Re: Large Ontario DC busted for hosting petabytes of child abuse material

[Landon Stewart <landonstewart () gmail com>]

On Mar 2, 2015, at 10:03 AM, Mike A <mikea () mikea ath cx> wrote:
> On Mon, Mar 02, 2015 at 05:53:33PM +0000, Naslund, Steve wrote:
> > Don't know who this is but the legalities are pretty clear I think. The DC
> > is not required to know what data is stored but if the cops can prove that
> > someone DID know what was stored, that person can be criminally charged.
> > IANAL but I have worked with LE on a similar case and that is how it was
> > explained to us by the FBI. It will be hard to prove anyone knew however
> > since anyone that knew and did not report it committed a crime. Charging the
> > company will be a stretch unless they can prove that at least one corporate
> > officer knew. Otherwise the company will fire whichever employee knew and
> > say "He should have told us".
> >
> > This is all about who knew what and when.
>
> True in the USA, I think; but what about Canadian law?

AFAIK it's generally the same in Canada.  If a provider is aware of (reported, accidental discovery or otherwise) the 
existence of child pornography on their network that existence must be reported to LE and the content must be cease to 
be publicly available.

What I've done in the past when such a report is received is created an archive of the whole directory and 
subdirectories in question, collected all the customer data related to the account including logs of logins and file 
transfers and sent that directly to law enforcement and through https://www.cybertip.ca/ <https://www.cybertip.ca/>.

Some information for Canadian service providers is in the reporting system itself:

https://www.cybertip.ca/app/en/service_provider_report

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail