Blue Line

News
No Reasonable Privacy Expectation In Highjacked Account


September 8, 2015
By Mike Novakowski

BC’s top court has ruled that an accused did not have a reasonable expectation of privacy in Internet Service Provider (ISP) information because he fraudulently set up the account.

In <R. v. Caza, 2015 BCCA 374,> a police detective was investigating a peer-to-peer network used for sharing child pornography files. Using the username and password of another man who had been arrested, the detective posed as the contact.

The detective discovered a number of messages referencing child pornography from the username Paper123boy. The following day messages arrived offering to share files which contained child pornography. The Internet Protocol (IP) address for Paper123boy was captured and it was determined that Shaw was the ISP.

A “law enforcement request” was sent to Shaw, which provided the name and address of the IP user. The address holder, Feltham, had briefly resided with the accused Caza but cancelled his Shaw account when he moved out.

Advertisment

Caza continued to reside at the address, then reinstated the account by fraudulently posing as Feltham. Police prepared an information to obtain a search warrant (ITO) for Caza’s residence and arrested him.

A search revealed a 500 gigabyte hard drive containing thousands of images and videos of child pornography. Caza was charged with several offences related to possessing and distributing child pornography and luring a person under the age of 16.

In BC Supreme Court Caza sought to have the seized hard drive excluded as evidence arguing, in part, that the ITO was based on unlawfully obtained information. He submitted that police required a warrant to obtain the IP subscriber information from Shaw.

The judge found Caza had no reasonable expectation of privacy in the subscriber information associated with the IP address, thus the request was not a warrantless search and therefore not unreasonable. Furthermore, even if there was a <s. 8> Charter breach, the judge would have admitted the evidence under <s. 24(2)>.

Caza was convicted of possessing child pornography, transmitting, making available or distributing child pornography and breaching his <s. 810.1> recognizance.

After the trial judge’s ruling, the Supreme Court of Canada in <R. v. Spencer, 2014 SCC 43> found that an accused had a reasonable expectation of privacy in his ISP information and a police request for this information amounted to a search under <s. 8>. Caza then appealed his convictions to the BC Court of Appeal, arguing the trial judge erred in holding that he did not have a reasonable expectation of privacy in the ISP information.

Justice Stromberg-Stein, writing the court’s judgment, agreed with the trial judge that Caza did not have a reasonable expectation of privacy in this case. Although it could be inferred that he had a subjective expectation of privacy, it was not objectively reasonable. Unlike in , Caza did not have permission to use Feltham’s Shaw account.

<In my view Spencer is distinguishable. Although [the accused] had a direct interest in the subject matter of the search, including an informational privacy interest of anonymity in the subscriber information linking him to his particular, monitored Internet activity, and a territorial privacy interest resulting from his use of his home computer, and he may have had a subjective expectation of privacy, his subjective expectation was not objectively reasonable.

[The accused] did not have the permission of Mr. Feltham to use his Shaw account and, in fact, fraudulently hijacked his Internet account. Lack of permission in the circumstances of this case is sufficient to render any subjective expectation of privacy [the accused] may have had objectively unreasonable> [para. 32].

Caza had no reasonable expectation of privacy in the subscriber information which led to a search of Internet activities in his own home. Since there was no Charter breach, a <s. 24(2)> analysis was unnecessary. Caza’s appeal was dismissed.