York University v. Bell Canada Enterprises: Observations and Implications for Future Norwich Jurisprudence
In an earlier posting on Slaw, Norwich Order Applied to Gmail Account, Omar Ha-Redeye discussed the facts, findings and implications of the recent decision in York University v. Bell Canada Enterprises, 2009 CanLII 46447 (ON S.C.). To that excellent posting, I offer some additional observations.
First, York University v. Bell Canada Enterprises is of interest in respect of its finding regarding the first element of the test for a Norwich order. Prior to York University v. Bell Canada Enterprises, it was arguably well-established that the first element in the test for Norwich order is that the applicant must demonstrate a ‘bona fide’ claim, as opposed to a prima facie case. (See e.g. GEA Group AG v. Ventra Group Co. 2009 ONCA 619 (CanLII)). The difference between these two thresholds was discussed at length in BMG Canada Inc. v. Doe, 2005 FCA 193 (CanLII). The Federal Court of Appeal rejected the latter threshold, finding as follows:
In my view, it would make little sense to require proof of a prima facie case at the stage of the present proceeding. The appellants do not know the identity of the persons they wish to sue, let alone the details of precisely what was done by each of them such as to actually prove infringement. Such facts would only be established after examination for discovery and trial. The appellants would be effectively stripped of a remedy if the courts were to impose upon them, at this stage, the burden of showing a prima facie case. It is sufficient if they show a bona fide claim, i.e. that they really do intend to bring an action for infringement of copyright based upon the information they obtain, and that there is no other improper purpose for seeking the identity of these persons.
In York University v. Bell Canada Enterprises, the court held that “the plaintiff had established a prima facie case of defamation and the claim appeared to be reasonable and made in good faith”. However, this finding should not be read to suggest that a prima facie case must be demonstrated in future Norwich applications. A better reading of the decision is that the court was of the view that the applicant had made out more than the required bona fide claim.
Second, as in most applications to compel the identity of anonymous Internet users, in York University v. Bell Canada Enterprises there was “No one appearing for the Respondents”. The court alluded to the possibility of ordering that the targeted individuals be notified so that they could object (through counsel) to the disclosure of their identities. However, without explaining the reasons for its finding, the court held that this was not a case where the targeted individuals should be notified:
…it may be appropriate, in a given case, to require that the unknown publisher of the offending material be given notice of the proceedings. It does not appear to have been done as a matter of course in other Norwich order cases and I did not consider it necessary to do so in this case.
In future cases where privacy interests are balanced against the interests of a Norwich applicant in pursuing a potential claim, the question of whether notice ought to be given to the affected individuals will undoubtedly arise again. To date, Canadian courts have not pressed the question of whether a Norwich order for identification ex parte to the targeted individuals is appropriate where the party from whom the disclosure is sought could itself provide notice to the targeted individuals.
In the copyright infringement context, many Canadian ISPs participate in a ‘notice and notice’ system whereby they forward notices to subscribers that copyright owners allege have engaged in infringement. This practice demonstrates that notices are technically feasible in many cases. Indeed, in another Norwich case, BMG Canada Inc. v. Doe, 2005 FCA 193 (CanLII), some ISPs voluntarily notified their customers of the Norwich application that had been brought against the ISPs. However, Canadian courts have yet to provide guidance on if and when notice ought to be ordered by the court.
On the other hand, where an applicant for a Norwich order does not wish the ISP or other entity to provide notice to the targeted individual, the applicant can either seek that assurance from the ISP prior to seeking a Norwich order, or consider obtaining an order for same, perhaps ex parte to the ISP if appropriate. This may be critical in, for example, a fraud case where the applicant does not wish to tip off the target that the applicant is pursuing him or her and where multiple parties may have to provide information in succession in order to ultimately identify the target.
Expectation of Privacy
Finally, York University v. Bell Canada Enterprises reinforces the notion that the terms of service of an individual’s ISP can be a key factor in determining whether an individual has a reasonable expectation of privacy in their Internet usage. For example, R. v. Ward 2008 ONCJ 355 (CanLII) (On. S.C.) and R. v. Kwok 2008 WL 1995837 (On. S.C.) emphasized the relevance of looking to the language of the ISP policy or subscriber agreement in determining whether a reasonable expectation of privacy exists in the information sought. In York University v. Bell Canada Enterprises, the court reviewed the Bell and Rogers terms of service and held that:
A Bell customer can reasonably contemplate, therefore, that his or her identity may be disclosed by order of the court in the event he or she engages in unlawful, abusive or tortious activity.
the internet service customer(s) who published the communications could not have a reasonable expectation of privacy in relation to the use of the internet for the purpose of publishing defamatory statements.
The reasoning above includes a pre-supposition that the targeted individuals have engaged in unlawful conduct. Although the court was clearly of the view that wrongdoing was evident on the facts of the application, the above reasoning misses the fact that the very purpose for the disclosure of the individuals’ identities is to permit the plaintiff to sue and ultimately to determine whether or not the alleged tort was in fact committed. In other words, at the time that the court is assessing the privacy interest on a Norwich application, it does not know whether the targeted individual is part of the class of innocent Internet users or the class of unlawful Internet users. Accordingly, individuals’ privacy expectation ought not to be defined on the premise that they are in the latter category.
Therefore, instead of stating that individuals have no reasonable expectation of privacy in their Internet usage based on the assumption that the allegation against them is true, the better analytical framework within which courts might approach Norwich applications for identifying information would be to start from the position that individuals have an expectation of privacy in their Internet usage, including their email accounts, (unless there are reasons to conclude the opposite in a given case) but that courts may pierce that expectation of privacy in a limited manner in appropriate circumstances where unlawful activity appears to have taken place. Although this framework would likely have produced the same outcome in York University v. Bell Canada Enterprises, it would arguably have done so in a manner that better balanced Internet users’ legitimate privacy interests against the need for the applicant to have disclosure.