A Discussion on the Reasonable Expectation of Privacy

when Using Technology in Canadian Educational Settings

(Script)

Allan Carter

http://allancarterdigifolio.blogspot.ca/2014/02/reasonable-expectation-of-privacy-when.html

or

https://plotagon.com/4347

Hello, my name is Joe. This is a discussion on the reasonable expectation of privacy when using school owned technology and personal owned technology used in schools.

Hey there. My name is Will. This discussion was compiled using information from  Lethbridge College v Lethbridge College Faculty Association (2007) and R v McNeice (2013), R v Cole (2012) and Tournier v Ratt (2011).

When it comes to a reasonable expectation of privacy, a personal email account is private communication, so a teacher or student has a reasonable expectation of privacy even if the communication is conducted on school equipment. Under the Criminal Code of Canada, unauthorized interception of emails, excluding certain exceptions, is a criminal offence. If consent is not provided, accessing information from personal email is a violation of privacy rights.

Based on the Criminal Code, this is not an unauthorized interception. If data from personal emails is contained on school equipment then the school does not need consent from the user to look at data on school owned property. It is true that a teacher or student would have a reasonable expectation of privacy in the receipt and transmission of emails from a non-school email account. However, if data from those emails is on a school based computer then the school has some rights to access that computer.

Nevertheless, even if the personal data is on a school-owned computer, the school’s right to search the contents of that computer must be balanced against the user’s expectation of privacy. Additionally, the Criminal Code prohibits the unauthorized interception of private communication.

Good point. However, in regard to the Criminal Code, this is a grey area when the personal information is contained on school-owned equipment. Case law in such a circumstance is limited. It is more likely that a court would find that a school would be violating the Criminal Code if the personal information was on student or teacher owned-technology, but when it comes to school-owned equipment and a search based on probable cause, the law has sided with the schools or other authorities.

But when it comes to personally owned technology, students and teachers have an expectation of privacy at schools. They are protected under section 8 of the Canadian Charter of Rights and Freedoms from unreasonable searches.

Definitely. Yet schools do have some flexibility in conducting searches, and the expectation of privacy is lowered when it is believed a regulation has been violated and evidence can be retrieved through a search.

But schools do want to tread carefully when searching digital devices since it is yet to be determined if schools or school authorities can be held civilly liable for searches that are deemed to be unreasonable and may have resulted in damages or suffering.

Getting back to email...the definition of personal information in the Alberta Freedom of Information and Privacy Act would include email. The function of general storage of personal information by a school cannot then be used for the purpose of discipline.

Email is not specifically included under the definition of personal information in this Act. And even if email was personal information, a school is permitted to collect the information in the general operation of the school. Investigating misconduct and suspicious activity is a reasonable and legitimate use of this information by the school.

Yet in the use of search and surveillance, a school must determine if it is reasonable to conduct the search. The school authorities must determine if there are alternative and less intrusive methods to gather the information. And is the search carried out in a reasonable manner?

If a school conducts a search that is based in “probable cause” then it is reasonable. Additionally, in the age of digital communication it is likely that the less intrusive method of investigating suspicious activity would be through email communication than face to face confrontations.  

But gathering and acquiring information from personal emails can be deemed as unreasonable and a violation of privacy, especially when the school can simply gather the names of people with whom the user communicated through email and then conduct interviews with those people.

But the most effective way to gather the information could be through the communication that occurred through email. If the school has suspicions of inappropriate or illegal behaviour, it is more effective and less intrusive to search the emails than to contact everyone with whom the user has communicated through email.

Yet, even in a case where a school can argue they had probable cause to do a search or complete surveillance, if the intrusion on privacy is conducted unreasonably, then the results of the search and surveillance may legally be deemed inadmissible.  

Yes. That is true. But if the school is dealing with computer-owned technology and there is probable cause, it can be legally argued that the school is within its rights to search the data and the evidence would be admissible in court.

But what about in the situation where a school has already disciplined a student or teacher for inappropriate activity?  It is unreasonable for them to conduct further searches to acquire additional information.

But it is not unreasonable. As previously mentioned, a school has the right to search for probable cause. It is not a random search. This is acceptable in drug testing and if a school has disciplined a teacher or student, it is reasonable for them to search further to confirm their suspicions.

But what about deleted data? The use of recovery techniques to access deleted data, even on school owned computer equipment, is intrusive and breaches the computer user’s expectation of privacy.

But if a student or teacher deletes data it is analogous to someone throwing evidence in the trash. Once the material is abandoned, the expectation of privacy disappears.

The problem, however, with your analogy is that it involves physical evidence and in the case of digital data, if a user deletes the data it is more accurate to view it as not throwing away data, but attempting to destroy it.

But the data is not completely destroyed if authorities can retrieve it through recovery techniques.

True, but the act of deleting data from a computer is more accurately viewed as a deliberate step toward preventing others from accessing it. Sure, some people using special software and acquired knowledge can retrieve the files, but the majority of everyday users cannot. Therefore, the expectation of privacy still holds.

But if the data on school owned technology is not deleted and the school authority discovers data that is criminal in nature, they have the right and the obligation to hand that data over to the police.

They certainly have an obligation to inform the police, but in handing over the device that contains that data, the police still should obtain a warrant to search the device. It can be argued that reasonable expectation of privacy is still in effect.

But the technology is the school’s and the school authorities have voluntarily handed it over to the police. So if a student or teacher has agreed, through school policy, to not use school owned technology for personal use - or they are aware and agree to strict conditions on what personal data can be stored on school owned technology - then they have no reasonable expectation of privacy. Thus, based on probable cause, both the school authorities and the police can search the device.

It is true that reasonable expectation of privacy is diminished on school owned technology, particularly when we compare it to personal owned technology. However, because school authorities can search the device on probable cause grounds, does not allow the police to perform warrantless searches of personal information - even on school owned technology. And regardless of what is stated in school policy on acceptable use of technology, each situation has to be examined separately to determine the degree of reasonable expectation of privacy, or what is called the “totality of the circumstances” test.

But let’s say we accept there is justification for a reasonable expectation of privacy...if the school hands over the school owned technology to the police and gives consent that the technology can be searched, then a warrantless search does not violate the user’s privacy, since a third party, in this case the school, has given consent and has waived the user’s privacy interest.

This argument may be legally acceptable in the United States, but in Canada this argument has been rejected on the basis that a third party cannot validly consent to a search or waive a constitutional protection on behalf of someone else.

Yet in some situations, intrusion of even a diminished reasonable expectation of privacy is acceptable under a reasonable law. A court can accept evidence from a warrantless search if the reasonable expectation of privacy was diminished and if the data would have been discovered if a search warrant had been issued.

Nevertheless, when people use digital devices they can potentially store data that  can be considered “the biographical core of personal information” which is protected under the Privacy Charter.

Yet it is also important to note that school authorities are within their right to search school-owned technology when fulfilling their administrative responsibilities - despite the fact such technology may contain personal information.

You will get no argument from me that schools must fulfill their duties and responsibilities in protecting privacy while maintaining a stable and safe network. However, schools have to be cautious that they do not violate privacy rights in the argument of protecting network security through invasive searches and surveillance.

But we know that security and safety on computer networks and the Internet are major concerns. In fact, the Canadian House Government Bill C-30 would have taken new measures to protect children from Internet predators.

But that bill was a prime example of how authorities can use the idea of security and safety to enact a bill that many have dubbed the online surveillance bill, and it has been described as online spying by the government. An article in the Register describes how it was first called the Lawful Access Act and would force Internet Service Providers to monitor users and hand over their details to the police without a warrant. In fact, Bill 12 still remains before the Canadian Parliament, and this bill allows Internet Service Providers to provide user information with the police in a voluntary basis.

The last part of our discussion makes reference to some information from definetheline.ca - Boundaries of School Responsibility.

Departments of Education, districts and school should always make sure they have a proactive and preventative approach to fostering digital citizenship among students and teachers.

There are many ways that schools can do this. Awareness and knowledge of privacy rights and responsibilities when using technology can go a long way to avoid violations and breaches.

First of all, schools should have clear guidelines and policies for the acceptable use of school-owned technology. These guidelines and policies should be effectively communicated to all users of technology in the school.

Additionally, schools who have implemented bring your own devices (BYOD), or plan to implement BYOD, should ensure they have considered all the implications with this approach to technology use and have consulted other schools or districts that have already implemented a similar program. For example, the Alberta government provides an online guide that explores some of the decision making and strategic planning for a BYOD program.

Secondly, as part of promoting students to become better informed digital citizens, teachers should receive supportive and updated professional development on issues concerning technology and privacy. They should gain knowledge and methods on how to engage and educate their students on these issues. And this education should start early, not just on the older grades.

And finally, students should be encouraged to get involved, creating their own awareness campaigns, presentations, discussions and debates on issues of privacy. Sites like Media Smarts and the Office of the Privacy Commissioner of Canada provide great resources for both education and awareness in school communities. And the site News4Youth allows students from across Canada to discuss current events, such as Canada’s recently scrapped Bill C-30

We hope you enjoyed our discussion on the reasonable expectation of privacy when using school-owned or personal technology in educational settings.

References

Alberta Government (2012). Bring Your Own Device: A Guide for Schools. Retrieved from Alberta Education website: https://education.alberta.ca/media/6749210/byod%20guide%20revised%202012-09-05.pdf

Floyd, T. (2013). Bill C-30 killed by Conservatives but Internet privacy may still be at risk. Retrieved from Yahoo! News Canada website: http://ca.news.yahoo.com/blogs/right-click/bill-c-30-killed-conservatives-internet-privacy-may-214554367.html

Lethbridge College v. Lethbridge College Faculty Association (2007). Retrieved from the Canadian Legal Information Institute website: http://www.canlii.org/en/ab/abgaa/doc/2007/2007canlii81118/2007canlii81118.html?searchUrlHash=AAAAAQASTGV0aGJyaWRnZSBjb2xsZWdlAAAAAAE

Media Smarts (2013).Young Canadians in a Wired World, Phase III: Online Privacy, Online Publicity. Retrieved from Media Smarts website: http://mediasmarts.ca/ycww/online-privacy-online-publicity

Neagu, S (2012). Boundaries of School Responsibility. Retrieved from Define the Line website: http://definetheline.ca/dtl/boundaries-of-school-responsibility/

News4Youth (2011). Retrieved from: http://www.news4youth.com/issue/what-in-the-world

Office of the Privacy Commissioner of Canada (2013). Youth Privacy. Retrieved from: http://www.priv.gc.ca/youth-jeunes/index_e.asp

R. v. Cole, Ontario Court of Justice (2008). Retrieved from the Canadian Legal Information Institute website: http://www.canlii.org/en/on/oncj/doc/2008/2008oncj278/2008oncj278.html?searchUrlHash=AAAAAQAPUi4gdi4gY29sZSAyMDA4AAAAAAE

R. v. McNeice, Court of Appeal for British Columbia (2013). Retrieved from the Canadian Legal Information Institute website: http://www.canlii.org/en/bc/bcca/doc/2013/2013bcca98/2013bcca98.html?searchUrlHash=AAAAAQANUi4gdi4gTWNOZWljZQAAAAAB

Thomson, I. (2012). Canadian revolt over draconian internet privacy bill. Retrieved from the Register website: http://www.theregister.co.uk/2012/02/16/canadian_internet_privacy/

Tournier v. Ratt, The Court of Appeal for Saskatchewan (2011). Retrieved from the Canadian Legal Information Institute website: http://www.canlii.org/en/sk/skca/doc/2011/2011skca103/2011skca103.html?searchUrlHash=AAAAAQAPdG91cm5pZXIgdiByYXR0AAAAAAE