#CyberFLASH: Your passwords aren’t protected


To paraphrase the words of retired U.S. Supreme Court justice John Paul Stevens in a 1988 dissent, “a person may be forced to surrender a key to a lockbox, but he cannot be compelled to reveal the combination to his wall safe.” It is a legal concept that has returned to the spotlight recently, with the Canadian Association of Chiefs of Police calling for the legal power to compel criminal suspects to disclose passwords to electronic devices. It is an inevitable response to increasingly sophisticated, publicly available data encryption, but — the apoplexy of self-righteous Internet libertarians notwithstanding — it is not an unacceptable nor unconstitutional expansion of police powers.

That the police chiefs’ would call for the power to compel passwords comes as no surprise. As the Federal Bureau of Investigation’s spat with Apple over unlocking the phone of the San Bernardino shooter showed, as data encryption advances and becomes more widely available, traditional police investigative tools are increasingly left behind. Sophisticated software could, until recently, be utilized by law enforcement to crack a device’s password. Advanced encryption of the type now used in the latest smartphones and operating systems, however, makes those devices essentially uncrackable and renders previously utilized technology obsolete.

Regardless, several arguments may be made against the police chiefs’ proposal. “Self-incrimination” is the battle cry of opponents to the idea of forcing a suspect to reveal a password. Compared to the United States, however, Canada’s protections against self-incrimination are weak and, in any event, largely inapplicable in the context of unlocking electronic devices. One cannot “plead the fifth” if testifying in Canada, nor are police obliged — as the Supreme Court of Canada has ruled — to stop questioning a suspect who invokes his right to silence.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.