The case deals with Internet defamation and how to determine where to sue for it. As with traditional defamation, a party alleging Internet defamation must demonstrate they suffered damages in Ontario and also that they have a significant connection to Ontario. Where Internet defamation differs from traditional defamation is that the alleged victim must prove the statements in question targeted Ontario.

In Black v Breedan, Black brought an action for libel against directors, advisers and a vice-president of Hollinger International for statements posted on the Hollinger website. Black argued his reputation was damaged in Ontario as a result of these defamatory statements that had been reproduced in a number of prominent Canadian newspapers, such as the Globe and Mail and the National Post.

…

Black v Breedan is noteworthy because of the online aspect of the alleged defamation. Because anything posted on the Internet can be seen anywhere in the world, it has led to “libel tourism” – where someone who thinks they have been defamed will try to sue in whatever jurisdiction they might be most successful in, and get the highest damage award.

Black v Breedan tells us that – at least in Ontario – libel tourists are not welcome.

The case is interesting to me because it’s one of the first looking at the reformulated real and substantial connection test in Van Breda v. Village Resorts Limited for libel cases over the Internet.

The motion judge found most of the Muscutt factors favoured Black. On appeal, the Defendants submitted that the judge erred in looking at the connection of Black to Ontario, instead of the connections of the claim to the province.

The alternative positions of the two parties are best set out in the following paragraphs:

[35]     The defendants submit that treating the lex loci delicti as the place in which allegedly defamatory statements were accessed is inappropriate in the context of Internet libel. An approach that looks to where the statements were accessed, they argue, is contrary to the principles of order and fairness, leads to libel tourism and the prospect of unlimited liability and has a chilling effect on freedom of speech.

[36]     The defendants advocate a different approach to a claim for libel originating on the Internet. They suggest that the focus of the analysis of where the tort of Internet libel is committed should be on whether the defendant targeted the statements to the forum rather than where they were downloaded and read.

The Ontario Court of Appeal upheld the presumption of a real and substantial connection under Rule 17.02(g), even though the Van Breda test was not applied, and held that the Defendants did target their statements to Ontario based on press release contact info for local media. Consequently, there was a real and substantial connection between both Black and the Defendants, even if they were in a different jurisdiction.

In assessing fairness, the court noted that even though there might be difficulties with enforcement of a judgment in the U.S., a favourable ruling would have some value in vindication for Black. But the court also tied this fairness element to the libel tourism issue raised by Canton,

[86]     I agree with the motion judge that it is not appropriate to label it forum shopping or libel tourism if the party has a real and substantial connection with the forum: see Amchem Products Inc. v. British Columbia (Workers’ Compensation Board), 1993 CanLII 124 (S.C.C.), [1993] 1 S.C.R. 897, at p. 920. Further, even if the judgment is not enforceable in the United States, it is enforceable in Ontario, and there is also value in the vindication of a defamation judgment regardless of the ability to collect damages.

Although Ontario courts have resisted libel tourism in the past, Black v. Breedan also reaffirms the proposition that where a case meets the Van Breda factors this is not in fact a case of forum shopping.

First, robots follow programs that cannot predict all real-life possibilities. Robots lack that uniquely human ability of discretion. The best a machine can do to emulate discretion is to generate a random number. A grenade-launching machine exercising discretion would be like you loading one round in a revolver, spinning the cylinder, and pulling the trigger. Yes, it is called the Russian roulette. Especially, if you point the gun at your own head or at an “intruder.”

Second, a robot is not accountable. It doesn’t care if you appeal and have its decision overturned. If the reviewing body sends the case to a human for reconsideration why use the machine in the first place? And sometimes, the case will be moot, especially if the robot’s decision involved using live fire.

Law assumes human actors. Our entire legal system and tradition is based on this premise. Law doesn’t micromanage because it routinely delegates to human discretion. Sometimes it doesn’t strike the right balance—as with the law of street protest in Canada, but I’ll go for unsophisticated humans in uniforms over armed robots any day. Human discretion rests on a thick layer of experience, learning, feelings, values, and responsibility. If the state is to make decisions affecting our fundamental rights and freedoms, only its human agents should have this power. No robocops, please.

Pulat Yunusov

(Post sponsored by AdviceScene)

BC Heritage Law is doing just that.

Regardless of format, ebooks have some compelling advantages over traditional printed books. First, ebooks can last infinitely. With printed books, it is entirely conceivable that a rare, out-of-print edition will simply disappear because its physical form is weak and vulnerable to wear and destruction. Ebooks are easy to back up. The cost of making each additional copy is practically zero. Ebooks after all are computer files like Word documents or JPEG images. That’s why ebooks are also enormously portable. A thousand-volume paper-based library is to a thousand ebooks as an elephant is to a pet lizard. The publishing costs are also much lower for new books because authors create them in an electronic form, and there is no need to typeset them or to buy thousands of pounds of paper to print them. There is also no need for expensive brick-and-mortar stores with a large sales staff. Ebooks are sold or given away for free online. This is especially handy if a single corporation dominates your country’s printed book market. In fact, anyone can publish an ebook online potentially reaching millions at a relatively miniscule cost. Finally, think of all the trees ebooks save.

But there are serious problems with ebooks, mostly when they come in closed, proprietary formats. A closed format means that its owner (e.g. a book distributor like Amazon) controls what you can do with the book. The proprietary format owner can hide the details of how the format works making it more difficult to build alternative ebook readers. For example, opening Word documents with non-Microsoft software is not as perfect as opening them with Microsoft Word. But most text editors are equally good at manipulating plain text or HTML files, which are open formats. The ebook format owner can enforce its control with the law (e.g. patents) or technology (e.g. encryption). In some jurisdictions, it is also unlawful to circumvent encryption of proprietary-format media. Amazon protects many of the books it sells with such technology also known as Digital Rights Management (DRM).

Because many ebooks have closed formats, publishers appear to license books to readers rather than sell them. It’s easier to control use of a licensed electronic product than of printed, physical books. We can’t easily share proprietary-format, protected ebooks. You can’t just email an ebook you bought from Amazon to your friend. Amazon locks each protected book to the Kindle of the person who bought it. Your friend can’t read your ebook on his or her Kindle. It’s also harder to overcome regional restrictions. Before, if a publisher sold a book only in the US, you could still bring it to Canada. Now, publishers can make it harder through DRM. Publishers can also use DRM to control libraries or to exclude them from certain books completely assuming some books are available only in electronic format. You can’t easily photocopy a page from an ebook if it’s in a closed format. Of course, if it uses an open format and it’s not DRM-protected, you can copy any text from the book anywhere and any number of times taking full advantage of its electronic nature. In some cases, if the book is in a proprietary format, the publisher or distributor can even delete your book remotely. The closed format and the need to protect digital content also strips most buyers of their anonymity. You cannot buy a book online anonymously. Usually, the book distributor has a record of every book you purchase. This could chill freedom of thought in a future where all ebooks are in a closed format because people would hesitate to buy books seen as dangerous to their reputation.

Finally, closed formats live only as long as their corporate owners. As I was enjoying The Black Swan on my Kindle last night, I wondered what would happen to my copy if Amazon were to go under. The reading device would eventually break down, and its battery would stop functioning even sooner. I would still be able to read the book with Kindle software on my Mac, but if Amazon disappeared, its software would eventually stop working on future computers. At the end, I would be left with a useless file that no one can read.  It’s not a huge loss for a $10 book, but what if I invested $10,000 in proprietary-format ebooks? What if some books are available only electronically and only through a single distributor in the future? Is it so far-fetched? Or is it far-fetched that a large bookseller could vanish one day? With closed, proprietary ebook formats, we could end up with a single point of failure in not so distant future endangering our investment in books and our literary heritage.

Pulat Yunusov

(Post sponsored by AdviceScene)

Yesterday, the Ontario Divisional Court released its decision in Warman v. Fournier et al, 2010 ONSC 2126 (Div. Ct.) rev’g (2009), 309 D.L.R. (4th) 227, 76 C.P.C. (6th) 155 (Ont. S.C.J.) (“Warman”). At issue was whether the disclosure provisions of the Rules of Civil Procedure, R.R.O. 1990, Reg. 194 (the “Rules”) automatically entitle plaintiffs in internet defamation cases to obtain the identifying information of anonymous posters from websites and ISPs, or whether courts must balance the interests of plaintiffs with the freedom of expression and privacy interests of anonymous posters. The decision is now the leading authority in Ontario for the proposition that the objectives of the disclosure obligations under the Rules must be balanced with the right of freedom of expression in internet defamation cases. This article discusses the background, holding, and implications of Warman.

1. Background

The Respondent commenced an action against the Appellants, the operators of an internet message board, and eight anonymous message board participants with respect to a series of allegedly defamatory postings. After commencing the action, the Respondent brought a motion for an order compelling the Appellants to comply with Rule 76.03 of the Rules which required the Appellants to file an affidavit of documents that disclosed the email and internet protocol (“IP”) addresses of the anonymous posters in order to allow the Respondent to identify the posters and serve them with the statement of claim.

The motions judge rejected the Appellants’ submission that the Respondent was required to establish a prima facie case of defamation before disclosure could be ordered. Instead, Justice Kershman concluded that Rule 76.03 of the Rules required the Appellants to disclose all documents in their power or control and that such disclosure should be automatic upon the issuance of a statement of claim because the information was relevant and not protected by privilege.

This decision stood in stark contrast with earlier cases that offered some protection to the privacy interests of internet users by requiring plaintiffs to demonstrate a bona fide or prima facie case of defamation before ordering disclosure (see: previous posting). The motions judge distinguished these cases on the basis that the Respondent was seeking to compel the Appellants to follow the Rules as required by named parties to the action, whereas the other cases involved discretionary orders for the production of documents from third parties.

2. Holding on Appeal

The Divisional Court unanimously allowed the appeal and remitted the matter to a different motions judge for re-consideration, recognizing that the anonymous posters’ right of freedom of expression under the Charter should have been taken into account in considering the Respondent’s request for disclosure under the Rules. Moreover, the Court noted that the posters’ express decisions to remain anonymous gave them a reasonable expectation of privacy that weighed in their favour.

In rejecting the notion that disclosure should be automatic, the Court also expressed concern for the ease by which a plaintiff could abuse the Rules by filing claims in a spurious manner simply to identify an anonymous poster:

If disclosure were automatic, a plaintiff with no legitimate claim could misuse the Rules of Civil Procedure by commencing an unmeritorious action for the sole purpose of revealing the identity of anonymous internet commentators, with a view to stifling such commentators and deterring others from speaking out on controversial issues. For this reason, the commencement of a defamation claim does not trump freedom of expression or the right to privacy.

[Warman, at para. 33]

After surveying previous decisions, Justice Wilton-Siegel set out four considerations, aimed at preventing abuse of the Rules and respecting the privacy of internet users, that should have been considered by the motions judge in deciding whether to order disclosure under the Rules: 

• whether the unknown alleged wrongdoer could have a reasonable expectation of anonymity in the particular circumstances; 
• whether the Respondent has established a prima facie case against the unknown alleged wrongdoer and is acting in good faith; 
• whether the Respondent has taken reasonable steps to identify the anonymous party and has been unable to do so; and 
• whether the public interests favouring disclosure outweigh the legitimate interests of freedom of expression and right to privacy of the persons sought to be identified if the disclosure is ordered.

[Warman, at para. 34]

In concluding that plaintiffs should be required to meet a prima facie standard rather than a lower bona fide standard, the Court emphasized the importance of protecting freedom of expression and noted that there was no concern that the higher standard would deprive applicants of a remedy:

In para. 34 of BMG [2005 FCA 193], the Federal Court of Appeal expressed the concern that, in that case, imposition of a prima faciecase standard would effectively strip an applicant of a remedy because the plaintiff could not know the actual case it wished to assert against the defendants until it knew not only their identities but also the nature of their involvement in the [internet] file-sharing activities. Because the present proceeding is a defamation action, that concern does not arise. Unlike BMG, the respondent knows the details of precisely what was done by each of the unknown alleged wrongdoers. 

In addition, because this proceeding engages a freedom of expression interest, as well as a privacy interest, a more robust standard is required to address the chilling effect on freedom of expression that will result from disclosure. It is also consistent with the recent pronouncements of the Supreme Court that establish the relative weight that must be accorded the interest in freedom of expression. In the circumstances of a website promoting political discussion, the possibility of a defence of fair comment reinforces the need to establish the element of defamation on a prima facie basis in order to have due consideration to the interest in freedom of expression. On the other hand, there is no compelling public interest in allowing someone to libel and destroy the reputation of another, while hiding behind a cloak of anonymity. The requirement to demonstrate a prima facie case of defamation furthers the objective of establishing an appropriate balance between the public interest in favour of disclosure and legitimate interests of privacy and freedom of expression.

[Warman, at paras. 41 - 42]

3. Implications

Warman represents an important recognition that while internet users’ anonymity ought not to be protected absolutely, the mere commencement of a defamation action should not give rise to an automatic entitlement to information identifying a previously anonymous poster without a consideration of the interests of privacy and freedom of expression.

Nevertheless, there is still uncertainty with respect to the degree of protection that courts will afford to anonymous posters in the future. Under Canadian law, plaintiffs have two ways to seek disclosure in internet defamation cases. Apart from identifying anonymous defendants by seeking pre-action discovery or production of relevant information under procedural rules, as occurred in Warman, plaintiffs may also bring independent actions for disclosure of the identity of anonymous defendants by way of an equitable bill of discovery known as a “Norwich order”. Norwich orders were introduced in the decision of the House of Lords in Norwich Pharmacal Co. v. Customs and Excise Commissioners, [1974] A.C. 133 (H.L.) in which it was held that where a third party becomes involved in the tortious acts of others, that third party has a duty to disclose the identity of the tortfeasor so that the plaintiff may pursue its remedies. The Norwich factors were recently confirmed by the Ontario Court of Appeal in GEA Group AG v. Flex-N-Gate Corporation, 2009 ONCA 619 and applied in the internet defamation context by the Ontario Superior Court of Justice in York University v. Bell Canada Enterprises (2009), 311 D.L.R. (4th) 755 (Ont. S.C.J.) (“York University”): 

• whether the applicant has provided evidence sufficient to raise a valid, bona fide or reasonable claim; 
• whether the applicant has established a relationship with the third-party from whom the information is sought, such that it establishes that the third party is involved in the acts; 
• whether the third party is the only practicable source of the information; 
• whether the third party can be indemnified for costs to which it may be exposed because of the disclosure; and 
• whether the interests of justice favour obtaining the disclosure. 

[York University, at para. 13]

Although the second and fourth Norwich factors were not relevant in Warman because they apply only to third party respondents rather than co-defendants [see Warman, at para. 39], some of the other Norwich factors are similar to the considerations set out in Warman that are now applicable to the question of whether a court should order disclosure under the Rules. However, an important difference remains. While the approach under Warman requires plaintiffs to demonstrate a prima facie case of defamation, Norwich jurisprudence has required plaintiffs to meet the lower bona fide standard. For example, even though the plaintiff in York University managed to establish a prima facie case of defamation, the court did not require the plaintiff to demonstrate more than a bona fide case. Although Warman provides compelling reasons to prefer the higher prima facie standard where the plaintiff seeks disclosure through a Norwich order, it remains open for courts to require plaintiffs to meet the lower standard instead.

Originally posted on Defamation Law Blog

Cloud computing means keeping and processing your data online. For example, in Gmail, you read and write email in your browser’s window, but Google’s servers take care of storing, sending and receiving messages for you. Google Docs lets you do the same thing but with word processing. Ufile.ca handles your tax returns. Amazon S3 gives you unlimited file storage in Amazon data centres. All social media sites like Facebook, Twitter, LinkedIn, Youtube, Flickr, etc. are also examples of cloud computing. Whenever you delegate data storage and processing to a third party that grants you online access, you do cloud computing. “Cloud” means that the specific physical server on which the provider keeps and processes your data is obscure to you. All you care about is the Internet address of the provider and your own access credentials. Into the “cloud” goes some input, and out of the “cloud” comes some output. That’s how it works.

Benefits of cloud computing are enormous. I can think of ten: 1) you can access your data anywhere with an Internet connection; 2) you don’t have to troubleshoot or upgrade any software other than the access application, which is usually your browser; 3) instead of paying large sums for desktop software and its upgrades, you get a free or low-subscription-fee cloud service; 4) you subcontract data storage to professionals; 5) the cloud can give you a regular, frequent, and professional backup solution; 6) cloud services can come with search and data crunching capabilities that are unparalleled simply because of the massive cloud computing infrastructure; 7) cloud backup services can automatically keep previous versions of your data in a way that is unmatched again because of inadequacy of your home or office infrastructure; 8) the cloud can protect your data from undesired jurisdictions or it can keep the data in specific jurisdictions; 9) the cloud makes it easy to share any part of your data with chosen parties and to control their access; 10) the cloud lets you tap into social networks of billions of people.

But some have legitimate concerns with the cloud. And lawyers are among those voices as members of the legal profession have unique responsibilities and duties. There are two main attributes of cloud computing that cause people to worry. First, you appear to lose control over your data’s physical location. And second, you expose your data to the Internet apparently swarming with hackers (“cracker” may be a better word), spies, thieves, and viruses. All alleged issues of privacy, security, and reliability stem from these two things. Often, critics assume that keeping data and applications on home or office computers is a safe alternative. This assumption is probably the biggest fallacy in the cloud computing debate. Let’s review some solutions to issues associated with cloud computing.

A big concern is security. Both passwords to access the data in the cloud and the data itself can be vulnerable. There are three challenges here.

1) Hackers can intercept passwords when your browser sends them to your cloud provider. SOLUTION: Choose only providers that encrypt transmitted passwords.

2) Hackers can steal passwords from providers’ password databases. (That’s much harder than intercepting passwords but it almost happened even to Google. Still, assume that it’s extremely rare with reputed providers.) SOLUTION: Encrypt all data at your end before sending to provider. Store encryption keys in a safe place. Stolen passwords will grant crooks access only to an indecipherable heap of data.

3) Hackers can steal your data from the cloud or intercept it in transit. SOLUTION: See solution 2.

Strong encryption makes you impervious to hackers. Choose providers that automatically encrypt your submitted passwords and make it easy to encrypt your mission-critical data. The only weak link in this chain is the secret key (a special long password) used to encrypt your critical data before it’s sent to the cloud. But it’s much easier to safeguard one secret key under your own control than millions of bytes of constantly changing data. With some popular cloud providers, it’s not obvious how to encrypt your data on their servers. Take Gmail, for example. You can have it automatically encrypt both passwords and data in transit, but your email on its servers is not encrypted. In any case, remember that all email travels through the Internet in the clear unless you encrypt it before sending, whether you use Gmail or any other email provider. Still, there is a solution. Gmail lets you use your own client software such as Outlook or Eudora. Choose software that can encrypt email before sending it through Gmail. The standard email encryption solution is PGP. There are still two issues with this: first, email headers (date, from, to, etc.) will not be encrypted; second, most people will not know how to decrypt your emails.

But generally, encryption makes the idea that the cloud is not secure enough a fallacy. The only alternative to the cloud is your home or office computer. If Google data centres designed by the best security minds in the world, protected by professional guards, equipped with air conditioning and fire suppression systems, loaded with security software that is developed and maintained by top computer programmers, are not secure enough, then your office is definitely not secure enough, and you probably shouldn’t handle any sensitive data at all. Yes, Google has had a security breach once or twice, and the fact that the data is with Google in the first place may attract hackers, but if your data is sensitive, by definition there will be malicious parties interested in acquiring it. Where is it going to be safer: on your computer or in a Google data centre? Even if you encrypt all of your data in the office or at home, it’s still vulnerable to theft, fire, flood, or hardware failure. You didn’t go to law school to know the complex science of data protection. This job is best delegated to professionals, especially given the low cost of cloud services.

Strong encryption also ensures data privacy. Your data is potentially exposed to the cloud provider, intermediaries, and governments. To the best of my knowledge, no one can break the strongest encryption available on the market. There is a reason why the US considers encryption software an armament and regulates its export. Even if a cloud provider stores your data in an undesired jurisdiction that can infringe on your privacy rights, your privacy is safe as long as your data is encrypted. Besides, with some providers you can shop jurisdictions where your data ends up. For example, Amazon S3 allows you to choose among the US, EU, and Singapore.

There are only two real problems with cloud computing that I can see: provider longevity and data compatibility. First, the provider can go out of business and interrupt important service or destroy your data. Also, a government can expropriate your data (without affecting your privacy if you encrypted the data). The solution would be to keep critical data with two independent providers in separate jurisdictions or to have a copy of the data at your own location. Second, the provider can keep your data in a proprietary format making it difficult for you to migrate it to another provider. For example, I can’t think of a way to export all my Facebook information to Linkedin or all my tweets to Identi.ca. But you wouldn’t have the Facebook data without Facebook in the first place, and its the Facebook community that makes the data valuable. But in the future, this issue may become much more acute, so choose a provider that offers an open data format, when possible. For example, Gmail makes it very easy to keep a copy of all email in your Outlook using the IMAP or POP protocol.

In summary: encrypt, encrypt, encrypt. With encryption comes power and freedom. You don’t care if encrypted data is stolen or expropriated. And the number one rule of encryption is don’t share your private key with anyone, including the cloud provider. Encrypt before sending. Choose only providers that encrypt transmitted passwords automatically. If you need to encrypt email, choose an email client with encryption and teach recipients to use decryption. For ultimate flexibility, look for providers that offer a choice of jurisdictions. And remember: if your encrypted data is not safe with the likes of Amazon or Google, it’s not safe anywhere—especially on your vanilla office computer box.

Pulat Yunusov

(Post sponsored by AdviceScene)