End to end encryption (E2EE) is a technology used to facilitate data security by encrypting the data sent between the sender and the intended receiver. The company facilitating the data transfer does not hold the data intended for its end-users, rather data is encrypted between the app user and the intended receiver.

As more of our data is stored online or on the cloud, it is inevitable that data may be compromised by insecure data security procedures. End-to-end encryption (E2EE) seeks to minimise this risk. The technology is used by governments, corporations and individuals to transmit secure data.  This article will disclose to you what E2EE is and how it works.

Storage of Data

When you send an email, the data is stored by your email provider and you. This means the email provider will have access to your data. Email providers are required to comply with their respective privacy laws – in Australia, this is the Privacy Act 1988 (Cth).

Nowadays, it is becoming prevalent that tech companies use E2EE. To follow on with the email example, this means that instead of your email provider holding your data, it is stored with you (the user) and with who you sent your email to exclusively. There are many obvious benefits of E2EE. For example, in the context of online shopping, E2EE protects online shoppers when they enter their credit card details, preventing the likelihood of a data breach.

WhatsApp Uses E2EE

On 5 April 2016, WhatsApp announced it fully embraced E2EE, claiming to be a leader in protecting its user’s private communications. From that date, all 1 billion WhatsApp users benefit from the E2EE service by default. Any photo, video, file and voice message protected by E2EE. WhatsApp explains that when a user sends a message, the only person who can read that message is the person the message was sent to. And alas, no one else can access it. “Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”

Law Enforcement Issues

Recently, there has been a lot of discussion about E2EE services and enforcement of the law. On 20 July 2016, a Brazilian Court temporarily blocked WhatsApp. It made this move because it showed a complete “disrespect for Brazilian laws”. Not long after not, this decision was overturned by Brazil’s Supreme Court.

The ban arose because Facebook (the owner of WhatsApp) refused to provide text conversations from WhatsApp. The WhatsApp conversations were needed for a criminal investigation. Facebook declined to provide the conversation for the reason of E2EE – it doesn’t even have access to this data.

Legislatures around the world are all grappling with this issue. On 3 June 2016, the United States Department of Commerce and State released their latest rulemaking on the issue which are to take force on 1 September 2016. The purpose of these rules is to clarify how technology transfers and other export activities are treated in the United States. We remain to see how it goes.

From an Australian perspective, E2EE presents a new hindrance to our discovery system. We will need to rely on the users to provide the relevant data via Court-ordered discovery. Ordinarily, data held by a third party (i.e. WhatsApp) will be discoverable, but it remains to be seen how Australian courts will decrypt this issue.

Key Takeaways

It is evident the E2EE aims to protect private communication and other information. However, some issues arise in court-ordered discovery processes and in a way E2EE can hinder court procedures. Contact LegalVision’s IT lawyers to assist you with any questions you may have. Call us on 1300 544 755.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Esther Mistarz

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy