Contents:
.
We do like to talk about anonymity — last time we made a short introduction to the world of anonymous messages and the apps you can (or can't) use for your safe Internet search and public threads. Now we dig into not the reports themselves but the motivation and security of people who submit them — informants, whistleblowers, and reporting persons.
To begin with, what is anonymity? A simple and yet meaningful definition is a situation of non-identifiability when none of the details of the provided information can be traced back to the whistleblowers. If the report or the reporting channel compromises the identity of the reporter (by any of its types*), the greatest hope of the informant is to maintain his or her confidentiality.
You decided to stay anonymous or confidential — what do you need to know to stay safe and make the report precise (with no extra details)? Your identity may remain hidden if you know what it consists of — some details of the report should be erased for your own safety.
.
What is the identity type* which eventually may reveal who you are?
We may use an excellent framework by Gary T. Marx to guide you through the dos and don'ts of thinking about the parts of your identity. Seven principles go like this:
— Legal name. As long as you fail to hide your legal name in the report, it becomes either confidential or public. The legal name is the direct evidence towards you, so its disclosure should be a reasonable trade-off.
— Linkable pseudonyms. If you use a pseudonym which anyhow can be traced back to your legal name (the pseudonym is connected with the real identity of the person and is used for communication), this pseudonym will very likely switch to the option of confidentiality instead of anonymity.
— Unlinkable pseudonym. When no location, no identity but a key phrase or number is used as a pseudonym for communication, this can be considered as an unlinkable pseudonym. It can't be a guarantee of anonymity, but with all measures taken and in case the pseudonym is completely random (no identity traces in the name), an unlinkable way of communication is the best way to preserve anonymity.
— Location. You can be physically present at the place of making a report, and it identifies you, or the same occurs digitally. Phone number, IP address, and personal device information — all of them can jeopardize a whistleblower's security. In the same way, as cameras can detect your presence on the street near the place the report was made, trackers detect your actions online. Starting from the most simple cookies on the website to the complex tracing systems, all of your online actions can be recorded and reveal your identity. To report anonymously online, you have to know the basic grounds of safe online surfing.
Thoroughly pick the device, location, time, and method used for reporting since even with all precautious measures taken you may lose anonymity on the very first day of the report. No need to become a tech geek, but the acquaintance with VPN, Tor, and your device characteristics are a MUST. In case you don't have professional knowledge and want to report the case with predictable serious consequences, we strongly recommend you ask for legal advice or use independent third-party services for reporting (if the company provides them — for example, Ethicontrol).
— Pattern knowledge. Something that you do with a certain regularity — every day, month, three hours can point at you even though the investigator has no.
— Social categorization. Certain content in your report may directly point at the origin of information — for example, only employees could know the date of a certain event, only an educated person can write a complaint in a specific style, and so on. Small details of your report may point to your gender, age, and position — you should pay attention to the information disclosed in your report as if any extra detail you mention could give the information on who are you.
— Symbols of eligibility. Just in the way social categorization does, symbols of eligibility expose your identity if you are a person related to the internal processes of the company. Did you use your employee's pass to enter the building? Was the specific professional language used to write the report? Such details help the investigators narrow the area of search and find the whistleblower sooner — beware of your professional skills which expose you.
The use of technologies in reporting is inevitable: good old telephone hotlines are less popular than ever in favour of emails and web-based forms. Online reporting is less personalized but takes many more steps to stay anonymous.
.
Not popular, not necessary?
.
Now that you know about your identity and ways to reveal it, it is worth asking what is the situation with anonymous reporting. According to the different sources, the range of anonymous channel users varies between 15% from all the reports to 60%. Such a wide gap points to an ambiguous understanding of anonymity: either it's the most popular way among informants to report or the most complicated tool for communication.
We at Ethicontrol take strong advocacy in providing anonymous reporting options as primary for whistleblowers' requests since confidential reports were compromised numerous times. No matter how secure the system is: even a small detail can reveal the identity of a whistleblower, and further investigation of the reported case may require the revelation of identity (as in the notorious Trump-Zelensky case). Anonymous channels may be unpopular due to the lack of trust from whistleblowers, which is pretty understandable.
The introduction of anonymous channels for informants can be a game-changer in the whistleblowing field, but still, we observe many restrictions around the globe regarding anonymity. Whistleblowers are interested in anonymous reporting and will continue to do so — however, with certain limitations.
.
The future of anonymous whistleblowing
Certain things are wrong with anonymity protection today:
-
None of the current whistleblower laws in the US sufficiently define confidentiality and anonymity
-
The legislation of the EU doesn't oblige state members to accept anonymous reports, even though anonymity is defined
-
There are a few legal mechanisms that review the anonymous status of the whistleblower during the court process — eventually, the whistleblower's identity may be exposed according to the court decision.
-
No technology can guarantee whistleblowers' data protection to the fullest — leaks are possible, and the whistleblower has to accept the risk when reporting.
The only chance for strengthening the belief in anonymous reporting is the direct involvement of the countries according to legislation. Legal protection of anonymity and the requirement to have an anonymous option of reporting (now not represented worldwide) improves the rate of reports, both anonymous and confidential. Still, data protection and communication with anonymous whistleblowers is far from easy and involves certain risks. We are willing to take them and are looking forward to further small steps in whistleblower protection (as was done in the EU Directive of 2019)
If we left you with unanswered questions, ask us or read our FAQ section, where we talk about anonymous messages.
Credits for the cover picture belong to Aishwarya Nandhini
In-article picture by Chaozzy Lin on Unsplash
Photo by NESA by Makers on Unsplash