IT Security and Our Right to Privacy

Posted by .

I found it interesting to see the RCMP are lobbying our lawmakers to pass a law compelling us to divulge the passwords of our mobile devices if by some chance they are confiscated as part of any ongoing investigations.  This is likely in response to the kerfuffle raised in the US a number of months back when the FBI tried to force Apple into supplying a back-door into the iPhones of the San Bernadino shooters.

I get ca it – we need to be able to stop terrorism and we need to be able to investigate it when we fail to stop it, but c’mon!  Our devices contain huge amounts of personal data.  It isn’t beyond the realm of possibility that with all the various laws and jurisdictions, any search of all your emails, pictures, and files could find something incriminating.  I can hear it now: “Sir, do you have proof of ownership of that Justin Bieber CD you are listening to?”  Yikes!

I have one question: Are our Members of the Legislative Assembly really that stupid?  Well, if they think they can pass a law that compels you to divulge your password, then the answer is an unequivocal yes!  Yes, they are that stupid!  Not like they needed a law like this to prove it, but still.  Look, let’s say for a moment they could get that bill passed which is a crapshoot at best but let’s say they could. it all goes for naught with three simple words: “I don’t remember.”

Now, assuming there are ramifications for refusal to comply, the courts would then have to prove (beyond a reasonable doubt) your criminal intent.  I am not a lawyer but I do know that 99.999 times out of 100, a reverse onus offense would be struck down as completely unconstitutional.  The simple argument would be “the interrogation by the police made me so nervous that I couldn’t remember”.  Besides, I’m in the help desk business and I can tell you in no uncertain terms that people forget their passwords all the time; it’s very common.  And some products already have the ability to enter a “duress password” that can be entered that immediately wipes the phone.  If the police nick my phone and want me to unlock it, I simply have to give them the duress password and just like that <snaps fingers>, the data is gone.  And again, the simple defense is “oops, I was so nervous I gave them the wrong password.”  It would be like rolling rocks uphill climb for p48742048 - male terrorist wearing mask and carrying machine gun with flag of isisrosecutors to prove you meant to do that.



Legislation like this will have zero impact on preventing terrorists, cyber criminals or any other otherwise law abiding citizens who say “I can’t recall”.  Police have a tough job, but trying to take the easy way out by enacting ineffective, overly intrusive laws will do nothing but take away more rights to privacy.  Remember Ben Franklin when he said: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.

Looking for ways to shore up your own security without having to lobby for a new law?  Security is one of our strong suits.  Call us today to find out why.