Today data have become utmost priority for most individuals and companies. And when it has become the utmost priority, protecting it from being compromised also becomes equally important. Many practices have been adopted by not the individuals to protect their data, but also by the companies to protect its consumers data. One such method adopted by the tech giants is the encryption method, in order to safeguard data of their users from being compromised.

However, even after tech giants using end-to-end encryption to protect their consumers data, latest leak of WhatsApp data shows that encryption does not provide immunity to the data from being compromised. In such scenarios, does the legislation provides proper law enforcement in order to safeguard its citizens and provide them with remedies against such tech giants?

What is encryption?

According to Chris Parker, previously everyone used to write codes in order to conceal what they are saying, and then share the code with the desired person. However, in the digital era encryption has taken a new meaning as the user now does not have to write their own codes in order to protect their information.

With a simple tool and password, user can protect something that would take years or in some cases even decades to crack the code. That is why encryption goes hand in hand with protection of data. However, while encryption is beneficial to the users, it can cause serious problems for law enforcement.

Benefits of Encryption

With the advent and advance of technology, it has become easy for the user to create data. However, with such easiness, it has become easy for such data to be compromised as well. Furthermore, encryption protects data at rest when stored on hard drives, cell phones, or in the cloud, and it can protect data in transit as it moves from one device to another.

Furthermore, with growing cyber criminals and cyber security war on the healthcare industry, finance and energy sector, IoT devices have increased the risks of cyberattacks in almost every sector.

Therefore, in such scenarios, encryption can widely understood to be the only effective measure to ensure that data is securely stored or transmitted between two assets, as without secured encryption, data is always at the risk of being hacked. And for this reason alone, consumer and enterprise data security needs center around the effective implementation of encryption.

Why encryption goes wrong?

When encryption is the only possible solution to protection of data, why does it goes south in some situations and user data is compromised?
The major reason for such a problem is sudden demise. Since encryption is one of the most common technique used to ensure confidentiality, it is derived from an encryption key and such encryption key is derived from a password, which is generally held by a person.

One such example of encryption failure is the sudden demise of Gerald Cotton, who was the CEO of QuadrigaCX, Canada's largest cryptocurrency. And this happen because cotton was the sole person who had the password that protected $190 million worth of bitcoin owed to investors. After his death, no living person had access to the encrypted fortune and therefore $190 million worth of investors money was lost. And the issue does not end there. Ernst and Young was hired to find the money owed to investors. They were able to access six of his offline cryptocurrency wallets, however all of which were empty.
Thus, encryption though is the only source of protection data, can sometimes be the source of lost data as well.

Why encryption is problematic for law enforcement?

As seen from the case of QuadrigaCX, encryption generally creates a tug of war as to who has the right to decrypt the data. And this issue arises because several parties view this issue from their particular goals and perspectives.

Furthermore, Government agencies are not interested in the private data of an average citizen. The main of the there agencies is national security, solving crimes, tracking threats and keeping their community safe.
And thus, law enforcement agencies view data encryption as retrieval. For example, if there is data that might show where a child has been taken after a kidnapping, not only getting the data but getting it in a timely manner is important.

However, when such data is encrypted, it generally blocks the enforcement agencies both at the local and national level from accessing data that could be useful in preventing potential crimes from occurring.
Furthermore, most of the messaging apps use end-to-end encryption, which means that only the sender and receiver of the message had access to such message and not even host company or the mediators have access to such message. Due to this end-to-end encryption, messaging giants like WhatsApp and Facebook are under immense pressure to install security backdoor, thereby allowing Governments to read messages if considered necessary. However, Facebook have refused to do so.

Furthermore, this encryption of messages have created a lose-lose situation for the law enforcement agencies, which is trying to balance individual privacy and collective security.

Another good example of encryption causing problems for law enforcement agencies is the recent criticism which the Government had to face which says that authorities shouldn't intrude upon personal freedoms without good reason, but will wonder why terrorists weren't being observed closely enough to prevent their criminal acts — even though there may have been no reason to suspect them.

Can Law Enforcement agencies still access messages and data?

Law enforcement agencies still have different methods to access the data. Recent examples shows that when these tech companies refuses to provide data to the Government, Governmental agencies had to take help from third party companies to hack the devices and decrypt the content. The major recent example can be taken from Pegasus, whereby Government of India came under heavy scrutiny for tracking the data of millions, when giants like Facebook and Twitter refused to share data with the Government.

Furthermore, the recent IT Amendment Act, 2021 is another example of forcing these tech giants to create backdoor for the Governmental agencies to have access to personal data. Creating backdoor means the Government forcing the device manufacturing companies, which are being sold in the country to have backdoors that easily allows the Government to bypass the encryption.

Problems with the Backdoor approach

While creating backdoor solves the purpose for the law enforcement agencies, it defeats the whole purpose of encryption. Furthermore, creating backdoor would only provide vulnerability as a feature, where such feature can be exploited by anyone without providing plausible explanation. And that's mainly because Government can create backdoor, anyone can.
Furthermore, law enforcement agencies will not be the only one accessing the data. Service providers, rogue employees at those services, foreign governments who discover the backdoor, and cybercriminals who find a way to exploit those purposely created weaknesses in the system.

Conclusion and Solution
Unfortunately there isn't one. While law enforcement agencies had their own reasons for creating backdoor, encryption had its own reasons for existing, to protect one's privacy. And while both are valid and justifiable, both go in opposite direction and having both cannot be a plausible solution.