Science

Apple's encryption battle with the FBI could spill into Canada

Apple's legal battle with the FBI could reverberate in Canada, where privacy and technology experts say the debate around encryption technology has been alarmingly "quiet" despite its far-reaching consequences.

U.S. legal fight will be closely watched north of the border

Apple CEO Tim Cook took a firm stand against the FBI in its effort to have the company help the agency access the encrypted iPhone 5c of Syed Farook, one the San Bernardino shooters. The request was unusual because it required Apple to develop software that would undermine its own security. (Jeff Chiu/Associated Press)

All the might, money and intellect of the Federal Bureau of Investigation apparently couldn't crack the password-protected iPhone used by one of the shooters in the attack late last year that left 14 people dead in San Bernardino, Calif.

So the backup plan is to make Apple do it via an unusual court order, something the technology giant has said it will fight.

The outcome of the legal battle over that deeply controversial strategy could reverberate loudly in Canada, where privacy and technology experts say the debate around encryption technology has been alarmingly quiet despite its far-reaching consequences for anyone with a smartphone.

"The conversations about encryption and how it fits into security have been very vocal in the U.S. and what's happening now with Apple now is sort of all that coming to a head," says Tamir Israel, a lawyer with the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa.

"But if you look carefully, you see that law enforcement in Canada has been actively trying to attain the kinds of powers we see in the U.S., but doing it in a much less overt way."

'This is taking a chainsaw to a problem that requires a scalpel.'- Trevor Timm, Freedom of the Press Foundation

Broadly speaking, encryption is the scrambling of data so that it can only be accessed with a secret decryption key, which is generated by an algorithm. There are varying types of encryption methods, some more secure than others.

Leaning on a U.S. law passed in 1789, the FBI wants Apple to write a new, highly specialized version of its iOS mobile operating system that would help investigators access the encrypted work phone, an iPhone 5C, of Syed Farook.

Simply put, Apple is being ordered by a federal judge to deliberately subvert its own security systems.

Your chainsaw, doctor

Apple and privacy advocates say the move would be very dangerous, suggesting it amounts to creating a backdoor — an intentionally built-in susceptibility that could, in the wrong hands, be used to compromise data on millions of phones worldwide.

"This is taking a chain saw to a problem that requires a scalpel," says Trevor Timm, executive director at the California-based Freedom of the Press Foundation, who has written extensively on technology privacy law.

"They are telling tech companies that they are going to have to disable security features that are in place specifically to protect users from all sorts of malicious actors."

It could also set a precedent for future cases in which Apple or other tech companies could be compelled to write software that undermines the security of newer-model phones.

"It's clear the government is not just concerned with this case. They want to set a precedent that they will be able to force tech companies to rewrite their own software," Timm adds. "This could lead to all sorts of situations that compromise user security."

Whether this is really possible in Apple's case, since the tech giant significantly increased the strength of its encryption technology in 2014, remains a bit of an open question.

Nonetheless, if Apple loses its appeal to have the order tossed out, it would be forced to do the U.S. government's bidding.

Pushing boundaries

That's a significant departure from, say, providing existing data to law enforcement based on a warrant, according to Halifax-based privacy lawyer David Fraser, a partner at McInnes Cooper.

"The court is essentially ordering a team of engineers at a private corporation to be deputized, unwillingly, to create a product for the government," he says.

The Apple case could encourage Canadian law enforcement to attempt similar orders for all kinds of third party companies operating here, like the telcos — which do encrypt some communications on mobile networks — or software companies developing encryption services, Fraser adds. 

It's very unlikely a Canadian court would ever be able to successfully order a foreign tech company to comply with an order like the one in the ongoing Apple case, but police already have a pretty wide range of options at their disposal when it comes to obtaining digital records, he says. 

"In theory, the same power that's being explored in the Apple case exists in Canadian law. We've just never seen it go that far. I would expect that if Apple is compelled to comply with the order, we'd eventually see something here that would test similar boundaries within the Canadian court system."

'Going dark'?

This is partly because well-encrypted data, obtained through lawful search warrants, can be impossible for police to crack. Law enforcement in both Canada and the U.S. have been vocal about the problem that encrypted data poses for investigations, a phenomenon dubbed "going dark."

Authorities in the U.S. have even gone as far to suggest that backdoors should be built in to all encryption technology so that police can access information more readily. That idea has been strongly condemned across the board by privacy advocates, lawyers and tech companies.

Still, police insist something must be done to help them decrypt data when it's needed.

Some technology law experts, however, argue that, in much more subtle ways than backdoor orders, the Canadian establishment began trying to weaken communications encryption nearly two decades ago.

"We have seen, over the years in Canada, several attempts by law enforcement and government to quietly and less overtly find ways to get around encrypted protections," says Israel.

"Sometimes the language in proposed bills would not suggest this specific purpose, but really they could be used to leverage third parties to assist in decryption efforts." 

Weakening encryption

An interesting example, Israel says, can be found in Bill C-13, which passed into law in 2014. It was an evolutionary step in successive attempts by Liberal and Conservative governments to pass "lawful access" legislation, which privacy advocates have long derided as Draconian and overly generous in the powers it affords law enforcement.

It was presented as a bill to end cyberbullying, but it has many less obvious repercussions because the language is intentionally vague. 

According to Israel, the bill can arguably be used to force mobile carriers and third-party service providers to hand over decryption keys for data encrypted and stored, say, in a secure cloud.

It's important to note that this doesn't apply to data stored on a device you own and can't be used to intercept and decrypt data in transit, like in a wiretap. 

But it does pertain to information kept by a service provider, which in some cases, says Israel, can be even more robust than what may be on your phone because so much of our digital footprint is stored in clouds.

Apple defies court order to help FBI

9 years ago
Duration 7:07
Tech giant will fight an order to unlock a user's iPhone, saying to do otherwise would create a back door that could potentially be used on other future devices

In a report published last summer, Citizen Lab post-doctoral researcher Christopher Parsons wrote that "though Canadian officials have not been as publicly vocal about a perceived need to undermine cryptographic standards, the government of Canada nevertheless has a history of successfully weakening encryption available to and used by Canadians."

In the U.S., the conversation around law enforcement's and security agencies' access to encrypted data has been loud and very public.

But in Canada "much of these debates have taken place very quietly within government," Parsons says. 

The Apple case, Israel adds, could help drag the exchange over the future of encryption technology and digital security in Canada into the spotlight.

Read the U.S. government's order for Apple:

Mobile users: View the document
(PDF KB)
(Text KB)
CBC is not responsible for 3rd party content

Corrections

  • A previous version of this story stated the FBI is using a law passed in 1798 to compel Apple to assist them. In fact, the law in question is even older - it was adopted in 1789.
    Feb 19, 2016 5:23 PM ET