Speaker by Various Artists

Read Post

Speaker: Confidential information: the legal rights and wrongs

51 Responses

First ←Older Page 1 2 3 Newer→ Last

  • Rich of Observationz, in reply to Nigel McNie,

    A court case around this would either result in sanity in interpretation, or a new bill under urgency

    It's not that easy, and good law seldom results from measures passed under urgency.

    Do we want to criminalise deep linking? Or scraping? Or bypassing a front-end to download an image? Or some other non-standard use of software to access information on a web server?

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

  • Nigel McNie, in reply to Rich of Observationz,

    The "under urgency" wouldn't be great, I agree. More a response to the field day that could open up if a judge interprets the existing law in a foolish way.

    All I'm hoping for is that the law is clarified or changed such that it gives sensible results in cases that we techies understand. As in, "Labour made their website available therefore anything else I deliberately look for on there is fair game" becomes illegal, as would some of the other cases outlined by several of the earlier commenters.

    Maybe the law is good enough now, maybe it'll be clarified in a sane way by a judge later, or maybe we'll need to pass something new. Good law is all I want.

    New Zealand • Since Oct 2012 • 15 posts Report Reply

  • Ian Dalziel,

    allegedly farrars ...
    that’s a misdirection...

    a veritable farrago

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • Andre Alessi, in reply to ,

    Could we call what Hager and his source did, whistle blowing. And are there legal protections for that yet?

    The Protected Disclosures Act specifically applies only to employees.

    On a different note, I assume the situation we're in at the moment suggests Slater hasn't identified the perpetrators of the DDoS attack yet? Given that he must have lost some ad revenue due to the attack, I'd have thought identifying and prosecuting those folks would be a priority.

    Devonport, New Zealand • Since Nov 2006 • 864 posts Report Reply

  • Ian Dalziel, in reply to ,

    Cat burglary

    purr loined...

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • richdesign, in reply to Nigel McNie,

    That law would probably be better addressed from the point of view of the user, rather than a tech networking perspective. With everything so virtual and connected, where do you start and end the system. Section 252 was written in 2003 back when computers were still relatively contained to just computers and IT functions. Now the internet is everywhere and has penetrated all aspects of everyday public life, so spatial analogies are probably most suitable.

    Physically and virtually, there are public spaces of any organisation and they are quite obvious. Sure, you may accidentally walk into the stock room of a store and not realise, if the store is messy, and a broken link on a page may take you somewhere inside the workings of a web page. If you leave immediately, no harm done, but if you start poking around in a customer order book in the store or customer contact list online you've clearly stepped over a boundary into a private domain. It doesn't matter whether the server is in a box in head office, or spread around 50 computers God-knows-where in the cloud, if it doesn't look public, you shouldn't be there.

    Since Aug 2014 • 2 posts Report Reply

  • Russell Brown, in reply to Bart Janssen,

    Of course it doesn’t stop the people doing those things being absolute twatcocks even if what they do can be defended by a lawyer.

    I think this is really the point. It might be successfully argued that it's not actually illegal. But was it ethical or appropriate behaviour for someone being paid by the taxpayer?

    Auckland • Since Nov 2006 • 22850 posts Report Reply

  • Sacha, in reply to Brent Jackson,

    The fact that Ede and Slater exchanged messages expressing concern at being caught, is fairly strong evidence that they knew that they had accessed the data without authorisation.

    Quite.

    Ak • Since May 2008 • 19745 posts Report Reply

  • Steve Barnes,

    Regardless of the legal rights or wrongs of this there is the fact that these are the people who make those laws and change them when they find them inconvenient.
    When they change a law that affects our privacy, ie GCSB and their cohorts having access to our "metadata" a cute term if ever I heard one, they tell us that we have nothing to fear if we have done nothing wrong.
    So, right to privacy? I think that if you are supposed to be representing the people then you have made yourself public, at lest your correspondence in relation to your position should be a matter of public record . You should have nothing to hide and if you do then it is the job of the likes of Hager to expose your duplicity.
    QED.

    Peria • Since Dec 2006 • 5521 posts Report Reply

  • SteveH, in reply to Graeme Edgeler,

    If Cameron, and you and I have authorisation to access the server that hosts labour.org.nz for the purpose of viewing the Labour Party’s website, then is there any basis on which section 252(2) doesn’t come into play if once we access the server, we do things that it was not intended we should do?

    Your interpretation may be correct, but if it is then that law is nearly useless. It implies that the hacking of Slater’s emails would be legal if it were done through his website since everyone is authorised to access the server that hosts the website, hacking his Facebook account would be legal since anyone with a FB account is authorised to access the FB servers (though if they took over the account I assume it would be illegal under section 249).

    ETA: should have read the rest of the thread. Call this a +1 for the other 3 or 4 posts that expressed the same point.

    Since Sep 2009 • 444 posts Report Reply

  • SteveH, in reply to Rich of Observationz,

    Do we want to criminalise deep linking? Or scraping? Or bypassing a front-end to download an image? Or some other non-standard use of software to access information on a web server?

    I don't think there is anything in the law as it is written that supports any of those interpretations: currently if you are giving someone authorisation to access and image or a page then they can access it via any method or route they can find. To criminalise the above you'd need to redefine "authorisation" and I don't think anyone is suggesting the current definition is problematic. But I think there is scope to define "computer system" more narrowly.

    Since Sep 2009 • 444 posts Report Reply

  • TracyMac, in reply to SteveH,

    I agree. The lawyers may not be au fait with the ins and outs of server security controls, but the analogies of leaving doors unlocked are pretty apposite.

    We can handwave as much as we like about deep linking and image scraping, but it is patently obvious when those parts of a site are linked through from the publicly-published part of the site.

    Opportunistically looking for \docs or \mbx folders is not the same. There is a pretty well-known issue with using phpadmin to manage MySql databases without adequate security. When I ran the applicable Google query and found a significant number of sites at the ANU in Australia affected (not just website content in some of the databases, but personal details from registered users), I didn't delete, interfere with, or copy the data. Or actually look very far. I emailed the various university departments to alert them of the issue. (And received not a single reply, but at least I tried.)

    I do agree with the main thrust of the piece about the ethical differences between Hager and the Labour Party web hack. Also, as has been pointed out elsewhere, the Whaleoil hack could have been as simple as guessing a password to a multi-role server. I have web hosting, and I keep documents, a website, and all kinds of crap on it.

    However, I still think I'd rather know how Hager'sdata was obtained. It could have been leaked by a participant in the conversations (admittedly unlikely). It could have been an Anonymous-type person or group of people trying to get at Slater. It could have been someone hired to maintain the website, web-hosting, or someone otherwise involved with him professionally (if the latter, even hinting at it could lead into trouble).

    While I am pleased this wanker is getting his comeuppance of sorts, as an IT professional, the possibility of someone compromising their professional integrity, or, some vandal trying to compromise systems, does bug me. Their actions are no different to what we are bitching about in relation to the Labour Party hack. Maybe I'd feel happier if I knew it was an anonymous whistle-blower from the inside.

    Canberra, West Island • Since Nov 2006 • 701 posts Report Reply

  • Steve Curtis, in reply to Bart Janssen,

    So I presume Cathy Ogders is a member of the professional society of Lawyers.

    Not so. A quick check of the NZ Law Society members gives no result for the Odgers name.

    This is not surprising as she seems to operate mainly out of Hong Kong. But lately has spent more time in NZ.

    The other place to check is the roll of Barristers and Solicitors, which is those legally able to ply their trade as lawyers. This doesnt seem to be easy to find.

    Auckland • Since Nov 2006 • 314 posts Report Reply

  • nzlemming, in reply to Steve Curtis,

    Not so. A quick check of the NZ Law Society members gives no result for the Odgers name.

    On the NZLS registry page for applicants there is this curious entry

    ODGERS Aileen Marie, formerly RODGERS Aileen Marie, formerly POW Aileen Marie, formerly MUNRO Aileen Marie

    No idea if it's any relation or even a connection. Although the website says it's required to keep a public registry accessible from the website, it requires a logon and password. I've asked for one ;-)

    Waikanae • Since Nov 2006 • 2937 posts Report Reply

  • Felix Geiringer,

    Something I have not yet seen discussed in relation to Dirty Politics' revelations, but which certainly needs some careful consideration in relation to the alleged actions of Judith Collins and those in the PM's office, is this:
    Crimes Act 1961, s 105A - Corrupt use of official information
    "Every official is liable to imprisonment for a term not exceeding 7 years who, whether within New Zealand or elsewhere, corruptly uses or discloses any information, acquired by him or her in his or her official capacity, to obtain, directly or indirectly, an advantage or a pecuniary gain for himself or herself or any other person."

    New Zealand • Since Aug 2014 • 35 posts Report Reply

  • Felix Geiringer,

    New Zealand • Since Aug 2014 • 35 posts Report Reply

  • Keir Leslie,

    Here's a fun one. A & B discuss blackmailing C, with the goal of making C act in a certain manner. (A is employed by a rival to C.) They identify the way in which they would carry out this blackmail: they would publish vague and threatening intimations of things to come, and then tell C that these threats would be carried out if C fails to act in the desired manner. (This pattern, of trailing threats then carrying them out is one that B has used prior and will use in future.)

    B then publish those vague and threatening statements, but C pre-empts the need for A & B to tell C about this blackmail by acting as they wish anyway.

    This, I think, is the most generous interpretation of Williams (A) and Slater (B) actions as documented in their emails and on WhaleOil --- that is, they formulated a plan to blackmail Hide (C), but never put it into action because Hide pulled the pin anyway. Have they committed an offence? Because it seems like there's a case there for attempt or conspiracy --- sure, they never carried it through, but they planned & discussed it, and they took a key concrete step towards the commission of the offence.

    Since Jul 2008 • 1452 posts Report Reply

  • nzlemming, in reply to Felix Geiringer,

    And re: Cactus Kate – https://www.lawsociety.org.nz/for-the-community/search-register-of-lawyers/lawyer-details?pi=MjQwMTE=

    Thanks Felix. I see I was looking in the For Lawyers section, rather than the Community section (The website could do with a UI review. My rates are only mildly larcenous ;-) ) My bad.

    From this, I take it that she is then subject to the rules of the NZLS as to appropriate behaviour as exemplified on the Complaints and Discipline page?

    Waikanae • Since Nov 2006 • 2937 posts Report Reply

  • tussock,

    I would assume conspiracy laws in NZ are not as stupid as they are in (some small parts of) the USA, with that first step nonsense. I seem to recall a conspiracy to kidnap that was questionable even after finding the prepared room to hold the victim in, despite the near-fitting, underground room essentially being a coffin-in-waiting if anything went wrong.

    Here it seems you can try to show a reasonable doubt that the crime would've happened. As Slater and co. talk great volumes of borderline criminal shit on a daily basis, but are actually just sad little internet trolls (takes one to know one), that would provide some doubt.

    Since Nov 2006 • 611 posts Report Reply

  • nzlemming, in reply to tussock,

    Here it seems you can try to show a reasonable doubt that the crime would’ve happened. As Slater and co. talk great volumes of borderline criminal shit on a daily basis, but are actually just sad little internet trolls (takes one to know one), that would provide some doubt.

    True, but some professions are bound by their codes of conduct as tightly as any law, and they have special responsibilities because of their professions. For example, an accountant on a school's Board of Trustees can be found to be liable for someone tampering with the accounts even if he/she is not the Treasurer simply because of their professional training and standing.

    IANAL, but if Nicky Hager can produce a verifiable email from Odgers even threatening some form of law-breaking, that's a pretty solid breach as an officer of the NZ courts, even if she plies her trade from Hong Kong, simply because she holds an NZ practising certificate, at least as I understand the law. Felix? Graeme? Can you clarify?

    Waikanae • Since Nov 2006 • 2937 posts Report Reply

  • Keir Leslie,

    In my post above, A (Williams) should be A (Lusk) --- I had my disgusting characters confused.

    Since Jul 2008 • 1452 posts Report Reply

  • Felix Geiringer,

    Jordan Williams was a lawyer. When did he hand in his practising certificate? Was it before or after he is alleged to have conspired to blackmail someone? The book suggests that Mr Williams did a number of other things that I would have thought ought to be of concern to the NZLS if he was still a lawyer when he did them - or if he ever wants to become a lawyer again.

    And then there is this:
    https://www.lawsociety.org.nz/for-the-community/search-register-of-lawyers/lawyer-details?pi=MTY0Mzc=

    New Zealand • Since Aug 2014 • 35 posts Report Reply

  • Bart Janssen, in reply to Keir Leslie,

    but some professions are bound by their codes of conduct as tightly as any law,

    From memory there are actually only two remaining professional societies, as they were originally created. They were given special rights from the Crown to adjudicate their own membership. Providing they met certain standards they would be exempt form some legal processes and instead discipline their own members and administer their members right to practice their profession.

    The legal profession and the medical profession are the two remaining.

    The common usage of the term indicates some sort of educational standard but grants no special legal rights. Hence real estate professional can be anything but in their behaviour with no real consequence, by contrast, legal and medical professionals really do have standards they must meet or they cannot practice.

    Auckland • Since Nov 2006 • 4461 posts Report Reply

  • Matthew Poole, in reply to Bart Janssen,

    real estate professional can be anything but in their behaviour with no real consequence

    You're speaking, I presume, of their behaviour other than as it relates to their practice of their profession? Because the consequences for misbehaviour in the carrying on of their profession very definitely extend to losing their licence; and look at what doctors get away with professionally without loss of licence before you suggest that it's only real estate professionals that are only notionally at risk of such punishment.

    Auckland • Since Mar 2007 • 4097 posts Report Reply

  • pneumeric,

    It strikes me that maybe section 249 of the crimes act is possibly relevant to this incident if 252 is not.

    249Accessing computer system for dishonest purpose
    (1)Every one is liable to imprisonment for a term not exceeding 7 years who, directly or indirectly, accesses any computer system and thereby, dishonestly or by deception, and without claim of right,—
    (a)obtains any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
    (b)causes loss to any other person.
    (2)Every one is liable to imprisonment for a term not exceeding 5 years who, directly or indirectly, accesses any computer system with intent, dishonestly or by deception, and without claim of right,—
    (a)to obtain any property, privilege, service, pecuniary advantage, benefit, or valuable consideration; or
    (b)to cause loss to any other person.
    (3)In this section, deception has the same meaning as in section 240(2).

    Wellington • Since Jul 2010 • 8 posts Report Reply

First ←Older Page 1 2 3 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.