This Article has been written by Vritti Jain of Symbiosis Law School, Hyderabad
INTRODUCTION
“Privacy is an inherent human right and a requirement for maintaining the human condition with dignity and respect.”
-Bruce Schneier
With the advancement of science and technology, scientific experts depended heavily upon evidence. In today's world, it is fairly common for the court to request a scientific proof [1]. This scientific information is presented in court as a viewpoint; however, the ultimate decision will only be made by the judge, ensuring that the verdict is fair. The court declared in the case of Daubert v. Merrell Dow Pharmaceuticals, Inc.[2]that federal courts must exercise a gatekeeping function to ensure that scientific evidence is appropriate and legitimate before it can be accepted. This decision has encouraged courts to be cautious and knowledgeable in finding the latest scientific testimony, as well as scientific organizations to find out and inform judges, as well as providing experts to engage in science and technology-related hearings. The Federal Rule incorporates public acceptability, but it also considers science, according to the court. The Daubert court stated that forensic science evidence that they are unsure of can be verified as accurate by a method of robust cross-examination and analysis of the facts given. Many countries use the Daubert standards, however, there are still a few that do not.[3]
The Supreme Court of the United States established standards for the acceptance of scientific evidence obtained using a new approach They are as follows:
1. If the approach or process being used can or has been tested.
2. If the concept has been published or if it has been subjected to public evaluation
3. Whether or not the concept has a major risk of being incorrect.
4. Whether or not the hypothesis is supported by the scientific community.
FACTS OF THE CASE
Daubert and Schuller (two minors) were born with limb shortening birth abnormalities. They charged defendant Merrell Dow Pharmaceuticals, claiming that their mothers' consumption of Bendectin, an FDA-approved medicine produced by the defendant and given for morning sickness, caused the birth abnormalities
ISSUE OF THE CASE
Is there enough evidence that a medication causes genetic defects if the scientific community, such as the FDA, has claimed that it would not?
And the answer is No.
WHAT END-TO-END ENCRYPTION IS?
Encryption is a method of encoding data so that only permitted people to have access to it. We've all seen the yellow box in every WhatsApp text window that says, "Messages to this chat are secured using end-to-end encryption." Only you and the targeted reader will be able to read the message in the chatbot.
It cannot be accessed by any third party, including WhatsApp. This is known as End-to-end encryption[4].
For example, you text your friend the following message:
“Hi! Let's do something.”
The message to your friend will be as follows:
“Hi! Let's do something.”
And to anyone who is not permitted to see it, the message will look like this:
“wUwDPglyJu9LOnkBAf4vxSpQgQZltcz7LWwEquhdm5kfwynkhydhSMjesaw”
• THE NEED FOR END-TO-END ENCRYPTION
The majority of us have made it a routine to communicate over the internet. Everything seems to be online, from our images to our credit card data. We have a habit of uploading large amounts of data to the internet without thinking about the implications of our data falling into the hands of government authorities, hackers, or service providers. This is why encryption is necessary.
• PROS AND CONS
Cons:
1. End-to-end encryption (E2EE) has only one drawback, and whether or not that drawback is indeed a drawback depends on your viewpoint. To some, End-to-end encryption’s very value proposition is flawed, as nobody can access your conversations without the proper key. It's important to note that End-to-end encryption-based apps aren't completely secure. When messages are carried from one device to another, they are disguised, but they are viewable on the ends - the computers or phones at each end. This isn't always a disadvantage of end-to-end encryption, but it's important to remember.[5]
2. It ensures that no one may read your information while it is in transit. Other risks, however, remain:
a) Your gadget could be snatched: if you don't have a Password or if the attacker manages to get past it, the attacker will be able to read your texts.
b) Your gadget may be infected with software that monitors the material both before and after you send it.
3. Another threat is that anyone could use a man-in-the-middle attack to put oneself between you and your friend. This would happen at the start of the contract because you don't know for sure if you're exchanging keys with your friend. You might unintentionally reveal a secret to an enemy. Your messages are then received by the enemy, who has the key to decode the messages.[6]
Numerous apps incorporate some form of security code function to get around this. This is a set of digits or a QR code that you may send securely to your contacts (ideally offline). If the digits matched, you can be confident that no one is monitoring your chats.
Pros:
1. E2EE is undeniably an extremely valuable tool for better privacy and confidentiality in a system without all the above-identified flaws. It's a concept that's been preached by privacy activists all around the world, much like onion routing. It's also easy to add into apps that appear like the ones we are used to, making the technology available to anyone with a phone.
2. It would be a mistake to think of E2EE as a tool solely for criminals and spies. Cyber-attacks have proven to be vulnerable to even the most supposedly secure businesses, disclosing unprotected user data to malicious parties. Access to user information, such as private messages or identification documents, can have devastating consequences on people's life.
3. Hackers cannot retrieve any useful information about the content of messages if a corporation whose customers depend on E2EE is breached (given their encryption performance is strong). At most, they might be able to get their hands on metadata. Although this is still problematic in terms of privacy it's an upgrade on access to the encoded message.
DATA RETENTION
The policies of permanent data and records management for achieving legal and business data archival needs are defined by data retention. It should not be confused with the Data Protection Act of 1998, even though they are occasionally used similarly. The various data retention policies balance legal and privacy issues against economics and "need-to-know" factors. To define the retention period archival standards, data formats, and acceptable ways of storage, access, and encryption.
Although the European Court of Justice's significant judgment in 2016, which declared excessive data retention to be unconstitutional, numerous European countries are pushing to restore the practice.[7]
• DATA RETENTION POLICY
A data retention policy, also known as a records retention policy, is a company's stated policy for storing records for specific periods to meet business needs, industry rules, and legal obligations.
A detailed data retention policy explains why a corporation wants to keep certain data and what to do with it when it's no longer needed. The data retention policy should also include details on who is accountable for each type of data and weather data that is no longer required should be stored or removed
• WHY IS DATA RETENTION POLICY IMPORTANT?
A data retention policy is necessary to ensure that a company has the correct data and the appropriate amount of data backed up. If an organization does not back up adequate data, the restoration will not be as comprehensive, while archiving too much data may create problems during the process of recovery. A company's entire data management strategy includes a data retention policy. A data retention policy is necessary because data develops quickly, and an organization must determine how long it needs to keep certain data. Data should only be kept for as long as it is required. When a company keeps data for longer than it needs to, it consumes storage capacity and raises costs.
[1] Diva Rai, Admissibility of Forensic Evidence iPleaders (2021), https://blog.ipleaders.in/admissibility-forensic-evidence/ [2] Daubert v. Merrell Dow Pharmaceuticals, Inc., 1993 U.S. LEXIS 4408 (1993). [3] Daubert v. Merrell Dow Pharm. | For Law School | LexisNexis, Community, https://www.lexisnexis.com/community/casebrief/p/casebrief-daubert-v-merrell-dow-pharm (last visited Jun 2, 2021). [4] Uzair Khan, Regulation of Encrypted Online Communication Services Around the World iPleaders (2020), https://blog.ipleaders.in/regulation-encrypted-online-communication/ [5] Michael Behr, Data Protection | The Pros and Cons of End-to-End Encryption Digit (2020), https://digit.fyi/data-protection-the-pros-and-cons-of-end-to-end-encryption/ [6] Diganth Sehgal, Relationship between law, science, and technology in modern society - iPleaders iPleaders (2021), https://blog.ipleaders.in/relationship-law-science-technology-modern-society/ [7] Jennifer Baker, Encryption and Why It Matters in a Data Retention World CPO magazine (2019), https://www.cpomagazine.com/data-privacy/encryption-and-why-it-matters-in-a-data-retention-world/
Comments