Silencing the Risk, Not the Whistle: A Semi-automated Text Sanitization Tool for Mitigating the Risk of Whistleblower Re-Identification
Dimitri Staufer, Frank Pallas, Bettina Berendt
TL;DR
This work tackles the risk of re-identification in whistleblower disclosures by introducing a semi-automated text sanitization tool that actively involves the whistleblower in risk assessment. The pipeline combines risk-aware anonymization operations (Generalization, Perturbation, Suppression) with an LLM-based paraphrase layer to produce coherent, style-neutral text, guided by an in-document Level of Concern. Empirical evaluations on IMDb62 for authorship attribution and on European Court of Human Rights cases (TAB) plus real whistleblower excerpts demonstrate substantial risk reduction (e.g., Authorship Attribution accuracy dropping from ~98.8% to ~31.2% with an XL model) while preserving a meaningful portion of semantic content (up to ~73%). The work advances practical, interactive anonymization for high-stakes disclosures and highlights future needs for human-in-the-loop validation, bias mitigation, and awareness tooling to balance protection with utility and legal considerations.
Abstract
Whistleblowing is essential for ensuring transparency and accountability in both public and private sectors. However, (potential) whistleblowers often fear or face retaliation, even when reporting anonymously. The specific content of their disclosures and their distinct writing style may re-identify them as the source. Legal measures, such as the EU WBD, are limited in their scope and effectiveness. Therefore, computational methods to prevent re-identification are important complementary tools for encouraging whistleblowers to come forward. However, current text sanitization tools follow a one-size-fits-all approach and take an overly limited view of anonymity. They aim to mitigate identification risk by replacing typical high-risk words (such as person names and other NE labels) and combinations thereof with placeholders. Such an approach, however, is inadequate for the whistleblowing scenario since it neglects further re-identification potential in textual features, including writing style. Therefore, we propose, implement, and evaluate a novel classification and mitigation strategy for rewriting texts that involves the whistleblower in the assessment of the risk and utility. Our prototypical tool semi-automatically evaluates risk at the word/term level and applies risk-adapted anonymization techniques to produce a grammatically disjointed yet appropriately sanitized text. We then use a LLM that we fine-tuned for paraphrasing to render this text coherent and style-neutral. We evaluate our tool's effectiveness using court cases from the ECHR and excerpts from a real-world whistleblower testimony and measure the protection against authorship attribution (AA) attacks and utility loss statistically using the popular IMDb62 movie reviews dataset. Our method can significantly reduce AA accuracy from 98.81% to 31.22%, while preserving up to 73.1% of the original content's semantics.