Apple's encryption battle with the FBI could spill into Canada

All the might, money and intellect of the Federal Bureau of Investigation apparently couldn't crack the password-protectediPhoneused by one of the shooters in the attack late last year that left 14 people dead in San Bernardino, Calif.

So the backup plan is tomake Apple do itvia an unusual court order, something the technology giant has said it will fight.

The outcome of the legal battle over that deeply controversial strategycould reverberate loudly in Canada, where privacy and technology experts say the debate around encryption technology has been alarmingly quietdespite its far-reaching consequences for anyone with asmartphone.

• Apple blasts order to unlockiPhone, vowing to fight court order
• Trump slams Apple for refusing to help FBI hack shooter'siPhone
• Read Tim Cook's message to Apple customers
• Apple ordered to help FBI hack shooter'siPhone

"The conversations about encryption and how it fits into security have been very vocal in the U.S. and what's happening now with Apple now is sort of all that coming to a head,"saysTamirIsrael, a lawyer with the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa.

"But if you look carefully, you see that law enforcement in Canada has been actively trying to attain the kinds of powers we see in the U.S., but doing it in a much less overt way."

'This is taking achainsawto a problem that requires a scalpel.'-Trevor Timm, Freedom of the Press Foundation

Broadly speaking, encryption is the scrambling of data so that it can only be accessed with a secret decryption key, which is generated by an algorithm. There are varying types of encryption methods, some more secure than others.

Leaning on a U.S. law passed in 1789,the FBI wants Apple to write a new, highly specialized version of its iOS mobile operating system that would help investigators access the encrypted work phone, aniPhone5C, ofSyedFarook.

Simply put, Apple is being ordered by a federal judge to deliberately subvert its own security systems.

Your chainsaw, doctor

Apple and privacy advocates say the move would be very dangerous, suggesting it amounts to creating a backdoor an intentionally built-in susceptibility that could, in the wrong hands, be used to compromise data on millions of phones worldwide.

"This is taking achain sawto a problem that requires a scalpel," says TrevorTimm, executive director at the California-based Freedom of the Press Foundation, who has written extensively on technology privacy law.

"They are telling tech companies that they are going to have to disable security features that are in place specifically to protect users from all sorts of malicious actors."

It could also set a precedent for future casesin which Apple or other tech companies could be compelled to write software that undermines the security of newer-model phones.

"It's clear the government is not just concerned with this case. They want to set a precedent that they will be able to force tech companies to rewrite their own software,"Timmadds. "This could lead to all sorts of situations that compromise user security."

Whether this is really possible in Apple's case, since the tech giant significantly increased the strength of its encryption technology in 2014,remains a bit of an open question.

Nonetheless, if Apple loses its appeal to have the order tossed out, it would be forced to do the U.S. government's bidding.

Pushing boundaries

That's a significant departure from, say, providing existing data to law enforcement based on a warrant, according to Halifax-based privacy lawyer DavidFraser, a partner atMcInnesCooper.

"The court is essentially ordering a team of engineers at a private corporation to be deputized, unwillingly, to create a product for the government," he says.

• CBC Forum |When should security trump privacy?
• What powers do police have for online surveillance?
• Spy agencies target mobile phones, app stores to implant spyware

The Apple case could encourage Canadian law enforcement to attempt similar orders for all kinds of third party companies operating here, like thetelcos which do encrypt some communications on mobile networks or software companies developing encryption services,Fraseradds.

It's very unlikely a Canadian court would ever be able to successfully order a foreign tech company to comply with an order like the one in the ongoing Apple case, but police already have a pretty wide range of options at their disposal when it comes to obtaining digital records, he says.

"In theory, the same power that's being explored in the Apple case exists in Canadian law. We've just never seen it go that far. I would expect that if Apple is compelled to comply with the order, we'd eventually see something here that would test similar boundaries within the Canadian court system."

'Going dark'?

This is partly because well-encrypted data, obtained through lawful search warrants, can be impossible for police to crack. Law enforcement in both Canada and the U.S. have been vocal about the problem that encrypted data poses for investigations, a phenomenon dubbed "going dark."

Authorities in the U.S. have even gone as far to suggest that backdoors should be built in to all encryption technology so that police can access information more readily. That idea has been strongly condemned across the board by privacy advocates, lawyers and tech companies.

Still, police insist something must be done to help them decrypt data when it's needed.

Some technology law experts, however, argue that, in much more subtle ways than backdoor orders,the Canadian establishment began trying to weaken communications encryption nearly two decades ago.

"We have seen, over the years in Canada, several attempts by law enforcement and government to quietly and less overtly find ways to get around encrypted protections," says Israel.

"Sometimes the language in proposed bills would not suggest this specific purpose, but really they could be used to leverage third parties to assist in decryption efforts."

Weakening encryption

An interesting example, Israel says, can be found in BillC-13, which passed into law in 2014. It was an evolutionary step in successive attempts by Liberal and Conservative governmentsto pass "lawful access" legislation, which privacy advocates have long derided as Draconian and overly generous in the powers it affords law enforcement.

• CBC's coverage of Canada'sSnowdenfiles
• OK for police to search cellphone if no password, says court

It was presentedas a bill to end cyberbullying, but it has many less obvious repercussions because the language is intentionally vague.

According to Israel,the bill can arguably be used to force mobile carriers and third-party service providersto hand over decryption keys for data encrypted and stored, say, in a secure cloud.

It's important to note that this doesn't apply to data stored on a device you own and can't be used to intercept and decryptdata in transit, like in a wiretap.

But it does pertain to informationkept by a service provider, which in some cases, says Israel, can be even more robust than what may be on your phone because so much of our digital footprint is stored in clouds.

Apple defies court order to help FBI

9 years ago

Duration 7:07

Tech giant will fight an order to unlock a user's iPhone, saying to do otherwise would create a back door that could potentially be used on other future devices

In areportpublished last summer, Citizen Lab post-doctoral researcher Christopher Parsons wrote that "though Canadian officials have not been as publicly vocal about a perceived need to undermine cryptographic standards, the government of Canada nevertheless has a history of successfully weakening encryption available to and used by Canadians."

In the U.S., the conversation around law enforcement's and security agencies' access to encrypted data has been loud and very public.

But in Canada "much of these debates have taken place very quietly within government," Parsons says.

The Apple case, Israeladds, could help drag the exchange over the future of encryption technology and digital security in Canada into the spotlight.

Read the U.S. government's order for Apple: