Advertisement
How to add spoiler tags, edit posts, add images etc. How to - a user's guide to the new version of Boards
Mods please check the Moderators Group for an important update on Mod tools. If you do not have access to the group, please PM Niamh. Thanks!

New Garda powers to allow access to mobiles and other devices

  • #1
    Registered Users Posts: 6,389 ✭✭✭ AnCatDubh


    An interesting development.

    https://www.breakingnews.ie/ireland/new-garda-powers-to-allow-access-to-mobiles-and-other-devices-1141159.html

    and

    https://www.irishtimes.com/news/crime-and-law/new-garda-powers-to-allow-access-to-mobile-phones-changes-to-stop-and-search-1.4592434?_ga=2.102474881.1605273421.1623680297-1704210976.1623680297

    So, no matter how much we *think* we have privacy inside our tech, it now appears to be a game of what's the lesser of two evils - being guilty of whatever heinous crime that we may have committed (and the number of years imprisonment/fine that you may receive) versus the offence of preventing disclosure of the convicting evidence in the above which is stored on our device, or the "offence" of not wanting to divulge whatever may be on your device (allowing for a presumption of innocence) - yes, that may be 3 evils, I know.

    I guess would-be innocent criminals can no longer engage in their "secure" ANOM communications anymore eh? :rolleyes:

    Also, while generally being a normal individual who is as far as I know reasonably law abiding and not of a mind or manner of committing heinous crimes, I might actually just not want to give a pesky officer of the law access to my device for no other reason than it's my device and who knows, maybe I know or have prior experience/engagement with said pesky law officer that would give me reasonable excuse for particular caution (yeah, there might be a story there somewhere). Anyhow, by all accounts it now may not matter and you'll need to weigh up 30k or 5 years in the slammer for retaining such a freedom in your life.

    Second factor 'kill-switch' passwords may become en vogue.

    As they might say themselves; ;)



Comments



  • Does that mean if you give them access to your phone, do you have to give them access to your individual applications such as banking apps, social media apps, other financial apps etc? I might not mind giving access to my phone but why should I allow a Garda to go through all my bank accounts without a warrant?




  • The guards aren't going to be coming up to random Joe soaps and asking for a pin.

    It's only in the case where a search warrant is executed and evidence of a crime been found. Eg, there's cocaine in a house, child porn, the address is linked to a person committing fraud.

    They could seize these items anyway, just now, providing a pin saves state time and money, and it's now an offence not to provide one.

    I imagine, anyone charged with not providing one, is only going to be charged if theres evidence of an alleged crime. Like you'll be charged with possession of cocaine for supply or possession of child pornography, and failure to provide your pin.

    This power is only for use in the execution of a search warrant, issued by a judge. It won't affect a young lad arrested for smashing a window etc.

    If you don't think you'll be subject to your house being searched, then this won't affect you. If you're the victim of fraud or a hate crime, or your neighbour is selling cocaine and making your life hell down the line, this law will assist you.




  • derekeire wrote: »
    Does that mean if you give them access to your phone, do you have to give them access to your individual applications such as banking apps, social media apps, other financial apps etc? I might not mind giving access to my phone but why should I allow a Garda to go through all my bank accounts without a warrant?

    You shouldn't, because that's not what is being proposed here.

    Read the Bill and not newspaper articles on it.




  • Witcher wrote: »
    You shouldn't, because that's not what is being proposed here.

    Read the Bill and not newspaper articles on it.

    Thanks but having read the bill in its entirety, my statement is still valid. There is no limitation on what a Garda can search on a mobile if they wish to do so. In fact the statement in the bill is so loosely defined that if I stole a bar of chocolate, a Garda could demand my mobile and password plus any passwords that would enable them to search the device.




  • derekeire wrote: »
    Thanks but having read the bill in its entirety, my statement is still valid. There is no limitation on what a Garda can search on a mobile if they wish to do so. In fact the statement in the bill is so loosely defined that if I stole a bar of chocolate, a Garda could demand my mobile and password plus any passwords that would enable them to search the device.
    Read it again. Pay particular attention to heads 15 and 16, which are the only provisions that require you to provide passwords and encryption keys to the guards.


  • Advertisement


  • Get Real wrote: »
    This power is only for use in the execution of a search warrant, issued by a judge. It won't affect a young lad arrested for smashing a window etc.

    Or a superintendent is some cases.

    And this is were we are today laws get blurred over time.

    In England they have used anti terror laws against dog $hit

    Here we have speed detector vans that we were told would only be on accident back spots, except they took down the signs and now I regularly see them on the M50.

    700 locations when introduced now 1300 "safety zones"
    https://www.independent.ie/breaking-news/irish-news/new-speed-detector-vans-to-be-deployed-from-today-26478751.html

    https://www.garda.ie/en/roads-policing/safety-cameras/

    Give it time and if the guards think you did something they'll be knocking on your door to search your house and take your phone to check your google tracks to see if you were near buy. It will be with a warrant signed by as super because of a "urger risk evidence will be deleted"




  • Kill switch pin would be useful for any person and is a great idea. But one of the principles of forensics relates to the absence of evidence is not evidence of absence. A purposeful investigation resulting in zero evidence being itself a avenue of interest.

    Also, if a kill-switch is used you'd lose your own data unless there's a backup. If that backup is on a public cloud service, well that's open to law enforcement subpoena anyway - and some apps don't encrypt their backups.

    Probably the extension of power is somewhat necessary to shorten investigation time, there *should* be a balancing control that would limit use and of course the purposes. i.e. access to text/social media but not banking or vice versa. Gerneral access to everything seems too broad.

    Kinda makes encryption within encryption less useful; TrueCrypt and VeraCrypt styles.




  • Where can I read this bill?




  • stoneill wrote: »
    Where can I read this bill?

    See the notes section at the bottom of the Press Release where you can download the bill.

    https://www.gov.ie/en/press-release/6ed9f-garda-powers-to-be-modernised-and-updated-under-new-bill-from-minister-humphreys/




  • Peregrinus wrote: »
    Read it again. Pay particular attention to heads 15 and 16, which are the only provisions that require you to provide passwords and encryption keys to the guards.

    While you are at it, take a look at heads 66 and 67.


  • Advertisement


  • derekeire wrote: »
    While you are at it, take a look at heads 66 and 67.
    They don't oblige anybody to provide passwords or encryption keys in any circumstances.

    I'm not saying that the power to demand passwords, encryption keys, etc is harmless or that it shouldn't be opposed. But it only applies in relation to computers, phones etc found on premises during the execution of a search warrant for those premises, and it is only people on the premises at the time the search is being conducted who can be required to provide passwords. The claim that a guard can demand your passwords without a warrant is simply false.

    Opposition to the proposal that is based on wild exaggerations about when and to whom it applies will be worse than useless; it's easy to dismiss arguments that are based on untruths.




  • Peregrinus wrote: »
    But it only applies in relation to computers, phones etc found on premises during the execution of a search warrant for those premises...

    The bill states that '"computer at the place that is being searched" includes any other computer, whether at the place being searched or at any other place, which is lawfully accessible by means of that computer'.

    Additionally, the Gardai can demand access to any 'information held in any such computer or which can be accessed by the use of that computer'.

    Essentially, the Guards can search not only any device found on the premises but any other computer or online service that you have the capacity to log into.
    So they can force you to disclose the password to your computer, disclose the master password to your password manager, and then access any service that you have access to yourself -- cloud storage, online banking, medical records, years' worth of emails, social media accounts, even nude photos of your girlfriend.

    The bill places no limits whatsoever on the extent of information the Gardai can access when executing a search warrant. There is no requirement that the information gathered even be relevant to the offence under investigation.

    This is hugely invasive and overbroad, no matter how you look at it. Being accused of some minor offence should not give the Gardai the power to trawl through and decrypt every single email, text, photo, or document you have ever sent or received, no matter how confidential, sensitive, or unrelated.




  • The draft provision requires some careful parsing. There are several distinct powers that will apply when a search warrant for premises is executed.

    1. The guards can operate any computer at the premises being searched. To do this, they can use any password or encryption key they find at the premises. So if you write your passwords down and they find that, or if you have your passwords saved in the browser on the computer found at the premises, they can go ahead and make use of whatever access to information that gives them. Obviously, they can do this even if you're not there. So if you have your passwords written down, stored or saved they can look at your bank account, your PornHub account, even — shocking thought! — your private messages on boards.ie. Obviously a lot of that information is stored not in your computer or phone, etc, but can be accessed through your computer or phone (or quite possibly any computer or phone, if they find your login details during the search).

    2. If they don't find the passwords written down or stored, then if you are at the premises while the search is conducted they can require you to give them any passwords or encryption keys necessary to enable them to operate a computer found at the premises during the search.

    3. They don't, it appears to me, have any power to require you to provide passwords necessary to enable them to operate any other computer. So, you give them the password to your iPad, say. They operate your iPad and launch your banking app. The banking app demands a password. As I read it, you don't have to give them that; that's a password to operate (remotely) the bank's computer, which is not a computer found on the premises during the search.

    4. They can require you to "otherwise enable him or her to examine the information accessible by [the iPad]". You could argue that this imports a requirement to give you the banking app password, so that they can examine the banking information accessible by the iPad. But I don't think this argument will fly. This is a provision that significantly restricts your rights; the courts are going to interpret it conservatively; there are provisions dealing explicitly with when you are required to give passwords and encryption keys; I think the courts will say that those provisions are intended to be exhaustive and they won't interpret other, more general, provisions so as to fill any gaps.

    On edit: No, no, point 3 is wrong; Hadron is correct. They can demand the passwords for your banking app, etc. You can avoid the obligation to provide this by simply not being on the premises while the search is being conducted. (Though of course the option of absenting yourself may not be open to you if you are under arrest.)




  • Tazium wrote: »
    Kinda makes encryption within encryption less useful; TrueCrypt and VeraCrypt styles.

    More useful I would have thought. Hidden volumes with a separate password are almost indistinguishable from a regular truecrypt volume.


Advertisement