Like many mediators at this time I have been coming to terms with using various bits of technology, such as video conferencing and taking my skill set online. In the last 3 weeks there seems to have been a plethora of advice pieces sharing help and ideas for practitioners. One aspect that seemed to be making a lot of noise is whether some of the platforms out there are end-to-end encrypted [E2EE] or not. Recently reading through one such article which had been prepared by a well respected organisation, I noted that as part of the guidelines for Video Mediation, it stated that mediators should ensure they are using “a secure videoconferencing platform with end-to-end encryption”. (1)
I was reminded of a recent article I read in the New York Times which had set out in layman terms a definition for ‘end-to-end encryption’ that it;
“scrambles messages in such a way that they can be deciphered only by the sender and the intended recipient. As the label implies, end-to-end encryption takes place on either end of a communication. A message is encrypted on a sender’s device, sent to the recipient’s device in an unreadable format, then decoded for the recipient”. (2)
There are apparently various ways to achieve this but the most prevalent of these is the use of a programme, on the users device, to generate 2 cryptographic keys. One key will be private, and one will be public. As the name suggests the public key is for general use and is shared with somebody that wants to send you an encrypted item or message. As respects the private key the article explains;
“The private key, or secret key, decrypts messages sent to you and never leaves your device. Think of it as a locked mailbox. Anyone with a public key can put something in your box and lock it, but only you have the private key to unlock it”. (3)
Perhaps the essential take a way is that it is unlike other types of encryption in that it removes the need to rely on a third party to encrypt messages as they are passed between parties. In doing this it ensures that if sensitive commercial or private communications are being shared then these are less likely to be the subject of hacking, at least not while they are being transmitted using E2EE.
Generally, this is going to be an issue for any mediator to be concerned about as they will not want to recommend the use of a platform to the parties of a mediation which could lead to the parties sensitive and private data being left open to hacking. This is avoided when mediators follow advice such as the ICODR’s advice note and ensure whatever video conferencing platform they are using is using E2EE.
Indeed, E2EE is widely seen as a key aspect of meeting GDPR obligations as noted by Secure Chorus Chairman, Elisabetta Zaccaria, who stated in a recent article as respects E2EE and GDPR,
“End-to-end encryption has been considered by technologists as the means to protect data privacy of individuals and it has been central to the debate about data privacy and civil liberties”. (4)
In conclusion then, as a point of best practice, it is incumbent on mediators to ensure that whatever platform they choose to run their online practice on has E2EE as part of its security.
John Keers BL
John Keers is a practising mediator, qualified barrister and Course Director at Ulster University for the LLM in International Commercial Law and Alternative Dispute Resolution where he lectures extensively in the area of ADR and ODR. John is also a Co-Founder and Director of the Consumer Code for Online Dispute Resolution.
(1) The International Council for Online Dispute Resolution, ‘ICODR Video Mediation Guidelines’, April 2020, https://icodr.org/guides/videomed.pdf
(2) Nicole Perlroth, The New York Times, ‘What Is End-to-End Encryption? Another Bull’s-Eye on Big Tech’ (19th November2019).
(4) Elisabetta Zaccaria, ‘The EU GDPR makes data encryption and decryption two sides of the same coin in terms of data privacy rights’ (19th September 2018) https://gdpr.report/news/2018/09/19/the-eu-gdpr-makes-data-encryption-and-dycryption-two-sides-of-the-same-coin-in-terms-of-data-privacy-rights/