How to collect and store information in a secure way
Principles for protecting information
Enable multi-factor authentication on any accounts
If you are requiring someone to create an account in order to send you information, make sure that it's possible to protect that account by using multi-factor authentication. Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherent. Without multi-factor authentication, the information is only as protected as the strength of the user's password.
Learn more about two factor authentication here: Protect your accounts using strong passwords, pw managers, 2fa
Use end-to-end encryption for information in motion
When protecting information that is "in motion" (being transferred from one person/device to another), It's a good practice to use a tool that provides end-to-end encryption. End-to-end encryption (E2EE) is a type of information transfer or messaging that keeps the information private from everyone, including the messaging service. When E2EE is used, the information being transferred only appears in decrypted form for the person sending the message and the person receiving the message.
More considerations related to protecting information in motion: https://holistic-security.tacticaltech.org/chapters/explore/2-6-information-in-motion.html
Host sensitive information with a company you trust
For things that are extremely sensitive and you don't need to actually need to use it (analyze it) or share it, you can always lock it away in an encrypted folder (using VeraCrypt) on any server. But for information that you want to organize, understand, analyze, use and share, you will want it more accessible than having it in an encrypted folder. For these cases, you will want to host your information with a company that you trust.
Tools to collect information
Tella app
Tella is a free app that is available for Android devices and will be available for iOS soon. It can be used by anyone who engages in collecting information on injustices. Tella allows users to produce high-quality documentation that can be used for research, advocacy or transitional justice. Tella can be connected to KoboToolbox, Uwazi, or another database platform to store, organize and analyze the information.
LimeSurvey
LimeSurvey is a simple, quick and anonymous online survey tool. It is open source, allowing people to host LimeSurvey themselves. This self-hosted version is called LimeSurvey Community Edition, and all your data is stored on your or your provider’s server (usually the one where you installed LimeSurvey).
SecureDrop
SecureDrop is an open source whistleblower submission system that media organizations and NGOs can install to securely accept documents from anonymous sources. SecureDrop is available in 22 languages.
Globaleaks
GlobaLeaks is free, open-source software enabling anyone to easily set up and maintain a secure whistleblowing platform. It is possible to host this software with Greenhost.
🧅 OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.
Tools to store information
Uwazi database to store information
Uwazi is a web-based tool designed for managing your data in one easy-to-search place. This open-source database application allows you to capture, organise and make sense of a set of facts, observations, testimonies, research, documents and more.
NextCloud
Nextcloud Hub is the industry-leading, fully open-source, on-premises content collaboration platform. Teams access, share and edit their documents, chat and participate in video calls and manage their mail and calendar and projects across mobile, desktop and web interfaces. It is hosted and managed by Greenhost and other web hosting companies.
Ways to collect and store information
Tella to collect and Uwazi to store information
Organisations who already use Uwazi to store their information, can connect Tella to one or more of their databases to upload data. Using Tella for the information collection enables users who work offline to collect data, add it to the submission forms, save it and upload the information when it is convenient. In addition to the protection and encryption features, working in offline mode is a huge benefit for those who collect information in risky environments and areas with limited or no connectivity. More information: https://huridocs.org/2022/07/the-new-tella-app-lets-uwazi-users-document-violations-safely-and-while-offline/
Other tools
For more tools used for documenting human rights violations, see Tools for securely documenting human rights violations