One of Martus’s most popular features was its end-to-end encryption. In our first Martus Community Call, many current users explained that this felt like an important feature because it keeps their information safe. We want to use this thread to explore the use of this feature, its advantages and disadvantages, and how other security features might be able to address the users’ needs.
Here are some questions to get the conversation started:
- What is the role client-side end-to-end encryption plays, or should play, in the documentation space? What need is there for it?
- If we don’t implement it, does that expose HRDs to attack? And if we do, how can we do make it easy and safe (e.g. avoid efail, discussion of open vs closed systems, etc.)
- At what points in the data lifecycle is it important to encrypt?
- What about the risk of people losing their keys, and therefore losing their data? Is e2e worth that risk?
Please share your reflections on the need for end-to-end encryption in human rights documentation!