Allowing Police to Demand Cellphone Passwords Would Be Unconstitutional and Dangerous, Say Legal Experts

Legal experts say that giving Canadian police departments the power to compel people to give up their passwords to cellphones, computers and other devices would be unconstitutional and dangerous.

A number of Canadian police departments, including the Royal Canadian Mounted Police, called on parliament to give them that power last week, at a national conference for police chiefs. But critics say it would be a violation of the right against self-incrimination.

“It is problematic when you’re forcing people to help in the investigation against themselves,” says Tamir Israel, a staff lawyer at the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic at the University of Ottawa.

The right to be protected from self-incrimination is enshrined in the Canadian constitution – as well as the constitutions of other democratic countries. In the United States, it’s the right protect by the Fifth Amendment of the Constitution.

And that’s not the only problem with allowing police to demand passwords, Israel says.

“Refusing to hand over a password to your own device because you have sensitive things on there that maybe you don’t want the police looking through, or anyone else looking through for that matter, that in and of itself becomes criminal, even if you’ve done nothing else wrong,” he says.

Police say the need the power to deal with new threats and increasingly sophisticated criminals who can “go dark,” hiding their criminal activities from police with a mixture of encryption and password-protected devices.

But Israel says there’s a lot wrong with that claim.

He says that in many cases police can get around passwords, especially when they’re investigating the most serious crimes, the very crimes police they say these laws are needed to help them solve.

Police also have access to more sources of information on suspects than ever before.

“There’s so much more data out there to begin with and law enforcement are already leveraging so much of that data to degrees that the never really had historically,” he says.

In fact, much of the data that police are looking for on cell phones isn’t data that they would have access to in the past.

“The majority of the data on these devices is data that historically would have been ephemeral, that wouldn’t have been captured,” he says.

Conversations that would have happened in-person, leaving no record, now take place over instant message, leaving a new source of evidence for police. Israel says he thinks the call by the police chiefs for new powers may be related to the fact that it’s become more difficult to get around passwords on iPhones.

“It’s unfortunate that the response of policing agencies to a company that’s trying to provide a more secure environment for their customers by providing them with a more secure communications device is to introduce draconian-type laws that are heavy-handed and have this unfortunate, disproportionate, impact on individuals,” he says.

So far, the Canadian courts appear to agree with Israel.

In 2007, Montreal police obtained a warrant to search a laptop computer seized from a suspect. In that warrant, the suspect was ordered to give them his passwords.

A trial judge later threw out the evidence gathered from the suspect’s computer because compelling him to give up his password was a violation of his constitutional rights. The Court of Appeals later upheld that ruling.

That raises the possibility that even if the police chief’s association does manage to get a law passed, it won’t stand up in court. However, Canadian police don’t even need a warrant to search a phone that isn’t password protected – as long as they have

In the U.S. the law is clear: people can’t be compelled to give up their passwords to police because of their Fifth Amendment rights. However, judges in two states have issues warrants compelling people to unlock phones that can be opened with their fingerprints.