December 05, 2019

The Blockchain: A New Whistleblower Protocol

Allison E. Butler

The term “whistleblower” was coined over three decades ago by a New York Times reporter and subsequently adopted by Ralph Nader to describe a Washington, D.C. conference wherein numerous papers were presented on the subject. Today, the whistleblower is a well-known term throughout the world; however, industries face new dilemmas as governmental or internal mandates increase the implementation of whistleblower systems for the reporting of misconduct. With the advancement of technology, there are many options, but it is proposed herein that the blockchain protocol is an innovative solution to this directive, given its broad applications to diverse fields and markets. This article provides an overview of blockchain and its defining attributes and a supportive discourse of the blockchain on usage in a whistleblower programs.

I. What Is the Blockchain?

The blockchain platform is a streamline application or software that brings simplicity by decentralizing access to data through peer-to-peer technology so individuals or entities can view information and communicate directly with each other on a distributed database rather than through a centralized server.[1] Hence, no one entity or person has control over the information contained on the blockchain ledger because each computer on the network or “node” contains a copy of every transaction completed on a particular blockchain. These records, or transactions, are grouped together in a structure referred to as a “block” that is labeled with a hash “to the last block so that any attempt to change a prior block has a cascading effect on each subsequent block.”[2] This procedure precludes change to the content stored on block—often referred to as “immutability.” In addition to these attributes, blockchain provides transparency and computational logic regarding the inputted data.[3] Although there are other characteristics of blockchain technology that are relevant, the essential attributes that would assist in reporting of misconduct are the following:irreversibility, or immutability of data, and the distributed ledger. The former characteristic, “immutable,” means that once the informant reports an impropriety, the data cannot be altered[5]; this attribute is secured by computational logic or algorithms that ensure the integrity of the data. The distributed ledger provides that everyone on the blockchain can see changes to the data as well as the data itself.

II. Public Versus Private Public Blockchain

The term “blockchain” is readily associated with the exchange of cryptocurrencies, e.g., bitcoin, to verify the exchange of currencies;[6] however, it is most likely that users selling or buying cryptocurrencies do not understand that the system backing their activity is on the blockchain. Notably, the cryptocurrency bitcoin, the value which is based on supply and demand in contrast to fiat currency, was first introduced and founded on public blockchain technology. Shortly thereafter, it was noted that the underlying technology of bitcoin could be facilitated for other interorganizational cooperation, and a proliferation of other forms of the blockchain were employed.[7] Although this association is correct, this use is referred to as the “public” blockchain. As the term implies, all members can download the application and exchange cryptocurrency. The most profound feature, and one frequently stressed by proponents of the public blockchain, is that the user on the public blockchain is anonymous. Although it is conceptually valid that users are unknown on a public blockchain, there exist various methods in which identities can be known, including, but not limited to, legal discovery procedures.[8] To verify transactions on a public blockchain, each node on a network reaches a consensus on the validity of each transaction. This validation is performed by certain nodes, or “miners,” who apply various algorithms to verify the transactions. Once the miners reach an agreement, the transaction is recorded on the block chain. In exchange for their computation, miners on public blockchains are given a percentage of cryptocurrency.

In contrast to the public blockchain, there is the “private” blockchain. Specific industries have adopted the “private” blockchain,[9] including clinical research,[10] and more recently several state legislatures have implemented blockchain legislations to record data on a blockchain ledger.[11] Unlike public blockchains, where the identity of users is anonymous, a private blockchain is permissible, and only individuals invited on the network have access to the information, but the security and immutability of data still applies. The performance of the miners is provided through permissible access to the blockchain. Hence, both public and private serve as an ideal platform for implementation for a whistleblower program based on the needs of the entity.

III. Online Reporting

Over half of the world’s population is active internet users, with a large percentage of that number from China, India, and the United States.[12] These numbers suggest that a viable way for a company or industry to self-monitor themselves, whether required by law or for internal practices, is to facilitate an online informant program. The use of the internet for said purposes is not new in that numerous governmental agencies have developed online tools for reporting of misconduct. The Security Exchange Commission’s Tips, Complaints, and Referrals Intake and Resolution System (TCR System)[13] serves as an online recipient of all tips and complaints received by the Security Exchange Commission (Commission) and intakes referrals from self-regulatory organizations and other government agencies.[14] Although the Commission has reported an “upward trajectory” in reporting corporate misconduct, it is conclusive that the Commission has annotated that the reporting online is more effective and efficient as the tipper gets an automated response and the inputted information is populated among the staff, and after that distributed according to Commission protocol.[15] The European Commission Anonymous Whistleblower Tool to uncover cartels and other anticompetitive practice[16] and the U.S. Department of Labor’s Occupational Safety and Health Administration Online Whistleblower Protection Program[17] are other programs that have adopted an online reporting system. Although the protocol used for these programs varies, the blockchain platform is an affordable and efficient method, particularly for the private sector.[18]

IV. Whistleblowing Program Based on the Blockchain

The internal development of a whistleblower program as suggested by this article is a private blockchain with the primary establishment of the program itself at the business. It is essential that individuals are made aware of the program and of the reporting protocol. Once the informant is linked onto the protocol, entry of the data is recorded on the blockchain. At this juncture, the option of anonymous reporting can be implemented into the program by a variate in the system. The first block on the block chain is referred to as the genesis block. Once an informant reports information, the data entered cannot be deleted or changed due to the immutability capabilities of the program, and the information can be reviewed by those having access to the private blockchain, including the informant. The blockchain would also be an ideal mechanism for the fulfillment of recording mandates. As a business investigates a complaint, it can invite more people onto the network to partake in the investigation. See Illustration A.

V. Conclusion

The increase of compliance, whether it is medical research misconduct or internal business fraud, warrants exploration of innovative methods to address and resolve these matters. The blockchain protocol is a new mechanism to address these issues while providing transparency in its application. Although the platform does have flaws, given that no technology is without one, when properly implemented with other resources, the blockchain is a valuable source for regulatory issues and should be explored by entities seeking to achieve this outcome.

[1] Marco Iansiti & Karim R. Lakhani, The Truth About Blockchain, Harvard Bus. Rev. (Jan.–Feb. 2017); see also Scott D. Hughes, Cryptocurrency Regulations and Enforcement in the U.S., 45 W. St. L. Rev. 1 (Fall 2017).

[2] Shawn S. Amuial, Josias N. Dewey & Jeffrrey R. Seul, The Blockchain: A Guide for Legal and Business Professionals (Thomas Reuters 2016).

[3] Iansiti & Lakhani, supra note 1.

[4] Iansiti & Lakhani, supra note 1.

[5] While the blockchain provides a high degree of protection, no system is fully guaranteed.

[6] Iansiti & Lakhani, supra note 1.

[7] Vinay Gupta, A History of the Blockchain, Harvard Bus. Rev., Feb, 28, 2017; see also, for further information.

[8] Notably, a federal court judge in 2016 ordered San Francisco-based Coinbase to comply with a summons that requires it to identify 14,355 accounts, which have accounted for nearly 9 million transactions.

[9] See also IBM website discussion on new commercial uses for blockchain ranging from health care to tracking of commercial shipments.

[10] Uti Tokoni, IBM Partners with Boehringer Ingelheim to Leverage Blockchain Technology for Clinical Testing, BTC Manager, Feb. 14, 2019.

[11] See generally, National Conference of State Legislatures summary of states that have adopted legislation regarding data preservation on the blockchain.

[12] J. Clement, Global Digital Population as of April 2019 (in millions),

[13] U.S. Securities and Exchange Commission, Office of the Whistleblower; see also, Sarbanes–Oxley Act of 2002, Pub. L. No. 107–204, 116 Stat. 745 (July 30, 2002).

[14] Id.

[15] U.S. Securities and Exchange Commission, 2018 Annual Report to Congress Whistleblower Program, at 7 and 20.

[16] See also Treaty on the Functioning of the European Union and other related laws.

[17] U.S. Department of Labor’s Occupational Safety and Health Administration Online Whistleblower Protection Program; Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010).

[18] See, supra note 6, as to access and development of programs.

Allison E. Butler, JD has been a practitioner since 1991 and is a member of the State Bar of California and Florida. She has served as in-house counsel for numerous business entities throughout the United States during the past 28 years and has authored several articles and publications, including A Practical Guide to the CISG: Negotiations Through Litigation and co-authored the International Contract Manual. In addition to her practice, she currently teaches and performs research in Southern California and is the recipient of various grants and honors including a Fulbright Scholar Grantee. This article is associated with a research grant awarded by CSULB.