The truth is coming out about National’s taking of data from a Labour web site. The National Business Review reports:
National admits Labour data breach – but denies passing names to Whaleoil
National admits Labour data breach. Of course they didn’t need to actually pass the names to their pet blogger, just send him a carefully written set of instructions as to how to do it himself.
The National Party has admitted exploiting a security hole in the Labour Party website but denies passing data to a right-wing blogger who plans to release the names of Labour Party donors.
Admitted exploiting a security hole. So not just lying about to be read then, a security hole to be exploited.
The Privacy Commissioner has raised concerns and is monitoring the situation.
Yeah I’ll bet. I genuinely hope Slater stays calm and doesn’t publish his list of names, because he really doesn’t need any more legal strife in his life. His comments elsewhere suggest he has backed down on his threats to publish the private data – and that’s all his supposed ‘scoop’ consists of. No doubt he has had legal advice on the consequences – both under the Privacy Act and the Crimes Act.
The confession means lawyers’ opinons sought by NBR now apply in part to Natonal’s situation as well as Whaleoil blogger Cameron Slater …
Confession. No doubt the Nats are desperately pressuring Slater to shut up. This has blown up in their faces. Their line has suddenly changed from ‘look what we’ve got – mega-scandal coming!’ to the much weaker ‘ha ha, Labour left its backdoor open’
Those crowing about Labour’s techies being silly enough to leave a security hole should also remember that National’s were apparently too dumb to work out that they were leaving their IP fingerprints all over the place. The data logs, which have been distributed to The Standard and other media, clearly show a National Party HQ IP using the backdoor into the Labour Party site for 2 hours, days before Slater first visits.
National Party president Peter Goodfellow said that was a “beat-up”. A head office staffer accessed the data but only out of concern that National’s own website had similar vulnerabilities.
Come on guys – you had hours – that’s the best you could come up with? It’s worse than the dog ate my homework!
Privacy Commissioner Marie Shroff today said the Labour Party had alerted her to the case. “I understand the information gained has also been sent to third parties. This chain of events concerns me,” she said. People affected by the data breach could contact her office, she said.
There are some similarities between current events and both the Hollow Men leaks and the taping of conversations at National’s conference in 2008. But do keep in mind one important difference. Whereas Labour wasn’t involved in either of those events, the Nats ran this one out of their head office. They would have kept quite and let Slater front it, but they got caught out by the IP logs. In short, National ran a grubby, amoral little operation, with no point except to intimidate innocent individuals. Fortunately for everyone it has blown up in their faces.
Update: Did National have a moral duty to inform Labour about the security hole instead of exploiting it? Of course they did. In the same way that Phil Goff quietly let Key know about Worth’s unsavoury behaviour weeks before it became public. Labour and National have very different standards in this respect.