County of Brant integrity commissioner, MElinda Munro

Citation: Bartscher v. Cardy, 2018 ONMIC 28 Date: March 15, 2018

Complaint 1002-17: Bartscher v. Cardy

Notice: Municipal Integrity Commissioners provide investigation reports to their respective municipal council and, in most cases, make recommendations for imposition of penalty or other remedial action to the municipal Council. Therefore, reference should be made to the minutes of each particular municipal council to obtain information about the particular council's consideration of each report. When possible, a link to the relevant municipal council minutes is provided.

Please find below the link to the corresponding council decision. http://brant.siretechnologies.com/sirepub/mtgviewer.aspx?meetid=1865&doctype=MINUTES

Complaint 3

Request for Recusal 4

Standard and Burden of Proof 4

Evidence. 5

Establishing the Times on the Facebook Posts. 7

Technical Evidence. 7

The Physical Evidence. 8

The Hypothetical Evidence. 14

Summary of Technical Evidence. 17

Behavioural Evidence. 17

Behaviour of the Alleged Hacker 17

Behaviour of Councillor Cardy. 19

The Law of Spoliation.. 24

Conclusions as to the Facts. 25

Application of the Code of Conduct to the Facts. 25

Are Posts to Social Media Covered by the Code of Conduct 27

Are the Words “Fucking Raghead” a Violation of the Code?. 28

Did Councillor Cardy Violate Section 21.1 of the Code by Destroying Evidence?. 29

Recommendations. 30

On September 5, 2017, Jeff Bartscher, of Paris, Ontario, filed a complaint with the Integrity Commissioner against Councillor Don Cardy alleging that Councillor Cardy had violated sections 5.13(e), 19.4, 19.6(a) and 19.6(b) of the County of Brant Code of Conduct [the “Code”] by posting a racial slur on his on his Facebook account, specifically Mr. Bartscher complained that:

On August 29, 2017 Councillor Cardy, in response to a video he disagreed with on Facebook, used the term “Fucking Raghead” to describe someone from the middle east.

Councillor Cardy then claimed his Facebook account was hacked, and that someone else wrote the message.

Unfortunately, Councillor Cardy has a history of similar social media posts, which to me, makes his “hacking” excuse unbelievable.

The complete complaint is attached as Appendix A to this report.

As per the requirements of section 24.5 of the Code I reviewed the complaint, determined that it met the formal requirements to be accepted as a complaint to be investigated and delivered it to Councillor Cardy.

On September 12, 2017, the complaint was received by Councillor Cardy by Canada Post and signed for. Councillor Cardy swore an affidavit on September 25 in response to the complaint. Councillor Cardy’s affidavit in response is attached as Appendix B to this report.

After reviewing the complaint and the affidavit in response, I determined that there was insufficient information based on the complaint and affidavit to determine the facts clearly enough to make a recommendation and commenced my investigation through additional information requests and interviews of witnesses. I received a reply from Mr. Bartscher in response to Councillor Cardy’s affidavit, I requested additional information from Councillor Cardy in writing, and I interviewed Jeff Bartscher, Russ Bishop, Kari Raymer Bishop, Michael Hobin and Don Cardy.

By letter of December 12, 2017, I provided Councillor Cardy and his lawyer all of the evidence I had reviewed in the case to that point.

Request for Recusal

Council is aware that in January, Councillor Cardy requested that Council have me recused as Integrity Commissioner on this investigation due to an apprehension of bias. He provided Council with a lengthy submission to which I replied. Council sought legal advice and decided to take no action. As a result, I have remained as the Integrity Commissioner for the investigation and am providing this report to you as required under the Code and the Municipal Act, 2001.

Standard and Burden of Proof

The standard of proof for professional discipline cases and Code of Conduct complaints in Ontario is that of the ‘balance of probabilities’. This means that proof must be examined to determine whether it is “more likely than not that an alleged event occurred.”¹

The burden of proof refers to the responsibility of a party to prove on a balance of probabilities that an event occurred. Typically, the burden of proof is carried by the person alleging wrongdoing, in this case the Complainant who must establish a prima facie case that the events occurred as described in the complaint. Once the prima facie case is established the burden is shifted to the other party to disprove the allegations on a balance of probabilities. The burden of proof may also shift between parties in a situation in which one party is in possession of most or all of the evidence that can prove that an alleged event occurred.

In this complaint, Mr. Bartscher has alleged based on publicly available Facebook posts that Councillor Cardy made comments that he believes violate the Code. Based on that information, a reasonable person would conclude that Councillor Cardy was the author of the comments. The existence of the Facebook posts meets the first requirement that Mr. Bartscher establish a prima facie case that Councillor Cardy actually made the posts on a balance of probabilities. Councillor Cardy for his part has alleged his Facebook account and / or his computer were hacked. Councillor Cardy, as the party with exclusive access to both the Facebook account and the computer on which the posts are alleged to have been made, is the sole party in a position to prove whether or not there was a hack. Therefore, Councillor Cardy has the burden to establish on a balance of probabilities that his Facebook account was hacked and the comments posted there were posted by someone other than him. If Councillor Cardy can present sufficient evidence to establish that a hack took place on a balance of probabilities, Mr. Bartscher would be obliged to present contradicting evidence otherwise, Councillor Cardy will have discharged the burden of proof.

This legal issue is of critical importance in this case as will be seen as I set out the evidence presented by Mr. Bartscher and Councillor Cardy. Councillor Cardy has mistakenly taken the position throughout this investigation that Mr. Bartscher and I must prove that Councillor Cardy was not hacked. But this is not correct in law. Councillor Cardy as the party in possession of the evidence and the party alleging events that cannot be proved except by access to that evidence must prove that his Facebook account was hacked, and that the hacker posted comments to that account.

Evidence

There is no dispute that at 11:31 pm on August 29, 2017 the words “Fucking Raghead” were posted to the Facebook account belonging to Councillor Cardy. A screenshot of the posting was attached as Exhibit A, page 1 of 3 to Mr. Bartscher’s affidavit and is included in Appendix A at pages 26-28.

Mr. Bartscher alleges that Councillor Cardy is not telling the truth when he says that he was hacked because in November 2016, a post with similar language was also made on Councillor Cardy’s Facebook page.

Councillor Cardy, in his affidavit of September 25, 2017 stated:

Mr. Bartscher cites comments that appeared on my Facebook page on August 29, 2017. I did not create the Facebook posts attributed to me that Mr. Bartscher has noted in Exhibit A of the Complaint.
I believe that the offending Facebook posts were created late in the evening of Tuesday August 29, 2017, by someone, likely a hacker while I was asleep. I am not sure when my account was hacked, but the post was created by an unidentified person or hacker. I have no information with respect to the origin of this post, how it occurred or who caused the offending messages to be posted to my Facebook account.
I first learned of the offending Facebook messages in the morning of August 30, 2017. Upon learning of the offending messages, I immediately wrote on Facebook that the offending messages of August 29, 2017, were not from me but from some identified [sic] person and that my Facebook account was hacked. I also posted that I had been in contact with Facebook about security issues.
Similarly, with respect to the Facebook post of November 9, 2016, referenced in page 1 of 4 in Exhibit C of the Complaint, I deny that I created that post. I believe that post was the work of an unidentified hacker.

After the original comments were posted on August 29, there were several posts in response posted by members of the community as well as by a person purporting to be Councillor Cardy between August 29 and August 31. Copies of these screenshots were provided to me by Mr. Bartscher and by Mr. Russ Bishop, a resident of Brant County, who was one of the participants in the Facebook discussion on August 30. Copies of the screenshots provided by Mr. Bishop are attached as Appendix C to this report.

The screenshots appear repetitive, but they are all necessary to establish the timeline of when posts were made. In order to make the contents more readable, I have attached a typed version of the posts and threads at Appendix D at page 50. The times shown in this typed version were established by comparing the times of the screenshots to the time stamps created by Facebook. This process is explained below. The process of establishing the times of the various posts was put to Councillor Cardy during his interview and it is not disputed. As will be noted below, Councillor Cardy destroyed his Facebook account and therefore the posts related to this investigation, very early in this investigation. If I had been permitted to have access to that account it would have been very easy to prove the timeline of the posts as it would be possible to ‘hover’ a mouse over the posts and determine exactly when they were posted.

Establishing the Times on the Facebook Posts

Facebook creates time stamps on every post made. During the first hour from the time a post is made, Facebook will display the time in minutes relative to the time that a person is looking at the page. After the first hour until the end of the first 24 hours, Facebook displays the time in hours relative to the time of the person looking at the page. After the first 24 hours, Facebook displays the text “1d” to identify a post as made on the previous day. After 48 hours, the actual time and date of the post are shown. The table below illustrates this effect.

Time Post Made

Time Person A Looks at the Post

Time Person A sees on the Post

January 1, 2018 10:00 am

January 1, 2018, 10:30 am

30 minutes

January 1, 2018, 8:30 pm

10 hours

January 1, 2018, 8:45 pm

10 hours

January 2, 2018, 9:00 am

23 hours

January 2, 2018, 11:00 am

1 d

March 30, 2018, 9:00 am

January 1, 2018, 10:00

Technical Evidence

Because the allegations and response relate to an alleged hack of a Facebook account, the quality of the technical evidence is critical to establishing the facts. Unfortunately, the technical evidence in this matter is of very low quality where it exists at all. As a result, a great deal of time and some expense has been spent trying to establish whether or how such a hack may have happened, rather than examining physical evidence which would have been more conclusive in determining what actually did happen. The destruction of evidence is a very serious matter and will be discussed later in this report, suffice to say for this portion of the report, it has been very difficult to establish exactly what happened.

The Physical Evidence

On August 29, 2017 at 11: 31 pm, the comments “Fucking Raghead” appeared on Councillor Cardy’s Facebook page. I interviewed Mr. Jeff Bartscher, Mr. Russ Bishop and Ms. Kari Raymer Bishop in relation to this complaint. All three stated that they were made aware of the presence of the comments because they were Facebook friends of Councillor Cardy and saw the comments appear in their ‘newsfeeds’.

As set out in the typed version of the Facebook posts and thread at Appendix D, on August 30 at approximately 10:30 am, Mieke Schroeder responded to the original post. Throughout the morning and early afternoon of August 31, Ms. Schroeder and someone posting as Councillor Cardy exchanged comments. That exchange ended at approximately 12:39 pm on August 30.

Councillor Cardy says that he was at the Brantford Air Show most of the day on August 30 and therefore unable to post on Facebook. However, he has admitted through a letter from his lawyer on October 25, 2017 and during his interview with me, that he would sometimes post to Facebook from his Samsung Galaxy S7 Smartphone. We can see in Appendix F, a screenshot of the device authentication history of Councillor Cardy’s Facebook account, that a Samsung Galaxy S7 smartphone was active on his Facebook account in September 2017. Councillor Cardy argues that the posts on August 30 are unreasonably long for someone to post from a smartphone. There were two posts from Don Cardy’s Facebook account during the day on August 30. They are each less than 200 words or 800 characters (which includes punctuation and spaces). They are not long or complex posts.

Later that day, at approximately 9:30 pm on August 30, Mr. Russ Bishop joined the conversation. In his evidence to me, Mr. Bishop stated that he did so because he was concerned about the content of the posts and that Councillor Cardy was a member of his church. Someone posting as Councillor Cardy exchanged comments with Mr. Bishop until approximately 12:31 am on August 31.

Councillor Cardy says that he was at home and not using his computer in the evening of August 30 and could not have made these posts.

On August 31, at approximately 1:25 pm, Councillor Cardy posted on his Facebook page as follows:

To my FB friends at approx. 11 pm on Tuesday night of this week I was in a private conversation with a person I did not know in the Middle East. After our brief conversation I went to bed. Today I check my FB account to find a chain of messages that were not from me and my account had been hacked. Since seeing this I have made inquiries to FB who have told me to re set my account and they would monitor.

I assure you and those who know me that I am not the creator of the comments. It is not of my nature to make comments of this kind. I have just learned that nothing is safe and secure.

Councillor Cardy cannot produce correspondence with Facebook or screenshots of the actions he took with respect to his Facebook account on August 31.

Over the next hour after that post there were a number of replies to Councillor Cardy some of which challenged his assertion of having been hacked, including from Mr. Bartscher and Ms. Bishop. At least one poster suggested that Councillor Cardy have a full virus scan on his computer.

As noted above, Councillor Cardy received the within complaint on September 12, 2017 after which point he retained legal counsel.

I examined Councillor Cardy under oath on February 22, 2018. Councillor Cardy testified that between August 31 and September 12, 2017 he did not take his computer to a technician to have the hack confirmed nor did he take any action taken to cleanse his computer of the source of the hacking.

After September 12, Councillor Cardy contacted Michael Hobin, an employee of the County of Brant to help him with his computer. Mr. Hobin wrote an email to Councillor Cardy’s legal counsel, Mr. Deutschmann, a copy of which is attached as Appendix E to this report at page 55.

Mr. Hobin wrote that he believed that Councillor Cardy’s computer had been compromised over several months. He found “remote control software” and explained a method by which it is possible that the software had been installed on Councillor Cardy’s computer. He also explained how “remote control software” could have been used to compromise Councillor Cardy’s Facebook account. Mr. Hobin did not provide any screenshots or other physical evidence showing the presence of the “remote control software” or any evidence of specific activity which had been engaged in using that software.

I interviewed Mr. Hobin on December 8, 2017. I asked Mr. Hobin whether or not he had examined the Facebook account and the posts in question and he told me that his sole interest was in ensuring that no County data had been breached as a result of the presence of the “remote control software”. I specifically asked if he had reviewed the Facebook posts and he said he had not. I asked Mr. Hobin whether he could say that the “remote control software” was responsible for the posts to Facebook. He specifically said that based on what he saw there is no way to say that the software installed had anything to do with the Facebook comments.

I asked Mr. Hobin how the “remote control software” would work. He told me that this kind of software would be installed on a computer and a person at a remote location could operate the computer as if they were the owner including accessing data, websites, bank accounts and social media. In the third paragraph of his email, Mr. Hobin stated that this would happen after hours. When I asked Mr. Hobin to clarify, he said that the kind of software on Councillor Cardy’s computer would have been very easy to detect during ordinary usage hours because it would be opening and closing windows and competing for use of the keyboard and mouse. Someone sitting in front of this computer would have seen this software at work in plain sight. This is important because most of the disputed posts to Councillor Cardy’s Facebook account happened between 9 am and midnight on August 30. Any person using that computer during those times would have seen the alleged hacker at work.

Mr. Hobin further stated in his email to Mr. Deutschmann that there was one Facebook authentication detected from a device that did not belong to Mr. Cardy. In a written request for follow up information, I asked Mr. Hobin how he knew that the device that was authenticated did not belong to Mr. Cardy. The question and answer are set out below:

In Michael Hobin’s review, he indicated that there was a single Facebook authentication from a device that did not belong to Councillor Cardy. Please provide the date and time of that authentication and any other information to confirm the ownership of the device in question.

I believe the questionable access was on Tuesday September 12 in the evening from Orillia. Councillor Cardy indicated that he had not been there, and all the logs of access were deleted prior to that entry. Councillor Cardy indicated he changed the password at that time.

I asked Mr. Hobin if this was evidence that the “remote control software” had accessed Facebook. He confirmed that it was not. If the “remote control software” had been used to hack the Facebook page it would show up in the device authentication history as Councillor Cardy’s own computer. This is important because the device authentication and the “remote control software” are unrelated to each other. The issue of device authentication does not support that the “remote control software” was used to hack the computer and vice versa. Mr. Hobin’s evidence here is suggesting two separate and unrelated types of hacking. Further, as will be discussed below, the geo-location of device authentication on Facebook is of limited value in establishing a hack on its own.

Mr. Hobin told me in his interview that he had seen screenshots of the “remote control software” login and some screenshots of “auto logins” to Facebook and a bank. He did not keep copies of these screenshots. Given the significance and seriousness of the alleged hack and the Code of Conduct complaint, I find it very surprising that Mr. Hobin would not keep records of his forensic analysis if it had uncovered anything that conclusively supported Councillor Cardy’s claim that his Facebook account was hacked. I requested that Councillor Cardy produce copies of these documents and he produced a single page which appears to be a screenshot of the Facebook device authentication history from September 18^th. When Councillor Cardy’s lawyer produced it, he advised me that “Councillor Cardy and myself have no idea how to interpret that information.”² That screenshot is attached as Appendix F (page 56) to this report and will be discussed in detail later in this report. I believe that this is the device authentication which Mr. Hobin was referring to in his email and his evidence above. Councillor Cardy testified that there were other screenshots, but his printer jammed up and he couldn’t print them before he had to go to a meeting. I asked him whether the screenshots had been saved on his computer and he said he didn’t know.

I wrote to Councillor Cardy’s lawyer in October and requested that he produce all evidence that they had of the presence of a hacker on the computer and information about any experts that had looked at the computer to determine whether there was a hacker. Councillor Cardy’s lawyer wrote back as follows:

Mr. Cardy did not seek the assistance of any other technical support provider. He has not received the assistance of any other technical support provider. Mr. Cardy received the assistance of Mr. Hobin only and no other technical support.

When I questioned Councillor Cardy on February 22, he advised, contrary to the assertion above, that two other computer technicians had looked at his computer after September 12; IBC Computers and Mr. Andy Bell. I contacted IBC Computers by phone and email and requested that they speak to me in relation to this complaint. They have not responded to my requests. I have not issued a Summons to IBC Computers as it is Councillor Cardy’s responsibility to produce evidence which supports his claim. Councillor Cardy advised that IBC recommended that he ask Mr. Andy Bell, an independent computer business owner to help him. Mr. Bell is a friend of Councillor Cardy. I spoke to Mr. Bell on February 26, 2018. Mr. Bell confirmed that there was some kind of “remote control software” on the computer and said he believed it may have been from China. He provided a number of different speculations about what may have happened from whether it was Teamviewer (a brand of remote control software), a social engineering attack or a script. He was not able to provide any certainty as to what actually happened and like Mr. Hobin, did not have any records of a forensic examination of the computer showing the steps he took and what he saw that he interpreted as evidence of a hacker actually posting the comments to Facebook. Mr. Bell did confirm that if “remote control software” had been used to perpetrate the hack, a person using the computer at the same time would have seen the software in action unless there was a special ‘script’ written to hide it.

Between September 12 and October 2, 2017, Councillor Cardy deleted his Facebook account and destroyed his computer. In his interview with me, Councillor Cardy stated that after September 12, his computer began to behave strangely and became unusable. When Michael Hobin examined the computer on September 18 it was still usable, and he told me that nothing he had done to the computer that day should have caused the computer to become unusable. Nevertheless, Councillor Cardy believed his computer had become unusable and on or before September 25, prior to swearing his affidavit in response to this complaint, he asked Mr. Bell to remove his personal and business information from the computer and then asked Mr. Bell to physically destroy the hard drive. Mr. Bell, in his conversation with me, confirmed that it was Councillor Cardy who asked that the hard drive be destroyed. Mr. Bell explained that he had used special software to remove the business information from the computer before he destroyed it which means it was still capable of being accessed and analyzed as of that date.

In a letter to Councillor Cardy’s lawyer of October 4, 2017, I wrote to inquire about the steps Councillor Cardy took with respect to his Facebook account after he detected the alleged hack. Councillor Cardy’s lawyer wrote as follows: “ Mr. Cardy followed the steps provided on the Facebook website to deactivate his information on Facebook. The step by step process is provided on the settings screen within Facebook”. At first blush, this suggests that Councillor Cardy deactivated his account immediately. However, based on the evidence of Michael Hobin and the Screenshot at Appendix F, it appears that the Facebook account was active as of at least September 18, 2017.

Councillor Cardy wrote an email to me dated October 2, 2017 in which he described his shock at the number of hacks on Facebook. “So much so that I have removed myself altogether from it.”

As a consequence, as of September 25, 2017, when Mr. Cardy first formally responded to me as Integrity Commissioner, in relation to this complaint, all physical evidence, namely the computer and its contents, which might have established with clarity whether or not hack had occurred, had been permanently destroyed. In the same time frame and before October 2, 2017, Councillor Cardy destroyed his Facebook account. Together the result of these two actions is that after the complaint had been served but before any investigation could commence, Councillor Cardy destroyed all evidence that could be used to establish the facts in this complaint.

The above actions by Councillor Cardy are sufficient to find against him in this complaint as he rendered himself unable to discharge the burden of proving on a balance of probabilities that there was a hack to his computer which caused offending posts to be made to his Facebook account. However, as Integrity Commissioner, I believed it was necessary to investigate the various hacking methods which Councillor Cardy had speculated about to determine whether they could assist in supporting his claim to have been hacked. To that end, I retained Mr. Doug Sartori of Parallel 42 Systems Inc.

The Hypothetical Evidence

Mr. Sartori has worked in information technology for 17 years and is a certified expert in application development, database administration and business intelligence. He has worked in network security and built and deployed intrusion-detection applications. He has also provided ‘penetration testing’ to companies including “white-hat hacking”.

I asked Mr. Sartori whether “remote control software” could be used to perpetrate the kind of hack alleged by Councillor Cardy. He agreed that it could but it would be an unlikely method of doing so due to the ease of this type of hack being detected.

Q: In your experience is the use of Remote Control Software on its own a common way breach social media security? Please explain.

A: I would not say so for off-the-shelf remote control software, mainly because it would be resistant to automation and thus inefficient. Custom software for accessing social media accounts on an exploited system would be more likely but then it is getting into the category of more generic malware than remote control software.

As there is no evidence of the type of “remote control software” which was present on Councillor Cardy’s computer due to the failure to keep records of the computer scans and the destruction of the computer it is impossible to follow up on Mr. Sartori’s response to my question as to the possibility of customization of the “remote control software”.

I also asked Mr. Sartori to comment on the screenshot at Appendix D showing the device authentication history of Councillor Cardy’s Facebook account. The device authentication history is one way that Facebook provides security to users. By logging into the settings of a Facebook account, the user can see whether there were devices logged in that did not belong to the user. Appendix F shows two logins from a Windows PC in Brantford and two logins from a Samsung Galaxy S7 phone. One of the phone logins is from Brantford (6 hours prior to the time the screenshot was taken on September 18^th) and one is from East Gwillimbury on September 12^th. Above the login from East Gwilliumbury is a black box containing an IP address.

There are three issues to consider in reading this document. First, does the geo-location of the login from East Gwillumbury prove that Councillor Cardy’s Facebook account had been hacked between September 12 and September 18? Second, does the IP address prove the Councillor Cardy’s Facebook account had been hacked between September 12 and September 18? Third, does this evidence prove that Councillor Cardy’s Facebook account was hacked on August 29 and 30?

Does the geo-location of the login from East Gwillumbury prove that Councillor Cardy’s Facebook account had been hacked between September 12 and September 18? On Facebook’s Help Centre there is an explanation of how to determine login locations. Facebook itself explains the lack of accuracy in IP address and location in its own materials. Attached as Appendix G is a print out of the information at the Facebook Help Center. Facebook advises users that “Often, when signing in through a mobile device, you’re routed through an IP address that doesn’t actually reflect your actual current location.” Facebook provides three explanations for why a user may not identify a location, the first of which is “We have inaccurate information: Sometimes we can only provide an approximate location that may appear inaccurate compared to your actual current location.” Facebook does also indicate that the inaccuracy could also be due to the possibility that someone else has logged into the account. Therefore, the fact that a Samsung Galaxy S7 is showing as logged in in East Gwillumbury does not prove that the account was hacked on September 12, it simply raises this as a possibility and not the first most likely possibility according to Facebook.

Does the IP address prove the Councillor Cardy’s Facebook account had been hacked between September 12 and September 18? Councillor Cardy confirmed that he was using a Samsung Galaxy S7 phone in the relevant time period for this complaint and provided me with the IP address of the phone as 2605:8d80:623:Fdaf:7705:cf40:od3:ca90. It appears that the IP address of the phone and the device using Facebook are different. However, the IP address which appears on the Facebook device authentication history is not necessarily the same IP address for the same device every time that device is logged in. According to Mr. Sartori, IP addresses are assigned to devices dynamically meaning that most phones will not have the same IP address all the time or even for a very long period of time. IP addresses are assigned to internet service providers (ISPs) in blocks and will be assigned to devices when they are needed to connect to the internet. IP addresses are also assigned to devices like Wi-Fi routers and servers. If a smart phone connects to the internet through a Wi-Fi router or a network server, it will have a different IP address in the Facebook device authentication history. Facebook itself notes this in the explanation at Appendix G, when it stated “Often, when signing in through a mobile device, you’re routed through an IP address that doesn’t actually reflect your actual current location.” The IP address used for geo-location may be a router through which the device is being routed and not the device itself.

Therefore, while the different location and IP address on Councillor Cardy’s Facebook device authentication history might possibly be evidence that someone other than he was logged into his account on September 12, without more they are not proof on a balance of probabilities that Councillor Cardy’s Facebook account was systematically breached over a 24-hour period between August 29 and August 31, 2017. Unfortunately, any ability to do a forensic analysis on the computer or the Facebook account is no longer possible due to Councillor Cardy’s decision to destroy both.

Councillor Cardy has provided me with two articles from the internet on the prevalence of Facebook hacking. One is an article from the NY Daily News from October 29, 2011 which says that Facebook hacks occur 600,000 times each day. The other is a blog post from a company called Zerofox which provides internet security. The blog refers to a ‘white paper’ produced by Zerofox called “Hacking a Corporate Social Media Page”. I downloaded the report by Zerofox and reviewed it as part of this investigation. Neither of these two articles is evidence that Councillor Cardy was hacked. However, they are an effort by Councillor Cardy to suggest that Facebook hacking may be sufficiently prevalent to argue, even without physical evidence, that such a hack happened on a balance of probabilities.

Both the NY Daily News article and the Zerofox white paper cite the statistic that Facebook is compromised 600,000 times a day, though neither confirm how many of those compromises result is a series of hacked posts being made over a 24-hour period, as were done in this case. Though the number 600,000 is large, there were, in the fall of 2017, 2.2 billion active Facebook accounts. This attack rate represents only 1 in 5,000 chances of any individual Facebook account being hacked on a particular day. Therefore, this speculation does not meet the standard of a balance of probabilities that Councillor Cardy was hacked. Rather, on its own, it is evidence of how unlikely it was that he was hacked.

Summary of Technical Evidence

As noted at the beginning of this section, there is little to no technical evidence available for forensic examination due to Councillor Cardy’s decision to destroy it. What can be established is as follows:

a) Councillor Cardy’s computer had some unidentified “remote control software” present on it in the fall of 2017. According to the two experts who say they saw this software, someone using this software would have been apparent to anyone using the computer at the same time.

b) Councillor Cardy’s Facebook account posted the words “Fucking Raghead” on August 29at 11:31 pm.

c) A number of posts are made to Councillor Cardy’s Facebook account between August 29 and August 31, many of which were posted by Councillor Cardy’s account during daylight and evening hours.

d) Councillor Cardy was served with this complaint on September 12, 2017.

e) Between September 12 and September 25, 2017, Councillor Cardy physically destroyed his computer and any evidence of the presence of a hacker.

f) Between September 12 and October 2, 2017, Councillor Cardy physically destroyed the Facebook account in question.

g) A Samsung Galaxy 7 phone, the same type of phone used by Councillor Cardy, accessed Councillor Cardy’s Facebook account between September 12 and September 18 but it is not possible to determine whether that phone belonged to Councillor Cardy or someone else.

h) Based on information provided by Councillor Cardy, there is only a 1 in 5,000 chance that any individual Facebook account will be hacked on any particular day.

Behavioural Evidence

Given the paucity of physical and digital evidence in this case, I am left to consider the behavioural evidence to see if it can be established on a balance of probabilities that the posts to the Facebook account were made by a hacker or by Councillor Cardy. Most of the evidence produced by Councillor Cardy is related to his behaviour and I was asked to accept based on his behaviour that he would not or could not have made these posts.

Behaviour of the Alleged Hacker

The behaviour of the alleged hacker and the nature of the alleged hack may provide some insight into what actually happened.

Councillor Cardy alleges that the Facebook post of November 2016 (Appendix A, page 30) and all of the Facebook posts of August 29 and 30 referred to in this complaint were the result of being hacked. However, he cannot point to any hacking behaviour between November 2016 and August 2017. He stated in his interview with me that he did not know that the post of November 2016 had been made until this complaint was made in September 2017. It seems unusual that a hacker who was determined to interfere with Councillor Cardy’s Facebook account would post something in 2016 and then stand dormant for almost a year. However, it is possible that there were other hacked posts of which Councillor Cardy was unaware.

The alleged hacker then posted the comments which are complained of at on August 29 at 11:31 pm. After Mieke Schroeder commented on August 30 between 10:31 and 11:31 am, the alleged hacker posted several times throughout the day and into the night. As noted in the Technical Evidence section of this report, had the hacker done this using the “remote control software” it would have been obvious to anyone sitting at the computer. Councillor Cardy says that he was not at his computer that day, but at the Brantford Air Show. I have no reason to doubt that, but the alleged hacker, working from a remote site would not have any reason to believe that Councillor Cardy’s business computer was unattended during the day on a weekday. Perpetrating a hack in this way is very risky.

The alleged hacker then continued to post until the late evening on August 30. These are also hours during which it is reasonable to expect someone to be at work on the computer and also, therefore, a very risky time to perpetrate this attack using “remote control software”.

The hack would also have been apparent to anyone looking at Councillor Cardy’s Facebook account from an alternative source like his smartphone. Perpetrating a Facebook attack repeatedly over several hours further increases the risk of detection.

The alleged hacker posted comments in a style similar to comments that Councillor Cardy admits were made by him on August 31. The alleged hacker at one point apologized to Russ Bishop for offending him (Appendix A, page 28). When I interviewed Mr. Bishop on December 8, 2017, I asked him whether he had considered the possibility that he was corresponding with an imposter during the exchange on August 30. He said that he always believed that the person with whom he was corresponding was Councillor Cardy.

Had the posts to Facebook all been in the middle of the night or the wee hours of the morning, it would be easier to believe that they were the work of a hacker. Posting repeatedly during the day and evening using tools that are easy to detect is either the work of an unsophisticated hacker or a person who wanted to be found out. Since the alleged hacker had to be sufficiently skilled to know how to get Councillor Cardy to unwittingly install the “remote control software”, to use the software once installed, and post in Councillor Cardy’s style, it is unreasonable to assume that they were so sloppy or unskilled as to perpetuate the hack in a way that could be so easily detected.

Behaviour of Councillor Cardy

The hack alleged by Councillor Cardy is a very serious one. According to him an unknown person gained access to his business computer and installed “remote control software” giving them unimpeded access to his business information, his financial information and bank accounts, his personal email and his social media accounts. This unknown person then posted comments to Facebook which paint Councillor Cardy in a very poor light and undermine his reputation as a public official. He also speculates that the same hacker or another one was accessing his Facebook account using other devices.

Councillor Cardy’s response to this alleged hack is therefore somewhat curious.

First, Councillor Cardy did not seem to have a firm grasp of the details of what he knew and when he knew it about the nature of the hack. According to Councillor Cardy’s affidavit, sworn on September 25, 2017 he said:

I first learned about the offending Facebook messages in the morning of August 30, 2017. Upon learning about the offending messages I immediately wrote on Facebook that the offending messages of August 29, 2017, were not from me but from some identified [sic] person and that my Facebook account was hacked. I also posted that I had been in contact with Facebook about security issues.

On February 22, 2018, Councillor Cardy’s lawyer confirmed that the date of August 30, 2017 in the affidavit was incorrect and should have been August 31, 2017. Councillor Cardy’s lawyer confirmed on the record that they only became aware that the date in the affidavit was wrong after meeting with me and reviewing the evidence in the case.

In his interview with me, Councillor Cardy also confirmed that he didn’t post his comments to Facebook in the morning but in the afternoon, which is also different from his affidavit. While it is true that sometimes affidavits are incorrect due to inadvertence, Councillor Cardy swore that the contents of the affidavit were true only a few weeks after the alleged hack. Therefore, it appears that he was somewhat indifferent to the date upon which he discovered a very serious hack to his computer and his Facebook account as he did not take the time to ensure that the affidavit he swore was correct at the time.

Second, after Councillor Cardy posted to his Facebook account on August 31 that he believed he had been hacked, in the subsequent exchange between himself and various other people, he lied twice about the nature of the hack. Referring to Appendix C, pages 46 and 47, Councillor Cardy posted the following comments in reply to Kari Raymer Bishop and Jeff Bartscher:

Don Cardy: Sorry you feel this way Kari, but it wasn’t me and my IT department has found it to be from a sight [sic] in Europe. So please be careful what is said.

Don Cardy: My IT guy I just spoke to and he did it remotely. 6 viruses.

In his interview with me on February 22, 2018, Councillor Cardy admitted that these statements were not true.

Q 124: So, you posted that your IT department found it to be from a site in Europe. Is that true?

A: No.

Q 125: So, why did you say it?

A: To put Mrs. Bishop off because we have history.

Q 126: I see. But, that statement’s not correct. You didn’t have a site, an IT department look at it as of August the 31?

A: No.

Mr. Deutschmann: Because as he said, they have history and Ms. Bishop does not care for Mr. Cardy.

Q 128: So, on Page 7, we have the same conversation. And, if we turn to page 8, we see again the same conversation starting sort of two thirds of the way down, “Sorry, Don” by Ms. Bishop. And, we continue to turn the page over, and on page 9, there’s posts by Mr. Bartscher, who is the complainant in this matter, and then another comment that’s, appears to be from Don Cardy that says, “My IT guy, I just spoke to and he did it remotely, six viruses.” Do you remember posting that on August 31?

A: Yes

Q 129: And is that true, that your IT guy told you that something had been done remotely to fix [sic] viruses?

A: I had talked to Andy Bell, who is a computer guy, and he say that they weren’t viruses, they were six …

Mr. Deutschmann: When did you have that conversation with Mr. Bell? Because remember – what’s the date of this entry?

Ms. Munro: The date of that is also August 31.

Mr. Deutschmann: It’s August 31.

Mr. Cardy: No, I didn’t say, talk to Mr. Bell then. No, I, I had put that in there the same way I wanted to, what I had said to Carrie [sic] earlier just to get rid of this thing and make it go away, because I have other things to do besides talk to people about something I didn’t do.

Ms. Munro: All right.

Q 130: So, that statement there, then is not correct? It wasn’t an IT guy who had looked at it on August 31?

A: That’s correct.

Councillor Cardy admits that he lied when he posted that he had details about the hack on August 31 and says that he did so because he wanted Ms. Bishop to ‘go away’ and stop questioning him about it. Given the very serious nature of what he is alleging happened, a reasonable person would have replied that he was in the process of finding out what had happened rather than make two different and untrue statements.

Third, despite the very serious nature of what is alleged to have happened, Councillor Cardy did not take his computer to be examined by an expert until after I delivered this complaint to him on September 12. That is, almost two weeks went by during which the alleged hacker could have continued to have access to his business and personal information, yet he did not see fit to obtain any assistance to deal with the issue. The following is taken from the transcript of my interview with Councillor Cardy on February 22, 2018

Q 148: Between August the 29, or the 31, rather, when you say you found the Facebook posts were there, and September 18^th when Mr. Hobin looked at the computer, did you take it to any other expert for a security review or a scan to help you understand how the hack took place?

A: No.

Q 149: And that includes Mr. Bell and it includes IBC Computers?

A: Yes

Q 150: Did you ask Mr. Hobin or Mr. Bell or IBC Computers to keep any records of the work that they did to illustrate how the hack took place?

A: No.

Had no complaint been filed, it is reasonable to assume that Councillor Cardy may never have taken his computer in to be examined to understand what had happened and how he had been allegedly hacked.

I also asked Councillor Cardy whether he had taken any steps to find out whether there were other hacked comments on his Facebook account between November 2016 and August 2017.

Q 65: So, after you discovered this alleged hack in August 2017, did you go back through your Facebook conversations to find out if there had been other instances like that?

A: No.

Finally, between September 12, when he was served, and September 25, when he submitted his first response to this complaint, Councillor Cardy permanently destroyed the only physical evidence of the presence of a hack to his computer. At the same time or very shortly afterwards, he destroyed the Facebook account which had been allegedly hacked and which contained the only digital evidence of the presence of a hacker, both acts which rendered it impossible for me, as Integrity Commissioner to find out what had actually happened.

At his interview, Councillor Cardy presented me with two letters from people he described as character witnesses. I reviewed these letters. Neither of these two people commented on the specific details of the Facebook posts or the hack and neither appears to be a technical expert in computer security. They were proffered to me as evidence that Councillor Cardy is not the sort of person who says things like “Fucking raghead” on Facebook. I have no doubt that Councillor Cardy believes himself to be a good person and that he has friends who also support him. However, these letters do not provide me with any evidence that establishes the facts of what happened on August 29 and 30.

Taken together, the actions taken by Councillor Cardy do not demonstrate the behaviour of a person who truly believes that his personal and business information as well as his political reputation are at serious risk of being harmed by a hacker. Rather this is the behaviour of a person who, perhaps in a moment of anger or frustration, posted inappropriate language to Facebook, was unable to defend his actions to members of his community and Facebook friends and so manufactured a ‘hacker’ to try to, in his own words, make it “go away.” If he truly believed that he had been hacked, he would have immediately had his computer examined by experts and provided me with forensic evidence establishing, on a balance of probabilities, at the least, that the Facebook account had been hacked.

The Law of Spoliation

The above analysis is sufficient, in my view, to establish, on a balance of probabilities, that Councillor Cardy, himself, posted the original comment “Fucking Raghead” to his Facebook account, along with all of the other subsequent comments. However, in case there remains any ambiguity, there is also an evidentiary principle in law called ‘spoliation’. Spoliation occurs when “a party has intentionally destroyed evidence relevant to ongoing or contemplated litigation in circumstances where a reasonable inference can be drawn that the evidence was destroyed to affect the litigation.”³ If spoliation is present, then it is appropriate to draw an inference that the evidence that was destroyed was unfavourable to the person who destroyed it. In other words, if the elements of spoliation are present in this case with respect to Councillor Cardy, it is reasonable to infer that the Facebook account and the computer would not have shown evidence that the comments on August 29 and 30 were the work of a hacker. According to Nova Growth Corp. et al. v. Andrzej Roman Kepinski et. al., the elements of spoliation which must be present, on a balance of probabilities, in order to make that inference are:

the missing evidence must be relevant;
the missing evidence must have been destroyed intentionally;
at the time of destruction, litigation must have been ongoing or contemplated; and
it must be reasonable to infer that the evidence was destroyed in order to affect the outcome of the litigation.

In the Nova Growth case, data stored on a computer was highly relevant to the case. The party with possession of the computer saved the data he believed to be relevant and took the computer to a computer company who removed the information on the hard drive and then reformatted it. This resulted in some data being lost. The court examined the facts and found that the parties had done their best to preserve the data and had made everything that they had available to the other side. The judge found that the actions of the parties did not show on a balance of probabilities that there had been an attempt to destroy information relevant to the litigation.

In this matter, I believe that all four elements of spoliation are present.

The Facebook account and Councillor Cardy’s computer are highly relevant, in fact central to the issue of whether there was a hack. They are also the only evidence that could be used to demonstrate whether there was a hack.
The evidence was destroyed intentionally, not accidentally. Councillor Cardy destroyed his Facebook account and he asked that the hard drive on his computer be permanently destroyed. Even if, as he says, the computer was ‘unusable’, that does not make it impossible for a forensic examination to be conducted. However, by the date that Councillor Cardy swore his affidavit in response to this claim, the computer had been physically rendered into a condition that prevented forensic examination.
The destruction of the evidence happened after Councillor Cardy was served with this complaint. According to his own evidence, he did not undertake any expert or forensic examination of the hack until after the complaint began. Councillor Cardy was in the process of retaining or had already retained a lawyer at the time that he took these actions. There is no doubt that his decision was taken with the investigation in mind.
It is reasonable to infer that the evidence was destroyed to affect the outcome of this investigation. If Councillor Cardy truly believed he had been hacked, the evidence of the Facebook account and the computer would have been proffered to support his case. However, contrary to the behaviour of a reasonable person, they were destroyed instead.

Given the above, I believe it is appropriate to make the evidentiary inference that Councillor Cardy destroyed the Facebook account and the computer because they would not support his allegation that he was hacked, and that the hacker had posted the offending comments.

Conclusions as to the Facts

On the basis of the review of the Technical Evidence, limited as it is, and the Behavioural Evidence, I find that Councillor Cardy failed to discharge the burden of proving on a balance of probabilities that he did not post the words “Fucking Raghead” to his Facebook account. Therefore, I conclude that he did, in fact, post the words “Fucking Raghead” to his Facebook account on August 29, 2017.

I also find that Councillor Cardy intentionally destroyed evidence relevant to this complaint.

Application of the Code of Conduct to the Facts

Having found that Councillor Cardy did commit the act complained of in the complaint, I must consider whether it is a violation of the Code of Conduct.

The sections which are relevant and identified in the complaint are set out here:

5.13 Members of Council:

e) Must seek to advance the public interest with honesty, and treat members of the public and staff with dignity, understanding and respect;

19.4 In accordance with the Ontario Human Rights Code, as amended, members shall not discriminate against anyone on the basis of their race, ancestry, place of origin, colour, ethnic origin, citizenship, creed, sex, sexual orientation, age, record of offences, marital status, family status, or disability.

19.6 Without limiting the generality of the foregoing, members shall not:

a) Speak in a manner that is discriminatory to any individual, based on that person’s race, ancestry, place of origin, creed, gender, sexual orientation, age, colour, marital status, or disability.

b) Make indecent, abusive, insulting or inappropriate comments or gestures to or about an individual where such conduct is known or ought reasonably to be known to be offensive to the person(s) to whom they are directed or are about;

It is also important to consider whether the destruction of evidence is also a breach of the Code. The relevant section is set out below (emphasis added):

Section 21: Reprisals and Obstruction

21.1 Members of Council shall respect the integrity of the Code of Conduct, and inquiries and investigations conducted under it and shall co-operate in every way possible in securing compliance with its application and enforcement. Any reprisal or threat of reprisal against a complainant or anyone for providing relevant information to the Integrity Commissioner is therefore prohibited. It is also a violation of the Code of Conduct to obstruct the Integrity Commissioner in applying or furthering the objectives or requirements of this Code or in the carrying out of his or her responsibilities (as, for example, providing inaccurate or misleading information to the Integrity Commissioner, refusing to answer inquiries or by the destruction of (records) documents or the erasing of electronic communications).

In his submission requesting that I be recused of this investigation, Councillor Cardy’s lawyer made a spirited argument that the posting words “Fucking Raghead” to Facebook was not a violation of the Code.

First, Councillor Cardy argues that the Facebook post was not made while he was conducting the ordinary business of the County and that the Code should not apply to non-official duties.

The Code opens with a statement of principles which includes this statement (emphasis added):

A written Code of Conduct helps to ensure that the members of Council, Local Boards and Advisory Committees share a common basis of acceptable conduct. These standards are designed to supplement the legislative parameters within which the members must operate. These standards are intended to enhance the public’s confidence that the County of Brant’s elected and appointed officials operate from a basis of integrity, justice and courtesy.

The Code is a mechanism by which Council has sought to bind its members to behave in a way which promotes public confidence. While it refers to ‘official duties’, it cannot be the case that the Council intended that its members would be free to behave in an outrageous manner outside the Council chambers such as to undermine public confidence in the office. There is limited case law from other Integrity Commissioners to turn to, but the law of employment has long established that ‘off-duty’ conduct can be cause for discipline and dismissal where it is done in such a way as to damage the reputation or work environment of the employer. I submit that this case law is applicable to the current set of facts.

It is well-established that inappropriate Facebook postings can result in discipline or discharge, depending upon the severity of the postings. The nature and frequency of the comments must be carefully considered to determine how insolent, insulting, insubordinate and/or damaging they were to the individual(s) or the company. In some cases, the issue is whether the comments were so damaging or have so poisoned the workplace that it would no longer be possible for the employee to work harmoniously and productively with the other employees or for the company.⁴

I venture to suggest that had an employee of the County of Brant made the comments that Councillor Cardy made, the administration and Council would consider them very serious. It is not reasonable to suggest that a Councillor can post inappropriate language to Facebook due to a very narrow reading of the term ‘official duties’. It can reasonably be suggested that once elected as a public official, all public activities are ‘official duties’ for the purpose of behaving in a manner consistent with the Code.

Are the Words “Fucking Raghead” a Violation of the Code?

Having found that the Code applies to the use of social media, I must consider whether the words in question were themselves a violation of the Code.

Councillor Cardy, in his Facebook post of August 31, attempted to distance himself from the comments, suggesting that he found them distasteful. In his affidavit of September 25, 2017, he several times refers to the comments as ‘offending’.

Certainly, the use of a profanity in public discourse stands on its own as offensive. Coupled with the use of a well know racial slur, no argument can be made that the Facebook post was not offensive.

Councillor Cardy has argued, through his lawyer that if no specific member of the public or staff were targeted and if no specific member of the public or staff was offended then the comments are not a violation of the Code. As the comments were made in a public forum, they can be considered directed to the public in general. That, itself, is sufficient to make them a violation of the Code. However, the Code has several provisions that speak to the general nature of Council behaviour rather than require narrow particularization of the person being addressed. Section 5.13, identified by the Complainant as a section which he believes was violated requires Council members to treat the public with dignity, understanding and respect. Certainly, a member of the Islamic faith or anyone who believes in the respectful treatment of others will find the term “Fucking Raghead” used by a County Councillor to be highly disrespectful and could be concerned that they would be subject to unfair regard by Brant County Council. Further, the words plainly violate the requirement in section 19.6 (a) to not speak in a manner which is discriminatory to a person’s race or creed and they plainly violate 19.6 (b) by being indecent and abusive. It would undermine the effectiveness of the Code if a Councillor could make racial slurs without consequence as long as he or she was careful not to address them to any specific person.

The Complainant identified section 19.4 as having been violated by Councillor Cardy’s actions. It is possible to argue that this section is intended to address the more particular case of actions involving a specific named person. It is not necessary for me to express an opinion on that as I have already found Councillor Cardy in violation of three other sections of the Code.

I find that Councillor Cardy violated sections 5.13 (e) and 19.6 (a) and (b) when he posted the terms “Fucking Raghead” to his Facebook account on August 29, 2017.

Did Councillor Cardy Violate Section 21.1 of the Code by Destroying Evidence?

As has been noted several times throughout this report, Councillor Cardy’s decision to destroy the Facebook account and his computer have made this investigation longer and more difficult that it ought to have been. It also violated the right of the Complainant to a fair investigation by removing the ability to properly review the only evidence of Councillor Cardy’s speculation about hacking.

I noted earlier that I believe that the decision to destroy the evidence was an act of spoliation or intentional destruction of evidence relevant to a matter in litigation.

I find that Councillor Cardy violated section 21.1 of the Code when he destroyed his Facebook account and computer thus rendering all physical and digital evidence of the presence of a hacker permanently unavailable for examination by this investigation.

Recommendations

I am required under section 26.3 of the Code to recommend a penalty to Council when I find that there has been a violation of the Code.

With respect to the matter of the posting of the words “Fucking Raghead” on Facebook, in making my recommendation, I am considering both the nature of the words and the unwillingness of Councillor Cardy to admit his mistake and show remorse for his actions. There is limited precedent in Integrity Commissioner cases in Ontario for this kind of action. The one somewhat similar case available is Integrity Commissioner Report Regarding Conduct of Then-Mayor Rob Ford⁵. A complaint was filed against former Mayor Ford for using racist language and obscenities, some of which were in the presence of staff and others when with personal friends. When presented with the complaint, Mr. Ford immediately apologized and cooperated with the Integrity Commissioner. The Integrity Commissioner found the comments to be in violation of the Code of Conduct. She did not recommend a financial penalty, however, because Mr. Ford did not dispute or defend his actions, rather he apologized and took responsibility for his actions, including apologizing for embarrassing members of Toronto City Council. There is also precedent in employment law. The case cited previously, Bell Technical Solutions cites several precedents on inappropriate Facebook posts and the discipline ranges from short suspensions to termination depending on the degree of vulgarity of the comments and the number of times they were posted.

In this case, Councillor Cardy attempted for a full day to defend his use of the inappropriate language but finally concluded the thread of posts with an attempt at an apology. It is my view that he understood the severity of what he had said. He also did not go on at length repeating the comments or exacerbating them with worse comments as happened in the Bell Technical Solutions situation. Therefore, I would recommend a penalty on the lower end of the scale.

I recommend that Council impose a penalty on Councillor Cardy of a two (2) day suspension of remuneration for the posting of inappropriate language on Facebook.

The matter of the destruction of evidence however is a much more serious offence. While the use of offensive language is, of course, serious, it does not undermine the very integrity of the Code itself. The deliberate destruction of evidence and the resulting interference with the right of the complainant to a fair investigation does. This violation of the Code must merit a serious penalty to ensure that no other member of Council believes that taking this kind of action will be treated lightly.

I can understand how a person accused of violating the Code may feel threatened and anxious and find it hard to take steps to preserve the very evidence that may be used against them. However, it is a principle in law and in this Code that parties to litigation are obligated to defend the right to a fair investigation. The section itself uses strong language to get that point across: “Members shall respect the integrity of the Code of Conduct, and inquiries and investigations conducted under it and shall co-operate in every way possible in securing compliance with its application and enforcement.”

I recommend that Council impose a penalty on Councillor Cardy of a thirty (30) day suspension of remuneration for the destruction of evidence in this investigation.

Respectfully Submitted:

March 15, 2018

Footnotes

F.H. v. McDougall, 2008 SCC 53 at paragraphs 31 and 49.
Comment by Robert Deutschmann during interview with Councillor Cardy on February 22.
Nova Growth Corp. et al. v. Andrzej Roman Kepinski et al. 2014 ONSC 2763
Bell Technical Solutions v. Communications, Energy and Paperworkers Union of Canada, 2012 CanLII 51468 (ON LA) at paragraph 112.
This decision of Valerie Jepson, Integrity Commissioner for Toronto is available at https://www.toronto.ca/legdocs/mmis/2015/cc/bgrd/backgroundfile-78467.pdf