Police Drop Charges Filed Against 19-Year-Old Who Downloaded Public Documents From Gov't FOI Portal

from the access-not-specifically-authorized-is-not-'unauthorized-access' dept

Tue, May 8th 2018 11:58am — Tim Cushing

Last month, we covered the incredible case of an unnamed 19-year-old who was facing criminal charges for downloading publicly-available documents from a government Freedom of Information portal. The teen had written a script to fetch all available documents from the Nova Scotia's government FOI site -- a script that did nothing more than increment digits at the end of the URL to find everything that had been uploaded by the government.

The government screwed up. It uploaded documents to the publicly-accessible server that hadn't been redacted yet. It was a very small percentage of the total haul -- 250 of the 7,000 docs obtained -- but the government made a very big deal out of it after discovering they had been accessed.

The government complained to the police and had the downloader hauled in to face unauthorized access charges, claiming he had "exploited a vulnerability" to obtain unredacted files. But no exploit was used. It was the government that left unredacted documents in a publicly-accessible space. Nevertheless, the teen's home was raided, his family accosted, and several electronic devices seized -- including those of family members. The 19-year-old's younger brother was even detained by officers while walking to school.

Government officials claimed the teen "stole" documents, and pushed for criminal charges which could have resulted in a ten-year sentence for downloading documents from a government portal designed to facilitate the downloading of documents.

Fortunately, Nova Scotia law enforcement has decided there's nothing to pursue in this case.

In an email to CBC News, Halifax police Supt. Jim Perrin did not mention what kind of information police were given from the province, but he said it was a "high-profile case that potentially impacted many Nova Scotians."

"As the investigation evolved, we have determined that the 19-year-old who was arrested on April 11 did not have intent to commit a criminal offence by accessing the information," Perrin said in the email.

The "information" the province "handed over" was probably nothing more than the belated recognition that pursuing criminal charges had accomplished nothing more than exposing the government's careless handling of citizens' personal information and its willingness to find a scapegoat to burden with its failure. The government also revealed 11 other IP addresses had accessed the same unredacted documents, which only further solidified the government's complicity in public access to unredacted personal info.

Prosecutors would have struggled to prove intent -- something law enforcement likely recognized shortly after taking up the case. And this would have been a case they couldn't ignore, not with government officials making lots of noise about hacking that never took place and "unauthorized" access that was plainly authorized by their inability or unwillingness to properly secure documents that hadn't been vetted or redacted. It's already suffered a PR black eye. This move to disengage simply reduces the chance of further injury.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: canada, foi, foia, public documents, security

22 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 8 May 2018 @ 11:04am

So when is the kid and his family receiving a hefty monetary compensation for all the trauma? I'll bet that with luck it will be in the lines "better later than never" a few decades in the future. With luck.
[ link to this | view in thread ]
justok (profile), 8 May 2018 @ 12:31pm

Re:
He can get a large double double.
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 12:48pm

Re:
Yeah, saying there's "nothing to pursue" here is absolutely wrong and the family should not let the cops just walk away.
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 1:21pm

Re:
It's Canada. Their compensation is a half-hearted "Sorry."
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 1:33pm

Well Actually...
Prosecutors would have struggled to prove intent -- something law enforcement likely recognized shortly after taking up the case.

It's a dumb law but they could have prosecuted the kid under the "Unauthorized Use of a Computer" law. It is a broad law that makes everyone who isn't Amish guilty. It still exists though and the charges were dropped more as a public backpedaling than of a legal issue.

http://laws-lois.justice.gc.ca/eng/acts/C-46/section-342.1.html
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 1:54pm

out_of_the_blue hates downloading
like goldfish in ponds
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 2:11pm

Re: Well Actually...
The very first paragraph says "who, fraudulently and without colour of right". Where's the fraud? Does being a public FOIA document portal not weigh in favor of a "colour of right"? The basis of FOIA-type laws is that the public has a right to government information.
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 3:06pm

Re: Re: Well Actually...
There's a potentially darker side to this story that doesn't often get reported, and which may explain the zeal with which the Halifax Regional Police pursued this case: the second-in-command of the police service that's harassed this kid, Deputy Chief Robin McNeil, is the brother of Premier Stephen McNeil - the elected head of the government in question.
[ link to this | view in thread ]
Flakbait (profile), 8 May 2018 @ 3:32pm

Heard overhead
Paging Ms. Streisand.
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 4:05pm

Re: Re: Well Actually...
Colour of right is a funny thing. It gets to be a matter of opinion instead of objective fact.

Then again I'm just paranoid like that.
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 4:15pm

Re: Re: Re: Well Actually...
When it comes to computers, it means that there was a restriction on the content they accessed, allowing certain people to view it and preventing other people from viewing it, which was then bypassed.

Such a bypass would be something like, entering someone else's username and password to gain their access; or intercepting data being transmitted to an authorized user; or specifically targeting an exploit in the security measure until it is bypassed.

"Accessing a hyperlink that anyone in the world had the ability to access" is not covered by that. There's no restriction. There's no fraud. Anyone in the world with a working web browser could have accessed those files in the exact same manner as they could have accessed the files they were intended to have access to.
[ link to this | view in thread ]
Uriel-238 (profile), 8 May 2018 @ 6:22pm

That's where I am on this.
I want to see the headline, Police offer FOI-downloading 19-year-old a heartfelt apology and a fat check for unnecessarily raiding his house.

Until that happens, this is falls into the category of can't beat the ride.
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 7:01pm

What about the provider?
It is hardly surprising the charges against the teen have been dropped, but what about the other side?

The breach of privacy occurred not when the teen downloaded the information but when the information was made available via the insecure portal, regardless of whether one (or 11) people accessed it.

Will any charges be laid against the contractor or government personnel who exposed information that should have been private or redacted? Will someone lose their job or contract over matter? Will there be any internal disciplinary action? Will the Department head or Minister claim accountability for the breach and resign?

If a significant reason charges were laid in this matter to begin was the undue external influence of the Premier on the Police Chief, does that not also constitute a violation?
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 8:56pm

Re: out_of_the_blue hates downloading
He's really not going to be happy about this, eh?
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 9:06pm

Re: That's where I am on this.
How about "police officers and prosecutor arrested for effecting an unlawful arrest"?
[ link to this | view in thread ]
Anonymous Coward, 8 May 2018 @ 9:07pm

Re: Re: Re: Re: Well Actually...

"Accessing a hyperlink that anyone in the world had the ability to access" is not covered by that.

He was not following a hyperlink. He was fetching a URL directly (still a totally reasonable thing to do).
[ link to this | view in thread ]
Uriel-238 (profile), 8 May 2018 @ 10:02pm

When it comes to the police, I dont trust "arrested"
convicted maybe.

And still there's the matter of a family suffering a raid.
[ link to this | view in thread ]
Anonymous Coward, 9 May 2018 @ 7:39am

Re: When it comes to the police, I dont trust "arrested"
Yeah, even if this were a real computer crime, it hardly needed a "raid". Courts should be pushing back on arrests that use excessive force. At least the cops weren't throwing grenades.
[ link to this | view in thread ]
Anonymous Coward, 9 May 2018 @ 9:47am

Let Dilbert summarize ..
Scott Adams, so timely and so accurate ...

http://dilbert.com/strip/2018-05-09

Narrator: Dogbert The Reporter. Dogbert: How did hackers get access to your customer data?

CEO: I'm told they used something called "our A.P.I." to suck out all the data.

Dogbert: I'll just say you'er stupid. CEO: Why does everyone always say that?
[ link to this | view in thread ]
Anonymous Coward, 9 May 2018 @ 10:09am

Intent is irrelevant. The download was legal. Once the documents are down, they're his.
[ link to this | view in thread ]
That One Guy (profile), 9 May 2018 @ 10:24am

"Feel grateful peon, we've generously stopped tormenting you."
As with many cases like this I suspect that the only apology and 'compensation' handed out is that he and his family won't continue to be run through the wringer.
[ link to this | view in thread ]
Anonymous Coward, 11 May 2018 @ 9:12pm

Accessing information is a crime in the 21st century's brave new world.
[ link to this | view in thread ]