When should tech companies help law enforcement access their customers' personal data?

The question has fuelled pretty fierce debate in recent months, especially during Apple's very public battle with the FBI over the agency's request that the tech giant help it gain entry into the encrypted iPhone of one the people involved in the December 2015 fatal shooting in San Bernardino, Calif.

Apple categorically refused to comply with the order from a U.S. federal judge, and the whole saga left some people with the mistaken impression that Apple never gives customer data to police.

In reality, Apple frequently complies with requests from police all over the world, as long as they are accompanied by proper legal documents — search warrants, subpoenas, production orders, etc. — and the company is technically able to help.

Earlier this week, for example, it was revealed that Apple helped a technical crime investigator with the Hamilton police extract data from an iPhone 4s that belonged to Dellen Millard, one of two men accused in the high-profile 2013 slaying of Tim Bosma.

It's not clear exactly what Apple did in this instance. The company won't comment on specific cases, and the police investigator involved did not respond to CBC inquiries. The production order, signed by a judge, that would have accompanied the force's request is under a court seal.

Companies usually comply

Tamir Israel, a technology lawyer with the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa, says the phone likely had a passcode and manually enabled data encryption. The combination is probably what made it impossible for investigators to get to the phone's data with the forensic tools available to them, hence the need for Apple's help.

It's a fairly common scenario. In the first half of 2015, for example, Apple received eight requests from Canadian law enforcement agencies and provided data for nine individual accounts. By comparison, in the same period of time in the U.S., there were 971 requests, and data was disclosed for 1,407 accounts.

Tim Bosma was murdered in 2013. Apple helped investigators access the iPhone 4s of one of the men accused of killing him. (Facebook)

These were not necessarily all iPhones, since the figures — published online in biannual transparency reports — don't distinguish between the various devices Apple makes. But the vast majority of requests from police and government agencies are phone-related, according to Israel.

Many other tech companies also make transparency reports publicly available.

One notable exception is BlackBerry. The Waterloo, Ont.-based company was recently in the news after a VICE investigation showed that the RCMP had its global encryption key for at least two years. There's no hard evidence BlackBerry handed over the key to the Mounties, but nonetheless, privacy advocates have long criticized the company for what they say is a troubling lack of transparency.

"You have to be aware, especially if you have an older model phone, that a lot of personal information will be available if your phone ends up being analyzed by police in some circumstance," said Ann Cavoukian, executive director of the Privacy and Big Data Institute at Ryerson University in Toronto.

"It shouldn't be surprising to people that in light of a warrant, that companies will comply. They aren't going to break the law."

Much more secure iPhones

Millard's older model iPhone would have been relatively easy for Apple to unlock and decrypt, and that's why it complied with a lawful request. But that is not the case with the iPhone 5c used by Syed Farook, who, along with his wife, gunned down 14 people in San Bernardino late last year.

Apple introduced the 5s and 5c in 2013. They were the first iPhone models to have security features so effective that, in theory, even Apple cannot access them once they're in the hands of a customer.

It was a "significant leap forward in terms of securing personal data," said Cavoukian.

Apple CEO Tim Cook took a firm stand against the FBI in its effort to have the company help the agency access the encrypted iPhone 5c of Syed Farook, one the San Bernardino shooters. The request was unusual because it required Apple to develop software that would undermine its own security. (Jeff Chiu/Associated Press)

The FBI wanted Apple to write highly specialized software that would subvert these security measures.

Essentially, it amounted to "ordering a team of engineers at a private corporation to be deputized, unwillingly, to create a product for the government," Halifax-based privacy lawyer David Fraser told CBC in February, adding that complying with the order would set a dangerous precedent.

Never 100 per cent secure

Apple CEO Tim Cook emphasized at the time that the company would be creating a piece of software that could compromise even its most secure devices.

"There was a perception among some people that Apple was trying to make it difficult to find criminals and terrorists," said Cavoukian.

"But they were saying that they didn't have the means to comply and wouldn't intentionally weaken the security of their own devices."

After all the headlines and heated debate, the FBI reportedly paid private hackers more than $1.3 million US to access the phone.

"It shows that nothing is ever 100 per cent secure," said Israel. "With enough time, energy and money, a really determined attacker can probably get around even the most sophisticated security."