Instead of complying with an encryption backdoor mandate in the UK, Apple pulled features like Advanced Data Protection. A similar result could occur in Canada if a new bill passes.
Apple won't weaken encryption for any government entity because doing so would allow good guys and bad guys better access to user data. As it argued with the FBI after the San Bernardino shooting, there is no such thing as a backdoor "just for the good guys."
Canadian legislators believe that lawful access to encrypted data should be required, which is why Bill C-22 exists. According to a report from Reuters, Apple and Meta are pushing back.
"At a time of rising and pervasive threats from malicious actors seeking access to user information, Bill C-22, as drafted, would undermine our ability to offer the powerful privacy and security features users expect from Apple," Apple said in a statement. "This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products - something Apple will never do."
Meta shared a similar statement suggesting that the bill would "force providers to install government spyware directly on their systems."
If the bill passes, Apple will likely do whatever it needs to without breaking encryption, security, or user privacy. If that means withdrawing a feature like Advanced Data Protection like it did in the UK, it will.
The encryption problem
If Apple created a special way to access iPhone encryption in Canada, it would no doubt leak and become a powerful tool for authorities and bad actors around the world. The best security is a system without an access point, secret code, or backdoor.
End-to-end encryption on iPhone means various apps and services are stored in a way that not even Apple can access.
Every Apple product encrypts the following by default:
- Health data
- iCloud Keychain
- Wi-Fi and Cellular credentials
- Home data
- Payment information
- Siri information
- iMessage and FaceTime
This data can't be accessed by Apple even when a government lawfully requests it. The only exception is iMessage stores an encryption key in iCloud backup.
For users that want to encrypt as much as possible, Apple added Advanced Data Protection. It increases the number of things end-to-end encrypted, which includes the device backup.
Users should only enable Advanced Data Protection if they understand the risk. If they lose access to their account and don't have a method of reentry, everything is gone.
Here's what's encrypted with Advanced Data Protection:
- Device backups
- Messages backups
- iCloud Drive
- Notes
- Photos
- Reminders
- Safari Bookmarks
- Voice Memos
- Wallet passes
If Canada passes that law and tries to force Apple's hand, it could take away Advanced Data Protection as a feature for Canadian users. It's a way of trying to meet authorities in the middle, but it may not be enough.
The UK ultimately backed down, but there's no predicting what Canada might do. Apple could halt business in the country altogether if it feels it is necessary, but there are several other tactics it can pursue before taking such drastic measures.
Apple's stance on user privacy and security may sound like marketing silliness, but it has withstood the test of time. Even as companies remove encryption from messaging apps or don't bother with increasing device security, Apple finds new ways to protect users.
Forward progress is made for Apple product security even if it means being a thorn in the side of entities like the FBI and now the Canadian government.
