What does this legislation say about passwords?
Under proposals contained in the new Garda Síochána (Powers) Bill, gardaí will be able to compel suspects to hand over passwords or encryption keys to digital devices, including mobile phones, seized during the course of a search. If the suspect refuses, they can face up to five years in prison and a €30,000 fine if convicted on indictment, or up to one year in prison if convicted in the District Court.
Are these new powers?
Similar powers exist under the Theft and Fraud Offences Act 2001 and also in more obscure pieces of legislation. What’s new here is that the power to demand a password will apply to a much broader range of offences and will automatically apply to all search warrants.
This means a garda carrying out a search during a relatively minor criminal investigation – say allegations of small-scale drug dealing – can now compel the suspect to hand over the passwords for any digital devices seized during the execution of a search warrant.
Who has been seeking this law?
The Garda Commissioner for one. In several public statements, Drew Harris has called for the Garda to be granted powers to compel people to hand over passwords in serious crime investigations, such as suspected online child abuse. It is rare for the Garda to publicly ask the government to pass legislation.
The Law Reform Commission and the Garda Inspectorate have also recommended similar legislation. In 2017, the inspectorate noted that in Australia a failure to provide a password when requested carries the same penalty as the offence under investigation. Similar powers should be available in Ireland, it said.
Has the proposed law been welcomed by gardaí?
Very much so. Gardaí point out that nearly every investigation these days has a digital dimension. The ability to compel people to hand over passwords will significantly speed up investigations at a time when gardaí are busier than ever.
It will also take some pressure off the force’s limited number of computer crime investigators who are tasked with bypassing passwords and encryptions during criminal investigations.
The backlog of devices requiring decryption has been the subject of increasing concern in recent years, particularly in relation to online child abuse investigations.
Will it be of use in gangland investigations?
There has be a lot in the news recently about criminal gangs using highly encrypted communications platforms to organise serious crimes. Security sources believe this legislation will be of limited use to gardaí investigating such gangs.
Most serious gangland criminals will be highly reluctant to hand over passwords if doing so will implicate themselves or their fellow criminals. This will be the case even if they face the possibility of an additional five-year prison term, gardaí say. “Refusing a guard is a lot less dangerous than implicating your mates,” said one experienced detective.
Are these proposals likely to generate privacy concerns?
They already have. Concerns have been voiced over the broad nature of the powers and the associated oversight, or lack thereof. The chair of Digital Rights Ireland, TJ McIntyre, pointed out the powers will apply to all search warrants, meaning that, even during comparatively minor investigations, gardaí can access the entirety of a suspect’s digital life.
The enactment of the provisions will be governed by a code of practice but this will carry no legal weight, he said.