How to collect and store information in a secure way

From TCU Wiki

Principles for protecting information

Enable multi-factor authentication on any accounts

If you are requiring someone to create an account in order to send you information, make sure that it's possible to protect that account by using multi-factor authentication. Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherent. Without multi-factor authentication, the information is only as protected as the strength of the user's password.

Learn more about two factor authentication here: Protect your accounts using strong passwords, pw managers, 2fa

Use end-to-end encryption for information in motion

When protecting information that is "in motion" (being transferred from one person/device to another), It's a good practice to use a tool that provides end-to-end encryption. End-to-end encryption (E2EE) is a type of information transfer or messaging that keeps the information private from everyone, including the messaging service. When E2EE is used, the information being transferred only appears in decrypted form for the person sending the message and the person receiving the message.

More considerations related to protecting information in motion: https://holistic-security.tacticaltech.org/chapters/explore/2-6-information-in-motion.html

Host sensitive information with a company you trust

Using information

More information:

Tools to collect information

Tella app

Tella is a free app that is available for Android devices and will be available for iOS soon. It can be used by anyone who engages in collecting information on injustices. Tella allows users to produce high-quality documentation that can be used for research, advocacy or transitional justice. Tella can be connected to KoboToolbox, Uwazi, or another database platform to store, organize and analyze the information.

LimeSurvey

LimeSurvey is a simple, quick and anonymous online survey tool. It is open source, allowing people to host LimeSurvey themselves. This self-hosted version is called LimeSurvey Community Edition, and all your data is stored on your or your provider’s server (usually the one where you installed LimeSurvey).

SecureDrop

SecureDrop is an open source whistleblower submission system that media organizations and NGOs can install to securely accept documents from anonymous sources. SecureDrop is available in 22 languages.

Globaleaks

GlobaLeaks is free, open-source software enabling anyone to easily set up and maintain a secure whistleblowing platform. It is possible to host this software with Greenhost.

Tools to store information

Uwazi database to store information

Uwazi is a web-based tool designed for managing your data in one easy-to-search place. This open-source database application allows you to capture, organise and make sense of a set of facts, observations, testimonies, research, documents and more.

Ways to collect and store information

Tella to collect and Uwazi to store information

Organisations who already use Uwazi to store their information, can connect Tella to one or more of their databases to upload data. Using Tella for the information collection enables users who work offline to collect data, add it to the submission forms, save it and upload the information when it is convenient. In addition to the protection and encryption features, working in offline mode is a huge benefit for those who collect information in risky environments and areas with limited or no connectivity. More information: https://huridocs.org/2022/07/the-new-tella-app-lets-uwazi-users-document-violations-safely-and-while-offline/

Other tools

For more tools used for documenting human rights violations, see Tools for securely documenting human rights violations