Litigation

Police can search smartphone without a warrant on arrest

Smartphones today hold our entire digital lives. Not only do they hold our intimate emails and text messages, but much more importantly our smartphones also contains apps such as Dropbox and OneDrive which are already logged in and allows access to a treasure trove of our most personal files in the cloud. What happens when the police get a hold of our smartphone?

The good news is that the courts realize our smartphones are used to do more than just make phone calls, and recognize that a search of a smartphone is much more intrusive than, for example, a simple search of a bag. In R. v. Fearon, 2014 SCC 77, the Supreme Court wrote at at para 51:

[…] the search of cell phones, like the search of computers, implicates important privacy interests which are different in both nature and extent from the search of other “places” […]. It is unrealistic to equate a cell phone with a briefcase or document found in someone’s possession at the time of arrest. As outlined in Vu, computers — and I would add cell phones — may have immense storage capacity, may generate information about intimate details of the user’s interests, habits and identity without the knowledge or intent of the user, may retain information even after the user thinks that it has been destroyed, and may provide access to information that is in no meaningful sense “at” the location of the search […]

Moreover, the Supreme Court at para 53 recognizes that the law should not treat a smartphone differently whether it is password protected or not:

An individual’s decision not to password protect his or her cell phone does not indicate any sort of abandonment of the significant privacy interests one generally will have in the contents of the phone.

But the good news ends there. In a ruling released today, the Supreme Court held in R. v. Fearon, 2014 SCC 77 at para 64 & 83 that the police can search a smartphone without a warrant when arresting a suspect, and that this does not infringe on our constitutional rights against unreasonable search and seizure (which is what s. 8 of the Charter is all about):

I therefore reject the idea that s. 8 of the Charter categorically precludes any search of a cell phone seized incidental to a lawful arrest.

[…]

To summarize, police officers will not be justified in searching a cell phone or similar device incidental to every arrest. Rather, such a search will comply with s. 8 where:

(1) The arrest was lawful;

(2) The search is truly incidental to the arrest in that the police have a reason based on a valid law enforcement purpose to conduct the search, and that reason is objectively reasonable. The valid law enforcement purposes in this context are:

(a) Protecting the police, the accused, or the public;

(b) Preserving evidence; or

(c) Discovering evidence, including locating additional suspects, in situations in which the investigation will be stymied or significantly hampered absent the ability to promptly search the cell phone incident to arrest;

(3) The nature and the extent of the search are tailored to the purpose of the search; and

(4) The police take detailed notes of what they have examined on the device and how it was searched.

This is in contrast to a series of rulings by the Supreme Court recently in R. v. Spencer, 2014 SCC 43, R. v. Vu, 2013 SCC 60, and R. v. Telus, 2013 SCC 16, where the court concluded that searches of a computer in a residence required a separate warrant for computer data, and searches of records at a telecommunications provider also required a warrant.

Fearon was a narrow 4-3 decision with a strong dissent, and in time it may be overturned. However,  given the state of the law at the moment, it would be prudent to lock your phone with a strong password (instead of a biometric feature like a fingerprint or a weak 4 digit passcode), and to enable strong data protection/encryption.  Finally, keep in mind that if questioned by the police, you are under no obligation to answer any questions, incriminate yourself, or to disclose your password to the authorities.

Telus records all your texts

Yesterday, the Supreme Court in R. v. Telus, 2013 SCC 16 made an interesting ruling on what types of warrants are applicable to text messages under the Criminal Code.  What’s interesting isn’t the ruling – as expected, the Court decided that text messages are “private communications” and require a more specific warrant authorizing the interception of private communications rather than a general warrant order.

What’s really interesting is this case provides a glimpse into the internal workings of Telus as it processes text messages from its mobile subscribers.

It starts off quite normally, just like any other service provider:

When Telus subscribers send a text message, the transmission of that message takes place in the following sequence.  It is first transmitted to the nearest cell tower, then to Telus’ transmission infrastructure, then to the cell tower nearest to the recipient, and finally to the recipient’s phone.  If the recipient’s phone is turned off or is out of range of a cell tower, the text message will temporarily pause in Telus’ transmission infrastructure for up to five days.  After five days, Telus stops trying to deliver the message and deletes it without notifying the sender.

But then things get interesting:

Unlike most telecommunications service providers, Telus routinely makes electronic copies of all the text messages sent or received by its subscribers and stores them on a computer database for a period of 30 days. Text messages that are sent by a Telus subscriber are copied to the computer database during the transmission process at the point in time when the text message enters Telus’ transmission infrastructure. Text messages received by a Telus subscriber are copied to the computer database when the Telus subscriber’s phone receives the message. In many instances, this system results in text messages being copied to the computer database before the recipient’s phone has received the text message and/or before the intended recipient has read the text message.

This is interesting for a few reasons:

  1. If the sender or recipient of a text message is on Telus, then the text message will be stored for at least 30 days, and
  2. In light of this SCC ruling, Telus will give up the contents of all your text messages for the last 30 days when given a specific warrant under Part VI of the Criminal Code that authorizes the interception of private communications. However, for other mobile providers which don’t routinely store text messages like Telus, even when given such a specific warrant for the interception of private communications, they will be unable to supply the police with the contents of your previous text messages because no record of it exists.

Are emails at work confidential or privileged?

A reader wondered about communicating with her lawyer from work.  In particular, she wondered if such communications are confidential or privileged.

Generally, communications between a client and her lawyer are subject to solicitor-client privilege, and may not be revealed in court.

However, if the client contacts her lawyer from work, and in particular uses her work smartphone, work computer or her employer’s Internet connection, her employer may have access to her communications with her lawyer.   This applies even if the client uses her work computer but uses her own web-based email (like Gmail or Hotmail) to send and receive emails with her lawyer.

This is because most employers have an information technology policy which allows the employer to have access to all data stored on an employee’s work computer, as well as access to all data transfers in and out of an employee’s work computer.  There is likely a similar policy with respect to smartphones issued by the employer as well.

If an employee absolutely needs to contact a lawyer while at work, I recommend that the employee use their own personal email account on their personal smartphone to do so.

And please remember to make sure the personal smartphone is using your cellular provider’s network, and not the employer’s wifi network.

The BBM trademark and Research in Motion

Finally some good news for Research in Motion this morning, as the Federal Court dismissed a lawsuit by BBM Canada challenging the use of the trade-mark “BBM” by Research in Motion Limited (RIM) in the promotion of its BlackBerry Messenger service.

The court held that BBM Canada, offering “BBM” as a specific brand of broadcast measurement services, is not entitled to a broader monopoly outside the broadcasting and advertising industries even though it had been using its trade-mark much longer than RIM, as the nature of the products and services provided by BBM Canada and RIM vary significantly.  BBM Canada’s focus is on impartial measurement of ratings data and sophisticated market research for a narrow and distinct group of consumers in the advertising and broadcast media industry, while RIM makes smartphones intended for the general public. The court also found no evidence of actual confusion by consumers, no finding of passing off and no depreciation of goodwill.

This decision was rightly decided, in my view, as generally the nature of the products and services used in association with a trademark defines the scope of the trademark monopoly.  BBM Canada doubtlessly knew this from the beginning.  Perhaps BBM Canada thought its use of the mark since 1944 gives it a fighting chance at a the court recognizing a broader scope for its trademark.  In this case, they were wrong.

Robinson Sucroë and copyright infringement

For the last 16 years, Claude Robinson has been fighting television giant Cinar in Quebec court, alleging that Robinson Sucroë, an animated television series from Quebec, was plagiarized from Robinson Curiosité, an earlier work by Claude Robinson.

In 2009, the Quebec Superior Court agreed with Claude Robinson and found Cinar guilty of copyright infringement. You can read all about the similarities the court found, in addition to comparative screenshots from Robinson Curiosité and Robinson Sucroë in the link above.

Cinar was ordered to pay more than $5.2 million in damages, including $1 million in punitive damages.

Cinar appealed. In 2011, the Quebec Court of Appeal held that Cinar did indeed infringe Robinson’s copyright, but reduced the damages to $2.7 million, including $150,000 in punitive damages.

Yesterday, the Supreme Court of Canada agreed to hear the case. Of particular interest here is the issue of the calculation of damages and punitive damages in relation to copyright infringement. Win or lose, I hope Claude Robinson’s 16 year ordeal will be resolved soon.

Ontario court confirms new privacy tort

Earlier this year, the Ontario Court of Appeal in Jones v. Tsige, 2012 ONCA 32 confirmed the existence of a new tort of privacy, a cause of “action for intrusion upon seclusion”:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

The key features of this cause of action are:

  • the defendant’s conduct must be intentional, within includes reckless conduct;
  • the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns;
  • a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.

Proof of harm to a recognized economic interest is not required. However, given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be modest.

The court also emphasized that the types of intrusions covered are to be decided objectively:

Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.

This new development in tort law is welcome as previous cases were unclear whether a tort of privacy actually exists in Ontario. Businesses which keep financial or health records should make their employees aware that such a tort of privacy exists and should take steps to further protect their customers’ information.

Defamation and linking to defamatory materials

The Supreme Court today tackled the issue of whether a hyperlink linking to another web page with defamatory material is itself defamatory.  The Court concluded that the use of a hyperlink to link to another page with defamatory material is not itself defamatory.

In Crookes v. Newton, 2011 SCC 47, the defendant Newton had posted material on his website linking to other websites that contained defamatory material about the plaintiff Crookes. Crookes sued Newton on the basis that two of the links he created connected to defamatory material, and that by using those hyperlinks, Mr. Newton was publishing the defamatory information.

The Court concluded that:

 Making reference to the existence and/or location of content by hyperlink or otherwise, without more, is not publication of that content.  Only when a hyperlinker presents content from the hyperlinked material in a way that actually repeats the defamatory content, should that content be considered to be “published” by the hyperlinker.

[…]

[…] the use of a hyperlink cannot, by itself, amount to publication even if the hyperlink is followed and the defamatory content is accessed […]

As the plaintiff in a defamation suit must prove on that the defamatory words were “published”, the use of a hyperlink to defamatory material, without more, is not defamatory.

BC court confirms website terms of use enforceable as legal contracts

In Century 21 Canada Limited Partnership v. Rogers Communications Inc., 2011 BCSC 1196, the BC Court held that Rogers infringed Century 21’s copyright and terms of use by scraping Century 21’s real estate listings from its website and incorporating the listings into the real estate search engine Zoocasa.

Starting in 2008, Zoocasa copied photos, property listings, and pricing from Century 21’s website and provided hyperlinks that directed a user to specific pages of the Century 21 Website that contained the property listings.  Despite letters from Century 21, Zoocasa chose not to stop scraping until early 2010, nearly 2 and a half years after Century 21 first advised Zoocasa they did not consent to Zoocasa’s activities and advised them of the Century 21 Terms of Use and Zoocasa’s breach of these terms.

The court considered the enforceability of website terms of use as a contract, and explored various analogous software licences and contracts created over the Internet such as shrink wrap agreements, click wrap agreements, and browse wrap agreements.  The court confirms that website terms of use are enforceable as legal contracts at para 119:

The act of browsing past the initial page of the website or searching the site is conduct indicating agreement with the Terms of Use if those terms are provided with sufficient notice, are available for review prior to acceptance, and clearly state that proceeding further is acceptance of the terms.

In addition, the court confirms that liability is not avoided by automating the website scraping as the scraping program must initially be set up manually.

Changes to rules regarding .ca domain disputes

The Canadian Internet Registration Authority (CIRA) recently announced changes to the CIRA Domain Name Dispute Resolution Policy (CDRP). The CDRP, which governs disputes over .ca domain names alleged to be registered in bad faith, has been in effect since 2002.

Some of the changes include:

  • Bad Faith “Legitimate Interest Factors” are now Non-Exhaustive.
  • Bad Faith Factor of Commercial Gain Added.
  • Electronic Filing of complaints and respondent submissions.
  • Separation of Filing Fees from Panellist Fees.
    • “Previously, Complainants were required to pay the entire $4,000 filing fee upon filing a CDRP complaint. Under the revised CDRP Rules, Complainants are now only required to pay the Dispute Resolution Provider fee of $1,000 to file a complaint.”

The revised CDRP rules come into effect August 22, 2011.

The drive to determine what is patentable

Last week, the U.S. Supreme Court agreed to hear an appeal of Mayo Collaborative Services v. Prometheus Laboratories, Inc., on the issue of whether or not methods of medical diagnosis are patentable in the US.

Closer to home, tomorrow is the appeal hearing for Amazon v. Canada, Federal Court File A-435-10, in which Amazon seeks to have the Court of Appeal confirm that methods of doing business (such as a method of doing “1-click” shopping online in this case) are patentable in Canada. We should see a decision from the Court within a year.

These are exciting times for the patent bar as well as for scientists worldwide, as these decisions can affect many companies’ R&D directions in the coming years.