Apple's co-operation with police in Tim Bosma case not unusual

When should tech companies help law enforcement access their customers' personal data?

The question has fuelled pretty fierce debate in recent months, especially duringApple's very public battle with the FBIover the agency's request that the tech giant help itgain entry into the encryptediPhone of one the people involved in the December 2015fatal shooting inSan Bernardino, Calif.

Apple categorically refused to comply with theorder from a U.S. federal judge, and the whole sagaleft some people with the mistaken impression that Apple never givescustomer data to police.

• Apple's encryption battle with the FBI could spill into Canada
• Apple's privacy fight with the FBI explained
• Apple ordered to help FBI hack shooter's iPhone
• CBC Forum | When should security trump privacy?

In reality, Apple frequently complies with requests from policeall over the world, as long as theyare accompanied byproper legal documentssearch warrants, subpoenas,production orders, etc. and the company is technically able to help.

Earlier this week, for example, it was revealed that Apple helped a technical crime investigator with the Hamilton police extract data from an iPhone 4s that belonged to Dellen Millard, one of two men accused in the high-profile 2013 slaying of Tim Bosma.

It's not clear exactly what Apple did in this instance. The company won't comment on specific cases, and the policeinvestigator involveddid not respondto CBC inquiries. The production order, signed by a judge, that would have accompanied the force's request is under a court seal.

Companies usually comply

Tamir Israel,a technology lawyer with the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa, says the phone likely had a passcode and manually enabled dataencryption.The combination is probably what madeit impossible for investigators to get to the phone's data with the forensic tools available to them, hence the need for Apple's help.

It's a fairly common scenario. In the first half of 2015, forexample, Apple received eightrequests from Canadian law enforcement agencies and provided data for nineindividual accounts. By comparison, in the same period of time in the U.S., there were 971 requests, and data was disclosed for 1,407 accounts.

These were not necessarily all iPhones, since the figures publishedonline inbiannual transparency reportsdon't distinguish between the various devices Apple makes.But the vast majority ofrequests from police and government agenciesare phone-related, according to Israel.

Manyother tech companies also make transparency reportspubliclyavailable.

One notable exception isBlackBerry. The Waterloo, Ont.-based company was recently in the news after a VICE investigation showed that the RCMP had its global encryption key for at least two years. There's no hard evidence BlackBerry handed over the key to the Mounties, but nonetheless, privacy advocates have long criticized the company for what they say is a troubling lack of transparency.

"You have to be aware, especially if you have an older model phone, that a lot of personal information will be available if your phone ends up being analyzed by police in some circumstance,"saidAnn Cavoukian, executive director of the Privacy and Big Data Institute at Ryerson University in Toronto.

"It shouldn't be surprising to people that in light of a warrant, that companies will comply. They aren't going to break the law."

Much more secure iPhones

Millard'solder model iPhone would have beenrelatively easy for Apple to unlock and decrypt, and that's why it complied with a lawful request. But that is not the casewith the iPhone 5c used by Syed Farook, who, along with his wife, gunned down 14 people in San Bernardino late last year.

Apple introduced the 5s and 5c in 2013. They were the first iPhone models to have security features so effective that, in theory,even Apple cannot access them once they're in the hands of a customer.

It was a "significant leap forward in terms of securing personal data," saidCavoukian.

The FBI wanted Apple to write highly specialized software that wouldsubvert these security measures.

Essentially, it amounted to"ordering a team of engineers at a private corporation to be deputized, unwillingly, to create a product for the government,"Halifax-based privacy lawyer DavidFraser told CBC in February, adding that complying with the order would set a dangerous precedent.

Never 100 per cent secure

Apple CEO Tim Cook emphasized at the time that the company would be creating a piece of software that could compromise even its most secure devices.

"There was a perception among some people that Apple was trying to make it difficult to find criminals and terrorists," saidCavoukian.

"But they were saying that they didn't have the means to complyand wouldn't intentionally weaken the security of their own devices."

After all the headlines and heated debate, the FBI reportedly paid private hackers more than $1.3 millionUS to access the phone.

"It shows that nothing is ever 100 per cent secure," saidIsrael. "With enough time, energy and money, a really determined attacker can probably get around even the most sophisticated security."