Canada's Police Chiefs Want New Law To Compel People To Reveal Passwords (www.cbc.ca)

← Back to Stories (view on slashdot.org)

Canada's Police Chiefs Want New Law To Compel People To Reveal Passwords (www.cbc.ca)

Posted by msmash on Tuesday August 16, 2016 @07:31AM from the no-country-for-privacy-enthusiasts dept.

Reader DaveyJJ writes: CBC is reporting that the Canadian Association of Chiefs of Police, has passed a resolution calling for a legal measure to unlock digital evidence, saying criminals increasingly use encryption to hide illicit activities. The chiefs are recommending new legislation that would force people to hand over their electronic passwords with a judge's consent. RCMP Assistant Commissioner Joe Oliver is using the usual scare tactics "child-molesters and mobsters live in the 'dark web'" in his statement today to drum up public support in his poorly rationalized privacy-stripping recommendation. A few years ago, Canada's Supreme Court ruled that police must have a judge's order to request subscriber and customer information from ISPs, banks and others who have online data about Canadians. I guess that ruling isn't sitting too well with law enforcement and Canada's domestic spy agencies.

25 of 209 comments (clear)

Min score:

Reason:

Sort:

Re:BY THE POWER OF CHRIST I COMPEL YOU!! by sabri · 2016-08-16 07:40 · Score: 4, Insightful

The next thing they want is the ability to torture in extra-ordinary circumstances. Then it turns out that someone stealing a car is an extra-ordinary circumstance.

The right to not self-incriminate should be absolute.

--
I'm not a complete idiot... Some parts are missing.
Stupidity to follow: by gurps_npc · 2016-08-16 07:43 · Score: 4, Insightful

"What's your password or you go to jail?"
"I don't remember what's my password."
"He's lying, throw him in jail!"
Five years later, released from jail because they crack the password, finding embarrassing porn, but nothing illegal.
But no compensation for throwing a man in jail for the 'crime' of a poor memory.

--
excitingthingstodo.blogspot.com
1. Re:Stupidity to follow: by Anonymous Coward · 2016-08-16 07:58 · Score: 5, Insightful
  
  "What's your password or you go to jail?"
  "I don't remember what's my password."
  "He's lying, throw him in jail!"
  Five years later, released from jail because they crack the password, finding embarrassing porn, but nothing illegal.
  But no compensation for throwing a man in jail for the 'crime' of a poor memory.
  Under stressful situations you may actually forget your password. I forgot my bank card PIN when I was getting a passport.
2. Re:Stupidity to follow: by OzPeter · 2016-08-16 08:28 · Score: 3, Interesting
  
  Poor memory is no excuse for breaking the law.
  Yet insanity is.
  
  --
  I am Slashdot. Are you Slashdot as well?
3. Re:Stupidity to follow: by x0ra · 2016-08-16 08:35 · Score: 2
  
  Porn ownership itself is soon gonna be a crime. How dare you challenge vagina power ?
4. Re:Stupidity to follow: by Opportunist · 2016-08-16 08:44 · Score: 5, Interesting
  
  What law did he break? The law of not writing his password down? How often have you used a password recovery system because you couldn't remember what passphrase you used with a webpage you used a decade ago and now wanted to reuse only to find out that your email address is already "in use" because you apparently have used it before?
  Now imagine you have some ancient data rotting away somewhere on a server which is "obviously" encrypted (read: They can't find a program to read it with so it has to be). Now provide the password for it, you child molesting terrorist!
  Good luck.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:Stupidity to follow: by Opportunist · 2016-08-16 08:45 · Score: 4, Funny
  
  Mine is "Go to hell motherfucking cop bastard"
  Oddly I only get beat up every time I surrender it to the feds.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:Stupidity to follow: by kuzb · 2016-08-16 08:57 · Score: 2
  
  That's not true. In cases of wrongful imprisonment there are plenty of cases of people suing and winning.
  
  Ivan Henry won 8m in 2010: http://www.cbc.ca/news/canada/...
  
  Réjean Hinse won 13.1m in 1997: http://www.ctvnews.ca/feds-que...
  
  Ron and Linda Sterling won 925k in 2004: http://www.cbc.ca/news/canada/...
  
  I could go on, there are plenty of other cases where victims of wrongful imprisonment were compensated.
  
  --
  BeauHD. Worst editor since kdawson.
7. Re:Stupidity to follow: by Kjella · 2016-08-16 08:58 · Score: 2
  
  Simple "fix", stop looking for the password. Then you're screwed, if you remember/find it later they'll say you knew how to produce it all along and if you never find it everyone will just assume that you took the time to hide something worse. Also remember this won't just apply to whole disks, say you zip some sensitive files for Bob. Since they'll be attached on open email you password protect it and call to tell Bob the key. Two years later the cops think "files_for_bob.zip" is your secret kiddie porn/terrorist plot/mafia accounting stash, you don't know the password anymore, Bob doesn't know the password anymore and you're fucked.
  For that matter, so too is Bob if he extracted the files and forgot to delete that zipped file. Or that old backup CD that you made once that the cops found at the bottom of a pile of old junk which you've long forgotten the password for, you have five other copies but the cops want to know what's on this particular CD. I know I'd be fucked just by an USB stick I used to have for work, I got client information there I couldn't risk losing if it fell out of my pocket and since I'd use it on client machines I'd have one password per client. For a time I'd know the password, but if the client didn't give us more business eventually I'd forget. The files would still be there for the cops to nail me for though.
  And that's just the things I know I don't know, even in the relaxed setting I'm in now. If remembering was the difference between going to jail or not, what's to say the panic won't become a block of its own? It's like trying to go to sleep when you know you absolutely have to sleep because you won't get another chance for a very long time. The brain gets itself all worked up with OMG I can't sleep, what if I don't get enough sleep, I really need to sleep right now and so on which is extremely counterproductive to actually falling asleep. And the smart criminals will use hidden containers and steganography, making the whole exercise pointless. Oh well...
  
  --
  Live today, because you never know what tomorrow brings
8. Re:Stupidity to follow: by scamper_22 · 2016-08-16 08:59 · Score: 2
  
  There must be a physical life example.
  Suppose you have a combination wall-safe.
  The police want to search that safe.
  So they get a warrant.
  Now, what happens if you don't give them the combination to the safe? This must have happened numerous times in the past.
  I'm no lawyer, but I googled and it looks like they could NOT make you give up a safe combination; at least in the US.
  So I don't see how cell phone password are any different. They shouldn't be able to compel you to give up your passwords.
  Assuming they have a warrant, they can definitely try and break into your cellphone, the same way they'd try and break into a safe your refused to give the combination to.
9. Re:Stupidity to follow: by painandgreed · 2016-08-16 09:56 · Score: 2
  
  "What's your password or you go to jail?"
  "I don't remember what's my password."
  "He's lying, throw him in jail!"
  Five years later, released from jail because they crack the password, finding embarrassing porn, but nothing illegal.
  But no compensation for throwing a man in jail for the 'crime' of a poor memory.
  Wait till it happens to somebody because they found suspicious files or areas of the hard drive and just think that something is encrypted. Then demand the password to the suspected encrypted devices and there is no password.
10. Re:Stupidity to follow: by AmiMoJo · 2016-08-16 10:02 · Score: 2
  
  It would probably work similarly to the UK law that can send you to jail for not handing over a password. It's up to the police to prove that you know it beyond a reasonable doubt, e.g. by showing that you had the files open recently.
  It's really dodgy because it relies on the judge or jury understanding how the files are used and under what kind of stress a person might forget their password. For example, you can have encrypted files open for weeks out months while the computer is on or sleeping, plenty of time to forget the password, and it will show you were using then right before the police took the computer.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
11. Re:Stupidity to follow: by Kjella · 2016-08-16 11:07 · Score: 2
  
  It would probably work similarly to the UK law that can send you to jail for not handing over a password. It's up to the police to prove that you know it beyond a reasonable doubt, e.g. by showing that you had the files open recently.
  Except that they don't do any of that. They just air their suspicions towards you and say It's your phone, your laptop so give us the PIN/password or else. It's about as bad as civil forfeiture in the US, guilty until proven innocent.
  
  --
  Live today, because you never know what tomorrow brings
Re:BY THE POWER OF CHRIST I COMPEL YOU!! by MightyMartian · 2016-08-16 07:44 · Score: 4, Insightful

No, the next thing they'll want is the ability to compel people to hand over the password without even the nicety of a court giving them the nod.
I'm still not sure why such a law is required. In general judge has the power to compel evidence to be turned over, and refusal to do so can lead to a finding of contempt, which could, if the accused did not comply, could lead to rather serious sanctions. This smells more like a trojan horse.

--
The world's burning. Moped Jesus spotted on I50. Details at 11.
Deceptive at best by spacepimp · 2016-08-16 07:47 · Score: 4, Insightful

The Government whining about encryption protecting guilty parties by going dark from scrutiny is flawed. Governments now have more information gathered daily than they could ever have dreamed of in the cold war, and yet they are still baiting and spreading fear and uncertainty that they can't see it all so bad people are getting away with bad things. Did they run around saying in the late 80's that citizens need to carry walking spy devices wherever they roam to make certain their actions can be monitored? The fact is governments have more information available to them about every aspect of life including citizens and non alike, and they are still saying if they had more then they could do their jobs.
what about this? by JustNiz · 2016-08-16 08:14 · Score: 2

Just have 2 passwords, one that deletes a private folder on login and one that doesn't.
It's empty. by ubergeek65536 · 2016-08-16 08:16 · Score: 2

All that is needed is one number to unlock it, another to wipe it.
1. Re:It's empty. by AmiMoJo · 2016-08-17 00:14 · Score: 2
  
  They will probably image the drive first, and then use the wipe code as evidence that you are hiding something.
  A better option is to keep a load of broken disks around. Hard drives with read errors, failed SSDs, broken flash drives. Tell them that they keyfile that is required to unlock is on one of those drives. The cops must have broken it when they collected it or imaged it. There is now no way to ever decrypt the data.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Common sense... isn't common by zarmanto · 2016-08-16 08:21 · Score: 2

This isn't any kind of a magic bullet against crime: it's just another example of people failing to follow a rational chain of events to its conclusion. If you tell an even moderately intelligent person that he will be forced to give up the password to his cell phone if he's ever arrested, then he will simply add one more layer of obfuscation between his phone and his secrets... and you still won't be able to prosecute the worst offenders. The only people who will get caught up in this new dragnet are those in the first round of arrests who don't pay attention to the latest changes in their local laws, and therefore fail to take precautions. Most others (intelligent and otherwise) will quickly learn about those prosecutions from the media frenzy that follows, and will lock down their crap soon thereafter.
Seriously... just follow the pieces around the board, and you should be able to tell who's going to ultimately win in this kind of game. (Doesn't anyone play chess, anymore?)
Re:Dual Decryption by mark-t · 2016-08-16 08:27 · Score: 2

This is why I was mentioning in previous recent comment that it would be most interesting if wetware became a thing that you could tie your password to, so that you literally *cannot* give out your password, nor unlock your device for any other agent that you do not actually want to cooperate with... and even if you are being artificially induced into wanting to cooperate, such as being under the influence of drugs, etc... because of the duress you are under, you would not be able to unlock it for them.
Of course, this lock would not preclude you from calling emergency services or some such thing, even while under stress or a situation where you couldn't otherwise unlock your device because of the protections in place, but the cops would know that with such measures in place they are literally powerless to compel you to unlock your device, and the only legal recourse would be to make such security measures illegal in the first place.

--
File under 'M' for 'Manic ranting'
Not new - safe combos.Have to prove that you know. by raymorris · 2016-08-16 08:30 · Score: 2

Assume here we're talking about a criminal court case, with a court order; not random cop wanting to look in your phone for no reason. Obviously random cop can't demand your password of their own accord without a court order.
In the context of a court order, this isn't a new thing, people have long stored documents in safes, hidden documents, etc. You can be compelled to disclose such evidence - after they prove that you have it. If it can be proven that you possess any relevant evidence, a body or anything else, you can be compelled to produce that evidence in most (all?) Western countries.
A US court recently ruled on an interesting case with a self-incrimination aspect. There was a hard drive which, evidence indicated, contained child porn. Prosecutors supoened the evidence on the hard drive, via demanding the password. In the opinion, the court ruled that IF it was NOT proven that the defendant owned and used the drive, providing the password would be testimony that it was his, and therefore self-incrimination. Because it had already been otherwise proven (or stipulated) that it was his drive, providing the password was producing evidence in his possession, not testimony.
In other words, how is a password testifying against yourself? Is it illegal to set your password to "correct horse battery staple"? The password isn't illegal, so saying that you have a certain password doesn't mean you committed a crime. Rather, it's the *evidence* already on the device that reveals the facts. There is no legal right to hide *evidence*.
Let's turn it around... by Anonymous Coward · 2016-08-16 08:35 · Score: 2, Interesting

Instead of "criminals increasingly use encryption to hide illicit activities", we have "government officials increasingly use secrecy classifications to hide illicit activities". Let's have a law that says if governments want to be able to force people to give up passwords then governments can't delay or deny open records requests. Any effort by government officials to hide information should be punished at a personal level exactly the same as how they want to punish citizens for denying their passwords.
Re:"With a judge's consent" by Anonymous Coward · 2016-08-16 08:42 · Score: 2, Informative

That says it all. Nothing unreasonable here.
Ah, the authoritarian assholes chime in right on schedule. Although we are talking about Canadians here, there is something I find very un-American about forcing a suspect to answer any question when he is under threat of prosecution, regardless of a judge's warrant.
The oppressor classes always seem to forget that once a warrant is served, there is no guarantee that any search may be fruitful. Looking for something does not mean that you will find what you seek. Collecting that cell phone does not guarantee that you can make any sense of it and is no different than had it been factory reset. The problem is that law enforcement are used to easy pickin's and cannot stand the fact that there are some things out of their reach and control.
That is what authoritarians do not want to accept.
Until warrantless searches, civil asset forfeiture without charges, and the myriad other abuses by law enforcement perpetrated without consequences are rescinded, I for one am not at all interested in giving up any more of my rights or freedom.
Re:Not new - safe combos.Have to prove that you kn by sabri · 2016-08-16 09:29 · Score: 2

There is no legal right to hide *evidence*.
I don't care what the legal right is in your jurisdiction. What I'm saying is that the right to not contribute to your own conviction should be universal and immutable.

By providing a password, dead body or any other type of evidence, you are contributing to your own conviction.

Once you make one exception to the general rule, you'll get more. It's a very slippery slope. Now they can only put you in jail, but in 10 years they are allowed to deprive you off sleep. And 10 years later deprive you of food and water, followed by pulling your nails out.

Any person suspected of a crime should have a universal irrevocable absolute right to remain silent. You prove that the person commited a crime, and you prove the person's identity.

--
I'm not a complete idiot... Some parts are missing.
Re:Well .... by gweihir · 2016-08-16 10:48 · Score: 4, Insightful

The problem is that if you let the police make the law, you get a police-state. By their very mind-set, most police-persons cannot help it and will place individual rights and freedoms second to law enforcement. In a free society, the police must _not_ be able to deal with all crime. Instead they must be limited to the minimum necessary to keep society functioning reasonably well. That idea is alien to most members of the police (if all you have is the law, everybody looks like a criminal...), yet it is critical to keep society free.
Hence while I understand why they are asking for this, it must not be granted to them and they must be put into their place forcefully. Anything else will result in a catastrophe.
Remember that all enforcement (including law enforcement) is evil by its very nature and unless it is necessary to fight a significantly larger (!) evil, it must not be done.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.