Vivian Lin, MJLST Staffer
In July 2022, Twitter’s former head of security, Peiter Zatko, filed a 200+ page complaint with Congress and several federal agencies, disclosing Twitter’s potential major security problems that pose a threat to its users and national security.[1] Though it is still unclear whether these allegations were confirmed, the disclosure drew significant attention because of data privacy implications and calls for whistleblower protection. Whistleblowers play an important role in detecting major issues in corporations and the government. A 2007 survey reported that in private companies, professional auditors were only able to detect 19% of instances of fraud but whistleblowers were able to expose 43% of incidents.[2]In fact, this recent Twitter scandal, along with Facebook’s online safety scandal in 2021[3] and the famous national security scandal disclosed by Edward Snowden, were all revealed by inside whistleblowers. Without these disclosures, the public may never learn of incidents that involve their personal information and security.
An Overview of the U.S. Whistleblower Protection Regulations
Whistleblower laws aim to protect individuals who report illegal or unethical activities in their workplace or government agency. The primary federal law protecting whistleblowers is the Whistleblower Protection Act (WPA), passed in 1989. The WPA provides protections for federal employees who report violations such as gross mismanagement, gross waste of funds, abuse of authority, or dangers to public health or safety.[4]
In addition to the WPA, there are other federal laws that provide industry specific whistleblower protections in private sectors. For example, the Sarbanes-Oxley Act (SOX) was enacted in response to the corporate accounting scandals of the early 2000s. It requires public companies to establish and maintain internal controls to ensure the accuracy of their financial statements. Whistleblowers who report violations of securities law can receive protection against retaliation, including reinstatement, back pay, and special damages. To further encourage more whistleblowers to come forward with potential securities violations, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) in 2010 which provides incentives and additional protections for whistleblowers. The Securities and Exchange Commission (SEC) established its whistleblower protection program under Dodd-Frank to award qualified whistleblowers for their tips that lead to a successful SEC sanction. Finally, the False Claims Act (FCA) allows individuals to file lawsuits on behalf of the government against entities that have committed fraud against the government. Whistleblowers who report fraud under the FCA can receive a percentage of the amount recovered by the government. In general, these laws give protections for whistleblowers in the private corporate setting, providing anti-retaliation protection and incentives for reporting violations.
Concerns Involved in Whistleblowing and Related Laws
While whistleblower laws in the United States provide important protections for individuals who speak out against illegal or unethical activities, there are still risks associated with whistleblowing. Even with the anti-retaliation provisions, whistleblowers still face retaliation from their employer, such as demotion or termination, and may face difficulties finding new employment in their field. For example, a 2011 report indicated that while the percentage of employees who noticed wrongdoings at their workplaces decreased from the 1992 survey, about one-third of those who called out wrongdoings and were identified as whistleblowers experienced retaliation in the form of threats and/or reprisals.[5]
Besides the fear of retaliation, another concern is the low success rate under the WPA when whistleblowers step up to make a claim. A 2015 research analyzed 151 cases where employees sought protection under the WPA and found that 79% of the cases were found in favor of the federal government.[6] Such a low success rate, in addition to potential retaliation, likely discourages employees from disclosing when they identify wrongdoings at their workplace.
A third problem with the current whistleblowing law is that financial incentives do not work as effectively as expected and might negatively impact corporate governance. From the incentives perspective, bounty hunting might actually discourage whistleblowers when not used well. For example, Dodd-Frank provides monetary rewards for people who report financial fraud that will allow the SEC impose a more than $1 million sanction on the violator, but if an employee discovers a wrongdoing that will not lead to a sanction over $1 million, a study shows that the employee will be less likely to report it timely.[7] From a corporate governance perspective, a potential whistleblower might turn to a regulatory agency for the reward rather than reporting it to the company’s internal compliance program, providing the company with the opportunity to do the right thing.[8]
Potential Changes
There are several ways in which the current whistleblower regulations can improve. First, to encourage employees to stand up and identify wrongdoings at the workplace, the SEC’s whistleblower protection program should exclude the $1 million threshold requirement for any potential reward. Those who notice illegal behaviors that might not result in a $1 million sanction should also receive a reward if they report the potential risks.[9] Second, to deter retaliation, compensation for retaliation should be proportionate to the severity of the wrongdoing uncovered.[10] Currently, statutes mostly offer backpay, front pay, reinstatement, etc. as compensation for retaliation, while receiving punitive damages beyond that is rare. This mechanism does not recognize the public interest in retaliation cases—the public benefits from the whistleblower’s act while she risks retaliation. Finally, bounty programs might not be the right approach given that many whistleblowers are motivated more by their own moral calling rather than money. Perhaps a robust system ensuring whistleblower’s reports be thoroughly investigated and building stronger protections from retaliation would work better than bounty programs.
In conclusion, whistleblowers play a crucial role in exposing illegal and unethical activities within organizations and government agencies. While current U.S. whistleblower protection regulations offer some safeguards, there are still shortcomings that may discourage employees from reporting wrongdoings. Improving whistleblower protections against retaliation, expanding rewards to include a wider range of disclosures, and refining the approach to investigations are essential steps to strengthen the system. By ensuring that their disclosures are thoroughly investigated and their lives are not severely impacted, we can encourage more whistleblowers to come forward with useful information which will better protect the public interest and maintain a higher standard of transparency, accountability, and corporate governance in the society.
Notes
[1] Donie O’Sullivan et al., Ex-Twitter Exec Blows The Whistle, Alleging Reckless and Negligent Cybersecurity Policies, CNN (Aug. 24, 2022, 5:59 AM EDT), https://edition.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html.
[2] Kai-D. Bussmann, Economic Crime: People, Culture, and Controls 10 (2007).
[3] Ryan Mac & Cecilia Kang, Whistle-Blower Says Facebook ‘Chooses Profits Over Safety’, N.Y. Times (Oct. 3, 2021), https://www.nytimes.com/2021/10/03/technology/whistle-blower-facebook-frances-haugen.html.
[4] Whistleblower Protection, Office of Inspector General, https://www.oig.dhs.gov/whistleblower-protection#:~:text=The%20Whistleblower%20Protection%20Act%20 (last accessed: Mar. 5, 2023).
[5] U.S. Merit Systems Protection Board, Blowing the Whistle: Barriers to Federal Employees Making Disclosures 27 (2011).
[6] Shelley L. Peffer et al., Whistle Where You Work? The Ineffectiveness of the Federal Whistleblower Protection Act of 1989 and the Promise of the Whistleblower Protection Enhancement Act of 2012, 35 Review of Public Personnel Administration 70 (2015).
[7] Leslie Berger, et al., Hijacking the Moral Imperative: How Financial Incentives Can Discourage Whistleblower Reporting. 36 AUDITING: A Journal of Practice & Theory 1 (2017).
[8] Matt A. Vega, Beyond Incentives: Making Corporate Whistleblowing Moral in the New Era of Dodd- Frank Act “Bounty Hunting”, 45 Conn. L. Rev. 483.
[9] Geoffrey C. Rapp, Mutiny by the Bounties? The Attempt to Reform Wall Street by the New Whistleblower Provisions of the Dodd-Frank Act, 2012 B.Y.U.L. Rev. 73.
[10] David Kwok, The Public Wrong of Whistleblower Retaliation, 96 Hastings L.J. 1225.