Litigation

Used for Featured Articles

Police can search smartphone without a warrant on arrest

Smartphones today hold our entire digital lives. Not only do they hold our intimate emails and text messages, but much more importantly our smartphones also contains apps such as Dropbox and OneDrive which are already logged in and allows access to a treasure trove of our most personal files in the cloud. What happens when the police get a hold of our smartphone?

The good news is that the courts realize our smartphones are used to do more than just make phone calls, and recognize that a search of a smartphone is much more intrusive than, for example, a simple search of a bag. In R. v. Fearon, 2014 SCC 77, the Supreme Court wrote at at para 51:

[…] the search of cell phones, like the search of computers, implicates important privacy interests which are different in both nature and extent from the search of other “places” […]. It is unrealistic to equate a cell phone with a briefcase or document found in someone’s possession at the time of arrest. As outlined in Vu, computers — and I would add cell phones — may have immense storage capacity, may generate information about intimate details of the user’s interests, habits and identity without the knowledge or intent of the user, may retain information even after the user thinks that it has been destroyed, and may provide access to information that is in no meaningful sense “at” the location of the search […]

Moreover, the Supreme Court at para 53 recognizes that the law should not treat a smartphone differently whether it is password protected or not:

An individual’s decision not to password protect his or her cell phone does not indicate any sort of abandonment of the significant privacy interests one generally will have in the contents of the phone.

But the good news ends there. In a ruling released today, the Supreme Court held in R. v. Fearon, 2014 SCC 77 at para 64 & 83 that the police can search a smartphone without a warrant when arresting a suspect, and that this does not infringe on our constitutional rights against unreasonable search and seizure (which is what s. 8 of the Charter is all about):

I therefore reject the idea that s. 8 of the Charter categorically precludes any search of a cell phone seized incidental to a lawful arrest.

[…]

To summarize, police officers will not be justified in searching a cell phone or similar device incidental to every arrest. Rather, such a search will comply with s. 8 where:

(1) The arrest was lawful;

(2) The search is truly incidental to the arrest in that the police have a reason based on a valid law enforcement purpose to conduct the search, and that reason is objectively reasonable. The valid law enforcement purposes in this context are:

(a) Protecting the police, the accused, or the public;

(b) Preserving evidence; or

(c) Discovering evidence, including locating additional suspects, in situations in which the investigation will be stymied or significantly hampered absent the ability to promptly search the cell phone incident to arrest;

(3) The nature and the extent of the search are tailored to the purpose of the search; and

(4) The police take detailed notes of what they have examined on the device and how it was searched.

This is in contrast to a series of rulings by the Supreme Court recently in R. v. Spencer, 2014 SCC 43, R. v. Vu, 2013 SCC 60, and R. v. Telus, 2013 SCC 16, where the court concluded that searches of a computer in a residence required a separate warrant for computer data, and searches of records at a telecommunications provider also required a warrant.

Fearon was a narrow 4-3 decision with a strong dissent, and in time it may be overturned. However,  given the state of the law at the moment, it would be prudent to lock your phone with a strong password (instead of a biometric feature like a fingerprint or a weak 4 digit passcode), and to enable strong data protection/encryption.  Finally, keep in mind that if questioned by the police, you are under no obligation to answer any questions, incriminate yourself, or to disclose your password to the authorities.

Telus records all your texts

Yesterday, the Supreme Court in R. v. Telus, 2013 SCC 16 made an interesting ruling on what types of warrants are applicable to text messages under the Criminal Code.  What’s interesting isn’t the ruling – as expected, the Court decided that text messages are “private communications” and require a more specific warrant authorizing the interception of private communications rather than a general warrant order.

What’s really interesting is this case provides a glimpse into the internal workings of Telus as it processes text messages from its mobile subscribers.

It starts off quite normally, just like any other service provider:

When Telus subscribers send a text message, the transmission of that message takes place in the following sequence.  It is first transmitted to the nearest cell tower, then to Telus’ transmission infrastructure, then to the cell tower nearest to the recipient, and finally to the recipient’s phone.  If the recipient’s phone is turned off or is out of range of a cell tower, the text message will temporarily pause in Telus’ transmission infrastructure for up to five days.  After five days, Telus stops trying to deliver the message and deletes it without notifying the sender.

But then things get interesting:

Unlike most telecommunications service providers, Telus routinely makes electronic copies of all the text messages sent or received by its subscribers and stores them on a computer database for a period of 30 days. Text messages that are sent by a Telus subscriber are copied to the computer database during the transmission process at the point in time when the text message enters Telus’ transmission infrastructure. Text messages received by a Telus subscriber are copied to the computer database when the Telus subscriber’s phone receives the message. In many instances, this system results in text messages being copied to the computer database before the recipient’s phone has received the text message and/or before the intended recipient has read the text message.

This is interesting for a few reasons:

  1. If the sender or recipient of a text message is on Telus, then the text message will be stored for at least 30 days, and
  2. In light of this SCC ruling, Telus will give up the contents of all your text messages for the last 30 days when given a specific warrant under Part VI of the Criminal Code that authorizes the interception of private communications. However, for other mobile providers which don’t routinely store text messages like Telus, even when given such a specific warrant for the interception of private communications, they will be unable to supply the police with the contents of your previous text messages because no record of it exists.

Ontario court confirms new privacy tort

Earlier this year, the Ontario Court of Appeal in Jones v. Tsige, 2012 ONCA 32 confirmed the existence of a new tort of privacy, a cause of “action for intrusion upon seclusion”:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

The key features of this cause of action are:

  • the defendant’s conduct must be intentional, within includes reckless conduct;
  • the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns;
  • a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.

Proof of harm to a recognized economic interest is not required. However, given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be modest.

The court also emphasized that the types of intrusions covered are to be decided objectively:

Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.

This new development in tort law is welcome as previous cases were unclear whether a tort of privacy actually exists in Ontario. Businesses which keep financial or health records should make their employees aware that such a tort of privacy exists and should take steps to further protect their customers’ information.

Defamation and linking to defamatory materials

The Supreme Court today tackled the issue of whether a hyperlink linking to another web page with defamatory material is itself defamatory.  The Court concluded that the use of a hyperlink to link to another page with defamatory material is not itself defamatory.

In Crookes v. Newton, 2011 SCC 47, the defendant Newton had posted material on his website linking to other websites that contained defamatory material about the plaintiff Crookes. Crookes sued Newton on the basis that two of the links he created connected to defamatory material, and that by using those hyperlinks, Mr. Newton was publishing the defamatory information.

The Court concluded that:

 Making reference to the existence and/or location of content by hyperlink or otherwise, without more, is not publication of that content.  Only when a hyperlinker presents content from the hyperlinked material in a way that actually repeats the defamatory content, should that content be considered to be “published” by the hyperlinker.

[…]

[…] the use of a hyperlink cannot, by itself, amount to publication even if the hyperlink is followed and the defamatory content is accessed […]

As the plaintiff in a defamation suit must prove on that the defamatory words were “published”, the use of a hyperlink to defamatory material, without more, is not defamatory.

Changes to rules regarding .ca domain disputes

The Canadian Internet Registration Authority (CIRA) recently announced changes to the CIRA Domain Name Dispute Resolution Policy (CDRP). The CDRP, which governs disputes over .ca domain names alleged to be registered in bad faith, has been in effect since 2002.

Some of the changes include:

  • Bad Faith “Legitimate Interest Factors” are now Non-Exhaustive.
  • Bad Faith Factor of Commercial Gain Added.
  • Electronic Filing of complaints and respondent submissions.
  • Separation of Filing Fees from Panellist Fees.
    • “Previously, Complainants were required to pay the entire $4,000 filing fee upon filing a CDRP complaint. Under the revised CDRP Rules, Complainants are now only required to pay the Dispute Resolution Provider fee of $1,000 to file a complaint.”

The revised CDRP rules come into effect August 22, 2011.

Kik’s defence to RIM’s infringement lawsuit

Late last year, RIM sued Kik Interactive Inc., the maker of the popular cross-platform instant messaging client Kik Messenger, alleging breach of confidentiality, trademark infringement, and patent infringement.  At the same time, RIM also removed Kik Messenger from BlackBerry App World.

It’s been a long time coming, as we were expecting Kik’s statement of defence to be filed with the court at the end of December. Finally, on Monday Feb 7, 2011 (well after the 30 day deadline for Canadian defendants), Kik filed their defence and counterclaim after the Court granted them an extension of time.

I had a look at Kik’s Statement of Defence and Counterclaim today (available here, 7MB PDF).

Kik denies that it was developing a cross-platform instant messaging client in secret or had access to RIM’s BBM confidential documents, denies that it’s infringing on RIM’s trademarks or patents, and found prior art (EP093213, JP10013881, Outlook 2000, and a whole list of documents in Schedules A & B) which Kik alleges makes RIM’s asserted patents invalid.

Kik theorizes that as a result of the “overnight success of Kik Messenger”, “senior executives at RIM caused RIM to embark on a campaign to destroy or seriously harm Kik, including unilaterally terminating the various agreements between Kik and RIM, suspending and then removing Kik Messenger from BlackBerry App World and commencing this lawsuit, including a meritless patent infringement claim which RIM knew had no realistic chance of success.”

Kik portrays the suit as a classic case of Goliath picking on the poor small startup: “RIM employed a ‘bully’ like strategy, while Kik attempted to appease RIM…”.

Interestingly, in the statement of defence Kik asserted that Ted, the CEO of Kik, did not have access to the BlackBerry Messenger (BBM) source code while he worked at RIM’s BBM team as a Project Coordinator.  Kik also denies that Ted had access to RIM’s development plans, market research, and other internal reports related to BBM while working as part of RIM’s BBM team, as RIM had alleged in its statement of claim.  It’ll be very interesting to see exactly what documents Ted had access to or potentially had access to while working as part of RIM’s BBM team, and whether any of them led to his decision to develop a cross-platform instant messaging client in late 2009.

As with most lawsuits, the truth will come out during discovery and at trial, and will probably fall somewhere in between the allegations made in RIM’s statement of claim and Kik’s statement of defence.

%d bloggers like this: