Who’s Watching & Listening

You never know who is watching. Please note that if you are Investigating someone inside your own company, and using the company network to search the Internet, at least use the encrypted search sites.  However, it is becoming more common for large companies to insert an inline HTTPS proxy in the network to  read and analyze this traffic by creating a man-in-the-middle. You can’t be sure that your investigation won’t be compromised because someone sees what you are searching and then tells the wrong person.


Google — Search, Plus Your World

If you are  a Google+ user, then you now have a new search tool (the encrypted site is https://www.google.com/insidesearch/plus.html). When you are signed into your Google+ account your search engine results will be sorted for relevance in different fashion. Your search results will be sorted by what your Google+ friends say about the search term. This process assumes what your friends say is more important than other content.

This personalised search relevance is a boon for advertisers that want your attention. Google isn’t the first to do this. In 2010 Bing began ranking sites in search results based upon how many of your Facebook friends “like” the site.

The search engines and advertisers have decided that people want to search for other people and their opinions over other content. How convenient for the search engines and advertisers!

If you want a full explanation of the impact this will have for the Investigator, then read Phil Bradley’s article titled Why Google Search Plus is a disaster for search. Google is no longer my first choice, I start with Bing, then DuckDuckGo, and last but not least, I search Blekko.

Copernic Agent & Google

I have used Copernic for years, and just accepted its lack of a Google search.  I just got used to it, and never sought a way to add Google.

At a recent conference, Kevin Ripa told me that a registry entry would solve the problem after I mentioned that it didn’t search Google.  If you’re going to feel like an idiot, its good to shown-up by a really smart guy like Kevin.

Go to the registry key:


and insert the following string:


with value, http://updates.copernic.com/k2upd/agentex


Division of Powers — Property Rights

The provinces have been granted power over “property and civil rights in the province” in Section 92(13) of  The Constitution Act, 1867.

This division of power forced the Trudeau government to remove the right to private property from the Charter of Rights when the provinces protested its inclusion. The provinces saw this as limiting their ability to tax, expropriate, and exercise control over property ownership. Neither the federal nor provincial governments are under any constitutional obligation to pay fair (or any) compensation for expropriated property. The Constitution Act 1867 and the Charter of Rights do not address this issue. Legislatures are also free to legislate away your ability to use any property for any purpose. Ontario and Quebec will probably try this route to control firearms ownership once the Long Arm Registry is eliminated by the federal government.

This is starting to backfire. Landowner associations and grass-roots movements are starting to form in Ontario and Alberta.  These groups and movements to include property rights into the Charter of Rights will become a prominent feature of the political landscape in years to come.

Best Documentary Evidence

In Omychund v Barker (1745) 1 Atk, 21, 49; 26 ER 15, 33, Lord Harwicke stated that no evidence was admissible unless it was `the best that the nature of the case will allow’. The general rule is that secondary evidence, such as a copy . . . , will be not admissible if an original document exists, and is not unavailable due to destruction or other circumstances indicating unavailability.

The rationale for the . . . rule can be understood from the context in which it arose: in the eighteenth century a copy was usually made by hand by a clerk (or even a litigant). The best evidence rule was predicated on the assumption that, if the original was not produced, there was a significant chance of error or fraud in relying on such a copy.

Today this still applies to a large degree — that is why we normally get certified copies of public records that might be used in the future and notarize copies of documents obtained throughout the course of an investigation.

Ontario PI Licence Guarantor

Ontario PI & Security Guard Licence Guarantor Requirement

The Royal Canadian Mounted Police (RCMP) recently added a new requirement to its policy related to criminal record checks. This requirement applies to all agencies across Canada that access the Canadian Police Information Centre (CPIC) to perform a criminal record check. CPIC is administered by RCMP. All agencies that access CPIC, including the Private Security and Investigative Services Branch (Branch) are required to comply with the RCMP CPIC Policy.

Effective March 21, 2011, all applicants for licences must have a guarantor confirm their identity by verifying the identification documentation (ID) that accompanies their application. Applications cannot be processed without this confirmation by a guarantor. This requirement applies to both individual licensees as well as agency personnel that are named in the application for an agency license. Typically these are officers, directors or partners of the company who, as part of the agency application process, are also required to have a criminal record check.

Anton Pillar Orders

Anton Piller Orders, named after the famous 1976 English case, Anton Piller KG v. Manufacturing Process Ltd. [1976] Ch 55 1 ALL E.R. 779, which defined the process of civil search and seizure under common law.

An Anton Piller order is obtained ex parte, and allows the moving party to access the premises of the other party to gather evidence that the court fears may be destroyed if the search is not conducted immediately. To many people this resembles a private search warrant but it is not.  The contempt power is used to enforce them rather than the normal criminal process where physical force may be used to execute the Order.  Nor does the Order authorize entry.  Rather, it commands the defendant to permit entry.  The defendant may deny entry, and thereafter face contempt proceedings.  The plaintiff’s agents may not use force to effect entry in the face of the defendant’s denial of permission.  The defendant may move to have the access limited after the search. Therefore, the order doesn’t necessarily give the moving party immediate access to the evidence, rather it preserves it, so that access can be determined at a later time.

With a search warrant, those strangers are police officers, who may use reasonable force to execute their search.  With an Anton Piller order, the strangers are not police officers (although they will usually include one peace officer from the Sheriff’s office or a Bailiff in Quebec).  They may not use force to gain entry, but rather the threat of jail or other punishment.

The premise of these orders is that (a) the defendant is likely to act to frustrate the order if given notice of it in advance; and (b) there is a strong prima facie case that the defendant has already acted very badly.  As Anton Piller orders play an increasingly important role in protecting businesses from disgruntled or departing employees (as in Ridgewood cited below), it is important for Investigators to fully understand their obligation to properly execute these orders.

A number of judgments have condemned the improper execution of these orders. An Ontario case,  Ridgewood Electric (1990) v. Robbie, contains an  excellent background of the Anton Pillar Order in Para [23] and demonstrates how not to execute the order. In Harris Scientific Products v. Araujo (2005), 54 Alta. L.R. (4th) 195, the Alberta Court of Queen’s Bench ordered damages of $35,000 for trespass and punitive damages of $10,000. Furthermore, the Alberta Court of Appeal in Catalyst Partners Inc. v. Meridian Packaging Ltd. established that there had to be strong evidence showing a real possibility that the defendant would destroy documents, not merely an inference or suspicion in order to issue an Anton Pillar Order.  In Celanese Canada Inc. v. Murray Demolition Corp., 2006 SCC 36 the SCC ruled that Celanese had the onus of demonstrating that no prejudice would result from their solicitors carrying on in the file. As a result of the execution of an Order, the Celanese solicitors had come into the possession of confidential information attributable to a solicitor-client relationship, and the court said that the solicitors “bear the onus of showing there is no real risk such confidences will be used to the prejudice of the defendant.” This contentious case led the SCC to better define the  requirements for successful preparation and execution of an Anton Pillar Order. The following guidance is distilled from Celanese Canada Inc. v. Murray Demolition Corp.

  • An independent solicitor should act as a neutral officer of the Court to supervise the execution of the Order. This person should explain the Order to the Defendant and provide a objective report to the Court.
  • Limit the scope to only necessary material and no material should be removed from the site unless pursuant to the terms of the Order.  This is not a fishing expedition. However, allocate enough time and be methodical in your execution of the Order while documenting every step in the process.
  • The moving party should provide an undertaking and/or security for damages if the Order is unwarranted or improperly executed. The court does not want to deal with imposing fines etc. as in Harris Scientific mentioned above.
  • Include a procedure for dealing with solicitor-client privilege or other confidential materials. The court does not want a repeat of this problem as seen in Celanese above.
  • Return seized material as soon as practicable.
  • Commence the search during normal business hours when the counsel for the Defendant is available for consultation. Again, this was a problem faced by the Defendant in Celanese.
  • The premises should not be searched, or items removed, without the presence of the defendant or his responsible employee.
  • Persons conducting the search should be listed by name rather than just the number of people permitted.
  • A detailed list of all evidence seized should be made and verified by the Defendant before leaving the site.

The Olde Ways

I was summoned to a meeting with a client. The client firm is over a century old. This successful firm has learned a thing or two about security.

I was asked to surrender my electronic gadgets. Being of the old school, I had none. This pleased the gatekeeper. I was led to a room furnished with only a curious table and four old wooden bankers chairs. No telephone, no electrical outlets, one florescent light fixture above the table.  The gatekeeper had to unlock the room. She then waited at the open door until my contact arrived.

My contact enters and places pieces of chalk and a chalkboard eraser on the the table. Most of the table top is painted with chalkboard paint.

We eventually compose a handwritten Memorandum of Agreement regarding the engagement, sign it, and off we go.

These people understand the rules, especially Rule #1 — If you don’t want it overheard, don’t say it. But I must admit, I have never seen a “Magic Slate” table before.

Erase Data with a Hammer

Flash-based solid-state drives nearly impossible to erase

Researchers from the University of California at San Diego delivered a paper at the FAST-11 Conference in San Jose, Calif., last week that shows it’s almost impossible to reliably erase data from a solid state drive.

The report, Reliably Erasing Data from Flash-Based Solid State Drives (PDF), goes through all of the known techniques for erasing data and they found the best method was a big hammer.

27 Mohammeds


In conducting Internet research we encounter the problem of persona isolation. In national security circles this is called the “27 Mohammeds problem”.  Essentially, how do we know that the John Smith mentioned in a blog is the specific John Smith we are researching?

Reputation Evaluation

This leads to a another difficulty.  An Internet reputation may not reflect reality.  The Internet reputation may be fabricated out of malice.  We must evaluate a conviction in the august Internet Court and determine if we believe it enough to not take a risk on the subject firm or person.

Related Articles

The following related articles may help you deal with this problem:

Toronto Sun Surprised by Private Investigator

Private Investigators, Adjusters, and insurance companies get a lot of bad press due to bias, ignorance, and a desire to sensationalize the news.

In today’s Toronto Sun an article titled, How Facebook can screw you by Alan SHANOFF, the author states,

I wouldn’t be surprised to see insurance company adjusters and investigators trying to become a claimant’s “friend” to obtain inner circle access. Instead of a private investigator hiding in a van on your street or behind a bush, he might very well be tracking your movements in cyberspace.”

It’s obvious that SHANOFF would be surprised to learn that Private Investigators and Adjusters in Canada wouldn’t do this to a represented claimant.  I have written on this subject twice, and all the PI’s and Adjusters I have spoken to about this know that they may not “friend” the subject of an investigation if he or she is represented.  Simple fact checking would have corrected this.

Surveillance Tradecraft

Early in my career I was part of a surveillance crew. Every day I would go out and follow people. Sometimes I worked alone, sometimes in a car or cab with two other guys, sometimes as part of a multi-vehicle team.

It takes a long time to integrate a new guy into a surveillance crew. If he is experienced, it will take about 6 months. I have not seen any really good training schools for this in North America. I think the reason that such schools don’t exist here is that it takes too long to teach the fundamentals and this would cost a lot of money for lodging, cars, and instruction. In Canada, learning to conduct surveillance is definitely on-the-job training.

Let’s start with some definitions.

Read more


Dyed hair and false beards are childish. Mere physical traits are of little use for identification. Context or ‘atmosphere’ are what matters.

If your subject gets into entirely different surroundings from those in which he was first observed — and this is the important part — really plays up to the new surroundings and behaves as if he had never been out of them, then he would be invisible to even the cleverest Private Investigator.

A fool tries to look different; a clever man looks the same and is, at the same time, different.

The deceiver assumes the new role by actually becoming the person he is impersonating. He is quietly absorbed into his new surroundings. In essence, the person you are seeking may be hiding in plain sight.

In Plain Sight

When he’s out and about near his Denver home, former Broncos quarterback John Elway has come up with a novel way to travel incognito—he wears his own jersey. “I do that all the time here,” the 50-year-old Hall of Famer told me. “I go to the mall that way. They know it’s not me because they say there’s no way Elway would be wearing his own jersey in the mall. So it actually is the safest thing to do.”  (Source: http://sportsillustrated.cnn.com/vault/article/magazine/MAG1175387/4/index.htm)