Labour Leaks – Round up

Even in jurisdictions where competent officials operate, unlike the Labour Party who have demonstrated ineptitude of immense proportions, they have ptretty much given up on trying to stop leaks. You simply can’t.

Suffice it to say, there are several ways to read the government’s decision to back down. One is that it is extremely difficult to prosecute leakers of classified information.  Another is that the demise of the Drake case suggests the government may be spinning its wheels. That, in turn, implies that the main argument against such prosecutions –- that it chills speech and discourages whistleblowers — may not be very strong.

In fact, the opposite might be true, at least in the national-security realm.

Though the less-painful penalties for being caught – shame, loss of a security clearance, suspension – might deter some would-be leakers, whistleblowers tend to get away with it. The law is not straightforward, and when you combine it with perverse incentives inside the intelligence community and with a cannon of decisions (forrmal and informal) that defer to the prerogatives of major news entities, it tends to provide a measure of protection.

That’s not to say that the government isn’t trying. They just aren’t very good at it. One strategy has been to try to test the notion that journalists can be prosecuted for disclosing classified information under the Espionage Act, which criminalizes the disclosure of sensitive communications or intelligence sources, methods, and ciphers by anyone to anyone.   (In theory, the government could sue to stop publication, but the Nixon administration chose a stupid case – the Pentagon Papers – to test this principle with the Supreme Court; it lost, thereby giving publishers wide latitude.)

The George W. Bush and Obama Justice Departments have said, yes, absolutely, reporters can be held liable for publishing classified information. A task force of the smartest minds in government is trying to figure out if there is any way to punish WikiLeaks founder Julian Assange. Privately, the Justice Department can’t figure out a formal way to distinguish Assange from The New York Times, unless it can prove that he helped procure the information.

You especially can’t stop leaks when you don’t even have basic security in place. Labour didn’t even invest in a simple index.html file or even a simpler robots.txt.

The Southland Times Editorial has finally grasped what tis who issue is about. Labour were caught pantsdown but at the same time have also been outed as abusing the Parliamentary Services budget to benefit the labour party.

Editorial: Privacy with the door open

Bad enough that Labour now stands exposed as a breathtakingly inept guardian of confidential information supplied by its donor supporters.

But could the party at least spare us any attempt to disguise its red face as reflecting legitimate indignation rather than humiliation?

That material, and what may prove some discomforting internal memos as well, are now in the clammy hands of Whale Oil blogger Cameron Slater because either Labour’s IT wonks, or whoever was meant to be reconnecting them to the real world, failed entirely to protect it. Not against any illegal break-ins. Just stickybeakers, really.

Labour speaks in terms of a “malicious breach” of its online party contact database, which “exploited” a “system vulnerability”.

All of which is a rather unconvincing way of complaining that someone left mucky footprints all over the welcome mat that had been left stretched out. And not even with a key under it. None was needed.

If anything, this was more like some subconscious expression of the party’s nostalgia for the days of a kinder, gentler New Zealand when you could leave your home with the front door unlocked, the back door open, the radio on, and a wee notebook by the door for anyone to leave a message if they’d come when you were out.

Whoever fed the information to Mr Slater didn’t need any hi-tech crowbar to get it. If you registered into Labour’s website, it gained you access into the party’s web server and – for reasons that defy explanation without resorting to forehead slapping – to archived material, apparently put there as a backup from the holy huddle of the party’s inner sanctum.

Labour insists that credit card information was not among the accessible material. Forgive us if we await the passage of time before accepting that this didn’t happen. But, in any case, there are strong indications that it might have, because for months stickybeakers had potential access to password information which might, in turn, have led to compromised security in a bunch of different directions.

Just what use Mr Slater now makes of the information, selectively or not, remains to be seen, but the Privacy Commissioner is right to be concerned and to be keeping a steely watch. Even if the information was not illicitly obtained, it does not mean that people’s legitimate expectations of privacy have evaporated into a puff of public curiosity.

Then again, the rest of us don’t know what we don’t know. Perhaps matters of legitimate public interest do lie within the information.

Labour itself is surely aware that public mood is increasingly towards greater exposure of party support mechanisms, and of the correlation between financial support and subsequent influence.

Why, Labour, itself, has supported in principle the proposed private member’s bill from Green MP Sue Kedgley to require registration of lobbyists, agreeing that those who lobby Ministers for a living should have to register their activities.

Mr Slater is already chewing into some of the internal party documents, including one which does suggest Labour use Parliamentary Services’ resources for party business. This is, emphatically, against parliamentary rules.

Meanwhile it looks like tech magazines around the world are busting labour’s chops. They know that Labour’s spin about hacking and malicious intent is bollocks. They got pantsed. The best thing they could do would be to suck it up, shut up and apologise, followed by a senior official falling on their sword.

WhaleleaksWhaleOil issues ‘demands’ to Labour
Newstalk ZB
Labour is playing into the hands of blogger Cameron Slater as it goes into damage control over the information he found on the website. Mr Slater is sitting on personal details of the party membership and is threatening to name some supporters. 

New Zealand Labour Party Hacked
eSecurity Planet – ‎57 minutes ago‎
By eSecurityPlanet Staff A right-wing blogger recently took advantage of a security flaw on the Web site for the New Zealand Labour Party to access membership, credit card and other details. “Today, Cameron Slater, who runs the Whaleoil blog, 

452 records leak in NZ Labour hack
ZDNet Australia – Darren Greenwood – ‎Jun 14, 2011‎
The opposition New Zealand Labour Party has been embarrassed by the discovery of a major security flaw on its website that led to membership, credit card and other details to pass into the hands of a right wing blogger. Today, Cameron Slater, who runs 

Security bungle exposes 450 NZ Labor supporters
iT News – Darren Pauli – ‎Jun 14, 2011‎
A furore has erupted across the Tasman after a right-wing blogger promised to release 452 names and 18000 email addresses of New Zealand Labor Party supporters obtained through basic security 

NZ Labour members’ details exposed online
CIO Magazine – ‎Jun 14, 2011‎
New Zealand’s main opposition party says a website botch-up has exposed its members’ personal details. A database containing about 18000 supporters’ personal information could be freely downloaded from the Labour Party’s website until the problem was 

NZ Labour members’ details exposed online
Australian Techworld – ‎Jun 14, 2011‎
New Zealand’s main opposition party says a website botch-up has exposed its members’ personal details. A database containing about 18000 supporters’ personal information could be freely downloaded from the Labour Party’s website until the problem was 

NZ Labour members’ details exposed online
Computerworld Australia – ‎Jun 14, 2011‎
New Zealand’s main opposition party says a website botch-up has exposed its members’ personal details. A database containing about 18000 supporters’ personal information could be freely downloaded from the Labour Party’s website until the problem was 


THANK YOU for being a subscriber. Because of you Whaleoil is going from strength to strength. It is a little known fact that Whaleoil subscribers are better in bed, good looking and highly intelligent. Sometimes all at once! Please Click Here Now to subscribe to an ad-free Whaleoil.

  • peterwn

    A robots.txt merely requests ‘robots’ not to visit the specified pages. Google and other search engines respect this, but robots (say) harvesting emai addresses for spamming would carry on regardless.

    So while an appropriate robots.txt would have kept Google from indexing and datadasing the sensitive files, it would not have kept Whaleoil or that National Party IT staffer out.

    Incidentally if that staffer wanted to test Labour’s test site he should have gone to an internet cafe or purchased (for cash) a cellular internet dongle off one of the cell phone operators. not taking that precaution gave Labour a bit of leverage.

    • it only has leverage if that staffer, whom I have nerver met, online or otherwise, had actually done what labour accuses him of. He did not and has not passed any information to me regarding this, and neither has any other person in National. That is a lie. Labour knows this and the fact that they won’t publish all of the longs instead only a few select lines of a a couple of logs shows this. If they keep lying them perhaps I should just publish all the logs, months worth of logs to prove it. They know I have the logs, they should stop lying and saying National gave me anything because they didn’t and they can’t prove they did.

  • thor42

    This is *great* stuff! I just *love* seeing the pinkos squirming and fidgeting while they dole out the lies.
    * Let’s allow a political party that couldn’t run a pissup in a brewery into power again.
    * Let’s not.