Supreme Court understands that you don't control what is in your cache

In R. v. Morelli, 2010 SCC 8 the following statement was made on behalf of the majority (McLachlin C.J. and Binnie, Abella and Fish JJ)

[36] On my view of possession, the automatic caching of a file to the hard drive does not, without more, constitute possession. While the cached file might be in a “place” over which the computer user has control, in order to establish possession, it is necessary to satisfy mens rea or fault requirements as well. Thus, it must be shown that the file was knowingly stored and retained through the cache.

While I have no comment on the specifics of this case around possession or accessing of child pornography, there are many points in this decision that will be of interest to those following technology law. The understanding that the person who "owns" a computer may not be in control of what is in the cache is a good first step to clarifying a number of related issues. This includes copyright infringement claims simply for "downloading" something given a computer can receive a file for many reasons that were not under the control of either the owner or the operator of the computer.

"[65] ... Indeed, clicking on a bookmark may simply disclose that material previously on the Website has been removed; that material previously absent has been added; that the Website address is no longer valid — or that the Website no longer exists at all."

It should be obvious that a bookmark is just like any other digital link, and that the above applies to all links. Providing a link does not constitute authorisation to distribute the material referenced in the link, nor should a user clicking a link infer intent to download any specific information that may then be sent.

This case discussed how "[2] It is difficult to imagine a search more intrusive, extensive, or invasive of one’s privacy than the search and seizure of a personal computer." This should give proponents and providers of DRM some pause, given this is the essence of the dishonesty (at best) or "theft" (at worst) at the heart of non-owner digital locks on our devices.

While this offensive practice is not yet seen in this light, it it only a matter of time for the legal system to catch up. Analysis thus far has focused far too much on physical geography when discussing things such as "seizure" when in fact control should be the core question rather than only a component. A foreign locked device may be physically in front of one person (owner/operator), but through remote control effectively be under the "possession" of someone else.

I believe we are appropriately concerned about search and seizure carried out by the government, but not concerned enough about activities carried out by private actors. Any form of search and seizure carried out by non-government actors such as software vendors should have far more scrutiny than those carried out by authorised government agencies.