Labour and the Privacy Commissioner

June 14th, 2011 at 1:01 pm by David Farrar

Tracy Watkins in the Dom Post reports:

is appealing to the about lists of supporters and donors falling into the hands of a right-wing blogger.

Details of 18,000 people were on the databases downloaded by blogger Cameron Slater, severely embarrassing Labour, which had to email donors and people who had contacted it through its website to apologise for the breach.

Slater has revealed on his blog how he obtained the databases, which appear to have been publicly available and easy to download without needing to hack into the site.

It is good that Labour is talking to the Privacy Commissioner. But rather than appealing to her, they should be begging mercy.

The good Commissioner could do worse than read Danyl at the Dim Post who translates technical stuff to English:

  • Labour registered another site called healthyhomeshealthykiwis.org.nz, also hosted on this server. But when you visited this address you didn’t see a normal web page – you saw a directory listing of the Labour Party web server. This let you browse Labour’s server and read any file you wanted, just as you can with your own computer.

  • This is considered so undesirable and such an egregious breach of security that the web server software Labour uses (Apache) disables directory listing by default. You have to go into a configuration file and switch it on manually. So I guess that’s what they did.

  • It gets worse. All organisations back up their sensitive data – usually onto a backup server and/or tapes, which are then kept in a highly secure location. Confidential data like, say, financial records are always encrypted and password protected. But someone in the Labour Party decided to back up their donor database onto their web server – the only server in their organisation accessible to the general public, so by definition the last place you’d put any backup files.

  • So all you had to do was enter healthyhomeshealthykiwis.org.nz, click on a few directories and you could download Labour’s unencrypted donor database.

Danyl’s conclusion:

Like the Darren Hughes fiasco, this is yet another sign that Labour is not a healthy organisation. It’s a party of perpetual incompetence that’s in deep denial about this obvious fact – to them they’re always the innocent victims of endless right-wing media conspiracies. A party that cannot run itself should not be allowed anywhere near the machinery of government.

If someone really had hacked the Labour website, exploiting a recent vulnerability, then my attitude would be very different. Few are immune from a totally dedicated expert hacker. But this is the exact opposite of that – this is listing all your private files on the frontpage of a website.

Tags: , ,

21 Responses to “Labour and the Privacy Commissioner”

  1. lastmanstanding (1,241 comments) says:

    the first thing I thought when I read about this if I had donated to the Socialists I would have been on the Marie Shroff laying a complaint that the Socialists had failed to protect my privacy and had breached the act.

    the Socialists should be pleading for mercy. THEY F….. UP END OF STORY.

    Butt in their usual style they rant on blaming everyone else. Just like when they ruined the economy for over a decade.

    Great stuff though to see them keep digging the whole. the gap back to them on the 26 Nov just keepd getting bigger

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  2. Positan (384 comments) says:

    If there were any “honest” Labour MPs, with even the slightest trace of individual self-respect, there’d be mass resignations from the party. Labour has proved itself functionally incompetent so many times, but thank God this time it’s not in government!

    Talk about rationality deficit disorder!! Roll on the election. I can hardly wait!!!

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  3. Say Goodbye to Hollywood (556 comments) says:

    But but but….surely the good folk at The Standard can’t be wrong? What about that nice chap Pagani? This is an evil plot with dirty tricks and all part of the VRWC.

    Oh wait, its Labour…..idiots.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  4. Inventory2 (10,177 comments) says:

    Idiot/Savant says it even better at No Right Turn

    Over at The Standard they’re crying foul and “theft!” – exactly the opposite of their position on the Don Brash emails – but nothing of the sort seems to have occurred. Instead, Labour seems to have just left stuff lying around on the web for anyone to look at. The only breaches of law and ethics here are on the Labour Party’s side; their donors and members have privacy and information security rights, which Labour has violated. If people give you information, you have a duty of care over it, and this is enshrined in law through Principle 5 of the Privacy Act. And anyone whose information was treated so carelessly has recourse to the Privacy Commissioner.

    It’s not often that I agree with No Right Turn, but he has sheeted the blame to exactly where it should be; the New Zealand Labour Party.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  5. Manolo (13,517 comments) says:

    Clowns, morons, headless chickens, imbeciles,…. words fail me to describe the Labour Party.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  6. starboard (2,492 comments) says:

    incompetent , dishonest , corrupt , ..theres a few more for ya Manolo

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  7. berend (1,673 comments) says:

    At The Standard they’re now crying that the National Party should have informed them. It’s basically the National Parties fault.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  8. cabbage (455 comments) says:

    Of course it Berend. Those damn Nats are the root of all evil didn’t ya know?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  9. cabbage (455 comments) says:

    Good god. Those standard folk are bat shit fucking crazy!

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  10. Inventory2 (10,177 comments) says:

    @ Manolo – after Key’s speech in the Budget Debate, the Labour MP’s objected to being called Muppets. Personally, I think that is the perfect description for them, collectively.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  11. Peter (1,664 comments) says:

    It is idiocy, wrapped in incompetence, inside dysfunction.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  12. Inventory2 (10,177 comments) says:

    @ Peter – it’s ELECTILE dysfunction :-)

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  13. gravedodger (1,528 comments) says:

    @ Inventory2, 15 minutes on the naughty chair, Hilarious.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  14. Murray (8,842 comments) says:

    This hysterical whirling of the labour party is getting the exacte result they want, everyone is looking at how the information came to be in the open rather than WHAt the information is.

    They are stealing from us. That National seem to be peering hawkishly in entirely the other direction only makes me ask what they’ve been up to as since it doesn’t ssem to be an issue of conern to them.

    We need some sunlight on the entitre issue I think.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  15. NX (603 comments) says:

    cabbage wrote:

    Good god. Those standard folk are bat shit fucking crazy!

    The frighting thing is that Labour seems to be connected to this blog – all be it – secretly.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  16. Ed Snack (1,797 comments) says:

    I would have thought that by the way that Labour made those records available publicly, that they have de facto published them themselves. Putting something up unencrypted and unprotected onto a publicly accessible machine IS publishing. It’s like putting it all up on a noticeboard somewhere, not out the front, but in a public access-way to their offices say.

    The contrast with the Brash emails is very telling though. I don’t think anyone ever really answered the question of how the emails were released, but I doubt that they were left lying around in public view to be copied by all and sundry.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  17. NX (603 comments) says:

    Ed Snack wrote:

    I don’t think anyone ever really answered the question of how the emails were released

    No, they haven’t. The police failed to answer that question.

    Not only is Labour’s information breach an order of magnitude smaller than the thief of Dr Brash’s emails, the left know who did it (Whale oil), and exactly how he did it. All we’ve got to go on is Nicky Hager’s lies.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  18. georgebolwing (685 comments) says:

    I suspect that Labour have made a fundamental mistake complaining to the Privacy Commissioner, since the Commissioner’s first question will be what obligations did Labour have to protect this information and did they comply with those obligations?

    I am remimded of Oscar Wilde’s mistake of initiating a private prosecution against the Marquess of Queensberry: the only way that Queensberry could avoid conviction for libel for accusing Wilde of the felonious act of sodomy was by demonstrating that his accusation was in fact true. This he did, the end result of which was that Wilde was arrested, tried, convicted and sentenced to two years’ hard labour.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  19. dog_eat_dog (761 comments) says:

    Danyl deserves credit for this – he’s clearly had a reaction to something and then now that more information has come to light, he’s revised his stance in light of facts. It’s a reason why I like reading his stuff over TheStandard, where Labour could be using light planes to pamphlet-bomb people their donor information and it would still somehow be the work of National HQ.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  20. RightNow (6,841 comments) says:

    Hmm, went for a look to see what’s up at Red Alert, got this:

    DNS Resolution Error
    You’ve requested a page on a website (blog.labour.org.nz) that is on the CloudFlare network. Unfortunately, CloudFlare is currently unable to resolve your requested domain (blog.labour.org.nz). There are two potential causes of this:

    Most likely: if the owner just signed up for CloudFlare it can take a few minutes for the website’s information to be distributed to our global network. Check back in about 5 minutes and the site should be up and running and enjoying all the benefits of CloudFlare.

    Less likely: something is wrong with this site’s configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider’s DNS fails.

    Must be time to bolt the stable door.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  21. Jim (35 comments) says:

    Where was the Privacy Commissioner when the national party emails and Brash’s laptop at home were hacked by a left-wing conspiracy type. Where?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote

Leave a Reply

You must be logged in to post a comment.