Speaker by Various Artists

Read Post

Speaker: Confidential information: the legal rights and wrongs

55 Responses

First ←Older Page 1 2 3 Newer→ Last

  • Rich of Observationz, in reply to Nigel McNie,

    A court case around this would either result in sanity in interpretation, or a new bill under urgency

    It's not that easy, and good law seldom results from measures passed under urgency.

    Do we want to criminalise deep linking? Or scraping? Or bypassing a front-end to download an image? Or some other non-standard use of software to access information on a web server?

    Back in Wellington • Since Nov 2006 • 5539 posts Report Reply

  • Nigel McNie, in reply to Rich of Observationz,

    The "under urgency" wouldn't be great, I agree. More a response to the field day that could open up if a judge interprets the existing law in a foolish way.

    All I'm hoping for is that the law is clarified or changed such that it gives sensible results in cases that we techies understand. As in, "Labour made their website available therefore anything else I deliberately look for on there is fair game" becomes illegal, as would some of the other cases outlined by several of the earlier commenters.

    Maybe the law is good enough now, maybe it'll be clarified in a sane way by a judge later, or maybe we'll need to pass something new. Good law is all I want.

    New Zealand • Since Oct 2012 • 15 posts Report Reply

  • Ian Dalziel,

    allegedly farrars ...
    that’s a misdirection...

    a veritable farrago

    Christchurch • Since Dec 2006 • 7480 posts Report Reply

  • steven crawford,

    Could we call what Hager and his source did, whistle blowing. And are there legal protections for that yet?

    Wellington • Since Nov 2006 • 3865 posts Report Reply

  • steven crawford, in reply to Ian Dalziel,

    how about the cat walks on the keyboard, hitting some unlikely key combination, and ‘hidden’ page(s) or functions appear?

    Cat burglary.

    Wellington • Since Nov 2006 • 3865 posts Report Reply

  • steven crawford, in reply to Brent Jackson,

    The fact that Ede and Slater exchanged messages expressing concern at being caught, is fairly strong evidence that they knew that they had accessed the data without authorisation. I hope they are prosecuted for it.

    Publishing illegally obtained material for public good is one thing, but using that material as evidence in court... I think I need a lawyer:)

    Wellington • Since Nov 2006 • 3865 posts Report Reply

  • Andre Alessi, in reply to steven crawford,

    Could we call what Hager and his source did, whistle blowing. And are there legal protections for that yet?

    The Protected Disclosures Act specifically applies only to employees.

    On a different note, I assume the situation we're in at the moment suggests Slater hasn't identified the perpetrators of the DDoS attack yet? Given that he must have lost some ad revenue due to the attack, I'd have thought identifying and prosecuting those folks would be a priority.

    Devonport, New Zealand • Since Nov 2006 • 864 posts Report Reply

  • Ian Dalziel, in reply to steven crawford,

    Cat burglary

    purr loined...

    Christchurch • Since Dec 2006 • 7480 posts Report Reply

  • richdesign, in reply to Nigel McNie,

    That law would probably be better addressed from the point of view of the user, rather than a tech networking perspective. With everything so virtual and connected, where do you start and end the system. Section 252 was written in 2003 back when computers were still relatively contained to just computers and IT functions. Now the internet is everywhere and has penetrated all aspects of everyday public life, so spatial analogies are probably most suitable.

    Physically and virtually, there are public spaces of any organisation and they are quite obvious. Sure, you may accidentally walk into the stock room of a store and not realise, if the store is messy, and a broken link on a page may take you somewhere inside the workings of a web page. If you leave immediately, no harm done, but if you start poking around in a customer order book in the store or customer contact list online you've clearly stepped over a boundary into a private domain. It doesn't matter whether the server is in a box in head office, or spread around 50 computers God-knows-where in the cloud, if it doesn't look public, you shouldn't be there.

    Since Aug 2014 • 2 posts Report Reply

  • Russell Brown, in reply to Bart Janssen,

    Of course it doesn’t stop the people doing those things being absolute twatcocks even if what they do can be defended by a lawyer.

    I think this is really the point. It might be successfully argued that it's not actually illegal. But was it ethical or appropriate behaviour for someone being paid by the taxpayer?

    Auckland • Since Nov 2006 • 22227 posts Report Reply

  • Sacha, in reply to Brent Jackson,

    The fact that Ede and Slater exchanged messages expressing concern at being caught, is fairly strong evidence that they knew that they had accessed the data without authorisation.

    Quite.

    Ak • Since May 2008 • 19413 posts Report Reply

  • Steve Barnes,

    Regardless of the legal rights or wrongs of this there is the fact that these are the people who make those laws and change them when they find them inconvenient.
    When they change a law that affects our privacy, ie GCSB and their cohorts having access to our "metadata" a cute term if ever I heard one, they tell us that we have nothing to fear if we have done nothing wrong.
    So, right to privacy? I think that if you are supposed to be representing the people then you have made yourself public, at lest your correspondence in relation to your position should be a matter of public record . You should have nothing to hide and if you do then it is the job of the likes of Hager to expose your duplicity.
    QED.

    Peria • Since Dec 2006 • 5521 posts Report Reply

  • SteveH, in reply to Graeme Edgeler,

    If Cameron, and you and I have authorisation to access the server that hosts labour.org.nz for the purpose of viewing the Labour Party’s website, then is there any basis on which section 252(2) doesn’t come into play if once we access the server, we do things that it was not intended we should do?

    Your interpretation may be correct, but if it is then that law is nearly useless. It implies that the hacking of Slater’s emails would be legal if it were done through his website since everyone is authorised to access the server that hosts the website, hacking his Facebook account would be legal since anyone with a FB account is authorised to access the FB servers (though if they took over the account I assume it would be illegal under section 249).

    ETA: should have read the rest of the thread. Call this a +1 for the other 3 or 4 posts that expressed the same point.

    Since Sep 2009 • 444 posts Report Reply

  • SteveH, in reply to Rich of Observationz,

    Do we want to criminalise deep linking? Or scraping? Or bypassing a front-end to download an image? Or some other non-standard use of software to access information on a web server?

    I don't think there is anything in the law as it is written that supports any of those interpretations: currently if you are giving someone authorisation to access and image or a page then they can access it via any method or route they can find. To criminalise the above you'd need to redefine "authorisation" and I don't think anyone is suggesting the current definition is problematic. But I think there is scope to define "computer system" more narrowly.

    Since Sep 2009 • 444 posts Report Reply

  • TracyMac, in reply to SteveH,

    I agree. The lawyers may not be au fait with the ins and outs of server security controls, but the analogies of leaving doors unlocked are pretty apposite.

    We can handwave as much as we like about deep linking and image scraping, but it is patently obvious when those parts of a site are linked through from the publicly-published part of the site.

    Opportunistically looking for \docs or \mbx folders is not the same. There is a pretty well-known issue with using phpadmin to manage MySql databases without adequate security. When I ran the applicable Google query and found a significant number of sites at the ANU in Australia affected (not just website content in some of the databases, but personal details from registered users), I didn't delete, interfere with, or copy the data. Or actually look very far. I emailed the various university departments to alert them of the issue. (And received not a single reply, but at least I tried.)

    I do agree with the main thrust of the piece about the ethical differences between Hager and the Labour Party web hack. Also, as has been pointed out elsewhere, the Whaleoil hack could have been as simple as guessing a password to a multi-role server. I have web hosting, and I keep documents, a website, and all kinds of crap on it.

    However, I still think I'd rather know how Hager'sdata was obtained. It could have been leaked by a participant in the conversations (admittedly unlikely). It could have been an Anonymous-type person or group of people trying to get at Slater. It could have been someone hired to maintain the website, web-hosting, or someone otherwise involved with him professionally (if the latter, even hinting at it could lead into trouble).

    While I am pleased this wanker is getting his comeuppance of sorts, as an IT professional, the possibility of someone compromising their professional integrity, or, some vandal trying to compromise systems, does bug me. Their actions are no different to what we are bitching about in relation to the Labour Party hack. Maybe I'd feel happier if I knew it was an anonymous whistle-blower from the inside.

    Canberra, West Island • Since Nov 2006 • 669 posts Report Reply

  • steven crawford,

    My expertise is in metal work, so please beer with me. I have made myself an aluminum hat.

    Didn’t Keith Ng warn us about backdoors

    Last week, we saw the first indication that the NSA & friends have developed “groundbreaking cryptanalytic capabilities”.

    Which Keith generously explained for the benefit of guys like me that work with blocks of four by two.

    To draw an analogy: They haven’t yet figured out how to picked the locks on your door, but they’ve managed to steal keys, to open windows, and to make your locksmith install dodgy locks. Of course, once they’ve done this, they’re not the only ones who can climb through those windows and break those dodgy locks.

    ‘So by my way of thinking’, these government officials who have been Sprung talking all sorts of dung on the inter webs, must be really unintelligent.

    I recommend, we don’t reelect dum arse leaders again. But don’t elect anyone those smarty pants university qualifications nether:)

    Wellington • Since Nov 2006 • 3865 posts Report Reply

  • Steve Curtis, in reply to Bart Janssen,

    So I presume Cathy Ogders is a member of the professional society of Lawyers.

    Not so. A quick check of the NZ Law Society members gives no result for the Odgers name.

    This is not surprising as she seems to operate mainly out of Hong Kong. But lately has spent more time in NZ.

    The other place to check is the roll of Barristers and Solicitors, which is those legally able to ply their trade as lawyers. This doesnt seem to be easy to find.

    Auckland • Since Nov 2006 • 314 posts Report Reply

  • nzlemming, in reply to Steve Curtis,

    Not so. A quick check of the NZ Law Society members gives no result for the Odgers name.

    On the NZLS registry page for applicants there is this curious entry

    ODGERS Aileen Marie, formerly RODGERS Aileen Marie, formerly POW Aileen Marie, formerly MUNRO Aileen Marie

    No idea if it's any relation or even a connection. Although the website says it's required to keep a public registry accessible from the website, it requires a logon and password. I've asked for one ;-)

    Waikanae • Since Nov 2006 • 2812 posts Report Reply

  • Felix Geiringer,

    Something I have not yet seen discussed in relation to Dirty Politics' revelations, but which certainly needs some careful consideration in relation to the alleged actions of Judith Collins and those in the PM's office, is this:
    Crimes Act 1961, s 105A - Corrupt use of official information
    "Every official is liable to imprisonment for a term not exceeding 7 years who, whether within New Zealand or elsewhere, corruptly uses or discloses any information, acquired by him or her in his or her official capacity, to obtain, directly or indirectly, an advantage or a pecuniary gain for himself or herself or any other person."

    New Zealand • Since Aug 2014 • 12 posts Report Reply

  • Felix Geiringer,

    New Zealand • Since Aug 2014 • 12 posts Report Reply

  • Keir Leslie,

    Here's a fun one. A & B discuss blackmailing C, with the goal of making C act in a certain manner. (A is employed by a rival to C.) They identify the way in which they would carry out this blackmail: they would publish vague and threatening intimations of things to come, and then tell C that these threats would be carried out if C fails to act in the desired manner. (This pattern, of trailing threats then carrying them out is one that B has used prior and will use in future.)

    B then publish those vague and threatening statements, but C pre-empts the need for A & B to tell C about this blackmail by acting as they wish anyway.

    This, I think, is the most generous interpretation of Williams (A) and Slater (B) actions as documented in their emails and on WhaleOil --- that is, they formulated a plan to blackmail Hide (C), but never put it into action because Hide pulled the pin anyway. Have they committed an offence? Because it seems like there's a case there for attempt or conspiracy --- sure, they never carried it through, but they planned & discussed it, and they took a key concrete step towards the commission of the offence.

    Since Jul 2008 • 1452 posts Report Reply

  • nzlemming, in reply to Felix Geiringer,

    And re: Cactus Kate – https://www.lawsociety.org.nz/for-the-community/search-register-of-lawyers/lawyer-details?pi=MjQwMTE=

    Thanks Felix. I see I was looking in the For Lawyers section, rather than the Community section (The website could do with a UI review. My rates are only mildly larcenous ;-) ) My bad.

    From this, I take it that she is then subject to the rules of the NZLS as to appropriate behaviour as exemplified on the Complaints and Discipline page?

    Waikanae • Since Nov 2006 • 2812 posts Report Reply

  • tussock,

    I would assume conspiracy laws in NZ are not as stupid as they are in (some small parts of) the USA, with that first step nonsense. I seem to recall a conspiracy to kidnap that was questionable even after finding the prepared room to hold the victim in, despite the near-fitting, underground room essentially being a coffin-in-waiting if anything went wrong.

    Here it seems you can try to show a reasonable doubt that the crime would've happened. As Slater and co. talk great volumes of borderline criminal shit on a daily basis, but are actually just sad little internet trolls (takes one to know one), that would provide some doubt.

    Since Nov 2006 • 587 posts Report Reply

  • nzlemming, in reply to tussock,

    Here it seems you can try to show a reasonable doubt that the crime would’ve happened. As Slater and co. talk great volumes of borderline criminal shit on a daily basis, but are actually just sad little internet trolls (takes one to know one), that would provide some doubt.

    True, but some professions are bound by their codes of conduct as tightly as any law, and they have special responsibilities because of their professions. For example, an accountant on a school's Board of Trustees can be found to be liable for someone tampering with the accounts even if he/she is not the Treasurer simply because of their professional training and standing.

    IANAL, but if Nicky Hager can produce a verifiable email from Odgers even threatening some form of law-breaking, that's a pretty solid breach as an officer of the NZ courts, even if she plies her trade from Hong Kong, simply because she holds an NZ practising certificate, at least as I understand the law. Felix? Graeme? Can you clarify?

    Waikanae • Since Nov 2006 • 2812 posts Report Reply

  • Keir Leslie,

    In my post above, A (Williams) should be A (Lusk) --- I had my disgusting characters confused.

    Since Jul 2008 • 1452 posts Report Reply

First ←Older Page 1 2 3 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.