Australian Prosecutors Want To Make It Illegal To Refuse To Turn Over Passwords To Law Enforcement

The question is still unsettled here in the United States: is refusing to turn over your password protected by the Fifth Amendment? The argument hasn't found many judicial supporters but at least there's a Constitutional basis for claiming the relinquishment of passwords is possibly self-incriminating. Over in Australia, the rights aren't so clearly defined. But the picture is getting clearer, thanks to legislators seeking to make it a criminal offense to withhold passwords. (h/t Asher Wolf)

New laws - currently in the process of being drafted - would mean any criminals who refuse to do so could face jail time of up to five years, according to reports.

The Adelaide Advertiser reports that the state government also announced that as part of the proposed changes anyone found to be running a child exploitation website or forum would face up to a decade behind bars.

It is understood the new laws are mainly aimed at potential paedophiles and those who share child exploitation material but could apply in instances where police are investigating organised crime.

Like lots of laws that expand law enforcement power, it starts with "for the children." Here, the drafting of the law isn't even finished and mission creep has already set in.

Attorney-General John Rau says it's nothing to be concerned about: just a re-fitting of physical searches for the digital world.

"At present, a police officer's general search warrant is good enough to access the physical premises, but what this is talking about is a step beyond that," Mr Rau told the Adelaide Advertiser.

"A person will have to tell them how to get into it (the laptop) or the cloud for that matter.

"It is crucial that the criminal law keeps pace with changes in society and new ways of offending."

It's not as if criminals are that far ahead of law enforcement. At least not so far ahead that simply forgetting a password should net a person five years in jail. And there doesn't appear to be anything tying this to a higher standard for password-reliant warrants. Law enforcement can imagine all sorts of criminal content might be in someone's digital storage, "based on information and belief," but that doesn't mean agencies and officers should be given blanket permission to demand passwords for every locked device/account they come across.

Rau says it's becoming more difficult for law enforcement to access devices, sometimes requiring outside assistance or hours of internal tech work. This may be true, but there are other approaches that can be taken that don't directly ask criminal suspects to assist police in delivering incriminating evidence. Cloud services maintain control of users' accounts and can be asked to turn over content and data. A variety of tech solutions already exist to access locked drives and computers. Making it a crime to withhold passwords from law enforcement puts the South Australian government within throwing distance of banning encryption -- especially the kind that hides content and communications from everyone but the end user.