Speaker: Confidential information: the legal rights and wrongs
51 Responses
First ←Older Page 1 2 3 Newer→ Last
-
Rich of Observationz, in reply to
A court case around this would either result in sanity in interpretation, or a new bill under urgency
It's not that easy, and good law seldom results from measures passed under urgency.
Do we want to criminalise deep linking? Or scraping? Or bypassing a front-end to download an image? Or some other non-standard use of software to access information on a web server?
-
Nigel McNie, in reply to
The "under urgency" wouldn't be great, I agree. More a response to the field day that could open up if a judge interprets the existing law in a foolish way.
All I'm hoping for is that the law is clarified or changed such that it gives sensible results in cases that we techies understand. As in, "Labour made their website available therefore anything else I deliberately look for on there is fair game" becomes illegal, as would some of the other cases outlined by several of the earlier commenters.
Maybe the law is good enough now, maybe it'll be clarified in a sane way by a judge later, or maybe we'll need to pass something new. Good law is all I want.
-
allegedly farrars ...
that’s a misdirection...a veritable farrago
-
Andre Alessi, in reply to
Could we call what Hager and his source did, whistle blowing. And are there legal protections for that yet?
The Protected Disclosures Act specifically applies only to employees.
On a different note, I assume the situation we're in at the moment suggests Slater hasn't identified the perpetrators of the DDoS attack yet? Given that he must have lost some ad revenue due to the attack, I'd have thought identifying and prosecuting those folks would be a priority.
-
Ian Dalziel, in reply to
Cat burglary
purr loined...
-
richdesign, in reply to
That law would probably be better addressed from the point of view of the user, rather than a tech networking perspective. With everything so virtual and connected, where do you start and end the system. Section 252 was written in 2003 back when computers were still relatively contained to just computers and IT functions. Now the internet is everywhere and has penetrated all aspects of everyday public life, so spatial analogies are probably most suitable.
Physically and virtually, there are public spaces of any organisation and they are quite obvious. Sure, you may accidentally walk into the stock room of a store and not realise, if the store is messy, and a broken link on a page may take you somewhere inside the workings of a web page. If you leave immediately, no harm done, but if you start poking around in a customer order book in the store or customer contact list online you've clearly stepped over a boundary into a private domain. It doesn't matter whether the server is in a box in head office, or spread around 50 computers God-knows-where in the cloud, if it doesn't look public, you shouldn't be there.
-
Russell Brown, in reply to
Of course it doesn’t stop the people doing those things being absolute twatcocks even if what they do can be defended by a lawyer.
I think this is really the point. It might be successfully argued that it's not actually illegal. But was it ethical or appropriate behaviour for someone being paid by the taxpayer?
-
Sacha, in reply to
The fact that Ede and Slater exchanged messages expressing concern at being caught, is fairly strong evidence that they knew that they had accessed the data without authorisation.
Quite.
-
Regardless of the legal rights or wrongs of this there is the fact that these are the people who make those laws and change them when they find them inconvenient.
When they change a law that affects our privacy, ie GCSB and their cohorts having access to our "metadata" a cute term if ever I heard one, they tell us that we have nothing to fear if we have done nothing wrong.
So, right to privacy? I think that if you are supposed to be representing the people then you have made yourself public, at lest your correspondence in relation to your position should be a matter of public record . You should have nothing to hide and if you do then it is the job of the likes of Hager to expose your duplicity.
QED. -
SteveH, in reply to
If Cameron, and you and I have authorisation to access the server that hosts labour.org.nz for the purpose of viewing the Labour Party’s website, then is there any basis on which section 252(2) doesn’t come into play if once we access the server, we do things that it was not intended we should do?
Your interpretation may be correct, but if it is then that law is nearly useless. It implies that the hacking of Slater’s emails would be legal if it were done through his website since everyone is authorised to access the server that hosts the website, hacking his Facebook account would be legal since anyone with a FB account is authorised to access the FB servers (though if they took over the account I assume it would be illegal under section 249).
ETA: should have read the rest of the thread. Call this a +1 for the other 3 or 4 posts that expressed the same point.
-
SteveH, in reply to
Do we want to criminalise deep linking? Or scraping? Or bypassing a front-end to download an image? Or some other non-standard use of software to access information on a web server?
I don't think there is anything in the law as it is written that supports any of those interpretations: currently if you are giving someone authorisation to access and image or a page then they can access it via any method or route they can find. To criminalise the above you'd need to redefine "authorisation" and I don't think anyone is suggesting the current definition is problematic. But I think there is scope to define "computer system" more narrowly.
-
TracyMac, in reply to
I agree. The lawyers may not be au fait with the ins and outs of server security controls, but the analogies of leaving doors unlocked are pretty apposite.
We can handwave as much as we like about deep linking and image scraping, but it is patently obvious when those parts of a site are linked through from the publicly-published part of the site.
Opportunistically looking for \docs or \mbx folders is not the same. There is a pretty well-known issue with using phpadmin to manage MySql databases without adequate security. When I ran the applicable Google query and found a significant number of sites at the ANU in Australia affected (not just website content in some of the databases, but personal details from registered users), I didn't delete, interfere with, or copy the data. Or actually look very far. I emailed the various university departments to alert them of the issue. (And received not a single reply, but at least I tried.)
I do agree with the main thrust of the piece about the ethical differences between Hager and the Labour Party web hack. Also, as has been pointed out elsewhere, the Whaleoil hack could have been as simple as guessing a password to a multi-role server. I have web hosting, and I keep documents, a website, and all kinds of crap on it.
However, I still think I'd rather know how Hager'sdata was obtained. It could have been leaked by a participant in the conversations (admittedly unlikely). It could have been an Anonymous-type person or group of people trying to get at Slater. It could have been someone hired to maintain the website, web-hosting, or someone otherwise involved with him professionally (if the latter, even hinting at it could lead into trouble).
While I am pleased this wanker is getting his comeuppance of sorts, as an IT professional, the possibility of someone compromising their professional integrity, or, some vandal trying to compromise systems, does bug me. Their actions are no different to what we are bitching about in relation to the Labour Party hack. Maybe I'd feel happier if I knew it was an anonymous whistle-blower from the inside.
-
Steve Curtis, in reply to
So I presume Cathy Ogders is a member of the professional society of Lawyers.
Not so. A quick check of the NZ Law Society members gives no result for the Odgers name.
This is not surprising as she seems to operate mainly out of Hong Kong. But lately has spent more time in NZ.
The other place to check is the roll of Barristers and Solicitors, which is those legally able to ply their trade as lawyers. This doesnt seem to be easy to find.
-
nzlemming, in reply to
Not so. A quick check of the NZ Law Society members gives no result for the Odgers name.
On the NZLS registry page for applicants there is this curious entry
ODGERS Aileen Marie, formerly RODGERS Aileen Marie, formerly POW Aileen Marie, formerly MUNRO Aileen Marie
No idea if it's any relation or even a connection. Although the website says it's required to keep a public registry accessible from the website, it requires a logon and password. I've asked for one ;-)
-
Something I have not yet seen discussed in relation to Dirty Politics' revelations, but which certainly needs some careful consideration in relation to the alleged actions of Judith Collins and those in the PM's office, is this:
Crimes Act 1961, s 105A - Corrupt use of official information
"Every official is liable to imprisonment for a term not exceeding 7 years who, whether within New Zealand or elsewhere, corruptly uses or discloses any information, acquired by him or her in his or her official capacity, to obtain, directly or indirectly, an advantage or a pecuniary gain for himself or herself or any other person." -
-
Here's a fun one. A & B discuss blackmailing C, with the goal of making C act in a certain manner. (A is employed by a rival to C.) They identify the way in which they would carry out this blackmail: they would publish vague and threatening intimations of things to come, and then tell C that these threats would be carried out if C fails to act in the desired manner. (This pattern, of trailing threats then carrying them out is one that B has used prior and will use in future.)
B then publish those vague and threatening statements, but C pre-empts the need for A & B to tell C about this blackmail by acting as they wish anyway.
This, I think, is the most generous interpretation of Williams (A) and Slater (B) actions as documented in their emails and on WhaleOil --- that is, they formulated a plan to blackmail Hide (C), but never put it into action because Hide pulled the pin anyway. Have they committed an offence? Because it seems like there's a case there for attempt or conspiracy --- sure, they never carried it through, but they planned & discussed it, and they took a key concrete step towards the commission of the offence.
-
nzlemming, in reply to
And re: Cactus Kate – https://www.lawsociety.org.nz/for-the-community/search-register-of-lawyers/lawyer-details?pi=MjQwMTE=
Thanks Felix. I see I was looking in the For Lawyers section, rather than the Community section (The website could do with a UI review. My rates are only mildly larcenous ;-) ) My bad.
From this, I take it that she is then subject to the rules of the NZLS as to appropriate behaviour as exemplified on the Complaints and Discipline page?
-
I would assume conspiracy laws in NZ are not as stupid as they are in (some small parts of) the USA, with that first step nonsense. I seem to recall a conspiracy to kidnap that was questionable even after finding the prepared room to hold the victim in, despite the near-fitting, underground room essentially being a coffin-in-waiting if anything went wrong.
Here it seems you can try to show a reasonable doubt that the crime would've happened. As Slater and co. talk great volumes of borderline criminal shit on a daily basis, but are actually just sad little internet trolls (takes one to know one), that would provide some doubt.
-
nzlemming, in reply to
Here it seems you can try to show a reasonable doubt that the crime would’ve happened. As Slater and co. talk great volumes of borderline criminal shit on a daily basis, but are actually just sad little internet trolls (takes one to know one), that would provide some doubt.
True, but some professions are bound by their codes of conduct as tightly as any law, and they have special responsibilities because of their professions. For example, an accountant on a school's Board of Trustees can be found to be liable for someone tampering with the accounts even if he/she is not the Treasurer simply because of their professional training and standing.
IANAL, but if Nicky Hager can produce a verifiable email from Odgers even threatening some form of law-breaking, that's a pretty solid breach as an officer of the NZ courts, even if she plies her trade from Hong Kong, simply because she holds an NZ practising certificate, at least as I understand the law. Felix? Graeme? Can you clarify?
-
In my post above, A (Williams) should be A (Lusk) --- I had my disgusting characters confused.
-
Jordan Williams was a lawyer. When did he hand in his practising certificate? Was it before or after he is alleged to have conspired to blackmail someone? The book suggests that Mr Williams did a number of other things that I would have thought ought to be of concern to the NZLS if he was still a lawyer when he did them - or if he ever wants to become a lawyer again.
And then there is this:
https://www.lawsociety.org.nz/for-the-community/search-register-of-lawyers/lawyer-details?pi=MTY0Mzc= -
Bart Janssen, in reply to
but some professions are bound by their codes of conduct as tightly as any law,
From memory there are actually only two remaining professional societies, as they were originally created. They were given special rights from the Crown to adjudicate their own membership. Providing they met certain standards they would be exempt form some legal processes and instead discipline their own members and administer their members right to practice their profession.
The legal profession and the medical profession are the two remaining.
The common usage of the term indicates some sort of educational standard but grants no special legal rights. Hence real estate professional can be anything but in their behaviour with no real consequence, by contrast, legal and medical professionals really do have standards they must meet or they cannot practice.
-
Matthew Poole, in reply to
real estate professional can be anything but in their behaviour with no real consequence
You're speaking, I presume, of their behaviour other than as it relates to their practice of their profession? Because the consequences for misbehaviour in the carrying on of their profession very definitely extend to losing their licence; and look at what doctors get away with professionally without loss of licence before you suggest that it's only real estate professionals that are only notionally at risk of such punishment.
-
It strikes me that maybe section 249 of the crimes act is possibly relevant to this incident if 252 is not.
249Accessing computer system for dishonest purpose
(1)Every one is liable to imprisonment for a term not exceeding 7 years who, directly or indirectly, accesses any computer system and thereby, dishonestly or by deception, and without claim of right,—
(a)obtains any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
(b)causes loss to any other person.
(2)Every one is liable to imprisonment for a term not exceeding 5 years who, directly or indirectly, accesses any computer system with intent, dishonestly or by deception, and without claim of right,—
(a)to obtain any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
(b)to cause loss to any other person.
(3)In this section, deception has the same meaning as in section 240(2).
Post your response…
This topic is closed.