Police want access to your social media 'in minutes'

This is regarding the sad case of Lucy McHugh, stabbed to death this July.

The Metropolitan Police are trying to use this tragedy to intrude into our lives even more. To their surprise, there are laws preventing Facebook from just handing out people's passwords, and there are procedures that must be done first. So far, the only 'crime' the police's prime suspect Stephen-Alan Nicholson has been convicted of is refusing to give the cops his password. Since when is that a crime, and 14 months? He claims they would find evidence of his cannabis usage (doubtful, but I don't think anyone should need a reason to not give out their password), and the cops claim to want access to private communications between Nicholson and McHugh - but if that's really the case, they just need to get McHugh's password, and I'm sure her parents would be more than happy to do that.

He's also been bailed despite the police thinking he murdered and had sexual activity with McHugh - do they actually think he did it or is he safe enough to release on bail? Somehow the judge also classed not co-operating with police by not giving information as obstructing the investigation which is clearly false.

Under what conditions, if any, do you think Facebook and other (social media) companies should provide the police with your password? And do you think it should be a crime of 14 months in prison for not giving your password to the cops or otherwise not answering their questions?

Also, using online accounts belonging to other private people (with or without permission, strictly speaking), contravenes the Computer Misuse Act

Are you sure? Surely giving someone access is allowing them to do something with your permission. It is if they do it without your permission that they are misusing the computer e.g. sending emails or messages as you, deleting, modifying or copying data or hacking.

I find this all rather creepy. The police naturally want access to your online messages because it is what you might call low hanging fruit. But imagine if we lived in a world where all verbal private conversations happened to be recorded and stored. Would we be happy for police to access them? I think not.

This is why I'll probably always be on the side of "hell no are they having access to my accounts".

Online accounts are different to personal computers. If I give you the password to my laptop, I'm granting you access to my own (personally owned) hardware, as well as any software or data you can access on it. But services like Facebook, Twitter, email accounts, &c, are arrounts stored on other computers, and it is assumed that anything done in your name through these services - even just looking things up - is done by you. So anyone accessing your online accounts, even with permission and even if only passively (reading your posts/messages), is essentially stealing your identity - and it's legally mandated (in the UK) that nobody acts as or pretends to be anyone else online - I think this is covered in the Computer Misuse Act, but it definitely has its own legislation too (though offhand I can't remember the name of the Act, it's been a while since I read about it).

I'm afraid I'd refuse to give my passwords on general principle, even with nothing to hide. If it was completely necessary that they had some data from my account, I would download the data from my account myself and pass them the relevant files (say, if they needed a complete list of my statuses or any communications between me and a specific other person). If that isn't good enough, tuff.

I would refuse too. Not necessarily because of Facebook, as my profile is very open, but the same password may be used for bank accounts and email addresses. They could steal my money

Ah - get you. No, the Computer Misuse Act was passed in 1990, around 15 years before social media and cloud computing, and the internet as we know it for that matter were even a thing. Computer Misuse Act involves using a computer when you do not have permission to do so. So if you login and delete files or steal information - hacking basically, that is misuse.

If someone is using social media with your permission, that isn't a problem although if they decide to do something malicious, it would be one of those edge cases. That said, the social media companies probably have Ts and Cs that permit you from allowing others to log in as you as part of their terms of service and would have the right to close your account down.

Correct. However, BBSes were a thing, and so were dial-in mainframes and email servers and early ISPs. In those days, as today, only the registered user of any specific has permission to use that specific account on that remote computer. Only I have permission to access those remote computers (my Facebook or Twitter or Gmail account) using those credentials (my username/password). I can't give permission, because the right to do so doesn't reside with me. That's actually why it's in their T&Cs.

What's the difference between this and refusing to let the police into your home on a search warrant?

The police would not dare to do that kind of thing - they'd be liable in all sorts of nasty ways.

It can be leaked to someone else. And it doesn't really matter whether they'd do it. What matters is whether the court will think it's unreasonable to potentially give the police a password that can be used to steal all my money.

I'm afraid I'd refuse to give my passwords on general principle, even with nothing to hide.

Then you would be imprisoned.

The thing about principles is that people who have them will go to prison for them.

I very much doubt you would though. If for no other reason than as soon as you are released they could demand the password again and charge you, again. Principles are easy to defend from behind a computer screen.