The accused, Matthew David Spencer, was charged with possession and distribution of child pornography as a result of a police investigation using Limewire, an anonymous peer-to-peer file sharing software.
Upon discovering an IP address which appeared to be the source of child pornography, the police officer assigned to the file sent a request to internet service provider, Shaw Communications, requesting the identity of the subscriber in question. Shaw complied with the request, and provided information which led the police to Mr. Spencer, who was subsequently convicted of child pornography offences.
Mr. Spencer challenged the manner in which his identity was ascertained, arguing that it constituted an unreasonable search within the meaning of Section 8 of the Charter. The reasonable expectation of privacy in internet subscriber data created the need for specific judicial authorization, Spencer argued, and a mere request by a police officer does not establish “lawful authority” to obtain subscriber data.
The Supreme Court agreed with the defence argument that there is a reasonable expectation of privacy in subscriber data, noting that “it is important to look beyond the ‘mundane’ subscriber information such as name and address, and “the potential of that information to reveal intimate details of the lifestyle and personal choices of the individual must also be considered.”
Therefore, although mere name and address information is not normally the kind of information which attracts a reasonable expectation of privacy, the ability to determine a particular subscriber’s browsing history is enough to establish an expectation of privacy in the internet age. The Supreme Court explained this distinction as follows:
“The subject matter of the search was not simply a name and address of someone in a contractual relationship with Shaw. Rather, it was the identity of an Internet subscriber which corresponded to particular Internet usage.”
The Court therefore found that the police request for Spencer’s subscriber information “had no lawful authority … to compel compliance with that request.” Shaw’s Privacy Policy, meanwhile, stipulated that subscriber information would not be disclosed unless “required by law.” Mr. Spencer therefore had a reasonable expectation of privacy which was violated by the warrantless request by police. The Spencer decision therefore serves as a clear warning that police should cease and desist from the gratuitous use of warrantless requests to obtain private internet subscriber data.
Despite the finding of a Section 8 breach in this case, however, the Supreme Court found that the evidence against Mr. Spencer should not be excluded. In arriving at this conclusion, the Court noted that the police officers in question were acting in good faith, and that the crimes being investigated were very serious in nature, thus engaging society’s interest in adjudication on the merits.
Decided by the Supreme Court of Canada on June 13, 2014.
Click here for the full text of the decision.