I have this question in which I m struggling. I have read in many sites about encrypt-then-mac etc.
If the confidentiality for transmission is needed, discuss the feature for the order of encryption and encode by error correcting code (ECC), i.e., 1) encryption-then-encode, 2) encode-then-encryption.
With some modes you can encode then encrypt, specifically stream cipher modes (CTR, OFB). Bit errors during transmission translate to identical bit errors in the encoded plaintext, and error correction will work as intended.
However, with standard block cipher modes (ECB, CBC), the entire block is encrypted, and a 1 bit error in the ciphertext creates many bit changes to the decrypted block due to the avalanche effect. Depending on the type of correction used, this may be correctable, but it is generally better to apply the code to the ciphertext.
The correct procedure is Compress $\to$ Encrypt $\to$ ECC $\to$ Transmit.
You would have no hope of error recovery if you were to apply error correcting information prior to encryption.
It is the design goal of a cipher to introduce bit flips with probability ${1}\over{2}$ and Shannon's noisy channel coding theorem tell us we cannot communicate at all if the transition probability of a binary symmetric channel is ${1}\over{2}$.
In his theory of communication, Shannon says
Equally “good” transmission would be obtained by dispensing with the channel entirely and flipping a coin at the receiving point.
If a single bit flip error occurred, by design of the cipher, it would spread to other bits and destroy any structure that the ECC had added to help detection and recovery.
Another danger of error correction followed by is the following. If we follow Kerchoff's principle, the error correction method/code as well as the encryption method should be public. Thus the only unknown is the secret key, assuming a symmetric scheme.
Most error correction codes are linear and thus introduce dependencies between symbols that are input to the encryption mechanism. Thus you have a set of linear equations that the input symbols satisfy, which means that for certain input masks (assuming ECB mode, and a block cipher for simplicity) into the you have a linear equation that holds with probability $1.$
The adversary now only has to analyze only the output masks corresponding to those input masks, thus reducing the complexity of computing the relevant linear characteristics, which can make a difference for large Sboxes.
If a stream cipher was being used, then there are ready made parity check equations for the input, that can be used in cryptanalysis.
Even if the code is not linear (almost all good codes used in practice are, convolutional codes, LDPC codes, RS codes, RM codes) encoding still introduces predictable dependencies.
