How blogger Whale Oil accessed Labour Party computers

A right-wing blogger has documented in video how he gained access to what should have been confidential party and donor information.

Call me a bit old school, but generally I like elections to be about policy and vision. There isn't much of either on view in this New Zealand election round.

Since the publication last week of Dirty Politics, a new book by investigative activist Nicky Hager, policy and vision have all but disappeared. The book is based on emails and other communications between blogger Cameron Slater (aka Whale Oil) and others on the right, including a cabinet minister and staff in Prime Minister John Key's office. 

Dirty Politics, in part, reignited an old argument: that Slater hacked a Labour Party website in 2011 and gained unauthorised access to information, including donor information and credit card details. 

I'm not a fan of Slater's. In Dirty Politics, Slater is quoted in seemingly hacked emails as calling the working people of East Christchurch "scum" — this is after the devastating earthquakes that drove many out of their homes.

My background is working class, from Auckland's west. When Slater does that, he is calling me scum as well.

But amongst all the blather there has been very little of substance about what Slater actually did to access that Labour Party information. The answer is, not much. He didn't have to. It was published in a way that even Google's robots could access and index it.

Slater documented this in detail in a video he posted on YouTube (below) and the incident was followed by official investigations. No further action was taken.

Some are still arguing that what he did was illegal and they may have a point. Hacking means different things in different legal jurisdictions. To me though, if something is published on the open internet, with no real security controls and requiring no real skill to access, that's not hacking. 

That's browsing.

And it was and still is highly embarrassing for the opposition Labour Party, which should thank its stars New Zealand does not yet have a compulsory data breach notification regime. If it did, the party would have faced the humiliation of having to tell its own supporters it had not looked after their private information properly.

However, the law in New Zealand, like elsewhere, is far from clear on where the boundary lies between hacking and browsing. 

Jono Natusch offers a good wrap of those arguments, which highlight what a shame it was the Police or the Privacy Commissioner decided not to take action back in 2011 when all this occurred. Sadly, we need a judge to decide what Parliament was trying to say when it rewrote the Crimes Act to criminalise "unauthorised access to a computer system".

But any real hacker, no matter what shade their hat, could not look at that video and call this hacking — and I'd be wary of supporting any law that did.

A lot of questions remain unanswered about where and how Hager got his information. Whale Oil says his Gmail was hacked and points the finger at Kim Dotcom, FBI extradition target and founder of the Internet Party.

Dotcom denies any involvement. 

One thing is for sure, the reignited hacking furore does appear to have achieved a very rare thing: put a seemingly untouchable Prime Minister on the back foot (audio).

Meanwhile, the book was sold out  when I tried to buy it (twice) and is going into reprint, proving the truth of what Philip Matthews (@secondzeit) tweeted a few days ago: "Haven't seen this many people commenting on a book without reading it since university."