By now you’ve heard that Thunderf00t exploited a security vulnerability [details and logs now available] to continue to receive confidential FreethoughtBlogs business emails after he was removed from the network and from the mailing list. If you haven’t already, you should read Natalie’s post covering the personal dangers to some of the members of our list and Zinnia’s on the importance of privacy.
I’m not particularly vulnerable here. Anything I can think of that Thunderf00t could try to hurt me with would either have to be taken badly out of context or is something I’ve already taken knocks for. No real surprises coming. What few secrets I have, I don’t commit to a general list, even of colleagues I trust and enjoy working with. I’m more wary by nature than that, even when it’s limiting.
You’ll hear from others of those colleagues, though, about the fact that prying into that list does leave them vulnerable. They’ve come to our list with problems they wanted perspective on, or personal joys and frustrations, or really awful ideas they threw out to see whether they could be improved or how badly they’d be shot down. They’ve been candid rather than politically astute when someone needed to know the lay of the land. They’ve discussed information it was later decided should stay private. They’ve used the list as scratch space, as a working group does. Again, no real surprises.
That was what Thunderf00t claimed access to under false pretenses. That was what he received, very quietly, knowing that was not what we wanted or expected. Some people will claim that releasing that information would make him a whistleblower. Thunderf00t is making a version of that claim himself, though not using the word.
In order to sort out the truth for yourself, you need to know what a whistleblower is.
Whistleblowing can be defined in a number of ways. In its simplest form, whistleblowing involves the act of reporting wrongdoing within an organization to internal or external parties. Internal whistleblowing entails reporting the information to a source within the organization. External whistleblowing occurs when the whistleblower takes the information outside the organization, such as to the media or regulators. Establishment of a clear and specific definition of whistleblowing itself should be a fundamental component of every whistleblower policy.
Whistleblowers have garnered attention recently due to the worldwide media exposure of recent accounting scandals. In 2002, Time magazine named whistleblowers Cynthia Cooper of WorldCom, Sherron Watkins of Enron, and Coleen Rowley of the FBI as its “Persons of the Year.” While the first two individuals are well known and involve financial scandals, Rowley’s whistleblowing was a noncorporate case but with very serious ramifications involving lapses in the intelligence community in the weeks prior to the September 11, 2001, terrorist attacks.
That comes from an accounting perspective, but of course, there is more to whistleblowing.
A whistleblower is someone who discloses or tries to disclose information that may show a violation of law, economic waste, gross misconduct, gross incompetence, or gross inefficiency.
You can blow the whistle on the commission of unlawful acts such as corruption, bribery, theft or misuse of […] property, fraudulent claims, fraud, coercion, willful omission to perform duty; or economic waste; or gross misconduct, gross incompetence or gross inefficiency; or any condition that may significantly threaten the health or safety of employees or the public.
As you can see from the above, whistleblowers do a remarkable amount of good. They do that by reporting “wrongdoing” or “misconduct”. They don’t go around disclosing people’s secret identities (unless that’s required to establish something like conflict of interest), though Thunderf00t has been inconsistent on his position on that. They don’t spread gossip, saying, “Ooooh. Do you know who was talking about you?” or, “Look, so-and-so doesn’t like you very much.” They don’t report the situations in which wiser heads prevailed, only those where they don’t.
Those things would not be whistleblowing. They would be stirring the pot. They would be causing damage where there is no actual wrongdoing. That’s not what whistleblowers do. That’s not what motivates them. According to the 2011 National Business Ethics Survey supplemental report on whistleblowing, whistleblowers generally attempt to minimize damage to the organization they report about.
Employees do consider reporting misconduct outside the company, but it is rarely their first preference. In 2011, fewer than one in five reporters (18 percent) chose to tell someone outside their company, either initially or in a secondary report. Only three percent of reports were made externally at first, but of the secondary reports almost four times as many were made to someone outside (11 percent).
Whistleblowers also care about the magnitude of the “crime” in question. If it’s small, they don’t report externally. They don’t say, “Hey, did you see what somebody said about you to their friends?” or tell people when and why someone was having a bad day.
Those are all the things Thunderf00t can do with the information he was so anxious to procure. He can put some people, and maybe some relationships, at risk. If he could have done more, who thinks he wouldn’t have already? Doing that doesn’t make him a whistleblower. It just makes him a gossip trying to claim the high ground.
Admittedly, that’s a slight improvement over “obsessive spy”, but only slight (and it doesn’t change the obsessive spying). A whistleblower it ain’t.