GlobaLeaks icon indicating copy to clipboard operation
GlobaLeaks copied to clipboard

Published 20 hours ago verified publisher icon globaleaks

Prevent automatic deletion of submissions if whistleblower has added new content recently

Open aetdr opened this issue 1 year ago • 7 comments

Proposal

Let's say that a submission is set to be auto-deleted on june 30. Whistleblower adds content on june 29. (just a day before the expiration).

Recipient is unable to react with so short notice (out of office for example). Even if the new content is not read, the submission gets deleted on june 30.

We need a mechanism to prevent this from happening. Maybe a postponing the expiry date, 7 days or such.

Motivation and context

see above

aetdr avatar Aug 29 '23 08:08 aetdr

Thank you @aetdr for this proposal.

What would you suggest to do when new content is sent? How much time do you consider should be added to the expiration?

I agree that we could eventually implement a policy where we guarantte that the report is maintained for at least 7 days since the reception of the material but this actuallyt will cause that whistleblowers will be able to keep a report open forever just writing every day.

Lets see what other users think: @giorgiofraschini, @gianlucagilardi, @rglauco, @elbill, @larrykind

evilaliv3 avatar Aug 29 '23 15:08 evilaliv3

I think the 7-days extention could work but it would not cover possible leaves of the recipient. I think that we should consider that the GDPR principle require for the recipient to keep information for as long as necessary; an extention even longer than 7 days would be acceptable. Another proposal that we could consider is relating the expiration of the report to the last possible action of the whistleblower and/or the recipient.

giorgiofraschini avatar Aug 30 '23 10:08 giorgiofraschini

Hello everyone, I agree with @giorgiofraschini. A 7-days grace time after expiration (not renewable) will be fine, but I think in these 7 days something should happen in the report management. For example within these 7 days an expiration alert could be shown to the whistleblower.

Anyway i think the expiration (and consequently deletion) of a non "closed" report should not be automatic, but just alerted to the receiver. Then the receiver shoud put an end to those zombie reports and put them in a "closed" state,, with a comment also.

If the status is "closed" maybe there could be a button for the whistleblower "repoen report request" with a motivation text.

larrykind avatar Aug 30 '23 14:08 larrykind

I see than you all for your feedback.

I see that you all have no concern have no concern about the possibility for the whistleblower to continuously renew the ticket to keep it open, so i think it is fine to agree to ensure the report do not expire before 7 days since the last content.

@larrykind: Regarding the automatic expiration consider this aspect should not be changed in order to honor the GDPR principles "by design and by default"; This design wants specifically to enure that data retention is enforced in any conditions, even if recipients forgets; his protects both whistleblowers and recipients

evilaliv3 avatar Sep 01 '23 06:09 evilaliv3

7 days is fine. I agree.

aetdr avatar Sep 01 '23 09:09 aetdr

We completely agree, this is a clever function! If the whistleblower would misuse is and try to keep a report open "forever", the recipient could always just delete the report. And still – the whistleblower could continue to try to keep the report open by just creating a new one.

So 7 days seems like a reasonable timeframe to prolonged the expiration date in such a case!

danielvaknine avatar Sep 02 '23 14:09 danielvaknine

Hi @evilaliv3

We just experienced the issue again. This is essential and much needed feature. Is it possible to prioritize this?

aetdr avatar Jan 15 '24 11:01 aetdr