Irish police to be given powers to demand passwords

Security experts warn the legislative changes go against the fundamentals of identity and access control

Police forces in Ireland will be given the power to demand passwords for electronic devices when carrying out search warrants under new legislation. 

The changes are part of the Garda Síochána Bill, published on Monday by the country's minister for justice, Heather Humphreys.

The police in Ireland are known as the Garda Síochána, or the Gardaí (the Guards) for short, and the new legislation includes sweeping changes to law enforcement in the country. This includes a new requirement to make a written record of a stop and search, which will enable data to be collected so the effectiveness and use of the powers can be assessed.

The changes come as more crime migrates online, where it is carried out on phones, computers, and other devices protected by personal logins. Failure to comply surrender an electronic device’s password could result in a €30,000 fine or up to five years in prison under the new legislation.

"The law in this area is currently very complex, spread across the common law, hundreds of pieces of legislation, constitutional and EU law," Humphreys said. "Bringing it together will make the use of police powers by Gardaí clear, transparent and accessible. The aim is to create a system that is both clear and straightforward for Gardaí to use and easy for people to understand what powers Gardaí can use and what their rights are in those circumstances.

Related Resource

User risk report: Educate your workforce to protect your organisation

Exploring vulnerability and behaviour in a people-centric threat landscape

2020 user risk report - whitepaper from Proofpoint - a man on a balcony looking at his phoneDownload now

"At the same time, where we are proposing to extend additional powers to Gardaí, we are also strengthening safeguards. The Bill will have a strong focus on the fundamental rights and procedural rights of the accused. I believe this will maintain the crucial balance which is key to our criminal justice system, while ensuring greater clarity and streamlining of Garda powers.

Other special measures will be introduced for suspects who are children and suspects who may have impaired capacity, and the bill will also bring in longer detention periods for the investigation of multiple offences being investigated together, for a maximum of up to 48 hours.

However, the change in legislation relating to passwords has caused concern for security experts. Niamh Muldoon, the global data protection officer at OneLogin, says the move goes against the fundamentals of security best practice and in particular Identity and Access Control. 

"It potentially removes the individual accountability associated with actions under the account which may impact the chain of custody of evidence associated with the case," Muldoon told IT Pro.

"I urge all government bodies to partner with cybersecurity experts when considering legislation associated with digital identities to gather insights on practical implementations to ensure policy and/or legislation deliver to its achieved goal with no potential loopholes." 

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021

Most Popular

Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
UK gun owners urged to be ‘vigilant’ after Guntrader data breach
data breaches

UK gun owners urged to be ‘vigilant’ after Guntrader data breach

23 Jul 2021