Earlier this week, the Canadian Association of Chiefs of Police (CACP) passed a resolution which “urges the Government of Canada, for the purpose of community safety, to identify a legislative means for public safety agencies inclusive of law enforcement, through judicial authority, to compel the holder of an encryption key or password to reveal it to law enforcement.”
The CACP’s resolution comes at a time when the federal government has opened up consultations on cybersecurity. Among the issues being discussed in the consultations which run until October 15, is how to balance online and mobile freedoms with security.
At least one Canadian privacy lawyer and an organization opposed to online surveillance, have expressed concern over the police chiefs’ resolution.
“I was not surprised when I read that the police chiefs were asking for this,” said David Fraser, a privacy lawyer with Nova Scotia-based, full-service law firm McInnes Cooper. “What it really comes down to from the get-go is self-incrimination. It’s not going to stand up in court because we don’t have a law that allows a person to participate in their investigation…or their own undoing.”
Fraser, who advises private and public sector clients to implement compliance programs for Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act, the Freedom of Information and Protection of Privacy Act (Nova Scotia), and the Privacy Act of Canada, said that if the police believe information pertinent to their investigation is inside a person’s smartphone or computer the onus is on the police to find a way to access the data and not on the owner of the device.
“If the police have reason to believe the evidence is being kept in a person’s cabinet, they can’t compel the person to open the cabinet,” the privacy lawyer said. “The police can take an ax to it, but the police can’t order the person to open the cabinet and participate in his self-incrimination.”
Fraser said he is sympathetic to the police and the challenges they face in obtaining evidence from digital devices, especially those that are password-protected or have their data encrypted. However, the laws of Canada “err on the side of protecting individual rights and autonomy.”
Fraser also said that proponents of the CACP’s resolution had alluded to the United Kingdom’s Regulation of Investigatory Powers Act (RIPA), which regulates the powers of public bodies to carry out surveillance and investigation and covering the interception of communications.
RIPA does the following:
- Enables certain public bodies to demand that an Internet service provider provides access to a customer’s communications in secret
- Enables mass surveillance of communications in transit
- Enables certain public bodies to demand ISPs fit equipment to facilitate surveillance
- Enables certain public bodies to demand that someone hand over keys to protected information
- Allows certain public bodies to monitor people’s Internet activities
- Prevents the existence of interception warrants and any data collected with them from being revealed in court
“They argue that Canada’s legal system is similar to England’s so we should have something like this,” Fraser said. “But in reality, Canada’s legal system is different. We have a Charter of Rights and Freedoms, the U.K does not.”
In a press conference yesterday, Royal Canadian Mounted Police Assistant Commissioner Joe Oliver told journalists that current mobile and online communication technologies have allowed criminal groups and individuals to operate in near anonymity and cover up their activities.
“Canada’s law and policing capabilities must keep pace with the evolution of technology,” he said.
“My jaw dropped when I read about,” David Christopher, spokesperson for OpenMedia, a group that advocates against online surveillance. He called the CACP’s actions “overreaching.”
Christopher expressed doubt that the federal government would consider the adopting the association’s proposal. “I would be amazed if the government takes this idea and runs with it.”
“What the police chiefs were calling for is disproportionate, even unconstitutional,” Christopher said. “So much of our lives, both professionally and privately, are now contained in our smartphones, iPads, and other devices. The vast majority of that data would have no relevance to what police may be investigating and yet they are asking access to it.”
Fraser said the issue is related to the United States’ Federal Bureau of Investigation’s (FBI) tiff with Apple over the bureau’s request for a “backdoor” to the tech company’s iPhone.
Early this year, there was a storm of debates over the first-of-its-kind ruling by U.S. Judge Sheri Pym which instructed Apple to assist law enforcement authorities to decrypt the iPhone belonging to Syed Farook. Farook and his wife Tashfeen Malik killed 14 of Farook’s co-workers during a December 2015 holiday luncheon. The massacre has been called the deadliest terrorist attack on U.S. soil since the 2001 attack on the World Trade Centre and the Pentagon.
While law enforcement agencies argued for better access to encrypted data, many technology leaders and privacy advocates countered that creating a backdoor access to peoples’ devices would not increase public safety but rather erode individual privacy rights.
Fraser said it’s very unlikely for something like that to happen in Canada. For one thing, it would be practically difficult to enforce because most mobile device makers are not based in Canada. This means that Canadian courts would have no jurisdiction over the majority of device manufacturers – except perhaps for BlackBerry.
Meanwhile, Federal Minister of Public Safety and Emergency Preparedness Ralph Goodale said the federal review of cybersecurity will provide the opportunity the look into the proposal of the police chiefs.
He said while Canadians value their privacy, they also want to law enforcement authorities to have the necessary tools to investigate a crime.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…