Security Requirements in Web Applications for Whistleblowers
1
doktorant na Wydziale Nauk Politycznych
i Studiów Międzynarodowych Uniwersytetu Warszawskiego
Publication date: 2025-09-19
Studia Politologiczne 2025;77
KEYWORDS
ABSTRACT
The article discusses the cybersecurity challenges of using digital tools to detect
breaches under whistleblowing procedures. The implementation of the Whistleblower
Protection Directive in Poland may lead to the emergence of dedicated web applications
on a massive scale, both in the public and private sectors. Entities that will use them as a channel for receiving reports must take into account risks to the confidentiality, integrity
and availability of sensitive data processed in the applications. From the point of view
of effective handling of tips by obliged entities and public authorities, there is a need to
develop a minimum standard for security requirements for online platforms and their
verification to be applied to providers.
PEER REVIEW INFORMATION
Article has been screened for originality
REFERENCES (28)
1.
Ahmed-Rengers M., Vasile D. A., Hugenroth D., Beresfold A. R., Anderson R., CoverDrop: Blowing the Whistle Through A News App, «Proceedings on Privacy Enhancing Technologies» 2022, nr 2 – https://petsymposium.org/popet... (8.05.2024).
2.
Andress J., Podstawy bezpieczeństwa informacji. Praktyczne wprowadzenie, Gliwice 2022.
3.
Asprion P. M., Grieder H., Grimberg F., Building Digital Trust to Protect Whistleblowers – A blockchain-based Reporting Channel, “Proceedings of the 56th Hawaii International Conference on System Sciences” 2023, https://scholarspace.manoa.haw... (8.05.2024).
4.
Baran B., Ożóg M. (red.), Ochrona sygnalistów. Regulacje dotyczące osób zgłaszających nieprawidłowości, Warszawa 2021.
6.
Berendt B., Schniffer S., Whistleblower protection in the digital age – why “anonymous” is not enough? From technology to a wider view of governance, «International Review of Information Ethics» 2022, vol. 31, https://informationethics.ca/i... (28.05.2024).
7.
Brevini B., Hintz A., McCurdy P. (red.), Beyond WikiLeaks. Implications for the Future of Communications, Journalism and Society, Hampsire 2013.
8.
Brown A. J. et al., Clean as a whistle: a five step guide to better whistleblowing policy and practice in business and government, Brisbane 2019, http://www.whistlingwhiletheyw... (19.05.2024).
9.
Colvin N., Nad V., Culnane C., Galizzi B., Dreyfus S., Expanding anonymous tipping technology in Europe, Blueprint for Free Speech 2021, https://static1.squarespace.co... (4.03.2025).
10.
Di Salvo P., Digital Whistleblowing Platforms in Journalism. Encrypting Leaks, Cham 2020.
11.
Fajgielski P., Ogólne rozporządzenie o ochronie danych. Ustawa o ochronie danych osobowych. Komentarz, Warszawa 2022.
12.
Graham D. G., Ethical Hacking. A Hands-on Introduction to Breaking In, San Francisco 2021.
13.
Gumularz M., Sygnaliści: w grupie podmiotów jeden system zgłaszania naruszeń, 07.03.2024,https://www.rp.pl/prawo-pracy/... (19.05.2024).
14.
Hansen E., Internal SLA (Service Level Agreement) for Information Security, SANS Institute 2001, https://sansorg.egnyte.com/dl/... (5.06.2024).
15.
Javakrishnan H., Murali R., A Simple and Robust End-to-End Encryption Architecture for Anonymous and Secure Whistleblowing, Twelfth International Conference on Contemporary Computing (IC3), 2019, https://ieeexplore.ieee.org/do... (8.05.2024).
16.
Jenkins M., Overview of whistleblowing software, Transparency International, 2020, https://knowledgehub.transpare... (4.11.2024).
17.
Kawczyński P., Ocena podmiotu przetwarzającego jako podstawa do powierzenia przetwarzania danych osobowych, «Magazyn ODO» 2023, nr 23.
18.
Lake J., What is plausible deniability (in encryption) and does it really work?, 08.01.2024, https://www.comparitech.com/bl... (18.05.2024).
19.
Lowry P. B., Moody G. D., Galletta D., Vance A., The Drivers in the Use of Online Whistle-Blowing Reporting Systems, «Journal of Management Information Systems» 2013, vol. 30(1).
20.
Makowicz B., Jagura B. (red.), Systemy zarządzania zgodnością. Compliance w praktyce, Warszawa 2020.
21.
Mroczyński-Szmaj Ł., Nowe europejskie prawo sygnalizowania nieprawidłowości. Rozwiązania modelowe a polski projekt ustawy o ochronie osób zgłaszających naruszenia prawa, «Prawo w działaniu» 2022, nr 52, http://cejsh.icm.edu.pl/cejsh/... (9.05.2024).
22.
Rosenblatt S., NSA likely targets anybody who’s “Tor-curious”, 03.07.2013, https://www.cnet.com/news/priv... (20.05.2024).
23.
Roth V., Güldenring B., Rieffel E., Dietrich S., Ries L., A Secure Submission System for Online Whistleblowing Platforms, 29.01.2013, http://arxiv.org/pdf/1301.6263 (17.05.2024).
26.
Uddholm J., Anonymous Javascript Cryptography and Cover Traffic in Whistleblowing Applications, 2016, http://www.diva-portal.org/sma... (5.11.2024).
27.
Walshe T., Simpson A. C., Coordinated Vulnerability Disclosure programme effectiveness: Issues and recommendations, «Computers & Security» 2022, vol. 123, https://www.sciencedirect. com/science/article/pii/S0167404822003285 (10.05.2024).
28.
Weulen Kranenbarg M., Holt T. J., van der Ham J., Don’t shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure, «Crime Science» 2018, nr 7, https://research.utwente.nl/en... (16.05.2024).
| ISSN: | 1640-8888 |
Czasopismo naukowe «Studia Politologiczne» uzyskało dofinansowanie z Ministerstwa Edukacji i Nauki w ramach programu „Rozwój Czasopism Naukowych” (projekt numer RCN/SN/0713/2021/1). Wysokość otrzymanego dofinansowania wynosi 79 607 zł. Celem projektu jest realizacja działań zmierzających do podniesienia poziomu praktyk wydawniczych i edytorskich, zwiększenia wpływu Czasopisma na rozwój nauki oraz dalszego zwiększania prestiżu Czasopisma w międzynarodowym obiegu naukowym. Okres realizacji projektu wynosi 24 miesiące.
© 2006-2025 Journal hosting platform by Bentus
We process personal data collected when visiting the website. The function of obtaining information about users and their behavior is carried out by voluntarily entered information in forms and saving cookies in end devices. Data, including cookies, are used to provide services, improve the user experience and to analyze the traffic in accordance with the Privacy policy. Data are also collected and processed by Google Analytics tool (more).
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
