Mutual Legal Assistance (with strings attached)

Can a Judge impose conditions restricting the ability of a foreign country, receiving evidence pursuant to the Mutual Legal Assistance in Criminal Matters Act (MLACMA), from sharing that evidence with another country as it sees fit? Despite the obvious difficulties which arise from such an Order, Justice Nordheimer did just this in his recent decision in Mutual Legal Assistance in Criminal Matters Act (Re), in which he attempts to strike a balance between Canada’s treaty obligations to assist in the investigation of criminal activity, and the privacy interests of third parties.

The background to this decision involved a request by the Kingdom of the Netherlands for an Order delivering evidence gathered in Toronto to Dutch authorities. A search warrant in Toronto was executed simultaneously with others in Europe as part of multiple investigations by Dutch authorities into very serious criminal offences, including assassinations, violent armed robberies, attempted murder and organized crime.

In the course of their investigation, Dutch authorities seized a large number of encrypted Blackberry devices supplied by a Dutch company named Ennetcom, which specializes in secure network communications and cyber security.  Ennetcom’s Blackberry devices used an encryption technology specifically designed to exchange encrypted email with other similarly encrypted Blackberry devices. Its system also generates anonymous email addresses such that users of the Ennetcom devices could communicate in complete anonymity and elude traditional surveillance.

Dutch authorities also learned that a Blackberry Enterprise server used to run the Ennetcom system was hosted in Toronto by a company called Bitflow Technologies Inc.  They needed to get the encryption keys used by the Ennetcom Blackberry devices to continue their investigation, but could only do so by gaining access to the server in Toronto.

Dutch authorities previously sought and obtained from Justice Nordheimer a search warrant pursuant to section 12 of the MLACMA.  The search yielded a large quantity of data. The Attorney General for Ontario then moved for an Order sending the evidence seized to the Kingdom of the Netherlands.

Counsel to Ennetcom appeared on the motion and, based on evidence of one of Ennetcom’s owners, expressed concern that the data seized contained private information of all of Ennetcom’s 20,000 registered users, as well as private information of third parties with whom Ennetcom’s users had communicated.

This was clearly valuable data for law enforcement. As Justice Nordheimer observed, it is “almost certain, that other investigators will seek to have access to the data in order to further other investigations” which involve the same Ennetcom PGP Blackberry devices both within the Netherlands and from other countries.

Several concerns arose from this fact.

The first was that if all of the data was sent to the Netherlands, a theoretical risk existed that Dutch authorities could “mine” the information for evidence of other criminal activities by other persons unrelated to the current investigations.

In Justice Nordheimer’s view, he has an obligation to protect against such a “fishing expedition” in accordance with the requirements of section 15 of the MLACMA, but could not realistically parse out the relevant data, retaining the irrelevant data in Canada, due to the data’s interrelated nature. Justice Nordheimer also found that it was impractical and inconsistent with the fundamental purpose of the MLACMA to require Dutch authorities to come to Canada to review the data.  After all, as Justice Nordheimer found, the purpose of the MLACMA is to “assist other states in the investigation and detection of crime”.

Nor did Justice Nordheimer consider that it would be appropriate to require Dutch law enforcement pursuing another investigation to bring a separate application in Canada to obtain access to the same data. He held that to impose such a requirement would “promote process over substance” and would in any event require an unnecessary expenditure of time and money to realize the objective of protecting third parties from having their information accessed without proper judicial authorization. In his view, a further authorization by a Court in the Netherlands would suffice.

But Justice Nordheimer viewed the matter differently as it pertained to the second concern of investigators from countries other than the Netherlands seeking to access the data.   Justice Nordheimer held that any country other than the Netherlands would have to follow the same MLACMA procedure and request delivery of the evidence just as the Dutch authorities had in this case. Justice Nordheimer found that “Canada remains the home of this data”, a fact which did not change simply because the Mutual Legal Assistance procedures were used to deliver the data to one requesting country.  Justice Nordheimer held that “Canada has an ongoing obligation to protect the data, and to ensure that it is not accessed without proper procedures being followed”. Only countries with whom Canada has a Mutual Legal Assistance Treaty, “should be able to seek access to the data, and only after having obtained the requisite approvals of the Minister of Justice, and the requisite orders from the appropriate Canadian Court.”

Justice Nordheimer’s decision clearly assumes that the Court in the Netherlands, and law enforcement officials in the receiving country, will respect the conditions imposed. Whether that assumption proves accurate will depend entirely on the degree of comity shown by Courts in the Netherlands, and the adherence of the Dutch authorities to the conditions imposed by a Court in Canada.