Whistleblowers beware: At least 29 US government agencies’ websites that allow the online reporting of abuse, waste, and fraud are not encrypted with HTTPS, according to a survey by the American Civil Liberties Union unveiled Thursday. “When individuals use these official whistleblowing channels to report waste, fraud, or abuse, the information they submit is transmitted insecurely over the Internet, where it can be intercepted by others.
This not only puts the identity of whistleblowers at risk, but also the confidentiality of the information they provide to inspectors general,” the rights group said in a letter to Tony Scott, chief information officer for the Office of Management & Budget.
The affected agencies range from the Department of Agriculture and the General Services Administration to the Department of Homeland Security and the Department of Treasury. The ACLU added in its letter: That these sites do not use HTTPS to protect the submission of sensitive information (and likely have never used it) raises serious questions regarding the technical competence of the respective inspectors general and their ability to adequately protect sensitive information from cyber threats.