Information Technology and Ethics/Whistleblowing

Abstract
The world we live in is very complicated. Businesses, institutions, government and individuals will do everything within their power to succeed, even at the detriment of others, to make more profits and get ahead of competitors. They may go as far as illegally gather information from individuals, institutions and other countries’ government just to get the upper hand.

Most people use their conscience as their moral compass, which leads to some staff members or individuals seeing the need to speak out against unethical, illegal and criminal behavior at a workplace by means of whistleblowing. This paper attempts to set the tone or provide a guiding document to readers, that before one blows the whistle, they should know the advantages and disadvantages of whistleblowing. Essentially, revealing illegal, unethical and criminal activities within an institution is the patriotic thing to do. It is also true that going through the appropriate channels, there could also be a financial reward for doing so. Most importantly, under federal law an individual can qualify for whistleblowing protection in most states, if that employee has proof or good-faith belief that their employer or coworkers are participating in activities that are in some way violating the law. The downside however, their professional career will be adversely affected and despite federal protections a whistleblower will face some form of retaliation from his employer, coworkers and even family and friends.

Synopsis
Many scholars believe that there is no well-defined delineation for whistleblowing. After researching this topic, we could define whistleblowing as, bringing to the attention of management, staff, the authorities, print and electronic media a genuine fear about wrong doing within an organization (private or public) or governmental institutions.

Reasoning behind whistleblowing must be of genuine concern, which relates to breaking a law, a breach of a legal obligation, unethical behavior, illegal conduct that has the propensity of endangering the institution, affect the country, endanger the public and hurt the environment.

Richard Cheeks; a Professor at University of Kentucky’s Civil Engineering Department interprets Richard T. De George’s model for the history of business ethics as permissible when: When an IT professional is placed in a situation where they believe their company may be in violation of the law, they may be able report the violations without retaliation from their employer. Depending on their industry and location, IT professionals should first look into the federal and state laws for their protection. Federal Employees have laws protecting them such as Whistleblower Protection Act of 1989 and a modified version of The Whistleblower Protection Enhancement Act of 2012. In essence, the law states protections for federal employees in reporting fraud, waste, abuse, mismanagement, or a substantial and specific danger to public safety. The Occupational Health and Safety Administration (OHSA) provides IT professionals to file complaints against their employer. OSHA provides information that allows professionals to find what rights they have and what federal laws they are protected under.OSHA’s Whistleblower Protection Program enforces the provisions of more than 20 federal laws protecting employees from retaliation for, among other things, raising or reporting concerns about hazards or violations of various workplace safety and health,...”
 * “The harm that will be done by the product to the public is serious and considerable.”
 * “Engineers (or employees) have made their concerns known to their superiors’
 * “The engineer (or employees) has received no satisfaction from their immediate supervisors, and they have exhausted the channels available within the company, including going to the board of directors.”

Prior to whistle blowing, IT professionals should examine their employment contract, to see if there are obligations for internal whistle blowing. IT professionals must be operating in good faith, meaning honest intent to act without taking an unfair advantage over another person or to fulfill a promise to act, even when some legal technicality is not fulfilled when they believe the organization is in violation.

IT professionals, however, are not protected from confidentiality. In the whistle blowing case of Erhart v. Bofi Holdings, the court ruled that Disclosure of confidential information should be limited if doing so was deemed “reasonable necessary”  When reporting a violation, IT professionals should ensure the they are not disclosing unnecessary confidential information about their employer. While they are protected from retaliation, they are not protected from lawsuits in disclosing confidential information.

History of Whistleblowing
During the 19th century, the Term “whistleblower” was used for law enforcement officials who used whistles to alert fellow police officers or the public of danger. In sports, referees use whistles to indicate fouls or illegal plays, a goal, basket or touchdown.

Whistleblowing is not new to the 21th Century. We can look as far back as the 7th century in England. The term coined at that time was “qui tam”, which in our contemporary age is refer to as False Claims Act.

This word derived from the Latin phrase, “qui tam pro domino rege quam pro se ipso in hac parte sequitur” that translates to “he who prosecutes for himself as well as for the King.” In the year 695, in the declaration of King Wihtred of Kent, he explained that “if a freeman works during [the Sabbath], he shall forfeit his [profits], and the man who informs against him shall have half the fine, and [the profits] of the labor.” This declaration represented the first example of a law that allows private individuals to collect a bounty for reporting a violation of their country’s legislation.

America is one of the countries that nurtured and incorporated a value of civic duty in order to defend and benefit the public good. Benjamin Franklin became one of history’s first American whistleblowers. In 1773, he exposed confidential letters showing that the royally appointed governor of Massachusetts had intentionally misled Parliament to promote a military buildup in the Colonies. In more modern recent times, big corporations have actually developed dedicated teams who look for flaws and violations within other software development companies, notifies those companies and whistle blows if necessary. Google’s Project Zero is referenced here.

How does Google Project Zero and whistleblowing go together? Both reveal data to the public about what is happening in the organization, which in most cases, can affect the public. Google Project Zero is a sanctuary investigation team which was founded under Google Inc. The focus of the Google Project Zero is to “find vulnerabilities in popular software products, including those created by Google itself.”

The unit oversees investigating and authenticating that there is a sign of weakness in software. In any case that the Google Project Zero team finds an existing vulnerability, the team gives a fair warning to the company that has the issue. Now that the company knows there is a problem in their system, they are given “90 days to fix the problem.” If the problem is not fixed within the 90 days, the Google Project Zero will release the data to the public.90 days are given to allow that company to fix the issue.

However, Project Zero changed its policy in 2015, after a conflict between Google and Microsoft. Now, instead of the 90 days, Project Zero must give an additional 14 days, if only when a company has notified Project Zero that the company will release a patch to fix the issue, but it must be done in those given days.

Since the start of Google Project Zero, the team has caught a couple of issues within different companies’ systems. One of the cases happened with Microsoft Windows. In 2017, a Project Zero team member had gone to Twitter to state that two members had “discovered the worst Windows remote code exec in recent memory” and specified that it is not good. He wrote another tweet about it stating that further details could not be provided within the 90-day fix period. Project Zero did notify Microsoft about the bug, which leads to Microsoft acting against the issue. They released a report of the fix under the name of CVE-2017-0290. The concern that arose was that if there is a part of the system that is not patched, “any file that’s sent to a system and then scanned by Windows defender could be used for an attack that would be executed at the LocalSystem”. After Microsoft fixed problem, it was released automatically during windows updates occurring every 4 weeks.

The Advantages of Whistleblowing
Firstly, revealing illegal, unethical and criminal activities of an institution is the right thing to do and makes you a patriotic citizen. Whistleblowing may not always be easy, but it does provide a sense of moral due diligent as you know you are doing something that is clean and clear on your conscience, even if it means that the world turns it back on you.

In our professional career, we are faced with difficult choices. Do we settle with the illicit norms in our organization, by watching our companies conduct unethical and illegal behavior or do we risk losing our job, family or friends by speaking out to all unethical behavior in our organization? Some good people feel very strongly that they owe it to their country and fellow man that they should do what they can to protect them from any criminal and unethical behavior within his/her organization.

Secondly, you could receive monetary rewards for whistleblowing on any unethical and illegal activities in your institution. The laws for whistleblowing existed for several centuries up to our contemporary age. The current amendment of the whistleblowing laws, plus the high cash payout whistleblowers received have motivated more staff to file a complaint. Whistleblowing comes with a huge consequence, but it also comes with charitable reward and valuable recognition. According to the 2018 Annual report to congress of Whistleblower Program, Whistleblower Awards Made in Fiscal Year 2018, the Commission ordered whistleblower awards of approximately$168 million to 13 individuals, each of whom voluntarily provided original information that either led to an investigation or significantly contributed to a successful enforcement action. Three Individuals Receive Largest-Ever Awards Totaling Almost $83 Million. On March 19, 2018, the Commission announced two of its largest-ever whistleblower awards, with two individuals sharing a nearly $50 million joint award and another whistleblower receiving more than $33 million. The first two individuals jointly provided significant information that prompted the Commission to open the first of two investigations and ongoing assistance that saved the Commission a substantial amount of time and resources. The third individual supplied the Commission with additional information that initiated and acted as the cornerstone of the Commission’s second investigation resulting in the Covered Action.

Thirdly, you are protected under the Law of the land. As years elapses, senators, Representative and civic organization have realized the important assistance whistleblowers provide for the country, by releasing information that holds institution and organization accountable for unethical and illegal activities. Based on these finding, policy and laws have been passed to motivate whistleblowers as well as to shield them from institutional retaliation. The Dodd-Frank Act, officially called the Dodd-Frank Wall Street Reform and Consumer Protection Act, is legislation signed into law by President Barack Obama in 2010, in response to the financial crisis that became known as the Great Recession. Whistleblower Protection Act provides a way for federal employees to make disclosures of misconduct and to report instances of retaliation.

The Disadvantage of Whistleblowing
According to Whistleblower Ward Spangenberg, who claimed that raising the red flag over Uber’s secret tracking of customers — including celebrities, famous politicians and ex-spouses, Uber management said, “Hey, great, thanks. We’ll take it under advisement. Now go solve other problems.” He was fired for raising these privacy issues after working at Uber for just 11 months. He was Uber’s former head of information security compliance, He wanted people to be conscious of the fact that Uber was giving away their information. Uber allowed unauthorized access to private information of its 40 million customers.

As you can tell from the above paragraph, your professional career will be affected negatively. Under the Dodd-Frank Act, among other things, Employers are forbidden from retaliating in the aftermath of employee blowing whistle for illegal behavior done by the company or the institution. In our contemporary world filled with hate, envy and jealousy, whistleblowing against an employer, will negatively affect your profession. Once the matter is in the public domain, you will be branded a “whistleblower” and will limit your likelihood of being employed by a new institution in the foreseeable future. Other institution might feel you are not loyal asset.

“I understand that I will be made to suffer for my actions, and that the return of this information to the public marks my end. Even journalists who pursued this story were at risk until they published. The U.S. intelligence community, will most certainly kill you if they think you are the single point of failure that could stop this disclosure and make them the sole owner of this information.” Edward Snowden wrote on May 16, 2013, his first direct exchange with Washington Post reporter Barton Gellman. Edward Snowden was the individual responsible for whistleblowing on the NSA activities. During his work as an IT subcontractor for the government, Snowden became alarmed at the NSA’s surveillance activities, made copies of classified data and sent it to The Guardian. Snowden received a government theft charge and two other charges relating to the 1917 Espionage Act. After getting his U.S. passport revoked, Snowden started seeking asylum in various destinations around the world and He is currently in an undisclosed location in Russian.

As an official whistleblower, you will face retaliation from management and co-workers even family or friends. As you prepared to blow the whistle on illegal behavior you discovered. No institution or person wants to go down alone, they, their associates or well-wishers will use every breath in them to fight you. You should be prepared for possible jail time and isolation from the public. Christopher Wylie, data scientist who exposed Facebook's giant data breach, has revealed he has been physically assaulted and followed since blowing the whistle. Wylie told Business Insider how his life has transformed since going public with evidence that Cambridge Analytica weaponized the data of 50 million Facebook users during the 2016 US presidential election. Wylie said, it was this that made him vulnerable to attack. Some of the abuse he has encountered has been reported to the police, while a risk assessment was also carried out on the whistleblower. It all means he must take certain precautions when he is out in public. "I've been physically assaulted several times in the street. “That has not been necessarily the easiest to deal with.

Conclusion
Before one blows the whistle, they should know the advantages and disadvantages of whistleblowing. In terms of the advantages of whistleblowing: firstly, revealing illegal, unethical and criminal activities in institution is the right thing to do and makes you a patriotic citizen. Secondly, you will get financial reward for whistleblowing on any unethical and illegal activities in your intuition. Thirdly, you are protected under the Law of the country. In term of the disadvantage of whistleblowing, firstly, your professional career will be affected negatively. Secondly, you will face Retaliation from bosses, co- workers and even family and friends. Now that you know the advantages and Disadvantages, the decision is yours to make.