Irish police to be given powers to demand passwords

Security experts warn the legislative changes go against the fundamentals of identity and access control

Police forces in Ireland will be given the power to demand passwords for electronic devices when carrying out search warrants under new legislation. 

The changes are part of the Garda Síochána Bill, published on Monday by the country's minister for justice, Heather Humphreys.

The police in Ireland are known as the Garda Síochána, or the Gardaí (the Guards) for short, and the new legislation includes sweeping changes to law enforcement in the country. This includes a new requirement to make a written record of a stop and search, which will enable data to be collected so the effectiveness and use of the powers can be assessed.

The changes come as more crime migrates online, where it is carried out on phones, computers, and other devices protected by personal logins. Failure to comply surrender an electronic device’s password could result in a €30,000 fine or up to five years in prison under the new legislation.

"The law in this area is currently very complex, spread across the common law, hundreds of pieces of legislation, constitutional and EU law," Humphreys said. "Bringing it together will make the use of police powers by Gardaí clear, transparent and accessible. The aim is to create a system that is both clear and straightforward for Gardaí to use and easy for people to understand what powers Gardaí can use and what their rights are in those circumstances.

Related Resource

User risk report: Educate your workforce to protect your organisation

Exploring vulnerability and behaviour in a people-centric threat landscape

2020 user risk report - whitepaper from Proofpoint - a man on a balcony looking at his phoneDownload now

"At the same time, where we are proposing to extend additional powers to Gardaí, we are also strengthening safeguards. The Bill will have a strong focus on the fundamental rights and procedural rights of the accused. I believe this will maintain the crucial balance which is key to our criminal justice system, while ensuring greater clarity and streamlining of Garda powers.

Other special measures will be introduced for suspects who are children and suspects who may have impaired capacity, and the bill will also bring in longer detention periods for the investigation of multiple offences being investigated together, for a maximum of up to 48 hours.

However, the change in legislation relating to passwords has caused concern for security experts. Niamh Muldoon, the global data protection officer at OneLogin, says the move goes against the fundamentals of security best practice and in particular Identity and Access Control. 

"It potentially removes the individual accountability associated with actions under the account which may impact the chain of custody of evidence associated with the case," Muldoon told IT Pro.

"I urge all government bodies to partner with cybersecurity experts when considering legislation associated with digital identities to gather insights on practical implementations to ensure policy and/or legislation deliver to its achieved goal with no potential loopholes." 

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?

What is cyber warfare?

15 Oct 2021