In R. v. Ward,2012 ONCA 660, the Court of Appeal for Ontario has confirmed that that there is no reasonable expectation of privacy in identifying an internet user through his IP address in the course of a child pornography investigation.
In R. v. Ward, an anonymous user posted and exchanged child pornography files in an online forum on a German website, Carookee.com. Access to the carookee.com site required a person to provide an e-mail address, but in this case, the child pornographer used temporary e-mail addresses obtained anonymously.
In July 2006, the owner of the website filed a criminal complaint with the German police. The German authorities, by reference to the IP addresses provided to them by the owner of the website, determined that some of the child pornographic material was being accessed through Canadian ISPs, which was then forwarded to the RCMP, along with copies of the related child pornography. By accessing a public website, the RCMP determined that three of the IP addresses belonged to Bell Sympatico and were connected to the Sudbury area.
The RCMP then sought the name and address of a Bell Sympatico customer’s subscriber information. Bell Sympatico chose to co-operate with the police and provided what turned out to be the accused’s, David Ward’s name and address, which, coupled with other investigative information enabled the police to obtain a search warrant for the Ward’s residence and his computer.
The search of Ward’s home and computer yielded over 30,000 images of child porn, along with about 373 child porn videos. Ward was charged with and convicted on one count of possession of child pornography and one count of accessing child pornography.
At trial, Ward defended the charges exclusively on the basis that the search of his residence and computer violated his rights under s. 8 of the Charter, and that sought exclusion of the evidence under s. 24(2) of the Charter. The trial judge rejected the Charter claim and admitted the evidence: R. v. Ward, 2008 ONCJ 355, 176 C.R.R. (2d) 90. Convictions followed and Ward was sentenced to 11 months’ imprisonment and three years’ probation. He appealed his convictions and sentences, but later abandoned his sentence appeal.
On appeal, Ward argued that he had a reasonable expectation of privacy in his subscriber information held by Bell Sympatico and that his constitutional right to be free from unreasonable search and seizure was violated when Bell Sympatico turned over that information to the police. The gist of the appeal argument was that the police acted unconstitutionally in requesting and obtaining his personal customer information without prior judicial authorization, other lawful authority, prior consent or exigent circumstances.
Doherty J.A. (Winkler C.J.O. and Goudge J.A. concurring) dismissed the appeal and held that Ward had no reasonable expectation of privacy, either contractually or under the Personal Information Protection Electronic Documents Act”, S.C. 2000, c. 5 (“PIPEDA”). Accordingly, there was no breach of the s. 8 Charter right against unreasonable search and seizure. Justice Doherty writes,
 The contractual provisions in this case tend to reinforce my reliance on PIPEDA as indicative of the nature of the appellant’s reasonable expectation of privacy. Like PIPEDA, the contractual terms speak both of Bell Sympatico’s duty to protect the privacy of clients’ information and its willingness to disclose information in relation to investigations involving the alleged criminal misuse of its services. That willingness clearly qualifies any duty of confidentiality assumed by Bell Sympatico. While there is no single provision in the agreement or related documents that spells out Bell Sympatico’s willingness to disclose information to the police as clearly as did the regulation under consideration in Gomboc, the overall thrust of the documentation is to the same effect. In particular, the Accepted Use Policy (“AUP”) makes it clear that uploading or downloading child pornography is a breach of the AUP and that Bell Sympatico would “offer full cooperation with law enforcement agencies in connection with any investigation arising from a breach of this AUP.” That cooperation would, it seems to me, obviously extend to the disclosure of subscriber information which, by the terms of the service agreement, could be disclosed if “[n]ecessary to satisfy any laws, regulations or other governmental request … or as necessary … to protect … others.”
 My review of the terms of the service agreement and related documents reinforces my view that a reasonable and informed person would not expect that society should recognize that the appellant had a reasonable expectation of privacy in respect of the subscriber information held by Bell Sympatico.
 I stress that the conclusion in this case is based on the specific circumstances revealed by this record and is not intended to suggest that disclosure of customer information by an ISP can never infringe the customer’s reasonable expectation of privacy. If, for example, the ISP disclosed more detailed information, or made the disclosure in relation to an investigation of an offence in which the service was not directly implicated, the reasonable expectation of privacy analysis might yield a different result. Similarly, if there was evidence that the police, armed with the subscriber’s name and address, could actually form a detailed picture of the subscriber’s Internet usage, a court might well find that the subscriber had a reasonable expectation of privacy. Those cases will be considered using the totality of the circumstances analysis when and if they arise.
Here’s my takeaway of the decision:
1. Child porn is bad. No argument here.
2. Don’t be a pedophile. Ditto.
3. ISP’s are good corporate citizens. Maybe, but Justice Doherty recognizes the slippery slope argument in respect of the zone of “public privacy” when he states:
 I think that s. 8 encompasses the concept of “public privacy” described above. Surely, if the state could unilaterally, and without restraint, gather information to identify individuals engaged in public activities of interest to the state, individual freedom and with it meaningful participation in the democratic process would be curtailed. It is hardly surprising that constant unchecked state surveillance of those engaged in public activities is a feature of many dystopian novels.
4. PIPEDA and Bell Sympatico’s Terms of Service operate in tandem to carve out an exception for law enforcement requests of customer information without judicial authorization. I remain unconvinced why the RCMP could not have obtained the name of the Bell Sympatico account holder tied to the 3 IP addresses with a search warrant.
Quaere: What would have happened if the search of Ward’s home and computer yielded no corroborating evidence? No harm, no foul?