I think suspected is just simply that: they believe it might exist.
The issue is at its core. CBSA has a policy and says these are the circumstances under which they will inspect devices and open them up and demand passwords. It sets the bar here according to their policy. I've heard from front-line CBSA folks who say that's more of a suggestion or a guidance than an actual policy. But the law that they rely on they say is down here at the bottom. Everything that's in the middle, everything that protects the privacy of Canadians and makes an intrusion of privacy proportionate, is based entirely on a policy that is followed maybe most of the time; we'll assume everybody's good faith.
The reality is that you cannot make something constitutional by a policy. They could put it in a regulation, which would then have the force of law, but they have not. It is a piece of paper that could be disregarded at any time with very little recourse. I think that's a significant problem with the entire thing as it's set out.