paint-brush
Whistleblowing and Data Leaks: The Thin Line Between Heroism and Hackingby@devinpartida
207 reads

Whistleblowing and Data Leaks: The Thin Line Between Heroism and Hacking

by Devin PartidaMarch 14th, 2024
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Whistleblowers often go hand-in-hand with scandal, but they do important work. In many situations, they have positive impacts in terms of both ethics and the law. Not every whistleblower is acting out of interest for the public good, and in some cases, their actions can cause additional damage.
featured image - Whistleblowing and Data Leaks: The Thin Line Between Heroism and Hacking
Devin Partida HackerNoon profile picture

Whistleblowers are a controversial subject. You could hear people praising them as heroes or condemning them as hackers. As with many contentious subjects, the truth isn’t so black-and-white.


Good or bad, whistleblowers are likely here to stay. So, it’s important to understand how they can be a force for good and when they might introduce some problems — especially for people in the tech industry.

The Good of Whistleblowers

While whistleblowers often go hand-in-hand with scandal, they do important work. In many situations, they have positive impacts in terms of both ethics and the law.

Ethicality

The biggest ethical upside of whistleblowers is that they hold companies accountable for unethical practices. Data leaks are common, but 74% of breaches in a study happened without the victims ever realizing it.


Publicly outing these companies ensures businesses don’t conduct unsafe data practices and get away with it. Bringing attention to the issue lets consumers make informed decisions about who to trust with their data.


These public scandals can also promote better security and privacy standards across the board. One in three surveyed consumers stopped doing business with companies following a data breach. Businesses don’t want to experience such massive customer loss, so the threat of a public whistleblower case could push them to prevent breaches in the first place.

Legality

Similar benefits apply to the legal sphere. In many cases, negligence that leads to privacy leaks is a legal concern, but it’s hard for authorities to catch every instance on their own. Whistleblowers help by bringing this activity to light, ensuring the companies at fault face the appropriate consequences.


It’s also worth considering that the law protects whistleblowers in many situations. It even encourages them. Under the False Claims Act, whistleblowers can earn between 15% and 30% of what the court case recovers from companies that fail to report cybersecurity incidents.

The Bad of Whistleblowers

Despite those benefits, there are also some downsides to whistleblower culture. Not every whistleblower is acting out of interest for the public good, and in some cases, their actions can cause additional damage.

Ethicality

What if a whistleblower’s proof of a company’s misdeeds involves showing specific instances of how they used people’s personal information? In those cases, the whistleblower might expose these sensitive details. While doxxing isn’t always a crime, revealing this kind of information can put people at risk of further attacks.


Similarly, the rewards for successful whistleblower cases may encourage people to look for opportunities to do it. That could lead to them hacking into sensitive databases to get the proof they need.


You could also argue about the possibility of whistleblowers targeting organizations where no real wrongdoing has happened. Disgruntled employees could place evidence to frame their leaders or try to make something innocent look illegal to get recognition and pay. Even if they don’t expose sensitive data, they could harm the business or cause unneeded stress to consumers.

Legality

Whistleblowing can also be complicated from a legal perspective. While the law may protect whistleblowing itself, not every method of exposing an organization is permissible.


Hacking a computer that isn’t your own without consent is a federal crime in most cases. Even if it doesn’t result in a criminal conviction, hacking is often a civil violation, too. The presence of any sensitive or private information tends to make things even more serious from a legal standpoint.

How to Approach Security Whistleblowers Safely

Looking at these positives and negatives, tech professionals face a tricky situation. Whistleblowers can play an important role in cybersecurity by promoting higher standards and filling in gaps law enforcement may miss. However, rewarding them could promote ethically dubious actions, and hacking as a whole introduces legal complications.


The best way to handle whistleblowers is to try and ensure they’ll never be necessary. That means implementing strong cybersecurity protections to keep sensitive data as private and safe as possible. It also means informing affected users about breaches — which all 50 states require by law — within the legal deadline, eliminating the need for whistleblower reporting.


You can also encourage employees to share their security concerns or any potential issues they’ve discovered. Having a formal process for responding to these events turns would-be whistleblowers into a handy cybersecurity asset. There’s no need for insiders to report unresolved issues or negligence when you listen to and respond to them internally.


Have firm rules on hacking and data access and listen to employee feedback on security and privacy issues. That should help maintain a safe position without promoting ethically difficult individual actions.

Whistleblowers Are Important But Tricky to Manage

In a perfect world, there would be no need for whistleblowers. Unfortunately, organizations can be negligent about safe data practices more often than many would like to believe. Consequently, whistleblowers can become a necessary evil.


Still, not all whistleblowers are well-meaning or perform a net good for data privacy. It’s important to understand these ups and downs to build better data practices and make informed decisions about whistleblower policies.