The source should be as unreliant as possible on the journalist neither unintentionally or intentionally impairing the sources confidentiality.
eg. a journalist polling the submission system as frequently as possible may learn the time of all submissions to the nearest N hours, if submissions are shown immediately.
Consider making the system batch submissions for display to the journalist
Consider making the system batch comments for display to the journalist (especially important as this can reveal pattern of life information).
Perform any automated metadata stripping that is possible well before the journalist sees the material.
I believe the journalist sees a code name based on a hash of the source's original ~91 bit code name - if so why not just generate an independent ~64 bit code name (as words) for the journalist to use?
Recommend that a minimal number of journalists/users are given usage to the system, and only after proper training.
The source should be as unreliant as possible on the journalist neither unintentionally or intentionally impairing the sources confidentiality.
eg. a journalist polling the submission system as frequently as possible may learn the time of all submissions to the nearest N hours, if submissions are shown immediately.
Consider making the system batch submissions for display to the journalist
Consider making the system batch comments for display to the journalist (especially important as this can reveal pattern of life information).
Perform any automated metadata stripping that is possible well before the journalist sees the material.
I believe the journalist sees a code name based on a hash of the source's original ~91 bit code name - if so why not just generate an independent ~64 bit code name (as words) for the journalist to use?
Recommend that a minimal number of journalists/users are given usage to the system, and only after proper training.