Written By:
r0b - Date published:
7:34 am, June 13th, 2011 - 126 comments
Categories: activism, blogs, Ethics, labour -
Tags: cameron slater, thugs
At 9am today Slater is probably going to publish a list of some of the donors to the Labour Party. I’ve got two quick comments.
First – a big thank you to every person on that list! I’m an active member of the Labour Party, and a regular donor. My name would be on that list too, except that it covers web based credit card transactions and I donate by electronic banking. (Don’t worry, no credit card details have been exposed or are in Slater’s possession.) As a donor I am proud to be in your company, you are all generous and compassionate people who are committed to a fair go for everyone in the country that we share.
To anyone who is upset at having their name made public, I for one certainly apologise on behalf of Labour. It’s a stuff up to leave anything accessible on the web, however obscurely. I suspect that most donors won’t mind – if you’re donating to a political party you’re probably pretty open and active about it (I certainly am in the real world). But if you are pissed off, please don’t blame some hapless web admin working for Labour, please blame the people who took this information and illegally made it public. The best way to get back at them is to donate again to Labour, that’s what I’m doing.
The second point I want to make is to consider the motives of the Nats (Slater’s handlers) in orchestrating this leak. A list of minor personal donors to a party is of no conceivable public interest. The Nats are trying to create a “climate of fear” by attacking their political opponents at an individual level, just as Paula Bennett illegally identified and gave details of individual beneficiaries. They think that publishing the names of donors to Labour will in some way intimidate or damage these people. I’d like to think that they’ve miscalculated there!
In a post last night Slater tries to compare himself to Wikileaks, and lists posts on The Standard that refer to it. In particular he links to a post of mine, which he says is “a good one”, so I’m very happy to repeat part of it here:
Like most other activities in the complicated real world, whistleblowing can be a grey area. Some thugs, like Paula Bennett with her attacks on individual beneficiaries, or Cameron Slater with his violation of name suppression, might think of themselves as whistleblowers, but they are not. To my mind the crucial distinctions are (1) whether information being released relates to an individual (probably wrong) or to an organisation like a company or the state (probably right), and (2) the level of genuine public interest in socially significant issues.
Slater is not a whistle blower revealing important information of public interest, he’s just a thug trying to intimidate people. Slater’s National Party handlers should be ashamed of themselves.
Thanks to this publicity, I will be dropping by the nearest Labour electoral office during lunch to make a CASH donation 🙂
I doubt parliamentary services staff are allowed to receive donations for the Labour Party at MPs office so if you do that you may be forcing them to break parliamentary services rules.
they can, of course, hold that money for the electorate campaign team.
Ummm, no I don’t think they can. Can’t hold campaign meetings, can’t receive money on behalf of the Labour Party, can’t use the parliamentary office for any purpose other than parliamentary activity.
Dude, a plain brown envelope is left, with no hint that a donation sits inside.
Satisfied now dude?
Did you tell the Wongs that?
Ditto.
I must thank Slater for reminding me to pop in to Chris Hipkin’s office and donate a couple of hundred dollars.
There must be a crime of some sort here. I have never heard of people hacking private information and getting away from it.
there seem to be two relevant parts of the Crimes Act:
249 Accessing computer system for dishonest purpose (http://www.legislation.govt.nz/act/public/1961/0043/latest/DLM330422.html#DLM330422)
(1) Every one is liable to imprisonment for a term not exceeding 7 years who, directly or indirectly, accesses any computer system and thereby, dishonestly or by deception, and without claim of right,—
(a) obtains any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
(b) causes loss to any other person.
(2) Every one is liable to imprisonment for a term not exceeding 5 years who, directly or indirectly, accesses any computer system with intent, dishonestly or by deception, and without claim of right,—
(a) to obtain any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
(b) to cause loss to any other person.
(3) In this section, deception has the same meaning as in section 240(2).
252 Accessing computer system without authorisation (http://www.legislation.govt.nz/act/public/1961/0043/latest/DLM330430.html#DLM330430)
(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.
(2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access.
(3) To avoid doubt, subsection (1) does not apply if access to a computer system is gained by a law enforcement agency—
(a) under the execution of an interception warrant or search warrant; or
(b) under the authority of any Act or rule of the common law.
Well done Eddie!…now let’s scroll on back up to s217:
The fact that the information was available to all and sundry would suggest that there was an implied consent. In any respect, WO just needs to genuinely believe that such consent existed, it matters not whether that belief was reasonable.
As for s 252, it’s a hacking offence, it requires defeating security measures…of which there were none.
“implied consent”
Ridiculous, has anyone handed money over to any website assuming the information will go public? It’s not as if a public list of donors was published.
It’s not the consent of the donors that is at issue, it’s the consent of Labour. Think about it like this:
You design me a sign, it says “Ban Asset Sales”. You do this because you think that I need some help changing my views, and you want to help. It also has some information about you, just incase I want to contact you and have a chat about state assets. Because of this, you don’t expect me to share it with anyone. But now it’s in my possession. I like it, I think “this looks pretty, and the ideas on it are pretty awesome, and one day I might need Peter’s details.” And so I stick it on my bedroom wall. Anyone can see it from the street, but only when my curtains are open. I have impliedly consented to those people who walk past my house being able to read that poster (and your details) whether I realise it or not.What you thought when you gave it to me isn’t material.
The expectation that you have when you donate extends to Labour: you expect that they will hold your details securely, and prevent people being able to see it. They failed. Oops.
I agree Mactreb, that’s a very clever argument for a dishonest and unethical person to hide behind. You’ve convinced me.
As for s 252, it’s a hacking offence, it requires defeating security measures…of which there were none.
Firstly I am not sure about there being no security measures. Do you have a source?
Secondly I don’t think so. Section 252 only requires a system to be accessed, not broken into.
I have no direct source, no, but Flatt’s email says:
and
both of which would seem to imply that it was a lack of security measures that resulted in the information becoming available (rather than one of those untoward righties hacking in).
In regard to your second point, don’t be stupid:
Authorisation is the touchstone, it will necessarily require some ‘breaking in’ (the exception, it seems to me, would be if, say, someone left their desk unattended and you just ran over and copied things, but that still seems to be a ‘breaking in’ type of action).
Moreover (and while we’re all here throwing legislation about), take a look at sub 2:
So it seems (and I stress that I am speculating here, so none of that “where’s your source?!” rubbish – it’s merely food for thought), if Labour had this information as part of their website, just hidden in a layer behind the front end, then the access would be fine (no matter how objectionable you may find such a thought). There is obviously authority to access the labour website/servers (read: computer system) – I mean, what more could the public possibly want than pages filled with lack of policy. Unclear where the distinction is drawn.
In any respect, your energy would be better directed writing to Flatt asking why the fuck this was allowed to happen, rather than sitting here mulling on how WO has probably [not] broken the law.
mickysavage
I know it may pain you to do so, but the whale has a video clip on his blog showing how easily he got public access to the information.
see: http://whaleoil.gotcha.co.nz/index.php/2011/06/labour-leaks-how-i-did-it/
Um Burt, the clip shows Slater tracking ip details, then magically browsing to the directories. As someone said in the comments it can be done by non-routable ip adresses. So you have a video of Slater saying anyone could do it, sure anyone could do it. If they tracked the ip addresses – tell me how often do you track an ip address? Used non-routable ip addresses – when was the last time you did that whilst having a browse on the web. Lastly the video doesn’t prove he didn’t hack in, or that the site wasn’t hacked it proves the information was available to him at that given time. All of this is completely irrelevant though as it doesn’t change the fact that the information cannot be called freely available, also please explain a legal reason why WO would need the information, how it can be considered fair for him to hold that information and how it doesn’t intrude on the individuals privacy, when he attempted to get the information directly from the individuals.
To simplify it for you, Imagine I went across the road to buy some milk and left my bedroom window open, then some thief jumped in and stole my property and invaded my privacy. Whilst I should’ve been more vigilant in closing my window, the thief has no right to invade and steal my stuff. By the looks of your moral compass you’d have no problem stealing.
“To simplify it for you, Imagine I went across the road to buy some milk and left my bedroom window open, then some thief jumped in and stole my property and invaded my privacy. Whilst I should’ve been more vigilant in closing my window, the thief has no right to invade and steal my stuff. By the looks of your moral compass you’d have no problem stealing.”
But the bottle of milk is still there.
Yes because the bottle of milk is still there I’m better off? I didn’t need all my stuff did I? In fact it’s more profitable for me to robbed.
Nonsense Vinsin, browsing a publicly accessible, google-indexed website cannot possibly be analogised to breaking and entering someone’s house. It’s more like you put up a noticeboard on the outside of your fence, and tacked up a bunch of pieces of paper. Someone reads them, and it later turns out you accidentally picked up the wrong piece of paper and tacked it up without looking, and somehow that’s a crime that the person read it? I don’t think so.
Read my lips – you can GOOGLE the hame of the website healthyhomeshealthykiwis and the very first hit takes you directly to that directory that Cam starts at in his vid ( labour now redirects those links to their main page). No hacking, just browsing publicly accessible information.
No it’s exactly analogous to you accidentally leaving the front door to your home open and I enter uninvited, snoop about, sniff your partner’s panties and photocopy your business accounts that you were working on that morning. If I did that to you, you’d be very unhappy with me.
Entering a home uninvited is one thing. In fact if I cause no damage or harm it’s not a crime. Yes your privacy has been invaded and it’s a scummy unpleasant thing for me to do, but then we don’t expect any better from Slater either.
But then using that unintended access to copy personal information that a ten-year old would know is meant to be confidential, and re-publishing it with great public fanfare is another thing again. If Slater were to publish a list of private, individual Natioanal Pary donors his handlers would be furious with him. He’d never get a bean from them ever again.
Yet you are here happily condoning and defending Slater this because the target was Labour. Just don’t try and play principled.
Are you really that dense Red? If you put something on a publicly accessible, google-indexed server, it is not private. It is nothing at all like sneaking in an open door. By putting it ON THE INTERNET there you have invited the public to browse it. You haven’t left the door open, you’ve put stuff in an open house that doesn’t have any doors and anyone is welcome to walk through it any time. If you have a drawer of underwear you don’t want sniffed, it’s your responsibility to not put it in a room with a door and a “private” sign. You cannot make your house an open home with no doors and then expect visitors to psychically guess if there are parts you don’t want them to look at.
typo which I can’t edit, obviously meant to say “it’s your responsibility to put it in a room…”
Just because something has been made accidentally accessible to the public …does not mean it is public.
It was NOT INTENTIONALLY put on the internet. No-one was invited to browse it. Only a person with no ethical compass at all would imagine that a list of individual, private donors to a political party was meant to be public information.
But you avoid the obvious. I take it you would have no problem with me obtaining and threatening to publish the names of a whole lot of donors to the National Party? People who had donated assuming their names would remain confidential.
(That question has a simple yes or no answer in case you hadn’t noticed.)
Making it indexable by google is an invitation to browse it. How could the web possibly work if it wasn’t? Do you seriously think every time someone googles a website, they can or should be in any kind of position to second-guess the webmaster about whether that information should be public? Can you imagine trying to draft a law along those lines? How the hell does anyone else know what information you intend to publish and what you put on the net by mistake?
All kinds of surprising information is public these days. Ever heard of wikileaks? How can it possibly be the web surfer’s responsibility to judge the webmaster’s level of candour and/or stupidity? If you publish it, it’s public. End of story. You cannot expect the reader to do your quality control for you.
“I take it you would have no problem with me obtaining and threatening to publish the names of a whole lot of donors to the National Party? People who had donated assuming their names would remain confidential.”
I encourage you to feel free to do what you like to any information that any party places on a google-indexed publicly accessible web server. If it’s on such a server, it’s already published.
Yes and it’s already like that in our law so obviously not too hard to draft. Under normal circumstances it is not reasonable to assume that you’re authorised to access private information even if it is publicly available. The reasonable assumption there would be to assume that someone had made a mistake.
Not just a reasonable assumption even.
Any National Party staffer or operative like Whaleoil would have looked at lists of donors and members, tables of personal contact details, transaction information, meetings minutes, etc. and known straight away that that material should not have been publicly available.
Apparently this is going to be National’s legal defence.
Look forwards to seeing how that pans out.
I encourage you to feel free to do what you like to any information that any party places on a google-indexed publicly accessible web server. If it’s on such a server, it’s already published.
As expected LOLWUT evaded the question with a total non-answer. Just to be clear there were only two possible answers to the question.
In order to be consistent with his argument LOLWUT had to answer ‘yes’.
But in reality he wouldn’t dream of compromising National Party information in such a way. Nor would Slater for that matter. So the real answer is ‘no’.
Unable to reconcile the blatant contradiction he diverts and prevaricates. Scumbag.
The 249 (1) (a) sounds interesting. Whale has advertising.
(b) sounds interesting with respect of the National party. All that Labour probably has to do is to show that they lost at least one donor.
“All that Labour probably has to do is to show that they lost at least one donor.”
Well I’m glad that I hadn’t gotten around to donating to them yet. And am considering whether I will donate in a couple of months like I had planned – I probably will, though.
As i’ve covered in a previous thread
This isn’t hacking, and and it isn’t a crime, and it shouldn’t be a crime.
The server was designed to be accessed by the public, it had a list of files that could be accessed by the public
And indeed the public, in this case whaleoil, found one of those files and downloaded it.
Its as simple as that. There is no hacking, there was no theif
Anyone who can’t understand that fundamental concept, is in denial.
The only legal protection i know of that labour.org.nz have, is copyright on their data.
But copyright only affects creative works of art, and a raw database doesn’t fall into that line
And finally, theres nothing stopping fairuse of that data, like explaining how they only collected $11k in funds
There is however the legal aspect on labour, who published publicly what may have been confidential information. Alas i’m not familiar with NZ’s privacy laws, so i can’t really remark, but i’d say labour’s incompetence has opened them to legal recourse.aa
copyright doesn’t just affect creative works of art, but that point is irrelevant. Let’s go worst case – somebody at labour accidentally flipped a switch to “public view” on their credit records. This doesn’t permit the theft and distribution of the information, any more than a coding error in a cash machine means you get to keep the money it spews out, or any more than leaving your front door unlocked means anyone is entitled to all your possessions that they can fit into a bag labelled “swag”.
The Hollow Men emails were quite possibly distributed to Hager by someone with authorised access. Whatever tripe the nactoids downloaded is stolen, whether they had to go to too much effort or not. Difference: one might not be a crime, the other definitely is.
“This doesn’t permit the theft and distribution of the information, any more than a coding error in a cash machine means you get to keep the money it spews out, or any more than leaving your front door unlocked means anyone is entitled to all your possessions that they can fit into a bag labelled “swag”.”
Theft?, i’ve covered this before.
Its not theift if its given out freely. And nothing was stolen, they still have the data. It was simply copied.
So nothing was stolen, and what was copied, was copied legally. The data was placed on the server by authorized staff, the server being designed and configured to copy the data to any member of the public.
That it was a mistake from labour, does not negate the fact that what whaleoil has, is his own private copy of the data.
But to break down your analogies
“This doesn’t permit the theft and distribution of the information, any more than a coding error in a cash machine means you get to keep the money it spews out”
Phyiscal properity is different to a digial copy.
But in the case of a atm spewing out incorrect amounts, your taking properity that doesn’t belong to you. The additional cash was never allocated to you, and it still remains properity of the bank, so by pocketing it, your stealing from the bank.
Taking a copy of the data, labour never lost a thing. They had and always had the files. Nothing was stolen.
If nothing was stolen, how can it be called theift.
You can’t say it was unauthorized access, because it was accessable to anyone.
“or any more than leaving your front door unlocked means anyone is entitled to all your possessions that they can fit into a bag labelled “swag”’
Again, its a case of phyiscal theft vs a digital copy.
If your home had a billbord that said “Welcome to the Public”, that the public used for chatting around, then Whaleoil came along and opened an unlocked door, and then took PHOTOS. That’d be a closer analogy
As he didn’t tresspass, and he didn’t steal anything.
He simply took a copy.
Thus we have no theif. Thats a fact btw. No one in power is contesting that, not even labour. To call it theift, suggests that you can be guilty of stealing just for following a web link.
As for redistribution, i’ve also covered that. Whaleoil doesn’t have a right to just redistribute what he downloads.
But that doesn’t mean he can’t make posts about what he found, and what he thinks about it.
Theres also fairuse doctrine to take into consideration. So he could even use small parts of it to prove his point, like with catus kate.
As as i mentioned, but i don’t think you grasped it, I said copyright probably doesn’t apply to just a LOG FILE.
Copyright in original works
(1) Copyright is a property right that exists, in accordance with this Act, in original works of the following descriptions:
(a) literary, dramatic, musical, or artistic works:
(b) sound recordings:
(c) films:
(d) communication works:
(e) typographical arrangements of published editions.
(2) A work is not original if—
(a) it is, or to the extent that it is, a copy of another work; or
(b) it infringes the copyright in, or to the extent that it infringes the copyright in, another work.
So unless what he copied falls under communication works, there is no copyright protection, and whaleoil is free to redistribute as he sees fit. At least without consequences from the copyright act.
It’s nothing to do with copyright. Sheesh it seems like there’s a whole generation who thinks every legal concept stems from the Pirate Bay case.
The only reason whaleoil hasn’t republished it in full, is because hes waiting on his lawyer to explain the limits of copyright.
[edit] Also the privacy act, although i’m unfamiliar with that act
[trashed]
[lprent: This comment got trashed by bazar, but caused a rare overlap with people having replied to it. I’ve popped the comment back into place sans the content]
Are your various statements about how WO found this stuff, and why he’s now chicken, based on anything more than what he has published, or do you have insider knowledge?
I only ask ‘coz you frame everything as factual statements, where if you are just taking Slater at his word, then that’s not actually worth much.
Yeah, i deleted that remark, because its pretty stupid to remark that it got delayed because of copyright and the privacy act.
A worthless statement.
As for where i got that remark, it was on whaleoil’s blog, that he was waiting on his lawyer. Take it for what you will
There are many flaws in the thread system. Looks like you found one that I didn’t know. I really need to find some time to fix several things with it.
Don’t think so Bazar. All that is needed is for the data to be accessed without authority. Clearly Whaleoil thinks that he did not have authority. Why else would he be crowing about it?
And theft is not being argued here only access. It is an entirely different offence.
Theft is being aruged here, just read the comments
Too many posters don’t understand the differeance between theft and copyright infringement.
Since its something a know a little about, i thought i’d enlighten the masses.
As for what’s got him so excited and crowing over his discovery, its because hes found labour acting illegaly and probably lieing, and that labour probably doesn’t what what he found known publicly.
As for crowing about how he’s commmited unauthorized access, i don’t think even whaleoil is that stupid, so its obvious hes going on about something else woudln’t you think?
It’s not theft but the unauthorised access and distribution of private information. The police should be investigating all those involved to the fullest extent of the law.
No mate; it’s “not in the public interest” to prosecute 😉
That’s an appalling legalistic defence for a lack of integrity. Please keep running what in my opinion is a thoroughly dishonourable line, so that it is clear where you’re coming from.
It’s a bit more harsh than that. The loss has to have been directly caused by the deception/dishonesty.
“I am not going to donate any more for the reason that Cam Slater knows that at some point in the past I donated” would be caught, while “I am not going to donate any more because Labour was so shit at securing my information that someone was able to get access to it with minimal effort” would not be.
Section 252 does not require proof of loss. That is why I think this section is more likely to apply. Agreed that section 249 has more hoops to work through.
See above, but to recap for your benefit:
s 252 requires unauthorised access, and as Bazar said:
So every server in the world that hosts web pages can have its entire contents accessed with impunity, even parts that are not intended to be part of the website? Are you kidding?
**palmface**
Example 1
Server X runs Amazon.com’s website. It also hosts Amazon.com’s credit card processing. Amazon has been sensible and secured the credit card processing. Access is clearly not authorised to those who do not have the requires security credentials (e.g. password / secured/dedicated connection).
Access by WO here would fall foul of s 252, why? Because he was not authorised.
Example 2
Server X runs Labour’s website. It also hosts Labours credit card processing. Labour has not been sensible. They didn’t bother to secure the information they held, and so the credit card information is accessible. Access to the website generally is authorised, and this authorisation allows access to other data, like credit card processing logs.
Access by WO here would not fall foul of s 252, why? Because he was authorised to access the Labour website, and part of that access meant he could get to the credit card logs, without doing anything that was unauthorised.
See the distinction?
Because he was authorised to access the Labour website
Precisely. But this does not allow him to access any file that is on the server. Are you saying that every subdirectory off the website’s root is open for grabs?
Besides you cannot use a browser to access the files that were there. You need to download them.
The authority to access the website must be to access the files via a browser which are designed to be accessed from the website.
That is exactly what I am saying.
I you don’t want it accessed, then (1) don’t put it there, or (2) put in some level of security so that you can’t access it.
Whether or not they must be donwloaded isn’t really material: is my downloading of a zip file unauthorised, merely because I can’t open it in a browser illegal? I think not.
Also, failing that you’re still missing the effect of subsection two, which essentially says “if you had authorised access for reason 1, but then you use that access for reason 2, then that’s fine.”
Whether or not they must be donwloaded isn’t really material: is my downloading of a zip file unauthorised, merely because I can’t open it in a browser illegal? I think not.
Agreed. But there will be a link on a page somewhere to the zip file so it is clear that access to it was intended.
Also, failing that you’re still missing the effect of subsection two, which essentially says “if you had authorised access for reason 1, but then you use that access for reason 2, then that’s fine.
Under your interpretation the Amazon credit card data would be able to be grabbed legally. I am drawing a distinction between the computer and the “system”.
I don’t disagree with you that the issue is much more complex than at first blush. I think for instance that a breach of section 249 would be very difficult to prove and I have not argued that Slater is in breach of this provision.
But if section 252 does not apply then the law needs to be reviewed.
Did you ever see the film Town Without Pity? You should.
There’s a scene in it where the defence lawyer is trying to paint the woman who was raped as a ‘loose woman’. He called a witness who testified that she (he?) had seen the woman wandering around naked in her house.
It turned out that in order to ‘see’ the woman behaving so lewdly, she had to climb up on furniture, get on her tiptoes, stretch her neck and glimpse a small part of the offending woman’s window.
You’re description of Whaleoil’s actions are analagous to those of the ‘morally concerned’ neighbour of the woman.
I will never donate to any political party.
Then don’t make a comment you twot.
Scum nats at work again. They must be getting worried. I dont think they will have the election campaign all ther own way
There’s nothing illegal going on. Eddie, are you having a mental breakdown yet?
Wrong, massive breach of privacy which, by the by, happens to be illegal.
Yes, it was a massive breach of privacy for Labour to put those details on the Internet. Well done for recognising this fact.
And Slaters then release of that information was a bigger crime.
Can’t wait for 2pm today! How about you guys?
Yes, looking forward to Whale dig himself a deeper hole. I hope he got legal advice before he started on this.
I don’t 😀
For fucks sake, squabble and scrap and pull each others hair out why don’t you…
Nonetheless the right do certainly seem to be full of glee. And angry hatred.
Frothing at the mouth like rabid dogs. A vote for National is a vote for rabid dogs. Dirty dogs slashing around like they live at some gang house. Talk about ugly.
The Dogs of War
Well, he hasn’t released any data yet (apart from Cactus Kate’s $10 donation)
Now he is saying “wait until 2pm”
Playing games, perhaps?
Or maybe he is taking legal advice.
I would say so. I suspect that if he releases the donor names off the database without their permission, then legally he becomes criminal toast.
I’d hazard a guess that he won’t actually release the full list, just a few consenting names (such as Kate’s), but he’ll spin this for as long as he can.
Can’t say I find the spectacle very edifying at all, really.
“There must be a crime of some sort here. I have never heard of people hacking private information and getting away from it.”
You’ve never heard of the hollow men?
Bill.
Nicky Hager didn’t hack anything. So he claims, and so the police investigation ultimately didn’t find any evidence to refute him.
You’re an ignorant jerk BR.
The police found no evidence of hacking in the Brash email affair because there was no hacking. Got that into your head now dumbo? It was an inside job that went to the top of the National Party tree. I think Bill and Mary English heard a thing or two about it.
Okay so we have one side, your side, saying the Hollow Men stuff wasn’t obtained illegally. We have Slater saying he didn’t obtain his data illegally. You believe your side but you don’t believe Slater’s side, but the truth is he’s running the same argument that Hager did, that it wasn’t obtained illegally and it’s only because of the tribe you’re in, not the evidence itself, that you hold your view.
Slater says he didn’t obtain it illegally. Slater can put up the defence that the information was publicly available, if he accessed it from a non secure part of Labour’s website. That would be an interesting legal argument, as to whether a piece of data that is hidden but not secured is publicly available. I would think “hacking” or illegally obtaining the information would involve unlawful access and/or alteration of the data. There is no evidence of either of those.
As for Slater breaching privacy principles that is a much taller order. He’s not an “agency” under the Privacy Act. He can also claim he didn’t make the information available: Labour did. And Labour isn’t the victim as far as the Privacy Act is concerned. The victims are the donors who are going to be named. Their claim will not be against Slater, but against Labour for failing to secure their data, which they have already admitted to in their correspondence with Slater and with Labour Party members.
As for National being the source of the “leak”, that is just partisan nonsense based on no evidence. “A Labour Party insider told me…” is not evidence. It is spin and distraction.
Actually that’s not true at all.
On one side we have a lengthy police investigation which found that Hager didn’t obtain his documents illegally.
On the other side we have Cameron Slater, a man who has often boasted that lying is ok because there is no objective truth, only different perceptions.
You’re either a fool or a cretin to draw an equivalence.
Then go lay a police complaint felix if you’re so worried your email address will be released.
Why bring my email address into this?
You made a false equivalence, I pointed it out.
Care to argue with what I wrote?
The police didn’t conclude that the information wasn’t obtained illegally. They found no evidence of unauthorised intrusion or hacking of the Leader’s office computer. That is not the same thing. For example, if somebody goes onto my laptop, copies my outlook pst file onto a data stick and runs off with it, would you say they haven’t stolen my data? Of course they have. Would the Police have evidence this had happened? No. So don’t reinvent history otherwise people will point out your dishonesty.
Slater has now put up a blog post showing how he did it. Seems to me Labour left its crucial and sensitive data open to all and sundry. No hacking. Just posted all of it onto one of their subsidiary websites for anybody to see. Slater isn’t a sherlock holmes. He just found it.
There’s no theft by Slater here. There is a breach of privacy though, and it’s from the Labour Party for exposing so much personal information to the world.
You do realise that your stance on one completely contradicts your stance on the other, don’t you?
Of course one doesn’t contradict the other. Putting a data stick into someone’s laptop without permission is breaking and entering. Putting information on a web server that serves information over the internet is publishing. It’s not the viewer’s problem if Labour unwisely chose what to publish, and it’s not their responsibility to judge whether Labour was unwise in publishing certain information and avoid looking at it. You really think that would be a workable way for the internet to operate? If I’m browsing a website do you think I should be constantly second-guessing, item by item, whether it was a good idea for the web admin to publish that particular item? Can you seriously imagine a law operating on that principle?
LOLWUT has mistaken misfiling confidential information in an insecure way as being the same as intentionally publishing it as public domain.
Nonsense, Viper. As I said above, do you seriously think that the internet could/should operate on the principle that if you publish information on a webserver, the viewer is responsible for guessing if it was a good idea to publish that information? How is a viewer supposed to guess if you published some information intentionally and some not? Maybe you didn’t mean to write your last comment, Viper, maybe you were just doing a draft but hit submit by accident. Maybe you had something on the clipboard from writing an private message and pasted it into the thread without thinking. Would I be hacking you by reading it? How would I know? By what standards should I attempt to guess that you intended to publicly post what you publicly posted?
The directory view that whale starts from ( as demonstrated in his video) is the one that comes up first if you google the name of the website. By what psychic powers is a web surfer supposed to know that Labour put some information in a google-indexed web directory that it didn’t mean to? Can you really not see the problems of that as a legal concept?
are you stupid portion or what, this hack has been traced to National its nothing like the Brash situation and if anything shows that releasing confidential info from a computer is the norm/culture in the National Party.
hollow men at it again, shit they must be worried.
Who cares….tyical tory beatup….i have no problem people knowing i donate…in fact its a badge of honor…as it proves those who donate to labour have some smarts…unlike the things that donate to the tories!
Might be fine for you. But others who work in companies that are right-leaning, whether overt or not, may not feel comfortable with their colleagues/superiors knowing that they donated to the Labour party. That is entirely the point of releasing the names – it scares people away from donating.
Yeah this isn’t a good situation. The Righties know what they are doing when they set this shit up.
“You’re an ignorant jerk BR.”
Charmed, I’m sure.
“The police found no evidence of hacking in the Brash email affair because there was no hacking. Got that into your head now dumbo?”
Now now Anne, temper temper. What did I say??
“It was an inside job that went to the top of the National Party tree.”
How do you know that, and how do you know that the information that Whaleoil has obtained did not involve the deliberate co-operation of a Labour party insider?
“I think Bill and Mary English heard a thing or two about it.”
Really? What did they hear?
Bill.
This exercise by the Key led National Party hackers now explains why the local electorate website in the electorate I was working in in 2008 was being hit so heavily with “enquiries” during the weeks leading up to and including the day of the election…. someone was fishing for information by attempting to hack into the website.
In that Slater and one of his mates attempted to styme the local LEC’s hireage of a school facility for its monthly meetings with letters to the School Committee questioning their right to rent a room to the LEC I can now understand the ethics of the Key led National Party hacks even more clearly.
Whale Oil down? Oh – what a shame.
EDIT: Never mind,
Proxy up and aim low: http://sourceforge.net/projects/loic/
Has someone pulled the plug on his site? If so, who? Anyone got any ideas?
I got on the site a few minutes ago and there is a post saying he’s holding off releasing the names till tomorrow because he’s shitting himself. Whoops, sorry, read that wrong … because he’s seeking legal clarification … before shitting himself.
He must have edited the post. I was there just now and it said he was still shitting himself AND crying like a child.
Next time, take a pdf or screenshot of the page if poss
Be fun to see Cameron in the dock again. Sentencing judges are notoriously fond of people like him who try to publicly ridicule the justice system.
Something tells me that with the relative financial weakness of Labour compared to National this is a David v’s Goliath contest. Why National would bother with all of this is totally beyond me.
How can they win in the eyes of the voter?
They win if it pushes the story about National slipping in the polls down the page.
They win if it pushes the story about Key borrowing 100 million a week to gamble with down the page.
But mostly they win if it distracts people long enough that they don’t connect the dots between
a) “We’re borrowing 100 million a week more than we need ‘cos I’m a super duper money trader”
and
b) “Gee we’re borrowing so much we really need to sell these energy companies”
It’s a short sighted win though Felix, being associated with Cameron Slater especially when it’s looking very clear he’s broken The Privacy Act might delay the media but ultimately it will tarnish National’s image and force Labour back on message. Law’s are very hard to massage, delaying the connection between the current state of the economy may be easier but all National does by being involved with Slater is open themselves up to ridicule and cause the swing voter to trust them less – it’s a law that’s been willingly broken by Slater and by proxy National. That’s does not look good for voters when they’re wondering if they can trust a government with the country and they remember the government deliberately broke laws. It will be interesting to see how they intend to wiggle out of this.
All true, but really only for people like us who take an interest in the game. Most people don’t know and couldn’t give a fuck who Slater is or what his connection to the Nats says about them.
BUT if he can get some bullshit about Labour’s IT problems (which most people don’t give a fuck about either) on the news instead of John Key getting caught in a massive lie then it’s a win – or a least a loss avoided.
As you note elsewhere though, the earthquake kinda renders it a moot point.
Bullshit. Lists of names and email addresses aren’t subject to copyright.
If that’s the legal advice he’s waiting on, he has a moron for a lawyer.
You would have thought how you get the lists might …..
I’m confused now Peter, my comment (and Pb’s I think) was meant to be a reply to a comment from bazaar way upthread which seems to have disappeared.
Now I don’t know who’s replying to who, it’s like a hall of mirrors.
A moderator has deleted a message that is in the middle of a thread. Pb’s one at the bottom is linked to something odd.
Bad moderator – you wipe the contents and leave in place.
I will see if I can locate it from the trash
I’m usually linked to something odd.
*grin* Turned out that Bazar found another hole in the thread system when allowed to trash comments disrupting comments written in reply. It is meant to disable the trash when a reply has been made.
Now I have to write a plugin to correct for it *sigh*
Apologies I meant to say how he got the messages might be illegal even if lists of names don’t breach copyright as is being suggested.
Yes indeedy, I’d reckon the privacy act would be the best remedy as posted by others.
Part 2 Information privacy principles
Can’t think of any legal reason why WhaleOil would need to collect the personal information of Labours donors.
Yep, I’d say that Whale has violated that principal.
It’s private information and, as such, it’s reasonable to assume that it’s not supposed to be publicly available and that, if the public has access to it, a mistake has been made. Under these circumstances the reasonable action would be to notify the people holding the information that a mistake has been made. In fact, I’d say Whaleoil has breached most, if not all, of that principal.
Yep, I’d say that Whaleoil breached that one as well – especially (b).
Labour have broken that one big time.
—————————-
Basically, the laws have been broken big time on this and the police should be investigating without complaints being laid. That said, every single person who has registered with Labour should be calling the police and laying a complaint to ensure that an investigation is happening.
Slater is not an “Agency” under the Privacy Act. The Act doesn’t apply to him. Labour is an Agency, and they have broken the law.
Hope you’re not the C Slug’s lawyer, pc, because you are wrongitty wrong wrong.
(a) means any person or body of persons, whether corporate or unincorporate, and whether in the public sector or the private sector; and, for the avoidance of doubt, includes a department; but
(b) does not include—
(i) the Sovereign; or
(ii) the Governor-General or the Administrator of the Government; or
(iii) the House of Representatives; or
(iv) a member of Parliament in his or her official capacity; or
(v) the Parliamentary Service Commission; or
(vi) the Parliamentary Service, except in relation to personal information about any employee or former employee of that agency in his or her capacity as such an employee; or
(vii) in relation to its judicial functions, a court; or
(viii) in relation to its judicial functions, a tribunal; or
(ix) an Ombudsman; or
(x) a Royal Commission; or
(xi) a commission of inquiry appointed by an Order in Council made under the Commissions of Inquiry Act 1908; or
(xii) a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, pursuant to, and not by, any provision of an Act, to inquire into a specified matter; or
(xiii) in relation to its news activities, any news medium
Whale would successfully argue that his blog is a news medium. See (xiii)
Only if you take the broadest possible interpretation which I suspect that our courts would not do.
I wouldn’t regard this site as being news media, and we don’t have nearly as much of the rich fantasy life that whaleoil has exposed over the years.. If it came to court, I would be happy to detail some of the lies and fabrications that he made about me over the years. I am sure that there are many many others who would as well.
It is ludicrous to regard him as a news medium…
Go to the principle as to why news media are excluded from the Privacy Act, which is what a Court would do. That there is a public interest in a free press being able to expose information. Therefore information collected and distributed by a news medium goes to the heart of a free press. The same tenet goes for bloggers. If it ever went to Court then Whale’s counsel would point to the Electroal act exemption to news media and internet blogging sites.
You might dislike Whale’s opinions and he might get his facts wrong at times, but go and lay a complaint with the Privacy Commissioner if you like. It would be an interesting test case but I strongly suspect he would win.
There is no such provision for bloggers. As far as I am aware the only legislation that mentions bloggers was in the electoral finance act and it’s successors. That was a specific exemption because blogs were not classed as news media. You should think things through about why something has to be specifically enumerated.
I probably cannot lay a complaint with the privacy commission because the only thing I am likely to be on in that pile of information is a name, email address, physical address, and membership of the party. All of those are public already. about the only information is in there that isn’t public will be that I am late paying my membership. It was in my desk to be paid when I went into hospital earlier this year, and I can’t remember ever paying it.
Ah no. I’m sure someone will enlighten you about what words like ‘Agency’ mean in the terms of the Act. It will be somewhere at the top of the legislation.
I must admit that I think the people here at the standard are wrong 90% of the time, but on this occasion, lprent, they are right (at least about WO being an agency). What TVOR has said is from the top of the legislation (s 2, if you care – this is the interpretation section and is usually found in s 2 of any modern statute 🙂 ).
The Privacy Act applies to everyone unless they are excluded by the definition of agency. WO is included unless he can find an exemption under (b)(i)-(xiii) (I suspect he would under xiii).
lprent, you have been ‘enlightened’.
Thank you. Reading legislation is like reading a program. First you define your classes and instances…..
That’s simply not possible… the law was confusing and others were doing it too and the ref made a bad call after the rules were changed….
Oops sorry, I was in Labour apologist mode for a moment there…..
No burt, you were just being your normal, idiotic, self.
So Draco technically, Labour can use “that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against—” and say they took “reasonable” precautions in the circumstances but failed due to negligence or incompetence. I completely agree WO is royally fucked on all accounts, i do wonder if Labour being the victim of a hack (not hack) would be able to site that clause. Anyone have a clue? I mean it’s hard to say exactly how the files were collected so…
Actually, I think Labours only defence is to admit that they fucked up, apologize and do their best to ensure that it doesn’t happen again.
That’s what they are doing Draco, I got an email to that effect today with further information about who to contact if I want to discuss it in further detail.
I called to offer support and say I don’t care if Cameron Slater tells the World I support Labour, I tell that to anyone who asks anyway, while wearing my Micky Savage t-shirt*.
*Not the Micky Savage that posts here obviously. No offense Micky, maybe if you put a t-shirt out to..
18,000 donate to the Labour party, and Slater thinks its a crime. What a clown.
I’ll be posting another cheque to Labour tomorrow morning.
I have to point out, you can’t count the number of key donors to the Labour party on one hand. Not like ACT or National.
Not since you pissed Owen Glenn off eh?
Have you nasty little sewer rats got bored with each other and decided to troll today, crowing over your complete non event of a scandal cooked up by that fat nasty sleaze you call lord n’ master? I don’t come and shit in your sandbox, so I really don’t know why you come here.
On topic and fangs retracted, I don’t think one’s political affiliations are anything to be ashamed of, but in the public service, its not done to be a member of a political party. Ditto if you work for a company where the management is nosey about employee’s personal lives and right wing in nature. I hope the lesson has been learned about security, as I certainly don’t want Slater’s slimy mitts on my personal details. I hope the Greens have super savvy IT geeks working for them.
Right, making 18,000 identities available to absolutely anyone is a “complete non event of a scandal”. I’d hate to think what you would consider a serious security breach then? And at the same time you’re pretending you don’t think this is important, you’re hoping that it doesn’t happen to you at the Greens. Contradict yourself much?
Sloppy security exploited by a scumbag with the morals and ethics of a cane toad does not equal hanging, drawing and quartering of the Labour caucus, sorry to disappoint you lot. It won’t do you any good, the hysterical ranting and lip smacking glee just makes you look like the pack of rabids you are. Hardly going to convince those pesky swing voters.
Look at this: The Key led National Party admits it was accessing the Labour Party Website.
http://www.nbr.co.nz/article/national-admits-labour-data-breach-denies-passing-names-whaleoil-ck-95242
Then the Key led National Party argues that it had no moral responsibility to inform the offended party that it had broken into its website.
All the credit card donors that have had their card numbers held by Labor in a unsecure manner, will need those cards canceled & new ones issued by their banks. The Labor Party needs to contact those cardholders urgently, as given the card numbers were available to the public to view, criminals could easily use them.
Now that the Tories have done a Watergate break-in on that database should anyone on that list be threatened we all know who to lynch now don’t we.