Read This Before You Whistleblow With an App
--
Government whistleblowing is harder than just downloading an app. Earlier this month, California Congressman Ted Lieu shared an article on Twitter, detailing options for federal employees who want to leak unclassified information, including the use of encrypted messaging apps like Signal, WhatsApp, and Telegram.
But disclosing sensitive information to the press may be risky, particularly for a federal employee. The decision to blow the whistle could cost them their livelihood, freedom, or worse.
At the Freedom of the Press Foundation, we build software to support whistleblowers, conduct newsroom security trainings, and organize security resources for journalists. So when we see risky security information aimed at journalists and whistleblowers, especially coming from people in positions of authority, our hair grays.
We had some thoughts.
Encrypted chat apps might provide sufficient protection if you’re blowing the whistle on a small, under-resourced organization, but U.S. agencies have deep pockets and the legal and technical resources to investigate these conversations. Extra caution may be necessary, especially given the current and previous administrations’ aggressive approach to prosecuting sources to the press.
Lieu doesn’t recommend leaking classified information, and much of his guide is accurate and important, particularly on whistleblower rights. But unfortunately, federal employees face unique dangers when talking to the press — including the threat of prosecution — and should know all the facts before choosing which tool, if any, to contact the press. Talking to a practicing lawyer about federal whistleblower protections may be a good idea, too.
How recordkeeping exposes whistleblowers
The idea behind encrypted chat apps like WhatsApp is to keep our conversations private and provide more protection than traditional text messages or phone calls. When done right, these apps use end-to-end encryption. This just means that no one but the sender and receiver can read the messages — not even the…
