Browsing History – Does Knowledge of Site Administrators’ Access Give Consent to Disclosure to Law Enforcement?
A recent US decision held that a person’s browsing history on web dating sites – not just his profiles, which were clearly intended for public use – could be disclosed to police because the person had authorized the administrators of the sites to know what he was looking at. The case, People v Holmes, involved a high-profile defendant in a criminal case (the person who shot up the Colorado movie theatre – allegedly), but these cases should not turn on whether the person claiming a privacy right is sympathetic.
The key for the court is contained in this passage:
[T]he defendant voluntarily conveyed and exposed identification and billing information to two large social networking services. Furthermore, he voluntarily exposed his IP address to the administrators of both networks. Through his IP address, the website administrators were able to collect his log data, including log in times and the duration of sessions. There is no basis in the record to conclude that the defendant did not know that the websites would collect, monitor, transfer, and manipulate his log data.
In view of this reasoning, does anyone have any expectation of privacy in any browsing one does through a web service? Is this right? Would the same decision be made under Canadian privacy or criminal law?