Why whistleblowers in cybersecurity are important and need support
This article features Government Accountability Project’s Senior Counsel and director of its Democracy Protection Initiative, Dana Gold, and was originally published here.
Security workers who want to come forward about wrongdoings risk retaliation and fear not making a difference. Should society do more to support them?
In August 2022, Twitter’s former head of security, Peiter “Mudge” Zatko, filed an 84-page whistleblower complaint with the US Securities and Exchange Commission in which he claimed the company misled the public on issues like bots and spam, had low security standards, and withheld critical information about breaches from its board, allegations which Twitter denied. As a person who built their life by exposing flaws in software, Mudge claimed he was “ethically bound” to go public, because he felt Twitter neglected to correct these flaws, according to an interview with The Washington Post.
Blowing the whistle was not a decision he made lightly, and many experts who come forward on cybersecurity issues face similar dilemmas. Most of them initially try to voice their concerns internally, only turning to external avenues if they feel they are not heard.
Once a person decides to flag wrongdoings, they are aware they might face severe consequences. The current mechanisms for lawful disclosure “are difficult, [and] they come with a lot of repercussions,” Zatko tells CSO. It is why he believes some...
Images of the Whitegate fuel protests earlier this month were altered to make it appear gardaí were violent towards protesters. The AI-doctored images were shared widely online, including by inter...