The SCC and Technological Change
Last week, David Cheifetz collected the salient paragraphs of the SCC’s decision on R. v. Morelli (2010 SCC 8) in a post here on Slaw, but only limited discussion followed. The dissent, though, has some interesting observations that deserve highlighting, such as this one from paragraph 144:
In light of the inevitability of technological change, it is important not to needlessly handcuff the courts to a concept of possession that is limited to certain technologies or to current-day computer practices. Control has been the defining feature of possession, not the possibility of finding data files on a hard drive. To adopt downloading as the threshold criterion would be to take a formalistic approach rather than drawing a principled distinction between access and possession. The classical approach to possession, rooted in control, therefore remains the most reliable one. It is the one that is most readily adapted to technological developments and it will not require courts to hear detailed forensic evidence of technological advances on an ongoing basis just to keep up with the times.
It seems the majority missed the point that in order to create the shortcut in Favourites, the user typically (and almost without exception) must first click on the link and access the webpage. That requires intent – it’s not a passive process. And I agree with the dissent that you don’t need to have physical custody of the disk that hosts the webpage to have possession and control. You can forward the link to others (thus distributing the images), print it, save it locally, resize it – whatever.
The majority appears to assume that you can’t distribute the images unless you have physical copies, as you would with videotape or film or photographs – but that’s not the case with the internet.
The Federal Court encountered a related problem in eBay Canada Limited v. Canada (National Revenue), where it was asked to review an order to divulge information about Canadian eBay “PowerSellers”, information that is stored on US servers but available and accessible to eBay Canada. The Court observed:
[23] The issue as to the reach of section 231.2 when information, though stored electronically outside Canada, is available to and used by those in Canada, must be approached from the point of view of the realities of today’s world. Such information cannot truly be said to “reside” only in one place or be “owned” by only one person. The reality is that the information is readily and instantaneously available to those within the group of eBay entities in a variety of places. It is irrelevant where the electronically-stored information is located or who as among those entities, if any, by agreement or otherwise asserts “ownership” of the information. It is “both here and there” to use the words of Justice Binnie in Society of Composers, Authors and Music Publishers of Canada v. Canadian Ass’n of Internet Providers, 2004 SCC 45 (CanLII), [2004] 2 S.C.R. 427 at paragraph 59.
Upon appeal from the decision enforcing the order based on fact that the information was “foreign-based”, the Federal Court of Appeal stated:
[47] The scheme of section 231.6 suggests that Parliament was concerned that it could be unduly onerous for a person to be required to produce material located outside Canada and in the possession of another person, and that the section may operate in an unduly extraterritorial manner. While these concerns may be taken into account on a review by a judge for unreasonableness, they are largely irrelevant to the information (bulky as it may be) that is the subject of the requirement in the present case.
[48] This is because, with the click of a mouse, the appellants make the information appear on the screens on their desks in Toronto and Vancouver, or anywhere else in Canada. It is as easily accessible as documents in their filing cabinets in their Canadian offices. Hence, it makes no sense in my view to insist that information stored on servers outside Canada is as a matter of law located outside Canada for the purpose of section 231.6 because it has not been downloaded. Who, after all, goes to the site of servers in order to read the information stored on them?
In R. v. Salituro ([1991] 3 S.C.R. 654), Justice Iacobucci wrote:
….this Court has signalled its willingness to adapt and develop common law rules to reflect changing circumstances in society at large. In four recent cases,… this Court has laid down guidelines for the exercise of the power to develop the common law. The common theme of these cases is that, while complex changes to the law with uncertain ramifications should be left to the legislature, the courts can and should make incremental changes to the common law to bring legal rules into step with a changing society.
The law should also change in step with technology.
You can forward the link to others (thus distributing the images)
This seems like a problematic definition. From the little I understand, linking to something is not considered to be an assertion nor proof of control. And it shouldn’t be.
There is a link from slaw to the Guardian, currently. Supposing they were hacked and some child porn was put on the server. It is clear that Slaw did not intend to link to this porn, and yet by the dissent’s argument you have control [subject to various defenses that you would have to prove]
A link to a file on a remote server does not guarantee the content of that file. It seems wrong to consider this to be “control”, then.
I agree that control probably is the correct approach to possession. But this is not control.
The point in Morelli was to justify a search warrant, not to convict because of the presence of the link. The presence of a couple of links to notorious child porn sites certainly justifies a search, in my opinion. The majority was probably put off by the ‘character analysis’ offered in support of the warrant, such as “the typical porn user does X or Y”. Again, not the kind of evidence that would support a conviction but not irrelevant to support a search.
(I was less impressed by the evidence that Mr Morelli had a video camera – or web cam – pointing at his kids’ play area. If every parent who did a video of his or her kid playing could by that fact alone be made the target of a search warrant, it would be a sad and sick day…)
What about cloud computing, where ALL the data is out on the web? Do the people who use cloud computing services not ‘control’ their data? Surely they do, for the purpose of liability for its use, though they may be able to demonstrate illicit control by others. There are other risks of the cloud too, and increasing literature on it, but when it works as it is supposed to, which is most of the time – enough to create a valid legal presumption, in my view – then the client of the cloud service has control in law of the data. I would hope the majority’s exceedingly narrow reading of ‘possession’ in Morelli would not make that harder to demonstrate.
(There is a whole other discussion to have – not in this thread – about ‘control’ substituting for ‘possession’ to support negotiability, say for electronic chattel paper. I’ll save that for another day.)