Support note-taking for in-app use or sharing/export

kennethrrosen commented 2 weeks ago

[x] I have searched for duplicates or related issues

Description

When receiving submissions, there is presently no way of organizing or assigning journalists or editors to the submissions for review. In the past, admins have copied the text of submissions/tips and emailed them directly to reporters covering that "beat."

Offering a place to take notes for export in a) clear text to alert the journalist to the substance of the tip or b) through another encrypted or secure channel the journalist is likely to be using (GPG emails, Signal) or c) for journalists who manage to access the platform to scan through and make a quick and decisive call on the newsworthiness of a submission.

How will this impact SecureDrop/SecureDrop Workstation users?

There are two ideas here (organizing and exporting), but the primary impact would be to safely get a journalist to say "yay" or "nay" to a submission based on a secure summary, without interrupting their reporting (they may not be in the office to access a SDW, or may be uncomfortable or unaware of what it is/how to use it safely).

How would this affect the SecureDrop Workstation threat model?

The current architecture of SD and SDW prevents an editor from inadvertantly revealing or sharing anything compromising. There may be an issue if the tipster includes personal biographic information (which I've recently seen in a submission), but one should not discount the intentions and training of a journalist who is fluent in the security and philosophy of SD and has handled such information long before SD was used in newsrooms.

User Stories

See above.

rocodes commented 1 week ago

Hi @kennethrrosen, thanks for filing this. Just for clarification, would this be most like:

a "private notes" feature (meaning, inlined with a conversation with the source, content that is only visible to the journalists - which could include notes, tags, etc, and which could be exported along with the conversation transcript)
a request for another program/application that's easy for journalists to use (eg, a notetaking companion app somewhere in SDW)
something else entirely (eg: a request for a Signal VM or other vm support in SD)?

I think we've discussed different versions of these ideas and are friendly to them, just want to make sure I know what you mean. Depending what you're proposing, I may end up transferring this ticket to another repo. Thanks again! :)

kennethrrosen commented 1 week ago

@rocodes initially the idea was to have "private notes" that are stashed with the submissions: "Ed: Not sure this tracks, but can you take a look? Au: This overlaps with that other thing we're working on let's pass." But after learning that an export-to-SignalVM was being considered, that is much better.

In that way, I suppose the submission could be attached or the text included in a message to the reporter/writer and the editor/submission reviewer could write a top note above the submission.

freedomofpress / securedrop-workstation