Inside Politics

Court files could shed new light on the mysterious Pierre Poutine

Recently released court files contain further details linking pseudonymous robocaller Pierre Poutine to a computer used by a Guelph Conservative campaign staffer, according to a former NDP candidate turned campaign communications strategist who has been providing technical advice to an Elections Canada investigator.

In an email sent to reporters Monday night, Direct Leap Technologies CEO Simon Rowland points to a production order filed by Elections Canada investigator Al Mathews last May.

The documents detail a series of logins to Edmonton-based RackNine's calling service indicating that, within a four-minute period, the still unidentified user behind the Pierre Poutine account may have accessed an account owned by Guelph Conservative campaign staffer Andrew Prescott -- apparently from the very same internet browser.

Here's the relevant section of the court filing, which was disclosed by Elections Canada as part of the ongoing Council of Canadians legal challenge, and can be read in its entirety at the end of this post: 

(Note: Emphasis added.)

166 [RackNine xxx Matt] Meier provided the following information relating to the use of the 2 IP addresses and clients #45 and #93 between April 30 and May 2, 2011, when the misleading call message and the calling list were uploaded to RackNine and the misleading calls to Guelph electors were made.

a) Ip address, the proxy server, appears in the session logs 4 times, and was used by client #93, namely Pierre Jones;

b) IP address,, appears numerous times in the session logs, and was related to use by client #45, Andrew Prescott, who used other IP addresses as well, outside the April 30 and May 2, 2011 period, which were also recorded in the session logs;

c) that by comparing access logs and session logs together, Meier identified that between April 30 and May 2, 2011, both client #45 and client #93 used both IP address and IP address to comunicate with RackNine, as explained in d) through f) below;

d) client #93 logged in to a session on May 2, 2011, which was "stored" in RackNine records as "Userid 45" or Prescott. This session were [sic] initiated from IP address There were 3 sessions occurring on May 1 and May 2, 2011, in which client #45 logged in, which were "stored" in RackNine records as "Userid 93" or Pierre Jones. Two (2) of these latter sessions were from IP address, one (1) session was from IP address;

e) the fact that 2 clients were recognized within the single, unique session log record meant that after the initial access, or log onto the RackNine website, the second client user changed the client id record in order to perform some function in the same session on the RackNine database that was specific to that second client user.

167. This correlating of access log and session log information (paragraph 166 c) above) thus indicates both client #45 and #93 used the proxy server to access RackNine and both client numnbers used IP address to access RackNine.

168. Amongst other data, the session logs and the client access log provided to me by Meier on March 6 and 7, 2012 and November 23, 2011, respectively, also show the following:

 (a) session log information shows that Client #93 last accessed a RackNine webpage at 21:19 on May 1, 2011 via IP address Both access log and session log records show that client#93 then accessed RackNine in a new session, with a new session log entry beginning at 21:20 May 1 which showed that client #93 was communicating from IP address That is, the 2 session events were 1 minute apart, but coming from 2 different IP addresses. Meier told me on May 9, 2012 that he thought that most likely client 93 closed his first session at 21:19 but immeidately returned to the RackNine website, forgetting about going through the proxy server, or thinking that he was still logged in through the proxy; and

b) on May 2, 2011, in 2 separate sessions, clients #93 and #45 were both communicating with RackNine from IP within 4 minutes of each other. Session log information shows that Client #93 last accessed a RackNine webpage at 02:12 on May 2, 2011 (the subject of one session log) and that a new session log was initiated for client #45 at 02:15 on May 2, 2011. As both communicated with RackNine from IP within less than four minutes of each other, it seems that clients #93 and #45 were likely together at this time.

In the email to reporters on Monday, Rowland explains his "single browser" theory, based on the above:

Paragraph 166.d states that on May 1 and 2, on three occasions Pierre Poutine logged into the Racknine web interface, logged out, and then logged into the Prescott account during the same browser session. This means Poutine logged out of his account, and then logged into the account used for the official calls without closing his browser tab.

So it's not just what was reported so far -- that the Poutine account and Prescott account were accessed by the same IP within 4 minutes of each other during the middle of this night. It's also that on three separate occasions, someone with both the Prescott and Poutine account passwords used the same browser window to log into both accounts.

Also, Poutine logged into Racknine through the proxy, closed his browser window, and 1 minute later logged in again, but this time forgot to go to the proxy website first, accidentally accessing the site directly. There were two session records for the Poutine account 1 minute apart: the first coming from the proxy, and the second coming from the Burke Campaign's office IP at (p.168.a)

This means the Poutine account was accessed on May 2nd from the IP address, the same IP address used for 32 of 41 logins to the Guelph CIMS site. This IP address was used to access CIMS by all 5 of the Guelph volunteers who have CIMS user accounts.

The IP address was not only used to access CIMS by all 5 workers, but it was used to access both Poutine and Prescott's Racknine accounts. This is also described in the April 17 ITO in p.169.

According to Rowland, this could be "pretty great evidence, as it shows that someone had both passwords."

His theory, however, rests on the assumption that it was one person who logged into both accounts from the same browser.

Former Marty Burke campaign staff have suggested that limited budget forced staffers to share computers, although that wouldn't necessarily explain the less-than-a-minute lapse between client sessions -- particularly in the wee small hours of the morning, as seems to have been the case on May 2, 2011. (It would also suggest that the suspect list would likely be limited to the campaign itself, unless they were also sharing computers with random passersby.)

In any case, although he wasn't willing to comment on the latest revelations, Prescott has repeatedly denied any involvement in the robocall scheme. 

Finally, it's worth noting that, according to the same filing, Rowland first got in touch with Elections Canada last May, offering to "provide assistance" to the commissioner following the initial wave of media reports on the Guelph robocall case. 

Mathews notes that his company, Direct Leap, "was involved in the 2011 general election by providing telephone services to the NDP, and also provides phone services to a number of non-profit organizations." As such, the document concludes, "he is both a partisan participant in the political process and also a subject matter expert in respect of telephone call centres." 

Read the full court document here:
Comments are closed.