RightsCon Toronto 2018

We aim this session to start a conversation that is missing among many of the people who have set up anonymous online whistleblowing platforms to receive leaks: how can we verify leaks received? The issues we will discuss are the following:
- How can one make sure that the leak received is legitimate instead of an attempt from 'enemies' to discredit the work of the organization?
- How can we detect 'enemies' potential traps who may upload wrong information in the hope that we will use that wrong information or publish it, and then report the error to the media?
- How to verify and check the accuracy of the information that is provided as a leak?
- How can we ensure that the informant, who generally wants to keep his or her anonymity for valid reasons, does not have malicious intentions?
- How does one filter out the irrelevant, false or insufficient information from a leak?
- Is there software or are there tools that help one process the information from a leak?

We invite to this discussion all people with experience in the implementation and use of whistleblower submission portals and with the knowledge and capacity necessary to analyze leaks, such as software developers, activists, academics and journalists. We welcome them to share tips and relate their experiences:
- People representing non-profit organizations and other activists who have experience in receiving sensitive information from informants, plaintiffs, witnesses, and other persons in a similar role, and of analyzing leaks and being in contact with informants.
- Software developers who have experience building a whistleblowing platform like SecureDrop and GlobaLeaks;
- Journalists and news media organizations who receive information from informants using a whistleblowing portal and have the experience in dealing with leaks and informants; and
- Academics who have experience in compiling information about data breaches in the private sector, especially the ones who have had experience with information received through whistleblower submission portals.

As a goal of this session, we aim at fostering the creation of a working group that would work on improving a methodology that would be useful for all people responsible for receiving leaks and administering an online whistleblowing platform.

Structure of the session:

1. We will first introduce the audience to the whistleblowing portal that we have established earlier this year, one which aim is to receive leaks about data breaches that companies have not notified to the people affected by them.
2. Then we will share the experience that we have developed analyzing leaks and making sure they are valid ones and other implementation challenges.
3. More importantly, we will invite some of the people going to RightsCon who have experience and knowledge about such platforms to share their own story and the methodology they have developed to filter out legitimate leaks from illegitimate ones and verify information.