The Western Australian Liberal Party has created a website, www.wawhistleblowers.com, encouraging whistleblowers to report on WA public officers, government ministers and members of parliament.
The site has already been reported to the State Solicitor’s Office for potentially being illegal for encouraging public servants to report wrong doing to the WA Liberal Opposition Leader Mike Nahan instead of reporting to the proper authorities.
Leaving aside the legality of the site and the advice it is giving potential whistleblower, the most serious problem with it is that it has been set up with no attention paid to the anonymity and security of the people using it.
The website uses an email form submission for whistleblowers to use that claims that it is “100% confidential”. This is despite the fact that the form forces the user to put in an email address and suggests that they also give their name.
The site does not force users to access it via the encrypted https address and so anything submitted by the form would be visible to employers and potentially anyone eavesdropping on an unsecured connection. This is a very basic security failing for a web site. This would mean that employers could be watching for anyone accessing the site and recording what they submit, exposing employees to exposure and potentially without the protection of the Public Interest Disclosure Act legislation.
In fact, the site gets an F for security from Mozilla’s Observatory security scanning site. Also problematic is the fact that the site uses Cloudflare which means that users may be accessing a copy of the site hosted anywhere in the world. In other words, information submitted through the form would leave Australia, potentially making it more easily accessible to foreign governments and agencies.
The site also uses a dot com address which is normally reserved for corporations in the US. The site doesn’t explicitly say that it is being run by the WA Liberal Party, it only mentions the WA Liberal Party in passing at the bottom of the page saying “Submissions go to the office of the WA Leader of the Opposition”.
A good example of a whistleblowing site that the WA Opposition Leader could have emulated is the one provided by the Australian Securities & Investment Commission (ASIC). It starts with comprehensive and clearly laid out information that gives anyone sound advice about what they should do if they have concerns about an employer’s conduct. The form on the site to report to ASIC is properly secured and does not ask for identifying information.
The best approach to whistleblowing securely and truly anonymously is that taken by the SecureDrop site. The site uses Tor to provide anonymity and doesn’t record internet addresses or any other information about people accessing the site. The site was originally created by the late Aaron Swartz and now managed by Freedom of the Press Foundation.
Sites like Wikileaks also provide Tor-based submissions.
Scam-enabling
Sites like WA Whistleblowers unfortunately make it much easier for scammers to set up sites that fool people into handing over sensitive and confidential information. There is nothing on the WA Whistleblowers site that links back authoritatively to the WA Liberal Party. The domain name has no legitimacy and nothing on the site indicates an official website.
There would be nothing stopping anyone stopping anyone to set up a site claiming to be the WA Liberal Party and asking for the same information.
It is similar to the way banks in Australia phone customers, say they are from the bank and then ask for dates of birth and passwords. When the companies and organisations we are supposed to trust behave like scammers, it makes scamming that much easier.
Safer whistleblowing
Whistleblowing can be a legitimate way of uncovering corruption and practices that are not in the public interest. Politicians encouraging people to come forward and become whistleblowers owe them the duty of care to protect themselves in doing so and making sure that they stay within the law of the country. Unfortunately, the WA Whistleblowers site doesn’t do that.
The ASIC site gives good advice about what whistleblowers should be aware of in the context of companies. It also stresses the importance of getting legal advice. From a technological perspective, whistleblowers should do the utmost to not give away unnecessary information and to protect themselves . In that regard, avoiding sites like WA Whistleblowers should be avoided .


Iranian Missile Strike on UAE Oil Tankers Kills Indian Crew Member in Strait of Hormuz
Goldman Sachs Says China Competition Weighs More on EU Growth Than Trade Deficit
Venezuela Appoints Felix Plasencia to Lead Foreign Relations and Trade
Reuters/Ipsos Poll: Most Americans Expect U.S.-Iran War to Be Prolonged
Goldman Sachs Raises USD/JPY Forecast, Sees Yen Weakness Persist Through 2027
UN Says Hamas Disrupted Gaza Aid Distribution, Group Denies Allegations
US Inflation Expected to Ease in June, but Fed Rate Hike Risks Persist Amid Middle East Tensions
Gold Surges Past $4150 on Dovish Fed Signals and Weak Jobs Data; Bullish Outlook Prevails
Iraq PM Visits Washington as U.S. Oil, Gas Deals Take Center Stage
Trump to Deliver National Address on Declassified 2020 Election Intelligence
Republican Senator Lindsey Graham Dies at 71, Leaving South Carolina Senate Seat Vacant
Bank of America Upgrades T-Mobile to Buy, Says LEO Satellite Fears Are Overdone
Trump Tells Congress Iran Hostilities Restarted, Citing New 60-Day War Powers Window 



