Sunday 24 February 2013

Expect Privacy? Put a Password on It.


This blog, as well as other employment law blogs, heralded the Supreme Court of Canada’s decision in R. v. Cole as a watershed moment for defining an employee’s rights to privacy with employer-provided technology.

However, as our friends at the criminal defence bar are quick to point out, Cole was a criminal case, decided mostly with reference to the Canadian Charter of Rights and Freedoms’ protection of the right to be secure from unreasonable search and seizure.

Last week the Court of Appeal for Ontario released another decision concerning Charter rights, and the right to search technology, R. v. Fearon, 2013 ONCA 106 (CanLII), and again, this employment lawyer cannot help but give it consideration notwithstanding the fact that it is, strictly speaking, a criminal decision.


Cole


As readers of the this blog may recall, the case of R. v. Cole held that employees can reasonably expect some privacy in their employer-provided laptops. Writing for the majority in that case, the Honourable Justice Fish wrote:
The Court left no doubt in R. v. Morelli, 2010 SCC 8 that Canadians may reasonably expect privacy in the information contained on their own personal computers.  In my view, the same applies to information on work computers, at least where personal use is permitted or reasonably expected.
…Computers that are used for personal purposes, regardless of where they are found or to whom they belong, “contain the details of our financial, medical, and personal situations” (Morelli, at para. 105).  This is particularly the case where, as here, the computer is used to browse the Web.  Internet-connected devices “reveal our specific interests, likes, and propensities, recording in the browsing history and cache files the information we seek out and read, watch, or listen to on the Internet”

Fearon


Fast forward to last week’s decision in Fearon. That case concerned an arrested individual’s rights to privacy in information stored on a cell phone. Wrote Justice Armstrong in paragraph 1 of the Court’s reasons for decision, “This court is asked to carve out a cell phone exception to the common law doctrine of search incident to arrest.”

Facts


Kevin Fearon, convicted at trial by the Honourable Justice Diane I. Oleskiw of the Ontario Court of Justice and the appellant to the Court of Appeal, was arrested for robbery while armed with a firearm. Upon his arrest, a police officer conducted a pat down search and located a cell phone on his person. The officer examined the contents of the phone and found photographs of a gun and cash as well as an incriminating text message. The appellant was brought to the police station and placed in an interview room. When the police returned after unintentionally leaving him alone for five hours, he gave a full videotaped confession. Throughout his confession he maintained that the firearm used in the commission of the robbery was an imitation handgun.

At trial, the appellant sought to exclude the evidence that had been obtained from his cell phone upon his arrest. He claimed the search of the cell phone incident to arrest was a breach of his right to be free from unreasonable search and seizure protected by s. 8 of the Charter of Rights and Freedoms.

The trial judge found that there was no breach of s. 8 and admitted the evidence obtained from the cell phone. However, in the event she was wrong in her conclusion on the s. 8 issue, the trial judge turned her mind to the application of s. 24(2). She held that, if there had in fact been a breach of s. 8, to admit the evidence would not bring the administration of justice into disrepute.

Decision


The Court of Appeal, (MacPherson, Armstrong and Watt JJ.A.) unanimously dismissed the appeal.

In further discussing the evidence, Justice Armstrong noted that:
[14] A pat down search of the appellant followed [his arrest]. This resulted in the discovery of the cell phone containing the photographs of a gun and cash as well as the incriminating text message. The text message read: “We did it were the jewlery at nigga burrrrrrrrr”.
[15] In order to access the photographs and the text message in the cell phone, Sergeant Hicks had to operate the keyboard on the phone.  The cell phone was turned “on” and there is no evidence that it was password protected or otherwise “locked” to users other than the appellant.  The photographs and the text message were not in plain view and it was necessary to manipulate the key pad in order to move the phone into its different modes. 

In resolving that the police were within their rights to perform a “cursory” review of the phone’s contents Justice Armstrong held that:
If the cell phone had been password protected or otherwise “locked” to users other than the appellant, it would not have been appropriate to take steps to open the cell phone and examine its contents without first obtaining a search warrant. [Emphasis added.] (Para. 75)

Commentary


It is important to note that at the time the Fearon case was argued the Supreme Court of Canada had not yet released its decision in Cole. The Court of Appeal for Ontario’s decision in Cole, had been released and one might have thought that it would have at least been referenced by the Fearon bench; it was not.

If employment lawyers are going to rely on Cole for the proposition that employees have a certain right to privacy in their employer-provided technology, such as smartphones (a point made by me in Rights to Privacy and Remedies for Breach), then we must also be mindful of cases such as Fearon that appear to put a finer gloss on the position, although without specifically saying so.

From the outside, (I do not profess to be a criminal lawyer,) the decision in Fearon leaves me wanting. The distinction between having a password or not on one’s cellphone does not appear to be a fine enough distinction for me to wrap my head around in defining one’s expectation of privacy; but the case law would appear to support Justice Armstrong’s position. The fact that there was no dissent leads me even more so to the conclusion that this distinction must matter at criminal law.

Takeaways


I suppose the takeaway from the Fearon decision is that in order to employees to fully articulate the position that they had a reasonable expectation of privacy in their employer-provided technology, they will have to further show that the technology was password protected.

Where employees are expected to both secure their information by password and provide that password to the company will prove to be very interesting.

Questions for Discussion


Borrowing from [Osgoode Professor David] Doorey’s Workplace Law Blog, I will end on questions for discussion:

  1. Do readers think it should matter whether the cellphone, or laptop, or whatever, is protected by a password?
  2. What are the implications of being required to provide that password to one’s employer? Does that change the expectation of privacy vis-à-vis the employer?

Comments appreciated below.

--
As always, everyone’s situation is different.  The above is not intended to be legal advice for any particular situation and it is always prudent to seek professional legal advice before taking any decisions on one’s own case.

Sean P. Bawden is an Ottawa, Ontario employment lawyer and wrongful dismissal lawyer practicing with Kelly Santini LLP, and part-time professor at Algonquin College teaching Trial Advocacy for Paralegals.

3 comments:

  1. A strange decision in my opinion... does a house door now need to be locked to prevent the police from entering without a warrant!? Does something not being locked mean that there is an implied invitation for it to be searched!
    I don' t see a difference between arbitrarily searching a cellphone, a car, or a house; in all cases the person and society, in my opinion, have a reasonable expectation of privacy... let a judge decide if there is enough R&PG.

    ReplyDelete
  2. Reading the case the court seemed to equate the phone more with a briefcase than a computer or an unlocked house. It would appear, perhaps even more incredibly, that if the actual phone seized was capable of greater functioning, then the search may have been illegal.

    So I guess there are really two takeaways for would-be criminals: (1) put a password on your phone, and (2) spring for a smartphone.

    Of course, other potential takeaways would be: don't commit armed robbery and don't text your accomplices with photos of you committing the crime.

    ReplyDelete
  3. My first comment is that judges are really innovative in making a decision!

    I think your two questions already give implied answer, which I agree with. if I didn't set a password, that means I have no reasonable expectation of privacy? Many people will get confused and panick. Joy

    ReplyDelete