If I forget to lock my front door before leaving the house is that an open invitation to come and help yourself to my worldly possessions? According to the Crimes Act: No. Walking into someone’s house and helping yourself to their possessions, even when they have left their front door open wide open, is Burglary.
If I invite you over for dinner is that an invitation to pocket something that belongs to me? According to the Crimes Act: No. Taking something that doesn’t belong to you, even if you have permission to be there, is Theft.
If I leave you as a guest in my living room while I go to the bathroom is that an invitation for you to plug a USB stick into my computer and copy documents that belong to me? According to the Crimes Act: No. Copying my documents without my permission is Data Theft.
These are all criminal offenses in New Zealand that carry penalties of imprisonment.
The intention of this post is to examine the similarities and differences between the hacking of Cameron Slater’s communications on the one hand, and the hacking of the Labour Party donor database on the other. There are two important issues to determine in both cases and I will cover them separately. The first is the legality of the hacking and the second is the ethics of using the resulting information regardless of whether the obtaining of the information in the first instance was unlawful.
In the case of John Key’s senior staffer Jason Ede and blogger Cameron Slater accessing the Labour Party donor database they are relying solely on a convincing legal defense. We have heard over the past couple of days John Key himself, his minister Stephen Joyce, and National Party blogger David Farrar all arguing that the hacking was morally justified on the sole basis that it was lawful. I haven’t heard any moral justification for their actions that goes beyond arguing the legalities. John Key himself has condoned and defended the hacking on this basis. It is my view that it is a mistake to confuse legal justification on the one hand with moral or ethical justification on the other. I’m sure we can all think of plenty of examples of quite lawful actions which are morally and ethically reprehensible.
In the case of Nicky Hager using stolen/hacked communications belonging to Cameron Slater he is relying solely on moral and ethical arguments to justify his position. Hager acknowledges that the material was obtained unlawfully (though not by his own hand). He claims however that the overwhelming public interest in the material is adequate justification. One only has to look at the many historical acts of civil disobedience and whistle blowing that have led to good outcomes to know that unlawfulness is not always immoral or unethical.
The only issue to be determined in the Labour Party donor database hacking is that of lawfulness. There has been no suggestion of public interest in the information obtained. The leaked communications between Cameron Slater, Jason Ede, and their other collaborators make their intentions quite clear: To create a political distraction and embarrassment for their political opponents. In the absence of any moral or ethical justification beyond a defense of lawfulness it is my view that if their legal justification does not stand up to scrutiny then the entire weight of their argument falls over. Further even if their actions are found to be lawful they do still have very serious questions to answer about their motivations.
The hacking of Cameron Slater’s communications was unlawful, pure and simple, and no one is arguing otherwise. Therefore the first issue to be determined is that of whether the public interest in the material really was substantial enough to ethically justify the breaking of the law. The second issue to be determined is whether once the deed was done the public interest was justification for a journalist, not involved in the unlawful act, publishing the material.
1. The lawfulness of hacking into the Labour Party donor database
In 2003 the New Zealand Parliament passed amendments to the Crimes Act adding in specific offenses to cover crimes involving computers. Here are some relevant sections that I believe apply in this case:
Section 249 Accessing computer system for dishonest purpose
(1) Every one is liable to imprisonment for a term not exceeding 7 years who, directly or indirectly, accesses any computer system and thereby, dishonestly or by deception, and without claim of right, –
(a) obtains any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
(b) causes loss to any other person
(2) Every one is liable to imprisonment for a term not exceeding 5 years who, directly or indirectly, accesses any computer system with intent, dishonestly or by deception, and without claim of right, –
(a) to obtain any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
(b) to cause loss to any other person
dishonestly, in relation to an act or omission, means done or omitted without a belief that there was express or implied consent to, or authority for, the act or omission from a person entitled to give such consent or authority
claim of right, in relation to any act, means a belief at the time of the act in a proprietary or possessory right in property in relation to which the offence is alleged to have been committed, although that belief may be based on ignorance or mistake of fact or of any matter of law other than the enactment against which the offence is alleged to have been committed
The definitions of “dishonestly” and “claim of right” in the Crimes Act make it pretty clear that express authorisation is required and the “door left open” defense doesn’t work any better for data theft than any other property theft. I can’t see how they could possibly argue any “claim of right” to even access, let alone download and copy, the Labour Party donor database. Their actions well fit within the definitions of the offenses of both 249(1)(a), 249(1)(b), 249(2)(a) and 249(2)(b).
249(1)(a) and 249(2)(a) both apply as they obtained property and potentially other material advantages, arguably with the intent required to meet the more severe penalty listed for 249(2)(a).
249(1)(b) and 249(2)(b) also both apply at least insofar as their intention was to cause loss, both material (deterring people from donating to Labour – explicitly stated as an intention in their correspondence) and non-material (loss of votes). Whether they actually caused material or non-material loss is possibly questionable but there is no doubt that was their intent.
Section 252 Accessing computer system without authorisation
(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system.
(2) To avoid doubt, subsection(1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access.
Labour’s political opponents were absolutely not authorised to access the donor database. The donor database is quite arguably a separate computer system from their public website even if they are both hosted on the same server. To argue otherwise would be to argue that my authorisation to access my own materials on a shared hosting server gives me authorisation to help myself to anyone else’s material residing on the same server. The public website had no links to the donor database that could result in them being confused for the same computer system. One was clearly intended to be public, and the other clearly intended to be private and confidential.
These reasonably new sections of the Crimes Act covering crimes involving computers have not up until this point been tested to any great extent in the New Zealand courts so there is unfortunately very little case law available to aid in interpreting any limits on the scope of the offenses. One can however make some educated guesses about how the courts would interpret this case. Where there is any ambiguity in the scope of legislation the courts usually attempt to determine the intention of Parliament in passing the legislation by reading back through the Hansard record and select committee reports.
Reading back through Hansard to figure out what Parliament was thinking when they passed the Crimes Amendment Bill (No 6) in 2003 it quickly becomes clear that there was a pretty explicit intention in creating the new criminal offenses: To remedy a situation in which our laws had become outdated. To create a new hoard of crimes involving computers to fill the gaps created by new technologies and as closely as possible align the legal position of theft of data with the theft of other property. David Parker (Labour) said in the debate:
It became apparent that even if we were eventually able to pin anything, with any degree of proof, on the people attempting to steal the information, there was no effective remedy available to the New Zealand authorities because of a lacuna in the legislation, which would mean that nothing was being stolen. This legislation remedies that by introducing provisions that say that trade secrets stored in electronic form can be property for the purposes of theft.
This case easily fits well within the definitions of the offenses under sections 249 and 252 as I have outlined. There is no argument to be made that the scope of the offenses in question should be limited as they quite clearly fit with the intentions of Parliament in creating them. “The door was open” is simply not a credible legal defense – express authorisation is required whether you are entering someone’s home or accessing their computer system.
2. The public interest in Cameron Slater’s communications
The moral and ethical justification for obtaining and publishing Cameron Slater’s stolen communications relies entirely on whether it was in the public interest. There are three factors to be considered here:
Public interest is a very abstract concept and difficult to define without reference to a particular context. The context in which we are assessing public interest in this case is about government and political transparency and participation in the democratic process. It would be hard to argue that protecting the fundamentals of our democratic process is not in the public interest; that premise produces a useful starting point. Does Nicky Hager’s book serve to protect the fundamentals of our democratic process?
Fundamental to our democratic process are elections where the public gets to vote on who will represent us in Government for the next three years. In order for elections to have any meaning there must be transparency around what each political party and candidate stands for. The democratic process is undermined if voters are tricked or misled by false representations by either parties or candidates. That puts any evidence of false representations firmly in the public interest. The entire thesis of Nicky Hager’s book is a political party and its leader who have intentionally tricked the public into believing they do not engage in dirty politics whilst collaborating with third parties to do their dirty politics for them with plausible deniability.
It is quite clear that Nicky Hager has been very thoughtful and careful in his assessment of the public interest. There is no doubt that in thousands of emails Hager will have also found loads of other damaging, scandalous, embarrassing personal information. He has not published anything which is not in the public interest. All of the stories in the book are about exposing matters of public interest that were intended to be kept secret by those acting outside of the public interest.
Were there other, more lawful, means available to find the information?
As I mentioned in my post yesterday, most people inside the “political beltway” have long suspected links between John Key’s office and blogs like Whale Oil. Despite many people wishing they could prove it for a very long time no one until now has managed to uncover the evidence. In regards to the corporate PR stories in the book many of those really had gone under the radar (the anti-breastfeeding stuff in my post yesterday a key example) and even those that were obvious (like the Ports of Auckland union-busting) remained out of reach of the general public. I cannot see other realistic and lawful means of obtaining the information that was published in Dirty Politics.
What is the harm and does it outweigh any public interest good?
The book is embarrassing to those exposed carrying out activities they kept secret in the knowledge that the public would not favour them if the truth were ever to come out. There is no harm here to innocent parties and any harm to those exposed is due to their own unethical behaviour.
Unfortunately in this day and age if the material obtained had been given to any mainstream media journalist I don’t doubt for a second that the headlines being run would have related to the personal scandals rather than any material of real public interest. That the hacker in this case chose to give the material to Nicky Hager, a journalist renowned for his integrity and interest only in the stories of real importance, says a lot about their motivation.
While Nicky Hager has been fully transparent about the unlawfulness of the means of obtaining Cameron Slater’s communications his selection of only that material clearly falling within the scope of public interest makes a good case for the moral and ethical justification of its use. On the other hand no moral or ethical justification has even been put forth for us to refute in defense of one political party hacking the donor database of another. No claims of public interest in the material have been made. The Prime Minister himself has defended it solely on the basis of a merit less “but the door was open” defense to theft.
On a final note I am disappointed that I have felt the need to write this post. To me there are obvious distinguishing factors between the Cameron Slater communications hacking and the Labour Party donor database hacking. That I have to lay them out step-by-step says a lot about our so-called Fourth Estate. Do they no longer teach ethics and public interest in media and journalism studies?
Powered by WPtouch Mobile Suite for WordPress