When most people think about data security and encryption, their first thought is around how data is stored. However, encryption doesn’t only apply to data storage, but also how you transfer the information from one location to the next.
True ESI defensibility starts with maintaining the authenticity and privacy of the data from the moment it is collected all the way to hosting and later deletion. Data encryption provides the backbone for this security through concealing the data in a cipher, thus making it unreadable to anyone without the key.
End to End Encryption (E2EE) is when the model of data encryption is applied to the lifecycle of the data and throughout its intended purpose. Essentially this means that once the data has begun to move it has already been encrypted, and will stay encrypted until it reaches its end destination. The purpose of E2EE is to prevent third parties groups from accessing, viewing, or altering the data.
- Sender uses public key to encrypt message
- Encrypted message goes to server
- Server sends encrypted message to end user
- End user uses private key to read message
E2EE is relevant to the fields of electronic discovery, digital forensics, and review hosting due to the inherent need for privacy, security, and data integrity within the legal discovery process. From discovery data load files to secure file-transfer-protocols for production, encryption gives legal teams back confidence in the data.
In the legal industry, it is expected that entities use encryption across the spectrum of where they are control data. This reaches all the way from using a secure SSL/HTTPS website url and sending encrypted emails within Outlook to large scale encryption of entire databases living behind firewalls.