Cameron Slater – or rather, someone in National who passed the information onto Cameron Slater – seems to have exploited a security flaw in the Labour Party website to download its donor list for the year, which he intends to publish at 9 AM. I’m all for this sort of thing – Labour is one of the most powerful political parties in the country, yet, like National, it operates behind a veil of secrecy, particularly in regards to who funds its campaigns.
I am sorry for David Farrar though – I assume that, as per the Don Brash emails he’ll be SO outraged about the release of this information that even five years from now he’ll be unable to comment on the contents because he’ll be too upset about any ethical breaches than may have taken place in obtaining it.
Was this ‘hacking’? An old rule I just made up is that if you have to write code or guess a password then it’s hacking. Labour’s letter to Whaleoil suggests that Labour were backing up their donor database and then sticking it into a public directory on their web server where anyone could download it if they guessed the name of the directory and entered it into a browser url. (That Labour would be dumb enough to do this is both impossible to believe and completely not surprising.) So if National just guessed directory names and hit gold and downloaded their backup files then no, it’s not hacking.
I’m sure DPF will find a way to differentiate the 2 – he’s pretty good at that sort of thing
Comment by gazzaj — June 13, 2011 @ 7:52 am
He’s been assured by Slater that the information was not obtained illegally, and even though Nicky Hagar made an identical assurance, I guess Cameron Slater is just so much more trustworthy.
Comment by danylmc — June 13, 2011 @ 8:01 am
It certainly looks like a case of Wide Open Woes.
Whaleoil is also hinting at a party malaise wider than just Labour, if so it deserves scrutiny – for all of the parties.
Comment by Pete George — June 13, 2011 @ 8:56 am
“we isolated a system vulnerability” definitely sounds like it was just sitting there. I imagine this will be bad for a number of people…
Comment by gazzaj — June 13, 2011 @ 9:04 am
Don’t tell me you’ve been making secret donations to Labour in order to assuage your guilt at reaming them so much and don’t wish to alienate the great and good of DimPost readership (well, you know what I mean).
Comment by will — June 13, 2011 @ 9:21 am
We’ve all known Labour has been guilty of this, especially when they were in government (just another of the issues I have had with their organisation). They all do it of course, but Labour somehow seems to be that much more blatant and irresponsible – something to do with ends justifying means rather than playing within the rules I guess. If this results in a real tightening up of the cynical use of Parliamentary Services funding, then I might develop an iota of respect for the WhaleOil blog – although it is very hard to acknowledge that given some of the more despicable actions of Slater in the past (think those awful Photoshopped images of HC images for example).
Comment by Sam — June 13, 2011 @ 9:42 am
These aren’t corporate donors. This isn’t a look behind the firewall of a donor trust. The names Slater has are those of grassroots supporters who have made small donations by credit card. If I had similar information from national I wouldn’t publish it as I don’t think it’s in the public interest. If I had the books for the Waitamata trust though…
Comment by IrishBill — June 13, 2011 @ 9:43 am
I don’t know what’s more amusing, that people think Whaleoil leaking documents = ok but Nicky hager doing it = bad because he’s a filthy communist, or that people like Pete George seem to think Whaleoil publishing a few months of donor names in his capacity as our country greatest and most selfless public intellectual will lead to some massive overhaul of our politics, by either “cleaning it up” forever or destroying the Labour Party..
Comment by Hobbes — June 13, 2011 @ 9:52 am
“then I might develop an iota of respect for the WhaleOil blog” – but then I looked at the comments in the post that is linked to above.
IrishBill – I think frequently public interest is much different to productive interest. look at the whole BMW donation non-story thing. And, for me at least, the real story is the squandering of PS monies anyway – and that should be of public interest.
Just a thought, if Slater got the files from the web, couldn’t it be argued that they are already in the public domain, and therefore very difficult to make against the fact that he is republishing them…?
Comment by Sam — June 13, 2011 @ 9:56 am
… very difficult to make A CASE against…
sorry
Comment by Sam — June 13, 2011 @ 9:57 am
Sam: as far as I can tell this has absolutely nothing to do with the Parliamentary Service, but about donations made by private citizens. So I really don’t see how this will affect any parties use of PS funds.
Also, what Irish said.
Comment by Simon Poole — June 13, 2011 @ 10:00 am
Someone once told me a US judge had ruled that playing with URLs counts a hacking. I thought at the time that was wrong.
But OMGSTOLEN!!!!11!!eleven! for sure.
Comment by lyndon — June 13, 2011 @ 10:35 am
Hobbes: people like Pete George seem to think Whaleoil publishing a few months of donor names
I’ve said a number of times elsewhere and I’ll repeat it here – I don’t think Whaleoild should release any private data, ethically I don’t agree with it, and it will backfire on his crusade.
I’m more interested in the apparent misuse of Parliamentary Services.
will lead to some massive overhaul of our politics
It could be one catalyst, but it won’t lead to it – the only thing that will lead partries to reform is us the voters putting electoral pressure on them. Scare the hell out of their electoral ambitions.
The way to do that is through the polls. There’s a simple way to do that. Start a campaign to get people to choose a neutral party in the polls (yep, vested interest, but that’s what I’m doing, setting up a structure that can be used to pressure them). Make it significant. You’d only need to do that for a couple of months, then by the election you can still vote for whoever you like.
Rock their cosy arrangements and make them earn every vote.
Comment by Pete George — June 13, 2011 @ 10:53 am
“the only thing that will lead partries to reform is us the voters putting electoral pressure on them”
Nope. The only thing that will lead parties to reform is motivated people joining them in numbers. The more people paint democratically-constituted parties as hopeless cases, the more that becomes true.
Comment by Stephen — June 13, 2011 @ 10:58 am
I’m staggered at the authority to comment on detail exposed here by IrishBill and on the Standard by others. Explanations, excuss, apologies on behalf of Labour even and yet repeated denials that The Standard is not an organ of the Labour Party. Something a bit whiffy I think especially when combined with the vitriol and personal attacks on Slater sancioned by the Standardf’s moderators who unflinchingly and with gay abandon ban commenters for seemingly trivial challenges to the arguments put forward.
I think what we are seeing here is that the bait was laid out convincingly and the prey has leapt upon it with all the gnashing of teeth and frothing around the mouth while missing a greater game afoot.
Oh and Danyl, can you offer any evidence to support the statement “… or rather, someone in National who passed the information onto Cameron Slater” please or are you also repeating as fact a song from the deniers’ song sheet put out by Labour HQ on Sunday. Rule 2 … Blame it on the National Party Dirty Tricks Division and if that fails just mention the 9th Floor.
Comment by DavidW — June 13, 2011 @ 11:05 am
I actually disagree really strongly with this. Lots of people who make donations to political parties do so in secrecy because it might affect their jobs. For example, many civil servants are nervous about having their politicial affiliations known and, frankly, I can understand that because I know people who have lost their jobs for being too “Green”. Cameron Slaters says he has a list of donors who gave $11,000. IT is very unlikely ANY of them are extremely wealthy business people. They probably gave around about $80-$100 each.
Comment by LucyJH — June 13, 2011 @ 11:05 am
Whereas the people who donate *cough* insurance *cough* to National do it secretly through trusts. If New Zealand had corruption, we’d call this corruption.
Similarly, we’d call corruption a large exchange of money for policy if it was to occur between an Australian entertainment company and the government. If New Zealand had corruption.
Comment by George D — June 13, 2011 @ 11:16 am
Irish Bill even if what you say is true Labour do get substantial corporate donations in which they are extremely secretive about- Nicky Hager points this out in Hollow Men. They are not a large party mostly backed by grass roots support (in some elections they got way more business donations than National). I agree with Danyl they are a powerful party and incredibly secretive.
Comment by K2 — June 13, 2011 @ 11:23 am
Oh and Danyl, can you offer any evidence to support the statement “… or rather, someone in National who passed the information onto Cameron Slater” please or are you also repeating as fact a song from the deniers’ song sheet put out by Labour HQ on Sunday. Rule 2 … Blame it on the National Party Dirty Tricks Division and if that fails just mention the 9th Floor.
See Claire Trevett’s NZ Herald article:
Labour’s president, Moira Coatsworth, said yesterday that the party was concerned personal information of donors and members could be used in a “politically motivated” way after an online contact database was “exploited” through a weakness in security.
She said one of the first downloads of the information appeared to be from a National Party head office internet address, and it was subsequently accessed by a person with strong links to National and Act – understood to be Whale Oil blogger Mr Slater.
Comment by Graeme Edgeler — June 13, 2011 @ 11:25 am
Thanks Graeme, “appeared to be” is by no means certain so we will have to see how that plays out, still a bit tenuous for Danyl to state it as fact without even Moira’s qualification. If course it is not beyond the realms of probability that Ms Coatsworth has also read Rule 2.
Comment by DavidW — June 13, 2011 @ 11:42 am
Are we suggesting parliamentary staffers should be stopped doing parliamentary business? Like… campaigning? Good luck. That was one of the things that was so confusing about the pledge card business; it was someone people decrying this one little bit of a game they all continued to play.
Comment by lyndon — June 13, 2011 @ 12:06 pm
Danyl – you are going to make yourself look very stupid. I have seen a video showing how the information was obtained – Nicky has never given details. The video makes it very clear that Labour had the information in the absolute open – not even hidden, let alone secure. On a scale of 0 to 100 it was a 0 for security. This isn’t like someone entering an unlocked home. This is like dumping all your files in the middle of Central Park. There should be mass sackings for this.
And when have I ever not commented on the Hagar e-mails, on the basis I believe laws were broken to obtain them? I’ve commented on them on dozens of occasions. You really should not just invent shit you know.
Comment by David Farrar — June 13, 2011 @ 12:27 pm
Nicky has never given details
Sure he has. In the introduction to his book he explains that the information was given to him by four principled conservative members of the National Party.
Comment by danylmc — June 13, 2011 @ 12:29 pm
Methinks Farrar doth protest too much. I mean come on he has a post telling people to ‘keep an eye out on Whale’s blog on Monday’. But then says he knows nothing about who did it.
Comment by max — June 13, 2011 @ 12:32 pm
Danyl – and he hasn’t explained how those “four principled conservative members of the National party” got the information.
This car I bought was stolen? Hell, I’d never have guessed that. Sure, it had no ownership papers and I bought it down the back of a pub, and it was cheap, and the drivers window was smashed and wires hanging out the steering column. But I bought it fair and square, so no issues there.
Ultimately, Whaleoil isn’t National. He’s a relatively feral right wing blogger. If we’re going to continue the fiction that The Standard is not Labour, how the hell could you plausibly think that Whaleoil is National. He regularly attacks National on his blog, something I see very little of on The Standard.
Comment by PaulL — June 13, 2011 @ 12:48 pm
Max – where did Farrar say he didn’t know who did it? He’s said a number of times that he thinks Whale did it, and it sounds like he said he’s seen video of Whale doing it. So not sure where that particular story came from. There are plenty of things you could attack Farrar for, you might want to try some that are actually true.
Comment by PaulL — June 13, 2011 @ 12:50 pm
Like his grammar.
Comment by Gregor W — June 13, 2011 @ 12:54 pm
If Labour can actually demonstrate that the database was downloaded to a National Party head office IP address, then there may be some real ethical questions here. Who exactly at head office did this? What are they doing with the data? Is it ethical to take possession of people’s private information and not alert anyone that it’s exposed?
On the other hand: leaving people’s private information hanging out there in an unsecured directory? Duh.
Years ago, I got a good little news story out of finding a bunch of work in progress for a corporate website on an open server. I took steps to ensure that the development company and its clients would not be exposed to harm, but still wound up getting sued on a dazzling array of grounds. My employer and the very large company taking the action ended up walking away with our respective costs, but it got pretty lively for a while.
Comment by Russell Brown — June 13, 2011 @ 1:05 pm
I don’t know what standard you have been reading PaulL but I see their writers attacking national fairly frequently.
Comment by Squirrel — June 13, 2011 @ 1:06 pm
The video makes it very clear that Labour had the information in the absolute open – not even hidden, let alone secure. On a scale of 0 to 100 it was a 0 for security. This isn’t like someone entering an unlocked home. This is like dumping all your files in the middle of Central Park.
Still doesn’t mean you can help yourself to it. I suppose you think [redacted on the grounds of overwhelming creepiness - Danyl]
Comment by pollywog — June 13, 2011 @ 1:09 pm
Instead of using all the metaphors to help people think that there was no wrong doing nossirreee, why doesn’t WO/dpf/whomever just lay out how the data was got?
Labour already knows, the hole is presumably fixed…
Comment by Pascal's bookie — June 13, 2011 @ 1:14 pm
DPFThis isn’t like someone entering an unlocked home.
No, DPF, if what you say is true, then this is exactly like the unlocked home.
If your rationale was true then it could be applied to unencrpyted data placed on, say, a CD. However, I’m sure that the music industry will tell you that taking an unauthorised copy of unencypted data freely available on a CD is still theft.
Theft is about whether you take property, physical or otherwise, without permission. It is not about the security that you had to bypass (or not) in order to do so,
Comment by Richard — June 13, 2011 @ 1:18 pm
IrsihBill and Simon Poole – I refer you to the first post in the long lead-up to the actual releases…
“This coming week this blog is going to expose a massive rort of taxpayer money. New Zealand political parties have hidden behind a very shabby system that allows them to use Parliamentary Services funds to campaign, which is against the rules but a nod here and a wink there means they have gotten away with murder.”
http://whaleoil.gotcha.co.nz/index.php/2011/06/illegal-use-of-parliamentary-services-funds/
I’m hoping the other stuff is probably only of interest to those inside the beltway, but expect the vice versa to be true…
Comment by Sam — June 13, 2011 @ 1:26 pm
Sorry – 4th post in the VERY long lead-up…
Comment by Sam — June 13, 2011 @ 1:28 pm
Overwhelming creepiness ?…the case Farrar makes is that if you leave your shit out in the open you deserve to have it fucked with. Extrapolate that notion out and you can arrive at some overwhelming instances of extreme wrongness. But videoing the deed, now that is some creepy bizzo !!!
Comment by pollywog — June 13, 2011 @ 1:29 pm
I look forward to seeing how the ‘it was just lying there’ defence plays out in the public arena.
Perhaps by trying to actually use this data has damaged team Nat’s most playable angle – Labour’s carelessness.
Comment by lyndon — June 13, 2011 @ 1:29 pm
Theft is about whether you take property, physical or otherwise, without permission.
Do I have have permission to read the comments on Labour’s Blog Red Alert? What if I read a post written by an MP, think “what where they thinking? This is dynamite!” and copy and screenshot it, posting it later on my blog when it has been removed?
I lack permission to read it in the first place. I certainly don’t have permission to copy it, and when it is removed from their website it is clear they don’t want anyone to have it or see it. Is my re-posting what I have taken from their site theft?
p.s. you are right theft is about taking property. Whale doesn’t have any of Labour’s property. I’m pretty sure they still have it.
Comment by Graeme Edgeler — June 13, 2011 @ 1:33 pm
Richard….so also the Brash e-mails were theft then? Just asking. By your definition, seems like it must have been.
My view on this – if I put data on a web site that is publicly viewable/available, then I’m really stretching to complain when people download it.
I think Whale has an obligation to be careful in his use of this data. In particular I don’t think he should go releasing personal details of people unless there’s wrongdoing involved, and even then he should be very careful. But he’s well known to be feral, so I won’t be holding my breath on that one.
I think the real question here isn’t about how he obtained the info (that seems pretty obvious, even if someone did tip him off as to where to find it), and not even so much about whether he’s entitled to it. The real question is about whether it shows wrongdoing. That was the argument with the whole Hollowmen affair, my view was it showed nothing more than sausages being made, and everyone knows that’s a messy affair. I’d guess that Whale will have about the same about the Labour party. But, sauce for the goose is sauce for the gander, so I guess now the Labour party gets to buckle up for the ride.
Comment by PaulL — June 13, 2011 @ 1:34 pm
“Perhaps by trying to actually use this data has damaged team Nat’s most playable angle – Labour’s carelessness.” – except that National allegedly gave it to Slater to ‘play’, they can easily publicly distance themselves from both that act, and Slater’s work more generally.
Comment by Sam — June 13, 2011 @ 1:40 pm
PaulL: …so also the Brash e-mails were theft then?
The contention with the Brash emails is that they were passed onto Hager by somebody in National who in fact did have legimate access to those emails. In which case it is not theft.
If the emails were passed onto Hager by somebody who didn’t have legitimate access to them, then sure they were stolen.
Comment by Richard — June 13, 2011 @ 1:42 pm
Graeme:Do I have have permission to read the comments on Labour’s Blog Red Alert?
Yes. Posting comments on an intentionally public forum implies that the public — i.e. you — have permission to read it.
Graeme:Is my re-posting what I have taken from their site theft?
Is providing a bit-torrent of a copyrighted work theft?
Graeme:Whale doesn’t have any of Labour’s property…
If you want to argue that property needs to be physical and information can’t be property, then there is a lot of law around intellectual property and copyright that argues against you.
Comment by Richard — June 13, 2011 @ 1:49 pm
The contention with the Brash emails is that they were passed onto Hager by somebody in National who in fact did have legimate access to those emails.
I believe Whale’s contention is that everyone has had legitimate access to this information because it is publicly accessible on a public website.
Comment by Graeme Edgeler — June 13, 2011 @ 1:50 pm
Richard: Is providing a bit-torrent of a copyrighted work theft?
No.
Richard: If you want to argue that property needs to be physical and information can’t be property, then there is a lot of law around intellectual property and copyright that argues against you.
Whale doesn’t have the intellectual property in this database. Labour does. If Whale has taken the IP in this information, such that anyone using the information (including Labour) is breaching an IP right of Whale’s, or such that Labour no longer has it, then it would be fair to say he’s stolen their intellectual property. Given that he hasn’t, and doesn’t, this isn’t theft of intellectual property.
Comment by Graeme Edgeler — June 13, 2011 @ 1:56 pm
As far as I can tell, then, Mr. Farrar would have no issue if I took the opportunity, whilst wandering past his curently un-occupied desk, to quickly download all his personal stuff from his iPad and mobile phone then gleefully publish all that information? After all, it was just there, waiting to be accessed. no laws were broken.
Comment by Sanctuary — June 13, 2011 @ 1:59 pm
After all, it was just there, waiting to be accessed. no laws were broken.
Care to back up your final sentence?
Comment by Graeme Edgeler — June 13, 2011 @ 2:01 pm
“…Care to back up your final sentence…?
Me? Why, surely you mean to direct that question to the blogger I gave the information to?
Comment by Sanctuary — June 13, 2011 @ 2:12 pm
I was under the impression that it was Simon Power wot gave the emails to Nicky Hager.
Comment by Dr Foster — June 13, 2011 @ 2:19 pm
The burning issue isn’t so much the breach itself, but the potential misuse of the data in a neo-McCarthyist manner. Especially if it led to thousands going the way of Jim Salinger.
Comment by DeepRed — June 13, 2011 @ 2:23 pm
Graeme,
Yes, that seems to be Whale’s contention. Which is why this is exactly like an unlocked house.
Would a reasonable person assume that this was private information, that happened (due to where it was put) to be accidentally available to the public. Or is it reasonable to assume that Labour was making this information publically available.
A similar argument would be, if you found a flashdrive left on a train, that contained unencrypyted banking details (say, credit card numbers and billing details). Would it be stealing to make use of this information?
Comment by Richard — June 13, 2011 @ 2:28 pm
Yes, that seems to be Whale’s contention. Which is why this is exactly like an unlocked house.
Except it’s still there. Which is exactly why it’s not like taking something from an unlocked house. It’s also not like that because an unlocked house isn’t public.
Would it be stealing to make use of this information?
Use how?
If you used it to steal? Yes.
If you put it on your website? No (although this might be seen as encouraging others to steal, which might make you liable as a party).
Would a reasonable person assume that this was private information, that happened (due to where it was put) to be accidentally available to the public. Or is it reasonable to assume that Labour was making this information publically available.
Criminal liability for theft does not turn on such questions.
Your analogy is more analogous with the following: a boss saying to a staff member: if you work Christmas day with me, you can have everything in the tip jar at the end of the day. The boss then takes off her engagement ring to clean something, and puts it in the tip jar, where it stays until the end of the day. Would you assume it wasn’t supposed to be there? Yes. Would taking it be theft? No.
Comment by Graeme Edgeler — June 13, 2011 @ 2:43 pm
‘And when have I ever not commented on the Hagar e-mails, on the basis I believe laws were broken to obtain them? I’ve commented on them on dozens of occasions. You really should not just invent shit you know.’
8 March 2010
[DPF: As far as I know Hager has not broken any laws. The person or persons who took them almost certainly did…..
Comment by ieuan — June 13, 2011 @ 2:47 pm
I see it, in my completely uninformed way, thus: If you put something on the www, then you’ve published it. You can restrict that publication to certain parts of the www, but obviously Labour didn’t do that in this case, whether they intended to or not, they just published it (i.e. put it in the public domain). The analogy is if they self published a newspaper and then left a stack of them in one of those free papers stands that litter our footpaths – is it immoral to pick up a copy, read it, reblog it, etc…?
Comment by Sam — June 13, 2011 @ 2:48 pm
“Is providing a bit-torrent of a copyrighted work theft?
No.”
Possibly not that clear-cut. Wouldn’t it depend on what permissions/licences the copyright owner has granted?
“Whale doesn’t have the intellectual property in this database. Labour does. If Whale has taken the IP in this information, such that anyone using the information (including Labour) is breaching an IP right of Whale’s, or such that Labour no longer has it, then it would be fair to say he’s stolen their intellectual property. Given that he hasn’t, and doesn’t, this isn’t theft of intellectual property.”
From an IP POV, the law around ‘databases’ is also not that clear cut. See here:
http://www.baldwins.com/australian-and-new-zealand-copyright-law-for-databases-compilations-and-directories/
I don’t knwo what other law might be applicable (e.g. privacy), but from an IP perspective, Labour might be pushing shit uphill.
Comment by Rich (the other one) — June 13, 2011 @ 2:48 pm
Rich, providing a torrent file is not copyright infringement because a torrent file contains no copyrighted material. The fact that ti might enable someone to access copyrighted material without authorisation is another thing.
L
Comment by Lew — June 13, 2011 @ 2:50 pm
A quick look at statute.
Crimes Act 1961 No 43 (as at 01 June 2010), Public Act
Part 10 Crimes against rights of property
Unlawful Taking
219 Theft or Stealing
Theft or stealing is the act of,—
(a) dishonestly and without claim of right, taking any property with intent to deprive any owner permanently of that property or of any interest in that property; or
(b) dishonestly and without claim of right, using or dealing with any property with intent to deprive any owner permanently of that property or of any interest in that property after obtaining possession of, or control over, the property in whatever manner.
Probably doesn’t satisfy ‘permanently deprived of property’ but ‘interest in that property’ might be applicable.
More pertinently…..
228 Dishonestly taking or using document
Every one is liable to imprisonment for a term not exceeding 7 years who, with intent to obtain any property, service, pecuniary advantage, or valuable consideration,—
(a) dishonestly and without claim of right, takes or obtains any document; or
(b) dishonestly and without claim of right, uses or attempts to use any document.
Crimes invloving Computers
252 Accessing computer system without authorisation
(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.
Didn’t even want to delve into the areas of accessory, conspiracy or accessory after the fact.
Comment by Gregor W — June 13, 2011 @ 2:53 pm
Crimes involving Computers…
Slater didn’t access their computer system – just pages on the web… I think that probably makes a difference
Comment by Sam — June 13, 2011 @ 3:15 pm
Possibly not that clear-cut. Wouldn’t it depend on what permissions/licences the copyright owner has granted?
No. Permissions or licences may impact on copyright violations, etc. They couldn’t make it theft.
Comment by Graeme Edgeler — June 13, 2011 @ 3:23 pm
Gregor W – in relation to section 252, you ignore subsection (2):
(2)To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access.
Whale is (implicitly, along with everyone else) authorised to access the Labour server to glean public information from it. Should he have gone further than he may have been implicitly allowed would not be a crime against s 252(1) because s 252(2) says it isn’t.
Comment by Graeme Edgeler — June 13, 2011 @ 3:29 pm
@ Graeme E
Not ignored – I didn’t consider it material as a court would need to determine whether he is explicitly ‘authorised’ or not.
I understand that the intent of 252(2) is to provide cover for authorised administrators and the like.
It comes down to the interpretation of whether the computer / drive share and by default, the files in question were present in the public domain through deliberate policy or through ommision.
Ommission (equivalent to the ‘house unlocked’ position) is not a green light for appropriation.
Possibly a better analogy would be taking and reading somebody’s mail (private data) that found itself on the street (public domain).
Even if the addressee or their respective agent(s) acted irresponsibly in not securing their property either by ommission or comission (i.e. tossed it out of the mailbox onto the street) thereby causing the mail to ‘fall into’ the public domain, the act of opening the mail and acting upon the information contained therein (to the detriment of the ‘owner’ of that information) raises some legal issues.
Note – the above was intended to be analagous, not a specific comparison to or interpretation of the Postal Services Act 1998 s19, 20, 23 (in case you care)
Comment by Gregor W — June 13, 2011 @ 4:06 pm
Lawyer up everyone….
Comment by max — June 13, 2011 @ 4:12 pm
Is “publishing something on the web” the same or different to “accidentally leaving a copy of some data in a directory on a webserver that is not protected by a .htaccess file and able to be browsed by people who know enough about what they are doing to use a rudimentary exploit of guessing file and folder names”?
And is that different to “doing the above with the copy of the data, and also not taking steps to prevent the data being found and indexed by search engines”?
Where does the legal line get drawn in relation to poking around on people’s webservers outside of the intentionally-published web content files and folder structures?
Comment by Progger — June 13, 2011 @ 4:18 pm
Possibly a better analogy would be taking and reading somebody’s mail (private data) that found itself on the street (public domain).
Change it to a postcard, which they read, take a photograph of, and then leave exactly where it’s found and we might be getting close.
Comment by Graeme Edgeler — June 13, 2011 @ 4:19 pm
Yes, correct Max. This is diversion to the utmost.
To my mind, it’s pretty clear that Labour’s carelessness have left this information accessible. And same as the Don Brash e-mails, there’s lots of discussion about the theory of the law, and whether copying something is the same as stealing it, and whether there is implied or explicit access, and whether it is moral to use it. And, the same way as the Brash material was used, I’m pretty sure this material will be used.
The discussion should be more about what the material shows. Is it OK that Labour party staffers paid for from Parliamentary Services have been taking donations? Is that a breach of the rules? Same way that the Brash debate shifted from how the mails were acquired to whether or not he had meetings with the Brethren and other things. And, I’d guess, if you have a few hundred pages of documents, there’s something in there you can make look bad. No way to avoid it. Same as with Brash.
And, again, as I’ve said before. Many on the left reveled in that particular mess. So now, turn about.
Comment by PaulL — June 13, 2011 @ 4:23 pm
@ Graeme E
Change it to a postcard, which they read, take a photograph of, and then leave exactly where it’s found and we might be getting close.
I see your point.
At a stretch this might be covered under s 228 wherein (a) ‘obtains’ could reasonably be generation of a fascimile (irrespective of method) of the document and (b) ‘uses or attempts to use’ the fascimile for ‘valuable consideration’.
It all comes down to the interpretation of both ‘valuable consideration’ (qui bono) and whether the usage is demonstrably meets the standard of ‘dishonestly and without claim of right’.
Somehow I doubt it will have the legs but it will be interesting to watch.
Comment by Gregor W — June 13, 2011 @ 4:45 pm
oops -cui bono
Comment by Gregor W — June 13, 2011 @ 4:47 pm
Possibly a better analogy would be taking and reading somebody’s mail (private data) that found itself on the street (public domain).
Journalist ethics in that similar case that involved the SIS, a notebook and a Treasury official, were to flip through the notebook to see if there was anything juicy in it, likely take a copy of the whole thing, publish some noisy stories about parts of the content they thought were “in the public interest” as well as making a big thing about a government security breach, then politely contact Treasury and dutifully return the lost property.
Probably if a (normal and vaguely responsible) journalist had discovered an accidentally dropped list of minor political party donors, they wouldn’t have published any story that specified the individual names or amounts unless something looked very suspicious. They’d probably still take a copy of it, just in case any of those names became more famous in the future. The difference between a (regular) journalist and Slater is that a journalist would be more likely to weigh the public interest against amplifying the probably illegal or unethical breach of privacy that the Labour Party’s mistake initiated.
Comment by MikeM — June 13, 2011 @ 4:50 pm
“Is it OK that Labour party staffers paid for from Parliamentary Services have been taking donations?”
If they were doing it during work hours or using Parliamentary Service computers or telephones, then I’m pretty sure it’s not permitted.
Comment by Kahikatea — June 13, 2011 @ 4:55 pm
“If they were doing it during work hours or using Parliamentary Service computers or telephones, then I’m pretty sure it’s not permitted.”
And I doubt the logs would tell us some of those things – it’s not normal for software to log the IP address of internal users (i.e. those taking the donation), although web servers do normally log the IP addresses of those connecting on the web. I guess it comes down to whether the registering of the donation was through a web hosted application, the log files for which Whale got access to. I suspect not, but you never know.
On “during work hours”, there’s a gaping hole. If I took a donation at 2pm, then is that work hours? Maybe I’m on my (late) lunch break? Most people these days have pretty flexible hours, if I nip out to visit the doctor, or get my hair cut, or visit the dentist, that’s not work business (I deduct the hours off my timesheet, and make them up elsewhere). Same for the staff here – I doubt the info that Whale has is enough to show that they definitely were or were not doing this during “work hours.” Hell of a smoking gun though. This is the media, not a court of law…..I suspect the onous will shift to Labour to show that they have an adequate system in place to track and deduct these hours, and that they are adequately being made up (i.e. people have 40 hours of genuine work a week that was done for parliamentary services).
I reckon this is why people have turned a blind eye to this in the past – it’s damn hard to police. Looks like Whale is going to put a blow torch to it, which should be interesting. Not sure it’s practical to try to fix it though.
Comment by PaulL — June 13, 2011 @ 5:10 pm
On the other hand, were the person in question to be employed both by Parliamentary Services & The Labour Party (as the comments thread on The Standard asserts) then it’d be fine for them to be processing donations, and this whole bluster wouldn’t really be about unveiling mass corruption etc etc blah blah blah…just a vindictive release of information that was accidentally made available..
Comment by Hobbes — June 13, 2011 @ 5:15 pm
Seems Whale has published the video, and some more details. And that the files themselves are still in the google cache – so they were indexed by Google. For me that makes it conclusive – if the files are available on Google search, then it’s hard to call this hacking, or indeed theft (unless Google also stole the files).
He also has some suggestions of evidence that he can prove that PS resources were used for Labour stuff. From the links he has, it looks to be showing that some of the Labour website is living in a directory that is for a different website, and perhaps paid for by PS. Not sure that’s what he’s saying, but looked that way to me. No real time or inclination to look closer, I suspect Whale will detail his allegations at some point.
Comment by PaulL — June 13, 2011 @ 5:31 pm
What PaulL said. FFS, all you had to do was visit the Healthy Homes Healthy Kiwis website. Google cache still shows it.
http://webcache.googleusercontent.com/search?q=cache:N-1owjpIajgJ:www.healthyhomeshealthykiwis.org.nz/+healthyhomeshealthykiwis
Comment by katydid — June 13, 2011 @ 6:17 pm
Slater is a massive fucking mong. The less attention paid to that ginormous elephant vadge, the better.
While you’re all discussing the finer points of the law, someone might want to try giving a fuck about the 18,000 private citizens who have data that fat cunt is threatening to make public. Fail one for privacy laws: any decent party will start attaching criminal sanctions to our half-arsed data protection laws.
Comment by Dizzy — June 13, 2011 @ 7:00 pm
Oh dear, Dizzy you fool.
Comment by abel the amish — June 13, 2011 @ 7:26 pm
No guessing needed. No index page for the website, so anyone entering its url got presented with a list of browsable directories and files, completely unprotected and openable. Basic common or garden negligence.
Comment by annie — June 13, 2011 @ 7:39 pm
Todays earthquakes are good for Phil Goff.
Comment by Adrian — June 13, 2011 @ 8:27 pm
I think the Nats missed a trick here. They should have been able to spin it so that the main story was that Labour was negligent to leave personal data out in the open. By involving Slater they make themselves look sleazy, and that’s the tone the press coverage is starting to take.
Or maybe National’s 2011 slogan will be “We’re scumbags, but we’re competent scumbags.” That actually kind of works for me.
Comment by bradluen — June 13, 2011 @ 8:37 pm
Bradluen: if you start with the assumption that the VRWC is orchestrating this, your comment sort of makes sense. If you start from the assumption that Whale found this himself, and is running with it himself, your comment makes much less sense. Like suggesting that Labour should have better co-ordinated the Nicky Hagar stories to get a better result – as if anyone could control that nut job either.
Comment by PaulL — June 13, 2011 @ 8:47 pm
Adrian wrote: “Todays earthquakes are good for Phil Goff.”
really? why?
Comment by Kahikatea — June 13, 2011 @ 8:57 pm
The fact that a mere web jockey like Slater fucked over Labour so well and truly, proves they deserve to finish in the third place they surely will next election.
Comment by gn — June 13, 2011 @ 9:19 pm
From the comments made by both party presidents it seems that the National ‘techie’ or ‘highly placed staffer’ (decision on which depends on your political colours) actually new about, and accessed, the information before Slater. Slater was told after it had been found. This would make your comments in 76 wrong PaulL.
Now if Slater had found the information first and then the National IP address had accessed the information you could try and make the argument you are currently – but that just didn’t happen.
So it goes something like this: National hack is trawling through Labour’s website trying to find any information he can; said staffer then finds that Labour are incompetent at keeping data secret and discovers a cache of information about donors etc; staffer then calls someone else (my own suspicion here would be someone high up in the National party spin machine); contact is then made to Slater to get the info out so that it is clear of National finger prints; Slater begins ridiculous ‘I am just like Julian Assange’ campaign; the new Labour party president (who I already like better than the old one) reveals that National are actually involved…
And that my friends has just covered Key et al in a whole lot of slime (echoes of Labour and the Williams shambles of ’08). What is worse is that it looks like it is only the names of $50 giving grannies that will be released. The total is only $11,000 – their aren’t going to be any big fish here. I see an own goal.
Labour are really effective at destroying themselves. YOU DON’T NEED TO HELP THEM NATIONAL.
Comment by Tim — June 13, 2011 @ 9:44 pm
http://privacy.org.nz/new-cyber-security-strategy-a-welcome-start-says-privacy-commissioner/
MEDIA RELEASE
8 June 2011
Privacy Commissioner Marie Shroff today called the Government’s new cyber security strategy “a welcome start towards protecting New Zealanders against online misuses of their personal information”.
Rolled on the floor laughing my fucking head off. I actually wanted to write that ! Clearly the Privacy Commision is in on it as well. Why else would they have a whole press campaign a few days ago.
You couldn’t make it up.
Comment by Andy C — June 13, 2011 @ 11:49 pm
Also I note in the Complaints section of the Act “It shall not be a defence to proceedings under section 82 or section 83 that the interference was unintentional or without negligence on the part of the defendant”. It would seem that a offence has been commited regardless of how the data was obtained.
Comment by Andy C — June 14, 2011 @ 12:10 am
Now if Slater had found the information first and then the National IP address had accessed the information you could try and make the argument you are currently – but that just didn’t happen.
Cam says it’s false. And given that he has the access logs, he’d actually know
Comment by Graeme Edgeler — June 14, 2011 @ 2:19 am
@ David Farrar – danyl actually said that “as per the Don Brash emails”, you will “be unable to comment on the contents” of Slater’s revelations. Which is quite different to your claim – that you have “commented on them [the Hagar book claims] on dozens of occasions”…. “on the basis [you] believe laws were broken to obtain them”. Your comments on how Hagar obtained his info is not the same as you commenting on the content of Hagar’s claims.
And Slater did “[exploit] a security flaw in the Labour Party website” – the security flaw was that there (temporarily) was no security
Comment by bob — June 14, 2011 @ 5:03 am
If Cameron Slater’s father wasn’t a silverspooner he would be either totally ignored, in a mental heath unit or in prison, two laws bro, one for the sons of the rich, one for the poor.
Comment by John — June 14, 2011 @ 8:26 am
@bob – DPF has commented on the contents of the Hager leaks on a number of occasions.
Also, comment #83 is withdrawn:
http://www.nbr.co.nz/article/national-admits-labour-data-breach-denies-passing-names-whaleoil-ck-95242
Comment by Graeme Edgeler — June 14, 2011 @ 8:49 am
Surely the most important lesson from this whole messy incident is that Slater should get off his fat arse and get a job already.
Comment by Cam — June 16, 2011 @ 10:36 pm