‘Extraordinarily invasive’: Concerns over proposals to allow Garda demand passwords

Suspects who refuse to give passwords for digital devices face up to five years in prison

Concerns have been raised by privacy advocates over the ‘broad’ nature of the Bill. Photograph: iStock

Concerns have been raised by privacy advocates over the ‘broad’ nature of the Bill. Photograph: iStock

 

Proposed legislation to allow gardaí demand passwords during investigations will give them access to people’s “entire digital life”, even when dealing with minor offences, it has been claimed.

The Garda Síochána (Powers) Bill will make it a criminal offence for the public to refuse to hand over passwords or encryption keys for digital devices uncovered during the course of a search warrant execution.

A person who refuses to surrender a password for a mobile phone or other device to gardaí could face up to five years in prison and a fine of up to €30,000.

Similar legislation has previously been recommended by the Law Reform Commission, the Garda Inspectorate and Garda Commissioner Drew Harris.

The announcement was welcomed by senior gardaí on Monday who said it would be extremely valuable in investigating “bulk crimes” such as assaults, drug dealing and theft.

“Almost every crime from robbery to rape now has a digital aspect to it,” a security source said. “There is legislation there to allow you seize a phone. But if the person is not handing over a password, it does make it more difficult.

“If you can compel someone to hand it over, then that would be of absolutely great benefit and would be welcomed.”

Garda sources said that, while the legislation would be beneficial in some serious crimes, it was likely to be of limited use in tackling gangland crime.

“Most people in that world will prefer to take the charges rather than be seen to hand over passwords, especially if those passwords implicate others,” one garda involved in organised crime investigations said.

‘Invasive’

Concerns have been raised by privacy advocates over the “broad” nature of the Bill. Chairman of Digital Rights Ireland and UCD associate professor of law TJ McIntyre said the powers were “extraordinarily invasive” and would allow gardaí access to “the entirety of someone’s digital life”, even while investigating minor crimes.

Once gardaí can access a phone or computer, this would provide access to email, bank and Google Drive accounts as well as encrypted messaging services such as Signal, he said.

“That makes it much more invasive than traditional types of search warrants. Historically search warrants are about particular places.

“But these types of warrants involve getting the entirety of someone’s digital life in a way that is not connected to one place.”

Gardaí looking for evidence of one crime could bring additional charges if they discovered evidence of other crimes during digital searches, he said.

The power to demand a password would automatically apply to “every single crime where a search warrant can be issued”, not just in serious crime investigations.

The law would also permit superintendents to grant search warrants instead of a judge in “urgent circumstances”. This reintroduces the practice of “self-service” warrants which was effectively discontinued by the Supreme Court several years ago, Mr McIntyre said.

The law would require the Garda Commissioner to draw up a “code of practice” to determine the use of data obtained during a search, a safeguard Mr McIntyre described as “weak sauce”.

“The code wouldn’t have force of law itself. Somebody wouldn’t have a right of action if it was violated. Evidence wouldn’t be inadmissible if it wasn’t followed,” he said.