Menu
In this guide, Matt Mitchell and the experts of Elite Strategy Global cover a range of information and physical security concerns that all tech workers should be aware of — whether or not they ever consider whistleblowing.
If you would like to contribute to this guide, please reach out to [email protected]. Everything included in this Handbook can be reposted and repurposed freely with proper attribution (CC BY-SA 4.0).
information security
Digital, electronic, and counter-surveillance tips for workers.
All companies track workers. This may occur passively or actively but behaviors are logged in some way, often electronically. This surveillance of workers has been true for generations and is part of the long history of work. Some workplace surveillance is high tech and may make use of keyword detection, algorithms, and artificial intelligence. Some elements of it are very human. The corporation you work for has its own investigative and information-gathering capabilities that can be turned against you as a worker. This may happen when a claim is made to human resources, management, or to the press. This also can happen for seemingly no reason at all; an apparatus can be put into effect that can have a powerful impact on the outcome — and on your life. Oftentimes your best ally is preparation and knowing what to do in the event you need to report something. While it may feel too late because you didn’t take preventative steps in the past, there are always helpful actions that can be made or taken. This guide covers the simple and complex steps you can take. At the end of the day, you are in charge of your personal privacy and safety.
This guide is designed to walk you through steps to take at three points in your career. The first is for workers who are new to a job or have yet to witness and report any incidents. In your employee work or consulting agreement there is often language detailing who owns the data you create for work, as well as the data around that data: things like phone logs, emails written from work devices, even what you printed, where and when you printed it, etc. Oftentimes workers are signing an agreement to be investigated, monitored, and spied on. While the tactics, techniques, and procedures used by these teams have a legitimate purpose, the tools and resources are easily misused and abused. Sometimes this takes the form of special technology nicknamed “productivity metrics,” “productivity tracking,” or, more aptly, “tattleware” or “bossware.”
The purpose of this guide is to cover an array of digital, electronic, and counter-surveillance tips that can provide hope, clarity, and some digital safety skills to workers. Consider them your umbrella for a rainy day that hopefully never comes. The global COVID-19 pandemic has ushered in increased employee tracking and monitoring tools in the name of public safety and staff health. The guide touches on considerations when dealing with these concerns.
Note: The views expressed in this guide are the author’s alone, and are not those of his employers.
matt mitchell
Matt Mitchell is a hacker and security researcher. Matt was recently awarded a 2021 PIONEER Award by the Electronic Frontier Foundation. Matt was listed as a WIRED magazine WIRED25 and a Human of The Year by VICE Motherboard. Matt is the founder of Cryptoharlem, a nonprofit anti surveillance, cybersecurity education & advocacy group.
PHYSICAL SECURITY
While whistleblowers are protected by law from retaliation for disclosing information, research has revealed that some whistleblowers face personal threats and danger. The potential for whistleblowers to be targets of physical harm is serious. This physical harm can take the form of threats, bullying, or harassment, or it could reveal itself in many other non-accidental manifestations.
Addressing personal physical security risks and threats demand a competitive, yet easily implemented, strategy. The strategy in this guide requires stakeholders to respond appropriately to the risks each might face.
Please note that there is no single action or plan that can address all threats; however, the following escalation plan can be used as a guide to help manage incidents and provide situational awareness. These and other factors will help raise awareness among whistleblower employees and encourage them to report incidents to the appropriate manager or security professional.
The purpose of this section is to provide guidance and planning for the escalation of physical security threats that could jeopardize the safety and/or security of whistleblower employees. This document will address potential threats and identify best practices for escalation and/or mitigation.
The information contained in this document is provided for informational purposes only and should NOT be construed as legal advice on any subject matter. You should not act or refrain from acting on the basis of any content included in this document without seeking legal and/or other professional advice.
While a subject matter expert authored the below escalation procedures, they derive from a law enforcement and certified EEO counselor perspective. It should be noted that the information provided forthwith is provided for informational purposes.
This guide has been designed to assist whistleblowers with direction and appropriate choices to ensure their safety and security before, during, and after the whistleblowing process. Users of this guide should be able to find appropriate escalation and/or response actions to assist with a number of challenges and situations.
This guide was developed particularly to provide whistleblowers with the information to act decisively, consistently, and legally. It is also the hope of this author that this guide will promote confidence and warrant professional conduct when dealing with situations that could be both frustrating and intimidating.
This guide is organized and categorized for ease of use from worst-case situations to circumstances that could happen but will not cause bodily harm or injury. Essentially, the whistleblower will be able to find feasible solutions to a gamut of topics and incidents as outlined below.
DIONE “DEE” NEELY
Dee Neely is on the board of Elite Strategy Global where she serves as the Chief Security Strategist. She is also currently an instructor for the Center for Homeland Defense and Security (CHDS) Emergence Program, where she instructs security and public safety professionals in the early stages of their careers.
With over 30 years of government security and law enforcement experience, she provides personal security protection strategies and physical perimeter security protection strategies through personalized risk and vulnerability assessments. She served over 28 years with the United States Secret Service in a variety of roles across several divisions for both the Executive and Legislative branches.
Statement of transparency
This entire project is worthless if the tech workers who come to it cannot trust where the information is from, who is behind its creation, and who manages the site. For that reason, I have identified every organization and individual who has been instrumental in its development.
The time and resources required to put together the Handbook were funded by Omidyar Network. This is a wholly independent project owned and managed by me. No identifying data will ever be collected or shared about who accesses this site — with anyone. That said, I do NOT advise accessing this from a company device. Your employer can, and will likely, track visits to a resource like this Handbook.
You can find a list of the data WordPress automatically collects about site visits here.
— Ifeoma Ozoma, Founder of Earthseed, Creator of the Tech Worker Handbook