Blown up in National’s faces

Written By: - Date published: 6:26 am, June 14th, 2011 - 385 comments
Categories: blogs, Ethics, national, Spying - Tags: ,

The truth is coming out about National’s taking of data from a Labour web site. The National Business Review reports:

National admits Labour data breach – but denies passing names to Whaleoil

National admits Labour data breach. Of course they didn’t need to actually pass the names to their pet blogger, just send him a carefully written set of instructions as to how to do it himself.

The National Party has admitted exploiting a security hole in the Labour Party website but denies passing data to a right-wing blogger who plans to release the names of Labour Party donors.

Admitted exploiting a security hole. So not just lying about to be read then, a security hole to be exploited.

The Privacy Commissioner has raised concerns and is monitoring the situation.

Yeah I’ll bet. I genuinely hope Slater stays calm and doesn’t publish his list of names, because he really doesn’t need any more legal strife in his life. His comments elsewhere suggest he has backed down on his threats to publish the private data – and that’s all his supposed ‘scoop’ consists of. No doubt he has had legal advice on the consequences – both under the Privacy Act and the Crimes Act.

The confession means lawyers’ opinons sought by NBR now apply in part to Natonal’s situation as well as Whaleoil blogger Cameron Slater …

Confession. No doubt the Nats are desperately pressuring Slater to shut up. This has blown up in their faces. Their line has suddenly changed from ‘look what we’ve got – mega-scandal coming!’ to the much weaker ‘ha ha, Labour left its backdoor open’

Those crowing about Labour’s techies being silly enough to leave a security hole should also remember that National’s were apparently too dumb to work out that they were leaving their IP fingerprints all over the place. The data logs, which have been distributed to The Standard and other media, clearly show a National Party HQ IP using the backdoor into the Labour Party site for 2 hours, days before Slater first visits.

National Party president Peter Goodfellow said that was a “beat-up”. A head office staffer accessed the data but only out of concern that National’s own website had similar vulnerabilities.

Come on guys – you had hours – that’s the best you could come up with? It’s worse than the dog ate my homework!

Privacy Commissioner Marie Shroff today said the Labour Party had alerted her to the case. “I understand the information gained has also been sent to third parties. This chain of events concerns me,” she said. People affected by the data breach could contact her office, she said.

Excellent advice.

There are some similarities between current events and both the Hollow Men leaks and the taping of conversations at National’s conference in 2008. But do keep in mind one important difference. Whereas Labour wasn’t involved in either of those events, the Nats ran this one out of their head office. They would have kept quite and let Slater front it, but they got caught out by the IP logs. In short, National ran a grubby, amoral little operation, with no point except to intimidate innocent individuals. Fortunately for everyone it has blown up in their faces.

Update: Did National have a moral duty to inform Labour about the security hole instead of exploiting it? Of course they did. In the same way that Phil Goff quietly let Key know about Worth’s unsavoury behaviour weeks before it became public. Labour and National have very different standards in this respect.

385 comments on “Blown up in National’s faces ”

  1. infused 1

    lol no security is not a secuirty hole. Reporters need to get a clue. R0B you’re a bit smarted than that. It’s a bit obvious the reporter is confusion two different things. The directories had no security applied. That is not an exploit. An exploit is exploiting some bug in the system to gain access. This didn’t happen.

    • Eddie 1.1

      don’t confuse techie definitions and legal ones. There’s no need for Slater’s possession of the data to be a result of a ‘hack’ for it to be illegal for him to have or publish it.

      • infused 1.1.1

        That’s not what I’m saying. It’s annoying seeing people use incorrect terms and phrases which mean and imply completely different things.

        • seeker 1.1.1.1

          infused,
          yes, it certainly is'”annoying'”.

          National, John, Bill, and Stevie in particular, and many in MSM, it’s sycophantic phalanx , annoy the living daylights out of me by doing just the very thing you have described. One that springs to mind is “Brighter Future” !!?!

    • lprent 1.2

      It is pretty clear that the National Party are involved in this up to their necks. Their response has not been one of a responsible citizen of the net. The correct response when you find a hole like this is to tell the admin of the site that they have a problem so they can get it fixed. You do it quietly so the vultures around the net don’t come and start scavenging.

      That is what has happened here on a couple of occasions from right wing techs when there has been a problem. I have done it for various sites of different persuasions in the past.

      The tech who found this breach didn’t do this. Instead he/she decided to play grubby politics with it – getting Whale involved is a pretty sure sign.

      Infused: you damn well know that this is the case. The net is enough of a pain in the arse environment as it is with the various ecological parasites we have to put up with every day. We don’t need more idiots with skills tryingto screw it up further.

      But I have to say that the Labour webmins could do with some paranoia systems training.

      • Portion Control 1.2.1

        HAHAHAHAHA! I saw that line from Moira yesterday, really you guys are desperate. So National had a duty to tell Labour that Labour had fucked up. Riiiiiiiiight. Just like Labour went straight to National when they heard that somebody had infiltrated a National Party conference and secretly recorded tapes of phone conversations. Or just like how Trevor Mallard went and told National when he found National Party policy documents hanging around Copperfields that he had found them and handed them back without publishing them.

        This is politics for fuck’s sake. Own your own fuckups. There was no hacking, there was no breach of security, and any spin from Labour on this is just totally desperate stuff.

        • lprent 1.2.1.1

          I don’t recall that there has been suggestions of a intrusive hack. Just an exploit of a idiotic weakness, the type that happens frequently in complex systems (ask Sony). The Labour techs closed that as soon as they knew there was a problem.

          So you think that politics consists of deliberately putting thousands of people’s information in the hands of a known unstable fool with no sense of responsibility and a habit of weaving lies with the information that he does have (does it about me all of the time)? Why – did they do that? Well it appears that they did it because those thousands supported the wrong party. I suspect that is going to be the enduring image of this saga.

          I suspect that story will have far more impact on the public than any benefit the Nats get. It is the same story as Paula Bennett persecuting two woman on the DPB using private information because they disagreed with her. It is very stupid politics.
          Because that is what looks like what National did.

          In the meantime, I’d have to say that you appear to have a vacuole where your sense of political ethics should be. Perhaps you should examine that?

          • Inventory2 1.2.1.1.1

            Of course Lyn, if you found a hole in National’s system, you’d get on the phone to National HQ eh…

            Pardon my scepticism.

            • Lanthanide 1.2.1.1.1.1

              Um, actually, I honestly think he would.

              • SHG

                Here’s some advice for Labour. Because the Labour webserver was publishing all this material, Google indexed various config files containing usernames and passwords of an internal SQL server and has been presenting these to searchers for who knows how many months:

                http://www.google.com/search?ie=UTF-8&q=site%3Ahealthyhomeshealthykiwis.org.nz+password

                If that server has ever been used for anything remotely important it needs to be blown away and rebuilt from bare metal. Anything it has ever been connected to needs to be blown away and rebuilt from bare metal.

            • bbfloyd 1.2.1.1.1.2

              assuming similar ethics to others as ones own displays a lack of balance in ones makeup. inventory, are you really that “comfortable” exposing yourself as a shallow, reactive thinker?

            • lprent 1.2.1.1.1.3

              ..if you found a hole in National’s system, you’d get on the phone to National HQ

              Yes, but e-mail (phones are a pain).

              Anyone who has setup systems exposed to the net is painfully aware of how difficult it is to fully  secure them.

              And FYI there have been quite a few very useful e-mails from IT righties to me (including some that I have banned at some or another) over the years running this site pointing out problems that they have seen so I can fix them. Some have potentially been serious.

              It is the script kiddies like Whale who are the usual pain in the arse. They usually grow out of it when they leave adolescence . But Whales appears to be somewhat protracted.

            • Frank Macskasy 1.2.1.1.1.4

              Actually, I believe Lprent. Web admins have a degree of empathy toward each other, because of the sh*t they have to put up with. It’s a common bond, created when web admins share the same difficulties.

              To illustrate; during the 1993 MMP campaign, I was assisting the ERC with erecting and maintaining the big yellow billboards that were so ubiquitous at the time. http://mp.natlib.govt.nz/image/?imageId=images-40992&profile=access

              Like billboards from political parties, we suffered considerable vandalism. Some of it mindless idiocy – some of it political (you could quickly tell). As well as fixing up our own billboards, we’d often do a quick “patch up” job on billboards belonging to The Alliance (of which I was a member), Labour, and even parties I opposed, such as National and NZ First.

              In other instances, we let billboard co-ordinators, of other Parties, know if their frames or facings required more considerable repair work.

              At one stage we even offered a reward to anyone who could identify any person damaging ANY billboard – not just our own. (That’s how frustrating the vandalism got.)

              And lastly, one of the National Party billboards, opposite the old (now defunct) Burma Motor Lodge, was “protected” in such a way that it bordered on illegal. We could easily have contacted the media and dobbed them in with with a “hot story”. It would’ve been highly embarressing for the Nats.

              But you know what, Inventory2 – we didn’t. As little sympathy as I have for National Party policies, I had a great deal of empathy with those volunteers, unpaid, like me, who go out and put these things up – only to have some moron damage them.

              So yeah, it actually IS possible for political activists to share an empathy when it comes to common hassles in life.

              It just proves that we’re human, at the end of the day.

              • lprent

                It is pretty common. Campaigns are long and arduous, and after you’ve done your second or third one, distinctly boring requiring an act of will to persist with.

                You know I often wonder how much time Cameron has spent campaigning, because I get the impression that it is bugger all. Based on the number of people I have seen him attempt to work with over the last few years (Cactus Kate being the most public), I feel that he hasn’t really cottoned on to the basic principles of this new idea of cooperation.

                One of the reasons that that this site is mostly fun to operate is because all of the people on it are pretty skilled at cooperating. We don’t have to met or even talk too often, and things just get done. It makes it relatively easy to keep it up and slowly growing. But part of that is because almost all of us have been campaigners for various parties over the years..

          • Portion Control 1.2.1.1.2

            Lyn said “I don’t recall that there has been suggestions of a intrusive hack. Just an exploit of a idiotic weakness, the type that happens frequently in complex systems (ask Sony). The Labour techs closed that as soon as they knew there was a problem.”

            Hmmm let’s see some of the posts here since it happened. “National’s raid on Labour donor data was a grubby, amoral little operation…” From rob in the title of this post. From rob yesterday: “To anyone who is angry at being named, please don’t blame some hapless web admin working for Labour. Please blame the people who took this information and illegally made it public.” Also in his post. Conveniently ignoring that it was LABOUR WHO MADE IT PUBLIC, not Slater.

            Or did you see Eddie’s post yesterday titled “Nats steal labour donor data”, followed by “The Nats breached the Labour Party website and stole a list of online donors.” Then “It will be interesting to learn if the actual breach was made by Slater, whose tech skills are poor, or someone else in National.”

            And then we have mickeysavage spinning wildly and saying he thinks somebody within National sabotaged Labour’s site so the data could be visible. Again HAHAHAHAHA. Such a totally dishonest claim from a labour party insider, and you know it.

            You are right Lyn nobody used the term “intrusive hack” but everything said by the spin machine on this blog from your side suggested that it was some cunning high tech ploy to illegally access information. When in fact it was made by some bozo sickness beneficiary who visited the front page of a Labour website.

            What I haven’t heard from rob or Eddie is outrage that Labour put so much personal data at risk and calling for heads to roll. Why, because they’re more interested in running prop lines for labour adn crying wahwah than holding Labour to account for their fuckups.

            I’m sorry, the Labour Party is not Sony. It is a political party that is required by law to protect personal data. If you could put a list of the most sensitive pieces of information that the Labour Party has ANYWHERE it wouldn’t be the exact colour of the hair dye that Phil Goff uses or some new unfeasible plan to reform tax. It would be membership and donor data. All of which were compromised by Labour.

            • mickysavage 1.2.1.1.2.1

              And then we have mickeysavage spinning wildly and saying he thinks somebody within National sabotaged Labour’s site so the data could be visible.
               
              BS.
               
              Prove it.  I said that the site was crippled, I did not say that National Party was responsible.  It may have been hacked.  I had a site myself that was hacked and showed the same characteristics.
               
              Edit: PC It appears that you have not posted here until yesterday and you are suddenly very busy. I wonder where your comments are coming from?

              • Portion Control

                How did you know that mickysavage, did you HACK the Standard’s website and cripple it to find out? Or did you use that new google thing? Hahaha, yes I’m a new commentor and like you and most people here I’m anonymous. Luckily by the looks of things Lyn is much smarter than the Labour Party and he won’t be so stupid as to cripple his own blog so that you can find out my personal information.

                I’m sorry your site was hacked but there is no evidence of any deliberate attempt to cripple Labour’s site, not even Labour have said this in their wildest spin.

                In your strange world is every guy who chats up a girl in a bar and buys her a drink part of a global conspiracy by coca cola to push their brand?

              • SHG

                I said that the site was crippled

                The site wasn’t crippled. It was functioning perfectly normally, doing exactly what it was configured to do: publish information.

                The information wasn’t crippled, hidden, private, or secret. Wishing that it was can’t change anything.

              • bbfloyd

                i’m trying to figure out which nat front bencher he sounds like.

            • lprent 1.2.1.1.2.2

              You are right Lyn nobody used the term “intrusive hack” but everything said by the spin machine on this blog from your side suggested that it was some cunning high tech ploy to illegally access information. When in fact it was made by some bozo sickness beneficiary who visited the front page of a Labour website.

              No they didn’t.

              What they said was there was a lamentable security breach by Labour, that what Whale was threatening to do with the information was a privacy issue and probably illegal as well, and that it was likely that Whale was fed the information about how to read the information by someone from the National party (because Whale is too impaired to do it himself).

              Those were in the first posts and most of the subsequent ones. It appears that all of these are correct.

            • felix 1.2.1.1.2.3

              “You are right Lyn nobody used the term “intrusive hack” but everything said by the spin machine on this blog from your side suggested that it was some cunning high tech ploy to illegally access information.”

              And yet strangely none of the quotes you list in your 2nd paragraph support this assertion at all, instead they all seem to support Lynn’s.

          • MikeE 1.2.1.1.3

            “The Labour techs closed that as soon as they knew there was a problem.”

            They’ve done a pretty crappy job of that considering its all still cached on google and freely accessible.

          • Peter 1.2.1.1.4

            I read this with amusement. I have no political or other connection with NZ, however I read political blogs. The reason? The absolute lack of ethics. It is all about the side not the facts.

            Am I mistaken, or did the holier than thou people crying foul here, jump at the chance to leak emails before some election? Iprent, I just went and had a look at some of your responses at the time. At the time I agreed with you. Now? Oh the nasty truth of Google Cache.

            • lprent 1.2.1.1.4.1

              What are you waffling about? I have never leaked e-mails. I can’t remember us discussing leaked e-mails here that haven’t been in the MSM first.

              Comments on this system don’t get deleted after the moderation sweeps are done. There are hundreds of thousands of them (close to 300k now) and 7256 of them are mine.

              If you want to insinuate, then don’t. It is a bloody fast way to irritate me when when I’m moderating. Link to whatever you’re bullshitting about.

              • Peter

                I did not suggest you leaked emails. Geez. I was talking about the defense of that green activist releasing the emails of Don Brash. Mate if you have this type of reaction to some-one who is totally impartial, there is no wonder that boofheads like Slater is getting under your skin.
                http://thestandard.org.nz/brash-emails-hit-headlines-again-for-the-wrong-reason/ Not a word of condemnation here….
                And a number of others. I never said you or any of the other authors of the Standard was involved. I simply said that the tone of the conversation was totally the opposite on a subject that is incredibly similar.
                Now I get that you ware constantly being attacked by the likes of Mr Ego (DPF) at Kiwiblog (he reminds me of our own Kevin Rudd http://7pmproject.com.au/video.htm?movideo_p=39696&movideo_m=112455) however, if you are politically immature enough not to see non partisan observations as such… well I am sure Whale Oil can use a guest author.

                • Peter

                  Oh and “It is a bloody fast way to irritate me when when I’m moderating….. ”

                  WTF is that? Mate you sound like you cannot wait for weekends to grab a white coat and a clipboard to direct traffic at a show! In NZ people might cower at such authoritarian crap … In other countries we find it a little sad and condescending. If you dont want debate, dont have comments.

                • Peter

                  I apologise, I did in fact suggest that you leaked emails, when I meant to say the response to leaked emails. I apologise with out hesitation, the sentiments remains however.

                  • Anne

                    Okay Peter and the rest of you ignorami (yeah made the word up) here is a piece of the foreword to the Hollow Men by Marilyn Waring – former National Party member of parliament:

                    The National Party sources were prompted to blow the whistle because they believed their party was behaving in dishonest, unprincipled and even unlawful ways. In the Hollow Men we are able to see- up close and in the participants’ own words – the secret backers behind Don Brash’s successful leadership challange…. the cynical imported election campaign techniques and foreign advisers (read Crosby/Textor and Lord Ashley) and much, much more.

                    Why don’t you read the book. Nah… you don’t want to be educated. Good grief, that would drag you out of perpetual denial and force you to face the truth.

                • lprent

                  Hager ? Don’t think that he can be defined as being green. More defined as being a journalist.

                  You haven’t read those posts very well. Covered by a different sets of law in the two cases. I suspect you don’t have good grasp on that (and please avoid some of the strained analogies that don’t relate to the actual law).

                  Whoever leaked those e-mails to Hager could and almost certainly would be persecuted because we don’t have particularly good whistle blower laws here. The police were unable to find out who that person was, but they did conclude that it was highly unlikely to have been an external hack. But there was very little (if anything) in any of the posts about Hagers book on whoever that was – apart from some speculation about identity. It was hard to condemn or praise someone(s) when we didn’t even know if they were entitled to release those papers (that is after all why we have courts to determine these things).

                  However we do have some quite extensive laws covering the roles of journalists ranging from the BORA to specific clauses in various acts for their part of “in the public interest”. Nicky Hager clearly falls under those in a legal sense. That was why the police investigated him and concluded that it was impossible to make a case that would stand up in court. Almost all of the content of our posts was about what got legally published.

                  Whale does not fall under any of those provisions apart from the freedom of expression in the BORA. We know what he did – he boasted and video’ed it. It was not some unknown where there were many facts in dispute.

                  Whale may pretend to be some kind of journalist and be acting in the public interest (and I think that he argued that on his contempt of court suppression hearings and that failed badly) but he is not under the current legal structure. So as he probably found out this week when he talked to lawyer that puts some quite severe restrictions on what he can do with or even if he can hold private information he acquires in the manner that he did.

                  If he wishes to determine that then he can go into court and find out. Most of the posts and comment here this week were either about that or his association with National in finding the access point. It was quite a different discussion because the circumstances of the case are quite different legally.

                  • Peter

                    I stand corrected on Hager, I just read some stories at the time that he was a green. As for Slater being a journalist, well then I must be a small green spaceman.

                    That is not important. And you are arguing the wrong end of the argument. Lets deal with that first. hager got the emails from some-one who got it illegally, once he had them I was all in favour of him publishing them ( Anne, grow up)

                    Slater got his legally, yet I believe that it is petty to play “will I wont I” with them. ( Small things amuse small minds I guess) I cannot see what the point is to reveal highly personal information. (Unless there is in them proof of corruption or some crime – which there is not) .

                    That is what I am talking about. The fact that once both sets of information was out there ( that is the legal points you are going on about) My point is the reaction to what is done or is threatened to be done with the info. As I said, I love polblogs just because it shows up this really amusing part of human nature. The inability to see past one’s ideological mastheads and the mindless spin to try and justify that. And trust me you only have to look at Slater’s site to see a mirror. However it is also this amusing but dangerous trait that sees us stagnate and lose elections.

                    Anne, as far as education goes, I did okay. You just proved my point, by not reading what I was saying and just accepting that I was on the opposite side of the political spectrum than the authors of the Standard. I am will always be part the left of the ALP. I dispair because it is people similar to yourself (talk before reading, chanting silly lines by rote) that has seen us in strife here in NSW and you in strife in NZ.

                    • Anne

                      Get this one inside your head once and for all Peter.

                      Hagar’s emails were not obtained illegally. They were passed on to him by National Party insiders who clearly had legitimate access to them. They were appalled at what they saw going on in their own Party. Very brave people and I take my hat off to them.

                      Slater on the other hand exploited a vulnerable Labour Party site and extracted information he had no legitimate right to access.

                    • Peter

                      And with Anne’s reply above I rest my case. Until we get rid of emotional, mindless and irrational reasoning like that the bloody tories will keep kicking our ass. Anne please read before you speak. I did that before and apologised. We are not talking about how the bloody stuff was obtained, we are talking about what happens after. Christ you will turn me into a sexist bastard in a minute.

                      Nah screw it, I will get sexist. Anne go bake some cookies or something. Jesus your country had the most complete female leader in the world. try and live up to her.

                    • wtl

                      Peter: IMO, the key point is that the information types are not identical. One involves unsavoury dealings of the leaders of a major political party. If Slater was exposing the same level of information in regards to Labour, I would support this being revealed to the public. I cannot speak for the other commentators here, but I would suggest that many of them would feel the same way.

                      However, this is not the case. Instead, personal information of several hundred small donors is involved in the current case. I strongly feel that there is no public interest in this information being revealed to the public, and I fully understand the level of criticism being directed at National and Slater in this case. I don’t agree that it is hypocritical at all, since the only people that could be harmed by the information release are some ordinary NZers who made minor donations to Labour.

                      Furthermore, do you not think that one reason so much vitriol being directed at the perpetrators is that some people are feeling threatened by the possible release of their personal information? Even though they themselves have done nothing wrong, apart from supporting Labour?

                    • lprent

                      Slater maybe got his legally. However using it would not be legal because he isn’t covered by journalist protections – unless he gets a ruling to say so from the court (unlikely the legislation is pretty tight).

                      The police would almost certainly have to take it to court to find out what ‘authorized’ means in terms of the Crimes Act. As far as I can see it has never come up in court where it relates to the net and an inadvertent security hole.

                      Looking at the legislation, I suspect that it will depend on criminal intent and/or gain. The police would have to show that he took the data with the intent of using it in a manner to make gain from it. Since he was apparently intending to publish it on his site which carries advertising, then that wouldn’t be that hard to prove (this controversy has certainly kicked our traffic up after ANZAC day).

                      You can probably argue a case for implicit blackmail which is covered by several parts of the crimes act. “Donate to Labour and Whale will expose you for his sites profit”, “Civil servants who are secretly members of the communist party” oops sorry that was a 50’s one for a senate committee. It’d be a stretch but the type of charge that the police would add since it is going to court anyway.

                      Apart from that, there are privacy issues which are covered by legislation and which do have some teeth – again largely for people trying to profit from data.

                      You can then get into the civil suits for control of private information and associated damages.

                      Basically if I was Whale, using that data would be the absolute last thing I would do for legal reasons. The best thing he could do is to give it to a journalist and let them take the risks with their protection. Of course they could have gotten their own copies already.

                      Now you’re kind of wrong about the polblogs as well. Sure they are partisan. This type of discussion is what people here were saying as soon as the thing came out (there are quite a few lawyers and IT managers here (plus people like myself who have had to suffer through their ex’s law degrees)). I suspect that Whale and DPF were getting this via e-mail rather than in public. Not to mention that all of the lawyers blogs didn’t think much of his chances of either staying out of prision or winding up spending and eternity in court.

                      That plus the embarrassing server log link to the National party looks like it shut them up pretty damn fast.

                      But the political blogs did exactly what you’d expect. They found the flaws in the other sides argument and thrust those flaws it to their attention before they screwed up too badly. As I was sarcastically commenting to another commentator yesterday – democracies operate on a noisy adversarial basis. It is what makes democracies work. Political blogs operate much the same way as well.

                      In a way it is a pity. Because of what Cameron has done in the past to me and to this site, I have a rather high personal level of dislike for him. It is perhaps a bit unfortunate that he appears to have listened to advice this time.

                      But I’m slow to dislike people and really slow at discarding the animus. I still have a few decades to keep warping the story that wraps Whaleoil. There I nothing political about that.

      • higherstandard 1.2.2

        “But I have to say that the Labour webmins could do with some paranoia systems training.”

        Surely they should have some basic training in IT first.

        You do know that apart from political junkies no one gives a flying fuck about any of this.

        • Blighty 1.2.2.1

          Labour runs on a shoestring. everything goes into campaign materials. They don’t have the resource to invest heaps in IT. So a slip up like this happens.

          It doesn’t say anything about the capabilities of the party to govern. nor is the material that Whale got salacious.

          • Portion Control 1.2.2.1.1

            Oh boohoo, the website was funded by parliamentary services. So either Labour didn’t spend what parliament paid for it on their website and instead spent it on campaign materials which I imagine would be illegal, or whatever they paid for the guys running the website they didn’t get any value from.

            If you’ve got the money to set up a website to collect personal data and manage donors then you’ve got the money to provide basic and competent security to that website.

            • Blighty 1.2.2.1.1.1

              no, this website wasn’t funded by Parliamentary Services, the others were. They share a server but are separately funded.

            • Blighty 1.2.2.1.1.2

              the website holding the data isn’t funded by parliamentary services. Other labour websites are and they are on the same server but funded separately?

              didn’t you notice Slater’s sleight of hand in his video regarding the funding? he points out that other sites on the server are parliament funded but says nothing about the one he accessed to get the data.

              • Portion Control

                I think you will find the healthyhomeshealthykiwis campaign site by Labour had a parliamentary crest on it. That isn’t a big issue though, the point is it was Labour’s web admins who built the site and maintained it, the same people who built and maintained all of Labour’s other sites and they left a big gaping hole that published all their sensitive information to google.

                • Colonial Viper

                  and they left a big gaping hole that published all their sensitive information to google.

                  Nope nothing was published to Google by Labour.

                  Google was able to extract that information with its crawlers. Get it right.

                  • SHG

                    No, Labour published it. The word means something specific in cases like this, and it specifically refers to what Labour’s server did. It published content.

                    • Colonial Viper

                      Ahhhhhh it was the server system that published the content?

                      Thanks for clarifying that.

                    • SHG

                      *groan*

                      yes, in the sense of “no officer, I wasn’t speeding, it was my CAR that was over the limit”, you could say that it wasn’t the Labour Party, it was the Labour Party’s web server that published the content.

                    • Colonial Viper

                      🙂

                      Let’s leave it to the Police prosecutors to sort out shall we

  2. Interesting “denial” by National. They deny passing names or data but do not deny telling the slithery one about the security hole.

    • Eddie 2.1

      they certainly downloaded data themselves. they were in the backdoor from 6:30pm to 8:30pm on May 31st.

      Slater shows up on June 7.

      We’ve been able to confirm the identity of IPs ourselves via myip and our comments log.

      • infused 2.1.1

        Just remember, Google indexed this. There’s a 7 day gap. The IPs you are tracking could just be header IP’s for a bigger network.

        • mickysavage 2.1.1.1

          Infused did you read the post?  In particular did you read the following:

          The National Party has admitted exploiting a security hole in the Labour Party website but denies passing data to a right-wing blogger who plans to release the names of Labour Party donors.

          Or how about this?

          National Party president Peter Goodfellow said that was a “beat-up”. A head office staffer accessed the data but only out of concern that National’s own website had similar vulnerabilities.

          What more proof do you need?

          • Portion Control 2.1.1.1.1

            Where does it say that national admitted exploiting a security hole mickeysavage? So the reporter says: “Did you exploit Labour’s security hole?” And the National techie says: “Well if you mean did I have a look at the front page of their website which included the index and links to all of their donor information then yes, yes I did, I saw it and I pissed my pants laughing and my manager asked what I was laughing about and instructed me to make sure we hadn’t made the same kind of stupid total fuckup too”.

            “Exploited a security hole”. Please. Spying? No visiting the front page of a website isn’t spying rob, so the tag is misplaced. Having somebody go into the leader’s office and copy the outlook pst file onto a data stick is spying. So is sending people into party conferences masquerading as young nats and secretly recording conversations with MPs and then pushing the leaks out in advance on friendly websites.

            When I first read this story I thought Slater had hacked Labour’s site. I thought he had done something cunning like lure Clare Curran into commenting on his blog, making her register before she could comment and then using her registration password to sneakily and illegally infiltrate Labour’s supersensitive data.

            But no. Turns out he just visited the front page of a website.

            • mickysavage 2.1.1.1.1.1

              Um PC
               
              You seem to be trying to throw the thread off.
               
              1.  Infused suggested National did not visit and investigate the site.
              2.  I said they did and provided quotes from the NBR where their president admitted they did so.
              3.  You are jumping up and down about there not being a security hole but a gap.
              4.  We are now in a semantic argument about whether or not there was a “security hole”.
               
              I think your point is irrelevant.  The issue is whether or not they were authorised, and coming across a website that has obviously been compromised does not give you authority to go and have a peek.
               
              And to all those criticising the Party’s sysops we are not dealing with the National Party.  Labour does not have endless amounts of money and is not able to hire the most expensive help.  A lot of it is provided gratis by keen enthusiasts.  Sometimes shit happens.  But this is no reason to go on a feeding frenzy.

              • Portion Control

                Wrong mickysavage. Let me introduce a new word to you. It’s called “the internet”. Anything visible on “the internet” is public unless protected by security. This information was not protected by security. Ergo labour published it.

                • Lanthanide

                  You can have all your little personal definitions of what constitutions “publication” on “the internet” that you like, but it doesn’t actually matter if the people who make and enforce the rules (government, judicial system) don’t agree with you.
                   
                  So, keep telling us that it was “published” – we don’t actually care about your opinion.

                  • SHG

                    No, he’s right, and I speak from personal (legal action) experience. If data residing on a computer you control is served up to visitors, you are the publisher of record.

                    • Lanthanide

                      The point in this case is about whether the data was intentionally published or not. The fact that it was available, and may make you the “publisher of record”, does not mean that you actually meant to publish it.
                       
                      It is not clear from your comment whether your past legal experience is dealing with a similar case.

                    • SHG

                      A commercial entity took offense at the way its services had been described by an unhappy customer in a posting on a website of which I was technically the owner. I knew nothing about it, and had no relationship with either the aggrieved company or its unhappy customer, but I had “published” the material and was thus it was me the company came gunning for.

                      If it’s intent that is the sticking point for you, then picture this. If a typesetting glitch at the Dominion Post caused the frontpage headline to be randomly rearranged to read “DARREN HUGHES CONFESSES TO PEDOPHILE RAPE”, and Hughes sued Fairfax for defamation, do you think “oh that was a mistake, it wasn’t intentionally published,” would be a valid defence?

                    • Colonial Viper

                      Meh if the coppers decide to test this incident in the courts we will find out.

                    • Lanthanide

                      Not really applicable then, because it sounds like the unhappy customer was posting on a forum or comment section. These sections are designed to be accessed by internet goers, as in they are html pages.

                      Site indexes aren’t intended for general consumption by internet goers.

                • bbfloyd

                  pc, how does being a wanker contribute to this discussion? you realise that your comments are misleading party political cant, don’t you.

                  if you really are repeating lines fed to you by the nats, or if you are one of them masquerading as someone else, then i thank you for showing us clearly why we need to expunge the national party from the political landscape.

                • Draco T Bastard

                  Anything visible on “the internet” is public unless protected by security.

                  Wrong, go read the principles of the Privacy Act that I posted yesterday. The law is quite clear about it really. Private information is private unless duly authorised and an open server that is obviously open by mistake is not authorisation.

                  And the National Party spent two hours in there. You don’t do that if you’re testing your own security. If you’re testing you’re own security you, um, go to your own website from an IP address that’s not directly connected to it.

                • So you are saying that the use of the term ‘publish’ as you are using it (and apparently ‘on the internet’, whoever gets to decide that), has little to do with the common notion of the term ‘publish’?

                  Since publishing in most other media involves deliberate intent to spread one’s information, views, ideologies, etc. far and wide then, are you attempting to point out that that same word when used on the internet does not in any way necessarily entail the intent to have people view it (and may entail the exact opposite intent)?

                  If my interpretation of your comments is correct then, thanks PC, that nicely sums up why seeking to access such information ‘available/published’ on the internet involves dubious personal ethics – because, to reiterate, ‘publish’ on the internet does not entail what the same word does when used in relation to other media.

                  That clarification greatly helps to see why Labour has been taken advantage of by unethical means.

            • RedLogix 2.1.1.1.1.2

              Turns out he just visited the front page of a website.

              Misrepresentation. Are you trying to tell us he just clicked on hyperlinks put there intentionally by the webmaster?

      • Portion Control 2.1.2

        Eddie by “in the backdoor” you mean visited the front page of a website!

        • travellerev 2.1.2.1

          Portion control? More like Damage control. Would be nice to know your IP address.

          • lprent 2.1.2.1.1

            Not allowed. See the privacy section in the Policy.

            • Portion Control 2.1.2.1.1.1

              I would like to congratulate you on actually having a policy lyn, and having at least the very basic security measures on this blog to protect the privacy of commentors. You are a uniquely skilled person in the Labour Party. You should share your knowledge and wisdom with them, since according to some of the Labour Party apologists here they are just amateurs and they could clearly do with your help!

            • travellerev 2.1.2.1.1.2

              You see PC, that is what is called integrity.

              It is the voluntary choice to maintain a standard and keep others to it.

              National rule has been one long disregard of standards of integrity and decency and their attitude is: Do as thy will but don’t get caught and while you’re at it this is how we do it.

              And just in case you think I’m critical of National therefore I must be a labourite. You’re wrong. Too me both parties are just two faces of the same coin. Too long in power, to long, to safe, to far removed from the people.

              Time for a party like Mana to blast through and clean the ducts of power.

      • Inventory2 2.1.3

        Is that the royal “we” Eddie, or are you closer to the Labour Party than you let on?

        • Lanthanide 2.1.3.1

          Um, no? Comprehension fail?
           
          Obviously Eddie is using “we” and “our” in the context of The Standard, as he is an author here.

    • IrishBill 2.2

      There’s also the question of how an email cc’d to an National Party MP, Aaron Glimore, by accident ended up in Cameron’s hands.

  3. Portion Control 3

    So visiting a web page is now considered “taking data from a website”. What hysterical nonsense. “Careful instructions to Slater”. Yeah right, my 4 year old daughter could have clicked on the pages. Privacy Commissioner “carefully monitoring”, more like about to come down hard on Labour for their privacy breaches.

    You guys have lost the plot in your spinning over this. Every one of your claims of hacking, stolen data, etc etc have come to nought when Labour PUBLISHED THEIR OWN DATA ON THEIR WEBSITE.

    Get a grip, your guys fucked up big time and they ruined a lot of party trust. As phil Quinn says Chris Flatt should be sacked over this, and if Phil Goff had any balls he would do it before he gets back from his holiday.

    • Vinsin 3.1

      Yeah Labour fucked up and so did National by not informing them of the hole then passing the info on to Slater, perhaps they can skirt the issues legalities and maybe the core National supporters will agree with their actions but I doubt the swing voters that put them in power in the first place will be so kind to them.

      Keep it up Portion the longer this stays in people’s faces the better.

      • Portion Control 3.1.1

        I’m sorry Vinsin but National had no duty to inform. This is politics and when your opponents fuck up then you laugh at them. Eddie and rob are saying this was some deeply cynical action by National and claimed it was theft and data intrusion and some high tech conspiracy to breach Labour’s systems.

        In fact Slater visited the front page of a website which happened to include all of the really sensitive data that Labour was legally required to protect, but didn’t. So Labour broke the law. Slater hasn’t broken the law yet but now every time he points ou tthat a neutral commentator is actually a known Labour Party member he will do so with authority without breaking any privacy laws.

        What Labour did was print out their whole personal diary and posted it on their shop wall. They’re now squealing because Slater wandered past the shop and read the diary and because the Nats laughed when they saw what Labour had done. Own your own fuckups people.

        • Vinsin 3.1.1.1

          Once again keep it up, if you believe this comes under all’s fair in politics then I have to ask a question. Do you believe most people will see this as clean politics, or dirty politics? The fact that Slater has clearly broken the Privacy Act leads one to agree with the latter version. You keep saying Slater walked past the shop and read the diary, but is it his right to publish that diary? 

          And now for a lazy analogy.

          I walk past the shop and see a picture of your mother being gangbanged by several obese balding men on the floor, I take a picture of it and leave the picture where it was. Is it my right now, to take my photo of your mother being gangbanged even though it was gained in a private location and then publish the photo in a public location?

          • Portion Control 3.1.1.1.1

            Is it his right to publish the diary vinsin, well he would assume the fact that you posted it on your shop window meant you were quite happy for all the world to see it.

            Your gangbanging mother analogy is stupid. More likely if your wife goes and stands naked in a shop window completely ignorant of the fact that thousands of men who like taking photos of obese balding women walk past every day, and your wife continues to stand there naked for three months, somebody else has a duty to tell you that your wife is visible from the street and that she is making small children cry. And to add the google analogy, there is a security camera trained on your shop window which has taken many many hours of footage of your obese balding wife which can never be erased.

            • bbfloyd 3.1.1.1.1.1

              p.c….. you really have a handle on bloody minded, obnoxious drivel don’t you. too bad that you havn’t the intellect to actually say anything that hasn’t been spoonfed to you.

              if you did, then you’d probably realise what a fool your making of yourself..

              we only have to look back through the documented history of national party misdeeds to see the obvious pattern of smears and abuses of peoples rights and dignity. i’m talking decades here. this is just one more nasty little game they played.. a long way from the first time, and not the last time by a long chalk either i would guess.

              your nasty little games of misdirection only serve to make you look like a fool.

          • Adele 3.1.1.1.2

            Teenaa koe, Vinsin

            Not only is it a lazy analogy it is also a crappy analogy. 

        • RedLogix 3.1.1.2

          Yeah right, my 4 year old daughter could have clicked on the pages

          Are you now trying to tell us that the site home page had clickable links to the information concerned?

          You and other apologists for this bad behaviour have insisted that if it was indexable by google then it was intended to be public. That’s a total fabrication. If it was INTENDED to be public it would have had standard hyperlinks that INVITED people to visit the page.

          Just because someone unintentionally leaves a door open to information that quite obviously should be private, does not automatically make it public.

          • Portion Control 3.1.1.2.1

            What part of “internet” do you apologists not get? If it is published and indexable by google then the automatic assumption is that it is INTENDED to be public. The only time anything on the web is not INTENDED to be public is when it is protected by security. Yes I am saying that when you went to the healthyhomeshealthykiwis home page it brought up the index. ON THE FRONT PAGE. Which means everything in it was published, public and visible to everybody.

            [lprent: You’re trolling this morning. Repeating the same information and arguments and not really engaging with other people. Your interesting IP is going into moderation until I see some improvement in behavior. Read the policy on trolling. ]

            • RedLogix 3.1.1.2.1.1

              Who put the index there?

              Google or the webmaster?

              • Portion Control

                I’m not a techie but I understand it’s automatically generated by the drupal engine if the webmaster in incompetent and has buggered the respective page.

                • RedLogix

                  So in other words it was google that generated the index. Not the webmaster who clearly had no reason, motive or intent to make this data public.

                  Moreover the moment the presence of this unintended index became known to the webmaster they acted to remove it.

                  • Portion Control

                    No. Google does not generate the index. Google is a search engine. It does not affect the content of web pages. It just stores them for all time. The index was created by the drupal web engine, which is controlled by the webmaster.

                    See now redlogix, as a happy amateur who knows very little about websites I’ve now shared with you more information about websites than the Labour Party seem to know. You are free to use this information and share it with the Labour Party so that they don’t go publishing sensitive data to the web again.

                    Here’s a tip though. If Labour do it again, it’s best not to blame Google for caching your party’s fuckups.

                    • Daveo

                      A “new” poster going nuts on a single issue and misdirecting all over the place? Interesting.

                    • lprent []

                      Yeah, he just hit my bounds for trolling behaviors. I’ve put him on a leash to see if it is just exuberance and if he is capable of learning.

                    • RedLogix

                      The index was created by the drupal web engine, which is controlled by the webmaster.

                      Obviously but it was google that stored it and made it public.

                      You keep avoiding the obvious. Did the webmaster INTEND for this index to exist and be made public by the google search engine?

                      The only possible answer is no. The moment the unintended index became apparent it was removed. Therefore the only possible interpretation is that the information it linked to was intended to be private.

                      Moreover the nature of the information itself is clearly private. Anyone, even possibly your four year old daughter, would see this straight away.

                      If it was a list of National Party donors you wouldn’t dream of copying it and then threatening to make it public in the way Slater has.

                      I’ve seen some feeble justifications in my time…

                  • SHG

                    I have more personal experience in this area than I ever really wanted, so you can take this as quasi-informed commentary rather than me cutting and pasting shit I found somewhere else and don’t understand. I don’t want to bore anyone with .htaccess rules, httpd.conf variables, or CHMOD instructions so this is kinda dumbed down.

                    The index is generated on the fly by the web server software running the site (Apache) and displayed to visitors if a number of conditions are met.

                    1. The setting “don’t show indexes”, which is the factory default, must be changed to “show indexes”.

                    2. There must be no individual file within each directory that is named in such a way that Apache will treat it as the index page for the directory (e.g. “index.html”). Such a page does not have to contain anything, and even if a totally blank text document is present bearing a name that Apache recognises as an index file then Apache will happily show a blank page when that directory is visited.

                    Apache and the content management system Drupal (which appears to have been installed on the server) install index files by default in the top level of the server. However it’s the administrator’s responsibility to create index files if directories below the top level are created manually.

                    3. The permissions on the directories and files must be set to “readable” by visitors. If a non-technical person was creating directories and copying files into them for storage, then it’s conceivable that he or she did so without making the files and directories private.

                    So, to bring us back to the topic at hand – in reply to Redlogix’s comment “it was google that generated the index”, sorry that is not the case. The indexes were generated by the Labour server and displayed to visitors because it had been specifically set up to do so, and a number of simple commonsense things that would have kept the data private were not done.

                    • SHG

                      Update to my comment above – just for investigation’s sake I did a fresh install of apache2 (2.2.17-1ubuntu1) and it installed with indexes enabled by default.

                    • Colonial Viper

                      Thanks for the report mate, good of you to verify that.

                • lprent

                  Nope.

                  It is generated by the web-server if the Index system is left active on a directory. In Apache2 this is set by either the virtual webserver control file or the .htaccess. In IIS this is setup in the dialogs that run the site as cascaded defaults.

                  In both cases a single change can change the default for a whole site. Frequently these flags operate differently on development sites to production sites, and a common way to get a problems in when a development site is copied over (esp with .htaccess approaches). I’ve done it myself, which is why I always structure it so it cannot happen these days.

                  • Berend de Boer

                    The words “left active” do not describe the situation properly. Let me quote from the manual, http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexoptions:

                    “By default, no options are enabled.”

                    • lprent

                      Yeah, you can read a manual – without understanding. That does kind of point to your lack of experience. I guess someone gave the reference to you?

                      That just means that when a new virtual site is created then you’d have to explicitly turn things on. In practice no-one with any brains relies on defaults. On virtual sites there is invariably an explicit setting for index on each directory as well as one inside the apache2/httpd.conf

                      If I had to guess, then it looks likely that when the site was set up someone didn’t modify or remove the usual 000-default from sites-available. The default one typically gives index access to the directory. Normally it never got accessed because a direct IP was mapped to the main site. But it looks to me from the video that a virtual web server(s) got removed and exposed the 000-defaults.

                      Someone has now directed the 000-default to the main site. (I just tested that using my /etc/hosts file).

                • Berend de Boer

                  The index is generated by Apache.

                  It does not do that by default as this is clearly a security issue.

                  You have to enable this intentionally.

                  • Lanthanide

                    “You have to enable this intentionally.”
                     
                    And? You can fully intend for that change to only be temporary, and then forget to change it back. Incompetence either way, but that doesn’t make it a deliberate decision to publish.

                    • Berend de Boer

                      Lanthanide, see my other comments where I explain that the index is a stuff up, storing private backups on the webserver root is malpractice.

                  • lprent

                    Yes it does. Apache2 usually sets up a 000-default virtual server which is pretty damn open and does default to having Index on. Does on both OpenSUSE and Ubuntu servers (the last two I have used).

                    I guess you’re just sprouting something from someone else.

                    • Berend de Boer

                      The 000-default is something Debian based distributions have, and yes, it is turned on for /var/www and /usr/share/doc.

                      But only those.

                    • lprent []

                      Yep. And what directory do you think that most virtual websites are placed under?

            • Portion Control 3.1.1.2.1.2

              Come on, Lyn I’m not arguing with you but if me running a consistent line without offering anything new is trolling then so is the repeated claim by posters here that it was a grand conspiracy orchestrated by the National Party, that Slater acted illegally, that it was a hack, that Labour’s web admins are imporverished amateurs who really aren’t responsible for their actions and the one that emerged yesterday that National had a “duty” to inform Labour of Labour’s fuckup.

              Fair enough that I probably haven’t added a lot of new stuff since my first few comments but hey neither have the other side. If people are still reading this thread at this point it’s not because they’re looking for new arguments but because they like seeing two sides slug it out in a really boring conversation of which nobody adds anything new. But fair enough I’ve made my points and out of respect to you and because it’s your blog I will cool it for a bit.

              [lprent: If you keep putting the same line up over and over again you will get the same answers over and over again. Discussion doesn’t move and it gets intensely repetitive for me to read (and I suppose for other people as well).

              Running repetitive lines isn’t what the site is set up for. If you just want to do that, then do it at Kiwiblog (where that appears to now be a requirement for commenting) or do the brown-nosing at WhaleOil’s public site.

              But don’t do it here. Here we expect to see people arguing not just running lines. Eventually getting to a agree to disagree point (I really don’t expect anyone to convince anyone else of anything here – it is just a place to argue the points through).

              We give leeway to people with a track record of not doing it when they lapse. But it takes time to build the mana with the moderators. We are a lot less tolerant with new handles. However many people have had warnings over the years.

              It usually doesn’t pay to argue with moderators – very wise. ]

              • The point you’re trying to make it seems is that just because the labour techies are “amateurs” National and Whale Slater are justified to use that to bully and threaten people who donated money to Labour and make out like Labour is involved in a scandal of some sort.

                While the techies may have been “amateurish” and as such deserve a chastising perhaps from their bosses it does not and never will justify dubious, callous and downright dishonest bullying behaviour from either National or their fat, ugly, unstable, bullyboy, attack whale.

                That is what is covered in the voluntarily maintaining a standard and keeping yourself and others too it rule. Not National’s or Whales forté.

                • Berend de Boer

                  travellerev, the issue is not whether “the techies may have been “amateurish””. The issue is that Labour had a duty of care. How properly did Labour follow the law? That is what the police will have to determine.

                  • The Voice of Reason

                    I would have thought the duty of care was a civil matter, in the first instance Berend. For example, Pike River mining had a duty of care to its employees, but until the public process has finished no charges will be contemplated by the coppers.
                     
                    If you were a computer tech, would you expect to face civil or criminal prosecution for a cock up like this? First up, surely your aggrieved client would look to the contract you both signed for redress?

                    • Berend de Boer

                      The Voice of Reason: obviously civil charges as this doesn’t fall under criminal law.

                      But the computer tech might not be guilty at all. If Labour hired a junior programmer, you can’t fault the junior programmer. So I’m not berating any programmer at this point as I have no clue who was hired to do this work. Obviously someone just out of school cannot be at fault about a thing like this.

                      What the judge will be looking at is how well Labour followed the duty spelled out in the law. That includes their hiring policy.

              • Deadly_NZ

                Well at least we know you can read because you have used nearly all of the 25 rules for spin doctors, What a pity your needle has been stuck for the last 5 posts. Bloody Trolls.

        • Draco T Bastard 3.1.1.3

          I’m sorry Vinsin but National had no duty to inform.

          It’s called having morals of which it appears that the National Party is severely lacking.

          In fact Slater visited the front page of a website which happened to include all of the really sensitive data that Labour was legally required to protect, but didn’t.

          Wrong again. He visited the front page, saw that it was a directory listing rather than a web page and dug deeper into the private information held in that directory. If he had any sense of morality he would have stopped at the top directory and reported the hole to the server admin.

          • SHG 3.1.1.3.1

            Phil Quin:

            Blaming WhaleOil for publishing the information reflects another shocking example of the strategic naievete of Labour’s governing elites. Of course a right-wing blogger would run with it, just as I would happily leak the same information about the Nats or ACT. This is a contact sport. Don’t blub to the ref when you’ve been unilaterally pantsed.

            http://www.thenewtasman.com/2011/06/its-not-even-close-flatt-must-resign-over-security-breach/

            • Draco T Bastard 3.1.1.3.1.1

              And that just proves that Phil Quin is morally bankrupt.

              • Phil Quin

                I am not morally bankrupt.

                • Colonial Viper

                  Describing the unauthorised distribution of personal information belonging to thousands of ordinary New Zealanders as simply part of a game or “contact sport” strongly suggests otherwise.

                • Draco T Bastard

                  The only moral action was to immediately and quietly inform Labour that they had a security breach. Anything else is morally bankrupt.

                  • Phil Quin

                    Oh I thought you were calling me morally bankrupt as a general proposition? You are saying that the suggested course of action is morally bankrupt?

                    • Colonial Viper

                      So Phil, your suggestion that Labour fire Chris Flatt asap for this webserver breach, is going to rebuild confidence amongst Labour party donors how exactly?

                      Please take us through the logic of your writing.

                    • Phil Quin

                      My logic is this: Flatt is General Secretary, the person charged by the NZ Council with overseeing the administration of the Labour Party on behalf of its members. Gross negligence occurred under his watch. It was not a breach — it was a lapse, and I can think of few lapses more serious than the publication of confidential donor data on a web directory accessible by anyone with a laptop. The breach here is of trust between the party and it’s donors and supporters. It is my opinion — and you can feel free to disagree — that this is serious enough to warrant the General Secretary’s resignation on the basis that it has brought the party into disrepute and harmed critical relationships, probably irreparably in some cases. The General-Secretary is a political appointment and it is not for life. It makes no difference who happens to hold the position at any given time. It is not about the person but about the party and its ability to demonstrate to current and future donors that it understands the seriousness of this matter and is making urgent amends. The tendency in recent NZ politics not to resign in such circumstances is not, again my opinion, a good thing. As I write here (http://www.thenewtasman.com/2011/06/whalegate-in-12-steps/), Labour has won the PR war as far as I can see by turning this into a dirty tricks story. Good on them. Doesn’t alter my view that Flatt should offer his resignation. Goff and the NZ Council may, of course, choose not to accept it.

            • lprent 3.1.1.3.1.2

              Sounds like we need to educate some political operators outside of the National Party about the implications of technical issues.

              For a starter, making laws about copyright and access on the net by politicians and their minions who want to hack systems for their own benefit will not exactly engender a willingness on the technical side. It speaks of hypocrisy.

    • ghostwhowalksnz 3.2

      Its not a web page !!!. You have to type the correct version of the url to get the INDEX, thats were the exploit comes in.

      • Portion Control 3.2.1

        So type http://www.healthyhomes.org.nz and you have suddenly hacked all of Labour’s data. “Oh but you have to type it correctly!”

        Yes just like coming to the Standard I had to type http://www.thestandard.org.nz and lo and behold, I reached the Standard website. Although it’s fair to say that Lyn and the techies here are much smarter than the ones over at Labour and weren’t so stupid as to make sure that when I visited the front page of the Standard’s site I couldn’t see the email address of every commenter who had ever made a comment here.

        • Colonial Viper 3.2.1.1

          Lame Portion Control. Whaleoil’s video clearly shows actions and test results that ordinary users do not perform when browsing through a website’s content.

          • Portion Control 3.2.1.1.1

            How did whale see the index? By typing in http://www.healthhomes.org.nz. Then whammo, the whole index including membership and donor data is there for all the world to see. What surprises me is how long this hole was open. Months, not minutes, hours or days.

            • mickysavage 3.2.1.1.1.1

              So it was an exceptionally easy security hole.  So what?  Because someone’s car is parked outside with the keys in the ignition and a flashing neon sign saying “really easy to pinch car” does this mean that it is not theft to take it?

          • weka 3.2.1.1.2

            Can someone please explain what PC is on about? I’m assuming you couldn’t view the data directly at http://www.labour.org.nz or at any of the links therein, but had to figure out what to add to the URL i.e. the actual URL wasn’t visible anywhere. Is that right?
             
            (just wondering how a four year old would know how to do that).

            • Blighty 3.2.1.1.2.1

              yeah, you had to find out that there were other URLs that were not accessible through any site that Labour had intentionally made open to the public yet were open once you found out about them

              • weka

                Thanks. So PC is talking out his arse then.

                • infused

                  incorrect. One website was open. By searching a string of that website in google, it showed other exposed sites on the server.

                  • Colonial Viper

                    Oh and how did you get that string from the website infused? You couldn’t have happened on it accidentally.

                    Oh that’s right, Whaleoil and his National mates were looking for security vulnerabilities and they found and exploited one.

          • SHG 3.2.1.1.3

            Colonial Viper said: “Whaleoil’s video clearly shows actions and test results that ordinary users do not perform when browsing through a website’s content.”

            That doesn’t mean that there’s anything special about what he did. I myself go through exactly the same (well, functionally similar) steps ten times a day when visiting new websites.

            • Colonial Viper 3.2.1.1.3.1

              I myself go through exactly the same (well, functionally similar) steps ten times a day when visiting new websites.

              That’s because you are an IT professional and I am assuming that you’re paid to assess those websites from a technical or other standpoint.

              Most people don’t have free recreational time to dig around and see what hosting services, directories etc are involved on every new website they visit.

            • Puddleglum 3.2.1.1.3.2

              I can tell you, SHG, as a complete ‘non-techy’ – but as someone who uses a computer and the internet for hours everyday – that I knew absolutely nothing about the whole process WhaleOil followed. I honestly couldn’t imagine why someone would go to that trouble.

              In your ‘in group’ this might all be very ho-hum but to most of us who just browse through links on websites it’s impenetrable and uninteresting stuff and we don’t get into it. Looks to me like anyone who does must either have some professional or technical motivation; fancy themselves as a clever dick; be operating with nefarious intent – or some combination of two or more of the above.

        • bbfloyd 3.2.1.2

          can somebody get rid of this clown.(pc) he’s becoming an annoying echo in my head.

          i was interested in reading about this topic untill he started clogging up th page with his apologist rubbish.

    • Bazar 3.3

      Read a ton of your remarks and i have to say you are so totalyl and utterly full of right..

      Glad someone else has tried to inform these guys, spending the last 2 days in the previous posts explaning that it wasn’t a hack, and how it wasn’t illegal has worn me out.

  4. PeteG 4

    Of course they didn’t need to actually pass the names to their pet blogger, just send him a carefully written set of instructions as to how to do it himself.

    Carefully written instructions? Like “hey, go look there, it’s unbelievable how insecure it is”?

    • Colonial Viper 4.1

      Like tracking down IP addresses and host servers, identifying other associated sites and their owners, checking if hidden directories are accessible and accessing them.

      • Berend de Boer 4.1.1

        It was SOOOOOOOOOOOOO hidden, even search engines indexed it.

        • Colonial Viper 4.1.1.1

          Unauthorised access is unauthorised access.

          BdB, this is going to play out over the next couple of weeks, it will be interesting 🙂

    • Lanthanide 4.2

      Have a watch of WhaleOils video for the multiple steps he “came up with himself”.

    • Deadly_NZ 4.3

      Or if they were really stupid, they did not tell him as much as E-Mailed him.

  5. Vinsin 5

    Unsurprisingly this story’s been usurped by Christchurch, Slater has already moved on to another topic – I guess his lawyer gave him some reasonable advice. It will be interesting to see if this story gets some legs again.

    • Berend de Boer 5.1

      Yes, it will get legs. The Labour Party will get a visit from the police to question how they handle sensitive data.

      • Colonial Viper 5.1.1

        Of course Labour will be visited by the police – the police regularly talk to the victims of crime during their investigations.

      • Draco T Bastard 5.1.2

        Actually, Labour will probably talk to the Privacy Commissioner about steps that they’ve taken to secure the data. Slater and National will be the ones visited by the police for accessing private information that they had no authorisation to do so.

        Labour made a mistake. National and Slater have, prima facie, actually committed a crime.

  6. C 6

    From the NBR:

    For Lowdnes Jordan partner Rick Shera, the Crimes Act comes into play.
    Mr Shera told NBR “The test is contained in section 252(1) of the Act.” That is:

    Everyone is liable to imprisonment for a term not exceeding two years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.”

    “The issue is whether Cameron Slater was authorised to access the material for any purpose. If he wasn’t, or if there was doubt and he just did it anyway without caring – that is, recklessly, then he may be liable.”

    “In my view, authorisation carries with it the idea of an intention to allow access and not just an implicit authority through a lack of security, but the issue has never been tested,” Mr Shera said.

    • Aye, the test is whether or not the access was authorised.
       
      It speaks volumes that a RWNJ finding a crippled website thinks it allows carte blanche to do what they want whereas to a leftie it means the opposite.
       
      Kind of sums up the respective world views.  RWNJs think that anything is justified as long as you win, lefties think that rules and decorum and respect should be paramount.
       

      • Inventory2 6.1.1

        Two words Mickey

        Pledge Card

        [lprent: Sentence “I don’t like diversion tactics – use OpenMike” ]

        • Tigger 6.1.1.1

          Pledge Card what? Did a pledge card access this data? Oh sorry, stupid attempt at distraction.

          My info was stolen. Will be ensuring that is someone can pay for accessing it, they pay for it.

        • marsman 6.1.1.2

          One word I 2.

          Helicopters.

          [lprent: You as well. ]

        • mickysavage 6.1.1.3

          I could respond by saying that it was totally within the rules until it was declared that the rules were different and that National had the same amount to spend on publications but then you and I would still disagree and think each other wrong.
           
          So do you think that finding a crippled website allows you carte blanche to do whatever you want?

          • Oleolebiscuitbarrell 6.1.1.3.1

            RWNJs think that anything is justified as long as you win, lefties think that rules and decorum and respect should be paramount.

            This is exactly what Trotsky was thinking as the ice pick went through his brain.

      • g_man 6.1.2

        mickysavage: “Lefties think that rules and decorum and respect should be paramount”.

        Ummm … really? Because to me it looks like a bit of a double-Standard going on here.

        Remember when Rocky did a Google-bomb on John Key? Most commenters on The Standard, lprent included, thought this was hilarious. And lprent saw nothing wrong with this general methodology: “Modern activists use all of the tools available to them, and the net is the perfect environment to cooperate to get results – even amongst disparate groups … Pranks like this are amusing … and allow cooperation to develop. It also presents a perfect opportunity to demonstrate the difference between the generations that grew up with the net all around them and those who didn’t. Perfect for young and not so young activists with a sense of humour.”

        http://thestandard.org.nz/john-key-still-clueless/#comment-187755

        I could, at this point, paraphrase lprent: “Why – did she do that? Well it appears that she did it because John Key supported the wrong party”

        http://thestandard.org.nz/blown-up-in-nationals-faces/#comment-340258

        And I know this will cue all the usual responses: “You can’t compare the two … the Google-bomb was harmless, whereas this is potentially very damaging … release of private information”. And, to a degree, you’d be right. But I find it a bit of a double-Standard that whereas this episode results in comments like “The net is enough of a pain in the arse environment as it is with the various ecological parasites we have to put up with every day. We don’t need more idiots with skills trying to screw it up further”, Rocky’s Google-bomb was apparently just a harmless little prank, as used by modern activists.

        • lprent 6.1.2.1

          You already answered yourself.

          Quite simply there is no real or even potential harm to anyone in a google bomb prank. Try explain how there is any harm economic or otherwise in associating John Key’s webpage with the word ‘clueless’. I bet that you cannot.

          A political party deliberately putting thousands of people’s personal information at risk by pointing it out to a person who is known to be cavalier about how he uses information is at best a breach of privacy, and at worst possibly criminal. Either way it will potentially result in thousands of people having to look at what impact such a breach does to them and doing things like changing e-mails etc.

          • The Voice of Reason 6.1.2.1.1

            Not merely cavalier, LP, but a criminal convicted of a deliberate privacy breach.
             
            Just as an aside, I see that Whale tweeted this morning that he is self employed. Surely some mistake?

            • Deadly_NZ 6.1.2.1.1.1

              But he is on a Sickness Benefit according to all reports, But Pudding won’t want to persecute her pet lapdog.

          • g_man 6.1.2.1.2

            I would disagree that there is no real or even potential harm to anyone in a google bomb prank. I don’t know the law, so I’m not going to start talking about “libel” and “slander”. But Sue Scheff was awarded a landmark $11.3 million verdict in 2006, following a vicious campaign, where her integrity was attacked online, slanderous posts were made, and a google-bomb was initiated that meant people who googled Sue’s name were redirected from her website to of porn sites. She lost sponsors and clients as a result.

            Yes, I realise this is far in excess of what Rocky did. And you’ve made your feelings plain – that what Rocky did was a harmless prank, funny to all except the humourless, no malice involved, and so on. But consider this:

            (a) It started in a similar way – the difference is that Rocky didn’t escalate her activities (as far as I know)

            (b) I agree that the two situations – the Labour web-site breach and Rocky’s google-bomb – are different. However, are you trying to claim that the degree make all the difference here? What if Rocky’s google-bomb had been a different, slightly ruder word than clueless? Or she had redirected the web-traffic to porn sites? Where does it cross the line from prank to nasty to vicious?

            You, lprent, commented that “Modern activists use all of the tools available to them, and the net is the perfect environment to cooperate to get results”. So what is the difference between all the activities that various people (including Rocky) have undertaken under the banner of “activism”, and this?

            Many people have commented about this case, that just because you can do something, doesn’t make it right. Or, as Randal said, “it might be just internet politics to some but these are real crimes and will have to be subjected to the test of justice” http://thestandard.org.nz/blown-up-in-nationals-faces/#comment-340409

            I still a double-Standard staring me in the face.

            • felix 6.1.2.1.2.1

              That’s because you think anything involving a computer is directly comparable to anything else involving a computer.

              • g_man

                Well done, felix. I bow in awe before your excellent, detailed point-by-point rebuttal of my arguments.

                • felix

                  It’s what I think your arguments are worth.

                  Nothing about Rocky’s googlebomb in any way compromised anyone’s privacy or personal information.

                  Even the fantasy versions you made up (presumably because the real-world version didn’t give you enough to work with) have nothing to do with compromising anyone’s privacy or personal info.

                  My conclusion is that you’re comparing these two entirely different scenarios because they both involve computers. Maybe I’m wrong but I’m yet to see any evidence in your comments that you’re comparing them for any other reason.

                  • g_man

                    Then you’re stupid.

                    And I’m not going to lead you through it step by step.

                    • felix

                      Because you can’t. Because one step doesn’t follow from the other in your examples as posted.

                      And you tried it in your head but you couldn’t make it work without admitting to what I accused you of arguing.

                      But thanks for raising the standard of debate from my miserable attempt.

            • Draco T Bastard 6.1.2.1.2.2

              However, are you trying to claim that the degree make all the difference here?

              Intent and privacy make the difference.

              Rockys’ Google bomb was harmless (and mildly amusing), used publicly available information and personal opinion that held John Key as being clueless.

              National and Slater seem to have accessed private information of hundreds of people that they weren’t authorised to access and set about to use that information for political gain.

    • Berend de Boer 6.2

      Mr C, so the Labour party will now sue Google for accessing this data?

  7. Murray 7

    Are you at any time going to address the actual issue – the content of this insecure information? The systematic, deliberate and intentional RORTING of public funds.

    Or is theft ok to the left wing mind if no one knows about it?

    • marsman 7.1

      You mean Bill English’s rorting of half a million bucks pretending he lives in Dipton?

    • Um
       
      Any proof?  Like do you have any proof?  Like even a little bit?  Just a teensy bit?

    • Blighty 7.3

      there’s no rorting here.

      the party’s parliamentary websites and campaign websites are hosted on the same server but funded separately

    • Carol 7.4

      Sue Bradford already dealt with this issue about Parliamentary services yesterday on Nine-to-Noon:

      http://www.radionz.co.nz/national/programmes/ninetonoon/20110613

      Basically, she said Labour were just doing what all parties are doing these days – working out how to use PS within the rules, but along the way, including a very slight slant towards making it work positively for them. SB said, these days, PS rules were very strict & there isn’t any rorting of the system, or room to move other than use it for it’s intended purposes. But all parties would be discussing how best to use it for themselves in a very limited way.

      In short, nothing to see here, move on. You know an issue’s struck a sensitive spot for NAct when the righties descend en masse on a thread/issue.

  8. SHG 8

    I can’t wait for Labour’s legal action against Google, Bing, and every other search engine that crawled and indexed the info that some incompetent Labour muppet published on a public website.

    Published on a public website!

    • Robots are not humans.  Slater is, or so I am told, although there may be some argument about that.

    • Draco T Bastard 8.2

      Legal action? All they should be doing is contacting them and pointing out that the information is available illegally from their web servers and those companies should do the rest. Hell, if the companies were aware of the issues, on top of things and had any sort of morality they’d be doing that already but, being cost cutting private businesses they’re probably waiting for actual complaints.

  9. Blue 9

    Cameron Slater did not just ‘visit the front page’ of the website. His video clearly shows that when he went to the front page of the site, he found the index. Any web user would know that that was not what you would expect to find – and anyone with even a little bit of tech savvy would know that it was private data and not supposed to be left open. Slater knew exactly what he had found, and made the decision to go digging through it.

    He drilled down several layers into the index before finding the data he was threatening to publish. He knew he was accessing information he had no right to, and didn’t care.

    The fact that Slater would do it is not at all surprising. The fact that the National Party HQ would do it – now that’s dirty.

    The fact that an email mistakenly copied to Aaron Gilmore got into Cameron Slater’s hands – that’s dirty too.

    National has some explaining to do.

    • Berend de Boer 9.1

      The only people who have some explaining to do, is the Labour Party. They had a duty of care. So far they are the only ones who have broken the law. They may explain how Google was able to index your donor details, your backups, your credit cards, your passwords.

      [lprent: You are starting to troll as well. Repetitive lines, arguments that all look the same, and lack of interaction with others. Read the policy about trolling. If you are capable of actually interacting with others then I’d strongly suggest you start to display it. ]

  10. PeteG 10

    Why is everyone getting so animated about this?

    Parties will balls up and parties will try and kick each other in the balls. Same old.
    And we keep letting them do it.

    • Draco T Bastard 10.1

      Because some of the actions involved are outright immoral and possibly criminal.

  11. Tom Gould 11

    ” I genuinely hope Slater stays calm and doesn’t publish his list of names …” Fat chance, no pun intended. Relaxed, smiling and waving Key is rapidly becoming the Kiwi Joe McCarthy. And to think that this guy gets to know all the SIS and GCSB secrets. I truly hope there is no connection here.

  12. Sam 12

    I want to know who is going to accept responsibility for this absolute clusterfuck?

    You can blame Slater and the Nats all you want guys, but that truth is that someone within the Labour party made an absolutely fucking rookie mistake. Somebodys head has to roll.

    • RedLogix 12.1

      Yup. Someone made a mistake. A bad one.

      But only morally crippled righties seem unable to tell the difference between an obviously unintentional mistake and bad faith.

      • Berend de Boer 12.1.1

        That’s not how the law works RedLogix. Labour had a duty of care. They broke the law.

        • RedLogix 12.1.1.1

          Clearly your version of the law is morally crippled too.

          The actual issue here is one thing, but the way it’s flushing out these ethically void apologists is equally fascinating.

          Fact is Slater would never have done this with National Party information; if he did they’d be furious with him and he’d be screwed forever. That’s all you need to know.

  13. r0b 13

    Just added this update to the post:

    Did National have a moral duty to inform Labour about the security hole instead of exploiting it?  Of course they did.  In the same way that Phil Goff quietly let Key know about Worth’s unsavoury behaviour weeks before it became public.  Labour and National have very different standards in this respect.

    • Portion Control 13.1

      Yes just like Trevor Mallard handed back the National Party confidential policy papers he found at Copperfield’s cafe left behind by a researcher at lunch. Oh no, that’s right HE DIDN’T, he held a press conference and released them.

      • r0b 13.1.1

        Policy is a matter of public interest. Hounding innocent members of the public is not. Spot the difference?

        • Portion Control 13.1.1.1

          Slater hasn’t done that yet. I would wait until he does that before you accuse him of high crimes or defame him. What Labour have done have broken about five principles of the Privacy Act. If the Privacy Commissioner is investigating it should be into Labour’s ACTUAL breaches of the law rather than Slater’s potential future breaches.

          • r0b 13.1.1.1.1

            Who knows what Slater will do with his list through the old boys network – he’s already been inviting people to look through it to spot “suspicious” names.

            And if the Privacy Commissioner gets called in to investigate this, you can be sure they will be investigating the roles of both National and Labour, and comparing a stupid slip-up with potentially malicious access.

            • Berend de Boer 13.1.1.1.1.1

              What Slater would do? I would worry more about the bots, spiders and the rest of the world that went to a Labour Party site and suddenly could download confidential data.

              • Colonial Viper

                Yeah but Slater is the one on the hook here, not some anonymous bot. And Labour has been taught a harsh lesson in keeping their systems secure.

    • infused 13.2

      Well, its not a security hole. No matter how hard you try. At best it’s a miss configuration of a web server.

  14. Craig 14

    Turn about deserves retaliation. I can promise that National’s religious conservative fellow travellers will get some quite intensive and probably highly unwelcome scrutiny from yours truly between now and November…and woe betide them if any more National Party dosh under the counter Parents Inc or Destiny Church debacles does turn up, because I fully intend to publicise it.

  15. Colonial Viper 15

    As commented above:

    Portion Control = Damage Control

    This issue has legs and is going to keep evolving over the next week or two.

  16. Zorr 16

    I think the issue that the RWNJs are ignoring here is that of simple ethics – just because you can do something doesn’t mean that you should do something.

    Similar examples from other situations:
    “She was just asking for it dressing that provocatively” – rape defense
    “The keys were in the ignition and the door was open” – joy riding defense
    “He provoked me by hitting on me and so I killed him” – murder defense

    Sure, Labour are tech idiots for allowing such a situation to develop. However, National are the morons who took advantage of it and didn’t even have the good sense to cover their steps. Who is the bigger idiot? The person who leaves their front door open or the robber who leaves his fingerprints all over the place?

    • Berend de Boer 16.1

      What Labour is forgetting is that it had a duty of care. It is Labour who broke the law.

      If Slater is guilty of accessing published information, are you guys going after Google as well? Because their bots indexed the site as well.

      • Zorr 16.1.1

        ummmm… Labour screwed up. People screw up in such ways all the time. It makes them look idiotic but very little more.

        National took advantage of their screw up in an illegal manner. Such an action, as has been quoted many times, can result in several years in jail.

        Oranges. Apples. The point of my initial comment obviously went far above your head.

        • Berend de Boer 16.1.1.1

          I’m probably close to being banned now as I’m the only one not allowed to repeat lines, but Zor, if you cross the center line in your car, and you kill someone, do you think you can say to the judge: “well, I’m only human, just one of those screw ups?”

          Of course not.

          So in this case Labour has a duty of care. That is what the judge will look at.

          And to call this a “screwup” is an understatement of what actually happened. Labour intentionally turned on indexing. That’s a screw up. That happens. But the next thing is the bad thing: they stored sensitive data in the public root of their web server. That is malpractise.

          Yes, I know all political parties, except National, are short of money. I don’t fault Labour for storing sensitive data on their server. If they had millions we could fault them for that, so won’t be too hard on this.

          But perhaps the judge might be: if you can’t store data securely, should you store it? So not sure what the judge will think here. Anyway, the court case will be interesting.

          • felix 16.1.1.1.1

            Let’s try to make your analogy more closely fit the situation, shall we?

            You cross the centre line in your open-top bus, while drunk, and talking on your cellphone. All the passengers on the top deck are thrown off onto the grass verge.

            No-one is hurt in the accident (luckily) but Cameron Slater, appalled by the danger you put your passengers in, shoots them all in the face.

            Naughty bus driver. Killing all those people with your terrible driving.

          • mickysavage 16.1.1.1.2

            Berend I am not sure if you know something about webservers but you know nothing about law.
             
            If a duty of care is owed by someone to someone else and is breached and the breach causes loss then that person can be sued in negligence by the other person.  This is a civil not a political case and involves payment of damages.  Interestingly National and Slater may owe the credit card holders a duty to keep their information confidential and if they publish or cause the information to be published they may become liable.
             
            If someone without authority accesses someone else’s data then they can be charged with an offence under the Crimes Act and spend up to two years in jail.
             
            Labour is not a legal entity.  It cannot serve time in jail.  It cannot by definition illegally access its own data although the National Staffer and Slater can.
             
            Are things clear now?

      • r0b 16.1.2

        A machine is a machine. Laws apply to people, and what people do.

  17. tsmithfield 17

    There is a major problem for Labour. If they want to prosecute this issue through the media they can’t help but publicise their own stupidity to voters and potentially cut off their income stream from donors who will be undoubtably rather cautious about donating to Labour in the future.

    I don’t accept that National had any high-level involvement in this. However, even if Labour can make this stick in the publics’ minds, then I don’t think it will surprise people at all that political parties would act maliciously towards one another. What will be much more damaging so far as Labour is concerned is the demonstrated level of stupidity. As Slater himself says: “if Labour can’t run a website, how can they run the country?”

    Perhaps Labours’ campaign slogan could be: “Labour: stupid but nice”.

    • Zorr 17.1

      That would make Nationals “Stupid but mean”

      I know which one I would vote for if those were the choices…

    • r0b 17.2

      I don’t accept that National had any high-level involvement in this.

      Odd then that their President is making confessions to the NBR.

      • tsmithfield 17.2.1

        I don’t think he confessed to “high level” involvement, did he?

        • Draco T Bastard 17.2.1.1

          The buck stops with the president of the party. He must is accountable for the actions of those below him. One of the downsides to a hierarchical structure.

    • lprent 17.3

      As Slater himself says: “if Labour can’t run a website, how can they run the country?”
      I don’t accept that National had any high-level involvement in this.

      Interesting that you don’t see the incongruity in what you’re arguing. Perhaps this will make it clearer:-
      “If National’s bosses can’t control their employees, then how can they run a country’?”

      The fact of the matter is that politicians have a different job to running web servers. I don’t expect them to be able to even understand the issues that I face every day running a site like this. Most of the other authors here don’t either and they’re of a generation that has had continuous exposure to computer systems. Whoever is running labour.org.nz and its associated campaign sites has the same issue.

      However politicians are expected to run their people on matters of general policy. Clearly if they have people inside the National party going rogue and handing stuff off to WhaleOil and Farrar without permission then they clearly have a serious problem.

      Don’t you agree?

      National’s campaign slogan: “National: out of control” ?

      • Berend de Boer 17.3.1

        Managers are not responsible for the managed? That’s a great defence.

        Look lprent, you know Labour is responsible. They hired these people to work on their servers. These people were incompetent. Storing backups in the public root of a web server is malpractise.

    • Bored 17.4

      TS, Berend etc….you all appear to be making an assumption that there is something stupid Labour is doing by way of not securing their web site to prevent their political rivals thieving the information. If you had been sitting next to me whilst my ethical hacker was at work for me you might have seen demonstrated that absolutely nothing but an air gap (i.e. not plugged in) is secure from the determined expert hacker.

      A “stupid” move is to actually leave any information attached to a wired device. But we all do it, for example should I wish to I could look at your PCs contents whilst you were on line very easily. Every company and organisation with a connection to the web, phone or private network (nailed up by a telco) etc etc is vulnerable, so its a calculateded risk.

      What remains is the hacking and consequent information theft. This is quite clearly a case of that. Did National do it? A little bit of applied geeky investigation would find that out. Has Slater got the stolen goods? Apparently so. What should we do with robbers and recievers?

      • Berend de Boer 17.4.1

        Not banned yet, so Bored, let me repeat it again as you guys are allowed to repeat, over and over again, that Labour did something stupid. That’s all. But that’s not the case Bored.

        LABOUR HAD A DUTY OF CARE.

        Please respond to that one. How exactly did Labour take the responsibility seriously? That is what the judge will be asking.

        • felix 17.4.1.1

          That’s not how you spell “bore”.

          • Berend de Boer 17.4.1.1.1

            Mr moderator, lprent I assume, are personal attacks OK on this site? How does this comment contribute to the discussion in any way?

            [lprent: Yes they are and yes it does. Read the policy. I will give you a hint – what I will quash is pointless insults. If someone uses insults then have to demonstrate why you think the insult is justified. Alternatively it has to be amusing (and non-repetitive). Felix does both pretty well and never seems to repeat the humorous ones.

            Otherwise you can look at what I’m not in moderator mode (I leave comments rather than notes). I’m known for being quite insulting with points in it. It is useful in discussion for goading people out of boring repetition where they aren’t bothering to think. ]

            • felix 17.4.1.1.1.1

              Well for one thing it got you to stop your copypasta for 5 minutes, Bore.

            • Berend de Boer 17.4.1.1.1.2

              lprent: Felix does both pretty well and never seems to repeat the humorous ones.

              He just did. Repeat it I mean.

              [lprent: This time he added a different point (and I suspect you may have picked up a nickname). ]

        • Bored 17.4.1.2

          Berend, you quite obviously believe in fairies and angel dust. And you cannot comprehend what you read either. I said it is physically almost impossible to secure information against a deternmined hacker. I said we all take that risk. Ergo we are all guilty if we use the technology this way, you, me, Labour, National etc etc. Duty of care….yes maybe, on an equal way.

          More importantly you do not address theft. Where is your moral compass?

        • Draco T Bastard 17.4.1.3

          Yes, Labour had a duty of care. National and Slater had a duty to determine if they were authorised to access that data which they weren’t and which was bloody obvious from the type of data they spent hours viewing.

  18. randal 18

    au contraire tsmith. there is a major problem for national. if john key can be tied to the thieves who stole labour party information then the whole government will go down.
    it might be just internet politics to some but these are real crimes and will have to be subjected to the test of justice just like watergate. whoever did it are like the c.r.e.e.p.s who re-elect richard nixon. truth always conquers because that which conquers is truth.

  19. DavidW 19

    Zorr, please advise about this “illegal manner” to which you gaily refer. Please also advise what National have done with regard to this matter. Or are you just repeating the bullshit that others have spouted without actually engaging your brain on the matter?

    Allowing deeply rooted prejudice to run away with your typing fingers is not a good habit to get into.

  20. DavidW 20

    Is anyone here willing to categorically deny that NZLP or politically active Labour supporters with ISP addresses resolvable to LP related websites (whether PS funded or not) make a regular habit of roaming National Party, Green Party, Maori Party or ACT Party websites?
    Of course the Nats check out what Labour is doing, they would be incompetent not to.

    • Lanthanide 20.1

      This seems to be a twisted “Labour does it too!” defence.
       
      Show me a case where Labour has gotten private information from members of the public from a National party website where it was made accessible accidentally and then gave it to a 3rd party blogger to publicise.

      • DavidW 20.1.1

        Lanthanide, re your claim that I am mounting some sort of “but they did it too” defence for national. Far from it. but as you seem a bit slow today I will spell it out for you. Goodfellow has confirmed that a Nat staffer visited the site. At no time has theer been any confirmation made (nor evidence offered for that matter) that data was downloaded.

        It would be foolish and an untruth if he had denied that the site was visited by a staffer and I also realise that the act of visiting results is records on both the visitor’s computer and the wesite host system but the implication was that files were not downloaded. If that is true then my point is that such website visits are actually routine and not unusual. To scare it up into a VRW conspiracy is clutching at straws when it may be no more sinister than the editor of the Herald on Sunday sending someone down to get an early copy of the Sunday Star Times hot off the press.

        My further point is that evidence of visits like that will be all over ALL parties computers as I am pretty sure that they ALL keep an eye on each other and that their fingerprints will be there for anyone who cares to look.

        However at the end of the day the issue is not about how it happened or even who was involved and we can futilely beat each other around the head about what might happen and if it might or might not be legal to release names (which has not happened as far as I know). The fact is that it has happened, Cameron Slater has the files and is drawing conclusions about Labour’s activities and finances from it. That is where the real damage will be done, when the public start to see some of the secret parts of how Labour manage their affairs and possibly how Labour and other parties have been rorting the PS system through employment and accommodation fiddles.

        • Draco T Bastard 20.1.1.1

          …but the implication was that files were not downloaded.

          Except that the hosts records show the data as being downloaded.

  21. Jeremy Harris 21

    I’m loving this, Labour couldn’t run a piss up in a brewery and the LWNJs are still defending them.

    Publishing your donor’s personal info online? It’s as stupid as talking about your new girlfriend on your facebook status….. when your wife is on your friend list.

    • RedLogix 21.1

      “Publishing” is an intentional act. You have to do it deliberately.

      The information involved was obviously meant to be private and would never have been deliberately published.

      This was not an intentional act. The moment the mistake was discovered the offending ‘index’ was removed.

      Stupid mistake yes. No-one is defending it. What does astound me is how you are defending Slater’s blatant bad faith in exploiting the mistake for very dubious political purposes.

      Indeed just how much you are ‘loving it’. Scumbag.

      • AndyB 21.1.1

        it must have been an “intentional act”, no-one backs up sensitive data to a web server that is connected to the internet …. EVER!

        Directory browsing is disabled by default in Apache, so someone must have INTENTIONALLY set the config to allow directory browsing, be this accidental or not, someone went out of their way to allow directory browsing. Very silly mistake.

        • lprent 21.1.1.1

          Directory browsing is disabled by default in Apache

          Complete and utter bullshit.

          The debian distros have a default site set up (000-default) that has directory browsing enabled by default on /var/www. First thing I have to do with a server is to fix that. I’d say that someone didn’t.

          From memory that is also the case with OpenSUSE as well. I haven’t use other distros for a while so I couldn’t tell you what they have.

        • Draco T Bastard 21.1.1.2

          no-one backs up sensitive data to a web server that is connected to the internet …. EVER!

          Online Backup – It’s a growing industry.

          • lprent 21.1.1.2.1

            Yeah, and we do it as well. Read our policy on privacy – we have some quite sensitive info (and many web sites do).

            I have one machine somewhere in Auckland and the other in San Diego. They backup to each other all of the time on a replicated database.

            They also take periodic onsite backups of themselves and store outside of the web directories.  I also backup to another system daily as well. The databases themselves are on the machines that are web servers.

            The transports and and transported files are encrypted. The databases have quite strong access limits. There are encryption keys all over the place.

            Andy B obviously hasn’t caught up with modern systems…

            The net is my backup transport.

  22. McFlock 22

    So, to recap:

    Either WO is an internet-stalks every website he visits, or someone told him what was going on and how to claim credit.

    A national head office staffer said “I would have thought it’s like driving past a fire and stopping to have a look.” Without calling the fire brigade or even telling the owner of the property on fire.

    Damage Portion Control and other trolls follow that line, claiming National staffers had no duty or obligation to tell labour about the Labour web-tech massive cockup.  Even on a level of basic courtesy or cross-party goodwill between people who can handle their political differences like adults. So basically they’re all jerks. But then we knew that. 

    • Lanthanide 22.1

      ““I would have thought it’s like driving past a fire and stopping to have a look.””
       
      It’s a terrible analogy anyway. That would fly if they poked around at the index, saw stuff was available, and clicked on a couple of files, and then left.
       
      The logs show that they were there for over 2 hours on their first access. That’s not “stopping to have a look”.

    • Berend de Boer 22.2

      McFlock, although I can agree with your line that it might have been morally better for someone who encountered this issue with a Labour party website to tell Labour, that is not the real problem.

      I still haven’t received any reply to what the law requires of everyone who stores personal information: they have a duty of care.

      The judge will not ask Labour: did National inform you? No, the judge will ask: what people did you hire, what policies did you put in place.

      This is not about National, this story is how does Labour take care of the information that innocent people give them.

      I would like Kelvin Davis to win in Te Tai Tokerau. You think I’m now going to make a donation to Labour? Yeah, they might have turned the index option on their web site off. But what about all the other goofups they made so someone like Whaleoil could download the data? How can anyone be certain the Labour Party cares with sensitive details?

      • lprent 22.2.1

        There is no criminal liability for Labour – there is no intent.

        There could be civil liability to individuals if they can demonstrate damage.

        The main problem for legal Labour is whatever the Privacy Commission decides. I suspect that mostly what that will consist of is a embarrassing telling off, some kind of instruction about what else they need to do to repair the damage to privacy, and a demonstration that they have secured the system from repetition of this problem (or any others).

        You really are a bit of an legal idiot as well as being a technical one – aren’t you? Ah I keep forgetting that you’re more of a mindless parrot.

        (I must tell my moderator alter-ego to leave this troll here. I like playing with my food.)

        • Berend de Boer 22.2.1.1

          So the moderator finds it OK someone repeatedly uses name calling, and next starts personal attacks on me as well. Wonderful level of “debate” we’re having here.

          • RedLogix 22.2.1.1.1

            You would never dream of threatening to publish a list of private National Party donor names obtained in the same manner… would you Mr Boer? I know Slater wouldn’t for sure.

            That’s all we need to know about your ‘ethics’ and ‘laws’. Grizzling about how you are being treated here is the least of it really.

            • Berend de Boer 22.2.1.1.1.1

              RedLogix, I’m actually on the record as saying that Whaleoil should publish them. The level of security awareness in this country is so disastrous that it doesn’t hurt to wake up some people.

              • RedLogix

                RedLogix, I’m actually on the record as saying that Whaleoil should publish them.

                Trot along to a National Party Exec meeting sometime and suggest they should publish a list of their private donors. Let us know how you get on.

                • Berend de Boer

                  I’ll promise to put them on wikileaks the minute they backup their donors to their public website OK?

                  • Colonial Viper

                    So you don’t believe in publishing them for privacy reasons then, Bore?

        • Bob 22.2.1.2

          So many trolls you think theyed be employed on the set of the Hobbit

      • Colonial Viper 22.2.2

        Yes Labour had a responsibility to secure that data more carefully.

        And others have a responsibility for repeatedly accessing the system without authorisation.

        The police and the SIS will sort it out. I look forwards to their investigations.

      • McFlock 22.2.3

        The story IS about national. The Labour angle is actually pretty bloody boring, and regularly occurs on the internet. Embarrassing, stupid, dangerous, damaging – yes. But not new.

        The new bit is that:

         A) national techs seem to make a habit of examining the competition in detail, beyond just reading labour media releases and speeches, and see nothing wrong with it;

         B)national techs apparently thoroughly explored the vulnerability and at best did nothing about it (hell, I’ve been contacted about website security. It’s a courtesy), and don’t see why they should have;

        and C) did national go further than not tellingthe manager about the large hole in the wall of the bank, did they tell their black muumuu operator about the hole so he could threaten thousands of private individuals with personal details disclosure?

        Frankly, anyone who’s donates to the Labour party or signed up for newsletters on the website should issue privacy act requests to WO and the nats demanding to know what data is held about them. On Monday. 18,000, wasn’t it?

    • The Voice of Reason 22.3

      I would have thought it was driving by a fire and stopping to loot the contents, actually. Slater is lying when he says he routinely checks the background of the sites he links to on his blog. He claims on his video to have done that for the ‘Let’s Not’ website, and that is where he ‘found’ the information. But the reality is that 6 weeks passed before he first linked to the site and when he first accessed the data.
       
      In other words, he was told where to look and what to do by National some time last week and this was very much not routine nor all his own work.

    • PeteG 22.4

      So basically they’re all jerks. But then we knew that.
      That’s the problem. Jerks and attack politics are embedded in party psyches. They think that’s what they must do to win. They think that if they don’t they can’t win.

      Once upon a time politics used to be a battle of wits, now it’s a battle of witless.

      One of the things that pisses voters off big time is this sort of behaviour. It’s not just the politicians that do it, they only lead by example. Blogs like this are rife with abuse, blatant lying and propaganda, and bloggers think they must do it to win. It’s worse than pathetic how much time and effort goes into pointless pitched battles.

      Having different ideals and different preferences is good, as is healthy debate.

      Most of what we see in parliament and on blogs is not healthy debate, it’s not productive, it just winds some people up and turns other people off.

      And this post will be ignored and the blog will carry on as usual, complaining about how bad the other lot is, and why other people’s kids behave badly.

      • Colonial Viper 22.4.1

        If you have a point, you should make it. Instead of adding to the hot air you are noting.

        Because all you are doing now is complaining about all the parties en masse, but that doesn’t make you any different than those who mainly complain about one.

      • lprent 22.4.2

        Ummm. Have you ever looked at how a opposition parties operate in every democracy I have ever looked at? They have a role and that is to be an opposition providing the scrutiny that exposes problems. It is an essential part of how democracies operate.

        Political blogs tend to be the same for much the same reasons.

        • PeteG 22.4.2.1

          Have you ever noticed how poorly democracies seem to operate, including ours? Have you ever noticed how alienated most people are from politics because of the bahaviour of politicians?

          It’s not opposing that turns people off. It’s continuous gross negative nasty over-opposing.

          I suspect many people frequent political blogs because they like a scrap, they like to needle and abuse and slander, and think they can win sly points. That probably won’t change much.

          But surely we can expect that our 120 elected representatives should spend most of their time and intellect and energy to work for us and for the country. Or do people just prefer a mad circus to jeer at?

          We tend to get what we deserve, and we are getting a bloody poor deal from our politicians.

          • Colonial Viper 22.4.2.1.1

            Wow PeteG speaking of the people, for the people.

            Why don’t you get elected first by the people before making your grand pronouncements?

            • PeteG 22.4.2.1.1.1

              What’s your point? Do you disagree that many people have had a gutsful of politicians fighting?

              Do you think political nastiness is just a part of the game? A back alley after closing time is how it works best?

              And don’t see any problems with the Labour data loss?

              • Colonial Viper

                My point is

                Why don’t you get elected first by the people before making your grand pronouncements?

                I thought I spelt it out quite clearly originally but I repeat it here for you benefit.

                • PeteG

                  I wasn’t aware that not being elected eliminated the right to say what one thought, although there are politicians who act like the voice of those who voted them in doesn’t count after the election.

                  When were you elected?

                  • Blue

                    PeteG he ever has been and never will be. because it take balls that Cv doesn’t possess. A sideline shooter, and the champion of mediocrity. (Cue classic bogan abuse and tears and pants wetting). If Labour are too stupid to take the most basic security measures, then fuck them.

          • lprent 22.4.2.1.2

            I always liked Churchills statement

            “Democracy is the worst form of government, except for all those other forms that have been tried from time to time”

            Probably one of the most accurate statements about politics I have ever read. The more you digress into looking at forms of government and how they are implemented, the more you realize exactly how true that statement winds up as being.

            Now on your question, in the times where you do get excessive agreement in democracies, you also tend to find the absolute worst excesses that have occurred in democracies.

            The Eisenhower era in the US comes to mind as one of the worst if you didn’t happen to be one of the ‘right’ people. The high period of the Congress party in India. The current political state in South Africa (which looks to me to be getting increasingly unstable).

            Quite simply if I see niceness breaking out amongst political parties in a democracy, then I’d consider that it is time to depart that society. You are likely to enter an era of the tyranny of the majority.

            • PeteG 22.4.2.1.2.1

              I like that statement too. But there are many varieties of democracy. I don’t see why we should settle on a version that accepts a large amount of negativity and nastiness.

              Society has improved with the spread of democracy.

              It could improve more if we graduated from decile one democracy kindergarten and acted like civil civilians.

              Or do you think we should never try and improve it and accept it how it is? And dream that as long as our lot are elected things will be fine.

              • lprent

                Tell me of an example where it has happened in practice partially or wholly. We’ve had various forms of reasonably modern democracy around a few centuries now.

                I will then point out the flaws that degree of agreement accentuated.

                The distinctive characteristic of a democracy to me is the amount of disagreement that it allows a system to tolerate peaceably. People just like to disagree. Providing a space for it to happen is the defining characteristic of a democracy. It is always bloody noisy, but (mostly) without the blood.

                • PeteG

                  So you don’t have any problem with the bloodless data debacle?

                  Disagreeing and debating is one thing.

                  Political warfare and virtual sedition are surely a bit extreme. And more often than not counter-productive.

                  The Greens seem to be surviving intact ok without the nastiness.

                  • lprent

                    So you don’t have any problem with the bloodless data debacle?

                    Not really. It is a just a minor skirmish that will result in everyone getting a lot more paranoid about data access via websites, and will educate idiots like Whale and whoever authorized telling him at the National party HQ about the legal implications of touching data without authorization.

                    It isn’t exactly the way that I’d prefer it went, but the effect is probably wider. Now I and the other tech heads have a nice NZ example to point to.

                    Imagine how this would have gone in somewhere like fiji?

                    The Greens seem to be surviving intact ok without the nastiness.

                    Ummm you don’t have that much to do with some of their supporters do you? I always remember the GE debates.

  23. tsmithfield 23

    I agree with you Berend.

    Afterall, Slater has only made one donor name public. And for all we know that could have been done with the consent of the donor.

    How many donor details has Labour made publicly available, without the consent of any of the donors?

    • Colonial Viper 23.1

      Afterall, Slater has only made one donor name public.

      The key is who has the data been transmitted to, and for what purposes, not just what has been made public.

      How many donor details has Labour made publicly available, without the consent of any of the donors?

      Yep, that was sloppy.

      Looking forwards to finding out who used unauthorised access into the system and for what purposes.

      • tsmithfield 23.1.1

        The point is though, that arguably, it might be that only one organisation has breached the privacy of donors, and that would be the Labour Party, although unwittingly.

        • r0b 23.1.1.1

          Any duty of care that applied to Labour also applied to National, once they had a copy of the data. Make sure you judge both of them by the same standards! Here’s a hint – tipping off a mentally unwell individual to go access the data – probably not so wise, wouldn’t you say?

          • tsmithfield 23.1.1.1.1

            And the evidence that National tipped off Slater is…? (hint: a denial of the alleged behaviour doesn’t quite meet the threshold of evidence of it).

            • r0b 23.1.1.1.1.1

              The timing of the two respective IP access events, and the very specific wording of what the Nats chose to deny, and not to deny (see original post).

              • tsmithfield

                So your evidence is your own extrapolations and assumptions, because the actual hard evidence doesn’t prove anything?

                • r0b

                  Take it up with the Privacy Commissioner:

                  Privacy Commissioner Marie Shroff today said the Labour Party had alerted her to the case.

                  “I understand the information gained has also been sent to third parties. This chain of events concerns me,” she said.

          • Berend de Boer 23.1.1.1.2

            That is a good point r0b, and I think that’s why very few people will believe that the National Party got close to this, for the reasons you just outlined.

            • r0b 23.1.1.1.2.1

              You mean like they chose not to pass on the minutes that were incorrectly emailed to Gilmore?

              Oooops.

              • Berend de Boer

                Hmmm, I’m missing the point here r0b. I can see the argument that donors to the Labour Party should not be outed.

                But claiming that political material should not be outed after it has been published (the fact that it was on a public web server, publicly accessible, and indexed by Google = the definition of publishing) seems somewhat contrary to the stance this web site no doubt took on wikileaks. Or prove me wrong.

                • r0b

                  I’m not saying that the Nats had no right to use the minutes, and I’m already on record as saying that if there is anything in them that indicates illegal activity by Labour they should go for it. (There isn’t, of course, ho hum).

                  I am saying that your denial that the Nats tipped off Slater is a bit pathetic. That’s what they did with the minutes, and that’s how they run their dirty ops – go read Pagani’s blog linked in the post. You’re pretending “innocence” when you know very well how the Nats work. We all do, now.

                  • Berend de Boer

                    I believe Pagani’s defence could be summarised as: others do the dirty work for the National Party, we Labour are stupid to do the dirty work ourselves.

                    I.e. an admission the Labour Party does do dirty jobs.

                    Really, that was a great defence.

                    • The Voice of Reason

                      D’oh! Strawman alert!
                       
                      You summarise Pagani’s post incorrectly, then say that it’s an admission that Labour does ‘dirty tricks’.
                       
                      Bollocks to that, Berend. There is only one major party in NZ with a proven track record of dirty tricks. Hell, they even made a movie about it.

  24. Bored 24

    TS, to be contentious how does this sound.

    I get my hacker to hack your email address from Thestandard…..have they breached your privacy or have we stolen it?
    I then get my tech whizz to track you down….has the ISP etc breached your privacy or have we stolen it?
    I then get your private information with regard to online banking from your PC and use it take your cash….have you breached your own privacy or have we stolen it?

    End question..is Slater a theif or a reciever (little difference in my book)?

    • tsmithfield 24.1

      It is more a question of whether a duty of care has been breached.

      If you deposit valuable goods with me to store securely, and I leave my doors wide open and the goods in in clear view of anyone who walks past, I would not be guilty of stealing the goods if they go missing. However, I would be guilty of breaching the duty of care you would expect of me. On the other hand, if I had locked the doors and alarmed the building, and the goods are still stolen, I am less likely to have breached a standard of care because I have taken reasonable steps to secure your goods.

      If Slater publishes the donor names without their consent, then he has clearly breached privacy laws.
      However, Labour would also be guilty in that they have not met the expected standard of care for sensitive information. If Labour had incrypted the information, required password access etc etc, and the information was still hacked, then there it is less likely the required standard of care would have been breached as reasonable steps were taken to protect the information.

      • Draco T Bastard 24.1.1

        If Slater publishes the donor names without their consent, then he has clearly breached privacy laws.

        He breached then just by accessing them as he was clearly not authorised to do so. The same applies to National who spent a couple of hours accessing them.

  25. Roflcopter 25

    It was Professor Plum, in the Library, with a lead pipe.

  26. jackal 26

    It seems to me that Oil lard is presently undertaking a game of smoke and mirrors that too many people are buying into. He’s obviously not intelligent enough to have found the loophole and in my opinion was coached as to what to exploit. The evidence now points clearly to National acting in a way that is not appropriate. I think they have overplayed their hand and will come up short when further details emerge and people start investigating a little deeper.

  27. infused 27

    Urgh, everyone here is talking shit. Some facts

    * The web server (apache) was misconfigured to show directory listing
    * There was no security hole. The server was misconfigured
    * Backups were on a public site. Even if directory listings were denied, this is still a very bad practice.
    * Backups (SQL Dumps) were stored in clear txt. Could have atleast put passwords on zip/tar archives.
    * No senstivie data should be stored in a websites directory structure. It could have been stored in a lower directory (Out of the root folder)
    * There was no security hole
    * There was no security hole
    * There was no security hole
    * A simple web security scan would have picked this up

    Please do some research before actually debating these points as most of you clearly have no clue.

    Thanks.

    • Colonial Viper 27.1

      * A simple web security scan would have picked this up

      Wait. You’re saying that a simple web security scan would have picked up the fact that:

      * There was no security hole

      ????

      Not likely, since you just contradicted yourself.

      Seems to me like you stated that a “simple web security scan” would have immediately picked up on the fact that there was indeed a “security hole”.

      * There was no security hole. The server was misconfigured

      The server misconfiguration created a security hole.

      • Berend de Boer 27.1.1

        Colonial Viper, again and again, till I’m banned: the server misconfiguration was a screwup. That might happen. In itself that’s not very important, who cares if you can browse directories?

        The malpractise part is putting your backups in the web root. That won’t go down well with the judge.

      • infused 27.1.2

        CV. Please go get clued up. Some websites are MEANT to be configured like this, it’s a legit config, hence misconfiguration. A security scan would have warned. I am in no way contradicting myself.

        • lprent 27.1.2.1

          Partially agreed.

          If it was the default website issue I was talking about earlier (000-default) then I would have picked it up if I’d looked in sites-available.

          But an external security scan would have only picked it up if the IP was not in the main sites configuration (which I gather it was) or they scanned for an inactive URL where the configuration had been removed.

          It is hard to automate checks for negative situations.

          • SHG 27.1.2.1.1

            It is hard to automate checks for negative situations

            Agreed. Nothing can replace oversight by a human who knows what to look for.

    • Berend de Boer 27.2

      infused, the fact that the backups were in the web root was lamented by a moderator here: http://thestandard.org.nz/blown-up-in-nationals-faces/#comment-340358

      Clearly Labour failed in their duty to care. I think most people have realised that now. The spin is now to make this a story about National.

      [lprent: It is also an outright lie about this site. The duty of care and questions about Nationals role were in the first posts and comments on the topic. Go away, you appear to be too stupid to interact here. That is just outright trolling where you’re trying to define the story without discussion. ]

      • Colonial Viper 27.2.1

        Labour did fail to safeguard and care for that data.

        Problem for National and Slater now is that there are likely grounds for a criminal investigation.

        The spin is now to make this a story about National.

        Yes it is, and especially how National are willing to undermine peoples’ privacy and play dirty politics through proxies just because they saw a slip in their polling numbers.

        • infused 27.2.1.1

          How are there grounds for a criminal investigation?

          • SHG 27.2.1.1.1

            Well if Labour has breached the Privacy Act, it should be investigated.

            • lprent 27.2.1.1.1.1

              It is. Tell me did you read the post?

              Privacy Commissioner Marie Shroff today said the Labour Party had alerted her to the case. “I understand the information gained has also been sent to third parties. This chain of events concerns me,” she said. People affected by the data breach could contact her office, she said.

          • mickysavage 27.2.1.1.2

            Feck
             
            Because Slater and the staffer accessed the data without authority. And just because it was accessible off a website does not authorise people to access it.

            • infused 27.2.1.1.2.1

              Having it on a *public* web server kinda does.

              • McFlock

                I think that at the very least that is an extremely arguable position. A reasonable person would look at the server and personal details available and realise that the data should have been secured, and that it being insecure is almost certainly unintentional. So any inferred authority would be uninferred pretty bloody quickly.

                If it was on the “super free no information should ever be private” party’s website, maybe. But it’s not standard practise.

                • A reasonable person would look at the server and personal details available and realise that the data should have been secured, and that it being insecure is almost certainly unintentional. So any inferred authority would be uninferred pretty bloody quickly.
                   
                  That is it in a nutshell.  The provision of the Crimes Act talks about the accessor being “without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.”  I cannot think of someone being more reckless than in this situation where they see the site is crippled but still have a look.
                   
                  Gee this post is interesting.  New commenters popping up and arguing the same point over and over again, makes you think it is planned.
                   
                  It is noticeable too that Whaleoil has gone quiet.  Hopefully he is worried about his legal position.
                   
                   

      • RedLogix 27.2.2

        For me the real story is how ethically challenged and untrustworthy right wing supporters and spin suckers are demonstrating themselves to be.

        You find a wallet lying in the street. It’s got an address and contact details in it, but it’s also full of cash.

        What to do? Oh dear…. the dilemma!!

        (And how many ways can are there to justify about being a total arse here.)

        • McFlock 27.2.2.1

          I’m fascinated that they just don’t get it. 

          It’s one thing to accidentally walk around with your fly open. You look like a dick, and could upset people if you’re going commando. But it takes a real cock to not quietly give you a chance to zip up before making a hullaballoo.

        • Draco T Bastard 27.2.2.2

          For me the real story is how ethically challenged and untrustworthy right wing supporters and spin suckers are demonstrating themselves to be.

          /agreed

      • William Joyce 27.2.3

        On behalf of all my brethren (non-Exclusive, that is) on the left, can I extend a heart felt vote of thanks (and a doff of the workmen’s cap) to all those people of the right who have so generously and selflessly taken time out from their schedule, of shaping the world in their own image and saving us from ourselves, to point out to us how someone in the Labour office did something wrong.
         
        I only wish more of my brethren had been so quick as to accept that a mistake had been made………..Oh, that’s right….they did, over and over and over again.
        This thread has devolved into a child-minding service for the learning impaired.
        There is no doubt, and it has not been denied by most of the contributors here, that someone in the Labour office fucked up.
        Soooo, in words of few syllables (for the learning impaired from the right),

        “When you say that some-one in Labour did a bo-bo you are right”.

        We agree! You’re right! Well, done! You’re just so clever! That’s why we want you to rule the world!
        And Berend, take your OCD meds as repeating “Clearly Labour failed in their duty to care” just shows that you not reading what other people are saying here. It takes someone of the right to deny the blindingly obvious and that is not what is happening here. There is agreement that something went wrong with the website. Time to move on!
        The issue is, in this new world of property rights, privacy and data ownership on the web, did National and Whaleoil commit a crime by intentionally copying & storing that data, by disseminating that data, by making that data available to other parties who also did not have a reasonable excuse for possessing that data.

         
         
         
         

        • PeteG 27.2.3.1

          did National and Whaleoil commit a crime

          What is National accused of doing?
          Is there any evidence National copied any data?
          Is there any credible claims that they copied any data?

          • lprent 27.2.3.1.1

            Have you read the post?

            Those crowing about Labour’s techies being silly enough to leave a security hole should also remember that National’s were apparently too dumb to work out that they were leaving their IP fingerprints all over the place. The data logs, which have been distributed to The Standard and other media, clearly show a National Party HQ IP using the backdoor into the Labour Party site for 2 hours, days before Slater first visits.

            National Party president Peter Goodfellow said that was a “beat-up”. A head office staffer accessed the data but only out of concern that National’s own website had similar vulnerabilities.

            What do you think ‘accessed’ means? How do you access material across the internet? What happens when you read this page?

            At this point we know that someone over National Party headquarters downloaded files. What we don’t know is if they had any information in them that would be of concern to the privacy commission.

            • Pascal's bookie 27.2.3.1.1.1

              also, from the nbr link:

              [National party] Staff were looking into whether the data had been retained, but Mr Goodfellow would not give an undertaking to destroy any details still being held.

            • PeteG 27.2.3.1.1.2

              If someone went to the site and was automatically shown the directory then they have accessed the site but done nothing wrong (I’m not trying to suggest that’s as far as it went).

              You say you know “files” were downloaded but don’t know which files? That’s slim evidence. Presumably if you knew which files you would know if they were a specific concern.

              I don’t agree with anything being copied off. Fair enough embarrassing someone over the lack of security but that’s as far as it should have gone.

              The price parties pay for promoting an oppositional and fractious democracy.
              You reap what you sow. Unless it’s pissed on to much.

              • lprent

                Eddie has already looked at the logs that were sent to the journo’s. He can tell you which files were accessed. I’ve asked to get a full copy of the logs (the Labour people tend to trust me to hold stuff without dispersal).

                The look at a directory will show up in the logs, as would any file downloads. What won’t show is if people have deleted the files after they downloaded them on their machines. What I can find out is some details about what their pattern was.

              • McFlock

                “I don’t agree with anything being copied off. Fair enough embarrassing someone over the lack of security but that’s as far as it should have gone.”

                If they even viewed a file that counts as being “copied off”. That’s why browser caches are so useful to the police investigating objectionable publications.

  28. LynW 28

    Well I have followed this topic, reading all the relevant comments on The Standard, since receiving my email from Mr Chris Flatt. As a first time donator contributing to the ‘stop asset sales cause’ because I feel so strongly about this issue, it now transpires that my details have been accessed. To me it is very simple….if this is in fact so then I have been violated by the thieves who maliciously took information not intended for them…the bottom line really is INTENT.( as lprent has already stated) The bullying threats about publication just make the whole issue even grubbier. I am glad to hear Labour have tightened up the security of their site and I am sure they have learnt a valuable lesson. It will be interesting to see where this leads.

  29. This situation sickens me. I have been notified that my details have been accessed. I really dont care about my political preference being known. Indeed I like most labour supporters are not inclined to be shy about our personal preferences. I see this situation as a real blunder on the part of Labour central, however my contempt for those who have exploited the blunder is very fucking deep. The fact that my personal political involvement is now in the hands of the government, without my consent, is the heart of the issue for me.

    Those within government who found themselves exposed to the information had a moral, and a constitutional duty to protect the interests of the citizens involved, regardless of the political interest which exists. The Nat/Act/MP government has a duty to protect freedom of association and rights to privacy for all citizens and that should take precedent over political interests. That the Nats supporter slater is threatening to publicise the list is a real reflection on how low this government will go. This issue is bigger than internet security, it goes to the heart of what is democracy and must not be allowed to be swept under the table.

    • Vinsin 29.1

      Exactly, very well put Alexandra.

    • Tangled up in blue 29.2

      I see this situation as a real blunder on the part of Labour central

      I really hope Labour does more than just focus on Slater and the Nats. Someones head has got to roll for this huge stuff up.

    • PeteG 29.3

      Those within government who found themselves exposed to the information had a moral, and a constitutional duty to protect the interests of the citizens involved, regardless of the political interest which exists. The Nat/Act/MP government has a duty to protect freedom of association and rights to privacy for all citizens and that should take precedent over political interests.

      An interesting comment and I’d back that. I doubt National has any control over Whale, but if it was in their hands they would have looked best by far if they had advised Labour of the exposed data and supported keeping private data private.

      Instead we get the usual political war games with no care about collateral damage. Lprent suggested our adversarial form of democracy is just how it’s done. Surely we can do better than that.

      And I agree to on the mistake, it was significant but was human error, if there was no maliciousness involved no one deserves public condemning to the naughty corner.

      Something that’s common in politics is to instantly push for resignation on any discovered mistake – that’s all part of the people don’t matter attitude.

      • Draco T Bastard 29.3.1

        Instead we get the usual political war games with no care about collateral damage. Lprent suggested our adversarial form of democracy is just how it’s done. Surely we can do better than that.

        Did you miss the bit where lprent also said that it’s expected courtesy that when such a breach is found that it’s reported to the web admin?

        Yes, we have an adversarial political system but that shouldn’t extend to the point where peoples private information remains publicly available because one group either wanted use it for political point scoring and/or didn’t think that it was any of their concern. The only reason why it was left open so long was because National chose not to do the morally right thing.

    • Colonial Viper 29.4

      Undermining the legal and legitimate functions of a major political party via potentially criminal means is cause for the police and SIS to investigate.

  30. Who's to Blame? 30

    Shouldn’t the development firm responsible take the blame?

    http://markhansen.co.nz/labour-party-leaks/

    It could have happened to any of the parties.

  31. “I really hope Labour does more than just focus on Slater and the Nats. Someones head has got to roll for this huge stuff up.”

    Read the rest of my comment fuck wit! Ok to be fair i’ll spell out what I was saying in a way that you might comprehend. Labour central made a blunder commonly known as a mistake…no malice intended…a mistake!. I understand mistakes we all make them. What the goverment did with the information is malicious and opportunistic and unconstitutional perhaps even illegal….Very wrong, bad bad bad…get it?

    • Tangled up in blue 31.1

      Settle down precious. My comment wasn’t aimed at you.

      It is a genuine concern that no one from Labour will be held accountable. Someone definitely should as this gigantic blunder is unacceptable.

      It’s not yet know if the Govt. passed on the information. If it can be shown that National has done this then yes they should be held accountable also.

      • lprent 31.1.1

        They are busy with trying to get the damn thing fixed first. Blame is something that you look at after you have everything solid again.

        But as far as I can tell there is no particular expertise inside labour at running websites. They hire those skills in.

        But it looks like a simple idiotic error.

        However what the national party and whale have been doing has been quite deliberate, reprehensible, and has a good probability of being illegal

        • Tangled up in blue 31.1.1.1

          I hope this turns out to be the case.

          • Alice 31.1.1.1.1

            I swear to you as clear as the moment I spoke in your ear. The future is ALREADY- done and dusted!

            Your name is VICTORY.

            I’m not fucking you around. We have already succeeded.

            Mother IS past, present and future (in one). She is HERE.

            “Hello IAN.”

  32. “precious” so you are a patronising wanker as well!

    • Tangled up in blue 32.1

      You started hurling abuse, bro.

      Who do think should be held accountable, and for what precisely?

      The Labour Party is responsible for this, and accordingly blame should be laid at the feet of the Party Secretary. For not ensuring that private donor information isn’t made available to the public. Duh.

      [Read the thread. It took two to make this tango, someone in Labour made a fuckup (which has been acknowledged clearly from the start), but National and Slater in particular have exploited that mistake with egregious bad faith. At some point merely repeating the same discredited line that’s been refuted repeatedly just gets annoying. Which is trollish behaviour….RL]

      • mickysavage 32.1.1

        Latest troll line is that it is all Labour’s fault and heads should roll.

        I know many of the people involved and my name will be in the files downloaded.  Someone may have fucked up but I for one am willing to forgive the fallibility of the humans involved.

        I cannot forgive the deliberate, calculated actions of the staffer and of Slater.  They both should be investigated and prosecuted to the fullest extent.  They have deliberately taken data they knew they were not permitted to have.

        Simple really.

      • McFlock 32.1.2

        duh.
         
        Bit early to say “no one from Labour will be held accountable”. By the sounds of it there’s a significant amount of investigation going on – it’s not like they just automatically  said “it’s not a good look” and took it no further, or tried to blame the tech company that hadn’t held the maintenance contract for 2.5 years, or just made shit up in the house  used figures about which there had been no advice from the ministry, or (etc etc etc)…

        • Tangled up in blue 32.1.2.1

          I said It is a genuine concern that no one from Labour will be held accountable. And I also said that I really hope that someone is.

          This is not me defending Slater or what dodgy National may have done. Like I said, if it can be shown that National has done this then yes they should be held accountable also.

          • McFlock 32.1.2.1.1

            why is that particularly a concern? Labour have a pretty good track record of holding people accountable for their cock-ups, unlike national who just try to ignore it.
             
             

  33. Google Pro 33

    The list of donors is available (perfectly legally) on the internet, if you have the wits to find it. What has surprised me is how tight-fisted the contributors are. Some of you need to put your money where your mouths are.

    • Campbell Larsen 33.1

      Money is easy to give, if you are rich and have a lot, it is far more meaningful to contribute your time and energy for free, as many people do here, for something that you believe in.
      You should try it instead of filling the ether with money judgement at the behest of your master for a few pieces of silver.

      • Google Pro 33.1.1

        I’m pretty sure the art-collecting psychiatrist who gave $15 was not constrained by lack of cash. I do hundreds of hours of voluntary work each year, and have no master or political affiliation, so don’t fill the ether attacking straw men.

        • Colonial Viper 33.1.1.1

          Thanks for the timely warning that Right Wing nastiness and intimidation from this incident will have no bounds this year.

          I do hundreds of hours of voluntary work each year

          Yeah sure, and the National Front appreciates it.

        • The Voice of Reason 33.1.1.2

          Hey, google pro, nobody here is interested in identifying donors. Might I suggest you fuck the fuck off?

          • Google Pro 33.1.1.2.1

            Is that what passes for reason in NZ these days?

            • Colonial Viper 33.1.1.2.1.1

              It’s not reason it’s telling you to fuck off.

              Shit these Righties are getting dumber by the day.

  34. jabba 34

    if Whale OR the National Party have broken the law, they will be prosecuted just the the person or persons who leaked the Brash e-mails to Hagar.
    If they don’t get at least charged, then you lot are talking rubbish.
    simple really

  35. Colonial Viper 35

    LOL looks to me like the National Party apparatchiks and their professional advisors over in Australia have fucked up their cunning sums yet again.

    This thing is going to play out over the next week or two.

  36. tsmithfield 36

    If I was a donor, would I be more pissed off at the Labour party for making the information easy to get, or with Whale Oil for poaching it?

    If I had entrusted goods to someone to look after, and they left the house unattended, the door wide open, and the goods in full view, and the goods were stolen, I would feel much more pissed off with them than with the thief. Afterall, it is the natural behaviour of a thief to steal something, and it is expected behaviour for someone entrusted with valuable possessions to take reasonable steps to protect those goods on behalf of the owner. This is what the law of bailment is all about.

    Applying this to the current case, webmasters should assume that predators such as Slater are roaming the web. Webmasters therefore should take precautions to prevent access. Those contributing donations etc would be justified to assume that those precautions had been taken, and would undoubtably be very pissed off to learn that Labour hadn’t applied a reasonable standard of care. They probably would not be surprised that Slater had taken the information given that they would expect him to take any opportunity that presented itself, but more surprised and annoyed that the opportunity had been given in the first place.

    • lprent 36.1

      Good to see that you think that the National Party and Whaleoil are thieves. Of course we’re highly irritated with Labour – but that was an accident and not deliberate.

      We are even more pissed with people who deliberately thieve data and use to implicitly threaten people. Or do you think that they took it to use for our benefit?

      If not, then why didn’t they simply tell Labour they had a problem rather than downloading the data, and then broadcasting that the site was accessible across the media and the web. Do you think they acted in a responsible manner or a reprehensible one?

      • Blue 36.1.1

        Would Labour have told National they had a problem with their server, I highly doubt it. To claim otherwise is the stuff of fantasy. At the moment Labour need all the help they can get, do you seriously think they would just quietly tell National, “we can see all your secrets”? Of course not. I think its hard to take some sort of high moral ground when Labour are still snuffling in the trough of Parliamentary Services budgets as of right. I can guarantee were the shoe on the other foot, the behaviour would be no different. Probably worse if Mallard was involved. The “benefit” of the data, for what its worth depends on your perspective. Don’t believe Slater is going to release credit card info etc, what is there to gain for that ? I imagine Labour and others would be quite pink and hysterical with quivering delight if they had access to donor records of National. I thought, however, the levels of Labours donations were disappointingly small, so no big deal. The reality is Labour once again has messed up. Failing to protect the anonymity of donors is truly unprofessional. I think as far as illegality goes Slater may well be investigated, and i predict a result similar to Hagers implicitness in the theft of Brash’s private emails. Absolutely nothing will happen, because nothing illegal occurred, not matter how it is spun. If Slater is guilty so is Hager.

        • Armchair Critic 36.1.1.1

          “The other team did it too” has always been a poor argument. But “the other team would have done it” adds a degree of speculation that makes a bad argument even worse.
          Whether you think Labour wouldn’t have told National is immaterial – it was still wrong to access the data.

          • Pascal's bookie 36.1.1.1.1

            And people who guarantee philosophically unknowable propositions, tell you all you need to know about what their word is worth to themselves, but nothing else.

        • RedLogix 36.1.1.2

          Would Labour have told National they had a problem with their server, I highly doubt it.

          I can’t answer for Labour, but I can say that I believe if Lyn Prentice had discovered it he would have.

          In fact I’d like to think that most grown-ups would, on all political sides. The fact that there are at least several National party stooges neck-deep in this, and so many supporters here justifying it… has to be a worry.

        • Draco T Bastard 36.1.1.3

          I can guarantee were the shoe on the other foot, the behaviour would be no different.

          Projection.

        • Alexandra 36.1.1.4

          Difference is Hagar is not the ruling political party. Slater is merely the messenger not the thief.

    • RedLogix 36.2

      Afterall, it is the natural behaviour of a thief to steal something,

      Have to agree; it’s we’ve always understood that it was the natural behaviour of National Party stooges to steal anything that isn’t bolted down.

      But otherwise ts, that’s got to take today’s first prize for self-deception.

    • Armchair Critic 36.3

      If I had entrusted goods to someone to look after, and they left the house unattended, the door wide open, and the goods in full view, and the goods were stolen, I would feel much more pissed off with them than with the thief. Afterall, it is the natural behaviour of a thief to steal something…
      Rubbish. The thief is the person who did the wrong thing.
      It’s not okay to take something that you know you should not be taking. The amount of effort you need to go to, in order to obtain the thing taken is irrelevant to the wrong of taking it.

  37. Tazirev 37

    Is it possible that someone hacked in, relocated files to a public/root folder then advised other parties to look in this location???

    [While obviously not impossible, it’s a wholly unsubstantiated speculation. Not useful. RL]

  38. aspasia 38

    As someone whose information may have been exposed as a result of the incursion into Labour’s databases,this thread has produced two reactions in me:
    1. Intense irritation at such ignorant repeated misuse of legal principles and terminology, even when knowledgeably corrected by a better informed commentor
    2. Motivation for a trip to my bank website to substantially increase my monthly automatic payment to the Century Fund. Well done trolls in succeeding where Party mail out appeals have previously failed!

  39. Billy Fish 39

    Have the posts on this subject set a record for number of comments?
    Amazed by the amount of commenting done on this, also on the other media sites. For some reason a LOT of people felt the need to comment on this one in a lot of forums.

    Memo to self, strat viral ad campaign for web security services

    • r0b 39.1

      I think one of Irish Bill’s posts on the Hobbit sell out clocked over 500 comments, from memory…

  40. Rijab 40

    Why are we continuing to offer Whale an audience on this site? I believe the left is quite in the right on this issue; Nats/Slater are attempting to take the political campaign into the gutter, because they know that’s where they’ll win, and yes it’s worth pointing out on a blog such as The Standard, but is it really worth continuing it for days? For what gain?

    Slater continues to antagonize Standard contributors whilst they take his bait; it’s a vicious cycle to watch and it needs to stop! He’s good at what he does, and we don’t need to try and compete with him for that title because the left is better at doing what matters; representing our fellow New Zealanders who need and DESERVE a voice.

    If the left wants to win this election they will do it through TRUST; through pointing out these tactics employed by National and their cronies, but nothing more; through appealing to the electorate with confidence and a sense that they can stand above such disgraceful politics even while Slater and co try their hardest to undermine them.

    The Standard would be wise to cease this pathetic war with Cameron. His gutterball is only continuing to be effective because he’s getting a reaction. Whatever battle you’re trying to fight you won along time ago but you’ll never convince him and his supporters; he hasn’t released the list and it’ll just do him disservice if he does. National has admitted they went digging around. let them try take this election in to the gutter but do NOTHING MORE than point out that fact, there’s simply no need.

    I’ve talked to a few kiwis about this NON-issue, and the responses I’m getting is usually along the lines of ‘why is this news?’ etc… the electorate will turn to the left and those representing their positions if given a reason to; we don’t want to give them reason to turn away. Generally people aren’t holding this against Labour; the people who ARE politically minded (not the ‘why is this news’ ones) can see it’s a politically motivated attack, even if they can see Labour was stupid for allowing the breach. So essentially, the ones continuing some pathetic war with Slater are merely hurting the lefts chances in holding their heads above ground.

    STOP, THINK; Why do we give Slater time? My name could show up on any list he releases but I’ll get over it; it’s not going to stop me seeing through Nationals policies this election. Stay out of the gutter this year guys; for the sake of the nations future, the left can’t afford to lose this election because the campaign descends into silly scum politicking.

    • Colonial Viper 40.1

      Not sure that the unauthorised access of thousands of New Zealanders sensitive personal and contact details can or is considered a NON-issue.

      Many NZers give to causes that they believe in, whether they are charities or whatever. Once they realise that this could easily have been their information which was attacked and distributed, I think they will understand the seriousness of the incident.

      PS The Standard has no wisdom, it is a website.

      • Rijab 40.1.1

        It’s not a non issue to political geeks; but to the wider public who are dealing with

        1) another serious earthquake which is going to cause further strife for the Govt
        2) Rising food prices
        3) job security going faltering in the last few months while the social net to fall in is attacked
        4) the loss of their sovereignty
        5) the loss of their future.

        Think about it; people look to political ‘geeks’ and assess the ideology they represent based on the way they react to issues; they want people talking about the things that matter, sure they want to be made aware of the tactics used in politics but they don’t want the whole election to descend into some nasty battle of who has the better game when it comes to playing dirty.

        You can sit and debate the issue all you wish; you’ll get no where. Slater and his supporters will sit here and troll you, they’ll do it till you start to make mistakes they can further exploit and point out to everyone. Labour made a mistake, National and Slater chose to exploit this rather than stay above board and people are more than capable of working that out for themselves.

        The Standard has much wisdom, but if you treat it as a website you’ll only ever see it as such.

        • Colonial Viper 40.1.1.1

          At a guess, over 95% of people in New Zealand have never heard of or seen The Standard.

          What goes on here is a little little bubble. So why be afraid of Slater and National pointing out our “mistakes” on The Standard? I would argue a simple fact: real boats rock. So nothing to be afraid of there.

          And I believe that you’ve mistaken what the Righties do here with their trolling. They are not waiting for some kind of mistake, they are testing out spin and hoping to tie up a few Lefty activists ineffectually in front of PC’s 🙂 If The Standard is a tool which indeed gives aid and comfort to the enemy, that is it.

          The Standard has much wisdom, but if you treat it as a website you’ll only ever see it as such.

          It’s only a website. A machine with no intelligence. The connections of ideas and people made here, that’s a different story.

        • Carol 40.1.1.2

          As far as I can see on this thread, the reason it’s got so many ccomments is because of the astroturfers and other righties arguing the case – same as with the Hobbit thread. They seem to act as if there’s some mileage in constantly repeating their diversions and misinformation and inaccuracies on this issue.

    • r0b 40.2

      STOP, THINK; Why do we give Slater time? 

      We’re not giving Slater time (heaven forbid) – we’re giving the Nats a hard time.  That’s one of our main mission statements really.

      There will be more on this “tomorrow” in the morning post, but then my guess is we’re probably done with it, unless there are any new developments.

      It’s not a non issue to political geeks; but to the wider public who are dealing with

      Perfectly true and fair. But again, we believe that one of the best ways to help the wider public is to change the government.

      • Rijab 40.2.1

        R0B: I am being a little overly dramatic, I’ll admit that. Yet I’m just trying to reinforce the point that we should be careful of the direction this is heading; Slater obviously has more shit to throw and I just don’t want to see The Standard full with hundreds of hours of wasted time spent debating how bad Slater is when it could be spent debating how bad National is. Lets be honest, Whale is the cause of a lot of wasted breathe in this thread.

        CV: The Standard serves a political purpose in the new information age and it is sources such as this that will increasingly guide the way some citizens interact with politics in the coming years. It’s important that it doesn’t just become a forum for shit throwing; though I do realise the importance of robust debate on meaningful and important issues, and obviously sometimes a little shit will inevitably fly. It should be seen as more than a website; a website is http://www.stuff.co.nz or http://www.trademe.co.nz – thestandard.org.nz has purpose, has structure, and facilitates an important function in a 21st century democracy.

        “So why be afraid of Slater and National pointing out our “mistakes” on The Standard?”

        It’s not about being afraid; it’s merely about wasting time and that’s the whole idea behind these sort of lame gutter tactics. The Standard can often create reasonable and robust debate that does have a positive impact, no matter how wide you may perceive that impact to extend.

        *edit: Ok I now realise I’m falling prey to the debate… haha I’m out for the night! 🙂

  41. Big Bruv 41

    God I love watching the left go crazy when they receive a dose of their own medicine.

    Suck it up guys and gals, you have been caught stealing from the public again, take your punishment and resolve never to use public funds for your own ends again.

    OH…..hang on…this is the Labour party.

  42. Bored 42

    Just scanned the 346 comments to date…lots of agument about the technical details of the theft of information (have no doubt regardless of how insecure it was a theft was committed), lots of debate about the legality. After all that only one conclusion for me, the usual RWNJs are displaying their usual amorality. Their moral compasses point toward criminality as the basis foo society. See you in court lads.

    PS Big B…5.36am and trolling, is all that unctious RWNJ fury keeping you awake?

    • burt 42.1

      After all that only one conclusion for me, the usual RWNJs are displaying their usual amorality.

      Yes, you could call them Hollow Men and gloat about getting public funding for a play about the stolen publicly available information.

      But hey, I’m reading your publicly available comment and I copied and pasted a bit of it into my comment – I must be a criminal….. But I have one question.

      Who was responsible for the privacy of the members and donors information?

      • The Voice of Reason 42.1.1

        Once they found it, the National Party.

        • burt 42.1.1.1

          Right, so Labour, required by the privacy act to take reasonable care of their members and donors information didn’t and now the National party are required to. What color is the sky in you la la land ?

          • felix 42.1.1.1.1

            Yes, it looks like Labour fucked up. And then when they knew there was a problem, they immediately took steps to secure the confidential personal info that they should’ve secured in the first place. Idiots? Probably, I don’t know much about this sort of thing.

            National on the other hand having found there was a problem, rather than taking steps to have it fixed (i.e. informing the idiots that they were doing it wrong) threaten to publicly release the confidential personal info (and who knows what else they’re doing with it right now?)

            Idiots in one instance, cretins in the other.

            So yes, Labour were responsible for the confidential personal info of private citizens and they fucked it up.

            Do you think the Nats, once they found the confidential personal info, had a duty of any sort to the private citizens whose info they now held or not?

            • Bored 42.1.1.1.1.1

              QED Felix, as stated RWNJs have no moral compass. Burt goes the extra step, no brain either.

              • burt

                Do you think the Nats, once they found the confidential personal info, had a duty of any sort to the private citizens whose info they now held or not?

                Of course they have a responsibility to protect it – but apparently the whale could put it in a public place on a publicly funded web server and the only people doing anything wrong would be the visitors to his site that find it, read it and talk about it.

                • Colonial Viper

                  Distributing stolen materials on a public street doesn’t make those materials not stolen.

                • felix

                  Ah I see where you’re coming from now burt.

                  Of course, to get there I would have to pretend that either:

                  a) Cameron didn’t blog about, promote to the herald, make youtube videos about and generally bring as much attention as he could to the info (admittedly he pulled his signature move and chickened out at the final hurdle, but let’s not pretend he didn’t want to make good on his threats)

                  or

                  b) that Labour did any of those things.

                  • burt

                    felix

                    Not quite sure what you are saying there felix, but I’ll take a wild stab. Are you saying Labour never advertised/promoted their web presence ?

                    Look it’s simple felix. The whale has something that isn’t his. He found it in public view and it’s probably still available in google cache’s. Currently the whale is being a better custodian of said data than Labour were. The muppet’s in this equation are Labour. I know you agree with that, you said yourself they f’d up.

                    BUT: Who is was responsible for the privacy of the members and donors information?

                    Let me guess, their name is also on the list of exposed details and said person is currently having counseling for the invasion of privacy and will be back at work for a promotion to ‘Marketing Manager’ in about two months. You can’t see the data now so “Move on”.

                  • burt

                    felix

                    .. his signature move…. GOLD!

  43. BillE 43

    Cameron Whale is just a political pantysniffer who quite honestly is staring down serious jail time if he doesn’t get his medications under control.

    Farrar keeps holding his hand because by having the poor little spoilt rich daddys boy around makes him only the second most hated man in new zealand politics.

    These boys need real jobs.

  44. djg 44

    BillE, I think you will find that Farrar has a successful company, I don’t think he needs a job.

    lPrent have you checked the logs yet to see if data was downloaded by National ?

    You commented yesterday that you had received the logs and it would be very easy with your skills for you to see what they did. It would resolve lots of the guessing as to who did what and when.

    Is it correct for example that after the Labour people were notified the site was still open and the backups were still available the next day?

    • Colonial Viper 44.1

      BillE, I think you will find that Farrar has a successful company, I don’t think he needs a job.

      Correct. He gets jobs from National.

      Is it correct for example that after the Labour people were notified the site was still open and the backups were still available the next day?

      Oh nice smooth casual disinformation drop there! Style bro.

      For your information Labour was notified at 11:58pm, and the next day 4 minutes later at 12:02am the back ups were indeed still available*.

      Your point?

      *OK I am making this shit up but djg started it 😀

  45. BillE 45

    Those young boys have fucked up, this a new low in New Zealand politics and everybody knows it.

  46. Frank Macskasy 46

    Anyway, Slater has kind of done Labour a favour.

    For one thing, he’s reminded me to send of that donation-cheque I was meaning to, but have kept forgetting.

    Secondly, I guess this is the “warning shot across the bow” of what to expect this election campaign. For starters, I would suggest that all Labour and Green MPs, and electorate officials, be very careful what they throw into their rubbish bins in the next six months…

  47. Jum 47

    No matter which way this is looked at NAct are scum. TV3 are scum in that they allowed a cretin who openly stalks, makes up lies about and played particularly nasty personality politics against Helen Clark.

    However this is spun NAct and the media are now proven bottom feeders. Any thought of integrity in their thinking or investigative journalism is now beyond saving. Any poster on this site who could possibly still want to defend this reprehensible action and sleazy denial are the very people who want to steal New Zealanders’ autonomy and their assets.

    Hollow men and women the lot of you NAct thieves of our democracy.

Links to post