End to end encryption (E2EE) is a technology used to facilitate data security by encrypting the data sent between the sender and the intended receiver. The company facilitating the data transfer does not hold the data intended for its end-users, rather data is encrypted between the app user and the intended receiver.

As more of our data is stored online or on the cloud, it is inevitable that data may be compromised by insecure data security procedures. End-to-end encryption (E2EE) seeks to minimise this risk. The technology is used by governments, corporations and individuals to transmit secure data.  This article will disclose to you what E2EE is and how it works.

Storage of Data

When you send an email, the data is stored by your email provider and you. This means the email provider will have access to your data. Email providers are required to comply with their respective privacy laws – in Australia, this is the Privacy Act 1988 (Cth).

Nowadays, it is becoming prevalent that tech companies use E2EE. To follow on with the email example, this means that instead of your email provider holding your data, it is stored with you (the user) and with who you sent your email to exclusively. There are many obvious benefits of E2EE. For example, in the context of online shopping, E2EE protects online shoppers when they enter their credit card details, preventing the likelihood of a data breach.

WhatsApp Uses E2EE

On 5 April 2016, WhatsApp announced it fully embraced E2EE, claiming to be a leader in protecting its user’s private communications. From that date, all 1 billion WhatsApp users benefit from the E2EE service by default. Any photo, video, file and voice message protected by E2EE. WhatsApp explains that when a user sends a message, the only person who can read that message is the person the message was sent to. And alas, no one else can access it. “Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”

Law Enforcement Issues

Recently, there has been a lot of discussion about E2EE services and enforcement of the law. On 20 July 2016, a Brazilian Court temporarily blocked WhatsApp. It made this move because it showed a complete “disrespect for Brazilian laws”. Not long after not, this decision was overturned by Brazil’s Supreme Court.

The ban arose because Facebook (the owner of WhatsApp) refused to provide text conversations from WhatsApp. The WhatsApp conversations were needed for a criminal investigation. Facebook declined to provide the conversation for the reason of E2EE – it doesn’t even have access to this data.

Legislatures around the world are all grappling with this issue. On 3 June 2016, the United States Department of Commerce and State released their latest rulemaking on the issue which are to take force on 1 September 2016. The purpose of these rules is to clarify how technology transfers and other export activities are treated in the United States. We remain to see how it goes.

From an Australian perspective, E2EE presents a new hindrance to our discovery system. We will need to rely on the users to provide the relevant data via Court-ordered discovery. Ordinarily, data held by a third party (i.e. WhatsApp) will be discoverable, but it remains to be seen how Australian courts will decrypt this issue.

Key Takeaways

It is evident the E2EE aims to protect private communication and other information. However, some issues arise in court-ordered discovery processes and in a way E2EE can hinder court procedures. Contact LegalVision’s IT lawyers to assist you with any questions you may have. Call us on 1300 544 755.

Esther Mistarz
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
If you would like to receive a free fixed-fee quote for a legal matter, please get in touch using the form on this page.