Encryption has been making headlines recently. After law enforcement organizations, in the face of terrorism, have asked for Apple (and other tech companies) to provide them with a backdoor into their encrypted messaging, Tim Cook has asked the White House to make a stance on protecting consumer privacy. In a previous interview with 60 Minutes, when asked about sacrificing privacy for public safety, Cook said “We’re America, we should have both.” More information on Cook’s encryption woes here.
Recently, police in Canada and the Netherlands said they could beat Blackberry’s PGH encryption system.
Encryption is a daily part of life in the eDiscovery world. Does encrypting data mean that it cannot be collected?
First, let’s clearly define encryption. It’s the process of making data essentially unreadable without having a private key that decodes it. Think of the Rosetta Stone: prior to its discovery in 1799, all ancient Egyptian hieroglyphics were essentially encrypted. Its discovery meant we could decode the ancient writing system. Nowadays, data is often encrypted when being sent between parties (for example, Apple’s iMessage). Decryption is possible, but it’s not always easy.
During the collection process of eDiscovery, users generally voluntarily grant access to their data on phones and personal computers. Sometimes, this means providing passwords so that we can collect their data right from their phones, tablets, and computers. When we have direct access to devices, beating encryption is fairly easy. In some cases it requires either an alternative method of imaging or total decryption, as opposed to simply entering a password.