PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Many Government Tiplines Not Encrypted

Stephanie Mlot
 & Stephanie Mlot Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

If you had plans to anonymously turn over sensitive data to the feds, you might want to think twice.

That hot tip you're sending in could be snaking its way through an unencrypted network, according to the American Civil Liberties Union (ACLU).

In a letter submitted to the White House, the group alerted U.S. Chief Information Officer Tony Scott to "dozens" of inspectors general (including those at the Departments of Justice and Homeland Security) who do not protect online whistleblower complaints.

The letter was written in response to Scott's recent proposal for an HTTPS-only standard, which would require all public federal sites and services to use the secure protocol.

"Although we are generally supporting of your proposal, we believe that this [two-year timeline] is not soon enough for some sensitive sites," ACLU director Michael Macleod-Ball and principal technologist Christopher Soghoian wrote.

At least 29 inspectors general reportedly do not currently use HTTPS to protect online disclosures of waste, fraud, or abuse. That includes the Departments of Agriculture and Treasury, the Consumer Product Safety Commission, the Corporation for Public Broadcasting, the U.S. International Trade Commission, the National Archives, and the Smithsonian. Not to mention the State Department's "Rewards for Justice" online terrorism tip line.

The danger, according to the ACLU, lies in the transmission of information. When someone visits one of these official sites to file a report, their tip could be intercepted, putting not only the whistleblower's identity at risk, but also the confidentiality of their intelligence.

"HTTPS does a lot more than protect the submission of sensitive information," the letter said, citing major tech players like Google, Facebook, Yahoo, and Twitter, all of which protect their sites with HTTPS by default.

Scott's HTTPS-only standard could go a long way to making the Internet safer, for informers and everyone else surfing the net. But the ACLU doesn't think the government should stop there.

"While HTTPS by default is a great first step, agencies should be employing other encryption best practices, too," firm said, suggesting similar technology like STARTTLS, which is already widely employed in the private sector.

According to The Washington Post, Justice Department Inspector General Michael E. Horowitz, who heads the council that oversees inspectors generals, said he will discuss encryption with his fellow IGs. "I want to make sure that whistleblowers or anybody who comes forward to us has their information protected," he told the paper.

About Our Expert

Stephanie Mlot

Stephanie Mlot

Contributor

My Experience

  • B.A. in Journalism & Public Relations with minor in Communications Media from Indiana University of Pennsylvania (IUP)
  • Reporter at The Frederick News-Post (2008-2012)
  • Reporter for PCMag and Geek.com (RIP) (2012-present)

My Areas of Expertise

  • Science & Space
  • Video Streaming Services
  • Social Media
  • Cars & Auto
  • Education

The Tech I Use

  • iPhone 12 Pro
  • MacBook Air (hooked up to a 23-inch Dell monitor)
  • Google Chrome
  • Google Drive
  • Soundcore Life P3 earbuds
  • Various Amazon Echo devices

Read the latest from Stephanie Mlot

Read full bio