SUPERIOR COURT OF JUSTICE

COURT FILE NO.: CR-21-42

DATE: 20220929

ONTARIO

BETWEEN:

HIS MAJESTY THE KING

– and –

KYLE HUGHES

Defendant

Cameron Peters for the Crown

Joel Hechter for Mr. Hughes

Claudia Brabazon for the Ontario Provincial Police

Anil Kapoor as Amicus Curiae

HEARD: May 12, May 16, June 8, June 17, July 25, July 28, July 29, August 2 and August 3, 2022

ruling No. 2 on mr. hughes’ disclosure application

c. boswell j.

I. OVERVIEW

A. Introduction

[1] Millions of people around the world use peer-to-peer networks to communicate with one another and to share files, including movies, music, books and games. Regrettably, some people use peer-to-peer networks to obtain and share child pornography.

[2] The Crown alleges that Mr. Hughes was one of those individuals who shared child pornography over the internet on a peer-to-peer network called BitTorrent.

[3] In July 2017, the U.S. Internet Crimes Against Children (“ICAC”) Joint Task Force alerted the Ontario Provincial Police that an IP address in Ontario had been identified as expressing an interest in child pornography on the BitTorrent network.

[4] An OPP investigator used a law-enforcement-specific software tool known as “Torrential Downpour” to connect to an electronic device at Mr. Hughes’ IP address and to download a number of files from that device. Those files were confirmed to be child pornography. The police subsequently obtained a warrant to search Mr. Hughes’ residence. They found and seized a computer, on which they found the same files they downloaded using the TD software. Mr. Hughes is charged, in the result, with possessing child pornography and making it available to others.

[5] Like all other accused persons in Canada, Mr. Hughes is constitutionally entitled to the disclosure of all relevant, non-privileged information in the possession or control of the prosecutor, whether inculpatory or exculpatory. See R. v. Stinchcombe, 1991 45 (SCC), [1991] 3 S.C.R. 326.

[6] Mr. Hughes is not content with the disclosure he has received from the Crown. He seeks an order for production of the following:

(a) A fully operational copy of whatever software system was used by ICAC to identify IP address 99.232.162.41[1] as an IP address of interest on the BitTorrent network;

(b) A fully operational copy of the version of Torrenital Downpour (“TD”) the OPP used to investigate IP address 99.232.162.41 or alternatively a fully operational copy of the current version of that software;

(c) A fully operational copy of the version of Torrential Downpour Receptor (“TDR”) - companion software used in conjunction with TD - to investigate IP address 99.232.162.41 or alternatively a fully operational copy of the current version of that software;

(d) The source codes for the software requested; and,

(e) All user manuals, changelogs, training manuals and other documentation associated with the software systems referred to above.

[7] The Crown resists Mr. Hughes’ requests on two grounds: relevance (or the lack thereof) and privilege. In particular, the Crown asserts investigative technique privilege over much of the information sought by the defence.

B. The Proceedings to Date

[8] Mr. Hughes’ application has proceeded in two stages. The first stage commenced on February 7, 2022 and was completed on February 28, 2022. At the first stage, the court was called upon to determine: (1) whether the information sought by Mr. Hughes was first party or third party disclosure); (2) if it was first party disclosure, whether it was relevant; and (3) if it was third party disclosure, whether it was likely relevant.

[9] First party disclosure constitutes all relevant, non-privileged information in the possession or control of the Crown. It includes all of the fruits of the investigation conducted by law enforcement in relation to the charges against Mr. Hughes and any additional information in the possession of the police that is “obviously relevant” to his case. See R. v. Gubbins, 2018 SCC 44, para. 21.

[10] Third party disclosure constitutes any records or information sought by an accused person that does not constitute first party disclosure.

[11] Where a determination is made that a document or thing constitutes relevant first party disclosure, it must automatically be produced to the accused, subject to sustainable claims of privilege by the Crown.

[12] Where a document or thing is a third party record, however, disclosure is subject to a two-stage application. At the first stage, the accused must establish that the records sought are “likely relevant”. If he does so, the application proceeds to stage two. At the second stage, the applications judge reviews the records in issue to determine whether, and to what extent, they should be produced to the accused. See R. v. O’Connor, 1995 51 (SCC), [1995] 4 S.C.R. 411.

[13] I released a ruling on the first stage of the disclosure application on April 7, 2022. It is reported as 2022 ONSC 2164. That ruling contains a good deal of background about the BitTorrent network, the particulars of the investigation into Mr. Hughes and the way in which the software tools used by law enforcement to police the BitTorrent network operate. Some of those same topics will necessarily be re-addressed in this ruling.

[14] By way of a summary, I determined at stage one that:

(a) The manuals for the TD and TDR software (which include the changelogs) were first party disclosure, were relevant and had to be produced to the accused, subject to any sustainable claims of privilege advanced by the Crown;

(b) No software, other than TD and TDR was specifically identified as being utilized by ICAC in the investigation of Mr. Hughes. Accordingly, I made no ruling about any software apart from TD and TDR;

(d) The source codes for TD and TDR were third party disclosure and not likely relevant to any live issue in the proceedings; and,

(e) The training materials for TD and TDR were similarly third party records and not likely relevant to the proceedings.

C. The Outstanding Issues

[15] The following issues remain to be determined at stage two of the application:

(a) Whether fully operational copies of TD and TDR should be produced to the accused pursuant to stage two of the O’Connor procedure; and,

(b) Whether the Crown has a sustainable claim of privilege over the TD and TDR software or the manuals for that software, in whole or in part. In making this assessment, the court is called upon to evaluate the assertion of investigative technique privilege over:

(i) fully operational copies of TD and TDR software;

(ii) redactions made by the Crown to the manuals for TD and TDR as disclosed to the defence;

(iii) redactions made by the Crown to the transcripts of ex parte (closed) sessions held in connection with the hearing of the Crown’s privilege claim. I will describe the nature of the closed sessions momentarily;

(iv) redactions made by the Crown to reports generated by validation tests run on the software. Again, I will describe the nature of those tests momentarily; and,

(v) redactions made by the Crown to log reports generated by TD during the course of its investigation of Mr. Hughes in 2019.

II. THE PROCESS

D. The Procedure Utilized

[16] The procedure utilized in the hearing of this application was somewhat complicated and worth taking a moment to set out.

[17] Mr. Hughes’ counsel initiated the application for disclosure in January 2022. The Crown responded with its assertion of investigative technique privilege over the information sought by the defence. At the same time, the Crown advanced an application under s. 37 of the Canada Evidence Act (“CEA”) for an order prohibiting the disclosure of the information in issue on the basis that it would encroach on a specified public interest – in this case, maintaining the secrecy of an investigative technique.

[18] A s. 37 application engages the court in a balancing exercise to determine if the public interest in disclosure outweighs the importance of the specified public interest. The parties are agreed that s. 37 imports the common law test applicable to the determination of whether a public interest privilege (such as investigative technique privilege) applies.

[19] There is no set procedure that must be followed in a s. 37 application, or more generally, in an application where a public interest privilege is advanced. See R. v. Pilotte, 2002 34599 (ON CA), [2002] O.J. No. 866, at para. 52. It is all but inevitable that certain portions of the hearing will be conducted in the absence of the public and of the accused given that the court will most likely need to hear evidence about the information said to be covered by privilege.

[20] Accused persons are generally not entitled to be present during the hearing of an application under s. 37 of the CEA. See R. v. Basi, 2009 SCC 52 and R. v. Pilotte, as above. Where the accused is excluded from any part of the proceedings, procedural fairness concerns arise. The Supreme Court directed in Basi, at para. 55, that to protect the interests of the accused, “trial judges should adopt all reasonable measures to permit defence counsel to make meaningful submissions regarding what occurs in their absence. Trial judges have a broad discretion to craft appropriate procedures in this regard.”

[21] Suggestions made by the Supreme Court in Basi to attenuate concerns about procedural fairness included inviting the defence to suggest questions to be put to any witness that will be called at the ex parte hearing; providing the defence with a redacted or summarised version of the evidence presented ex parte; and the appointment of amicus curiae to attend the ex parte proceeding in order to provide assistance in assessing the claim of privilege. See Basi, paras. 56-57.

[22] The parties agreed to a procedure in this case designed to maintain the secrecy of the information subject to the Crown’s privilege claim, while at the same time maintaining procedural fairness to Mr. Hughes. The procedure was as follows:

(a) The parties to the application include, obviously, the Crown and Mr. Hughes but also the OPP, who were given standing as as a result of the fact that they have a vested interest in the maintenance of privilege over the investigative technique employed in this case;

(b) Mr. Kapoor was appointed as amicus curiae by order of Fuerst J. dated January 13, 2022. Mr. Kapoor’s role was specified as assisting the court with determinations relevant to the issues raised in the proceedings and to protect Mr. Hughes’ interests when he was excluded from the proceedings. He was given the broad mandate to make submissions to the court as to whether the information in issue is subject to investigative technique privilege and, in that context, to what extent non-disclosure of such information may impact on Mr. Hughes’ ability to make full answer and defence;

(c) Mr. Kapoor attended all portions of the hearing of the application, both public and in camera/ex parte, and received copies of all sealed material filed in relation to the application;

(d) The first stage of the application proceeded over eight days of open hearings between February 8, 2022 and March 2, 2022. During the first stage, evidence was adduced through Gerhard M. Goodyear, a detective with the Computer Crime Unit of the Indiana County Pennsylvania’s Detective Bureau and Giuseppe Versace, a civilian employee of the OPP working as Project Lead within the OPP’s Child Sexual Exploitation Unit.

Detective Goodyear works closely with the ICAC system, assisting with the maintenance and upkeep of the various systems and software used by that system to conduct investigations, including investigations of peer-to-peer networks like BitTorrent. He also trains law enforcement officers on how to use the ICAC law enforcement system, including the use of TD and TDR.

Mr. Versace has an MSc in cybercrime and forensic computing from the University College of Dublin. His role at the OPP includes managing the network and applications used by investigators in the Child Sexual Exploitation Unit to conduct investigations of peer-to-peer networks, including the use of TD on the BitTorrent network;

(e) Detective Goodyear and Mr. Versace provided detailed evidence about the ICAC system and the BitTorrent network. They described how TD and TDR work to assist investigations of the sharing of child sexual abuse materials on the BitTorrent network. They did not, however, during the first stage of the hearing, venture into any of the areas of information sought to be protected by the Crown through the assertion of investigator technique privilege. When questions put to them tended to encroach upon an area where privilege is asserted, they deferred their answers to a future closed session;

(f) At the completion of the first stage of the application, the parties made submissions about whether the disclosure sought was first or third party disclosure and about its relevance to the live issues in the proceedings. I subsequently released a decision on those issues on April 7, 2022;

(g) Following the release of my ruling on April 7, 2022, Crown counsel delivered a redacted copy of the TD manual to defence counsel and, later, a summary of the TDR manual;

(h) The second stage of the application proceeded over nine days between May 12, 2022 and August 3, 2022. It began with an open session in which defence counsel conducted supplemental cross-examination of Detective Goodyear, based on concerns counsel had as a result of his review of the redacted TD manual. Defence counsel subsequently conducted a supplemental cross-examination of Mr. Versace regarding a proposal he had circulated in relation to a validation demonstration he had designed with respect to TD;

(i) The ex parte, or closed, session of the application commenced on May 13, 2022. It began with testimony from Detective Goodyear regarding the redactions made to the TD manual that was provided to defence counsel and proceeded to address questions that had been deferred from the open session. It continued with evidence from Mr. Versace on issues over which the Crown asserts privilege. Both Detective Goodyear and Mr. Versace were cross-examined by Mr. Kapoor in his capacity as amicus during the closed session;

(j) On May 16, 2022, the court heard from Detective Sergeant Christopher Barkey, a team lead in the OPP’s Child Exploitation Unit, about his concerns regarding the impact that disclosure of the information sought by defence counsel might have. Det/Sgt Barkey was subject to cross-examination by Mr. Kapoor;

(k) On June 8, 2022, a further closed session was conducted in which Detective Goodyear gave evidence about the manner in which TDR operates. Again, he was subject to cross-examination by Mr. Kapoor;

(l) On June 9, 2022 a validation demonstration of TD was conducted by Mr. Versace at OPP headquarters in Orillia. The demonstration was treated as a closed session;

(m) On July 25, 2022 Mr. Versace testified, in a further closed session, about the results of the validation demonstration and the three tests of TD that were conducted during that demonstration;

(n) At some point, defence counsel was provided with redacted transcripts of the closed sessions. He raised a concern that there was evidence adduced during the closed sessions that ought reasonably to have been adduced in an open session. For that reason, he was granted a further opportunity to cross-examine Mr. Versace in an open session that was conducted on July 29, 2022;

(o) When Mr. Hechter completed his cross-examination of Mr. Versace on July 29, 2022, the parties proceeded to make submissions, in an open session, on the issue of the relevance of the information sought by the defence and over which the Crown asserts privilege. Only Crown and defence counsel made submissions on the relevance issue;

(p) On August 2, 2022 counsel to the Crown and the OPP made submissions about privilege in an open session. Defence counsel made responding submissions about the Crown’s assertion of privilege in that same session;

(q) Finally, in a closed session on August 3, 2022, counsel to the Crown and the OPP made further submissions about their assertion of privilege. Those submissions were responded to by Mr. Kapoor in his capacity as amicus;

(r) It was agreed that, going forward, the court will make its ruling on stage two of the O’Connor application and the Crown’s common law assertion of investigative technique privilege. That ruling will be released to all counsel, save Mr. Hector, in what amounts to a “closed” release. An open release of the ruling will follow ten days later. In the interim, the Crown may serve notice, if it choses to do so, of any intention to invoke s. 37 of the CEA. If the Crown serves such a notice, the court will release a short endorsement adopting its reasons on the common law privilege assertion to the s. 37 application. Thereafter, the Crown will have the immediate right of appeal specified in s. 37.1 of the CEA.

Utilizing the release procedure agreed to by the Crown and amicus will have the added benefit of enabling counsel to alert me if I have inadvertently referenced information that is intended to be privileged.

E. The Evidence Adduced

[23] To put the evidence heard in the second stage of the application into perspective, it will be necessary to cover some of the ground already covered in my stage one ruling.

[24] All of the evidence referred to in this section was adduced in open sessions. When necessary, I will make only oblique references to evidence adduced in closed sessions.

[25] I begin with a description of the BitTorrent network.

(a) The BitTorrent Peer-to-Peer Network

[26] Peer-to-peer networks are information technology architectures that connect devices directly, without the use of a central server. All users on peer-to-peer networks are equal (peers) and each is simultaneously a client and a server on the network. These types of networks enable users to share files quickly and inexpensively with one another.

[27] Suppose for a moment that I have a file I want to share with the world. The conventional means of sharing that file was to upload it to a server and allow anyone to access the file through the server. The problem with that method of distribution is that download speed is limited by the bandwidth of the server. If a great many people attempt to download a file simultaneously from the same server, the download speed will be extremely slow due to the bottleneck at the server.

[28] Peer-to-Peer network systems attempt to solve the bottleneck problem by utilizing a swarm approach. Files shared on peer-to-peer networks are typically broken down into segments. Suppose that a user wishes to obtain a copy of the movie Star Wars. That movie file may be segmented into, say, 100 pieces. Client programs are able to seek pieces of the file of interest from multiple other users who have and are willing to share the file. In other words, a client program may download all 100 pieces from a single other user (slow) or it may download 1 piece each from 100 other users (fast). As a user acquires a piece of a file, that piece becomes available to other users. In that way, users act as both uploaders and downloaders simultaneously.

[29] There are a number of peer-to-peer networks in operation around the world, including, for instance, Gnutella, Limewire, eMule, and the one involved here, BitTorrent.

[30] Accessing the BitTorrent network requires the use of a client program. A number of such programs are readily available including BitTorrent’s own client software as well as one called μTorrent, which is the program allegedly used by Mr. Hughes.

[31] Most client programs that operate on peer-to-peer networks work in a similar way. The user opens the program and searches for a desired file using the program’s built-in search function. The BitTorrent network operates a little differently. BitTorrent client programs do not have built-in search functions. Instead, users interested in a particular file must locate a “torrent” file on the network associated with the file they want (the “payload file”). For instance, if the payload file of interest is the movie Star Wars, the user must first obtain a torrent associated with that movie. Torrent files can be found from a number of sources, including through the use of an internet search engine like Google.

[32] A torrent file is a small data file that includes instructions that enable a BitTorrent client program to locate and download the files that make up the payload file. Most significantly, the torrent file includes information about the hash value(s) of the payload file(s).

[33] A hash value is a fixed length, alphanumeric value that uniquely identifies data. When data files are uploaded to a network, they are assigned hash values. Those hash values allow devices using the network to distinguish files from each other. Going forward, I will refer to the hash values of torrents of interest as “infohashes”.

[34] Once a user has located a torrent file and loaded it into his or her client program, the program will search the network for other users who have files associated with that torrent.

(b) The ICACCOPS System

[35] Earlier I mentioned the ICAC system in the U.S. ICAC is a joint task force made up of some 61 co-ordinated task forces across America. Its central focus is to investigate technology-facilitated child sexual exploitation. It employs a digital system to do so, known as the ICAC Child Online Protection System, or “ICACCOPS” for short.

[36] The ICACCOPS system includes a database of the infohashes of files that have been downloaded from the internet and identified as child pornography. In addition, it has a number of network-specific tools at its disposal that it makes available to law enforcement agencies around the world. These tools facilitate the detection of parties expressing an interest in child sexual abuse materials online.

[37] In relation to the BitTorrent network, ICACCOPS utilizes programs known as the Roundup Suite of tools to detect and connect to targets suspected of sharing child pornography on that network.

[38] The Roundup Suite is made up of two software tools: TDR and TD. This software was developed by the University of Massachusetts (Amherst). UMass owns the copyright but provides the software free of charge to law enforcement. Training on the software is conducted by Fox Valley Technical College in Appleton, Wisconsin. Law enforcement agents who wish to become licensed users of the Roundup Suite of tools must complete training at Fox Valley.

[39] TD and TDR are independent tools, but they often work in tandem.

[40] TDR has two functions. One is an active, “search” function and the other a passive, “listening”, function.

[41] TDR is designed to randomly obtain a torrent of interest (i.e. a torrent that includes an infohash connected to a known child pornography file) from the ICACCOPS database every several minutes. Where its listening function is utilized, it will simply connect to the BitTorrent network and appear as though it is a user with the particular file available to share. It waits and listens for other users to contact it looking for the file. Any user seeking the file will be identified as a target of interest. The file will never actually be shared with another user.

[42] There is no evidence that the passive function of TDR was engaged in this instance, so I intend to say no more about it.

[43] Unlike its passive function, the search function of TDR actively queries the BitTorrent network seeking other users expressing an interest in the file randomly obtained from the ICACCOPS database. To be more specific, TDR will randomly select an infohash from the database and then search the network for other users who show on the network as having one or more pieces of the file(s) associated with that infohash.

[44] Earlier I indicated that peer-to-peer networks are designed to connect multiple users without the use of a central server. While that is a generally accurate statement, it must be qualified somewhat in relation to the BitTorrent network. The BitTorrent network does not have a central server, but it does make use of a centralised co-ordination mechanism. It is arguably a hybrid system in this sense. It uses servers, called “trackers”, to assist in the communications between peers on the BitTorrent network. Servers are basically match makers. They match those users seeking particular files with users who have pieces of the files available to share.[2]

[45] For the purposes of this ruling, it is unnecessary to drill down any further into the role of trackers on the BitTorrent network. I mention them only because they are a means by which TDR queries the BitTorrent network seeking users who are expressing an interest in the files TDR has pulled from the ICACCOPS database. By querying trackers, TDR identifies any users looking for pieces of the infohash of interest and any users sharing any pieces of that file.

[46] If TDR identifies a target user, it will try to make a preliminary connection to that user in an effort to determine if the user actually has any pieces of the infohash of interest. If the software is able to do that, it learns that a successful connection to the target should be achievable through the TD software.

[47] The only information that TDR obtains about a target user through the trackers is the user’s IP address and port[3] – the same information any other user on the BitTorrent network would get through a normal connection on the network.

[48] Any information obtained by TDR about a target is pushed up to the ICACCOPS system. It is important to appreciate that TDR is a software tool utilized by many different law enforcement agencies around the world. It is possible, in the result, that an investigator running TDR in, say, Peru may identify a target IP address in the U.S. or Canada, depending on the way in which the software has been configured. In this instance, it is not known what law enforcement agency was operating the TDR software that initially flagged Mr. Hughes’ IP address as a target.

[49] In any event, when the IP and port information is pushed up to ICACCOPS, it is geolocated. ICACCOPS utilizes a licensed geolocation software known as “Maxmind” to determine where in the world a particular IP address is located. Defence counsel’s application initially included a request for information relating to the use of Maxmind, but that request was subsequently abandoned.

[50] Once the IP address is geolocated, ICACCOPS pushes the target IP address and associated port to a law enforcement agency located in the jurisdiction where the target is located. Provided that law enforcement agency is running Torrential Downpour, then TD will automatically attempt to make a connection to the target’s device.

[51] The connection made by TD to the target device is, for the most part, the same sort of connection that any two users on the BitTorrent network might make.

[52] Connections between users on the network are made through the use of a network-specific protocol. The BitTorrent protocol – the language used by the network – consists of relatively few messages. Users’ client programs interact with one another using these messages, which include “choke”, “unchoke”, “interested”, “not interested”, “have”, “bitfield”, “request”, “piece” and “cancel”.

[53] The initial interaction between users is called a “handshake”. During the handshake there is an exchange of information about what pieces each user has of the infohash of interest. A user may report “none”, “all”, or identify particular pieces. TD will always report that it has no pieces of the infohash of interest. It will send out a piece request for all of the pieces that the target device has in its possession. Typically, the interaction will commence with a “choke” message, meaning the target is not willing to share. TD will send an “interested” message and hope that the target responds with an “unchoke” message. If that occurs, TD will commence downloading the pieces of the file that the target possesses. It will continue to download files until it has all of the pieces possessed by the target.

[54] Unlike other client programs on the BitTorrent network, TD does not swarm. It is designed to conduct single source downloads, so that it is clear that any pieces of a downloaded file came from the same source.

[55] TD keeps a log of all of the particulars of its connection to the target device.

[56] According to Mr. Versace, most BitTorrent client programs support what he called an “extended handshake”. In an extended handshake, the users’ client programs will exchange client names, including a peer ID. A peer ID, as the name suggests, is a unique reference to a specific peer within the overall peer-to-peer network.

[57] The manner in which TD identifies itself to other client programs is, in my view, the most closely guarded secret of the system. There are a number of aspects of the software that the Crown asserts privilege over, but the manner in which TD identifies itself to other users on the network is the most critical. The logs kept by TD of its connections to other users do not include any reference to the way in which TD identifies itself in the extended handshake process.

[58] In any event, once files are downloaded from a target user, they are reviewed by an investigator to determine if they, in fact, contain child pornography. If they do, the investigation continues. The next step is typically to obtain information about the specific municipal address associated with the target IP address. From there, investigators seek to identify the residents of the municipal address. Finally, a search warrant is typically sought for the residence in issue in an effort to locate and seize devices containing child pornography.

(d) The Investigation into IP Address 99.232.162.41

[59] In this case, an unknown investigator running TDR in mid-July 2019 identified IP address 99.232.162.41 as interested in two particular infohashes found in the ICACCOPS database of known child pornography. It pushed that IP address and port to the ICACCOPS server. The server geolocated the address to Beeton, Ontario.

[60] The ICACCOPS server pushed information about the target IP address and port, as well as the infohashes in issue, to TD software being operated by Detective Constable Erin Neller of the OPP’s Child Exploitation Unit in Orillia. That software automatically attempted (successfully) to make a connection to the device operating at the target IP address and port. Between 10:02 p.m. on July 18, 2019 and 10:02 p.m. on July 19, 2019, DC Neller’s copy of TD downloaded a number of files from a BitTorrent network client program (in this case μTorrent v. 3.5.5) operating on a device at IP address 99.232.162.41.

[61] DC Neller personally reviewed the downloaded files and confirmed that they contained child pornography. She subsequently determined that IP address 99.232.162.41 was assigned to Rogers Communications. Through the use of a production order, she discovered that the Rogers customer to whom the suspect IP address was assigned was the defendant’s mother, with whom he lived. A residential address in Beeton, Ontario was associated with the subscriber.

[62] DC Neller applied for and obtained a warrant to search the Beeton residence where Mr. Hughes resides. A search of the residence led to the seizure of a digital device from Mr. Hughes’ bedroom. That device was forensically examined and found to contain an installed copy of μTorrent v. 3.5.5 as well the files downloaded by TD between July 18 and 19, 2019.

(e) The Validation Tests

[63] Mr. Hughes is not the first litigant to attempt to get access to the Roundup Suite of software tools nor the first to challenge their reliability. In other instances, validation tests have been designed and carried out to demonstrate the functionality and reliability of the software. See for instance, R. v. Gonzales, 2019 WL 4040531.

[64] In an effort to demonstrate that TD works as advertised, Mr. Versace designed a validation test protocol. He started by creating two virtual computers – a target computer and an investigator’s computer. He installed μTorrent v. 3.5.5 on the target computer, which was the client program purportedly used by Mr. Hughes on the occasion in issue. He then located a particular open-sourced torrent and downloaded it to the target computer.

[65] He subsequently conducted three tests in accordance with his protocol on June 9, 2022. Mr. Versace described the contours of his tests in evidence. I find that they demonstrated the following:

(a) That TD was successful in connecting to and downloading a full copy of the file of interest from the target computer;

(b) That when the target had only the torrent but not the payload, TD disconnected straight away;

(d) Through the use of Wireshark software[4], it was confirmed that TD does not leave any artifacts on the target computer and that TD does not download anything from the target computer apart from the infohash of interest.

III. DISCUSSION

F. The Information in Issue

[66] Mr. Hughes wants to have fully operational copies of TDR and TD produced to him, along with complete copies of the manuals that go with them.

[67] The Crown and the OPP object to producing copies of the software on grounds of relevance and privilege and object to producing unredacted copies of the manuals on similar grounds.

[68] I note that in my initial ruling – relating to the first stage of the hearing – I found that the manuals were relevant first party disclosure and had to be disclosed, subject to an assessment of the Crown’s assertion of privilege. I should have been more careful to note that there may yet be assertions made by the Crown that specific portions of the manuals ought not to be disclosed on the ground of relevance, or a lack thereof. The parties did not make submissions on the relevance of specific content of the manuals during the first stage of the proceedings. That is because the manuals contain information subject to the Crown’s assertion of privilege and accordingly were not parsed in the open sessions of the first stage of the hearing.

[69] In any event, as I set out above, the positions taken by the parties leave the following issues for the court to determine:

(a) Are operational copies of TD and TDR relevant to any live issues in these proceedings and should production of them be made at stage two of the O’Connor procedure?

(b) If operational copies of the software are relevant and disclosable at stage two of O’Connor, should the Crown’s decision not to produce the software on the ground of investigative technique privilege be upheld? And,

(c) Are the Crown’s redactions to the TD and TDR manuals, as well as the logs and the transcripts of closed sessions, sustainable on the basis of relevance or investigative technique privilege?

[70] I note that as the application unfolded, Mr. Hughes’ counsel made an additional disclosure request. In particular, he broadened his request for production to include essentially any software that powers the ICACCOPS system. I am in no position to grant him that relief.

[71] Both TDR and TD run through the ICACCOPS portal. Software on the ICACCOPS servers manages the portal, maintains a database of known child pornography (by infohashes), geolocates IP addresses of interest, connects investigations with investigators in an effort to reduce or eliminate conflicts (so that multiple investigators are not seeking warrants for the same target), and pushes information of interest to relevant investigators around the world. I am certain it does a whole lot more than what I have described, but I am constrained by the evidence adduced during the application.

[72] Mr. Hughes wants access to all of the software engaged in the automated investigative processes of ICACCOPS. That software includes TDR and TD as well as the unidentified program(s) that power the ICACCOPS system. He asserts that the international border between Canada and the U.S. should not be an impediment to his disclosure application. He argues that law enforcement agencies in Canada ought not to be able to outsource investigations to foreign entities and thereby avoid Charter scrutiny or general compliance with Canadian laws.

[73] I have already addressed this argument to some extent in my ruling at stage one of the application. I found that the only investigating police force in this instance was the OPP. I characterized the information received by the OPP from ICACCOPS about Mr. Hughes’ IP address as, in essence, a “tip”.

[74] I am in no position to grant Mr. Hughes access to any of the ICACCOPS server software. That software, whatever it is, is not in the possession of the Crown or the OPP. It is in the possession of the ICAC joint task force, a U.S. entity over whom I have no jurisdiction. ICAC has not been issued a subpoena, nor otherwise engaged in this application, save to the extent that Detective Goodyear has participated as a witness. I do not know the name or nature of the software used in the ICACCOPS system and have no means of assessing exactly how it is implicated, if at all, in the investigation into Mr. Hughes.

G. The Information Disclosed to Date

[75] Before I begin an analysis of the remaining issues in dispute, I think it worthwhile to take a moment to assess what Mr. Hughes has and what he does not have in terms of disclosure of the automated system that was utilized to investigate him. Only the information he does not have is in issue in this application.

[76] As part of its Stinchcombe obligation, the Crown disclosed to defence counsel thousands of pages of logs that detail almost every interaction between DC Neller’s version of TD and what is alleged to have been Mr. Hughes’ client program. It was initially the Crown’s position that these logs told Mr. Hughes everything he needed to know about how TD interacted with the device alleged to have been his.

[77] Mr. Hughes obviously disagreed. His application for further disclosure unfolded over some sixteen days of hearings. Sixteen days is an arresting amount of time to spend on what is a relatively narrow disclosure request. Both Detective Goodyear and Mr. Versace were examined and cross-examined at length, each more than once, about the ICACCOPS system, the BitTorrent network and the way in which TD and TDR operate in tandem to detect and investigate the use of that network to disseminate child sexual abuse material.

[78] Any questions reasonably arising with respect to how TD and TDR operate were surely asked and answered, though a small portion were admittedly answered in closed, ex parte sessions. At the very least, one must say that Mr. Hughes’ counsel has had every reasonable opportunity to ask any questions of Detective Goodyear and Mr. Versace relevant to Mr. Hughes’ defence of the charges he faces.

[79] I concede that, having had the benefit of sitting through the closed sessions, I know a little more about TD and TDR than Mr. Hughes’ counsel does. But I must emphasize the adjective “little”. Given the amount of time spent in closed sessions and the general hype surrounding them, one could be forgiven for forming an impression that there was a good deal of top-secret ground covered in them. Such an impression would be wrong.

[80] What Mr. Hughes does not know, and what the Crown, the OPP and ICACCOPS do not want him to know, amounts essentially to the following:

(a) The IP address of the ICAC servers in Pennsylvania;

(b) The peer ID utilized by TDR and TD;

(d) The manner in which severity ratings are assigned to infohashes in the ICACCOPS database.

H. Issue One: Should operational copies of TD and TDR be provided to Mr. Hughes? (O’Connor Stage Two)

(a) The Governing Principles

[81] Mr. Hughes satisfied me at stage one of his O’Connor application that the TD and TDR software used by law enforcement to identify and investigate him are likely relevant to live issues in this proceeding.

[82] At this second stage of the O’Connor application, the court must determine if operational copies of the software should be produced to Mr. Hughes. At this stage, the court must “weigh the salutary and deleterious effects of a production order and determine whether a non-production order would constitute a reasonable limit on the ability of the accused to make full answer and defence”. See Wallace v. World Bank, 2016 SCC 15 at para. 113.

[83] The O’Connor process was revisited and refined somewhat in R. v. McNeil, 2009 SCC 3. McNeil instructs that an appropriate starting point for trial judges faced with balancing competing interests at the second stage of an O’Connor application will be the assessment of the true relevance of the targeted record(s) in the case against the accused. If the court concludes, upon inspection, that the records in issue are clearly irrelevant, then there is no basis for ordering production to the accused. On the other hand, if the court concludes, upon inspection, that the claim of likely relevance has been borne out, the accused’s right to make full answer and defence will, with few exceptions, win out. See McNeil, para. 41.

[84] Charron J., writing for a unanimous court in McNeil, observed that a finding of true relevance puts the third party records in the same category for disclosure purposes as the fruits of the investigation in the hands of the Crown prosecutor. With few exceptions, the accused person’s right to access information necessary to make full answer and defence will outweigh any competing privacy interests in the records. See McNeil, para. 42.

[85] That said, when making a production order, the court is directed to ensure that limitations are imposed, where practical, to recognize the privacy interests that third parties may have in the records. As Charron J. put it, “the court should ensure that a production order is properly tailored to meet the exigencies of the case but do no more.” See McNeil, para. 44. While the “likely relevant” standard is broad and includes information in respect of which there is a reasonable possibility of being of assistance to the defence, the O’Connor applicant must still lay a foundation for the relevance of the material sought. To ensure that only relevant material is produced, the court may make redactions or impose other conditions where appropriate. See McNeil, para. 46.

(b) The Parties’ Positions

[86] The relevance of the Roundup Suite of software must be assessed against the live issues in the case and the positions of the litigants.

[87] Two pending applications, together with the trial, provide the context in which relevance is to be considered.

[88] By way of pending, or anticipated applications, Mr. Hughes intends to:

(a) challenge the validity of the warrant that authorized the police search of his residence. As I understand his position, he will advance a sub-facial challenge to the sufficiency of the sworn evidence filed in support of the warrant application (the “Information to Obtain”, or “ITO”). More specifically, he will assert that the evidence was misleading or otherwise did not meet the standard of full, fair and frank disclosure required on an ex parte application. Should the warrant be determined to have been invalid, he will seek an order excluding any evidence found during the search of his residence on the basis that the search amounted to a breach of his s. 8 Charter right to be free from unreasonable search and seizure; and,

(b) regardless of the outcome of the challenge to the warrant, Mr. Hughes also intends to seek, by application, the exclusion of evidence obtained as a result of the investigation by TDR and TD of his IP address. Again, the basis for the application is an asserted breach of his s. 8 right. More specifically, he will assert that the manner in which TD and TDR function infringed upon his reasonable expectation of privacy in his IP address, his activities on the BitTorrent network and the information on his digital devices.

[89] Mr. Hughes’ counsel focused his submissions on the relevance of the information in issue to his client’s s. 8 application. In particular, he submitted that the information in issue is relevant to the inquiry of whether the operations of TD and TDR infringe his client’s reasonable expectation of privacy. His stated concern is with what he described as “automated overreach”.

[90] Defence counsel also suggested that there may be material in the ICACCOPS database that has been collected through unconstitutional searches. In his submission, this factor may be relevant to a s. 8 inquiry. He will only be able to assess what is in the database if he gets access to fully operational software that interfaces with the ICACCOPS portal.

[91] Defence counsel also tied the relevance of the software to his anticipated challenge to the warrant. In his view, the affiant of the ITO, DC Neller, ought to have known much more about TDR and TD than she adverted to in the ITO. Moreover, she failed to mention the role played by TDR in the investigation and failed to highlight potential constitutional problems with the investigative techniques employed. Should he obtain access to fully operational copies of the software, counsel will be in a position to better assess what DC Neller knew or ought to have known about the software and disclosed to the court in the ITO.

[92] In defence counsel’s submission, he needs operational copies of the software in order to independently test what it does so that he can educate the court about how the things it does implicate Mr. Hughes’ reasonable expectation of privacy and, in turn, his s. 8 right.

[93] The Crown argues that the defence position can really be summed up by a submission made by defence counsel to the effect that he is trying to get access to the software so he can “decide what it does in broad strokes so that he can explain how it interferes with a normative reasonable expectation of privacy.”

[94] Crown counsel submits that the defence position, as stated, is a patent fishing expedition and misses the mark for establishing relevance by a long shot.

[95] From the Crown’s point of view, the evidence is clear that TDR and TD do nothing more than investigate an IP address. It is settled law, the Crown says, citing R. v. Spencer, 2014 SCC 43, that reasonable expectations of privacy are not engaged until the police seek to match subscriber information to an IP address. In the result, TD and TDR cannot be said to have encroached on Mr. Hughes’ reasonable expectation of privacy. They did nothing more, the Crown argues, than any other, non-law-enforcement user might do on the BitTorrent network.

[96] In the result, the information in issue cannot be said to be truly relevant to the s. 8 application.

[97] Similarly, operational copies of the software cannot be said to be relevant to the impending application to challenge the warrant. Such an application, conventionally referred to as a Garofoli application, has a narrow focus. In view of the applicant’s anticipated sub-facial challenge, the live issue will be whether the ITO was accurate, as tested against DC Neller’s reasonable belief at the time she swore it. No basis has been established over multiple days of evidence to support the assertion that information obtainable from operational copies of the software could undermine DC Neller’s reasonable belief in the accuracy of the content of her ITO.

[98] Finally, the Crown asserts that information relating to TDR and TD has no relevance to the live issues at trial. In terms of TDR, its involvement in this case was limited to tip-generation and it was not otherwise actively utilized in the investigation of Mr. Hughes. TD software was actively utilized in the investigation, to obtain files containing child pornography from a device allegedly belonging to Mr. Hughes. The software is not, however, the Crown says, part of the Crown’s case to meet. The case to meet is, instead, the investigative download and the information that came from Mr. Hughes’ device, which was seized at the time the warrant was executed.

[99] In his role as amicus, Mr. Kapoor made only brief submissions on the issue of relevance. Those submissions were directed at the principles applicable to the assessment of relevance. He did not advocate for one result or another.

The Relevance Threshold

[100] I am satisfied that the information available in operational copies of TD and TDR is relevant to both the Garofoli application and the s. 8 Charter application. I am further satisfied that information available in an operational copy of TD is relevant to one or more issues at trial.

[101] I begin with the observation that relevance is a low threshold. As a general matter, it is well settled that to be relevant, a piece of evidence need only make a fact in issue more or less likely, as a matter of logic and human experience. See, for instance, R. v. Wood, 2022 ONCA 87 at para. 60, where Watt J.A. instructed:

As is well known, relevance is not an inherent characteristic of any item of evidence. Rather, it exists as a relation between an item of evidence and a proposition of fact that its proponent seeks to establish by its introduction. Relevance is a matter of everyday experience and common sense. The threshold for relevance is not high. Evidence is relevant if it renders the fact it seeks to establish slightly more or less probable than that fact would be without the evidence. We assess relevance in the context of the entire case and the positions of counsel…(citations omitted).

[102] In terms of assessing relevance in the context of a disclosure application, one way of looking at it is to ask whether the information in issue may be of some assistance or helpfulness to the defence. If the answer is yes, then it is relevant. See R. v. Egger (1993), 1993 98 (SCC), 82 C.C.C. (3d) 193 (S.C.C.) at para. 20.

Relevance to the Garofoli Application

[103] A Garofoli application is very narrow in scope. It relates only to the admissibility of evidence obtained as a result of, in this case, the authorization of a warrant to search Mr. Hughes’ residence. To be relevant, evidence must bear on the statutory pre-requisites to the granting of the warrant, namely whether there were reasonable grounds to believe that an offence had been committed and that evidence of that offence would be found in the place to be searched.

[104] The warrant in this instance was obtained on the strength of DC Neller’s ITO. The Garofoli inquiry is not concerned with whether the allegations set out in the ITO are ultimately true. Instead, the central question is whether the affiant of the ITO had a reasonable belief in the existence of the requisite statutory grounds. “What matters is what the affiant knew or ought to have known at the time the [ITO] was sworn.” See Wallace v. World Bank, 2016 SCC 15, at para. 119.

[105] In Wallace, the Supreme Court observed that search warrant authorizations are generally challenged in one of two ways. One way is to argue that the record before the authorizing judge was insufficient to make out the statutory preconditions (a “facial” challenge). The other is to argue that the record did not accurately reflect what the affiant knew or ought to have known, and that if it had, the authorization could not have issued (a “sub-facial” challenge). See Wallace, para. 120.

[106] As I understand it, Mr. Hughes will be advancing a sub-facial challenge to the warrant in issue. His application will turn, therefore, on what DC Neller knew or ought to have known at the time her ITO was sworn. He may alternatively argue that:

(a) She included information that she knew or ought to have known was false, inaccurate or misleading and any such evidence should be excised from the ITO;

(b) She intentionally or recklessly misled the court, rendering the entire ITO unreliable. See R. v. Sivrattan, 2017 ONCA 23, at para 26; or,

(c) There was additional evidence she knew or should have known and included in the ITO in order to make full, fair and frank disclosure. Any such information should be added when determining if the authorization was lawful. See Wallace, para. 121.

[107] DC Neller was licensed to use TD and TDR software. That means she was trained in its use at Fox Valley. How long she has been a licensed user of that software and how often she has used it are unknowns. But the detail in her ITO supports an inference that she is well-familiar with the functionality of, at least, TD.

[108] If defence counsel is provided with an operational copy of the software used by DC Neller and referenced in her ITO, he will be in a position to ascertain whether there is information about what the software does or does not do that ought to have been disclosed in the ITO by an officer well-familiar with its functionality. Whether such information is capable, on its own, of undermining the statutory preconditions is not the test in terms of its relevance. I find that it would be helpful to the defence in its assessment of whether grounds exist to challenge those statutory preconditions. In this sense, the information that would be provided by operational copies of the software is relevant.

[109] One might argue, of course, that operational copies of the software will provide no additional information beyond what has been disclosed about it over the course of this Stinchcombe/O’Connor application. But that is a redundancy argument and should not be conflated with an argument about relevance.

[110] I am similarly satisfied that the information available in operational copies of TD and TDR is relevant to the s. 8 inquiry.

[111] Mr. Hughes’ position is that the automated functions performed by both TD and TDR infringed his reasonable expectation of privacy. He has not been as clear as he might have been about just exactly how his s. 8 right might have been infringed, but to be fair, this is not the s. 8 application. To some extent, the nature and quality of information defence counsel may receive about the software may help define the contours of his s. 8 application.

[112] It is not my function, at the disclosure stage, to determine just exactly how operational copies of the software might be relevant to that application. But it is apparent to me that being able to operate the software in the manner operated by DC Neller and being able to examine what it does on a granular level, is relevant to the inquiry of whether its automated functions go too far and intrude upon Mr. Hughes’ reasonable expectation of privacy. It may not prove persuasive one way or the other. It may tend to support a breach or it may tend to undermine the assertion of a breach. Either way, it is, in my view, relevant.

[113] The Crown submitted that the Supreme Court’s ruling in R. v. Spencer, as above, established that an internet user’s reasonable expectation of privacy is only engaged at the point when state agents seek to obtain subscriber information tied to the user’s IP address. In other words, it is only when the state seeks to tie a person’s identity to their online activities that a reasonable expectation of privacy is engaged.

[114] I do not share the Crown’s interpretation of Spencer. Some of the facts in Spencer were not dissimilar to the facts here. Law enforcement officers identified an IP address associated with a Limeware account sharing child pornography on a peer-to-peer network. They made a request for information about the IP address from Shaw Communications, the relevant internet service provider to that IP address under provisions of the Personal Information Protection and Electronic Documents Act. Shaw provided the information sought and the police were able to connect Mr. Spencer to that IP address.

[115] The issues before the Supreme Court were: (1) whether the police obtaining subscriber information from the ISP amounted to a search; (2) whether the search was authorized by law; (3) whether evidence obtained as a result of the search should be excluded; and (4) whether the trial judge erred in his interpretation of the fault element of the offence of making child pornography available.

[116] Cromwell J., writing for a unanimous court, concluded that the police request that Shaw provide subscriber information was a search. In reaching that conclusion, he found that Mr. Spencer had a reasonable expectation of privacy in the information provided to the police by Shaw. The information provided was more than basic information about a person’s name, address and telephone number. In the circumstances, it linked the person to specific and otherwise private activities engaged in by the person on the internet and thereby engaged the anonymity aspect of Mr. Spencer’s informational privacy interest.

[117] Cromwell J. did not go so far as to say that a reasonable expectation of privacy is only engaged at the point when the police seek to connect subscriber information to particular online activity. He was quite clear, as the court has been on many other occasions, that whether a reasonable expectation of privacy arises in a particular instance, depends on an assessment of the totality of the circumstances prevailing at the time.

[118] Mr. Hughes’ s. 8 challenge will inevitably engage the court in a consideration of Mr. Hughes’ informational privacy interests. As Cromwell J. noted, at para. 38 of Spencer, privacy in relation to information includes aspects of secrecy, anonymity and control. One or more of those aspects may be in play in Mr. Hughes’ application.

[119] Operational copies of TD and TDR will enable Mr. Hughes’ counsel, together with his expert, to assess exactly how the software operates on both surface and granular levels. He will be able to assess how the software interfaces with other software on the ICACCOPS system and to detect exactly how IP addresses are automatically targeted, connected to, and arguably searched. It will further assist him in assessing whether Mr. Hughes’ informational privacy interests have been impacted and if so how the impact might be perceived by a reasonable and informed person concerned about the long-term consequences of state action for the protection of privacy. See R. v. Patrick, 2009 SCC 17 at para. 14.

[120] The information available through operational copies of TD and TDR may persuade Mr. Hughes’ counsel that he has an arguable s. 8 case, or it may persuade him otherwise. Either way, it is, in my view, relevant to that inquiry.

[121] Finally, I also consider the TD software to be relevant to an issue at trial. Mr. Hughes is charged with possession of child pornography. The case he has to meet on that charge largely involves the files found on a device located in his bedroom during the execution of a search warrant. He is also charged, however, with making child pornography available to others. He is alleged to have done so on the BitTorrent network. The case he has to meet on that charge will inevitably involve evidence about how TD connected to his device, communicated with a μTorrent client program running on that device, and downloaded files containing child pornography from it.

[122] The TD software was integrally involved in the investigation of Mr. Hughes’ IP address and in obtaining child pornography from what purportedly was his digital device. Whether the software is reliable and does what it claims to have done may be live issues. An operating copy of the software would be of assistance to the defence in assessing those issues.

Should the Software be Produced?

[123] The second stage of an O’Connor application has always involved the balancing of interests. In particular, the interests of accused persons in making full answer and defence to the charges against them and the privacy interests of third parties.

[124] As Charron J. held in McNeil, once true relevance has been established at stage two of the O’Connor application, production is always favoured. In other words, a finding of true relevance, as I have made in this case, points towards production.

[125] Production is not always an all or nothing proposition. One of the ways in which the court can achieve a balance between competing interests is through redaction or other tailoring of the information to be produced.

[126] In this case, ICAC has a privacy interest in certain aspects of the software. It is that interest that must, at this stage of the inquiry, be balanced against Mr. Hughes’ interest in making full answer and defence.

[127] The evidence adduced during this application has been patently clear about one thing: TD and TDR operate, for the most part, just like any other BitTorrent-compatible client software freely available on the internet. There are aspects of it, however, that ICAC asserts a strong privacy interest in. The evidentiary record accumulated over this long application has led me to the conclusion that with respect to TD and TDR, these aspects are relatively narrow. They include:

(i) The IP address of the ICAC servers in Pennsylvania;

(ii) The peer ID utilized by TDR and TD;

(iii) The way in which TD and TDR identify themselves to other users on the network; and,

(iv) The use of severity ratings for infohashes in the ICACCOPS database.

I will refer to this information going forward as the “Private Information”.

[128] ICAC’s privacy interests extend, however, beyond the content of the software itself. Fully operational copies of TD and TDR will provide Mr. Hughes’ counsel – and his consulting expert – will unfettered access to the ICACCOPS system. There are massive amounts of private information on that system. All of the infohashes of known child pornography collected to date will be available to counsel to review. Information about ongoing investigations around the world, including the targets of those investigations will be available. A full list of tools utilized by law enforcement agencies through the ICACCOPS portal to investigate the online dissemination of child sexual abuse materials will presumably be available. None of that information is relevant to the prosecution of Mr. Hughes and all of it attracts, in the circumstances, a high privacy interest.

[129] Similarly, none of the Private Information is necessary for Mr. Hughes to make full answer and defence. Said another way, the non-production of the Private Information will not have a negative impact on his ability to make full answer and defence. At the same time, ICACCOPS has a significant interest in maintaining the secrecy of the Private Information because the integrity of its investigative tools depends on it.

[130] There is no easy solution in the circumstances.

[131] As I said, production is not an all or nothing proposition. It can often be tailored, through redactions or other steps, to better balance the competing interests of the accused and any affected third party.

[132] In this instance, one idea might be to provide the defence with versions of TD and TDR that do not permit interaction with the ICACCOPS portal and which make no reference to any of the Private Information. But there are two problems with that approach. First, it was not explored in evidence and I am not clear about what would need to be done to the software to make that happen. Second, it is not what the defence wants. The defence is after versions of the software that work exactly as they worked in connection with the investigation of Mr. Hughes. The provision of an essentially impotent version of the software is of no interest to the defence.

[133] The question remains therefore, whether the balancing exercise required at the second stage of O’Connor tilts in favour of production or in favour of protecting third party privacy interests. I prefer to defer that balancing exercise to the assessment of the Crown’s assertion of privilege, which I turn to now.

I. Issue Two: Does the Crown have a sustainable claim to investigative technique privilege over the Private Information and operational copies of the software?

(a) The Governing Principles

[134] An accused person’s right to disclosure, while broadly construed, is neither absolute nor unlimited. See R. v. Basi, as above, at para. 1.

[135] In this instance, the Crown urges the court to limit the disclosure of information about TD and TDR on the basis of investigative technique privilege.

[136] Our law recognizes that a qualified privilege attaches to evidence involving police investigative techniques, as a form of public interest privilege. Investigative technique privilege must be assessed on a case-by-case basis. It differs in this way from recognized class privileges such as informer privilege and solicitor-client privilege, where privilege is absolute provided the party asserting the privilege establishes that he or she is a member of the relevant class.

[137] Where a claim to investigative technique privilege is advanced, the court must first decide whether the information sought is relevant to the proceedings. Once an accused person establishes that the information in question is relevant to a live issue in the proceedings, the Crown bears the burden of establishing, on a balance of probabilities, that the privilege applies. See R. v. Amer, 2017 ABQB 651 at para. 33.

[138] Assessing the validity of the claim of privilege engages the court in a balancing exercise to determine if the public interest in effective police investigation outweighs the legitimate interests of the accused in disclosure of the technique. See R. v. Richards, 1997 3364 (ON CA), [1997] O.J. No. 2086, at para. 11 (Ont. C.A.). This is not unlike balancing the salutary and deleterious effects of production at stage two of the O’Connor process.

[139] There is relatively little jurisprudence on the manner in which the balancing exercise identified in Richards is to be undertaken, or the factors that should be taken into account.

[140] In R. v. Barnes, 2012 ONSC 7185 at para. 23, Strathy J., as he then was, citing the British Columbia Court of Appeal’s decision in R. v. Meuckon (1990), 1990 10991 (BC CA), 57 C.C.C. (3d) 193, held that when assessing whether an assertion of investigative technique privilege should be sustained over otherwise relevant information, the court should consider:

• Could the information sought to be disclosed reasonably affect the outcome of the trial? If not, then the need for disclosure will be reduced and the claim for privilege can safely be upheld.

• If the evidence is relevant and could reasonably affect the outcome of the trial, would upholding the claim for privilege have the effect of preventing the accused from making full answer and defence? If not, then there is presumably less concern about upholding the claim for privilege.

• If the claim for privilege could prevent the accused from making full answer and defence, and the Crown is not prepared to either stay the proceedings or withdraw the claim for privilege, the trial judge must engage in a balancing process, weighing the interests of the accused on the one hand and the interests of society in protecting investigation techniques and the security of third parties on the other hand. If necessary to strike a fair balance, the court may impose appropriate safeguards before permitting the introduction of the evidence.

[141] A somewhat different approach to the assessment of the privilege claim was taken in R. v. Amer, as above, which is a decision out of the Alberta Court of Queen’s Bench. Coincidentally, Mr. Kapoor acted as amicus curiae in that case as well.

[142] In Amer, Poelman J. expressed agreement with Mr. Kapoor’s articulation of the underyling premise on which investigative technique privilege rests. Namely, a concern that if the criminal element learns of a specific police technique, they will be able to avoid detection and thereby public safety will be undermined. See Amer, as above, at para. 35.

[143] Poelman J. held that, grounded in the rationale articulated by Mr. Kapoor, investigative technique privilege “covers information that (1) is used by the police in their law enforcement functions; (2) is not publicly known; and (3) if disclosed, may assist offenders to interfere with or defeat police investigative functions.”

[144] Superficially, the analytical frameworks suggested in Barnes and Amer do not appear to gel. In my opinion, however, the somewhat different views expressed in Barnes and Amer simply reflect different factors to be considered in the balancing exercise directed by the Court of Appeal for Ontario in Richards.

[145] The first two factors identified in Barnes really speak to a consideration of the probative value of the evidence said to be protected by privilege. As the probative value of evidence increases, so does its significance to the accused’s ability to make full answer and defence.

[146] The factors identified in Amer tend to reflect ones that may favour the public interest in upholding the privilege. In other words, where the technique is not publicly known and where its publication will impair the investigative abilities of law enforcement, the public interest in protecting the secrecy of the technique increases.

[147] All of the factors identified in Barnes and Amer are ones that, in my view, are worth considering in the balancing exercise directed by Richards.

[148] On my review of the very limited jurisprudence in this area, it seems to me that there are a number of factors a court might want to take into account when considering whether the public interest in effective police investigation outweighs the legitimate interests of the accused in disclosure of the technique in issue. Those factors include:

The nature of the technique in question. Is it one used by the police in the exercise of their law enforcement functions?
Is the technique publicly known?
What will the impact of production be? Will publication of the technique enable offenders to interfere with or defeat the investigative function of the police?
How serious are the charges before the court?
How probative is the evidence to the live issues in the case? Will it likely establish a fact crucial to the defence? And,
To what extent will sustaining the privilege impair the ability of the accused to make full answer and defence?

[149] Before I consider the foregoing factors, as they relate to the evidence in this case, I must address an unsettled issue in the jurisprudence regarding the applicable burden of proof. Specifically, in relation to factor (c), what evidentiary standard should be applied to the assessment of the impact that disclosure may have on the ability of offenders to defeat the investigative technique in issue?

[150] In Amer, Poelman J. rejected Mr. Kapoor’s argument that the Crown must adduce evidence capable of satisfying the court, on a balance of probabilities, that the disclosure of the police technique in issue will interfere with or defeat police investigative functions. In other words, that something more than the expressed concerns of law enforcement is required.

[151] Poelman J. held, at para. 56,

…The cases do not require proof that disclosure will enable offenders, as a result thereof, to defeat law enforcement objectives. Nor is proof of probable harm needed. This aspect of the test operates to limit the investigative privilege according to its proper purpose; not every police secret will be privileged. But where the evidence supports a genuine, reasonably-based concern about adverse effects on law enforcement functions, the test is met.

[152] Mr. Kapoor argues that Poelman J. got it wrong. He referred the court to the Federal Court’s decision in Canada (Attorney General) v. Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar, 2007 FC 766 (“Arar”). There, the issue was whether an order should be made, under s. 38 of the CEA, prohibiting the disclosure of certain redacted portions of a proposed public report issued by the Commission of Inquiry on the basis that the disclosure of that information would be injurious to international relations, national defence or national security.

[153] Pursuant to s. 38.01 of the CEA, a participant to a proceeding who is required to disclose, or expects to disclose, information the participant believes is sensitive and may be injurious to international relations or national defence or national security, is required to notify the Attorney General of that belief. The Attorney General may authorize the disclosure or apply to the Federal Court for an order in relation to the disclosure. On application, the Federal court will consider whether disclosure of the information in question will be injurious to international relations or nation defence or national security. If it will not, then the judge may order disclosure. If it will, then the judge may prohibit disclosure or may order disclosure on terms.

[154] In Arar, Noël J. held that a three-part test applies to the determination required by s. 38.06(1). Those parts require that: (1) the party seeking disclosure establish that the information in issue is relevant; (2) the Attorney General establish that disclosure of the information in issue would be injurious to international relations, national defence or national security; and (3) if injury is found to exist, the court must determine whether the public interest in disclosure outweighs the public interest in non-disclosure.

[155] In relation to the second factor, Noël J found that the Attorney General was obliged to ground its concerns about the potential injury that would result from disclosure on an evidentiary basis. The statute required, he held, that the application judge be satisfied that an alleged injury is probable, not simply a possibility or merely speculative.

[156] Mr. Kapoor repeats the argument he advanced in Amer that, based on an analogy to the requirements of s. 38.06 of the CEA, the court should require, in the context of an assertion of investigative technique privilege, that the Crown adduce an evidentiary basis upon which it would be reasonable to conclude that the identified risk of harm from disclosure of the technique is probable, not merely possible.

[157] I do not entirely accept Mr. Kapoor’s argument, nor do I entirely reject it. By this I mean that I agree with him that the court cannot simply rely on speculation or baseless opinion about the likelihood of future harm, should an investigative technique be disclosed. But I do not agree that the court must insist on proof to a balance of probabilities standard.

[158] Section 38.06 specifically demands, as a pre-requisite to the making of a prohibition order on disclosure, a conclusion by the court that the disclosure of the sensitive information in issue would be injurious to international relations or national defence or national security. It is only where that pre-requisite is established that the court has the discretion to prohibit disclosure. Only then will the balancing of the public interest in disclosure and the public interest in secrecy be triggered. In these circumstances, it is understandable why the Federal Court has imposed a probability-based standard of proof on the pre-requisite.

[159] No such pre-requisite exists in relation to the common law test applicable to investigative technique privilege. The common law test imposes a burden on the Crown to establish, on a balance of probabilities, that investigative privilege applies. To do so, the Crown must establish that the public interest in effective police investigation outweighs the legitimate interests of the accused in disclosure of the techniques.

[160] I have identified a number of factors that the court may wish to consider in the course of the balancing exercise. These factors are far from exhaustive. None of those factors needs, in my view, to be individually established to the balance of probabilities standard. The weight that the court places on any given factor will of course be impacted by the strength of the evidentiary foundation adduced in relation to that factor. But it is the cumulative impact of all of the factors weighed together that is determinative. In other words, taking all of the relevant factors into account, the court must be satisfied, on a balance of probabilities, that the privilege has been made out.

[161] Whether disclosure may have an injurious effect is but one factor – albeit an important one – to consider in the overall balancing mandated by Richards. The weight to be put on that factor will naturally be impacted by whether the concerns raised by the Crown are speculative or whether they are evidence-based. But like any other exercise of fact-finding, the court need not be satisfied that any particular factor has been established to a specific evidentiary standard. The standard – or burden – of proof applies only to the ultimate decision the court must make.

[162] There must, of course, be some evidence adduced to support a finding that disclosure will lead to injury to the police or will provide assistance to offenders. If the concerns of the Crown are entirely speculative, then no weight should be placed on them. Provided there is some evidence to support those concerns, however, then the court will be entitled to rely on them – to the extent the court sees fit – in the balancing exercise.

(b) The Parties’ Positions

[163] Submissions on the sustainability of the Crown’s assertion of privilege were made in both open and closed sessions. In the open session, counsel for the Crown, the OPP and Mr. Hughes each made broad submissions about the law governing the court’s assessment of the privilege claim.

[164] In the closed session, Crown counsel made submissions about the appropriateness of the redactions made to the TD and TDR manuals, the transcripts and the validation test reports. Amicus also made submissions at that time about the redactions sought and, more generally, about the principles that govern the assessment of the Crown’s claim to investigative technique privilege.

[165] The Crown and the OPP presented a united front in terms of their submissions on the privilege issue. I will refer to their submissions collectively as the submissions of the state.

[166] The state’s submissions began with a reminder of the context in which the issues in this application are being raised: the detection, investigation and prosecution of online child sexual abuse offences. Child sexual abuse offences involve the exploitation of some of the most vulnerable members of our society. They are extremely serious and profoundly harmful offences. See R. v. Sharpe, 2001 SCC 2, [2001] S.C.J. No. 3 and R. v. Friesen, 2020 SCC 9. Their investigation and prosecution are of the greatest concern to society.

[167] The internet is a difficult arena to police. Offenders are often adept at avoiding detection. Constantly and quickly evolving technology often aids them in doing so. Law enforcement agencies have limited tools at their disposal to identify and investigate those individuals who use the internet to acquire and to share child sexual abuse materials. In the submission of the state, it is imperative that the integrity of those tools be protected.

[168] The principal concern of the state is that if the public gets access to the Private Information they will be able to make any adjustments necessary to avoid detection by TD or TDR. In the result, the efficacy of the Roundup Suite of tools will be undermined as will public safety more generally.

[169] The state maintains its position that fully operational copies of the software are not relevant to any live issues in this proceeding. TDR, in particular, they say, had very little to do with the investigation. Its passive, listening function was not engaged and in the result, no information about it is relevant. Its active, search function was engaged, but only as a tip-generator, so it is of limited significance.

[170] They take a similar position with respect to the Private Information, asserting that none of it is relevant to any of the live issues in this proceeding.

[171] Should the court reject the state’s position on relevance, however, they submit that the software and Private Information should be withheld on the basis of investigative technique privilege.

[172] More specifically, the state argues that the balancing of the public interest in effective police investigation and the interest of the accused in disclosure of the information in issue strongly favours a non-production order.

[173] Law enforcement agencies around the world may be compromised, the state argues, if the defence gets access to the information it is seeking. ICACCOPS may be compromised. The OPP may lose access to the Roundup Suite of tools. And those tools may become ineffective in relation to investigations of the BitTorrent network.

[174] In the meantime, none of the information over which privilege is asserted will meaningfully assist Mr. Hughes in making full answer and defence. Anything he needs to know about the Roundup Suite of tools in order to defend the charges against him he has already learned through the course of this application.

[175] Mr. Hughes’ counsel agrees that there is a strong public interest in combatting the proliferation of child pornography. But he urges the court not to be distracted by the seriousness of the offence. The Roundup Suite of tools appear to operate, he suggests, as a worldwide surveillance system. There is a strong public interest in exposing how this system operates and how it impacts on individual privacy interests. Public scrutiny of police tactics is a fundamental aspect of a healthy democracy. In the case of the software tools in issue, they appear to have operated free of any form of oversight.

[176] Though there is no dispute that a great deal of information about the software has been disclosed during the hearing of the application, there is good reason to believe there is still insufficient disclosure to permit counsel to understand how the system works. For instance, it is apparent that TD sends messages during connections with other users that are not reflected in the log files it generates.

[177] Withholding information that enables an accused person to challenge the admissibility of evidence against him is not a minor or technical problem. It is, in defence counsel’s submission, a serious infringement of the accused’s right to make full answer and defence.

[178] In the submission of the defence, the dangers associated with disclosure of the information sought have been grossly overstated. The Crown’s witnesses, including Detective Goodyear, Mr. Versace and Detective Sergeant Barkey all gave “doomsday scenario” testimony, not supported by any real-world evidence. The state has failed to provide any real, demonstrably reasonable basis to support the concerns it has raised about the impact of the disclosure sought. The fact is, the defence says, the investigative technique so carefully guarded by ICAC is easily defeated already by ways that are already notorious; most obviously by the use of a VPN[5].

[179] The state has also failed to adduce any evidence about how many investigations they are presently engaged in that involve the use of the Roundup Suite of tools. There is no way for the court to know how significantly impacted the OPP would be if they lost access to these tools.

[180] In the event the court agrees that non-disclosure of the information sought by the defence will seriously impair Mr. Hughes’ right to make full answer and defence, the court has a number of options open to it. It can order production on conditions – for instance a requirement that defence counsel and his retained expert sign confidentiality agreements. Or it can uphold the privilege claim but exclude evidence or stay the proceedings altogether.

[181] Defence counsel emphasized that release of the software and other Private Information to him, as an officer of the court, is not the same thing as releasing it to the public at large. It is not the same as “giving it to the bad guys”.

[182] Mr. Kapoor, as amicus, reviewed with the court the general principles governing state assertions of investigative technique privilege. He emphasized the case-by-case nature of the inquiry.

[183] The first step of the process, everyone agreed, is the assessment of relevance. In Mr. Kapoor’s view, once relevance is established, it becomes important for the defence to gain access to the information. He submitted that the manner in which information about Mr. Hughes’ IP address came to the attention of the OPP matters. The defence claim to access to this information in the public interest is, he says, well-founded.

[184] In the result, in his view, information regarding the functioning of both TD and TDR ought to be the subject of disclosure. He worked with the Crown to create a summary of the TDR manual that is, in his view, a secure document that may be disclosed to the defence. He does not suggest, however, that it answers all of Mr. Hechter’s arguments in favour of further production.

[185] Mr. Kapoor shares Mr. Hechter’s concerns about the paucity of evidence of actual harm that may occur should the software tools or Private Information be disclosed to defence counsel. The Crown’s witnesses often asserted fears of great harm, but without evidence to support those fears.

[186] He urged the court to follow a ladder approach to production. Such an approach would assess what conditions would be sufficient to attenuate any legitimate concerns about potential harm should production be made. The ladder would cover the spectrum from no conditions are necessary to no conditions are sufficient, with increasing stringency at each step in between. He observed that most of the litigation has focused on “gaining access” as opposed to “controlling access”. The latter is suggested as the better approach.

The Private Information

[187] The privilege analysis mandates that an assessment of relevance is the starting point. I am of the view that none of the Private Information is relevant to any of the live issues in this proceeding. I will comment on each piece of that information in turn.

[188] There has been no suggestion that the IP address of the ICAC servers is relevant to the Garofoli application, the s. 8 application or the trial. Indeed, defence counsel indicated in his submissions on the privilege issue that production of the information he wants may include information he does not need. An example he provided of information he does not need was the IP address of the ICAC server.

[189] I would say the same about the specific peer ID utilized by TD and TDR and the manner in which they identify themselves to other users on the network. No assertion has been made that this information is relevant in any way to either of the pending applications or to the live issues for trial.

[190] It is no secret that TD and TDR lie about their law-enforcement-related identities when they communicate with other users. That factor might be relevant to a s. 8 inquiry, but the specific way in which they lie is not relevant. In other words, it might matter that they give a false identity. The specific identity they use is not relevant.

[191] Finally, it is my view that the use of severity ratings is not relevant to Mr. Hughes’ defence of the charges against him or to his pending applications. It am not entirely persuaded that there is much of a secret connected to the severity ratings. The fact that severity ratings are used to rank the infohashes of known child pornography in the ICACCOPS database is not a secret. And it will come as no surprise to anyone that the police have limited resources and generally tend to marshall more resources at the more serious offences. That is a simple fact of life.

[192] At any rate, I am not, as I said, satisfied that Mr. Hughes has established that the severity ratings – how they work and how they are assigned in particular – are relevant to any live issue in these proceedings.

[193] The upshot of these conclusions is that any of the Private Information included in the logs, the software, the manuals, the transcripts and the validity test reports need not be disclosed. Any redactions to those records to remove any references to such information are, in my view, appropriate.

[194] My conclusion about a lack of relevance in relation to the Private Information obviates the need for an assessment of the Crown’s assertion of privilege over that information. I am satisfied, however, that the Private Information, regardless of its relevance, or the lack thereof, is privileged, for reasons I will express below.

Operational Copies of the Software

[195] The main thrust of the application has been, all along, Mr. Hughes’ desire to gain access to fully operational copies of the TD and TDR software for purpose of scientific examination by his forensic computer investigator, Mr. Matthew Musters.

[196] Production of fully operational copies of the software will give Mr. Hughes’ counsel and his expert access to the ICACCOPS portal and will allow them to operate the software in the same way that licensed law enforcement agents are able to operate it. It will allow them to recreate, a near as possible, the automated steps taken in the investigation of Mr. Hughes in July 2019.

[197] In reality, regardless of what order I may make, Mr. Hughes’ counsel and his expert will never get access to the ICACCOPS system. Detective Goodyear has made it clear that not only will that access never be permitted by U.S. law enforcement agencies, but should the court grant the production order sought, it may result in the revocation of any licenses granted to OPP investigators to use the software.

[198] As a practical matter, I am alive to the fact that should I make the production order sought, it will more than likely mean the end of the prosecution. Some might argue that the court should take a dim view of the position conveyed to the court by ICAC. But the reality is that in many cases where investigative technique privilege is asserted but not upheld, the state is left with the choice of compliance or staying the proceedings.

[199] As Lambart J.A. observed in R. v. Meuckon, as above, at p. 200:

In short, the trial judge should consider whether the public interest in allowing the accused to make full answer and defence to a criminal charge can be overridden by the interest asserted by the Crown. The ultimate safeguard of the privileged information lies in the Crown's power to enter a stay of proceedings.

[200] All of this is to say that the outcome of this ruling is not driven by any concern about whether the court’s order will be complied with, or whether the OPP might lose valuable investigative tools. It always lies within the power of the state to safeguard those tools by entering a stay of proceedings.

[201] The outcome of this ruling must instead be driven by a proper application of the principles governing the assessment of the Crown’s claim to privilege.

[202] The first step in that assessment involves the determination of whether the information in issue – in this instance, fully operational copies of TD and TDR – is relevant. I made the determination earlier in these reasons that the software is relevant to Mr. Hughes’ Garofoli application, his s. 8 application and to issues likely to be engaged at trial.

[203] Having made that determination, the balancing exercise directed by Richards is triggered. I must consider whether the public interest in effective police investigation outweighs the legitimate interests of the accused in disclosure of the technique.

[204] The balancing exercise involves a consideration of a constellation of factors, which I referred to earlier. I will take a moment to consider those factors now.

The nature of the technique in question. Is it one used by the police in the exercise of their law enforcement functions?

[205] As has been made obvious by my review of the Roundup Suite of software, they are valuable investigative tools to law enforcement agencies around the world. The proliferation of child pornography on the internet has been a pervasive problem, one not easily combatted by law enforcement.

[206] The internet knows no borders. Digital files, including child pornography files, can be traded instantly between users many thousands of kilometres apart. The particular tools in issue here allow the police to detect those users expressing an interest in child sexual abuse materials online and to identify the IP addresses of those users. Investigators can then use that information to geolocate the user and attempt a digital connection to the user’s device for the purpose of downloading any child sexual abuse material the user is sharing publicly on the internet.

Is the technique publicly known?

[207] That the police investigate the sharing of child pornography files on the internet, including over peer-to-peer networks, is surely a widely known fact. That they possess law-enforcement-specific software tools to do so is also information that is in the public domain.

[208] None of the Private Information – the ICAC IP address; the peer ID used by TD and TDR; the manner in which these programs identify themselves to other users; and ICAC’s severity rating methodology – is publicly known. The secrecy of that information is closely guarded.

[209] The public also, obviously, does not have access to the ICACCOPS portal or to operational copies of TD and TDR.

What will the impact of production be? Will publication of the technique enable offenders to interfere with or defeat the investigative function of the police?

[210] The issue of consequential harm has been zealously litigated. The witnesses for the Crown have expressed grave concerns about the impact of disclosure on the integrity and efficacy of the tools in issue and of the ICACCOPS system more generally. The defence, supported by amicus, have suggested that the expressed concerns are over-stated and often lack a proper evidentiary foundation.

[211] Some of the concerns expressed by Crown witnesses include the following:

(a) If the public learns of the peer ID utilized by ICACCOPS, offenders will simply be able to configure their client programs to avoid connections with that peer ID;

(b) Similarly, if the public learns of the manner in which TD and TDR identify themselves to other users, offenders will be able to configure their client programs to not accept connections to users identifying themselves in that particular way;

(c) If the infohashes of child pornography files included in the ICACCOPS database become known, users may alter the data in those files and thereby alter their hash values, thereby avoiding detection by the automated search tools;

(d) The ICACCOPS database is very law enforcement sensitive. If fully operational versions of the software are released, the inner workings of the ICAC taskforce would potentially be available to defendants. There are hundreds of law enforcement agencies around the world conducting investigations through the ICACCOPS portal and those investigations could be compromised. Moreover, the ICAC servers contain information about covert operations and dark web investigations that are highly sensitive and secret; and,

(e) If a hacker was able to obtain the ICAC IP address, he or she could potentially gain unauthorized access to their database and cause irreparable harm. Alternatively, an offender could initiate a “denial of service” attack on the IP address. In other words, he or she could flood the IP address with millions of requests, with the goal of overwhelming the system so that it cannot respond to the requests of legitimate investigators. Changing the ICAC IP address may go some way to hedging against a denial of service attack, but it would be a mammoth undertaking.

[212] Detective Sergeant Barkey testified that the OPP’s child exploitation unit has limited tools to investigate online trading in child sexual abuse material. Most of those tools are provided, he said, by ICAC. If those tools become ineffective, their investigative abilities would be seriously impacted. He noted that one of the huge benefits of TD is its automated functionality. It does not require an officer to monitor it 24/7. Without an automated tool like that, an investigator would have to sit at a computer and manually search through peer-to-peer networks looking for users sharing child pornography.

[213] Detective Sergeant Barkey said that his unit has averaged 440 online child pornography investigations over the past five years. That said, he was unable to say how many were related to peer-to-peer networks, how many involved the BitTorrent network specifically, or how many utilized TD or TDR. He did say that as an investigator, he used those tools regularly.

[214] Mr. Versace testified that over the past five years, the BitTorrent network has become, by far, the preferred network for the proliferation of child sexual abuse material.

[215] The contention of defence counsel is that the witnesses for the Crown have played up doomsday-type scenarios. They have grossly overstated the realistic risks of production, without a proper evidentiary foundation.

[216] In my view, the risks of making public the Private Information or the software generally, are not overstated. They are genuine concerns. And, in my view, the value of the software tools in issue cannot be overstated.

[217] I take judicial notice of the fact that the overwhelming majority of users exchanging child pornography over peer-to-peer networks on the internet do not want to be caught by law enforcement agents.

[218] In my view, it is a reasonable inference that a user, motivated by a desire not to be detected by law enforcement, will seek to avoid contact with law enforcement tools on the network. If a means to achieve such avoidance becomes publicly known, offenders who are sufficiently tech-savvy will make use of those means.

[219] I accept that there are many users of peer-to-peer networks who are not tech-savvy and who may never take advantage of the knowledge of, for instance, the peer ID used by TD and TDR. I am supported in that view by the fact that the use of a VPN service can go a long way to avoiding detection, yet a great many offenders do not make use of such a service. The fact remains, however, that the efficacy of the tools will be significantly, negatively impacted, even if they do not become 100% ineffective, should the Private Information become public.

[220] The notion of making the TD and TDR software publicly available is, of course preposterous for obvious reasons.

[221] But what is really in issue here is not whether the Private Information or operational copies of the software should be made available to the broader public. What is in issue is whether it should be made available only to defence counsel and his expert, with or without conditions.

[222] The position of defence counsel and amicus is that such a release is feasible and warranted, on conditions that might include, for instance, signed undertakings of confidentiality.

[223] The Crown, the OPP and ICAC strenuously oppose release on any conditions. Crown counsel asserts that there is a circle of privilege that must be protected. Defence counsel is outside of that circle and the court simply cannot be confident that any limits placed on parties outside of that circle will be respected. There will be a loss of control that will completely undermine the integrity of the privilege and the secrecy of the techniques in issue.

[224] Crown counsel raised a number of what he described as “practical concerns” including: anyone with access to the ICACCOPS system would have the ability to effectively shut it down; there is no guarantee of security over the premises of those who are provided with access to the information in issue; it may be impossible to keep the Private Information and other secretive aspects of the ICACCOPS system from Mr. Hughes; and, it will be difficult to control the use of privileged information in the ensuing litigation.

[225] In my view, the expressed concerns of the Crown are somewhat exaggerated. I suspect that most of the concerns could be attenuated through the crafting of careful conditions on production. For instance, the following is a non-exhaustive list of conditions that might be considered: defence counsel and his expert could be required to sign confidentiality agreements; they could be prohibited from sharing the information they obtain about the software with anyone, including Mr. Hughes; they could be provided with working copies of the software without a license to access the ICACCOPS system; they could be permitted to run the software through the ICACCOPS portal, but only under the supervision of an OPP investigator; they could be compelled to undertake not to make copies of the software or to attempt to reverse engineer it; and limits or conditions could be placed on their use of any otherwise privileged information in court proceedings, including during submissions as well as the examination and cross-examination of witnesses.

[226] For the most part, the potential use of conditions to attenuate the risk of harm associated with production were not explored in evidence or in argument, save that amicus encouraged the court to consider their use.

[227] For reasons I will explain momentarily, I am not inclined to explore the use of conditions to mitigate harms associated with production. I am also concerned about the future implications of compelling conditional production in this case. Although each case must be considered on its own merits, I would be, for all practical purposes, establishing a precedent that essentially compels conditional production of operational copies of online investigative tools to the defence in any case where the accused stands charged of obtaining or sharing child pornography on the internet. It would not be long before a great many individuals had access to those tools and potentially some form of access to the ICACCOPS system. Experience has shown that it would not be long before something went terribly wrong. Having said that, the risk that the floodgates will open does not significantly inform this ruling, again for reasons I will explain momentarily.

How serious are the charges before the court?

[228] The charges before the court are very serious. Child sexual abuse offences have recently been addressed by the Supreme Court in Friesen. That court called for an increase in sentences imposed on offenders who participate in offences of sexual violence against children, including child pornography offences. Friesen is a lengthy decision, but one need only read as far as paragraph five to appreciate how serious the Supreme Court considers offences of sexual violence against children to be. There, the court said the following:

…[W]e send a strong message that sexual offences against children are violent crimes that wrongfully exploit children's vulnerability and cause profound harm to children, families, and communities. Sentences for these crimes must increase. Courts must impose sentences that are proportional to the gravity of sexual offences against children and the degree of responsibility of the offender, as informed by Parliament's sentencing initiatives and by society's deepened understanding of the wrongfulness and harmfulness of sexual violence against children. Sentences must accurately reflect the wrongfulness of sexual violence against children and the far-reaching and ongoing harm that it causes to children, families, and society at large.

[229] Crown counsel invariably cite and rely on the principles of Friesen when making sentencing submissions in proceedings involved convictions for child pornography offences.

How probative is the evidence to the live issues in the case? Will it likely establish a fact crucial to the defence? And,
To what extent will sustaining the privilege impair the ability of the accused to make full answer and defence?

[230] I intend to address together the fifth and sixth factors I have identified as significant to the balancing exercise required as part of the assessment of the Crown’s privilege claim.

[231] I have made it clear in these reasons that the defence has had an extensive opportunity to cross-examine the Crown’s witnesses on this application about the manner in which the Roundup Suite of software tools work, what they do, what they do not do, and how their functionality might impact on Mr. Hughes’ privacy interests. No stone has been left unturned.

[232] And I made it clear that when the dust settled, there was very little about how TD and TDR work that is sought to be protected by way of investigative technique privilege. For the most part, the software works just like any other client program might work on the BitTorrent network. That is by design, of course. Its efficacy depends on it appearing benign and just like any other peer on the network.

[233] There is no evidence that might support a suggestion that the software is unreliable. It has been tested in this case and in others and found to function as advertised.

[234] There is no foundation at all to the suggestion that a lack of access to fully operational copies of the TD and TDR software will have any material impact on Mr. Hughes’ ability to make full answer and defence. I have presided over many days of hearings – both open and closed – and am completely satisfied that there is nothing Mr. Hughes’ counsel does not know about how the software operates that will make any material difference to his ability to fully defend Mr. Hughes against the charges before the court.

[235] I find that the information Mr. Hughes does not have about the software in issue is not probative of any of the live issues in this case, nor will a non-production order in relation to it materially impair his ability to make full answer and defence.

[236] In the result, on balance, I conclude that the public interest in effective police investigation of the proliferation of child pornography on the BitTorrent network through the use of TD and TDR – and more particularly with respect to the information over which the Crown asserts privilege – outweighs Mr. Hughes’ legitimate interest in disclosure of operational copies of the software. I would reach the same conclusion with respect to the Private Information.

[237] In my judgment, the probative value of the evidence is so slight, if there is any at all, that consideration of conditions that might mitigate some of the prejudice associated with its production is not warranted.

[238] It remains only for me to address the Crown’s redactions to the software manuals, the logs, the transcripts of closed sessions and the validation test reports.

Redactions to the Manuals, Logs, Transcripts and Validation Test Reports

[239] Although the preceding reasons should strongly signal my views with respect to the redactions made by the Crown to the software manuals, the transcripts, the logs, and the reports generated by the validation tests, I will take some time to address those redactions specifically. I will begin with the validation test reports.

(a) The Validation Test Reports

[240] The validation test reports reflect three separate tests conducted on the TD software by Mr. Versace at OPP headquarters on June 9, 2022. The reports include various screenshots of the program interface taken at various stages of the testing as well as Wireshark packet captures.

[241] To the extent that any of the Private Information is referred to in the any of the reports, including the packet captures, it may be properly redacted on the grounds of relevance (or a lack thereof) and privilege.

(b) The Logs

[242] I believe the only redaction to the log reports generated by TD during its interaction with what is alleged to have been Mr. Hughes’ device, is the removal of any reference to TD’s peer ID. Such a redaction is appropriate in my view. The peer ID is not relevant and it is privileged.

[243] As a general observation, any references in either manual to the Private Information are properly redacted. First, on the ground that I have concluded that the Private Information is subject to a sustainable claim of privilege. Second, on the ground that any such references are not relevant to any of the live issues in the proceedings.

[244] There are a little more than a dozen redactions proposed by the Crown to the TD Manual. They go beyond removal of references to the Private Information, but are otherwise modest in scope. I have set out the Crown’s proposed redactions in chart form on Appendix “A”, along with my very brief ruling in relation to each one. I have accepted each of the Crown’s proposed redactions as appropriate.

(d) The TDR Manual

[245] A redacted version of the TDR manual has never been produced to the defence. In its place, the Crown delivered a copy of a summary of the manual, which amicus provided input on.

[246] The TDR manual is 75 pages in length. The first dozen pages reflect changelogs. The majority of the balance of the document provides instructions to users on configuring the program. In my view, the changelogs and configuration instructions are not relevant to the live issues in this proceeding and are appropriately redacted.

[247] I am not persuaded that it was necessary to provide a summary of the content at pages 13-15. The summary provided largely replicates the content of those three pages. In my view, they ought to be produced in their native form. I would, however, approve of a redaction of the content found in the last two lines of the third paragraph on page 13 – everything from, and including, the sentence beginning “Another could be…” I would approve of that redaction on the ground that the information in that passage is not relevant and, in my view, is privileged. The sentence immediately preceding the one that should be redacted is of a similar nature, but involves information already disclosed in an open session.

[248] Everything from page 16 onward involves configuration instructions to users and is not, in my view, relevant. It has been sufficiently summarized on page four of the summary the Crown has provided to defence counsel.

(e) Transcripts from closed sessions

(i) May 13, 2022

[249] May 13, 2022 appears to have been the lengthiest closed session conducted. On this date, Detective Goodyear was examined in chief by the Crown and by counsel to the OPP. Mr. Versace was also examined in chief by the Crown and by the OPP. There are substantial redactions to the transcript of that session which I reviewed with Crown counsel and amicus. A summary of those redactions is set out in Appendix “B”, which again includes my brief rulings. All but one of these redactions were agreed to as appropriate between the Crown and amicus.

(ii) May 16, 2022

[250] On this date, Mr. Goodyear was cross-examined by Mr. Kapoor. Detective Sergeant Barkey was examined and cross-examined. A summary of the redactions to the May 16, 2022 transcript is set out in Appendix “C”. All proposed redactions were agreed to between Crown and amicus counsel.

(iii) June 8, 2022

[251] On this day, Detective Goodyear was examined and cross-examined about TDR. A summary of the redactions to the June 8, 2022 transcript is set out at Appendix “D”, which again includes my brief rulings.

(iv) July 25, 2022

[252] On this date, Mr. Versace testified about the results of his validation tests. He was cross-examined by Mr. Kapoor at large. Counsel did not make submissions to me about appropriate redactions to the transcripts for this date. I am not clear about whether the absence of submissions means there were no redactions to be made to this transcript or if no submissions were made because counsel had not received the transcript in time to make submissions.

[253] In the result, I will have to defer any consideration of the evidence taken on this date to further submissions from counsel, if there are any to be made.

C. Boswell J.

Released: September 29, 2022

APPENDIX “A”

Summary of TD Manual Redactions

Page

Content Summary

Crown’s Position

Ruling

The reference here is to the “handshake version”, meaning the way in which TD identifies itself to other peers on the network.

The Crown seeks to redact information about specifically how TD is configured to identify itself on the ground of privilege.

I agree that any references to way in which TD is configured to identify itself are not relevant and, moreover, the specific implementation is privileged.

27-28

This reference is to an IP address used as an example to illustrate the directory structure of TD.

The IP address is random, but may well be assigned to some unknown third party who may have a privacy interest in it.

This random IP address used for illustration purposes is not relevant and may be redacted.

This reference is again to an example IP address, with associated port and infohash used in connection with an explanation of how to initiate a single source download.

These are random examples with no probative value to this case.

Again, this information consists of random examples and is not relevant. It may be redacted.

Similar references to those on page 30.

As above.

It may be redacted.

This reference is to severity settings.

The severity settings have nothing to do with the case the accused has to meet. The Crown has provided the defence with a summary that indicates that an investigator may assign a default severity rating to the torrents of interest TD conducts automated investigations of.

The summary is, in my view adequate, particularly in light of my view that severity ratings are not relevant to the live issues in this proceeding.

The reference here includes a screen shot of a particular tab of the program for the purpose of illustrating a single source download in action. What is sought to be redacted are references to examples of infohash numbers and IP addresses.

Same as pages 27, 30 and 31

I agree that the information redacted here references random examples that are not relevant to any live issue in the proceedings. The redaction is appropriate.

The content here is similar to that on page 45. It is a screenshot of an active single source download. IP addresses, infohash numbers and file piece names are sought to be redacted.

The Crown proposes to redact this information on the basis of a lack of relevance and out of concern for the privacy of the person who may be assigned the IP address used as an example.

Again, the information in issue here is all random and used for illustration purposes only. It has no relevance and is appropriately redacted.

At page 52 of the manual, there is a screen shot of the history tab, as an illustration of a user’s history folder. It offers an example of the way in which the program displays a history of completed downloads.

As above.

The actual file names listed are not relevant and may be redacted.

53/57

Additional references are made to severity ratings at pages 53 and 57 of the manual.

As above at page 34.

As I noted above, severity ratings are not relevant to any live issue in these proceedings. The redactions are appropriate.

Page 58 includes a screenshot of a tab demonstrating the status of various downloads. Included in the screenshot are IP addresses, an infohash number and port.

As with other information of a similar nature, the Crown asserts that this information is irrelevant and may engage privacy concerns.

I agree with the Crown’s submission and find that the redactions here are appropriate.

Page 65 is another screenshot of a tab, this time demonstrating a function that permits the viewing of torrents. It references a specific infohash number.

The infohash is random and not relevant to the issues in this case. It may also be a torrent of interest from the ICACCOPS database.

The specific infohash number is not necessary to understand the screenshot, nor is it relevant to these proceedings. The redaction is appropriate.

APPENDIX “B”

Summary of Redactions to May 13, 2022 Transcript

Page

Content

Counsel’s Positions

Ruling

29-35

Over roughly five pages, Detective Goodyear discusses the way in which TD identifies itself to other users on the network.

Crown and amicus are agreed these passages are appropriately redacted.

The redactions are appropriate. These passages reference Private Information which I have found to be both irrelevant and privileged. Indeed, any references in the transcripts to any of the Private Information is appropriately redacted, in my view.

45-53

In this section of the transcript, Detective Goodyear discusses in detail the severity system used by ICACCOPS.

Crown and amicus are agreed the redactions are appropriate. The Crown has agreed, however, to prepare a brief summary of this content for defence counsel.

I agree that the redactions are appropriate on the basis of a lack of relevance. On consent, however, a summary is to be provided.

56-61

Detective Goodyear is discussing, in this section, certain screen shots in the TD Manual and he is describing references to specific files and file names of identified child pornography.

Counsel are agreed that this material is appropriately redacted from both the manual and the transcript.

Nothing turns on this information. It is appropriately redacted as irrelevant.

What is redacted here is a reference by Detective Goodyear to an IP address that has been redacted in the manual.

Counsel are agreed that this redaction is appropriate.

Agreed.

65-66

Further discussions about severity ratings.

Counsel are agreed that these redactions are appropriate.

Agreed, on the basis of a lack of relevance.

67-68

These are minor redactions that correspond to redactions made to the TD manual to delete specific infohash references.

Counsel are agreed that the redactions are appropriate.

Agreed.

73-75

References to the manner in which TD identifies itself to other users.

Counsel are agreed that the redactions are appropriate.

Agree. This is Private Information.

75-76

This is a short discussion about deconfliction.

Counsel are agreed that the redactions are appropriate.

Agreed. This information is not relevant.

76-80

In this part of the transcript, Detective Goodyear discusses a police technique not used in this case.

Counsel are agreed that the redactions are appropriate.

Agreed. Evidence about this technique is likely subject to privilege, but in any event is not relevant to the live issues in this case.

80-87

Another discussion about severity.

Counsel are agreed that the redactions are appropriate.

Severity ratings got a fair bit of air time, considering it is an irrelevant issue. I agree that the topic is not relevant to this case.

The number of torrents of interest in the ICACCOPS database.

Counsel are agreed that the redactions are appropriate.

Agreed. This information is not relevant and is, in any event, privileged.

In this portion of the transcript, Detective Goodyear addresses a deferred question from an open session regarding whether any of the software settings are configurable.

Counsel are at odds as to whether the Crown’s proposed redactions are appropriate.

The proposed redactions at the bottom of page 96 and top of page 97 are, in my view, over-reaching. The question was relevant, the answer is relevant and I can see no basis to sustain any claim of privilege over it. This redaction should be removed.

97-98

Further discussion of the technique referred to at pages 76-80.

Counsel are agreed that the redactions are appropriate.

The redaction in the middle of page 97 is appropriate as it is the same sort of information discussed (and redacted) at pages 76-80.

102

The number of torrents of interest in the ICACCOPS database.

Counsel are agreed that the redactions are appropriate.

Agreed.

103-104

Deconfliction-type discussion.

Counsel are agreed that the redactions are appropriate.

Agreed, on the basis of a lack of relevance.

109-114

Discussion with Mr. Versace about how the software identifies itself to other users.

Counsel are agreed that the redactions are appropriate.

Agreed.

116-123

Further references to identification.

Counsel are agreed that the redactions are appropriate. They are content that defence counsel be aware that this passage involves a detailed description of the extended handshake.

Agreed.

136

Discussion about a notification system.

Counsel are agreed that the redactions are appropriate.

Agreed. This is not relevant information to this case.

139

Mr. Versace discusses a research study undertaken in the U.S.

Counsel are agreed that the redactions are appropriate.

Agreed. This information is also not relevant.

APPENDIX “C”

Summary of Redactions to the May 16, 2022 Transcript

Page

Content

Counsel’s Positions

Ruling

19-20

This transcript reflects a cross-examination of Detective Goodyear by amicus. In these passages, he references a specific IP address and port set out in a redacted portion of the TD manual.

Counsel are agreed that the redactions are appropriate.

Agreed. These references were redacted from the manual on the grounds of a lack of relevance and a concern for the privacy interests of any actual user of the exemplar IP address.

22-23

More discussions about severity.

Counsel are agreed that the redactions are appropriate.

Agreed, for reasons previously expressed.

References to the redacted portions of pages 45 and 47 of the TD manual.

Counsel are agreed that the redactions are appropriate.

Agreed. These are appropriately redacted for the same reasons the information was redacted from the manual.

26-28

More discussions about severity.

Counsel are agreed that the redactions are appropriate.

Agreed.

30-31

Discussion about about how TD identifies itself.

Counsel are agreed that the redactions are appropriate.

Agreed, for reasons previously expressed.

Mr. Kapoor suggested the wording for a proposed summary of a section of the TD manual that referenced the way TD identifies itself to other users on the network. Detective Goodyear demurred.

Counsel are agreed that the redactions are appropriate.

Agreed. This discussion is largely benign, but out of an abundance of caution, it is appropriately redacted as it addresses Private Information.

More discussion about severity ratings.

Counsel are agreed that the redactions are appropriate.

Agreed.

APPENDIX “D”

Summary of Redactions to the June 8, 2022 Transcript

Page

Content

Counsel’s Positions

Ruling

Detective Goodyear indicates that TDR cannot connect to a target that is firewalled.

Crown counsel seeks to attach privilege to this evidence. Amicus did not make submissions.

Detective Goodyear provided this information in an open session on March 2, 2022. The redaction should be removed.

14-17

References other users receiving TDR’s IP and port.

Crown counsel seeks to attach privilege to this evidence. Amicus did not make submissions.

This is not privileged information. If it has not already been said in open sessions, it has been implied. In my view, this is information that any other user would obtain publicly on the BitTorrent network. The redactions should be removed.

17-19

References to the passive listening function.

Crown counsel seeks to attach privilege to this evidence. Amicus did not make submissions.

In my view, this information is not subject to privilege, but the passive listening function of TDR was not engaged in the investigation of Mr. Hughes, so this information is not relevant and may be redacted.

21-22

Discussion about firewalls and when ICACCOPS pushes information out to investigators. Subsequent discussion about the passive function of TDR.

Crown counsel seeks to attach privilege to this evidence. Amicus did not make submissions.

There are different issues being addressed in the passages sought to be redacted by the Crown. The section from page 21, line 1 to page 22, line 11 is relevant and non-privileged information. To the extent that it discusses firewalls, I have already indicated that that information was provided by Det. Goodyear in an open session. How and when TDR pushes information through ICACCOPS to investigators is relevant. This information should not be redacted. From line 12 to line 29 on page 22, the discussions is about the passive function of TDR and may be redacted.

23-24

Discussion about the passive function of TDR

Crown counsel asserts a lack of relevance. Amicus did not make submissions.

I agree with the Crown’s submission. The listening function was not engaged in this case and is irrelevant.

30-56 and 58

Discussion of content of TDR manual

Most of the TDR manual has been redacted. The redaction of this information corresponds to those redactions. Amicus is content with the redactions on the basis that the manual has been summarized by the Crown.

In my view, much of the content of this portion of the transcript is benign. That said, on balance I am satisfied that the redactions are appropriate on the basis of relevance, or the lack thereof.

Discussion of a possible means of defeating TDR.

Crown counsel seeks to attach privilege to this evidence. Amicus did not make submissions.

This information may very well be privileged, but it is not, in any event, relevant to any of the live issues here. The redaction is appropriate in my view.

Discussion of the manner in which TD and TDR identify themselves to other users.

Crown counsel seeks to attach privilege to this evidence. Amicus did not make submissions.

This is Private Information and covered by privilege, in addition to lacking relevance.

Similar discussion to that on page 59.

See comments re page 59. Amicus agrees that redactions are appropriate.

Agreed.

70-74

Discussion of parts of the TDR manual that I have ordered produced.

Crown and amicus agreed on these redactions.

I am of the view that much of the redacted material can and should be unredacted. It addresses issues related to the part of the TDR manual that I have indicated should be produced. That said, certain aspects of it should remain redacted on the basis of privilege and/or relevance and those parts are:

Page 72, line 4, where the sentence begins, “And in the second…” to the end of line 23.

Page 73, line 8 to page 74, line 3.

Discussion about anonymized users.

Crown and amicus agree this information is not relevant.

Agreed.

76-91

In this portion of the transcript, Det. Goodyear discusses the content of the TDR manual that I have ordered disclosed.

Crown and amicus appear to be agreed that these references may be redacted, I suspect because the defence has been provided with a summary of this material.

In my view, there is no reason to redact Det. Goodyear’s evidence in this section. It is relevant to portions of the TDR manual I have ordered released in unredacted form. I make two exceptions. The following passages should be redacted on account of a lack of relevance:

Page 80, line 25, where the sentence begins, “As I mentioned before…” to the end of that paragraph.

Page 89 line 28 to page 91, line 7.

A brief discussion of a privileged issue.

Counsel agreed it should be redacted.

Agreed.

Discussion of the passive listening function.

Counsel are agreed it is not relevant and should be redacted.

Agreed.

Short discussion about investigations in other jurisdictions.

Counsel are agreed this is not relevant and is properly redacted.

Agreed.

95-97

Short submissions from counsel.

Counsel are agreed this is not evidence and not relevant and may be properly redacted.

Agreed.

98-101

Further discussions about the content of the TDR manual.

Counsel are agreed that this may properly be redacted, again I suspect because a summary has been provided.

In my view, this exchange should be unredacted. It goes to issues of the manual I have ordered produced. Again, I would qualify that finding by saying the following passage should be redacted on the basis of a lack of relevance:

Page 100, line 32 to page 101, line 17.

102-103

Short discussion of the passive function of TDR

Counsel are agreed it is appropriately redacted.

Agreed.

[1]As I understand it, IP address 99.232.162.41 was actually registered to Mr. Hughes’ mother at all material times. Mr. Hughes resided with his mother at those same relevant times.

[2] There are actually several mechanisms by which peers are matched with one another on the BitTorrent network. Trackers are the simplest example and I think it unnecessary to go beyond them to describe how the system operates. To be clear, however, TDR actually seeks matches through all the available mechanisms.

[3] A “port” is a virtual point associated with a network connection. Ports are managed by a computer’s operating system. There are 65,536 ports available to operating systems. They allow network traffic to go to specific applications running on the computer. As Mr. Versace analogized it, connecting to an IP address is like calling a car dealership’s service department. Connecting to a port is like asking for “Bob” when someone answers.

[4] Wireshark software is essentially a network protocol analyzer. It tracks what happens on a network at a microscopic level.

[5] “VPN” stands for virtual private network. A VPN service encrypts a user’s internet traffic and disguises the user’s online identity and location. It hides the user’s actual IP address by rerouting network traffic to a remote server run by a VPN host.

His Majesty the King v. Kyle Hughes, 2022 ONSC 5209

Case Summary

SUPERIOR COURT OF JUSTICE

ruling No. 2 on mr. hughes’ disclosure application

I. OVERVIEW

A. Introduction

B. The Proceedings to Date

C. The Outstanding Issues

II. THE PROCESS

D. The Procedure Utilized

E. The Evidence Adduced

III. DISCUSSION

F. The Information in Issue

G. The Information Disclosed to Date

H. Issue One: Should operational copies of TD and TDR be provided to Mr. Hughes? (O’Connor Stage Two)

I. Issue Two: Does the Crown have a sustainable claim to investigative technique privilege over the Private Information and operational copies of the software?

APPENDIX “A”

APPENDIX “B”

APPENDIX “C”

APPENDIX “D”

Judge

Counsel

Parties

Areas of Law

Fact Patterns

Issues

Statutory Provisions 2

Legal Tests 3

Legislation 4