Irish police will have the power to compel people to provide passwords for electronic devices when carrying out a search warrant under new legislation.
The change is part of the Garda Síochána Bill published by Irish Justice Minister Heather Humphreys on Monday.
Gardaí will also be required to make a written record of a stop and search.
This will enable data to be collected so the effectiveness and use of the powers can be assessed.
Special measures will be introduced for suspects who are children and suspects who may have impaired capacity.
The bill will bring in longer detention periods for the investigation of multiple offences being investigated together, for a maximum of up to 48 hours.
It will also allow for a week’s detention for suspects in human trafficking offences, which are currently subject to a maximum of 24 hours detention. ‘Powers and safeguards’
“The law in this area is currently very complex, spread across the common law, hundreds of pieces of legislation, constitutional and EU law,” the minister said.
"Bringing it together will make the use of police powers by gardaí clear, transparent and accessible.
"The aim is to create a system that is both clear and straightforward for gardaí to use and easy for people to understand what powers gardaí can use and what their rights are in those circumstances.
"At the same time, where we are proposing to extend additional powers to gardaí, we are also strengthening safeguards. The bill will have a strong focus on the fundamental rights and procedural rights of the accused.
“I believe this will maintain the crucial balance which is key to our criminal justice system, while ensuring greater clarity and streamlining of Garda powers.”
This article leaves so much unanswered.
Compel how?
How do police ensure people know the password to something?
Scenario 1
You buy a laptop from a friend. He says he doesn’t need to wipe his data from the disk, because it’s encrypted. You leave his house and decide to install an OS later. The police pick you up. You don’t want to drag your friend into this. Are you criminally liable?
Scenario 2
You play about with encryption, adding an encrypted partition, and encfs ~/.crypt directory, and a few others. You get bored. One year later the police ask for your passwords, but you can’t remember any. Due to automatic backups, the ‘last modified’ date is yesterday. Are you legally liable for forgetting the passwords?
Scenario 3
You delete an old Windows partition, and scrub over it with random data (as it best practice). The police say this is a hidden partition, which uses veracrypt. It’s not. Can they detain you for having some part of the disk with random data?
Scenario 4
The police demand password access to a file. Your passwords are kept in Lastpass, so the police demand access to that, but this gives them access to all your passwords, your work’s passwords, and some of your family’s passwords. Are you required to give them access to Lastpass, or are they required to allow you to access Lastpass in such a way that your personal definitions of ‘secure access’ are satisfied?
Scenario 5
You have a client’s confidential information on your laptop. The police have had 2 known security breaches this year, involving unknown parties taking an unknown amount of data from them, including data siezed from criminal prosecutions. You know that if your client’s information is leaked, they will not work with you again.
Are you still required to give out your passwords? Are the police liable for any breaches?
lol. Maybe some admin gets fired for failing to secure the insecure crapware he is required to install.