Online Sexual Offences
This page was last substantively updated or reviewed May 2021. (Rev. # 80562) |
General Principles
There are several Criminal Code offences that are either primarily or exclusively committed through the use of the internet and computer. These include:
- Making, distributing, accessing, or possessing child pornography.
- Child luring
- Making Sexually Explicit Materials Available to Child
- Agree or Arrange a Sexual Offence Against Child
- NCMEC CyberTipline Reports
Many investigations into ICE related crimes, include reports generated by organizations such as the National Centre for Missing and Exploited Children. These reports are generally considered reliable for the purpose of establishing grounds for the issuance of a judicial authorization.[1]
Peer-to-Peer Investigations
Peer-to-peer investigations concern the detection and investigation of the distribution illegal computer files through the internet.
The automated collection of hash values and file names consistent with child pornography is not sufficient to substantiate a charge. The file must be looked at to make this determination.[2]
The specialized computer forensic examiners and investigators are able to testify to the types of offenders that they have observed in their experience.[3] Some basic technical concepts are required.
- The Internet
The internet is a "global system of computer networks" that is an "important tool for the exchange of information". It is a "single global venue" that is accessible to users where ever they may be.[4]
The internet is accessed through an Internet Service Provider. The subscriber connects to the service provider who in turn connects the subscriber to the internet.[5]
An IP address is a numerical identifier that is automatically assigned to a subscriber when the computer device connects to the internet.[6] There are over 4.3 billion IP addresses.[7]
The ISP records the dates and times that the IP address is assigned to the subscribers.[8]
- ↑ R v Cusick, 2015 ONSC 6739 (CanLII), per Ricchetti J
- ↑ R v Lamb, 2010 BCSC 1911 (CanLII), [2010] BCJ No 2701, per Ehrcke J
- ↑
e.g. R v Thompson, 2016 ONCJ 271 (CanLII), per McKay J, at para 24
- ↑ R v Ward, 2012 ONCA 660 (CanLII), 112 OR (3d) 321, per Doherty JA, at para 19
- ↑ Ward, ibid., at para 20
- ↑ Ward, supra, at para 21
- ↑ Ward, supra, at para 21
- ↑ Ward, supra, at para 23
Undercover Investigations
Computer Forensic Analysis
In preparing the computer for examination the expert should make a duplicate copy of the device's hard drive.[1]
Forensic examiners typically are able to recover the following information from the computer:
- evidence of when the operating system was installed [2]
- when the computer was last shut down properly[3]
- evidence that the hard drive had been wiped clean, overwritten prior to the installation of the operating system[4]
- the name of the user who registers the computer at the time of installation[5]
- history of computer use based on website history, the presence of cookies, and the data cache[6]
It would be usual to find the internet browsing history to be set to be deleted automatically.[7]
An expert can usually rule out the possibility of hacking the computer, viruses or malware by running a scan.[8]
Computer forensics considerations:
- a computer forensic analyst will not necessarily be able to comment on the use of various apps and their ability to leave inculpatory evidence.[9]
- ↑ R v Woods, 2008 ONCJ 395 (CanLII), per G Campbell J, at para 16
- ↑ Woods, ibid., at para 16
- ↑ Woods, supra, at para 16
- ↑ Woods, supra, at para 16
- ↑ Woods, supra, at paras 16, 20
- ↑ Woods, supra, at para 22
- ↑ Woods, supra, at para 23
- ↑ Woods, supra, at para 29
- ↑ e.g. R v Gauthier, 2021 ONCA 216 (CanLII), per Harvison Young JA expert could not comment on whether chat logs could have been inserted on the device by having a concurrent log-in from a different device.
Proof of Identity
In many online sexual offences there is clear evidence that a particular computing device was used in the commission of a criminal offence. The primary issue at trial would be the identity of the culprit.
Evidence suggesting of identity of the culprit (e.g. the person who possessed certain files or operated certain software) include:
- person associated with a user account with administrative rights that may have installed software that facilitated the crime;[1]
- the level of computer sophistication or computer literacy of the accused;[2]
- ownership of the computer[3]
- level of usage of the computer;[4]
- the descriptive file names;[5]
- organization of the files[6]