scandalous behavior sometimes exposed in the worlds of big government
and big business. But what should you do if you discover something you
think is unethical or potentially criminal? Something totally
nefarious and evil? Here's our guide to snitching on the bad guys
without getting caught.
1 Understand the Consequences
2 Surf Anonymously
3 Use Encryption
4 Lock Down Your Files
Understand the Consequences
Going up against the evil corporations or the Big Bad Fed can have
serious repercussions -- whistleblowers have been ostracized, fired,
threatened, jailed, and worse.
Still, from Deep Throat to Big Tobacco, whistleblowers have a
distinguished legacy of helping the public good. Stephen M. Kohn,
President of the National Whistleblower Center in Washington DC says
"The majority of all civil fraud recoveries in the U.S. are based on
whistleblower disclosures," which means it could be up to you to point
out wrongdoings.
In the end, most whistleblowers do end up exposed out of necessity,
whether for legal testimony or simply due to accidental exposure. Most
get fired, but many whistleblowers have also sued their former
employers and won their cases. Legal protection for whistleblowers
varies from country to country, and Wired can't provide you with legal
advice, but you should understand that the choice to blow the whistle
is ultimately fraught with risk.
Here are some tips that might help you remain anonymous -- and
possibly evade detection long enough to get the word out.
Surf Anonymously
One tool explicitly designed with whistleblowers in mind is Tor (surf
to https://tor.eff.org/). Tor is a free networking software program
and allows you to use the internet anonymously. Need to log in to that
GMail account you used to contact the press, but you're stuck at work?
Tor can help cover your tracks.
When you log into to Tor you join a network of machines scattered
around the world that pass internet traffic randomly amongst
themselves before it emerges at its destination. The process is
somewhat like a ball bouncing around inside a sealed box. Every now
and then a ball comes out of the box, but it's impossible to tell who
put it in the box to begin with.
The process is called "onion routing," and it was first developed at
the Naval Research Laboratory. Tor uses a layered encryption protocol,
which is where the onionskin analogy comes from. Tor is designed to
defeat one specific type of digital eavesdropping known as traffic
analysis, a form of network surveillance that tracks who is talking to
whom over a public network.
Without Tor, a malicious employer can easily detect any outgoing
traffic announcing your whistleblowing intentions.
Use Encryption
Tor alone isn't enough to hide you from the snoops. To use our earlier
example, if you login to Gmail via Tor and send your whistleblowing
message, the company might not be able to trace where it can from, but
they can read it the minute it leaves Tor.
In other words, anonymity is not the same as security.
It's important to recognize that Tor does not encrypt traffic once it
emerges from the Tor network. Thus, there's the possibility your data
is going to be exposed unless you've bothered to encrypt it.
To learn more about encrypting your e-mail, see the Wired How To Wiki
entry: Keep Your E-mail Private, Secret and Secure.
But if you're collecting whistleblowing data you'll likely want to
encrypt more than just your e-mail.
Lock Down Your Files
Protect those contact lists and secret documents with some hefty
crypto if you don't want to get caught.
Encrypting a file in Windows XP is easy as long as your hard drive is
formatted as NTFS. The FAT32 filesystems doesn't natively support
encryption, but if you're running NTFS, the process is simple. Just
select the files or folder in Windows Explorer, right click and choose
"Properties." In the "Attributes" section at the bottom, click
"Advanced" and check the "encrypt contents to secure data" box. Click
OK twice.
There are a couple of caveats here. First, the encryption is useless
if someone else knows your login password (which is often assigned by
the IT department). Second, if you encrypt a folder, anyone can still
read the file names. They just can't open the files. So, changing the
names to something obfuscated is a good start.
A better option is to use GPG4win, an open source encryption program
for Windows. It encrypts files with a private key, always the
strongest type of file encryption. Again, if anyone else has access to
your account, the security provided is ruined because they will have
access to your GPG key.
If you find yourself in a situation where you can't control access to
your computer, you might consider investing in an encrypted USB thumb
drive, though there could be some record of accessing it on your
computer that leaves you vulnerable.