Thank you donors!

Written By: - Date published: 7:34 am, June 13th, 2011 - 126 comments
Categories: activism, blogs, Ethics, labour - Tags: ,

At 9am today Slater is probably going to publish a list of some of the donors to the Labour Party. I’ve got two quick comments.

First – a big thank you to every person on that list! I’m an active member of the Labour Party, and a regular donor. My name would be on that list too, except that it covers web based credit card transactions and I donate by electronic banking. (Don’t worry, no credit card details have been exposed or are in Slater’s possession.) As a donor I am proud to be in your company, you are all generous and compassionate people who are committed to a fair go for everyone in the country that we share.

To anyone who is upset at having their name made public, I for one certainly apologise on behalf of Labour. It’s a stuff up to leave anything accessible on the web, however obscurely. I suspect that most donors won’t mind – if you’re donating to a political party you’re probably pretty open and active about it (I certainly am in the real world). But if you are pissed off, please don’t blame some hapless web admin working for Labour, please blame the people who took this information and illegally made it public. The best way to get back at them is to donate again to Labour, that’s what I’m doing.

The second point I want to make is to consider the motives of the Nats (Slater’s handlers) in orchestrating this leak. A list of minor personal donors to a party is of no conceivable public interest. The Nats are trying to create a “climate of fear” by attacking their political opponents at an individual level, just as Paula Bennett illegally identified and gave details of individual beneficiaries. They think that publishing the names of donors to Labour will in some way intimidate or damage these people. I’d like to think that they’ve miscalculated there!

In a post last night Slater tries to compare himself to Wikileaks, and lists posts on The Standard that refer to it. In particular he links to a post of mine, which he says is “a good one”, so I’m very happy to repeat part of it here:

Like most other activities in the complicated real world, whistleblowing can be a grey area. Some thugs, like Paula Bennett with her attacks on individual beneficiaries, or Cameron Slater with his violation of name suppression, might think of themselves as whistleblowers, but they are not. To my mind the crucial distinctions are (1) whether information being released relates to an individual (probably wrong) or to an organisation like a company or the state (probably right), and (2) the level of genuine public interest in socially significant issues.

Slater is not a whistle blower revealing important information of public interest, he’s just a thug trying to intimidate people. Slater’s National Party handlers should be ashamed of themselves.

126 comments on “Thank you donors! ”

  1. Jim Nald 1

    Thanks to this publicity, I will be dropping by the nearest Labour electoral office during lunch to make a CASH donation 🙂

    • Portion Control 1.1

      I doubt parliamentary services staff are allowed to receive donations for the Labour Party at MPs office so if you do that you may be forcing them to break parliamentary services rules.

      • Blighty 1.1.1

        they can, of course, hold that money for the electorate campaign team.

        • Portion Control 1.1.1.1

          Ummm, no I don’t think they can. Can’t hold campaign meetings, can’t receive money on behalf of the Labour Party, can’t use the parliamentary office for any purpose other than parliamentary activity.

          • Colonial Viper 1.1.1.1.1

            Dude, a plain brown envelope is left, with no hint that a donation sits inside.

            Satisfied now dude?

            can’t use the parliamentary office for any purpose other than parliamentary activity.

            Did you tell the Wongs that?

    • Frank Macskasy 1.2

      Ditto.

      I must thank Slater for reminding me to pop in to Chris Hipkin’s office and donate a couple of hundred dollars.

  2. Peter 2

    There must be a crime of some sort here. I have never heard of people hacking private information and getting away from it.

    • Eddie 2.1

      there seem to be two relevant parts of the Crimes Act:

      249 Accessing computer system for dishonest purpose (http://www.legislation.govt.nz/act/public/1961/0043/latest/DLM330422.html#DLM330422)

      (1) Every one is liable to imprisonment for a term not exceeding 7 years who, directly or indirectly, accesses any computer system and thereby, dishonestly or by deception, and without claim of right,—

      (a) obtains any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
      (b) causes loss to any other person.

      (2) Every one is liable to imprisonment for a term not exceeding 5 years who, directly or indirectly, accesses any computer system with intent, dishonestly or by deception, and without claim of right,—

      (a) to obtain any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
      (b) to cause loss to any other person.
      (3) In this section, deception has the same meaning as in section 240(2).

      252 Accessing computer system without authorisation (http://www.legislation.govt.nz/act/public/1961/0043/latest/DLM330430.html#DLM330430)

      (1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.

      (2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access.

      (3) To avoid doubt, subsection (1) does not apply if access to a computer system is gained by a law enforcement agency—

      (a) under the execution of an interception warrant or search warrant; or

      (b) under the authority of any Act or rule of the common law.

      • Mactreb 2.1.1

        (1) Every one is liable to imprisonment for a term not exceeding 7 years who, directly or indirectly, accesses any computer system and thereby, dishonestly or by deception, and without claim of right,—

        Well done Eddie!…now let’s scroll on back up to s217:

        dishonestly, in relation to an act or omission, means done or omitted without a belief that there was express or implied consent to, or authority for, the act or omission from a person entitled to give such consent or authority (my emphasis)

        The fact that the information was available to all and sundry would suggest that there was an implied consent. In any respect, WO just needs to genuinely believe that such consent existed, it matters not whether that belief was reasonable.

        As for s 252, it’s a hacking offence, it requires defeating security measures…of which there were none.

        • Peter 2.1.1.1

          “implied consent”

          Ridiculous, has anyone handed money over to any website assuming the information will go public? It’s not as if a public list of donors was published.

          • Mactreb 2.1.1.1.1

            It’s not the consent of the donors that is at issue, it’s the consent of Labour. Think about it like this:

            You design me a sign, it says “Ban Asset Sales”. You do this because you think that I need some help changing my views, and you want to help. It also has some information about you, just incase I want to contact you and have a chat about state assets. Because of this, you don’t expect me to share it with anyone. But now it’s in my possession. I like it, I think “this looks pretty, and the ideas on it are pretty awesome, and one day I might need Peter’s details.” And so I stick it on my bedroom wall. Anyone can see it from the street, but only when my curtains are open. I have impliedly consented to those people who walk past my house being able to read that poster (and your details) whether I realise it or not.What you thought when you gave it to me isn’t material.

            The expectation that you have when you donate extends to Labour: you expect that they will hold your details securely, and prevent people being able to see it. They failed. Oops.

            • Puddleglum 2.1.1.1.1.1

              I agree Mactreb, that’s a very clever argument for a dishonest and unethical person to hide behind. You’ve convinced me.

        • mickysavage 2.1.1.2

          As for s 252, it’s a hacking offence, it requires defeating security measures…of which there were none.

          Firstly I am not sure about there being no security measures.  Do you have a source?
           
          Secondly I don’t think so.  Section 252 only requires a system to be accessed, not broken into.

          • Mactreb 2.1.1.2.1

            I have no direct source, no, but Flatt’s email says:

            Ear­lier this morn­ing we iso­lated a sys­tem vul­ner­a­bil­ity

            and

            In response to this intrusion:
            • we have secured the sys­tem to ensure that this can­not hap­pen again. [My emphasis]

            both of which would seem to imply that it was a lack of security measures that resulted in the information becoming available (rather than one of those untoward righties hacking in).

            In regard to your second point, don’t be stupid:

            …who intentionally accesses, directly or indirectly, any computer system without authorisation…

            Authorisation is the touchstone, it will necessarily require some ‘breaking in’ (the exception, it seems to me, would be if, say, someone left their desk unattended and you just ran over and copied things, but that still seems to be a ‘breaking in’ type of action).

            Moreover (and while we’re all here throwing legislation about), take a look at sub 2:

            (2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access.

            So it seems (and I stress that I am speculating here, so none of that “where’s your source?!” rubbish – it’s merely food for thought), if Labour had this information as part of their website, just hidden in a layer behind the front end, then the access would be fine (no matter how objectionable you may find such a thought). There is obviously authority to access the labour website/servers (read: computer system) – I mean, what more could the public possibly want than pages filled with lack of policy. Unclear where the distinction is drawn.

            In any respect, your energy would be better directed writing to Flatt asking why the fuck this was allowed to happen, rather than sitting here mulling on how WO has probably [not] broken the law.

          • burt 2.1.1.2.2

            mickysavage

            I know it may pain you to do so, but the whale has a video clip on his blog showing how easily he got public access to the information.

            see: http://whaleoil.gotcha.co.nz/index.php/2011/06/labour-leaks-how-i-did-it/

            • Vinsin 2.1.1.2.2.1

              Um Burt, the clip shows Slater tracking ip details, then magically browsing to the directories. As someone said in the comments it can be done by non-routable ip adresses. So you have a video of Slater saying anyone could do it, sure anyone could do it. If they tracked the ip addresses – tell me how often do you track an ip address? Used non-routable ip addresses – when was the last time you did that whilst having a browse on the web. Lastly the video doesn’t prove he didn’t hack in, or that the site wasn’t hacked it proves the information was available to him at that given time. All of this is completely irrelevant though as it doesn’t change the fact that the information cannot be called freely available, also please explain a legal reason why WO would need the information, how it can be considered fair for him to hold that information and how it doesn’t intrude on the individuals privacy, when he attempted to get the information directly from the individuals. 

              To simplify it for you, Imagine I went across the road to buy some milk and left my bedroom window open, then some thief jumped in and stole my property and invaded my privacy. Whilst I should’ve been more vigilant in closing my window, the thief has no right to invade and steal my stuff. By the looks of your moral compass you’d have no problem stealing.

              • Roflcopter

                “To simplify it for you, Imagine I went across the road to buy some milk and left my bedroom window open, then some thief jumped in and stole my property and invaded my privacy. Whilst I should’ve been more vigilant in closing my window, the thief has no right to invade and steal my stuff. By the looks of your moral compass you’d have no problem stealing.”

                But the bottle of milk is still there.

                • Vinsin

                  Yes because the bottle of milk is still there I’m better off? I didn’t need all my stuff did I? In fact it’s more profitable for me to robbed.

              • LOLWUT

                Nonsense Vinsin, browsing a publicly accessible, google-indexed website cannot possibly be analogised to breaking and entering someone’s house. It’s more like you put up a noticeboard on the outside of your fence, and tacked up a bunch of pieces of paper. Someone reads them, and it later turns out you accidentally picked up the wrong piece of paper and tacked it up without looking, and somehow that’s a crime that the person read it? I don’t think so.
                Read my lips – you can GOOGLE the hame of the website healthyhomeshealthykiwis and the very first hit takes you directly to that directory that Cam starts at in his vid ( labour now redirects those links to their main page). No hacking, just browsing publicly accessible information.

                • RedLogix

                  No it’s exactly analogous to you accidentally leaving the front door to your home open and I enter uninvited, snoop about, sniff your partner’s panties and photocopy your business accounts that you were working on that morning. If I did that to you, you’d be very unhappy with me.

                  Entering a home uninvited is one thing. In fact if I cause no damage or harm it’s not a crime. Yes your privacy has been invaded and it’s a scummy unpleasant thing for me to do, but then we don’t expect any better from Slater either.

                  But then using that unintended access to copy personal information that a ten-year old would know is meant to be confidential, and re-publishing it with great public fanfare is another thing again. If Slater were to publish a list of private, individual Natioanal Pary donors his handlers would be furious with him. He’d never get a bean from them ever again.

                  Yet you are here happily condoning and defending Slater this because the target was Labour. Just don’t try and play principled.

                  • LOLWUT

                    Are you really that dense Red? If you put something on a publicly accessible, google-indexed server, it is not private. It is nothing at all like sneaking in an open door. By putting it ON THE INTERNET there you have invited the public to browse it. You haven’t left the door open, you’ve put stuff in an open house that doesn’t have any doors and anyone is welcome to walk through it any time. If you have a drawer of underwear you don’t want sniffed, it’s your responsibility to not put it in a room with a door and a “private” sign. You cannot make your house an open home with no doors and then expect visitors to psychically guess if there are parts you don’t want them to look at.

                    • LOLWUT

                      typo which I can’t edit, obviously meant to say “it’s your responsibility to put it in a room…”

                    • RedLogix

                      Just because something has been made accidentally accessible to the public …does not mean it is public.

                      It was NOT INTENTIONALLY put on the internet. No-one was invited to browse it. Only a person with no ethical compass at all would imagine that a list of individual, private donors to a political party was meant to be public information.

                      But you avoid the obvious. I take it you would have no problem with me obtaining and threatening to publish the names of a whole lot of donors to the National Party? People who had donated assuming their names would remain confidential.

                      (That question has a simple yes or no answer in case you hadn’t noticed.)

                    • LOLWUT

                      Making it indexable by google is an invitation to browse it. How could the web possibly work if it wasn’t? Do you seriously think every time someone googles a website, they can or should be in any kind of position to second-guess the webmaster about whether that information should be public? Can you imagine trying to draft a law along those lines? How the hell does anyone else know what information you intend to publish and what you put on the net by mistake?

                      All kinds of surprising information is public these days. Ever heard of wikileaks? How can it possibly be the web surfer’s responsibility to judge the webmaster’s level of candour and/or stupidity? If you publish it, it’s public. End of story. You cannot expect the reader to do your quality control for you.

                      “I take it you would have no problem with me obtaining and threatening to publish the names of a whole lot of donors to the National Party? People who had donated assuming their names would remain confidential.”

                      I encourage you to feel free to do what you like to any information that any party places on a google-indexed publicly accessible web server. If it’s on such a server, it’s already published.

                    • Draco T Bastard

                      Do you seriously think every time someone googles a website, they can or should be in any kind of position to second-guess the webmaster about whether that information should be public? Can you imagine trying to draft a law along those lines?

                      Yes and it’s already like that in our law so obviously not too hard to draft. Under normal circumstances it is not reasonable to assume that you’re authorised to access private information even if it is publicly available. The reasonable assumption there would be to assume that someone had made a mistake.

                    • Colonial Viper

                      The reasonable assumption there would be to assume that someone had made a mistake.

                      Not just a reasonable assumption even.

                      Any National Party staffer or operative like Whaleoil would have looked at lists of donors and members, tables of personal contact details, transaction information, meetings minutes, etc. and known straight away that that material should not have been publicly available.

                      Making it indexable by google is an invitation to browse it.

                      Apparently this is going to be National’s legal defence.

                      Look forwards to seeing how that pans out.

                    • RedLogix

                      I encourage you to feel free to do what you like to any information that any party places on a google-indexed publicly accessible web server. If it’s on such a server, it’s already published.

                      As expected LOLWUT evaded the question with a total non-answer. Just to be clear there were only two possible answers to the question.

                      In order to be consistent with his argument LOLWUT had to answer ‘yes’.

                      But in reality he wouldn’t dream of compromising National Party information in such a way. Nor would Slater for that matter. So the real answer is ‘no’.

                      Unable to reconcile the blatant contradiction he diverts and prevaricates. Scumbag.

      • lprent 2.1.2

        The 249 (1) (a) sounds interesting. Whale has advertising.
        (b) sounds interesting with respect of the National party. All that Labour probably has to do is to show that they lost at least one donor.

        • Lanthanide 2.1.2.1

          “All that Labour probably has to do is to show that they lost at least one donor.”
           
          Well I’m glad that I hadn’t gotten around to donating to them yet. And am considering whether I will donate in a couple of months like I had planned – I probably will, though.

          • Bazar 2.1.2.1.1

            As i’ve covered in a previous thread

            This isn’t hacking, and and it isn’t a crime, and it shouldn’t be a crime.

            The server was designed to be accessed by the public, it had a list of files that could be accessed by the public
            And indeed the public, in this case whaleoil, found one of those files and downloaded it.

            Its as simple as that. There is no hacking, there was no theif
            Anyone who can’t understand that fundamental concept, is in denial.

            The only legal protection i know of that labour.org.nz have, is copyright on their data.
            But copyright only affects creative works of art, and a raw database doesn’t fall into that line
            And finally, theres nothing stopping fairuse of that data, like explaining how they only collected $11k in funds

            There is however the legal aspect on labour, who published publicly what may have been confidential information. Alas i’m not familiar with NZ’s privacy laws, so i can’t really remark, but i’d say labour’s incompetence has opened them to legal recourse.aa

            • McFlock 2.1.2.1.1.1

              copyright doesn’t just affect creative works of art, but that point is irrelevant. Let’s go worst case – somebody at labour accidentally flipped a switch to “public view” on their credit records. This doesn’t permit the theft and distribution of the information, any more than a coding error in a cash machine means you get to keep the money it spews out, or any more than leaving your front door unlocked means anyone is entitled to all your possessions that they can fit into  a bag labelled “swag”.
               
              The Hollow Men emails were quite possibly distributed to Hager by someone with authorised access. Whatever tripe the nactoids downloaded is stolen, whether they had to go to too much effort or not. Difference: one might not be a crime, the other definitely is.

              • Bazar

                “This doesn’t permit the theft and distribution of the information, any more than a coding error in a cash machine means you get to keep the money it spews out, or any more than leaving your front door unlocked means anyone is entitled to all your possessions that they can fit into a bag labelled “swag”.”

                Theft?, i’ve covered this before.
                Its not theift if its given out freely. And nothing was stolen, they still have the data. It was simply copied.

                So nothing was stolen, and what was copied, was copied legally. The data was placed on the server by authorized staff, the server being designed and configured to copy the data to any member of the public.

                That it was a mistake from labour, does not negate the fact that what whaleoil has, is his own private copy of the data.

                But to break down your analogies
                “This doesn’t permit the theft and distribution of the information, any more than a coding error in a cash machine means you get to keep the money it spews out”

                Phyiscal properity is different to a digial copy.
                But in the case of a atm spewing out incorrect amounts, your taking properity that doesn’t belong to you. The additional cash was never allocated to you, and it still remains properity of the bank, so by pocketing it, your stealing from the bank.

                Taking a copy of the data, labour never lost a thing. They had and always had the files. Nothing was stolen.
                If nothing was stolen, how can it be called theift.
                You can’t say it was unauthorized access, because it was accessable to anyone.

                “or any more than leaving your front door unlocked means anyone is entitled to all your possessions that they can fit into a bag labelled “swag”’

                Again, its a case of phyiscal theft vs a digital copy.
                If your home had a billbord that said “Welcome to the Public”, that the public used for chatting around, then Whaleoil came along and opened an unlocked door, and then took PHOTOS. That’d be a closer analogy
                As he didn’t tresspass, and he didn’t steal anything.
                He simply took a copy.

                Thus we have no theif. Thats a fact btw. No one in power is contesting that, not even labour. To call it theift, suggests that you can be guilty of stealing just for following a web link.

                As for redistribution, i’ve also covered that. Whaleoil doesn’t have a right to just redistribute what he downloads.
                But that doesn’t mean he can’t make posts about what he found, and what he thinks about it.

                Theres also fairuse doctrine to take into consideration. So he could even use small parts of it to prove his point, like with catus kate.

                As as i mentioned, but i don’t think you grasped it, I said copyright probably doesn’t apply to just a LOG FILE.

                Copyright in original works

                (1) Copyright is a property right that exists, in accordance with this Act, in original works of the following descriptions:
                (a) literary, dramatic, musical, or artistic works:
                (b) sound recordings:
                (c) films:
                (d) communication works:
                (e) typographical arrangements of published editions.
                (2) A work is not original if—
                (a) it is, or to the extent that it is, a copy of another work; or
                (b) it infringes the copyright in, or to the extent that it infringes the copyright in, another work.

                So unless what he copied falls under communication works, there is no copyright protection, and whaleoil is free to redistribute as he sees fit. At least without consequences from the copyright act.

                • felix

                  It’s nothing to do with copyright. Sheesh it seems like there’s a whole generation who thinks every legal concept stems from the Pirate Bay case.

                  • Bazar

                    [trashed]

                    [lprent: This comment got trashed by bazar, but caused a rare overlap with people having replied to it. I’ve popped the comment back into place sans the content]

                    • Pascal's bookie

                      Are your various statements about how WO found this stuff, and why he’s now chicken, based on anything more than what he has published, or do you have insider knowledge?

                      I only ask ‘coz you frame everything as factual statements, where if you are just taking Slater at his word, then that’s not actually worth much.

                    • Bazar

                      Yeah, i deleted that remark, because its pretty stupid to remark that it got delayed because of copyright and the privacy act.

                      A worthless statement.

                      As for where i got that remark, it was on whaleoil’s blog, that he was waiting on his lawyer. Take it for what you will

                    • lprent []

                      There are many flaws in the thread system. Looks like you found one that I didn’t know. I really need to find some time to fix several things with it.

            • mickysavage 2.1.2.1.1.2

              Don’t think so Bazar.  All that is needed is for the data to be accessed without authority.  Clearly Whaleoil thinks that he did not have authority.  Why else would he be crowing about it?
               
              And theft is not being argued here only access.  It is an entirely different offence.

              • Bazar

                Theft is being aruged here, just read the comments
                Too many posters don’t understand the differeance between theft and copyright infringement.

                Since its something a know a little about, i thought i’d enlighten the masses.

                As for what’s got him so excited and crowing over his discovery, its because hes found labour acting illegaly and probably lieing, and that labour probably doesn’t what what he found known publicly.

                As for crowing about how he’s commmited unauthorized access, i don’t think even whaleoil is that stupid, so its obvious hes going on about something else woudln’t you think?

                • Draco T Bastard

                  It’s not theft but the unauthorised access and distribution of private information. The police should be investigating all those involved to the fullest extent of the law.

            • Puddleglum 2.1.2.1.1.3

              That’s an appalling legalistic defence for a lack of integrity. Please keep running what in my opinion is a thoroughly dishonourable line, so that it is clear where you’re coming from.

        • Mactreb 2.1.2.2

          It’s a bit more harsh than that. The loss has to have been directly caused by the deception/dishonesty.

          “I am not going to donate any more for the reason that Cam Slater knows that at some point in the past I donated” would be caught, while “I am not going to donate any more because Labour was so shit at securing my information that someone was able to get access to it with minimal effort” would not be.

          • mickysavage 2.1.2.2.1

            Section 252 does not require proof of loss.  That is why I think this section is more likely to apply.  Agreed that section 249 has more hoops to work through.

            • Mactreb 2.1.2.2.1.1

              See above, but to recap for your benefit:

              s 252 requires unauthorised access, and as Bazar said:

              The server was designed to be accessed by the public, it had a list of files that could be accessed by the public And indeed the public, in this case whaleoil, found one of those files and downloaded it.

              • So every server in the world that hosts web pages can have its entire contents accessed with impunity, even parts that are not intended to be part of the website?  Are you kidding?
                 
                 

                • Mactreb

                  **palmface**

                  Example 1
                  Server X runs Amazon.com’s website. It also hosts Amazon.com’s credit card processing. Amazon has been sensible and secured the credit card processing. Access is clearly not authorised to those who do not have the requires security credentials (e.g. password / secured/dedicated connection).

                  Access by WO here would fall foul of s 252, why? Because he was not authorised.

                  Example 2
                  Server X runs Labour’s website. It also hosts Labours credit card processing. Labour has not been sensible. They didn’t bother to secure the information they held, and so the credit card information is accessible. Access to the website generally is authorised, and this authorisation allows access to other data, like credit card processing logs.

                  Access by WO here would not fall foul of s 252, why? Because he was authorised to access the Labour website, and part of that access meant he could get to the credit card logs, without doing anything that was unauthorised.

                  See the distinction?

                • Because he was authorised to access the Labour website
                   
                  Precisely.  But this does not allow him to access any file that is on the server.  Are you saying that every subdirectory off the website’s root is open for grabs?
                   
                  Besides you cannot use a browser to access the files that were there.  You need to download them.
                   
                  The authority to access the website must be to access the files via a browser which are designed to be accessed from the website.

                  • Mactreb

                    That is exactly what I am saying.

                    I you don’t want it accessed, then (1) don’t put it there, or (2) put in some level of security so that you can’t access it.

                    Whether or not they must be donwloaded isn’t really material: is my downloading of a zip file unauthorised, merely because I can’t open it in a browser illegal? I think not.

                    Also, failing that you’re still missing the effect of subsection two, which essentially says “if you had authorised access for reason 1, but then you use that access for reason 2, then that’s fine.”

                    • Whether or not they must be donwloaded isn’t really material: is my downloading of a zip file unauthorised, merely because I can’t open it in a browser illegal? I think not.
                       
                      Agreed.  But there will be a link on a page somewhere to the zip file so it is clear that access to it was intended.
                       
                      Also, failing that you’re still missing the effect of subsection two, which essentially says “if you had authorised access for reason 1, but then you use that access for reason 2, then that’s fine.
                       
                      Under your interpretation the Amazon credit card data would be able to be grabbed legally.  I am drawing a distinction between the computer and the “system”.
                       
                      I don’t disagree with you that the issue is much more complex than at first blush.  I think for instance that a breach of section 249 would be very difficult to prove and I have not argued that Slater is in breach of this provision.
                       
                      But if section 252 does not apply then the law needs to be reviewed.
                       
                       
                       
                       
                       
                       

                    • Did you ever see the film Town Without Pity? You should.

                      There’s a scene in it where the defence lawyer is trying to paint the woman who was raped as a ‘loose woman’. He called a witness who testified that she (he?) had seen the woman wandering around naked in her house. 

                      It turned out that in order to ‘see’ the woman behaving so lewdly, she had to climb up on furniture, get on her tiptoes, stretch her neck and glimpse a small part of the offending woman’s window.

                      You’re description of Whaleoil’s actions are analagous to those of the ‘morally concerned’ neighbour of the woman.

  3. higherstandard 3

    I will never donate to any political party.

  4. Lez Howard 4

    Scum nats at work again. They must be getting worried. I dont think they will have the election campaign all ther own way

  5. Mike Readman 5

    There’s nothing illegal going on. Eddie, are you having a mental breakdown yet?

    • Draco T Bastard 5.1

      Wrong, massive breach of privacy which, by the by, happens to be illegal.

      • LOLWUT 5.1.1

        Yes, it was a massive breach of privacy for Labour to put those details on the Internet. Well done for recognising this fact.

  6. Mike Readman 6

    Can’t wait for 2pm today! How about you guys?

  7. vto 7

    For fucks sake, squabble and scrap and pull each others hair out why don’t you…

    Nonetheless the right do certainly seem to be full of glee. And angry hatred.

    Frothing at the mouth like rabid dogs. A vote for National is a vote for rabid dogs. Dirty dogs slashing around like they live at some gang house. Talk about ugly.

  8. John D 8

    Well, he hasn’t released any data yet (apart from Cactus Kate’s $10 donation)
    Now he is saying “wait until 2pm”

    Playing games, perhaps?
    Or maybe he is taking legal advice.

    • lprent 8.1

      I would say so. I suspect that if he releases the donor names off the database without their permission, then legally he becomes criminal toast.

      • John D 8.1.1

        I’d hazard a guess that he won’t actually release the full list, just a few consenting names (such as Kate’s), but he’ll spin this for as long as he can.

        Can’t say I find the spectacle very edifying at all, really.

  9. BR 9

    “There must be a crime of some sort here. I have never heard of people hacking private information and getting away from it.”

    You’ve never heard of the hollow men?

    Bill.

    • Lanthanide 9.1

      Nicky Hager didn’t hack anything. So he claims, and so the police investigation ultimately didn’t find any evidence to refute him.

    • Anne 9.2

      You’re an ignorant jerk BR.
      The police found no evidence of hacking in the Brash email affair because there was no hacking. Got that into your head now dumbo? It was an inside job that went to the top of the National Party tree. I think Bill and Mary English heard a thing or two about it.

      • Portion Control 9.2.1

        Okay so we have one side, your side, saying the Hollow Men stuff wasn’t obtained illegally. We have Slater saying he didn’t obtain his data illegally. You believe your side but you don’t believe Slater’s side, but the truth is he’s running the same argument that Hager did, that it wasn’t obtained illegally and it’s only because of the tribe you’re in, not the evidence itself, that you hold your view.

        Slater says he didn’t obtain it illegally. Slater can put up the defence that the information was publicly available, if he accessed it from a non secure part of Labour’s website. That would be an interesting legal argument, as to whether a piece of data that is hidden but not secured is publicly available. I would think “hacking” or illegally obtaining the information would involve unlawful access and/or alteration of the data. There is no evidence of either of those.

        As for Slater breaching privacy principles that is a much taller order. He’s not an “agency” under the Privacy Act. He can also claim he didn’t make the information available: Labour did. And Labour isn’t the victim as far as the Privacy Act is concerned. The victims are the donors who are going to be named. Their claim will not be against Slater, but against Labour for failing to secure their data, which they have already admitted to in their correspondence with Slater and with Labour Party members.

        As for National being the source of the “leak”, that is just partisan nonsense based on no evidence. “A Labour Party insider told me…” is not evidence. It is spin and distraction.

        • felix 9.2.1.1

          Actually that’s not true at all.

          On one side we have a lengthy police investigation which found that Hager didn’t obtain his documents illegally.

          On the other side we have Cameron Slater, a man who has often boasted that lying is ok because there is no objective truth, only different perceptions.

          You’re either a fool or a cretin to draw an equivalence.

          • Portion Control 9.2.1.1.1

            Then go lay a police complaint felix if you’re so worried your email address will be released.

            • felix 9.2.1.1.1.1

              Why bring my email address into this?

              You made a false equivalence, I pointed it out.

              Care to argue with what I wrote?

              • Portion Control

                The police didn’t conclude that the information wasn’t obtained illegally. They found no evidence of unauthorised intrusion or hacking of the Leader’s office computer. That is not the same thing. For example, if somebody goes onto my laptop, copies my outlook pst file onto a data stick and runs off with it, would you say they haven’t stolen my data? Of course they have. Would the Police have evidence this had happened? No. So don’t reinvent history otherwise people will point out your dishonesty.

                Slater has now put up a blog post showing how he did it. Seems to me Labour left its crucial and sensitive data open to all and sundry. No hacking. Just posted all of it onto one of their subsidiary websites for anybody to see. Slater isn’t a sherlock holmes. He just found it.

                There’s no theft by Slater here. There is a breach of privacy though, and it’s from the Labour Party for exposing so much personal information to the world.

                • felix

                  You do realise that your stance on one completely contradicts your stance on the other, don’t you?

                  • LOLWUT

                    Of course one doesn’t contradict the other. Putting a data stick into someone’s laptop without permission is breaking and entering. Putting information on a web server that serves information over the internet is publishing. It’s not the viewer’s problem if Labour unwisely chose what to publish, and it’s not their responsibility to judge whether Labour was unwise in publishing certain information and avoid looking at it. You really think that would be a workable way for the internet to operate? If I’m browsing a website do you think I should be constantly second-guessing, item by item, whether it was a good idea for the web admin to publish that particular item? Can you seriously imagine a law operating on that principle?

                    • Colonial Viper

                      LOLWUT has mistaken misfiling confidential information in an insecure way as being the same as intentionally publishing it as public domain.

                    • LOLWUT

                      Nonsense, Viper. As I said above, do you seriously think that the internet could/should operate on the principle that if you publish information on a webserver, the viewer is responsible for guessing if it was a good idea to publish that information? How is a viewer supposed to guess if you published some information intentionally and some not? Maybe you didn’t mean to write your last comment, Viper, maybe you were just doing a draft but hit submit by accident. Maybe you had something on the clipboard from writing an private message and pasted it into the thread without thinking. Would I be hacking you by reading it? How would I know? By what standards should I attempt to guess that you intended to publicly post what you publicly posted?

                      The directory view that whale starts from ( as demonstrated in his video) is the one that comes up first if you google the name of the website. By what psychic powers is a web surfer supposed to know that Labour put some information in a google-indexed web directory that it didn’t mean to? Can you really not see the problems of that as a legal concept?

        • Craig Glen Eden 9.2.1.2

          are you stupid portion or what, this hack has been traced to National its nothing like the Brash situation and if anything shows that releasing confidential info from a computer is the norm/culture in the National Party.

          hollow men at it again, shit they must be worried.

  10. Kerry 10

    Who cares….tyical tory beatup….i have no problem people knowing i donate…in fact its a badge of honor…as it proves those who donate to labour have some smarts…unlike the things that donate to the tories!

    • Lanthanide 10.1

      Might be fine for you. But others who work in companies that are right-leaning, whether overt or not, may not feel comfortable with their colleagues/superiors knowing that they donated to the Labour party. That is entirely the point of releasing the names – it scares people away from donating.

      • Colonial Viper 10.1.1

        Yeah this isn’t a good situation. The Righties know what they are doing when they set this shit up.

  11. BR 11

    “You’re an ignorant jerk BR.”

    Charmed, I’m sure.

    “The police found no evidence of hacking in the Brash email affair because there was no hacking. Got that into your head now dumbo?”

    Now now Anne, temper temper. What did I say??

    “It was an inside job that went to the top of the National Party tree.”

    How do you know that, and how do you know that the information that Whaleoil has obtained did not involve the deliberate co-operation of a Labour party insider?

    “I think Bill and Mary English heard a thing or two about it.”

    Really? What did they hear?

    Bill.

  12. Irascible 12

    This exercise by the Key led National Party hackers now explains why the local electorate website in the electorate I was working in in 2008 was being hit so heavily with “enquiries” during the weeks leading up to and including the day of the election…. someone was fishing for information by attempting to hack into the website.
    In that Slater and one of his mates attempted to styme the local LEC’s hireage of a school facility for its monthly meetings with letters to the School Committee questioning their right to rent a room to the LEC I can now understand the ethics of the Key led National Party hacks even more clearly.

  13. BLiP 13

    Whale Oil down? Oh – what a shame.

    EDIT: Never mind,

  14. Anne 14

    Has someone pulled the plug on his site? If so, who? Anyone got any ideas?

    • The Voice of Reason 14.1

      I got on the site a few minutes ago and there is a post saying he’s holding off releasing the names till tomorrow because he’s shitting himself. Whoops, sorry, read that wrong … because he’s seeking legal clarification … before shitting himself.

      • felix 14.1.1

        He must have edited the post. I was there just now and it said he was still shitting himself AND crying like a child.

  15. felix 15

    Be fun to see Cameron in the dock again. Sentencing judges are notoriously fond of people like him who try to publicly ridicule the justice system.

  16. Peter 16

    Something tells me that with the relative financial weakness of Labour compared to National this is a David v’s Goliath contest. Why National would bother with all of this is totally beyond me.

    How can they win in the eyes of the voter?

    • felix 16.1

      They win if it pushes the story about National slipping in the polls down the page.

      They win if it pushes the story about Key borrowing 100 million a week to gamble with down the page.

      But mostly they win if it distracts people long enough that they don’t connect the dots between

      a) “We’re borrowing 100 million a week more than we need ‘cos I’m a super duper money trader”

      and

      b) “Gee we’re borrowing so much we really need to sell these energy companies”

      • Vinsin 16.1.1

        It’s a short sighted win though Felix, being associated with Cameron Slater especially when it’s looking very clear he’s broken The Privacy Act might delay the media but ultimately it will tarnish National’s image and force Labour back on message. Law’s are very hard to massage, delaying the connection between the current state of the economy may be easier but all National does by being involved with Slater is open themselves up to ridicule and cause the swing voter to trust them less – it’s a law that’s been willingly broken by Slater and by proxy National. That’s does not look good for voters when they’re wondering if they can trust a government with the country and they remember the government deliberately broke laws. It will be interesting to see how they intend to wiggle out of this.

        • felix 16.1.1.1

          All true, but really only for people like us who take an interest in the game. Most people don’t know and couldn’t give a fuck who Slater is or what his connection to the Nats says about them.

          BUT if he can get some bullshit about Labour’s IT problems (which most people don’t give a fuck about either) on the news instead of John Key getting caught in a massive lie then it’s a win – or a least a loss avoided.

          As you note elsewhere though, the earthquake kinda renders it a moot point.

  17. felix 17

    Bullshit. Lists of names and email addresses aren’t subject to copyright.

    If that’s the legal advice he’s waiting on, he has a moron for a lawyer.

    • Peter 17.1

      You would have thought how you get the lists might …..

      • felix 17.1.1

        I’m confused now Peter, my comment (and Pb’s I think) was meant to be a reply to a comment from bazaar way upthread which seems to have disappeared.

        Now I don’t know who’s replying to who, it’s like a hall of mirrors.

        • lprent 17.1.1.1

          A moderator has deleted a message that is in the middle of a thread. Pb’s one at the bottom is linked to something odd.

          Bad moderator – you wipe the contents and leave in place.

          I will see if I can locate it from the trash

          • Pascal's bookie 17.1.1.1.1

            I’m usually linked to something odd.

            • lprent 17.1.1.1.1.1

              *grin* Turned out that Bazar found another hole in the thread system when allowed to trash comments disrupting comments written in reply. It is meant to disable the trash when a reply has been made.

              Now I have to write a plugin to correct for it *sigh*

        • Peter 17.1.1.2

          Apologies I meant to say how he got the messages might be illegal even if lists of names don’t breach copyright as is being suggested.

          • felix 17.1.1.2.1

            Yes indeedy, I’d reckon the privacy act would be the best remedy as posted by others.

  18. Draco T Bastard 18

    Part 2 Information privacy principles

    Personal information shall not be collected by any agency unless—
    (a) the information is collected for a lawful purpose connected with a function or activity of the agency; and
    (b) the collection of the information is necessary for that purpose.

    Can’t think of any legal reason why WhaleOil would need to collect the personal information of Labours donors.

    (1) Where an agency collects personal information, the agency shall collect the information directly from the individual concerned.

    Yep, I’d say that Whale has violated that principal.

    (2) It is not necessary for an agency to comply with subclause (1) if the agency believes, on reasonable grounds,—
    (a) that the information is publicly available information;

    It’s private information and, as such, it’s reasonable to assume that it’s not supposed to be publicly available and that, if the public has access to it, a mistake has been made. Under these circumstances the reasonable action would be to notify the people holding the information that a mistake has been made. In fact, I’d say Whaleoil has breached most, if not all, of that principal.

    Principle 4
    Manner of collection of personal information
    Personal information shall not be collected by an agency—
    (a) by unlawful means; or
    (b) by means that, in the circumstances of the case,—
    (i) are unfair; or
    (ii) intrude to an unreasonable extent upon the personal affairs of the individual concerned.

    Yep, I’d say that Whaleoil breached that one as well – especially (b).

    Principle 5
    Storage and security of personal information
    An agency that holds personal information shall ensure—
    (a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against—
    (i) loss; and
    (ii) access, use, modification, or disclosure, except with the authority of the agency that holds the information; and
    (iii) other misuse; and
    (b) that if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of the information.

    Labour have broken that one big time.

    —————————-

    Basically, the laws have been broken big time on this and the police should be investigating without complaints being laid. That said, every single person who has registered with Labour should be calling the police and laying a complaint to ensure that an investigation is happening.

    • Portion Control 18.1

      Slater is not an “Agency” under the Privacy Act. The Act doesn’t apply to him. Labour is an Agency, and they have broken the law.

      • The Voice of Reason 18.1.1

        Hope you’re not the C Slug’s lawyer, pc, because you are wrongitty wrong wrong.
         

        agency—

        (a) means any person or body of persons, whether corporate or unincorporate, and whether in the public sector or the private sector; and, for the avoidance of doubt, includes a department; but

        (b) does not include—

        (i) the Sovereign; or

        (ii) the Governor-General or the Administrator of the Government; or

        (iii) the House of Representatives; or

        (iv) a member of Parliament in his or her official capacity; or

        (v) the Parliamentary Service Commission; or

        (vi) the Parliamentary Service, except in relation to personal information about any employee or former employee of that agency in his or her capacity as such an employee; or

        (vii) in relation to its judicial functions, a court; or

        (viii) in relation to its judicial functions, a tribunal; or

        (ix) an Ombudsman; or

        (x) a Royal Commission; or

        (xi) a commission of inquiry appointed by an Order in Council made under the Commissions of Inquiry Act 1908; or

        (xii) a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, pursuant to, and not by, any provision of an Act, to inquire into a specified matter; or

        (xiii) in relation to its news activities, any news medium

        • Portion Control 18.1.1.1

          Whale would successfully argue that his blog is a news medium. See (xiii)

          • lprent 18.1.1.1.1

            Only if you take the broadest possible interpretation which I suspect that our courts would not do.

            I wouldn’t regard this site as being news media, and we don’t have nearly as much of the rich fantasy life that whaleoil has exposed over the years.. If it came to court, I would be happy to detail some of the lies and fabrications that he made about me over the years. I am sure that there are many many others who would as well.

            It is ludicrous to regard him as a news medium…

            • Portion Control 18.1.1.1.1.1

              Go to the principle as to why news media are excluded from the Privacy Act, which is what a Court would do. That there is a public interest in a free press being able to expose information. Therefore information collected and distributed by a news medium goes to the heart of a free press. The same tenet goes for bloggers. If it ever went to Court then Whale’s counsel would point to the Electroal act exemption to news media and internet blogging sites.

              You might dislike Whale’s opinions and he might get his facts wrong at times, but go and lay a complaint with the Privacy Commissioner if you like. It would be an interesting test case but I strongly suspect he would win.

              • lprent

                There is no such provision for bloggers. As far as I am aware the only legislation that mentions bloggers was in the electoral finance act and it’s successors. That was a specific exemption because blogs were not classed as news media. You should think things through about why something has to be specifically enumerated.

                I probably cannot lay a complaint with the privacy commission because the only thing I am likely to be on in that pile of information is a name, email address, physical address, and membership of the party. All of those are public already. about the only information is in there that isn’t public will be that I am late paying my membership. It was in my desk to be paid when I went into hospital earlier this year, and I can’t remember ever paying it.

      • lprent 18.1.2

        Ah no. I’m sure someone will enlighten you about what words like ‘Agency’ mean in the terms of the Act. It will be somewhere at the top of the legislation.

        • Mactreb 18.1.2.1

          I must admit that I think the people here at the standard are wrong 90% of the time, but on this occasion, lprent, they are right (at least about WO being an agency). What TVOR has said is from the top of the legislation (s 2, if you care – this is the interpretation section and is usually found in s 2 of any modern statute 🙂 ).

          The Privacy Act applies to everyone unless they are excluded by the definition of agency. WO is included unless he can find an exemption under (b)(i)-(xiii) (I suspect he would under xiii).

          lprent, you have been ‘enlightened’.

          • lprent 18.1.2.1.1

            Thank you. Reading legislation is like reading a program. First you define your classes and instances…..

      • burt 18.1.3

        Labour is an Agency, and they have broken the law.

        That’s simply not possible… the law was confusing and others were doing it too and the ref made a bad call after the rules were changed….

        Oops sorry, I was in Labour apologist mode for a moment there…..

    • Vinsin 18.2

      So Draco technically, Labour can use “that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against—” and say they took “reasonable” precautions in the circumstances but failed due to negligence or incompetence. I completely agree WO is royally fucked on all accounts, i do wonder if Labour being the victim of a hack (not hack) would be able to site that clause. Anyone have a clue? I mean it’s hard to say exactly how the files were collected so…

      • Draco T Bastard 18.2.1

        Actually, I think Labours only defence is to admit that they fucked up, apologize and do their best to ensure that it doesn’t happen again.

        • Sean 18.2.1.1

          That’s what they are doing Draco, I got an email to that effect today with further information about who to contact if I want to discuss it in further detail.

          I called to offer support and say I don’t care if Cameron Slater tells the World I support Labour, I tell that to anyone who asks anyway, while wearing my Micky Savage t-shirt*.

          *Not the Micky Savage that posts here obviously. No offense Micky, maybe if you put a t-shirt out to..

  19. Sean 19

    18,000 donate to the Labour party, and Slater thinks its a crime. What a clown.

    I’ll be posting another cheque to Labour tomorrow morning.

    I have to point out, you can’t count the number of key donors to the Labour party on one hand. Not like ACT or National.

    • LOLWUT 19.1

      Not since you pissed Owen Glenn off eh?

      • Sookie 19.1.1

        Have you nasty little sewer rats got bored with each other and decided to troll today, crowing over your complete non event of a scandal cooked up by that fat nasty sleaze you call lord n’ master? I don’t come and shit in your sandbox, so I really don’t know why you come here.

        On topic and fangs retracted, I don’t think one’s political affiliations are anything to be ashamed of, but in the public service, its not done to be a member of a political party. Ditto if you work for a company where the management is nosey about employee’s personal lives and right wing in nature. I hope the lesson has been learned about security, as I certainly don’t want Slater’s slimy mitts on my personal details. I hope the Greens have super savvy IT geeks working for them.

        • LOLWUT 19.1.1.1

          Right, making 18,000 identities available to absolutely anyone is a “complete non event of a scandal”. I’d hate to think what you would consider a serious security breach then? And at the same time you’re pretending you don’t think this is important, you’re hoping that it doesn’t happen to you at the Greens. Contradict yourself much?

          • Sookie 19.1.1.1.1

            Sloppy security exploited by a scumbag with the morals and ethics of a cane toad does not equal hanging, drawing and quartering of the Labour caucus, sorry to disappoint you lot. It won’t do you any good, the hysterical ranting and lip smacking glee just makes you look like the pack of rabids you are. Hardly going to convince those pesky swing voters.

  20. Irascible 20

    Look at this: The Key led National Party admits it was accessing the Labour Party Website.
    http://www.nbr.co.nz/article/national-admits-labour-data-breach-denies-passing-names-whaleoil-ck-95242
    Then the Key led National Party argues that it had no moral responsibility to inform the offended party that it had broken into its website.

  21. coge 21

    All the credit card donors that have had their card numbers held by Labor in a unsecure manner, will need those cards canceled & new ones issued by their banks. The Labor Party needs to contact those cardholders urgently, as given the card numbers were available to the public to view, criminals could easily use them.

  22. Now that the Tories have done a Watergate break-in on that database should anyone on that list be threatened we all know who to lynch now don’t we.