The decision by a U.S. court ordering Apple to create a so-called back door into an iPhone owned by a terrorist is being watched carefully in Canada, home to a number of technology companies that make products with encryption — including Blackberry.
So far there have been no similar cases here, Imran Ahmad, an associate lawyer at the Toronto firm of Cassels Brock who focuses on privacy and cyber security law and also sits on the cyber security council of the Canadian Advanced Technology Alliance (CATA), said in an interview.
“I’m not aware of any public decisions that were made in terms of a government agency going after a Canadian company saying ‘You need to create a backdoor or key to open it up so we can investigate,’… Based on the decision I reviewed for Apple and based on what (Apple CEO) Tim Cook put out a bit later in response they’re basically asking them for a new way of getting access to encrypted information.”
“Theoretically could it happen here? It’s potentially possible,” he added.
He said in similar circumstances — a terrorist event or imminent event — it’s not hard to foresee law enforcement agency going to a Canadian company with an encrypted product and asking to provide help to decrypt or to provide an encryption key.
Apple has said at the moment there is no way to circumvent its password protection, which deletes data after 10 failed login attempts. Ahmad noted the court order does say the manufacturer only has to offer “reasonable technical assistance” to the FBI. But that might include creating a special version of iOS that only runs in memory, and only on the seized phone.
Although the wording of the Canadian Charter of Rights is different than the U.S. Bill of Rights, courts here watch U.S. legal decisions and sometimes take them into account.
One Canadian company that might face the issue is Mississauga, Ont.-based WinMagic, which makes encryption management software. Although it has helped forensic investigations “no government agency has ever formally or informally requested access to the (encryption) key,” James LaPalme, the company’s vice-president of cloud solutions, said in an interview.
“We don’t have backdoors. Once the enterprise turns up the server key, management is in their hands … if the government wants the keys they would have to go to that enterprise.”
“They can ask us to be creative, but there’s nothing to hand over.”
Cook said Wednesday his company will appeal the court order sought by the FBI for help in getting around the password lock on the phone used by Syed Rizwan Farook in December, who, with his wife, killed 14 people at the San Bernardino County Department of Public Health. The pair were then killed by police. The FBI wants to know if Farook had accomplices.
The case has re-opened debate in the U.S. that has been going on for over a year after many law enforcements agencies and some politicians called for legislation compelling companies that include encryption in their offerings to build backdoors into their software for police.
Opponents argue backdoors only endanger privacy, not necessarily because law enforcement agencies would be able to see private conversations and data — in all probability they’d need a warrant — but because if there’s a opening eventually others could get access to secure data including organized crime and foreign countries.
In the Farook case the judge’s order specifically tells Apple to find a solution that will only work on the terrorist’s phone and not a tool the FBI would keep.
Some industry experts have downplayed the controversy, saying the judge only asked Apple to help the FBI log into the device, not decrypt the phone themselves.
But in an interview U.S. cyber security expert Bruce Schneier called the Apple court order a precedent. “It’s about one iPhone but it’s actually about all iPhones, all phones, all computers, all connected devices … This is a precedent, and that’s why there will be a lot of fighting here.”
The order immediately renewed the debate in the media over whether backdoors help or hinder security. Canadian privacy expert Ann Cavoukian wrote a column for the Globe and Mail saying the U.S. government shouldn’t force Apple “to jeopardize the security and privacy of its users.”
The debate largely hasn’t drifted north because no member of Parliament has yet said backdoor legislation should be passed here. Ahmad said CATA’s cyber security council hasn’t even discussed the issue.
However, RCMP commissioner Bob Paulson has warned that encrypted devices makes it harder for police to find child pornographers.
What makes the Apple court order noteworthy, lawyer Imran Ahmad agreed, is that it shifts the debate in the U.S. from a policy issue — is this the right thing to do — to a legal issue — does the court have the power to issue such an order.
In other words, it will be difficult for Apple to argue on appeal that creating a backdoor is bad public policy.
Nick Cardozo, a staff attorney for the Electronic Frontier Foundation, made a similar point to CSO Online. “The FBI has brought this case to create a precedent that they can order a developer to insert a backdoor,” he said.
“If the FBI wins here, and Apple is forced to subvert its security infrastructure to sign what amounts to a malicious update, then nothing will prevent the FBI from obtaining orders requiring other developers to insert arbitrary code in their products.”