Electronic Communications and Reasonable Expectation of Privacy
Private communications producing a record not “records”
Two recent decisions from the Ontario Superior Court of Justice have been required to consider whether communications sent as Facebook messages constituted “records” within the meaning of section 278.92 of the Criminal Code. The Criminal Code has for some years contained a statutory scheme which requires an accused to bring an application in order to obtain third party records relating to a complainant in a sexual assault prosecution. Those provisions did not apply to records which were already in the hands of the accused, however, and did not deal with the ultimate admissibility of such records at trial. In December of 2019, the provisions were amended so that they now do apply to records already in the hands of the accused. In addition, section 278.92 was added to the Code, requiring an accused to bring an application to the trial judge before being allowed to use the records in any way at trial. The result of these changes is that, when that new provision applies, an accused is effectively required to disclose a part of the defense strategy, and cannot impeach a complainant’s testimony through the use of evidence they had not expected. (This change in the law was a response to the acquittal in the high profile R v Ghomeshi case, where exactly that had happened.)
The first recent case where that issue arose was R v WM. The accused was charged with several offences, including sexual assault with a weapon, sexual assault causing bodily harm, and assault causing bodily harm that occurred on March 25, 2017 between the accused Mr. M and the complainant Ms. M-A. The accused had a number of Facebook messages which the complainant had sent to him during the relevant time period which he wished to use at trial. The complainant had deleted the messages, and so neither she nor the Crown had copies of them. The accused preferred not to bring a section 278.92 application if he was not required to, since doing so would disclose those messages to the Crown, and so he brought a motion for directions as to whether the section applied or not. That question turned on whether the Facebook messages were “records” within the meaning of the section, and that issue in turn depended on whether the complainant had a reasonable expectation of privacy over the content of the messages.
The trial judge concluded that the complainant did not have a reasonable expectation of privacy, and therefore that the accused was not required to bring a section 278.92 application in order to use the Facebook messages.
The Superior Court judge noted a number of things about “reasonable expectation of privacy” in this context. It is not the same issue as in the section 8 of the Charter concerning unreasonable search and seizure, because the issue is not the state obtaining information, but a private citizen using information he already had to defend himself against criminal charges. Further, the judge noted that there was a temporal aspect to the question of reasonable expectation of privacy. A “record” is defined as anything that contained information over which the complainant has a reasonable expectation of privacy, not which they at some point in the past had a reasonable expectation of privacy. Equally, though, that the accused was already in possession of the messages was not determinative in extinguishing the complainant’s expectation of privacy over their content, because privacy is not an all or nothing concept.
The judge considered several cases, including the Supreme Court decisions in R v Reeves and R v Jarvis. The Court also referred to R v Mills, where the Supreme Court held that the accused did not have a reasonable expectation of privacy over sexually explicit Facebook messages he thought he was sending to a 14 year old girl. The judge notes that the Court in Mills held that “on the normative standard of privacy described by this court, adults cannot reasonably expect privacy online with children they do not know. That the communication occurs online does not add a layer of privacy, but rather a layer of unpredictability” (para 36). It might have been worth noting as well that three of the seven judges in Mills also held the view that “an individual cannot reasonably expect their words to be kept private from the person with whom they are communicating” (para 42 of Mills).
The judge relied primarily on four factors to conclude that the complainant did not have, at the relevant time, a reasonable expectation of privacy: the content of the messages, the manner in which they were sent, the nature of the relationship, and the policy implications. Of most interest are the judge’s comments on the second factor, the manner in which the messages were sent:
 In Marakah, the Supreme Court held that the sender of an electronic communication has a reasonable expectation that the police, or the state, will not seize that communication from the recipient. The issue here is not whether the state is entitled to seize Ms. M.-A.’s Facebook messages from W.M. (or W.M.’s electronic communications from Ms. M.-A.). The issue is whether Ms. M.-A. has a reasonable expectation that W.M., as the intended recipient of the messages, will keep them private.
 The fact that W.M. was the intended recipient of Facebook messages is a significant factor in deciding whether Ms. M.-A. can reasonably expect that they will be kept private and will not be used by the intended recipient. To the extent that the messages contain personal information about Ms. M.-A., she chose to share that information with W.M. She also chose to do so in writing, knowing that she was creating an electronic record that W.M. could save and share with others.
 I recognize that this factor imports a risk analysis into the decision of whether Ms. M.-A. has a reasonable expectation of privacy over information she shared with W.M. As the courts have repeatedly said, risk of further dissemination is not determinative. It is nonetheless relevant that Ms. M.-A. chose to give W.M. the information he now wishes to use and she did so in a manner that she knew would create a permanent record that he could save. The kind of risk at issue on the facts of this case is quite different from the risk at issue in Duarte or Marakah, namely that the state might intercept or make a permanent record of the communication.
The same issue about whether an electronic communication was a “record” arose in R v Mai, though in that case relating to messages sent via WhatsApp. The trial judge in Mai equally reached the conclusion that the communications in question were not captured by the statutory scheme, though noting that this would always be determined on a case-by-case basis.
One additional factor which arose in Mai, with regard to some of the WhatsApp communications, was that they were not exclusively between the complainant and the accused. The judge there noted that “the fact that there is a third party privy to this conversation, in real time, significantly diminishes any expectation of privacy that the complainant could have in the conversation” (para 27). In general, the approach taken in Mai was similar to that in WM, and indeed the judge in Mai also commented on the relevance of “risk analysis”, which is to be avoided in the section 8 context:
 This contextual assessment is essential because I believe that a "risk analysis" forms an important part of assessing whether there is a reasonable expectation of privacy in the totality of circumstances. I recognize that the Supreme Court in R. v. Duarte, 1990 CanLII 150 (SCC),  1 SCR 30, emphatically rejected a risk analysis as a legitimate consideration in the context of s.8, noting, among other things, that the risk that the listener will "tattle" on the speaker, is of a different order of magnitude than the risk that the state is listening in and making a permanent recording. While the speaker may contemplate the risk of the former, it cannot reasonably be concluded that he contemplated the risk of the latter. However, outside the s.8 context, that is, where it is not the state that obtained the record, I believe that the risk analysis has an important role to play in assessing whether or not a complainant has a reasonable expectation of privacy in a record…
 More recently, in Jarvis, in the context of interpreting the voyeurism provision in s.162(1) of the Criminal Code, the Supreme Court appears to apply a risk analysis in assessing whether the particular circumstances of a case give rise to a reasonable expectation of privacy. While the majority notes that a risk analysis is not determinative of whether there is a reasonable expectation of privacy in a particular situation (para.68), it appears to be an important consideration…
 I appreciate that the fact that an accused possesses the potential "record" in question is not determinative of the analysis, as s.278.92 is explicitly intended to apply to materials in the possession of the accused. But I believe the fact that a complainant chose to share the information found in the record with the accused is a relevant circumstance. In doing so, the complainant can usually be reasonably expected to contemplate a risk that the accused would seek to use that information to defend himself against a subsequent allegation by the complainant. While the nature of that expectation will depend on the particular circumstances, I believe it does bear on a complainant’s expectation of privacy in the record.