Police chiefs’ password resolution called unconstitutional
The call by Canadian police chiefs for legislation that would compel people under investigation to hand over their mobile phone password to authorities has been called “overreaching” and “unconstitutional” by privacy advocates.
Currently, there is nothing in Canadian law that would allow the police to order someone to provide his or her cell phone password. The Canadian Association of Chiefs of Police (CACP) wants to change that because, they say, access to an individual’s mobile device could provide authorities access to information that may be critical to criminal investigations.
Yesterday, the association passed a resolution which “urges the Government of Canada, for the purpose of community safety, to identify a legislative means for public safety agencies inclusive of law enforcement, through judicial authority, to compel the holder of an encryption key or password to reveal it to law enforcement.”
The CACP’s resolution comes at a time when the federal government has opened up consultations on cyber security. Among the issues being discussed in the consultations which run until October 15, is how to balance online and mobile freedoms with security.
“I was not surprised when I read that the police chiefs were asking for this,” said David Fraser, a privacy lawyer with Nova Scotia-based, full-service law firm McInnes Cooper. “What it really comes down to from the get go is self-incrimination. It’s not going to stand up in court because we don’t have a law that allows a parson to participate in their investigation…or their own undoing.”
Fraser, who advises private and public sector clients to implement compliance programs for Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act, the Freedom of Information and Protection of Privacy Act (Nova Scotia), and the Privacy Act of Canada, said that if police believe information pertinent to their investigation is inside a person’s smartphone or computer the onus is on the police to find a way to access the data and not on the owner of the device.
“If the police have reason to believe the evidence is being kept in a person’s cabinet, they can’t compel the person to open the cabinet,” the privacy lawyer said. “The police can take an ax to it, but the police can’t order the person to open the cabinet and participate in his self-incrimination.”
Fraser said he is sympathetic to the police and the challenges they face in obtaining evidence from digital devices, especially those that are password-protected or have their data encrypted. However, the laws of Canada “err on the side of protecting individual rights and autonomy.”
Fraser also said that proponents of the CACP’s resolution had alluded to the United Kingdom’s Regulation of Investigatory Powers Act (RIPA), which regulates the powers of public bodies to carry out surveillance and investigation, and covering the interception of communications.
RIPA allows the following:
- enables certain public bodies to demand that an Internet service provider provides access to a customer’s communications in secret;
- enables mass surveillance of communications in transit;
- enables certain public bodies to demand ISPs fit equipment to facilitate surveillance;
- enables certain public bodies to demand that someone hand over keys to protected information;
- allows certain public bodies to monitor people’s Internet activities;
- prevents the existence of interception warrants and any data collected with them from being revealed in court.
“They argue that Canada’s legal system is similar to England’s so we should have something like this,” Fraser said. “But in reality, Canada’s legal system is different. We have a Charter of Rights and Freedoms, the U.K does not.”
In a press conference yesterday, Royal Canadian Mounted Police Assistant Commissioner Joe Oliver told journalists current mobile and online communication technologies have allowed criminal groups and individuals to operate in near anonymity and cover up their activities.
“Canada’s law and policing capabilities must keep pace with the evolution of technology,” he said.
The CACP referred to recent comments by Chief Terrence Cunningham, president of the International Association of Chiefs of Police (IACP) who had spoken on what he calls the issue of “going dark” and the challenges of collecting electronic evidence.
“The increasing inability of law enforcement with lawful authority to access electronic communications is a global problem that transcends all boundaries,” said Cunningham, who is chief of Wellesley, Massachusetts, Police Department. “The proliferation of electronic communications has enabled criminals, even unsophisticated ones, to take advantage of encrypted communications.”
The IACP’s position on the issue and the changes there are seeking are contained in the document: Data, Privacy, and Public Safety.
“My jaw dropped when I read about,” David Christopher, spokesperson for OpenMedia, a group that advocates against online surveillance. He called the CACP’s actions “overreaching.”
Christopher expressed doubt that the federal government would consider the adopting the association’s proposal. “I would be amazed if the government takes this idea and runs with it.”
“What the police chiefs were calling for is disproportionate, even unconstitutional,” Christopher said. “So much of our lives, both professionally and privately are now contained in out smartphones, iPads, and other devices. The vast majority of that data would have no relevance to what police may be investigating and yet they are asking access to it.”
Fraser said the issue is related to the United States’ Federal Bureau of Investigation’s (FBI) tiff with Apple of the bureau’s request for a “backdoor” to the tech company’s iPhone.
Early this year, there was a storm of debates over the first-of-its-kind ruling by U.S. Judge Sheri Pym instructing Apple to assist law enforcement authorities to decrypt the iPhone belonging to Syed Farook. Farook and his wife Tashfeen Malik killed 14 of Farook’s co-workers during a December 2015 holiday luncheon. The massacre has been called the deadliest terrorist attack on U.S. soil since the 2001 attack on the World Trade Centre and the Pentagon.
While law enforcement agencies argued for better access to encrypted data, many technology leaders and privacy advocates countered that creating a backdoor access to peoples’ devices would not increase public safety but rather erode individual privacy rights.
He said it’s very unlikely for something like that to happen in Canada. For one thing, it would be practically difficult to enforce because most mobile device makers are not based in Canada so Canadian courts would have no jurisdiction over the majority of device manufacturers – except perhaps for BlackBerry.
(Banner photo by Jim Makos)