb.com/trustcentre/ Transparency International Italia. 2020. “Whistleblowing PA.” WhistleB. 2020b. “Whistleblowing software.” https://www.whistleblowing.it/ https://whistleb.com/whistleblowing-software/

Transparency International. 2016. Complaint WhistleblowerSecurity. 2020a. “Global Ethics Mechanisms: Reference Guide for Good Practices. Hotline.” Berlin: Transparency International.

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 18

https://www.whistleblowersecurity.com/global- ethics-hotline/

WhistleblowerSecurity. 2020b. “FAQ.” https://www.whistleblowersecurity.com/resources /faq

WhistleblowerSecurity. 2020c. “Data Privacy and Security.” https://www.whistleblowersecurity.com/data- privacy-and-security/

Wired. 2012. “Oops! did vice just give away john mcafees location with photo metadata?” http://www.wired.com/2012/12/7 oops-did-vice- just-give-away-john-mcafees-location-with-this- photo/

World Anti-Doping Agency. 2020. “Speak Up!” https://speakup.wada- ama.org/WebPages/Public/FrontPages/Default.as px

Yawnbox. 2016. “GlobaLeaks and SecureDrop: which is right for you?” https://yawnbox.wordpress.com/2016/01/21/glob aleaks-and-securedrop-which-is-right-for-you/

U4 Anti-Corruption Helpdesk Overview of whistleblowing software 19

Disclaimer

All views in this text are the author(s)’ and may differ from the U4 partner agencies’ policies.

Partner agencies

DFAT (Australia), GIZ/BMZ (Germany), Ministry for Foreign Affairs of Finland, Danida (Denmark), Sida (Sweden), SDC (Switzerland), Norad (Norway), UK Aid/DFID.

About U4 The U4 anti-corruption helpdesk is a free research service exclusively for staff from U4 partner agencies. This service is a collaboration between U4 and Transparency International (TI) in Berlin, Germany. Researchers at TI run the helpdesk.

The U4 Anti-Corruption Resource Centre shares research and evidence to help international development actors get sustainable results. The centre is part of Chr. Michelsen Institute (CMI) in Bergen, Norway – a research institute on global development and human rights. www.U4.no [email protected]

Keywords whistleblowing - software – whistleblower protection

Open access

We apply a Creative Commons licence to our publications: CC BY-NC-ND 4.0.

U4 Anti-Corruption Helpdesk OverviewU4 Partner of whistleblowing staff can software use the helpdesk for free. 20 Email us at [email protected]