Protection of whistleblowers' identity and employers' security at SYGNANET
01
ANONYMOUSNESS OF THE SIGNALIST'S CONTACT WITH THE SIGNANET SERVICE:
The whistleblower's contact with the SYGNANET server must be anonymous. From the very beginning of the server's design this was and is our greatest concern. The whistleblower has to remain unknown, in particular to the recipient of the notification as well as any other person, but also to the server and its staff as well as the Internet itself.
Of course, if requested, one may leave the contact details in the notification submitted.
Experts say that it is impossible to hide connection data on the Internet by 100%. If not, they can be made so difficult that it is not profitable to identify them.
The problem is like data encryption. Nobody claims that modern ciphers cannot be broken, but everyone knows that it takes a lot of time, huge resources, and processing power to do so. And that is why they are considered secure.
What do we do to keep you anonymous and safe with us?
01 Using a proxy server to anonymise contacts with SYGNANET
From the technical point of view, the access to the SYGNANET server is provided by the additional communication server (Proxy), which is configured in such a way that, on the one hand, it does not create contact logs (it does not register data about transmissions to it) and, on the other hand, it anonymises data sent to the SYGNANET server (it removes information identifying the sender). Additionally, the proxy is also an intermediary for all our use and test servers, so a transmission to the SYGNANET server is one out of several thousand other transmissions. It is safe to say that retrospectively specifying the desired transmission is like looking for a needle in a haystack.
02 No logs and substitution of the whistleblower's IP number on the SYGNANET server
As with the Proxy, the SYGNANET server is configured so that it does not record data about received and sent transmissions. In addition, for each transmission, the IP number is replaced by a random number so that this element of the sender's device identification is not visible either.
03 No collection of any data from the whistleblower
Submitting a request via SYGNANET server does not require the sender to register with the service or leave any contact details. Below you can read how the problem of return contact was solved.
04 Creation of a notification email to the recipient by the server and not by the whistleblower
A request created in the service with possible documents is transferred to the server and only then an e-mail with this request is created. Mail with a request is sent by SYGNANET server to a person responsible in a company for receiving requests, authorizing himself as a sender and hiding the real sender.
02
SECURE CONTENT OF SIGNALLER'S SUBMISSION:
Encryption of the transmitted notification content (on the whistleblower's computer) with the public key of an established notification recipient.
Encryption of the content of the transmitted message The user of Specfile.pl encryption system established in your company is a user of our system, and as such, has encryption keys generated for him (a pair of keys: public and private). In this way, every message intended only for him, can be encrypted with his public key, and decrypted only by him (with his private key) with the public key of the established recipient of notifications.
This is how we handle the content of your request. This process is not visible to you, but here you can find out that the moment your message is sent to the server, a public key is taken from the recipient of the message, your whole message is encrypted with this key, and in this encrypted form it is sent to the SYGNANET server. In addition, the encryption process is performed on your computer (not on the server's computer!), so no one can read your message except for the designated recipient.
03
SECURE CONTENT OF SIGNALLER'S SUBMISSION:
The SYGNANET service provides a way for the recipient of any request to get back to you, even though you are anonymous to the recipient. The solution is that if the recipient of the request wants to send you a message back, he puts it on the server (in plain text), and the server makes it available to you if you enter the number and password given to your request during its sending.
It is therefore desirable that you periodically check the whistleblower response page on the SYGNANET server. If even the recipient does not give you feedback, the server in the reply shows confirmation that your request was sent and decrypted by the recipient. In this way you can be sure that your report has been forwarded to the recipient.
To summarise:
01 The company's nominated call recipient forwards the feedback to the server and not to the whistleblower
02 This message is marked with an ID and a password that only the whistleblower knows and only the whistleblower can read it from the server
03 The return message also contains an automatic confirmation of the reading (decryption) of the notification by the designated recipient
Also note that on the SYGNANET and Proxy server the whistleblower's access traces to the server are deleted as described earlier.
04
EMPLOYER SECURITY:
By definition, the whistleblowers should be employees of a given company and not members of the public from outside the company. Currently, such an access filter is assigning a given company a dedicated website on SYGNANET server. The company will receive a unique website address, to be used only by the company's employees. The address of this web page must be communicated to all employees of a given company (e.g., by posting it on a publicly available board or sending an e-mail). Only persons who know this address will then forward notifications through the SYGNANET server to the designated recipient in the company.
If we find this solution insufficient, we will additionally introduce the requirement of a fixed password.
The process of registering a company and a designated person to handle whistleblower is also possible remotely but has a few identification safeguards. Registration on the server can be done by a person appointed to handle whistleblowers and his/her e-mail address is checked, but this address must be confirmed by a transfer made from the account of a given company with a subscription fee, i.e., it must be confirmed by a decision-maker from a given company. In addition, this person must register with the encryption service specfile.pl and obtain the encryption keys there.
The recipient's panel is also a record-keeping safeguard for the reports, showing a list of reports from the signalers (of course with the encrypted text of their messages) and the contact history (data about the report being sent to the recipient, decryption of the report by the recipient, reply back).
To summarise:
01 Separate (dedicated) page for notifications to the employer
02 Online identification of the company and the designated person by means of a transfer from the company account
03 Record of occurrence of each notification (with encrypted content)
04 Record of transmission of each notification to the designated recipient
05 Record of acknowledgement of receipt (decryption) of notification by designated recipient
06 Record of return contact