Intro

OpenWhistleblowing is a free whistleblowing software to deploy digital whistleblowing initiatives with advanced features specifically designed for professional users.

With the growing needs of whistleblowing professionals implementing compliance procedures for anti corruption, food safety, financial market regulation, fraud prevention and environmental monitoring, the Hermes Center of Transparency and Digital Human Rights released OpenWhistleblowing as a safe, fully featured, free and public domain technology alternative to commercial software and services.

OpenWhistleblowing is entirely built as a free software with the AGPLv3 license; this offer complete freedom of use, modification, copy and redistribution to anyone inspired by the social commitment to use technology to improve transparency in our society.

Implementing integrity and ethics digital reporting hotlines can be made easy and efficient thanks to OpenWhistleblowing unique features and approach.


Features

The key functional features of OpenWhistleblowing are the following:

  • Increased Information Quality
    Digital whistleblowing provides an unprecedented opportunity to qualify information being reported with questionnaires presented to whistleblowers guiding them through a detailed set of questions that catch structured data instead of the usual long written stories.
    Having well structured questionnaires reduces noise and false claims; increases the actionability of whistleblower submission; improves the efficiency of the whistleblowing reporting procedure and this is where most of the effort of OpenWhistleblowing goes.
  • Powerful Questionnaire Builder
    Questionnaires can be created and modified at any time through a simple graphic interface, without any technical skills, enabling the analyst to fine tune it over time;
    Questions can be configured as mandatory or not; each of them can have a description, help hints and can be grouped with other questions to form a compound question;
    Questions can be aligned horizontally or vertically and could be made of many different information types (select-box, check-box, text-box, etc);
    All text area can be have a minimum and maximum amount of characters to let the whistleblower focus on providing a simple summary and extended descriptions and giving analysts the opportunity to quickly look at submissions;
    Custom specialized information elements are being added with every new release, to improve the analysis capabilities and cross-correlation of data.
  • Rich Questionnaires Database
    OpenWhistleblowing provides by default multiple ready-made questionnaires proven to be well tested by our end-users and specifically design for certain use cases, such as anti-corruption.
  • Customable Case Query
    OpenWhistleblowing enable the configuration of custom view of cases with dynamic sorting and query of all data to facilitate operations of analysis and prioritization of handling.
    Every question could become selectors in the case view with its own columns, operating as a selector for data query and visualization.
  • Whistleblower Identity
    whistleblowers are always given the ability to declare their identity at submission time or stay anonymous with the options to disclose it at a later stage when a his case starts being handled, following a bi-directional chat communication.
    The identity inquiry can be fine tuned to suit most use cases;
    - It can be enabled/disabled;
    - The question "do you want to tell us who you are?" can be default checked as yes or no, to provide opt-in/opt-out options;
    - Warning dialogs while switching between opt-in to opt-out or vice-versa can be customized).
  • Bi-Directional Anonymous Communication
    In the non-digital Whistleblowing world, anonymous reporting used to be uni-directional form of communication with letter drop-off, without ability to communicate with the anonymous whistleblower.
    With OpenWhistleblowing it is possible to keep a bi-directional communication channel with an integrated chat system, even when the Whistleblower decided to stay anonymous, giving the analyst the possibility to establish a relationship and understand the reported case.
    Usually anonymous whistleblowers decide to disclose their identity once they can trust that the sent material report is being taken care, establishing a relationship with analysts through the anonymous chat system. That is often a useful step to provide whistleblowers the legal protection they deserve by law in specific countries.
  • Segregation of Whistleblower Identity
    To further strengthen the whistleblower identity protection, OpenWhistleblowing provides the ability to safeguard the access to the identity information by enforcing an authorization procedure.
    Whenever the feature is enabled and whistleblower provides their identity, all the identity information are not directly accessible by the analysts together inside the case, but a motivated authorization request must be requested to a custodian user.
    The custodian of identities, while not being able to see the identity data, can authorize or deny requests by receivers to access the identity of a specific report to a specific analyst; in case the request is denied the custodian should mandatory fill a motivation.
    This organizational security process ensure that the whistleblowers identity information is disclosed only if strictly needed and when valid motivated requests are provided.
  • Multi Context
    It's possible to setup on OpenWhistleblowing multiple contexts, representing individual questionnaires with a specific set of recipients.
    Thanks to this feature is possible to use a single technical infrastructure to receive submissions for multiple different internal departments or multiple compliance procedures or even multiple different organizations (e.g.,: owned companies).
  • Integration with existing IT systems
    OpenWhistleblowing can be run as an independent web portal or can be quickly and easily integrated in an existing one; the system implement a feature called Integrated Mode that let you include specific questionnaires and whistleblower login form in any existing web page.
    Thanks to this feature it is easy to integrate OpenWhistleblowing with an existing intranet or extranet portal or directly into the public website of the end-user organization.
  • Easy IT Provisioning
    The software is fully supported under Linux Ubuntu Long Term Support (LTS) operating system and its standard packaging system so that update and upgrades are easy to be managed without having to deal with complicated build/compilation procedures.
  • Opensource Technology
    OpenWhistleblowing is entirely opensource without a single line of software code being proprietary; the entire project focuses on improving ethics and integrity reporting as part of its social mission.
    Based on the existing GL software framework, OpenWhistleblowing is made up of two major components that only use stable and business supported technologies:
    - A server component developed in Python programming language with Twisted framework;
    - A client component developed in Javascript programming language with AngularJS (made by Google) and Bootstrap (made by Twitter) frameworks.
  • Built-in Accessibility
    OpenWhistleblowing do implement user interface that are compliant with accessibility in mindi for equal access by those who are blind or visually impaired.
    The software comply and leverage the WAI-ARIA (Web Accessibility Initiative - Accessible Rich Internet Applications) standard to increase the accessibility of web pages, in particular, dynamic content and user interface components developed with Ajax, HTML, JavaScript.
  • High Software Quality
    The software feature a comprehensive set of automated quality testing procedures and methodologies that scan, monitor and report errors, mistakes, inefficiencies or coding style problems at each single modification of the code base.
  • Internationalized and Multi Language
    The OpenWhistleblowing software is localized in more than 20 languages with advanced localization support for data-formats, right-to-left (e.g.: arabic) and other advanced internationalization features. Single or multiple languages can be activated at any time from the web administration panel.
  • Independently Security Tested
    OpenWhistleblowing is subject to periodic independent security audits by penetration testing companies hired by our end-users.
    We endorse a radical transparency for all penetration testing reports, publishing in full format, addressing each possible vulnerability or area of improvement so that also end-users can check it out.
  • Advanced Security Features
    Most of the commercial Whistleblowing product and services does not provide the advanced security features that OpenWhistleblowing do provide, because it has been developed first for uses by Human Rights Defenders and Investigative Journalists in life-threatening scenario.
  • Stored Data Encryption
    The confidentiality of reports by Whistleblowers can be extremely relevant, so OpenWhistleblowing make it sure that all sensible data stored in the database are properly encrypted and made it available only to authorized users. The encryption and decryption of data happens directly into the web browser of the users, so that data never touch the servers in a readable/accessible format. That way not even the IT department, that could be subject to a conflict of interest in the Whistleblowing procedures, could know what's going on.
    The encryption and decryption of data happens directly into the web browser of the users, so that data never touch the servers in a readable/accessible format. That way not even the IT department, that could be subject to a conflict of interest in the Whistleblowing procedures, could know what's going on.
    Data encryption is enforced by using industry standard end-to-end OpenPGP encryption, with openly audible encryption libraries achieving the maximum level of transparency and audibility.
  • In-Transit Communication Encryption
    The security of the communications in OpenWhistleblowing is guaranteed thanks to the use of industry standard HTTPS data encryption with properly hardened encryption algorithms. That way no-one can break into the communications between the whistleblowers device and the OpenWhistleblowing platform.
  • Communication Privacy
    OpenWhistleblowing is designed with privacy in-mind, meaning that no tracing information about Whistleblower are ever kept, used or recorded into the platform.
    The IP Address, usually representing the location of the whistleblower computer on the internet or in the corporate intranet, is never acquired or disclosed, guaranteeing the impossibility of traceback.
    That is implemented thanks to a special anonymizing proxy called Tor2web, already used nowadays on the internet as the de-facto anonymous publishing system for Tor Hidden Services.
  • Communication Anonymity
    The promise of Anonymity Protection for the Whistleblower must be scientifically backed and that what OpenWhistleblowing does by tightly integrating within the Tor Anonymous Network, exposing all the reporting services over the Tor Hidden Services as a complementary way to the standard internet based submission.
    The reports sent trough the Tor network achieve a very high level of communication anonymity for the Whistleblowers that really care about preserving their identity during the initial phases of submissions.
  • Dynamic Data Retention Policies
    OpenWhistleblowing implement a configurable and dynamic data retention policies to make sure that all unused data get deleted from the database, so the system is clean and avoid becoming a gigantic repository of confidential information.
    Analysts can always change and adapt the data retention policy of a specific report or a specific context, having the flexibility to keep more data online for further investigation.
  • Flood Protection
    OpenWhistleblowing feature multiple flood protection techniques to prevent attacks that try to overwhelm the Whistleblowing procedure with an enormous amount of reports. This is done by implementing more than 10 different flood protection techniques, publicly reviewed and documented.

Contact us

If you wish to report a Bug or Feature requests, please post to OpenWhistleblowing Google Group.
To fill a bug always include Operating System, Software Version, how your system has been configured and how you can reproduce it.
To fill a feature request please include a description of your use cases (how/why you are using or planning to use OpenWhistleblowing) and what's the feature tha's now missing.
https://groups.google.com/a/openwhistleblowing.org/forum/#!forum/support


Copyright (c) 2011-2016 - Hermes Center for Transparency and Digital Human Rights