Apple's encryption battle with the FBI could spill into Canada
U.S. legal fight will be closely watched north of the border
All the might, money and intellect of the Federal Bureau of Investigation apparently couldn't crack the password-protected iPhone used by one of the shooters in the attack late last year that left 14 people dead in San Bernardino, Calif.
So the backup plan is to make Apple do it via an unusual court order, something the technology giant has said it will fight.
The outcome of the legal battle over that deeply controversial strategy could reverberate loudly in Canada, where privacy and technology experts say the debate around encryption technology has been alarmingly quiet despite its far-reaching consequences for anyone with a smartphone.
- Apple blasts order to unlock iPhone, vowing to fight court order
- Trump slams Apple for refusing to help FBI hack shooter's iPhone
- Read Tim Cook's message to Apple customers
- Apple ordered to help FBI hack shooter's iPhone
"The conversations about encryption and how it fits into security have been very vocal in the U.S. and what's happening now with Apple now is sort of all that coming to a head," says Tamir Israel, a lawyer with the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa.
"But if you look carefully, you see that law enforcement in Canada has been actively trying to attain the kinds of powers we see in the U.S., but doing it in a much less overt way."
This is taking a chainsaw to a problem that requires a scalpel.- Trevor Timm , Freedom of the Press Foundation
Broadly speaking, encryption is the scrambling of data so that it can only be accessed with a secret decryption key, which is generated by an algorithm. There are varying types of encryption methods, some more secure than others.
Leaning on a U.S. law passed in 1789, the FBI wants Apple to write a new, highly specialized version of its iOS mobile operating system that would help investigators access the encrypted work phone, an iPhone 5C, of Syed Farook.
Simply put, Apple is being ordered by a federal judge to deliberately subvert its own security systems.
Your chainsaw, doctor
Apple and privacy advocates say the move would be very dangerous, suggesting it amounts to creating a backdoor — an intentionally built-in susceptibility that could, in the wrong hands, be used to compromise data on millions of phones worldwide.
"This is taking a chain saw to a problem that requires a scalpel," says Trevor Timm, executive director at the California-based Freedom of the Press Foundation, who has written extensively on technology privacy law.
An <a href="https://twitter.com/FBI">@FBI</a> win against <a href="https://twitter.com/hashtag/Apple?src=hash">#Apple</a> results in an insecurity mandate. A world where Americans can't sell secure products, but our competitors can.—@Snowden
"They are telling tech companies that they are going to have to disable security features that are in place specifically to protect users from all sorts of malicious actors."
It could also set a precedent for future cases in which Apple or other tech companies could be compelled to write software that undermines the security of newer-model phones.
"It's clear the government is not just concerned with this case. They want to set a precedent that they will be able to force tech companies to rewrite their own software," Timm adds. "This could lead to all sorts of situations that compromise user security."
Whether this is really possible in Apple's case, since the tech giant significantly increased the strength of its encryption technology in 2014, remains a bit of an open question.
Nonetheless, if Apple loses its appeal to have the order tossed out, it would be forced to do the U.S. government's bidding.
That's a significant departure from, say, providing existing data to law enforcement based on a warrant, according to Halifax-based privacy lawyer David Fraser, a partner at McInnes Cooper.
"The court is essentially ordering a team of engineers at a private corporation to be deputized, unwillingly, to create a product for the government," he says.
- CBC Forum | When should security trump privacy?
- What powers do police have for online surveillance?
- Spy agencies target mobile phones, app stores to implant spyware
The Apple case could encourage Canadian law enforcement to attempt similar orders for all kinds of third party companies operating here, like the telcos — which do encrypt some communications on mobile networks — or software companies developing encryption services, Fraser adds.
It's very unlikely a Canadian court would ever be able to successfully order a foreign tech company to comply with an order like the one in the ongoing Apple case, but police already have a pretty wide range of options at their disposal when it comes to obtaining digital records, he says.
"In theory, the same power that's being explored in the Apple case exists in Canadian law. We've just never seen it go that far. I would expect that if Apple is compelled to comply with the order, we'd eventually see something here that would test similar boundaries within the Canadian court system."
This is partly because well-encrypted data, obtained through lawful search warrants, can be impossible for police to crack. Law enforcement in both Canada and the U.S. have been vocal about the problem that encrypted data poses for investigations, a phenomenon dubbed "going dark."
Authorities in the U.S. have even gone as far to suggest that backdoors should be built in to all encryption technology so that police can access information more readily. That idea has been strongly condemned across the board by privacy advocates, lawyers and tech companies.
if the gov hacks the iPhone themselves, they don't get the legal precedent they are so desperate to establish in this case.—@csoghoian
Still, police insist something must be done to help them decrypt data when it's needed.
Some technology law experts, however, argue that, in much more subtle ways than backdoor orders, the Canadian establishment began trying to weaken communications encryption nearly two decades ago.
"We have seen, over the years in Canada, several attempts by law enforcement and government to quietly and less overtly find ways to get around encrypted protections," says Israel.
"Sometimes the language in proposed bills would not suggest this specific purpose, but really they could be used to leverage third parties to assist in decryption efforts."
An interesting example, Israel says, can be found in Bill C-13, which passed into law in 2014. It was an evolutionary step in successive attempts by Liberal and Conservative governments to pass "lawful access" legislation, which privacy advocates have long derided as Draconian and overly generous in the powers it affords law enforcement.
- CBC's coverage of Canada's Snowden files
- OK for police to search cellphone if no password, says court
It was presented as a bill to end cyberbullying, but it has many less obvious repercussions because the language is intentionally vague.
According to Israel, the bill can arguably be used to force mobile carriers and third-party service providers to hand over decryption keys for data encrypted and stored, say, in a secure cloud.
It's important to note that this doesn't apply to data stored on a device you own and can't be used to intercept and decrypt data in transit, like in a wiretap.
But it does pertain to information kept by a service provider, which in some cases, says Israel, can be even more robust than what may be on your phone because so much of our digital footprint is stored in clouds.
In a report published last summer, Citizen Lab post-doctoral researcher Christopher Parsons wrote that "though Canadian officials have not been as publicly vocal about a perceived need to undermine cryptographic standards, the government of Canada nevertheless has a history of successfully weakening encryption available to and used by Canadians."
In the U.S., the conversation around law enforcement's and security agencies' access to encrypted data has been loud and very public.
But in Canada "much of these debates have taken place very quietly within government," Parsons says.
The Apple case, Israel adds, could help drag the exchange over the future of encryption technology and digital security in Canada into the spotlight.
Read the U.S. government's order for Apple:
- A previous version of this story stated the FBI is using a law passed in 1798 to compel Apple to assist them. In fact, the law in question is even older - it was adopted in 1789.Feb 19, 2016 5:23 PM ET