#CyberFLASH: Your passwords aren’t protected


To paraphrase the words of retired U.S. Supreme Court justice John Paul Stevens in a 1988 dissent, “a person may be forced to surrender a key to a lockbox, but he cannot be compelled to reveal the combination to his wall safe.” It is a legal concept that has returned to the spotlight recently, with the Canadian Association of Chiefs of Police calling for the legal power to compel criminal suspects to disclose passwords to electronic devices. It is an inevitable response to increasingly sophisticated, publicly available data encryption, but — the apoplexy of self-righteous Internet libertarians notwithstanding — it is not an unacceptable nor unconstitutional expansion of police powers.

That the police chiefs’ would call for the power to compel passwords comes as no surprise. As the Federal Bureau of Investigation’s spat with Apple over unlocking the phone of the San Bernardino shooter showed, as data encryption advances and becomes more widely available, traditional police investigative tools are increasingly left behind. Sophisticated software could, until recently, be utilized by law enforcement to crack a device’s password. Advanced encryption of the type now used in the latest smartphones and operating systems, however, makes those devices essentially uncrackable and renders previously utilized technology obsolete.

Regardless, several arguments may be made against the police chiefs’ proposal. “Self-incrimination” is the battle cry of opponents to the idea of forcing a suspect to reveal a password. Compared to the United States, however, Canada’s protections against self-incrimination are weak and, in any event, largely inapplicable in the context of unlocking electronic devices. One cannot “plead the fifth” if testifying in Canada, nor are police obliged — as the Supreme Court of Canada has ruled — to stop questioning a suspect who invokes his right to silence.

Read more here

#CyberFLASH: Canada’s police chiefs: “We need laws that force cybercriminals to reveal their passwords”

image-3The news that Canada’s police chiefs are advocating for federal laws that would compel individuals to provide electronic passwords with a judge’s consent isn’t sitting well with some members of Canada’s IT community.

Earlier this week at its annual conference in Ottawa, the Canadian Association of Chiefs of Police (CACP) passed a resolution that formally requests legal measures to lawfully unlock digital evidence, citing the rise of cybercriminals who are using encryption tools to hide illicit activities as the impetus.

During a news conference on Tuesday, RCMP Assistant Commissioner Joe Oliver noted that at present under Canadian law, police cannot compel individuals to comply with a request to provide a password during an investigation. Law enforcement needs to keep pace with modern criminals who are effectively “going dark” by operating in cyberspace with tools that mask their identities, said Oliver.

“The victims in the digital space are real,” said Oliver, adding that Canada’s law and policing capabilities aren’t keeping pace with the evolution of technology.

But according to Jacob Ginsberg, senior director for Toronto-based email encryption software firm Echoworx, such as move would be an “unconscionable” one.

“While we don’t blame CACP for wanting tools to make their jobs easier, a law of this kind would criminalize privacy, and it would be unconscionable for a democratic society to draft a law whereby denying a request from police to go through your things, digital or otherwise, would be illegal,” he said in an email.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.