... as long as the public interest in the emails outweighs the competing rights of those who wrote them.
That's not quite right. There is public interest also in maintaining confidences. It's that balance which is important -- see ANZ v Blum:
A distinction must be drawn between what is in the public interest and what is interesting to the public. The defence of public interest will not depend solely on proof that the information disclosed misconduct on the part of the plaintiff. The Court has to weigh the competing issues of public interest in maintaining the secrecy of confidential information and in being informed on matters which are of real public concern. The disclosure of confidential information on this basis demands more than a claim that it is in the public interest that the truth be told.
8gigs of letters the correspondents expected to remain private. All about politicians and fringe operators. 6 weeks before an election. Of course the public will be interested. Not sure about real public concern. Some people get really concerned really quickly over normal behaviour these days.
As far as I remember, Labour's information was only available due to a combination of oversight and misconfiguration of their servers (allowing access to data they should have denied, or data that should have been stored elsewhere entirely).
It's extremely likely that not even Labour wanted to be able to access the information in the manner that it was by WhaleOil (they would have other, authorised ways to get at it, such as legitimate login/ftp accounts on the server). More likely, they simply didn't realise it could be accessed that way, and if someone would have told them, they would have removed that avenue of access.
Perhaps an analogy would be leaving your door unlocked. If someone thinks to try the door and finds it unlocked, then lifts your mail from where you left it inside the door, is it still unauthorised? My intuition says yes - they're obviously tresspassing, and haven't been authorised to do so - but I don't know how well this analogy carries into the law around hacking.
So I presume Cathy Ogders is a member of the professional society of Lawyers.
If that's true do you think it is possible that the professional society might question her about an e-mail which appears to show her attempting to incite violence towards Hager?
If I go to a public space, say a store or a museum, and someone tips me off that the door to their records room has a faulty lock, and I then take advantage of that to help myself to a bit of a look through their records, it would be a fair stretch to suggest that that was authorised access to a public space. The same would apply even if the door were left ajar accidentally - despite being able to access the room, it would be very clear that it was a private space.
Surely the same must apply in the virtual world to a public website: it would become obvious very quickly that records in the back end of the website aren't intended for public access, even if inadvertently accessible.
Just because a door is unlocked - physically or virtually - that doesn't entitle anyone to go through it.
Maybe labour left the door ajar but the other team seems to have come in like tom cruise in mission impossible while grabbing slaters, (allegedly farrars), info
Accessing a computer without authorisation is a crime under section 252 of the Crimes Act 1961. It says:
I've been going back and forth on this since the release. My current position (of many shifting ones) is that it's subsection (2) that is important in determining whether the offence was committed, but it is difficult to see how far that would go.
Subsection 2 says:
To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access.
The question then is: does Cameron Slater have authority to access the server that hosts the Labour Party website? Well, it's a publicly available website, that they put up there so that people can go to their website and download stuff from that server into their cache to read on their browsers. If Cameron doesn't have authority (because, for example, it's not express authority), I don't see how any of us can lawfully look at it.
If Cameron, and you and I have authorisation to access the server that hosts labour.org.nz for the purpose of viewing the Labour Party's website, then is there any basis on which section 252(2) doesn't come into play if once we access the server, we do things that it was not intended we should do?
Obviously, if once there, those unauthorised things we are doing on that computer system (which we are authorised to access for other purposes), we do things for other reasons, eg to cause damage to the site, or to do something dishonest etc. other computer crimes may arise (such as section 249, or section 250). These offences can be committed on computer systems you have been authorised to access, because they don't include something equivalent to section 252(2), but there has been no suggestion to date that Cameron Slater or Jason Ede (or anyone else) accessed the Labour server in a way which might give rise to an offence under s 249 or s 250.
There may still be privacy issues, but I'm tending to the view that what has been alleged is not a breach of section 252, because of subsection 2. I think we all have authorisation to access the computer system which operates as the server hosting the Labour Party website.
I'd include those factors within the phrase "the competing rights of those who wrote them". You're right that the societal importance of having confidences respected has been specifically acknowledged by the courts (that point comes through strongly in English cases like Prince of Wales v Associated Newspapers too) but the results in the cases invariably turns on the perceived importance of the facts which have been disclosed.
Graeme, I don't think you are right about s 252(2). You have to go back to s 248(b). A computer system is defined to include any part of a computer system. That means you can commit the offence in s 252(1) in relation to part of a computer system. The question in s 252(2) becomes whether you were authorised to access that part.
I believe that this is the only interpretation that makes any sense. Under the interpretation you set out, for example, anyone with a Google account could hack into anyone else's Google account with impunity, as long as they were both on the same server.
Graeme, there’s “access” and then there’s “access”.
Reading advertising in a shop window and someone’s PIN number over their shoulder are not the same thing, and reading blog posts is not the same as downloading archived backups.
Would you feel confident in your lack of legal culpability doing the latter? I think *most* of us would know they were doing the wrong thing.
Analogy I know, but there are various ways of "accessing" computers - and whether they are legitimate or not may not be a question of technical implementation as much as knowingly doing wrong. (It's legal for me to pick my own locks, but not yours.)
The question then is: does Cameron Slater have authority to access the server that hosts the Labour Party website?
A computer system 248(b) "includes any part of the items described in paragraph (a) and all related input, output, processing, storage, software, or communication facilities, and stored data."
So authorised to access the webserver shouldn't be enough.
That would also imply that (provided I didn't actually steal any money) that I could hack my way into http://anz.co.nz/personal/ without fear of prosecution, because I've got implied authorisation to access the front page and so on.
(As Felix said, as well)
I'd agree, it's a tricky area - one view would say that ignoring robots.txt (the file that controls where web crawlers should go) is illegal access. Another would say that the computer has been configured by the the owner with a set of rules as to who can gain access - hence if the computer doesn't stop you, it isn't illegal.
I was part of the InternetNZ working group on their submission to the SOP which inserted the authorisation clauses you mention here.
We were very concerned about section 2's vague meaning, and seemed to be completely contrary to any abiliity to enforce the crime being described. As you've noted, it would seem to allow absolutely any other purpose no matter how much of a violation that is merely because some part of a system a person was authorised to use.
The Select Committee chose not to remove it (and I can't even find an acknowledgement of the point in their report), and that's where we are now.
(The full text of InternetNZ's submission is here: http://old.internetnz.net.nz/issues/submissions/archive/older/iswg010209submsm_crimes-amend-bill-6.html .. see Item 4).
A court case around this would either result in sanity in interpretation, or a new bill under urgency. Maybe they'd listen to the experts this time. Bring it on.
Do you want to play a game...?
Its success might depend, for example, on how easily Slater and Ede got hold of the information...
...how about the cat walks on the keyboard, hitting some unlikely key combination, and 'hidden' page(s) or functions appear?
<This has happened to me!>
This is to all intents and purposes
a serendipitous 'discovery' by Hager,
forced into whistleblower territory really...
You can't 'unknow' something...
Once the lid comes off a Pandora's Box
there is no containing it again.
The Cassandras warned us...
We never learn, it seems...
wake up Kiwis,
or we all through!*
* (apologies to The Last Poets)
"Cat walks on keyboard, hitting unlikely combination"
Isn't that how Bruce Wayne's cat found the bat cave? Wonder if Nicky Hagar could break name suppression ruling because someone leaked name to him and he considered it a matter of public concern.
Wow that's some tortured logic there.
So, since ALL computer systems on the internet are connected that means I can legally access any computer system on the internet because I am authorised to access this computer system that I'm on.
I don't doubt your logical thinking as a lawyer but if that's the case then, in this case, the law is a ass.
Of course it doesn't stop the people doing those things being absolute twatcocks even if what they do can be defended by a lawyer.
The fact that Ede and Slater exchanged messages expressing concern at being caught, is fairly strong evidence that they knew that they had accessed the data without authorisation. I hope they are prosecuted for it.
Is the publication of the contents of the "cup of tea" tapes i.e. discussion between Key and Banks, justified on the same basis?
How could the publication of this material be justified legally?
A better analogy would be a half-open door without any signage. Many websites have hidden actions that aren't visible until some blank area is clicked, and it would be very hard to prove a naive clicker knew they were wandering into forbidden territory.
But Ede was clearly worried people would figure out what he was doing, There’s no naive clickers here, there’s paid professionals snooping and talking about evading security measures. The question of proof in the case of the naive clicker simply isn’t that relevant here.
Access All Areas
So, since ALL computer systems on the internet are connected that means I can legally access any computer system on the internet because I am authorised to access this computer system that I’m on.
It's better than that!
Everything is Energy,
all one (system)...
Many websites have hidden actions that aren’t visible until some blank area is clicked.
(sorry, hackers misattributed my reply)
Not better at all. The content could not be found by clicking. The content could be found by deliberately looking for it by trying various requests (aka: "what happens if we go to labour.org.nz/backups?), but there's no way that content was overtly linked from on their website, and no way they intended for it to be accessed by the public in that fashion.
I believe we've sufficiently established that's a misdirection on his part. see other thread.