Passwords are Protected by the U.S. Constitution!

by | Jun 17, 2016 | Cloud Security, Cyber Security, Data Security, Government regulations, Logical Access Control (LAC), Network Access Control (NAC), Online Security, Password Authentication, Password Authentication Infrastructure, Password Management, Power LogOn

Did you know: The U.S. Courts have deemed that passwords are protected under the U.S. Constitution?

united-states-constitutionU.S. Courts have ruled that passwords are considered free speech since they are considered “knowledge”. Therefore, under the Bill of Rights, 5th amendment , no person is required to disclose information that could incriminate themselves. DNA and biometrics, on the other hand, are not protected by these same rights. What’s more, Private Keys are not protected by the Constitution since they are computer generated and not considered  an individual’s “knowledge”.

“If you are being forced to divulge something that you know, that’s not okay,” said Marcia Hofmann, an attorney and special counsel to the digital rights group Electronic Frontier Foundation. “If the government is able, through other means, to collect evidence that just exists, then they certainly can do that without stepping on the toes of the constitution.”

For example, in the case of David Baust, a Virginia Circuit Court judge Steven C. Frucci ruled that police cannot force a criminal suspect to divulge smartphone passwords, but can force a suspect to unlock his smartphone using the fingerprint scanner. Biometrics, tokens, key generators, devices, and certificates are all things the police and government can compel you to surrender. Ironically, if the phone is first protected with a PIN, then the need for the fingerprint scan becomes moot.

The courts are trying to deal with laws written 240 years ago, apply them to today’s technology. This is nothing new and has been something every legal system has had to wrestling with since the beginning of legal systems. It is the responsibility of law makers to address societal changes with new laws. But to try to circumvent laws, especially our constitutional rights, with solutions that use “convenience” to mask “ramifications” is wrong.

So as some government officials, companies and security pundits try to promote the “Killing of Passwords”, here is a new question they need to answer. Do they also support killing the protection right of self-incrimination under the U.S. Constitution and our Bill of Rights?

To learn more about the myths, lies and misconceptions about passwords, check out my new book on Amazon, Making Passwords Secure: Fixing the Weakest Link in Cybersecurity. Available in paperback or Kindle