Government Tiplines Not Encrypted: Thought Whistleblowers Were Safe? Think Again!

Whistleblowers should perhaps be a little more careful about how they leak information, with over two-dozen U.S. government websites dedicated to anonymous tips reportedly going unencrypted.

Twenty-nine or more websites designed to report online abuse and fraud anonymously don't use encryption, according to a letter sent by the American Civil Liberties Union to U.S. Chief Information Officer Tony Scott.

"At least twenty-nine inspectors general surveyed by the ACLU do not currently use HTTPS to protect sensitive information submitted through their online 'hotlines,'" said the letter. "That these sites do not use HTTPS to protect the submission of sensitive information (and likely never have used it) raises serious questions regarding the technical competence of the respective inspectors general and their ability to adequately protect sensitive information from cyber threats."

Of late, there has been a push for all types of websites to use encryption methods such as SSL/TLS (secure sockets layer/transport security layer). While most websites that handle financial information use these types of encryption, the fact that government websites designed for anonymity do not use them is certainly troubling. This is amplified by the increased concern over hacks and security breaches.

While the government says that it plans to upgrade all these websites to use encryption methods within the next two years, the ACLU suggests that this timeline is not soon enough for many sensitive websites.

"Although we are generally supportive of your proposal, as we describe in greater detail below, we believe that this deadline is not soon enough for some sensitive sites, such as those used by inspectors general, at least twenty-nine of which do not currently use HTTPS to protect reports of waste, fraud or abuse submitted via their internet hotlines," said the letter.

Most reports suggest that the lack of encryption is more of an oversight rather than anything sinister, however, that doesn't take away from the fact that virtually anyone could look into the websites and compromise their security.

In order to reduce the risk of not being anonymous on these websites, users could use software designed to prevent anyone from gathering information about user behavior or location. For example, the Tor project is a Web browser designed specifically for anonymity and should help users remain anonymous, even on these websites. Despite this, several government websites prevent users from being able to use Tor. The letter goes on to suggest that blocking users for using Tor should not be a practice used by the government.

Image: Yuri Samoilov | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics