One of the questions raised by Nicky Hager’s new book Dirty Politics is when it’s okay to access or publish confidential information. Has Hager has acted unlawfully by publishing the emails which he says were leaked to him after someone hacked into Cameron Slater’s Whale Oil site? On the other side of the coin, have the PM’s advisor, Jason Ede, and Cameron Slater done anything wrong if, as Hager claims, they accessed Labour’s donor and supporter data via a loophole in the party’s website? What about the hackers of Slater’s emails?

Publishing Dirty Politics

Let’s start with Hager. He claims that the book is based on thousands of pages of emails between Slater and others which were leaked to him out of the blue by an unnamed person or persons. He says the emails were obtained during an attack on the Whale Oil site following Slater’s comment “Feral dies in Greymouth, did world a favour.” There is no suggestion that Hager was himself involved in the hacking of the emails so the question is: was Hager entitled to publish the emails he published?

The answer is yes, as long as the public interest in the emails outweighs the competing rights of those who wrote them. So how do we work that out? There is a pretty good argument that material in Dirty Politics is in the public interest. The public interest is particularly strong where information relates to the behaviour of elected politicians. Dirty Politics is making some serious allegations about that behaviour and it’s arguable that the public should hear them.

People also have no right to keep secret communications which reveal wrongdoing. This “iniquity” defence could justify many of Hager’s disclosures including, for example, the alleged exchange in which Slater and political commentator, Matthew Hooton, provide details of Hager’s address to lawyer, Cathy Ogders, who wants it made available to “vicious” individuals whom she appears to believe will have it in for him.

On the other side, though, are the emailers’ rights to privacy and confidentiality. There can be little question that the emails were confidential and that anyone reading them would have known that. Slater, Collins etc would probably also have a “reasonable expectation of privacy” in respect of the emails’ contents.

But how heavily does that weigh in the balance? The breach of privacy/confidentiality here is significant – the need to protect correspondence is widely recognised – but it is not at the worst end of the scale. Hager has not published information about the emailers’ health, sex lives, family lives, or financial position. And the emails disclosed were written by the parties in their professional capacity. This is not as serious as disclosing emails between, say, John Key and his wife or between David Cunliffe and his kids. In light of that, my money would be on the public interest prevailing.

Accessing Labour Party donor lists and supporters

So what about Hager’s allegation that, following a tip-off, Slater, Ede and others accessed sensitive information about Labour donors and supporters via a loophole in their website? Does that account, if accurate, reveal wrongdoing?

Accessing a computer without authorisation is a crime under section 252 of the Crimes Act 1961. It says:

(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.

“Access” and “computer system” are defined pretty broadly and so the provision would seem to catch the activity allegedly undertaken by Ede and Slater. The question is whether Ede and Slater knew or were reckless about whether their access was unauthorised. Slater and Ede might be able to claim that they assumed that their access was “authorised” because they got the information via a publicly available website.

But there are lots of ways such an argument could be refuted. Its success might depend, for example, on how easily Slater and Ede got hold of the information – if a person needed a tip off and/or sophisticated computer skills to get at the donor and supporter lists, it would be hard to argue they thought they were for general consumption.

And what about other indications that the information was not intended for Ede and Slater’s eyes? Might the structure of the website have made this clear? Or the nature of the information itself – a court might say it is obvious, for example, that members of the public weren’t meant to be seeing donors’ credit card details.

Ede and Slater’s subsequent comments are relevant here too. According to Hager, Ede writes an email expressing relief that Labour didn’t realise he’d accessed their material. And Slater wrote a blog post talking about “Labour’s Leaks”. These comments could undermine any argument that they thought they were allowed the material all along.

Labour might also have a claim for damages against the hackers. The strongest claim here is in breach of confidence. Recent English case law (Tchenguiz v Imerman) says that it is a breach of confidence simply to access confidential information which is stored on a computer, even if you don’t publish it. It is not clear yet whether New Zealand will follow that decision but if they do, the two key questions would be: was the donor and supporter information confidential, and if it was, should Ede and Slater have known that?

The answer to the second question is probably yes – for the reasons set out above. The first question is trickier. Information can’t be confidential if it is widely available. So Ede and Slater could argue that, given it could be obtained via a public website, the donor and supporter information is not confidential. This argument could run into trouble though if the information was not easy to get. Again, if individuals needed inside knowledge and/or sophisticated computer skills to obtain donor and supporter lists then they probably remained confidential.

The Whale Oil hackers

That leaves the question of the conduct of the hackers who obtained Slater’s emails. It seems pretty likely that their behaviour was both criminal and a breach of Slater, Collins, Ede etc’s confidence and privacy. However, since we don’t know exactly what they did or how they did it, it is difficult to comment further.

Dr Nicole Moreham is Associate Professor of Law at Victoria University of Wellington