End to end encryption (EE2E) is a technology used to facilitate data security by encrypting the data sent between the sender and the intended receiver. The company facilitating the data transfer does not hold the data intended for its end-users, rather data is encrypted between the app user and the intended receiver.
As more of our data is stored online or on the cloud, it is inevitable that data may be compromised by insecure data security procedures. End-to-end encryption (EE2E) seeks to minimise this risk. The technology is used by governments, corporations and individuals to transmit secure data. This article will disclose to you what EE2E is and how it works.
Storage of Data
When you send an email, the data is stored by your email provider and you. This means the email provider will have access to your data. Email providers are required to comply with their respective privacy laws – in Australia, this is the Privacy Act 1988 (Cth).
Nowadays, it is becoming prevalent that tech companies use EE2E. To follow on with the email example, this means that instead of your email provider holding your data, it is stored with you (the user) and with who you sent your email to exclusively. There are many obvious benefits of EE2E. For example, in the context of online shopping, EE2E protects online shoppers when they enter their credit card details, preventing the likelihood of a data breach.
WhatsApp Uses EE2E
On 5 April 2016, WhatsApp announced it fully embraced EE2E, claiming to be a leader in protecting its user’s private communications. From that date, all 1 billion WhatsApp users benefit from the EE2E service by default. Any photo, video, file and voice message protected by EE2E. WhatsApp explains that when a user sends a message, the only person who can read that message is the person the message was sent to. And alas, no one else can access it. “Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”
Law Enforcement Issues
Recently, there has been a lot of discussion about EE2E services and enforcement of the law. On 20 July 2016, a Brazilian Court temporarily blocked WhatsApp. It made this move because it showed a complete “disrespect for Brazilian laws”. Not long after not, this decision was overturned by Brazil’s Supreme Court.
The ban arose because Facebook (the owner of WhatsApp) refused to provide text conversations from WhatsApp. The WhatsApp conversations were needed for a criminal investigation. Facebook declined to provide the conversation for the reason of EE2E – it doesn’t even have access to this data.
Legislatures around the world are all grappling with this issue. On 3 June 2016, the United States Department of Commerce and State released their latest rulemaking on the issue which are to take force on 1 September 2016. The purpose of these rules is to clarify how technology transfers and other export activities are treated in the United States. We remain to see how it goes.
From an Australian perspective, EE2E presents a new hindrance to our discovery system. We will need to rely on the users to provide the relevant data via Court-ordered discovery. Ordinarily, data held by a third party (i.e. WhatsApp) will be discoverable, but it remains to be seen how Australian courts will decrypt this issue.
It is evident the EE2E aims to protect private communication and other information. However, some issues arise in court-ordered discovery processes and in a way EE2E can hinder court procedures. Contact LegalVision’s IT lawyers to assist you with any questions you may have. Call us on 1300 544 755.