I read recently about an idea similar to this in Technology Review.
Value Statement: What if there was a single place where battered women, children terrified of their parents or guardians, people terrorized by their government or any other form of abuse could go to report that abuse and not have to worry about retaliation?
There are three considerations that will drive the creation and management of such a solution:
1. The security of the solution cannot be compromised in anyway
2. The anonymity of the user must be maintained regardless
3. The system will require human intervention to prevent spoofing and fake entries.
The first is critical and probably the single hardest thing to do in the short term computing world. Security from patches to worms and bots dominates the computing world of today. In the book Transitional Services I proposed a new way to consider security, the Aqueduct (keep the data moving along a series of connections and no one will ever know where the data actually is at any one time). I am not sure that would be an effective method for this system as the requirement here would be that the ID itself cannot be compromised.
Step two is difficult from two aspects. The first is the tracking of a user both on the local PC and on the web site they are connecting to. One of the components of the submission process has to be an intelligent around submissions. The submit button has to erase all history of that particular submission from the submission site, and the user’s PC or device.
Finally there has to be a built in ability for humans to intervene in cases of fraud or false claims. The number of claims will be fairly large so having ways to quickly reduce false submissions without losing any real claims will be critical.