What Fraud Victims Should Know About Using Evidence Obtained by Hacking

Norman Groot

The massive law firm server hack that resulted in the leak of documents that came to be known as the Panama Papers brought significant media attention to the kind of information that can be obtained from secured databases that may assist the victims of fraud in obtaining a recovery.

To this end, the International Consortium of Investigative Journalists (“ICIJ”) has created a website entitled Panama Papers – Politicians, Criminals and the Rogue Industry That Hides Their Cash – the rogue industry being lawyers, especially those with the Panama-based law firm Mossack Fonseca – see https://panamapapers.icij.org/. For their efforts, the German newspaper Süddeutsche Zeitung, who first received the hacked documents, has received numerous international awards for its collaborative investigative journalism efforts with the ICIJ – see https://panamapapers.icij.org/awards.html – updated to new link on 20180925 – ACFI Admin.

Based on the above, it may seem that the theft of private data is being celebrated in the popular media, however, the question that remains for fraud victims, their lawyers and their investigators is whether hacked information – stolen information – can be used in Canadian courts as part of fraud recovery litigation.

The Use of Panama Papers Documents – From the Media to the Courtroom

Our law firm had the opportunity to tender evidence derived from the Panama Papers hack in a case earlier this year. The case was brought under a sealing and gagging order and without notice to the rogues who were being targeted. While the seal and gag order in our case has expired, the investigation continues, and for this reason we are not publishing the name of the parties or the court file number in this blog post.

What we are comfortable releasing is a summary of the story and the legal argument we made. The Court in Toronto who heard our motion granted our client a Norwich Pharmacal order – an order to obtain documents on the target rogues from a third party organization, without the rogues’ knowledge or consent. The order was granted in part based on information derived from the documents leaked through the Panama Papers hack.

In our case there was no issue that the Panama Papers information we tendered was relevant to our client’s cause. The reliability of the information was not challenged. The issue was whether, as a matter of public policy, information derived from stolen documents could be admissible to support an order issued by a Canadian court.

While we are not publishing the case name, we are willing to explain the nature of the motion generally. Our client, a BVI law firm, represented two Russian businessman. The Russians lost approximately $40M to a Ukrainian rogue as a result of a corporate fraud. The company was BVI-based, and accordingly it was the BVI Commercial Court which, after a five-week trial, issued judgment, along with a world-wide Mareva (asset freezing) order.

Consistent with the behaviour of many rogues operating out of the BVI, the Ukrainian rogue used various trusts and companies and related individuals to conceal his ill-gotten gains. The rogue refused to comply with the asset reporting orders that typically accompany an asset freezing order. Piercing through the layers of trusts and sham corporations required us to obtain evidence held by third party corporate services companies used by the rogue – companies that exist in Canada for the purpose of registering companies in foreign jurisdictions, such as the BVI.

Admissibility of Documents Obtained Through Self-Help (Theft by Client)

In our factum (legal argument), we referred to previously decided Canadian cases where attempts were made to use evidence in a judicial proceeding that had been obtained by unlawful acts. One such case was Autosurvey v Prevost 2005 CanLII 36255 (ON SC). In Autosurvey, the corporate plaintiff accessed the personal server of a former employee and accessed numerous privileged communications and other personal information not related the litigation.

The Court found that the corporate plaintiff intentionally resorted to the use of an unlawful self- help search and seizure to access and copy the content of the Defendants’ server. Furthermore, the Plaintiff also kept the facts and information obtained from the Defendants for several weeks. Remarkably, the lawyers for the Plaintiff even advised their client to go back into the server and obtain further information and make notes. This egregious behavior resulted in the Defendants being granted a permanent stay of proceedings against the Plaintiff.

In our case we took the position that unlike the plaintiff in Autosurvey, it was not our clients who stole the information, but rather it was an unknown third party who committed the unlawful act. In the Panama Papers scenario, the leaked hacked documents were allegedly received from a disgruntled former client of Mossack Fonseca. Apparently the security on Mossack Fonseca’s server was weak, and the former client spent months collecting confidential documents from the law firm. When the former client did not get the results he wanted from Mossack Fonseca, he leaked the documents to journalists.

Admissibility of Documents Obtained Unlawfully by a Third Party

In the case of Osiris Inc. v. 1444707 Ontario Ltd., a franchisee illegally obtained private communications between the franchisor and another party through a computer hack. The franchisee then shared this information with the Defendants in order to help it defend against proceedings brought by the franchisor. The party who obtained the documents initially wanted to remain anonymous, but then came forward to prove the authenticity of the documents. Upon learning of this conduct, the franchisor brought a complaint against the Defendants and their lawyers for impropriety in advancing the knowingly illegally obtained evidence.

In the civil proceedings, the franchisor submitted that obtaining and using documents without the consent of their owners was a violation of federal privacy law (the Personal Information Protection and Electronic Documents Act – “PIPEDA”) and that this was grounds by which the evidence could be excluded. The franchisor’s argument was not accepted. The Court held that the evidence was admissible and that any issues with respect to alleged violations of privacy law should be adjudicated by the Privacy Commissioner (a non-judicial officer without order making power), or by the Federal Court on application made by the Privacy Commissioner for an order. The Canadian Court held that:

“It is still the law [in Canada] that illegally obtained evidence is not, per se,
inadmissible in civil proceedings.”1

In our case we submitted that federal privacy legislation would not apply as that law only applies to data that is created in Canada. Furthermore, PIPEDA has no application to evidence admissibility in Ontario – see Ferenczy v. MCI Medical Clinics, 2004 CanLII 12555 (ON SC).

Admission of Hearsay Evidence in Ex Parte Motions

It goes without saying that in our case we could not obtain an affidavit from the individual who had hacked into the Mossack Fonseca databank, or even from the disclosing journalist from the ICIJ. Our affidavit was from the person who had been shown the critical documents by an ICIJ journalist. This was sufficient, as in Canada hearsay evidence is admissible in ex partemotions – see DIRECTV Inc. v. Sandhu, 2006 BCSC 1970, 2006 CarswellBC 3518.

Access to actual documents of Mossack Fonseca is generally not publicly available. However, the ICIJ has created an offshore leaks page to show basic information on corporate structures. If the entire raw data of Mossack Fonseca were released to the public at large, personal information such as bank account numbers, private phone numbers etc. could be abused. For obvious reasons, the ICIJ only publishes basic information – and ICIJ journalists decide to whom specific documents will be shown.

Admissibility of Privileged Communications

Another issue for courts to consider is whether lawyer and client privileged communications are admissible into evidence. To qualify as a solicitor/client privileged communication, the communication must be (1) between a client and his or her lawyer who must be acting in a professional capacity; (2) given in the context of obtaining legal advice; and (3) intended to be confidential – see Solosky v. Canada, [1980] 1 S.C.R 821. Whether or not the legal privilege will attach to the communications depends on the nature of the relationship, the subject matter of the advice, and the circumstances in which it is sought” – see Pritchard v. Ontario (Human Rights Commission), 2004 SCC 31 at paras. 19 – 20.

Our position was that the presumption of solicitor-client privileged was rebuttable because the communications made with lawyers from Mossack Fonseca were not communications within a privileged occasion, but rather were made in the context of giving and receiving business advice. Our secondary argument to rebut the presumption of solicitor-client privilege was that if a client seeks guidance from a lawyer to facilitate committing a crime or a fraud, the communication is not privileged – see Decvoteaux v. Mierzwinski, [1982] 1 S.C.R 860.

Probative Value versus Prejudicial Effect

Our final argument was that the probative value of the Panama Papers evidence was high and their prejudicial effect was low. This information was directly relevant to the determination of the main issue in the case – namely, whether the rogue was hiding assets through complex corporate structures to avoid paying the BVI judgment. On the other hand, the prejudicial effect of admitting the Panama Papers evidence was minimal, as the information they contain had already been released and was available to the world at large.

Stand and Deliver Norwich Orders

In our case we applied for a hybrid of an Anton Piller (search) and a Norwich (third party information disclosure) order – something called a “Stand and Deliver Norwich Order”. This was because the corporate entity that held the documents we were targeting was not a reputable bank, but a private corporate registry firm operating in Canada run by Russians. We simply could not trust the corporate registry firm to comply with the order in a way that reputable banks typically do through their internal security and lawyers. Accordingly in this case the Norwich order required admission to the corporate registry office, and permitted our attendance until they turned over the required documentation.
The explanation of this “Stand and Deliver Norwich Order” is a story for another blog post. We are not aware of any precedent for such an order in Canada. They are known to be granted in the UK. The bottom line for this blog post is that the Norwich order granted by the Canadian court led to documents which were then used in the BVI Courts by our BVI instructing counsel for securing a recovery on their judgment. Often these motions are high risk and expensive, and do not have a happy ending – but from our perspective, this motion resulted in the objective being achieved.


At Investigation Counsel, we investigate and litigate fraud recovery cases. If you discover you are a victim of fraud, contact us to have your case assessed and a strategy for recovery mapped out before contacting police or alerting the fraudster. We also promote victim advocacy and academic discussion through various private and public professional associations and organizations. If you have an interest in the topics discussed herein, we welcome your inquiries.

Norman Groot, LLB, CFE, CFI – August 19, 2017 ngroot@investigationcounsel.com

1 Osiris Inc. v. 1444707 Ontario Ltd., 2005 CanLII 47731 (ON SC), paras 75 to 84.