Encryption keys are always encrypted at rest (when stored on disk) and are only decrypted in RAM when the whistleblower / receivers are logged in to the system. Visslan does not have an interface that can allow direct access to the encryption keys in any situation (at runtime or at rest).
Visslan, like all other web-based whistleblower systems as far as we know (and which offers the necessary usability and a wide range of security measures related to protection against leaks of "forensic traces") can not technically implement a perfect end-to-end encryption mechanism that encrypts data from the whistleblower terminal to the case manager's terminal, but it needs to use the server as a reliable party that performs encryption and decryption on behalf of the system's users.
Such a function is only offered when it is possible to get users to install a software, which we do not consider acceptable in a whistleblowing context, both for usability but also for security reasons (for example when proof is submitted for submission of a report on the user's device).
In the whistleblower system today, the administrator (we) can decide if we want to reset the case manager password to simply support users in the event of a password loss, which acts as a "key escrow" mechanism. This is usually accepted in commercial contexts where we must be able to do our utmost to ensure that no data is lost (even when the customer loses access to the data in the event of a forgotten password). In future system updates however, we plan to make it possible for the customer to specifically opt out of this option and at their own risk accept that data in the event of a password loss will be completely lost.
In any case, the system maintains an audit log and tracks actions to try to prevent as well as support the detection of abuses performed by administrators.
In other words, from a technical perspective, Visslan can have access to encryption keys and data (which, as described, becomes a requirement for a web-based application where Visslan cannot install anything locally, which would also have created other more serious risks). We therefore also refer to our customer agreement and the appendices DPA and Confidentiality Agreement, where it is clearly stated that we may not have access to your whistleblower cases or related data.