Chapter 30 Quiz: Whistleblowing, Dissent, and Organizational Surveillance

Answer all questions. Multiple choice questions have one best answer. Short answer questions should be 2–4 sentences.

Part I: Multiple Choice

1. "Internal whistleblowing" refers to:

a) Reporting wrongdoing to a journalist using internal documents b) Reporting wrongdoing to a supervisor, compliance officer, ethics hotline, or HR department within the organization c) Reporting wrongdoing anonymously through internal company systems d) Using internal company documents as evidence in a court proceeding

2. Data Loss Prevention (DLP) tools create a risk for potential whistleblowers because:

a) They prevent employees from accessing evidence of wrongdoing b) They monitor data transfers in ways that flag the behavior of an employee assembling evidence of wrongdoing — the same behavioral pattern as a malicious data thief c) They delete files that employees attempt to copy d) They specifically identify whistleblowers by monitoring protected activity

3. The False Claims Act's "qui tam" provision:

a) Prohibits all employee disclosures of confidential business information b) Allows private citizens to file suit on behalf of the government for fraud against federal programs, and share in the recovery — while receiving retaliation protection c) Requires all fraud reports to be filed with the EEOC d) Applies only to government employees

4. "Soft retaliation" in the whistleblowing context refers to:

a) Verbal warnings and counseling rather than formal discipline b) Using legitimate organizational tools (performance monitoring, PIPs, task assignment) in targeted ways that harm the whistleblower without creating an obvious causal connection to protected activity c) Demotion without termination d) Retaliation that falls below the legal threshold for actionable harm

5. Under OSHA Section 11(c), the filing window for a retaliation complaint is:

a) 180 days from the retaliatory action b) 30 days from the retaliatory action c) One year from the retaliatory action d) 60 days from the retaliatory action

6. The Sarbanes-Oxley Act (SOX) was primarily enacted in response to:

a) The NSA's mass surveillance programs b) The Enron and WorldCom accounting scandals c) The 2008 financial crisis d) The Facebook data privacy scandals

7. UEBA (User and Entity Behavior Analytics) systems create risks for whistleblowers because:

a) They are specifically designed to detect whistleblowers b) They flag behavioral anomalies — including access patterns, data transfers, and after-hours activity — that characterize both malicious threats and evidence-gathering by potential whistleblowers, without distinguishing between them c) They share data with government agencies automatically d) They prevent employees from accessing their own work files

8. The "three-stage retaliation pattern" documented by organizational researchers involves:

a) Termination, severance negotiation, and legal settlement b) Informal pressure → performance documentation → termination or constructive discharge c) Warning, suspension, and termination d) Demotion, pay cut, and workload increase

9. Under the National Labor Relations Act (NLRA), "concerted activity" is:

a) Only protected for unionized workers b) Protected collective action regarding wages, hours, and working conditions — a right that applies to both unionized and non-unionized workers c) Only protected when directed at union organizing d) Protected only when the activity involves at least five workers

10. The Snowden case's connection to corporate insider threat programs is that:

a) Snowden worked for a corporation before joining the NSA b) The NSA's post-Snowden expansion of insider threat monitoring was adopted as a model by corporations — creating private-sector programs that monitor potential leakers using tools designed for national security contexts c) Corporations helped the NSA identify Snowden d) Corporate data was included in Snowden's disclosures

11. Frances Haugen's disclosures are significant from a surveillance perspective because:

a) She disclosed government surveillance programs b) She compiled thousands of internal Facebook documents before leaving the company — a data transfer that would have been exactly the behavior DLP systems are designed to detect — and disclosed them to Congress and the media after leaving c) She was an NSA contractor who worked with Snowden d) She worked for the SEC and had regulatory authority to access Facebook's documents

12. "Constructive discharge" is legally significant for whistleblowers because:

a) It reduces the severity of termination in legal proceedings b) Courts treat it as equivalent to termination — if working conditions are made so intolerable that a reasonable person would resign, the forced resignation is treated as if the employer had terminated the employee c) It is a defense available to employers accused of retaliation d) It allows employees to claim unemployment insurance after resigning

13. The Dodd-Frank SEC Whistleblower Program requires that awards be paid:

a) Only when the SEC brings criminal charges b) When the SEC collects sanctions exceeding $1 million, with the whistleblower receiving 10–30% of the recovery c) Only when the employer was a publicly traded company d) When the whistleblower's information was not available to the SEC through other means

14. Jordan's decision to store documentation on a personal device rather than a company system is important because:

a) Company systems have lower data quality b) Documentation on personal devices cannot be accessed, deleted, or used as evidence against Jordan by the employer, while documentation on company systems is accessible to the employer and subject to the employer's control c) OSHA only accepts documentation from personal devices d) Company systems automatically delete evidence of wrongdoing

15. The "proportionality principle" in whistleblowing ethics states that:

a) The whistleblower should receive compensation proportional to the harm they experienced b) The seriousness of the public harm at issue should proportionally inform the scope of disclosure — more serious harms justify greater disclosure risks and more disclosure c) Legal penalties for retaliation should be proportional to the retaliation d) Internal and external reporting should be proportionally combined

16. Academic freedom is relevant to the surveillance analysis because:

a) Professors are government employees and therefore subject to FOIA requests b) Universities are institutions that claim specific commitments to academic freedom, creating tension between institutional surveillance (employer monitoring) and the protection of research and expression from administrative interference c) Academic research is exempt from all workplace surveillance d) University email systems are protected from government surveillance

Part II: Short Answer

17. Explain how an employer could use the performance monitoring system described in Chapters 26 and 28 to conduct "soft retaliation" against Jordan for filing an OSHA safety complaint, without technically violating the law. What would Jordan need to show to prove that the subsequent performance actions were retaliatory rather than legitimate?

Your answer:

18. The chapter describes the insider threat industry as conflating security threats with protected whistleblowing activity "by design." What does this mean, and what is the implication for organizations' ability to both protect security and respect workers' legal rights to report wrongdoing?

Your answer:

Answer Key (Instructor Version)

1. b
2. b
3. b
4. b
5. b
6. b
7. b
8. b
9. b
10. b
11. b
12. b
13. b
14. b
15. b
16. b

17. Soft retaliation mechanism: After Jordan's OSHA complaint, Meridian Logistics could (1) apply the performance monitoring system more strictly to Jordan — triggering automated warnings at lower idle-time thresholds or scrutinizing their rate more closely; (2) use the algorithmic assignment system to assign Jordan to more demanding bays, making rate maintenance harder; (3) begin documenting performance "issues" that then support a PIP; (4) eventually terminate Jordan "for performance reasons" citing the documented trail. To prove retaliation, Jordan would need to show: (a) timing — adverse actions followed closely after the protected report; (b) differential treatment — Jordan was monitored or disciplined at different levels than similarly situated coworkers; (c) comparative performance data — Jordan's rate was similar to colleagues who were not disciplined. Getting comparative data is the practical challenge; Jordan typically cannot access other workers' performance records.

18. "Conflated by design" means that the behavioral signals UEBA systems are built to detect — anomalous data access, large file transfers, after-hours activity, communication with external parties — are identical whether the user is stealing data, conducting corporate espionage, or gathering evidence of fraud to report to regulators. The system cannot distinguish these cases and is not designed to. The implication: organizations that deploy UEBA broadly will inevitably flag potential whistleblowers as security anomalies. Whether the flag leads to investigation and suppression (if the organization acts on it against a whistleblower) or is ignored (if the investigation reveals protected activity and is dropped) depends on human decisions downstream. The structure creates the capacity for suppression; human choices determine whether that capacity is exercised. This creates a structural conflict between comprehensive security monitoring and effective legal protection for protected activity.