Most Government Whistleblower Hotlines Don’t Even Use HTTPS 

Most Government Whistleblower Hotlines Don’t Even Use HTTPS 

The US government is failing to adequately protect its whistleblowers, with dozens of its agencies’ whistleblowing channels — including the Department of Homeland Security and the Department of Justice — leaving sensitive information vulnerable to attacks.

According to a report from the American Civil Liberties Union, at least 29 inspectors general hotlines fail to use HTTPS, the secure hypertext protocol used to protect against hackers:

When individuals use these official whistleblowing channels to report waste, fraud or abuse, the information they submit is transmitted insecurely over the internet where it can be intercepted by others. This not only puts the identity of whistleblowers at risk, but also the confidentiality of the information they provide to inspectors general.

In addition to recommending that all 29 inspectors general hotlines upgrade to HTTPS as soon as possible, the ACLU recommended a number of other ways to ramp up security for whistleblowers, including use of SecureDrop, a software designed to help people share sensitive information.

SecureDrop is already used by a number of news organisations to provide a safe way for people to report fraud, abuse, and crime without risking exposure — outlets like The Washington Post, The Guardian, and, yep, Gawker Media.