Most Government Whistleblower Hotlines Don't Even Use HTTPS

Illustration for article titled Most Government Whistleblower Hotlines Dont Even Use HTTPS

The government is failing to adequately protect its whistleblowers, with dozens of its agencies’ whistleblowing channels—including the Department of Homeland Security and the Department of Justice—leaving sensitive information vulnerable to attacks.


According to a report from the American Civil Liberties Union, at least 29 inspectors general hotlines fail to use HTTPS, the secure hypertext protocol used to protect against hackers:

When individuals use these official whistleblowing channels to report waste, fraud or abuse, the information they submit is transmitted insecurely over the internet where it can be intercepted by others. This not only puts the identity of whistleblowers at risk, but also the confidentiality of the information they provide to inspectors general.


In addition to recommending that all 29 inspectors general hotlines upgrade to HTTPS as soon as possible, the ACLU recommended a number of other ways to ramp up security for whistleblowers, including use of SecureDrop, a software designed to help people share sensitive information.

SecureDrop is already used by a number of news organizations to provide a safe way for people to report fraud, abuse, and crime without risking exposure— outlets like The Washington Post, The Guardian, and, yep, Gawker Media.


Share This Story

Get our newsletter


This is kind of a big deal, it allows for proper and appropriate dissent, you can’t mock Edward Snowden on one hand, and then not give him a proper way to whistleblow in the other. This is why whistleblowers go to public venues instead of proper oversight.