Recently we’ve received several questions from sources, particularly in Texas, Massachusetts, Florida, and elsewhere about the security measures we take to protect our sources. This post hopefully will answer many of those questions. Among the measures we take to ensure security:
- At the highest level, Anglican Watch has a legal structure that would be remarkably hard to sue.
- Our corporate structure is set up in a jurisdiction chosen explicitly for being privacy friendly.
- We protect all activity on our site with military-grade encryption.
- We secure our DNS records via DNSSEC.
- We use use HSTS, a particularly secure way to protect web traffic.
- Our contact forms operate under a second layer of end-to-end encryption, meaning no third party can access the encryption keys.
- Our servers are located outside the United States, again in places both privacy friendly and notoriously unresponsive to American subpoenas.
- Our servers log only the absolute minimum data needed to operate the site.
- All server logs are automatically wiped twice a day and overwritten.
- Computers used are encrypted and protected by MFA.
- We carefully control access to sensitive information and allow access purely on a need-to-know basis.
- Email is relayed in encrypted form through mutiple end-to-end encrypted servers. So even if one is compromised, the only information available is encrypted gibberish and the identity of the next email server.
- We delete most sensitive data/tips as soon as they are read.
- Once messages are read and deleted, the server space is overwritten to prevent recovery.
- If information is retained as part of an ongoing investigation, or we believe it may be helpful to a victim in the future, we encrypt the information, then place it on an end-to-end encrypted cloud server protected by passwords and physical MFA. Two persons must cooperate to access the information, with one being our corporate attorney.
- Our chat module is fully encrypted and we do not log activity.
Some of this may strike others as overkill, but we recognize the profound nature of church trauma. Indeed, the only thing that could make it worse in many cases is a breach of confidentiality on our part, so we take these matters very seriously.
Of course, no system is foolproof. But we take great care to ensure anonymity, and encourage sources to send information that may be helpful. That is especially the case with the ongoing EEOC/retaliation issues in Texarkana.