Instead of complying with a UK encryption backdoor mandate, Apple removed features like advanced data protection. A similar outcome could occur in Canada if a new bill is passed.
Apple will not weaken the encryption of any government entity because it would allow good guys and bad guys greater access to user data. As the FBI explained after the San Bernardino shooting, there is no such thing as a “good guys only” back door.
Canadian lawmakers believe that legal access to encrypted data should be required, which is why Bill C-22 exists. According to a report from ReutersApple and Meta are pushing back.
“In an era of growing and pervasive threats from malicious actors seeking access to user information, Bill C-22, as written, would harm our ability to deliver the powerful privacy and security features that users have come to expect from Apple,” Apple said in a statement. “This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products – something Apple will never do.”
Meta shared a similar statement suggesting the bill would “force vendors to install government spyware directly on their systems.”
If the bill passes, Apple will likely do whatever is necessary without compromising encryption, security, or user privacy. If that means removing a feature like advanced data protection, as has been the case in the UK, it will.
The encryption problem
If Apple created a special way to access iPhone encryption in Canada, it would undoubtedly leak and become a powerful tool for authorities and bad actors around the world. The best security is a system without access points, secret codes or back doors.
End-to-end encryption on iPhone means that various apps and services are stored in a way that even Apple doesn’t have access to.
Every Apple product encrypts the following by default:
- Health data
- iCloud Keychain
- Wi-Fi and cellular credentials
- Home data
- Payment information
- Information about Siri
- iMessage and FaceTime
This data is not accessible to Apple, even when a government legally requests it. The only exception is that iMessage stores an encryption key in iCloud backup.
For users who want to encrypt as much as possible, Apple has added advanced data protection. This increases the number of things that are end-to-end encrypted, including device backup.
Users should only enable advanced data protection if they understand the risk. If they lose access to their account and don’t have a way to re-register, all is lost.
Here’s what’s encrypted with Advanced Data Protection:
- Device Backups
- Message backups
- iCloud Drive
- Remarks
- Pictures
- Reminders
- Safari Bookmarks
- Voice Memos
- Wallet pass
If Canada passes this law and tries to force Apple’s hand, it could remove Advanced Data Protection as a feature for Canadian users. It’s a way of trying to meet the authorities in the field, but it may not be enough.
The UK eventually backed down, but it is impossible to predict what Canada might do. Apple could completely shut down operations in the country if it deems it necessary, but there are several other tactics it can use before taking such drastic measures.
Apple’s stance on user privacy and security may seem like marketing nonsense, but it has stood the test of time. Even if companies remove encryption from messaging apps or don’t bother to increase device security, Apple is finding new ways to protect users.
Progress is being made for the security of Apple products, even if it means being a thorn in the side of entities like the FBI and now the Canadian government.