The maple leaf. Hockey. Tim Horton’s donuts. Forced decryption?
If one of these doesn’t seem to go with the others, you might not be a member of the Canadian Association of Chiefs of Police (CACP).
At its annual conference this week, CACP voted to support legal changes that would permit judges to “compel the holder of an encryption key or password to reveal it to law enforcement” when needed to decrypt potential digital evidence.
According to CBC, RCMP Assistant Commissioner Joe Oliver told a press conference that criminals are operating online in almost complete anonymity using tools that mask identities and messages.
Oliver added that Canadian law currently offers no provision for legally demanding that a suspect provides passwords to enable access to files under investigation:
The victims in the digital space are real. Canada’s law and policing capabilities must keep pace with the evolution of technology.
To bolster its argument, CACP cited a recent report by the International Association of Chiefs of Police, arguing that “law enforcement’s decreasing ability to lawfully access and examine digital evidence at rest and evidence in motion due to technical and non-technical barriers – is increasingly placing public safety at risk.”
However, as Motherboard observes:
The CACP is merely an advocacy body and resolutions they pass have no effect on the law of the land. Moreover, the organization has a history of asking for [greatly expanded] powers…
At the CACP’s 2015 national convention, the organization resolved to support the creation of a law that would allow police to access telecom subscriber information in real-time, and without a warrant. To date, no such law exists.
Still, CACP is contributing to an active debate in Canada, reports CTV news:
The police chiefs’ resolution comes as the federal government begins a [two month] consultation on cybersecurity that will look at… the best way to balance online freedoms with the needs of police.
There’s been quick, albeit polite, pushback.
OpenMedia spokesperson David Christopher called the proposal “wildly disproportionate,” noting that providing a laptop’s decryption key would be like “handing over the ‘key to your whole personal life.’… this seems like it’s clearly unconstitutional.”
Micheal Vonn, policy director for the BC Civil Liberties Association, told Motherboard:
To say this is deeply problematic is to understate the matter.
Meanwhile, Jacob Ginsberg, senior director for Echoworx, an email encryption firm based in Toronto, told IT World Canada:
While we don’t blame CACP for wanting tools to make their jobs easier, a law of this kind would criminalize privacy…
Finally, on Thursday, CACP defended itself in a series of tweets:
As the Canadian government’s cybersecurity consultation moves forward, we’ll keep an eye out. If CACP’s wishlist finds its way into legislation, we’ll let you know.Follow @NakedSecurity