In the United States, people have the right to file whistleblower lawsuits against companies defrauding the government, and if they win those lawsuits they can receive significant settlements or jury verdicts. A recent example was seen in a False Claims Act lawsuit filed by an employee of a Danish distribution partner of the software company Cisco, who found that the software giant was knowingly selling vulnerable security software to the government. Cisco settled with the whistleblower for nearly $9 million.
The case began when whistleblower James Glenn discovered that Cisco’s centralized video surveillance system known as Video Surveillance Manager had bugs that left users open to unauthorized access and manipulation of vital information. The equipment was being sold to federal, state and local government agencies.
Whistleblower’s Warnings of Faults in Cisco’s System Were Ignored
Mr. Glenn did not intend to become a whistleblower. Instead, when he realized that the software had “critical security vulnerabilities,” he approached Cisco, writing detailed reports that explained the flaws. He was particularly alarmed because the system was being relied upon by agencies such as the Secret Service, the Department of Homeland Security, the Army, Navy, Air Force, and Marine Corps, and the Federal Emergency Management Agency. His reports explained that all it took was a “moderate grasp of network security” for a hacker to gain access, bypass security systems and gain administrative access to government agency networks. Cisco’s response to his warnings was to continue to sell the software with no fixes of the bug, so Glenn filed a lawsuit under the False Claims Act. Cisco agreed to settle the case rather than defend its actions.
Speaking of the resolution of the case, Glenn said, “The tech industry needs to fulfill its professional responsibility to protect the public from their products and services. There’s a culture that tends to prioritize profit and reputation over doing what’s right. I hope coming forward with my experience causes others in the tech community to think about their ethical mandate.”