Slashdot Mirror
Canada's Police Chiefs Want New Law To Compel People To Reveal Passwords (www.cbc.ca)
Reader DaveyJJ writes: CBC is reporting that the Canadian Association of Chiefs of Police, has passed a resolution calling for a legal measure to unlock digital evidence, saying criminals increasingly use encryption to hide illicit activities. The chiefs are recommending new legislation that would force people to hand over their electronic passwords with a judge's consent. RCMP Assistant Commissioner Joe Oliver is using the usual scare tactics "child-molesters and mobsters live in the 'dark web'" in his statement today to drum up public support in his poorly rationalized privacy-stripping recommendation. A few years ago, Canada's Supreme Court ruled that police must have a judge's order to request subscriber and customer information from ISPs, banks and others who have online data about Canadians. I guess that ruling isn't sitting too well with law enforcement and Canada's domestic spy agencies.
The next thing they want is the ability to torture in extra-ordinary circumstances. Then it turns out that someone stealing a car is an extra-ordinary circumstance.
The right to not self-incriminate should be absolute.
I'm not a complete idiot... Some parts are missing.
"What's your password or you go to jail?"
"I don't remember what's my password."
"He's lying, throw him in jail!"
Five years later, released from jail because they crack the password, finding embarrassing porn, but nothing illegal.
But no compensation for throwing a man in jail for the 'crime' of a poor memory.
excitingthingstodo.blogspot.com
No, the next thing they'll want is the ability to compel people to hand over the password without even the nicety of a court giving them the nod.
I'm still not sure why such a law is required. In general judge has the power to compel evidence to be turned over, and refusal to do so can lead to a finding of contempt, which could, if the accused did not comply, could lead to rather serious sanctions. This smells more like a trojan horse.
The world's burning. Moped Jesus spotted on I50. Details at 11.
The Government whining about encryption protecting guilty parties by going dark from scrutiny is flawed. Governments now have more information gathered daily than they could ever have dreamed of in the cold war, and yet they are still baiting and spreading fear and uncertainty that they can't see it all so bad people are getting away with bad things. Did they run around saying in the late 80's that citizens need to carry walking spy devices wherever they roam to make certain their actions can be monitored? The fact is governments have more information available to them about every aspect of life including citizens and non alike, and they are still saying if they had more then they could do their jobs.
Take off eh!
Let's make everyone reveal their passwords.
Let's make backdoor passwords THE LAW.
Let's trust that only the government will have those secret backdoor passwords.
Let's watch as the government gets hacked and everyone's information is owned by Russians, or Iranians, or whoever is the highest bidder...
Really, these idiots need to be called out. Every time they propose crap like this, it needs to be pointed out VERY LOUDLY IN THE NEWS MEDIA that these stupid plans will never work.
Canadians Want New Law To Compel Police Chiefs To Reveal Their IQ.
Never mind, we already cracked that one.
In general judge has the power to compel evidence to be turned over, and refusal to do so can lead to a finding of contempt, which could, if the accused did not comply, could lead to rather serious sanctions
And this, I would argue, definitely infringes on the right to avoid self-incrimination.
If this would apply to providing access to electronic media, why would it not apply to disclosing the location of the body?
I'm not a complete idiot... Some parts are missing.
>> "child-molesters and mobsters live in the 'dark web'"
OMG! Think of THE CHILDREN!!!
Just have 2 passwords, one that deletes a private folder on login and one that doesn't.
Well for one thing, the police took your phone - it is reasonable to assume you know how to turn it on.
On the other hand, the police SUSPECT you killed someone and hid the body - yet without proof that you did it is not reasonable to assume you know where the body is.
-=This sig has nothing to do with my comment. Move along now=-
All that is needed is one number to unlock it, another to wipe it.
This isn't any kind of a magic bullet against crime: it's just another example of people failing to follow a rational chain of events to its conclusion. If you tell an even moderately intelligent person that he will be forced to give up the password to his cell phone if he's ever arrested, then he will simply add one more layer of obfuscation between his phone and his secrets... and you still won't be able to prosecute the worst offenders. The only people who will get caught up in this new dragnet are those in the first round of arrests who don't pay attention to the latest changes in their local laws, and therefore fail to take precautions. Most others (intelligent and otherwise) will quickly learn about those prosecutions from the media frenzy that follows, and will lock down their crap soon thereafter.
Seriously... just follow the pieces around the board, and you should be able to tell who's going to ultimately win in this kind of game. (Doesn't anyone play chess, anymore?)
Could see smartphone manufacturers implementing the ability to set a different password, which when entered loads a "boss" mode view of the device while it secure wipes in the background.
This is why I was mentioning in previous recent comment that it would be most interesting if wetware became a thing that you could tie your password to, so that you literally *cannot* give out your password, nor unlock your device for any other agent that you do not actually want to cooperate with... and even if you are being artificially induced into wanting to cooperate, such as being under the influence of drugs, etc... because of the duress you are under, you would not be able to unlock it for them.
Of course, this lock would not preclude you from calling emergency services or some such thing, even while under stress or a situation where you couldn't otherwise unlock your device because of the protections in place, but the cops would know that with such measures in place they are literally powerless to compel you to unlock your device, and the only legal recourse would be to make such security measures illegal in the first place.
File under 'M' for 'Manic ranting'
It works very well in the UK.
Wait, wait, no, no it doesn't...
I guess that's bad news for all the grumblers out there threatening to "move to Canada" when their candidate doesn't get elected. :-D
Proverbs 21:19
Assume here we're talking about a criminal court case, with a court order; not random cop wanting to look in your phone for no reason. Obviously random cop can't demand your password of their own accord without a court order.
In the context of a court order, this isn't a new thing, people have long stored documents in safes, hidden documents, etc. You can be compelled to disclose such evidence - after they prove that you have it. If it can be proven that you possess any relevant evidence, a body or anything else, you can be compelled to produce that evidence in most (all?) Western countries.
A US court recently ruled on an interesting case with a self-incrimination aspect. There was a hard drive which, evidence indicated, contained child porn. Prosecutors supoened the evidence on the hard drive, via demanding the password. In the opinion, the court ruled that IF it was NOT proven that the defendant owned and used the drive, providing the password would be testimony that it was his, and therefore self-incrimination. Because it had already been otherwise proven (or stipulated) that it was his drive, providing the password was producing evidence in his possession, not testimony.
In other words, how is a password testifying against yourself? Is it illegal to set your password to "correct horse battery staple"? The password isn't illegal, so saying that you have a certain password doesn't mean you committed a crime. Rather, it's the *evidence* already on the device that reveals the facts. There is no legal right to hide *evidence*.
Alleged criminals will just not keep incriminating things on their phones. I know if it came to pass that you were required to turn over your phone and passwords on demand, I'd go back to memorizing people's phone numbers, and never storing a single thing on the phone itself, ever. Maybe get a cheap-ass bare-bones $50 phone, and if they demand it, hand it to them and tell them to keep it, tell the wireless company I lost it, and get another one.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Instead of "criminals increasingly use encryption to hide illicit activities", we have "government officials increasingly use secrecy classifications to hide illicit activities". Let's have a law that says if governments want to be able to force people to give up passwords then governments can't delay or deny open records requests. Any effort by government officials to hide information should be punished at a personal level exactly the same as how they want to punish citizens for denying their passwords.
But, there was no law made forcing people to give up their passwords when asked for it by police. Instead, it required a judge to determine that the police should be able to ask for the password in this case.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Section 11(c) of the charter of rights and freedoms states:
Any person charged with an offence has the right not to be compelled to be a witness in proceedings against that person in respect of the offence;
Further, your own Miranda Rights state that you have the right to remain silent. This means they can not compel you to say anything. It's very important to say no to this request made by the police - it is an extreme violation of your own civil rights.
That says it all. Nothing unreasonable here.
Ah, the authoritarian assholes chime in right on schedule. Although we are talking about Canadians here, there is something I find very un-American about forcing a suspect to answer any question when he is under threat of prosecution, regardless of a judge's warrant.
The oppressor classes always seem to forget that once a warrant is served, there is no guarantee that any search may be fruitful. Looking for something does not mean that you will find what you seek. Collecting that cell phone does not guarantee that you can make any sense of it and is no different than had it been factory reset. The problem is that law enforcement are used to easy pickin's and cannot stand the fact that there are some things out of their reach and control.
That is what authoritarians do not want to accept.
Until warrantless searches, civil asset forfeiture without charges, and the myriad other abuses by law enforcement perpetrated without consequences are rescinded, I for one am not at all interested in giving up any more of my rights or freedom.
I have nothing on my computer that I'd need to hide. Well, I'm sure that there's probably some way that they would find to prosecute me or anyone else given enough personal data and the breadth of the criminal code.
And that's why warrants with scope should always be used for such searches.
But, with or without a warrant, I'm not handing over my password.
It is not illegal to park your car at home at 7 AM in the morning either, but if the court asks you if you did that you have the right not to answer.
Your reasoning is a red herring. The point isn't admission of crime. The point is giving testimony. And answering questions about what you did at a certain time, or what password you set on your computer, is testimony.
I've been there. "A judges consent" means that some sleepy judge gets dragged out of bed at 2am to rubber stamp something he didn't even read.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Didn't they just arrest a guy because he didn't provide it?
Are you thinking of Alain Philippon?
If so, the difference in that case is that it was at a border during customs inspection and he was charged with hindering a border agent in their duties. It's set to go to trial this month. Although, since it's essentially Charter of Rights and Freedoms v Customs Act, I wouldn't be surprised to see it dragged all the way to the Canadian supreme court.
What, no thumbscrews?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
In court, do you think you have a legal right to refuse to answer the question "what is your name?"
Please note the following discusses what the law *is*, not what I think it *should* be. I didn't write the law, I read it.
> It is not illegal to park your car at home at 7 AM in the morning either, but if the court asks you if you did that you have the right not to answer.
In general, no you don't, not under the law. See "subpoena". You have a right to not answer IF the answer is testimony (evidence given by a witness) which incriminates you.
So, under the law, there are two pertinent questions:
a) Is it testimony (spoken *evidence* relevant to the charge)
b) Might the answer incriminate the person being asked.
You can refuse to answer "did you park at home at 7AM?" if you are charged with parking there - maybe it's a no-parking zone. To be protected, the statement must be evidence (not merely a non-evidentiary fact which might assist in discovering evidence), and it must be evidence against the speaker.
A question which fails each test is "what is your name?". In general, a person's name isn't evidence of a crime (or against). Testimony is defined as spoken evidence, so stating your name is not testimony (unless you are accused of falsifying your identity). Stating your name MIGHT well assist an investigator in proceeding with an investigation. Just because it is helpful to investigators doesn't make it spoken evidence (testimony). A password might well assist an investigator in proceeding with an investigation ...
Assuming a statement IS evidence, the second prong of the test is whether it is self-incriminating. I can be forced to testify against you, and you can be forced to testify against me. You just can't be forced to testify against yourself. So the question is only out of bounds if the answer implicates the person answering. Note as above, what is your name?" assists with the investigation, but it's not self-incrimination, because the answer doesn't itself implicate the person in a crime. Similarly "What is your password?" assists with the investigation, but doesn't itself implicate them in a crime.
I might agree that your conclusion SHOULD be the law if you can explain how you'd distinguish between questions including "what is your name?" and "what is your password?" Why is one self-incrimination and the other not? Both help investigators. Neither is an admission of a crime.
There is no legal right to hide *evidence*.
I don't care what the legal right is in your jurisdiction. What I'm saying is that the right to not contribute to your own conviction should be universal and immutable.
By providing a password, dead body or any other type of evidence, you are contributing to your own conviction.
Once you make one exception to the general rule, you'll get more. It's a very slippery slope. Now they can only put you in jail, but in 10 years they are allowed to deprive you off sleep. And 10 years later deprive you of food and water, followed by pulling your nails out.
Any person suspected of a crime should have a universal irrevocable absolute right to remain silent. You prove that the person commited a crime, and you prove the person's identity.
I'm not a complete idiot... Some parts are missing.
How about some laws which protect the public from the damned pOlice?
Requiem for the American Dream
Fuck'em, hard. Just because everyone else is asking for this nonsense does not make it right.
Everyone else: Run as much encryption, and Tor nodes, as you can. Drives them bonkers when they can't just fish through plaintext.
Not just Canadians. Shout out from the free and democratic UK ^_^
Requiem for the American Dream
Do those tools include mobile phones? What happened to 'right to silence' and 'protection from self-incrimination'? What the police are saying, is everyone has to prove they're not a mobster or child abuser. This is a digital version of 'stop and frisk' where the police can start a fishing expedition against anyone.
The police have rightly been denied access to the big pool (of data) so now they want to bully everyone in the little pool. Actually, the police can go to the big pool, they're just throwing tantrum when told to hold a grown-up's hand.
If you want a vision of the future, imagine a boot stamping on a human face - forever.
Well for one thing, the police took your phone - it is reasonable to assume you know how to turn it on.
On the other hand, the police SUSPECT you killed someone and hid the body - yet without proof that you did it is not reasonable to assume you know where the body is.
Suppose you admitted you know where the body is. There are many reasons you may know this that don't involve you being a killer. Maybe you witnessed someone else dispose of the body, maybe you ran across the body after it was deceased, maybe the killer told you where the body was buried, etc. Now, supposing you actually DID happen to kill the person and you know there is evidence on the body (DNA, fingernail marks, ballistics that match your gun, etc.) that would lead to you most likely being convicted if the body were found. Suppose you are asked by police or a judge where the body is. You've already admitted to knowing where it is. Are you compelled to reveal where it is, if such a revelation will incriminate you?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
If you do it right, they cannot. But a) many people mess this up and b) what does it help you if you get released from prison after a few years as innocent after all and get some shitty non-compensation for the life-time they stole from you?
This is a fascist idea, plain and simple.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Hmmm. How about this - if I have hidden evidence that ties me to a crime, can I be ordered by the court to tell the police where I hid that evidence? By analogy, if I have hidden evidence on my phone by using encryption, can I be ordered by the court to tell the policy how to "find" the information on my phone by revealing my password/encryption key?
They sure can try and do a lot of damage to you in the process. And since they will not be able to prove that you have that password (as they cannot), you will have to prove you do not have it instead (which you cannot) or be presumed guilty. It is the old authoritarian idea that anybody they do not like is to be regarded as guilty until proven innocent. Yes, that is as immoral and repulsive as it sounds.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The problem is that if you let the police make the law, you get a police-state. By their very mind-set, most police-persons cannot help it and will place individual rights and freedoms second to law enforcement. In a free society, the police must _not_ be able to deal with all crime. Instead they must be limited to the minimum necessary to keep society functioning reasonably well. That idea is alien to most members of the police (if all you have is the law, everybody looks like a criminal...), yet it is critical to keep society free.
Hence while I understand why they are asking for this, it must not be granted to them and they must be put into their place forcefully. Anything else will result in a catastrophe.
Remember that all enforcement (including law enforcement) is evil by its very nature and unless it is necessary to fight a significantly larger (!) evil, it must not be done.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What's my password? Shoot!!, i forgot my password.
The next thing they want is the ability to torture in extra-ordinary circumstances. Then it turns out that someone stealing a car is an extra-ordinary circumstance.
The right to not self-incriminate should be absolute.
At least in the states, it's been true for a long time (Boyd v. United States, maybe?) that the right against self-incrimination does not extend to your documents. Police can search your house and use your diary or papers against you. Logically, under existing precedent, it is not at all obvious that the right against self-incrimination can or should protect you from a search of your laptop or other electronics.
The much more readily justifiable argument is that you should be allowed to keep your phone locked until you are ordered to unlock it by a judge. Freedom from government intrusion is important, as is privacy, but ultimately some middle ground that protects personal liberties while still allowing police to investigate serious crime is a much more tenable position.
The problem arises when people who don't understand encryption start arguing that the middle ground requires technically impossible or infeasible deliberate weakening of electronic security that will magically only let the government have the key. Which is great, if the government has accountability for how they use it (which their testimony to Congress shows they do not), or until the government of another country pays some guy a million bucks (or otherwise social engineers him) to get them a copy of the key (which will happen within six months of when they create the key). So they shouldn't do that and it's dumb.
But when it's "We think you're a criminal. We have enough evidence that there is probable cause to think you're a criminal. Records on your phone are evidence [just like records in your house would be]. Please enter your password," it's hard to come up with a convincing reason why they shouldn't be able to look at the documents. Unless your password is "I-embezzled-that-money."
Real lawyers write in C++
> definitely infringes on the right to avoid self-incrimination.
The Canadian section 13 is not the same American right you're, ostensibly, citing.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
> if I have [any] evidence, can I be ordered by the court
Yes.
> if I have hidden evidence that ties me to a crime, can I be ordered by the court
Still yes, plus the concealing is an additional crime:
Prosecution of Destroying or Concealing Evidence (Penal Code 135 PC)
A person knowing that any ... thing, is about to be produced in evidence upon a trial, inquiry, or investigation, authorized by law, willfully ...
destroys, erases, or CONCEALS the same
(quoting California law as an example of law in a typical Western jurisdiction)
Normally, the person in possession or control of the evidence would be ordered to actually bring the evidence to the court. Where that's impractical, they'll be ordered to make it available to attorneys for both sides, in whatever manner makes sense given the type of evidence.
Here's a another explanation by someone who has been studying these matters since 1977. When an interviewer asked Hillary Clinton if she kept detailed records of what she did in Washington, Clinton replied "Heavens no! It could get subpoenaed! I donâ(TM)t write anything down."
But a judge cannot order me to teach someone the made-up language I used to write in that notebook. And sanctioning someone for refusing to do that is flat out wrong.
Wrong.
If the government decides it's a politically-imperative action to cover their asses, a judge would order you to teach a court officer the language you created and would happily throw your ass in the lockup until you do, rights be damned, and there's not a damned thing you could do about it.
If you revealing the data is *really* important to them, they'll simply ship your ass off on a 'black flight' to some foreign hellhole where they'll proceed to the fingernail-removal and genital-mutilation portion of the festivities.
You are not free. Your 'freedom' is an illusion, simply a bit of Kabuki theater, nothing more. They remove the choices available. They will imprison, torture, and kill you if it furthers their agendas and all they have to do is wait for a couple 24-hour news cycles (if it even gets noticed at all) and then it's "all this is old news, can't we move on?" and it's on to the newest/latest scandal.
You are a sheep among other sheep that will happily feed you to the wolves for a promise to be eaten last.
In the US? Of course not.
In Canada? I don't know, but I'd seriously doubt it.
Who uses Luddite thumbscrews!?!?
Modern Inquisition inquirers use Greek scientific methods using water-displacement, density vs volume, and buoyancy experimentation!
Tie rocks to the bound suspect and toss him in deep water. If he floats he's obviously guilty, if he drowns then he *was* innocent!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
> definitely infringes on the right to avoid self-incrimination.
The Canadian section 13 is not the same American right you're, ostensibly, citing.
Basically limits incriminating yourself to one proceeding.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
The RCMP (who btw are not entitled to the "Royal TItle" in any way whatsoever)
How do you figure? Canada is still a part of the British Commonwealth, and it was given the Royal title by King Edward VII. It doesn't really get any more entitled to being called Royal than the fucking King calling it Royal.
Encrypted data that is in the possession of the police, is not hidden. They are asking the victim to assist them with interpreting the data.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
I wrote a toy example of an end to end encrypted messaging service, which also functions as a data store, in about 300 lines of php, js, HTML, using only cryptojs.
Basic idea is to generate two separate strings ( e.g. pinkSecretBunny and fluffySecretBunny ), run both through a hash, use one output as an index in a table (e.g. mysql), the other is the encryption key for the data. Given just the key+encrypted data, you need to invert the hash to have any idea of how to generate the encryption key.
It is quite feasible that, given only encrypted data, it is impossible for someone to know the password for it.
An easier example is if an encrypted zip file is found on your hard drive, but the name is lost (so you don't know it was mydirtyporn3.zip), how will you know the right password?
They could inadvertently criminalise using multiple passwords for different things, which ought to be considered good practice.
See pgen.chalisque.org/ssms.pdf
John_Chalisque
The oppressor classes
Well hello, anonymous Marxist spewing your retardation online...
Original AC here. The oppressor classes are those authoritarians (in power or not) who would condone warrantless wiretapping, waterboarding, no-knock warrants, civil forfeiture, All Writs Act, and the like. I am pro-freedom, pro-individualism and pro-capitalism. I have no use for those who would want to strip liberty, rights and freedom from Americans just so the government can continue meddling in Middle Eastern countries half way across the world. My oldest kid is 24 and there have only been two years of his life where the US has not been involved in armed conflict somewhere in the world.
I have never been confused for a Marxist before. Good job demonstrating your own retardation.
Let's assume for a moment you are stupid enough to first tell the police you know where there's a dead body, then refuse to tell them where it is.
You are now facing charges including but not limited to hindering an investigation, contempt of court, (accomplice to) murder ...
-=This sig has nothing to do with my comment. Move along now=-
I want a poney and a couple millions dollars too....and then?
FUCK YOU CANADA!
Really hard, with moose antlers
Why don't they just compel people to admit all their crimes to the police?
It would make their work still simpler than just giving up passwords.
There are a number of ways of a citizen getting around such a court order. A few that instantly come to mind:
Two-factor authentication: The court may order me to turn over my password, but if I have a second factor (external to my phone/laptop/etc) to authenticate, the password, itself, won't be enough to unlock a damn thing.
Implement a duress failsafe: I'm surprised this isn't implemented more in software, to be honest. Effectively, have two passwords tied to a single login. If I log in with the "safe" password, everything logs in normally. If I login with my normal username (so as not to draw any undue attention or suspicion from law enforcement types), but enter the secondary, duress password, it cripples the data/device. Have it output a normal login process but, say, run rm -rf, or some other digital thermite equivalent.
Refuse: Given the option of turning over my password or going to jail, my response will likely be "Eat dicks." Fill the jails with contempt of court cases and make it an economical burden on the state to bother prosecuting such cases.
https://en.wikipedia.org/wiki/... https://en.wikipedia.org/wiki/... I'm not sure you properly researched your answer.
Hahahaha
No
This signature is false.
Seriously, government needs to get a clue... What makes anyone think that a law violating someone's 5th (or Section 11c, Canadian Charter of Rights and Freedoms in Canada) Amendment rights to compel them to give evidence against themselves is a good idea? How many politicians have used "i do not recall" as an answer to a direct question under oath to get out of wrongdoing? What about that law, requiring all public servants to NOT be able to use "i do not recall" or something along those lines as a way to escape justice?
...You can be compelled to disclose such evidence - after they prove that you have it. If it can be proven that you possess any relevant evidence...
In Canada, Bill C-13 gives police the power to request permission from a judge for communication information from 3rd parties (like phone companies and ISPs) based on "suspicion". The suspicion is defined as: an officer believes you have, are in the act of, or will in the near future commit a crime. The definition for suspicion is not given, but it is worded to avoid any mention of proof.
I suspect that the police want to get the same easy access to the data on your phone. Simply saying "I suspect I will find something on this phone which is evidence of a crime." is enough to cause a judge to warrant a search.
To be clear: Canada does not require any "proof" to eavesdrop and such. And now the Canadian police are so lazy, they want the same easy method for breaking into your personal effects.
This group (Canadian Association of Chiefs of Police) is just a very weak lobby organization. What they ask for will certainly be noted by the Government of the day, but that's it. A respected Journalist in an Op-Ed piece in one of the major newspapers would get the exact same consideration.
Since this particular wish-list involves some fairly serious legal issues, not the least of which is the likelihood of any enabling legislation almost certainly ending up in the Supreme Court of Canada for what will at best result in restrictions to it's use, and at worst a total, permanent and binding ban forever, don't expect anything soon, or at all.
Now, if the Government of the day is already considering some legislation that affects police powers, then they would consult the CACP. Not the other way around, though, which is what this is.