Canadian Court Affirms Citizens Still Have An Expectation Of Privacy In Devices Being Repaired By Third Parties

from the smallish-bulwark-against-tyranny dept

A Canadian appeals court has decided in favor of greater privacy protections for Canadians. The case involves the discovery of child porn by a computer technician who was repairing the appellant's computer. This info was handed over to the police who obtained a "general warrant" to image the hard drive to scour it for incriminating evidence.

Yes, "general warrants" are still a thing in the Crown provinces. The same thing we fought against with the institution of the Fourth Amendment exists in Canada. These days, it has more in common with All Writs orders than the general warrants of the pre-Revolution days, but there's still a hint of tyrannical intent to them. (Again, much like our All Writs orders, which date back to 1789.) "General warrants" are something the government uses when the law doesn't specifically grant permission for what it would like to do:

A provincial court judge, a judge of a superior court of criminal jurisdiction or a judge as defined in section 552 may issue a warrant in writing authorizing a peace officer to, subject to this section, use any device or investigative technique or procedure or do any thing described in the warrant that would, if not authorized, constitute an unreasonable search or seizure in respect of a person or a person’s property if

(a) the judge is satisfied by information on oath in writing that there are reasonable grounds to believe that an offence against this or any other Act of Parliament has been or will be committed and that information concerning the offence will be obtained through the use of the technique, procedure or device or the doing of the thing;

(b) the judge is satisfied that it is in the best interests of the administration of justice to issue the warrant; and

(c) there is no other provision in this or any other Act of Parliament that would provide for a warrant, authorization or order permitting the technique, procedure or device to be used or the thing to be done.

The appellant's challenge of the general warrant (rather than a more particular search warrant) almost went nowhere, but this decision grants him (and others like him) the standing to challenge the warrant in the first place. As the court notes, handing a computer over to a technician doesn't deprive the device's owner of an expectation of privacy.

In our view, the appellant had standing to argue a violation of his section 8 Charter right to be free from unreasonable search. The Crown concedes that the appellant maintained a reasonable expectation of privacy in the data stored on the computer even after delivery of his computer to the repair shop. Privacy is not an all-or-nothing concept. Allowing a technician to have physical access to the computer for the purpose of carrying out repairs does not amount to a waiver of the appellant’s strong expectation of privacy vis-à-vis third parties such as the police. While the appellant’s expectation of privacy was diminished to the extent that he could reasonably expect the repair technician to examine files on the computer in the course of the repairs, this operational reality does not deprive the appellant of standing to bring a claim under section 8 of the Charter.

Standing helps, but ultimately didn't help the appellant here. The court decides the failure to obtain the proper warrant is indeed a violation, but one not severe enough to trigger suppression of the evidence.

The failure to obtain an ordinary search warrant resulted in, at worst, a technical breach of the appellant’s section 8 Charter rights. There was prior judicial authorization for the search even though it was obtained pursuant to the wrong section of the Criminal Code. A general warrant requires reasonable and probable grounds to believe an offence has been committed, and reasonable and probable grounds to believe the search will reveal evidence of an offence – the same standard a judge would have applied with a traditional search warrant under section 487 of the Code.

The court goes on to note the failure to follow proper procedures when obtaining the warrant (ultimately the wrong sort of warrant) was negligent. It was anything but a "trivial" breach of protocol. Even if the officer's inexperience resulted in erroneous actions, the violation is severe enough for the court to take note of. But this negligence isn't enough to overcome the inevitable outcome of the search, in the court's opinion.

In this case, however, the causal link between the forensic search of the computer’s files and the violation of section 489.1 is very weak. Again, there is no reason to believe that the search of the computer’s files would have unfolded any differently if the officer who seized his computer had complied with section 489.1. On this record, any justice would have authorized the initial police detention of the computer, giving the police three months in which to seek a search warrant. There was no copying of the computer’s hard drive prior to the police obtaining a general warrant, which occurred within that three-month period. While the search of the computer’s files undoubtedly had a very significant impact on the appellant’s privacy interests, the police had sought and obtained judicial authorization prior to conducting the initial search, i.e., the forensic imaging. Although the effects of the breach were not trivial, we would not describe the impact on the appellant’s Charter-protected interest, as being particularly serious…

So, while this didn't end up giving the defendant the suppression he was seeking, it did at least affirm an expectation of privacy in devices being handled and repaired by third parties. Better, the opinion contains the government's concession that this privacy expectation exists. Hopefully, this will help deter violations -- erroneous or not -- in the future.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Rekrul, 23 Jul 2018 @ 10:55am

    Better, the opinion contains the government's concession that this privacy expectation exists. Hopefully, this will help deter violations -- erroneous or not -- in the future.

    How is it going to deter anything when the court basically said "You shouldn't have done this, but since you did, we'll allow it."?

    Also, I can't help wondering if the outcome would have been the same if he'd bee accused of anything else other than possession of child porn. When CP is involved, it seems there's no legal violation by police that the courts won't turn a blind to.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Jul 2018 @ 11:17am

      Re: And you wish that would?

      When CP is involved, it seems there's no legal violation by police that the courts won't turn a blind to.

      A court has looked at this quite closely and found only a technical violation. Do you even understand the "inevitable outcome" phrase?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Jul 2018 @ 2:10pm

        Re: Re: And you wish that would?

        Do you even understand the "inevitable outcome" phrase?

        I don't. If it's inevitable, why not skip the warrant and convict them?

        reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 23 Jul 2018 @ 12:23pm

      Letting bad people walk

      It's a failure of the system that protection of the people's rights often mean someone who did something terrible is acquitted, which is the situation that leads to judges giving overreaching investigators and law enforcement a pass.

      Rather, the Supreme Court ruled that if a crime is bad enough, catching the criminal at any cost is justified (that is, evidence of such crimes cannot be suppressed), so they've clarified that the legal system serves not the public but corporate and aristocratic interests, especially since they felt possession was severe enough a crime.

      Also the problem of making given crimes (or categories of crimes) justification to violate civil rights is that all crimes become related to that crime. Much that all traffic stops are now drug-related to justify asset forfeiture, they'll also be child-porn related to justify unreasonable search.

      reply to this | link to this | view in chronology ]

  • icon
    NeghVar (profile), 23 Jul 2018 @ 10:57am

    This started my career

    Back in 2008, I worked at a PC repair shop. A person brought a system in for malware removal. We took it in an began our scans. Shortly into the scan, his screen saver activated and it was a slide show of child porn. I turned off the monitor and told the other techs to not touch the system since it was now a crime scene. I told my boss. He called the police. They arrived and asked me every single thing I did to the system from the moment I plugged it in, to spotting the child porn.
    A few days later we were being sued by the owner of the PC for snooping around his system. The forensic analysts saved us from that be showing proof that his screen saver was set up to display that at a date before he brought in the system. This event inspired me to pursue a degree in digital forensics which I just completed spring 2018.

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 23 Jul 2018 @ 11:30am

      Re: This started my career

      The guy had the galls to sue you. Seriously? Thanks for sharing your experience.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Jul 2018 @ 1:54pm

      Re: This started my career

      Why do so many who are fixing PC's go snooping all over the persons Hard Drive? Really snooping at all of the users Data. Maybe the person wanted to see if there's any nudes of his girlfriend or wife, or looking for banking Data, etc. A completely wrong thing to do, but so many computer repair places do this!!! Some people are even getting paid by the police to go snooping on people's computers. That's a known fact!!!

      I know in this rare case, the idiot had a screen saver on and the dumb thing was linked to his CP. So the computer its self, turned him in. So it's completely different fro most cases like this.

      After all these cases, you really have to be an IDIOT to bring your computer anywhere that has anything criminal on it to get fixed.

      reply to this | link to this | view in chronology ]

  • icon
    Bamboo Harvester (profile), 23 Jul 2018 @ 11:03am

    How the US gets around this...

    It's called Mandated Reporting. Teachers, social workers, just about anyone that gets a check from the government (which means a pension as well, in many cases) is REQUIRED to report ANY form of abuse they witness. Penalties for not doing so range from being fired to being charged as an Accessory.

    Looks like we're going to see similar for anyone working on electronics.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Jul 2018 @ 11:18am

      Re: How the US gets around this...

      How the US gets around this...

      What exactly is the legal obstacle that you construe people in law are "getting around", and shouldn't?

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 23 Jul 2018 @ 4:39pm

        Client--Technician privilege?

        It's a problem that goes both ways.

        A doctor who treats a teenager for an STI from illegal sex can retain docter-patient privilege in order to inform the adult partner about it. (and vice versa, if the adult has the STI and a teen partner.) Without that, patients are incentivized not to be forthcoming with their doctors and let the infections spread among the population in order to protect themselves.

        On the other hand, mandated reporting for incidents of child abuse (or child sexual abuse) also means professionals can't promise to not disclose family problems if they reveal that someone is in imminent danger. The same with people who are immanently suicidal.

        But then again, this means that patients aware of mandated reporting laws are disinclined to talk about any danger they are in, if it means they or someone close to them might be threatened by law enforcement.

        It's gotten worse since the age of mobile cameras and the rise of awareness of police brutality. In my community, the threat of mandatory reporting is regarded as nothing short of a death threat by patients. Law enforcement is notorious for gunning down crazy people who cannot follow explicit instructions.

        As a result our patients often go silent when they are most in need of contact, therapy and treatment, since a triggered mandate either puts the professional at risk of losing their license or the patient of being slain in their tracks (or at very least losing their liberty and being drugged by medical personnel unfamiliar with their case -- a nightmare scenario of its own)

        But that's medical issues.

        With tech, the problem is that no matter who you are, something can be found in your system that will incriminate you. The question is if it's worth searching your system for whatever it is. Generally if the Department of Justice thinks you are a bad guy, typical policy is to arrest you first and figure out what data of yours will get you the longest prison sentence with the least amount of effort.

        Generally, reporting is bad for the tech firm (as no-one wants to go to a tech company that will turn them in for any reason) but, as the Geek Squad thing shows, tempting for the individual technicians.

        Mandated reporting and privacy protections would create a standard about what kinds of evident data warrants law-enforcement intervention, and what doesn't. (Lolicon -- that is drawn cartoon depictions of pre-teen sex popular in Japan -- is criminal in Canada and much of the US. Should lolicon be reported?)

        But I doubt we could get a consistent group to agree on what those standards should be, especially since there are big personal incentives for convictions. Essentially (I think) one shouldn't send private drives to data recovery services if they're going to report you for any reason. Police in the United States cannot be trusted to investigate or respond to crime.

        reply to this | link to this | view in chronology ]

        • identicon
          Bruce C., 23 Jul 2018 @ 7:29pm

          Re: Client--Technician privilege?

          If every "criminal" knew how to replace their own hard drives and reinstall the OS, they wouldn't have this problem...

          In the real world, people don't know enough to maintain their own computers and it's impossible for them to "remove the evidence" before taking it into the shop if the drive is already broken.

          On the third hand, there aren't that many crimes (yet) that require mandatory reporting, and a computer tech isn't likely to recognize many types crimes hidden in people's data.

          I strongly suspect most techs don't poke around trying to discover CP, they poke around trying to discover porn in general for their own amusement, or see preview thumbnails while doing normal reviews of file and directory structure after a data recovery from a drive failure.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 24 Jul 2018 @ 10:12am

            Replacing hard drives

            With the rise of cheap external drives replacing data drives (including porn stashes) should be much less of a problem. Granted, when I've done tech support work, it was often for technophobes who couldn't understand system components.

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Jul 2018 @ 11:39am

      Re: How the US gets around this...

      Are you implying the computer repair tech was on the government payroll?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Jul 2018 @ 1:58pm

        Re: Re: How the US gets around this...

        Of course, it's been talked about in the past. Why would you just go snooping through a person's personal files otherwise? No need to do that to fix a computer. I've fixed many computers and never once saw a need to go through personal files on the HDD. Even if you back up the HDD, you're not looking through the files. No need to look through files fixing device drivers either.

        Really how does looking through pictures fix anything? it doesn't, it's snooping. The perfect people for the police to pay to snoop through the systems of people's computers they're fixing.

        reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 24 Jul 2018 @ 10:46am

          Re: Re: Re: How the US gets around this...

          You really think people need to be paid to snoop through others' private stuff? Lots of people would jump at the chance to do that.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 24 Jul 2018 @ 11:35am

            Paying people to snoop.

            I think people naturally snoop.

            I don't think people naturally turn their snooped findings to law enforcement, since doing so means admitting you were snooping.

            Hence the cash incentives.

            See something? Say something!

            Don't see anything? Look harder!

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Jul 2018 @ 12:32pm

      Re: How the US gets around this...

      Hmmm - do they report their own employer for the transgressions that they witness or do they look the other way?

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 23 Jul 2018 @ 3:14pm

        In-house tech pools

        In large companies that have their own tech-pool to recover data for them, it's probably a really bad idea to report any kind of data that might serve as biographical leverage, whether child porn or slush fund accounts.

        If it's from upper management, no-one will go to jail, but you'll never work again in the same field.

        Now Geek Squad is known to report data to law enforcement for any reason as a means of personal revenue enhancement (the police pay them as informants). But generally, that means I'd avoid going to Geek Squad for data recovery, given they are actively looking for something to bust me for.

        Generally, I want data recovery from a company that will respect my privacy, since even if I think I have nothing to hide we know that they'll make excuses to ruin my life just because I have opinions that are perpendicular to theirs.

        reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 23 Jul 2018 @ 11:17am

    ONE DAY after "Stone" defended Techdirt from charge that want

    those downloading child pornography to escape justice, HERE'S THIS exactly proving the charge.

    Your "quote and contradict" method isn't going to make the charge go away, kids, so long as keep running such items as though it's an outrage by police against all civil procedure.

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 23 Jul 2018 @ 11:36am

      Re: ONE DAY after "Stone" defended Techdirt from charge that want

      Yep, because the criminal is a despicable person (a pedo in this case) let's just throw all due process and constitutional rights out of the window. Don't be surprised when they do it with you ok?

      If a serious criminal went free because law enforcement couldn't bother to follow the law then the fault lais not with reporters pointing out the error but rather with law enforcement who didn't do it right. We should be demanding explanation from law enforcement when said criminal acts again because it's THEIR fault he/she is not in jail.

      Stop blaming your own goddamn rights for law enforcement mistakes.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Jul 2018 @ 11:40am

      Re: ONE DAY after "Stone" defended Techdirt from charge that want

      I have read this comment three times, and I still don't understand what you're trying to say.

      If you decide to try again, could you perhaps comment with an eye towards making sure that people can understand what you're referring to?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Jul 2018 @ 11:41am

    Re: Spam marketing in comments

    Nuke the spammer!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Jul 2018 @ 12:35pm

    Re: BG/SBLC FOR LEASE AND SALE WITH MONETIZING

    Good for you, want a cookie?

    reply to this | link to this | view in chronology ]

  • icon
    norahc (profile), 23 Jul 2018 @ 12:53pm

    Glad to know here in the US we don't have General Warrants...all we have is the All Writs Act, Third Party Doctrine, Plain Sight Exception and just about any other excuse law enforcement can dream up.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Jul 2018 @ 1:22pm

      Re:

      Don't forget the good faith exception, where all you have to do is remain ignorant of the law to make the warrant valid.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Jul 2018 @ 2:00pm

        Re: Re:

        Funny how that works for the police, but for you and I, it's not a valid excuse.

        reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 23 Jul 2018 @ 4:54pm

        Re: Re:

        Add 'inevitable discovery' to that list, where police can demand a device be unlocked because obviously they know what's on it, and therefore forcing the accused to provide potentially incriminating evidence isn't actually forcing them to provide potentially incriminating evidence that can be used against them.

        reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.