
Canadian Cops Want a Law That Forces People to Hand Over Encryption Passwords - doener
http://motherboard.vice.com/read/canadian-cops-want-a-law-that-forces-people-to-hand-over-encryption-passwords?utm_source=mbfb
======
joeyrideout
The body of this piece is much less alarming than the title:

 _The CACP is merely an advocacy body and resolutions they pass have no effect
on the law of the land. Moreover, the organization has a history of asking for
powers that go well beyond what the law currently allows._

Here's hoping this advocacy group get shut down again. The Vice article is
already citing strong academic pushback to this nonsense.

Though on the other hand, ever since Bill C-51 was put in place, I've had less
faith in the Canadian government in these matters.

------
perfectfire
I have a way of setting and entering passwords without ever knowing what the
password is. I've only ever done it on accident, but if this ever became law
in the US it would become my standard way of entering passwords. They can't
compel me to reveal the password because I literally don't know it.

~~~
bitwize
The cops' response will be: "Bullshit. You have to know the password, and
you're going to sit in that cell until you tell us what it is."

Don't try to hack around the law. You'll fail.

~~~
Qantourisc
How about under stress you have trouble remember the password, and thinking of
the wrong password, can corrupt your knowledge of the right password (in my
experience and knowledge this can actually happen yes)? How about old
encrypted backup zips ? Encrypted media files from your browser by media
streaming services ? How about pressure ? How about some people cannot
remember a password without being in the right place (yes this exists) ? How
about passwords you use for more then service ? What about public encryptions
keys stored on your computer, are they encrypted data or random bytes ? How
about the stenography data probably encoded in the music you downloaded from
your music provider ?

These sort of laws create many problems one can not hope solve without a few
punishing/ruining the life/killing of a few innocent bystanders.

~~~
pif
> How about under stress you have trouble remember the password

Reply will be: "You'll get plenty of time in jail to relax and think about
it".

~~~
bobdole1234
Canada has strong protections against indefinite incarceration.

~~~
DanBC
5 years isn't indefinite. It's definite. 5 years is a ridiculously long time,
but it's what England implemented for RIPA if the encrypted material is
thought to be images of child sexual abuse.

------
mpbm
Let's say a law like this did get passed. How could it even be worded?

For example, if it merely says "you have to give the cops your password when a
judge tells you to" then using a password manager should technically protect
you, because you don't know the password and have no way of retrieving it.

They could add "or the password for your password manager" but then the judge
would have to say "give up all of your passwords", not just the one(s)
relevant to the investigation.

Either way, the law would also have to say "and don't change your password(s)
until the investigation is over" or "and give the cops a copy of your password
whenever it changes".

Even then, you'd only be getting the people with 1) nothing to really hide or
2) so stupid they would have gotten caught some other way anyway because all a
criminal would have to do is set their data to permanently lock, or self
destruct, when the cops enter the fake password the criminal turned over.

The only way this could work is if the cops could just straight up compel you
to assist in your own investigation. They can already do that by tricking you,
so I don't think this would add much.

~~~
biot
It's much simpler than that. A judge orders you to give police access to your
account. Regardless of whatever labyrinthian setup you use to unlock the
actual credentials, and barring a stay of the order pending appeal, if you do
not give police access you will be held in contempt of court and you may be
sent to prison until such time as you comply with the court order. Claims of
"but technically I don't actually _know_ the password" are going to impress a
judge as much as an argument of "but technically it was the bullet that
murdered him" would.

~~~
oolongCat
What if you "forogt" how to gain access to your account?

~~~
OscarCunningham
Also, what if you forgot how to gain access to your account?

------
jackskell
Have another iPhone waiting on the other side of the border and carry a flip
phone. Not that hard.

It's not the data they want, now. It's the control.

------
TylerH
How decidedly un-Canadian of them

------
gregimba
this sounds shitty

