Junior research fellow at Tallinn University of Technology (TalTech) Keegan McBride blew the whistle – he risked everything when he talked about how his superiors at the university’s Ragnar Nurkse Department of Innovation and Governance embezzled EU funds. Postimees discovered evidence, reached other witnesses and revealed the scheme that led to criminal proceedings, following suspicions of benefit fraud.
McBride got a new job with the university’s software development department immediately before the scandal broke. That should have been the end of it for him.
However, McBride’s new superiors received a “warning” from Henri Schasmin, an information security specialist from the rector’s office, just weeks after the scandal.
“I was told to be cautious of McBride. That here’s a man who’s willing to blow the whistle. And that we should not entrust him with secret and sensitive information,” the institute’s director Jaan Penjam said.
He added that it remained unclear what kind of sensitive information should be kept from McBride. It is the first time Penjam had such a conversation as no warnings have accompanied other employees.
A complaint with the inspectorate
The head of the software development institute does not plan to make a fuss over the incident or treat McBride differently. Penjam only said he would like to believe the IT security specialist came to warn him out of his own stupidity as opposed to being ordered to.
The covert attempt at influencing decisions left the institute baffled. Several employees sent multiple emails to the rector’s office and Schasmin, asking for the reason behind such warnings.
They only received bureaucratic and illegible replies, with a carbon copy sent to the university’s lawyer.
After fruitless correspondence that lasted for weeks, an explanation finally manifested.
The rector’s office wrote that TalTech has notified the Estonian Data Protection Inspectorate (AKI) of the information leak “incident” at its Ragnar Nurkse institute.
“TalTech filed a complaint concerning unauthorized publication of personal data on September 24,” head of PR for AKI Signe Heiberg confirms. However, the spokesperson could not reveal what the complaint concerned.
Heiberg emphasizes that the agency has not instructed the university to warn McBride’s superiors and has nothing to do with this latest incident.
Rather, it is McBride who has reason to turn to AKI over unauthorized publication of his personal information.
TalTech’s website reveals a so-called timeline of the Nurkse scandal that displayed McBride’s personal phone number for some time. While the number was removed from the timeline following complaints, Rector Jaak Aaviksoo’s slide presentation concerning the researcher blowing the whistle that displays McBride’s Estonian and US phone numbers can still be found on the university’s website. TalTech has not asked the research fellow for permission to share his number with the entire world.
Postimees asked the university’s press service why McBride has been subjected to this kind of special treatment but only received a confusing letter that fails to answer questions. The latter merely states that Schasmin is tasked with counseling head of units. Rector Aaviksoo could not be reached over the phone.
“We all know that it is easier just to shoot the messenger than it is to deal with the message,” says Carina Paju, head of Transparency International Estonia.
She explains that when it comes to whistleblowing, organizations should concentrate on hints and not the people who gave them. Just as it is clear whistleblowers should be treated like any other employee after they come forward with information.
“There is no justification for paying too much attention to whistleblowers or divulging their personal data,” Paju explains. She adds that if an institution wants its members to have the courage to talk about problems, unfair treatment of people who bring such information to light is counterproductive.
McBride’s legal counsel, sworn lawyer Paul Keres, agrees that TalTech’s behavior suggests the university refuses to learn from its mistakes.
“A whistleblower coming forward gives an organization the chance to fix and make amends for immoral or illegal activities. If it is interpreted as an attack against the institution instead, it could point to systematic violations,” he says.
“If it turns out that TalTech has criticized Keegan McBride’s actions in its complaint to the data protection watchdog, it means that the university has missed a brilliant opportunity for in-house cleansing and introduction of Western European organizational culture,” the sworn lawyer concluded.
Regulation of whistleblowing is only taking baby steps in Estonia. Spokesperson for AKI Signe Heiberg admits that there are no practical precedents.
Former public prosecutor Steven-Hristo Evestus has criticized the consequences of coming forward based on the TalTech example in a Postimees opinion article.
“Figuratively speaking, it is as if we all live in a giant prison where, by acknowledging problems, one becomes an outlaw who must always be on the run or expect revenge to befall them in a dark alley,” he wrote.
Protection for whistleblowers exists only in the Anti-Corruption Act that prohibits unfair treatment of people who report offenses. Persons who treat whistleblowers differently must prove it has nothing to do with their actions of reporting corruption. Whistleblowers are only protected in corruption cases.
A European Parliament directive to be passed in October will change recent legal uncertainty and bring more level regulation to all member states. The future directive also prescribes punishments for those who treat unfairly persons who report illegal or unethical practices.