There is still a problem with how the health information was available

While most of the focus is on Michelle Boag providing confidential health information to Hamish Walker, and Walker emailing that to media, there are still important questions to be asked about how Boag had access to the information in the first place in her role as Acting CEO of the Auckland Rescue Helicopter Trust.

New Minister of Health Megan Woods says that it was a standard operational procedure to give emergency services this information in case they had to provide services to anyone with Covid. But this needs scrutiny. Anyone known to have Covid should be in quarantine and if emergency services are needed for them it should be immediately obvious.

Muller asks National board to remove Walker from party

There has been widespread calls for Clutha Southland MP Hamish Walker to be dumped. While the party leader doesn’t have the power to sack an electorate MP, Todd Muller says that the leaking of health information showed ‘serious lapses of judgment’, and ‘appalling lack of judgement’, and was ‘completely unacceptable’, and has written to the National Party board asking that Walker is removed from the party.

Muller says he us very angry about what happened.

RNZ:  Todd Muller on Hamish Walker – ‘There needs to be consequences’

The National Party leader says he has written to the party’s board asking them to remove MP Hamish Walker from the party after it was revealed he leaked private health information to media.

Prior to that revelation, National Party leader Todd Muller described the leak as “loose, shabby and a reminder these guys can’t manage important things well”.

“The problem is when you’ve allowed a culture of sloppiness and clumsiness to take over and become pervasive, you know, really history suggests you need a new broom to be able to sort and set the tone from the top,” he said on Monday.

Walker, who admitted the leak late yesterday afternoon, has already been stripped of his portfolios and is now subject to an independent State Services inquiry.

Muller told Morning Report there needed to be consequences and he has written to the party’s board asking it to remove Walker from the party.

Muller has given a lengthy interview to RNZ, they say they will post more details. Walker and Boag would not do interviews. They will be subject to the inquiry set up to investigate the leak.

The board will meet to discuss the matter today.

Muller said he learn on Monday at lunchtime about who leaked the information when Walker contacted him to inform him. He is not aware of any other National MPs being aware of who was responsible for the leak.

Muller also said the consequences will be significant for Michelle Boag, who obtained the information in her role as Acting CEO of the Auckland Rescue Helicopter Trust.

Muller says that Boag did not assist him with his leadership takeover, and he’s not aware of her helping Walker on other matters.

I think that Walker should jump before he is pushed from the party, or al least announce he won’t stand for re-election in  September.

This is hugely damaging for National as it is, but if Walker doesn’t resign or withdraw the damage to the party will increase.

Muller is saying and doing about all he can in the circumstances. It must have removed any hope of success for him or national this election.

UPDATE:

He had little choice but to do this, and jumping before being pushed reduces the substantial damage he has done to his party.

Todd Muller accepts Hamish Walker’s decision not to stand in 2020

National Party Leader Todd Muller has today accepted Hamish Walker’s decision to withdraw his candidacy for the seat of Southland and not stand at the upcoming election.

“Rachel Bird, the National Party’s Southern Regional Chair, has received a letter from Hamish confirming he will withdraw as the National Party candidate for Southland.

“There was a clear breach of trust, which goes against the values National holds as a party.

“The National Party Board will still meet today to discuss the selection of a new candidate.”

Hamish Walker – admission and apology over leak

National MP Hamish Walker:

A Personal Statement And An Apology

I have spoken to National Party Leader Todd Muller and informed him that I passed to members of the media, by email, information containing Covid-19 patient details that was given to me by a source.

I did this to expose the Government’s shortcomings so they would be rectified. It was never intended that the personal details would be made public, and they have not been, either by me or the persons I forwarded them to.

I have received legal advice that I have not committed any criminal offence.

The information that I received was not password protected by the Government. It was not stored on a secure system where authorised people needed to log on. There was no redaction to protect patient details, and no confidentiality statement on the document.

By exposing a significant privacy issue I hope the Government will improve its protocols and get its safeguards right.

I made serious allegations against the Government’s Covid-19 response and passed on this information to prove those allegations.

Private health information does not have basic safeguards in place and the Government needs to immediately change its protocols and store the information on a secure, safe network that at a minimum requires a password.

I sincerely apologise for how I have handled this information and to the individuals impacted by this. I will be fully cooperating with the Michael Heron QC inquiry.

National leader Todd Muller:

Statement On Hamish Walker

Hamish Walker has informed me that he received and then disclosed health information regarding active Covid-19 cases to members of the media.

I have asked Hamish to acknowledge this to Michael Heron QC and cooperate fully with his inquiry into how the information made it into the public domain.

I have expressed to Hamish my view that forwarding on this information was an error of judgement.

While I wait for the result of the inquiry I have transferred his Forestry, Land Information and Associate Tourism portfolio responsibilities to Ian McKelvie.

Given this matter is the subject of an inquiry I will not be making any further public comment.


UPDATE: Michelle Boag has admitted passing the information on to Walker.

From RNZ: National MP Hamish Walker admits leaking Covid-19 patient details

In a statement, Boag said that handing on the patient details to Walker was “a massive error of judgement on my part and I apologise to my colleagues at ARHT (Auckland Rescue Helicopter Trust) whom I have let down badly”.

“I very much regret my actions and did not anticipate that Hamish would choose to send it on to some media outlets but I am grateful that the media involved have chosen not to publish the 18 names that were contained within it.

She said she had resigned from her role at the Auckland Rescue Helicopter Trust.

“I take full responsibility for my actions and have resigned as acting CEO of ARHT.”

Boag was the National Party’s president in 2001 and 2002.

Boag was also linked to the leadership coup when Muller replaced Simon Bridges.

From  memory she was also involved in the management of Todd Barclay before he exited the same Clutha-Southland electorate taken over by Walker.

This is very damaging for National regardless of how it pans out from here.


Press Statement From Michelle Boag

Today I am announcing that I am the person who passed on details of current Covid19 cases to Clutha Southland MP Hamish Walker, who then passed on that information to a number of media outlets.

The information was made available to me in my position as then Acting CEO of the Auckland Rescue Helicopter Trust, although it was sent to my private email address.

This was a massive error of judgement on my part and I apologise to my colleagues at ARHT whom I have let down badly.

I very much regret my actions and did not anticipate that Hamish would choose to send it on to some media outlets  but I am grateful that the media involved have chosen not to publish the 18 names that were contained within it.

I take full responsibility for my actions and have resigned as Acting CEO of ARHT, which is in very good hands as the result of a recent restructure and the appointment of a new CEO for the Trust’s operations and the appointment of a General Manager to oversee the Trusts’s marketing and fundraising operations.

I sincerely hope that the communities of the Auckland region will continue to support the Rescue Helicopter at this time of very important need.  My actions were mine alone and should not reflect at all on the professionalism, integrity and outstanding reputation of the Rescue Helicopter staff.    They are an amazing bunch of dedicated community servants and I know they will be very disappointed in me.

Any requests for comment should be directed to me personally as ARHT bears no responsibility at all for my misjudgement.

MoH privacy breach of Covid cases

The Ministry of Health is under scrutiny again over the leak of personal details of New Zealand’s 18 active Covid cases.

RNZ: Details of active Covid-19 cases leaked in privacy breach

RNZ has seen a document that includes the full names, addresses, age and the names of the hotel and one hospital the 18 have been quarantining in.

The State Services Commission has been called in to make sure a “thorough investigation” is held.

State Services Minister Chris Hipkins said the fact this personal information had been given out was totally unacceptable, and he has ordered an investigation.

“I have been advised by the Ministry of Health that at this stage it cannot be confirmed beyond doubt whether a deliberate leak was involved or if this was simply human error.

“If it was the former, it is unconscionable and absolutely beggars belief why anyone would feel it was an acceptable action to take, given the trauma it is likely to cause those whose information is involved. It would, quite frankly, be abhorrent, and potentially criminal.

“Either way”, he said, “it cannot happen again.

“The public has every right to expect their private information to be held securely.”

NZ Herald:  Covid 19 coronavirus patients’ details leaked: Investigation launched as agencies scramble.

Confidential patient details of all the active Covid-19 cases in New Zealand have been leaked, including their names and dates of birth.

The massive breach of privacy contains the details of 18 confirmed cases, ranging from a 30-year-old woman in Auckland to a 70-year-old man in Canterbury.

It includes the personal details of the man in his 30s receiving care in Auckland City Hospital.

The leaked spreadsheet, seen by the Weekend Herald, also shows which border facility the Covid-positive people were staying in when they tested positive and where they were moved for quarantine.

The Office of the Privacy Commissioner said from the little information it had on the leak, it sounded “like a serious breach involving highly sensitive information”.

“Should individuals make complaints to us or we learn additional information, we may investigate further.”

Data systems and management of data has been a real problem for the MoH, and this adds to embarrassment over the inadequacies.

Curiously from Audrey Young at NZ Herald in Jacinda Ardern plagued with fresh problems in health:

If (Clark) had held out for another two days, she would have been forced to sack him anyway, over the incredible privacy breach of the Covid-19 patient details.

As he is new to the job Hipkins just has to deal with the breach, but it could be time consuming for him in his new role..

Peters claims he now knows who leaked his Super overpayment but is appealing something else

Winston Peters took a number of people to court claiming they may have leaked details about his Superannuation overpayment, but he failed to prove who had actually leaked to media.

He now claims he knows who did it, but unless he can show that the court decision was wrong based on the information it had, I don’t think he can have another crack at it, unless he targets different people.

But Peters has a record of making accusations without fronting up with evidence, so this could be a bit of an attention seeking stunt.

Stuff: Winston Peters pursues court action, claims he knows who leaked pension details

Deputy Prime Minister Winston Peters claims he knows who leaked his pension details and is pursuing court action “for all people who have had their privacy breached.”

In 2017, weeks before the general election, information showing Peters’ superannuation had been overpaid for seven years was leaked to the media.

Last year, Peters appeared before the High Court in Auckland, suing the Attorney-General on behalf of the Ministry of Social Development, the ministry’s chief executive, the States Services Commissioner and former National Party ministers Anne Tolley and Paula Bennet, alleging his privacy was breached.

The court said ruled it could not pinpoint the source of the leak, and dismissed Peters’ claims for damages and declarations.

When he released his judgement last month, High Court Justice Geoffrey Venning said Peters’ information should not have been disclosed to the media, and Peters had a reasonable expectation that it would be kept quiet.

“This was a deliberate breach of his privacy with the intention of publicly embarrassing him and causing him harm,” the judgment read.

It stated that if Peters identified who disclosed the information, damages in the region of $75,000 to $100,000 in total “might have been appropriate.”

Peters has ruled out Bennett and Tolley.

In November, Peters acknowledged neither Tolley nor Bennett were the source of the leak.

I wonder if this is deliberately timed to coincide with National’s current leadership challenges.

His statement begins oddly, with:

“I am not persisting with this case just for myself, but for all people who have had their privacy breached.

Privacy of information is a cornerstone of our country’s democracy. Without it our society truly faces a bleak future.

We now know who the leak is.

But he doesn’t actually say what he is going to do in his statement.

However news reports say he is appealing the High Court decision. He said that proving who leaked was ‘impossible’ but he now claims to know who it was. He also says he was told be ‘media’.

He says he is appealing the law. He says the identity of the leaker is not being tested in court.

I’m very confused.

“I’m appealing the application of the law”.

Asked about having proof of who leaked but again he says that has no relevance in this situation, but he reiterates he knows who the leaker is but can’t name them.

 

Peters drops leak accusations against Bennett, Tolley

It was obvious that all the Winston Peters accusations and litigation couldn’t stand up. He launched what was clearly a fishing expedition to try to expose the culprit.

Peters, via his lawyer Brian Henry’s closing address in court, has conceded that neither Paula Bennett nor Anne Tolley leaked information about his seven year superannuation overpayments.

Newsroom: Peters accepts National ministers didn’t leak

Winston Peters’ has accepted in the High Court that two former National ministers he had been suing for $450,000 for breaching his privacy were not the source of the leak or responsible for it.

In his closing submission today, Peters’ lawyer Brian Henry said both Anne Tolley and Paula Bennett denied in their evidence leaking information on Peters’ seven-year overpayment of superannuation – and the lawyer for the Ministry of Social Development and public servants did not challenge those denials.

“That left the MSD in the position that they now cannot avoid a finding that the breach was on MSD,” Henry said. “The plaintiff was expecting a challenge from MSD to the ministers, but the MSD has not challenged the evidence that they [the ministers] did not leak.

“That dual denial removed two of the options that the plaintiff, when it opened its case, was expecting to have examined in the court.”

That means Peters is no longer suing the National pair for damages.

This raises questions about Peters’ claims, and the cost he has inflicted on taxpayers to try to justify his accusations.

It also makes Barry Soper’s assertions that it must have been a National leak (with no evidence provided) look a bit silly.

Henry said Peters’ case was that under the tort of privacy he had a reasonable expectation that his private information would not be made public and what was disclosed had been highly offensive.

“In this case, the MSD exclusively held the plaintiff’s private information. Unless they can rebut the evidence there arises an evidential presumption.

“The larger the group [who had become aware in the ministry] the greater the foreseeability the matter would be leaked.

“The perpetrator will never front. Someone in MSD in full knowledge breached the plaintiff’s privacy and set off a chain of communications causing damage to his reputation.”

Henry said: “This is not likely to be a mistake.”

So he now asserts that someone in MSD leaked the information, but as there is no evidence suggests the assumption can be made. I don’t know how proof or lack thereof works in cases like this.

The ‘chain of communications’ led to journalists asking Peters about the overpayment, and Peters then went public himself. There is no certainty that media would have published the information. This is an interesting situation.

MSD lawyers claimed that Peters’ reputation hadn’t been affected by anyone but himself.

It is arguable that if Peters had just admitted making a mistake on his application and not noticing the overpayment, then paying it back when brought to his attention, then this would have blown over and would be virtually forgotten by now.

Instead Peters accused a swath of people for the leak with no evidence to back his claims, made assertions and denials that were inaccurate or wrong, filed legal action against National MPs just prior to going into coalition negotiations with National (I think without revealing the legal filing), and then proceeded with the case over the next two years.

Some have suggested he has simply enhanced negative aspects of his reputation.

There is a serious issue of the revealing of private information held by  Government department. That should have been investigated – although leaks are common and culprits are often not identified.

But the initial information Peters revealed himself, and revelations through the court hearings, have been self damaging more than anything.

As well as damages, Peters wants a declaration from the court that his privacy was breached.

The NZ First leader says it is necessary to have the tort of privacy recognise such a breach because in the digital world “the dissemination of [private] information is now in the hands of irresponsible persons… and politicians are not extremely vulnerable”.

At the end of his submissions, Henry clarified for the judge that Peters was now seeking the $450,000 in damages under his first course of action from all defendants together rather than seeking that sum from each.

That’s an odd switch. Maybe he realised Peters was seeking too much with Bennett and Tolley out of the firing line.

Questioned further by Justice Venning, he said the fact Bennett and Tolley could no longer be accepted as the source of the leaks meant that they could not continue to be included in the cause of action seeking that money. So the damages are sought, together, from Boyle, Hughes and MSD.

In three further causes of action, Peters is seeking declarations from the judge that his privacy was breached by the public servants in briefing their ministers and by the two ministers in accepting those briefings.

A challenge for the judge to address all of that.

A swipe at Kiwiblog fizzled:

Henry disputed a claim by Bruce Gray QC, for the ministers, that there had been no social media reports of Peters’ overpayment presented to the court that had occurred before Peters issued his press release announcing that news.

He pointed to a Kiwiblog posting about the risks for Peters if the overpayment news was correct. However he gave the court the date August 28 for the Kiwiblog comment, and that was actually the day after Peters issued his press release.

Whoops.

The only social media content appearing before Peters went public had been three tweets from the writer of this article about a possible major political story, and the tweets did not mention him, his party, gender, age or superannuation.

The writer had to provide a sworn statement in the earliest part of the proceedings and pointed out that intense speculation on Twitter had followed those tweets but that not one that was connected to his tweets had referred to or even hinted at Peters being involved.

The writer is Tim Murphy who has provided excellent coverage of the hearing.

Earlier, Victoria Casey QC for Hughes, Boyle and the ministry, said Peters’ pleading alleging bad faith by her clients would, if found to be so, be “catastrophic” for the officials. “If established, it would be the end of any career for them in the public service.

“It’s important that Mr Peters is held to his pleadings,” she said.

The bad faith accusation was raised by Peters in his fourth ‘statement in reply’ before the hearing began. “Mr Peters is not entitled to pursue new allegations of bad faith.”

(Henry later told the court he was saying officials had not acted in good faith rather than they had acted in bad faith. That was so those defendants had to disprove his claim rather than Peters having to prove ‘bad faith’.)

Justice Venning has reserved his decision, which he said was unlikely before the end of the year.

I expect he will want to take some time and care in writing his decision. I wonder how close to next year’s election campaign the decision will be released.


A (lawyer) comment from Kiwiblog (typos corrected):

I was astonished to read of Mr Henry’s concession that neither of Anne Tolley or Paula Bennett leaked anything.
If that is the case the claim against them will fail absolutely.

I would anticipate that Mr Gray will ask for judgement for Anne Tolley and Paula Bennett and that there be an order for costs against Mr Peters on an indemnity basis.

Yeah, costs. They could amount to a lot. Peters will be hoping to have costs warded in his favour for his remaining claims, but that my only balance out these costs.

Thinking about it, Peters was hardly likely to succeed in all of his claims, so was always going to be exposed to costs.

Bridges claims ‘deceit and dirty politics’ – but who did the dirty?

Simon Bridges and National continue to go hard out on the leak of budget information two days before Budget day.

But who is playing dirty here?

RNZ Week in politics: National set the trap and Robertson walked into it

National used the information it found on Treasury’s website to set a trap – and it worked far more effectively than Simon Bridges could have imagined after Gabriel Makhlouf made his “we have been hacked” announcement.

Finance Minister Grant Robertson walked into a trap set by National when he linked the Budget “leak” to illegal hacking.

It was no such thing, and National had known it all along. A simple website search had given the Opposition details of some of the spending in yesterday’s Budget.

At the same time, Mr Bridges was giving a hand-on-heart assurance that National had acted “entirely appropriately” while refusing to say how it had obtained the information.

At that point, National had probably expected the usual response to a leak – condemnation of such behaviour and the announcement of an inquiry.

What it could not have expected was Treasury Secretary Gabriel Makhlouf dramatically announcing that his department’s website had been systematically hacked, and that he had called in the police on the advice of the GCSB.

That was a game-changer, and Mr Robertson seized it. “We have contacted the National Party tonight to request that they do not release any further material, given that the Treasury said they have sufficient evidence that indicates the material is a result of a systematic hack and is now subject to a police investigation,” he said.

The implication was obvious – National had either hacked the website or received the information from someone who had. Whoever did it, their actions were illegal.

It turns out what National did wasn’t illegal – but I still think it was highly questionable. They were trying to do a dirty on the Government to grandstand prior to the budget going public.

Mr Bridges raged about unjust smears on his party and accused Mr Makhlouf and Mr Robertson of lying. The Treasury secretary’s position was untenable and Mr Robertson should resign.

He claimed Treasury had quickly discovered the huge chink in its security and had “sat on a lie” while his party was being accused of criminal behaviour.

This leaves some very big questions which have not yet been answered. If Treasury’s IT people knew what had happened, why did Mr Makhlouf go public with his hacking announcement?

Was he misled by his own department, by someone who didn’t want it known that a blunder had been made with the uploading? That’s hard to believe, because it must have been realised that National was going to blow the whistle on the website search.

Did Mr Makhlouf make the decision to call in the police on his own? Mr Robertson says he didn’t know until after the fact, but Mr Bridges rejects that. It’s unthinkable, he says, that a department head would make a call like that without first informing his minister.

The way Mr Bridges sees it, the hacking was a cooked up story to smear National and take the heat off the government and the Treasury.

But the whole thing was cooked up by National in the first place.

Bridges acted offended when accused of hacking, but he hasn’t hesitated accusing Robertson, without any evidence. And he is also accusing Treasury.

RNZ:  Treasury knew there had been no hack on Budget information – National Party leader

The National Party is confident the investigation into Treasury’s claim Budget information had been hacked will prove that Treasury “sat on a lie”.

National Party deputy leader Paula Bennett, who asked the SSC to investigate, said her party would let the inquiry play out but stands by its assertion that Mr Makhlouf mislead New Zealanders.

It has previously said Mr Makhlouf should resign.

Mr Makhlouf says he acted in good faith.

National Party leader Simon Bridges told Morning Report today there were two possible scenarios, and the situation was likely a bit of both.

“You’ve either got bungling incompetence, and I think we can all believe that could well be the situation, or you have some broad form of deceit and … dirty politics.

“And we need to see what’s going on here.”

He said the GCSB told Treasury and the Minister of Finance that there had been no systematic hack, but Treasury came out after this and said there had been.

“The reality of this situation is it’s pretty black and white isn’t it.

So as a result of a deliberate and concerted effort by National to exploit a data vulnerability at Treasury in an attempt to embarrass the Government we now have two inquiries, and National have called on the Minister of Finance and the head of Treasury to resign. It has also jeopardised Makhlouf’s new job in Ireland.

MSN:  Gabriel Makhlouf’s next job at Ireland’s top bank under threat

Irish politicians say they’re concerned New Zealand Treasury Secretary Gabriel Makhlouf will become the country’s next Central Bank governor amid the Budget “hack” scandal.

Pearse Doherty, finance spokesperson for left-wing Irish republican party Sinn Féin, told The Irish Times Maklouf should not start his role with the Central Bank until the investigation has concluded.

Doherty said it “wasn’t a small issue”.

“We need to make sure that someone in the highest position in the Central Bank has proper judgement,” he told The Irish Times.

Ireland’s Fianna Fáil party member Michael McGrath has also reportedly sent a letter to the Irish Finance Minister.

“The governor of the Central Bank is one of the most sensitive and important roles in our States,” the letter says.

“It is vital we have full confidence in the holder of the office.”

So National may succeed in ruining Makhlouf’s career. Robertson is unlikely to resign – and I think it would be a disturbing result if he is forced to.

Sure Makhlouf and the Government may not have handled the budget leak well. But this was a dirty politics style hit job by National, serving no positive purpose, and highly questionable as ‘holding the Government to account’.

They would have hoped to cause some embarrassment, and got lucky when it precipitated a shemozzle, leading to two inquiries and careers in jeopardy – not because of the initial problem, but because of how it was mishandled. This is classic negative politics.

For what? Some budget information was publicised two days before it was going to be made public anyway. National well know that budgets are kept secret until announced in Parliament, and there’s good reasons for this.

This sort of thing really puts me off politics – especially off politicians who try to engineer scandals that really has nothing to do with holding to account.

If there wasn’t other things keeping me going here I think I could happily pack up and go and do something else as far from politics as I can get.

This political debacle sets a very poor example. It is a form of bullying – political bullying, where dirty means are employed to cause problems that needn’t happen. Shouldn’t happen.

Another thing that may keep me involved is looking at ways of getting our politicians to set positive examples, and save the hard ball holding to account to when it really matters.

Is there any chance of that? I’m probably wasting my time here.

Second inquiry by State Services over budget leak

The State Services Commission has announced they investigate statements made and actions taken by the Secretary to the Treasury Gabriel Makhlouf following the leak of budget data two days before budget day last week.

This is in addition to an inquiry into the leak itself, announced last week.

Makhlouf seems to have handled things poorly, and the Government was messy with their handling as well.

But two inquiries as a result of the National Opposition ferreting for something so they could grandstand and embarrass the Government.

What has been achieved overall? More self inflicted discrediting of Parliament and politics in general. I don’t see anything positive from all of this.

There is no benefit to the public.

Last week:  Inquiry into unauthorised access to Budget material

The State Services Commission will undertake an inquiry into how Budget material was accessed at the Treasury.

The Secretary to the Treasury, Gabriel Makhlouf, asked the Commissioner to inquire into the adequacy of Treasury policies, systems and processes for managing Budget security.

“Unauthorised access to confidential budget material is a very serious matter,” said State Services Commissioner Peter Hughes.

“Mr Makhlouf has asked me to investigate and I am considering my options. This is a matter of considerable public interest and I will have more to say as soon as I am in a position do so.”

While there is no evidence of a system-wide issue, Mr Hughes has asked Andrew Hampton, the Government Chief Information Security Officer, to work with the Government Chief Digital Officer, Paul James, to provide assurance that information security across the Public Service is sound.

“This is an important issue because it goes to trust and confidence in the Public Service and in the security of government information,” said Mr Hughes.

“The inquiry will seek to understand exactly what has happened so that it doesn’t happen again.”

Today:  Investigation into statements made and actions taken by the Secretary to the Treasury

State Services Commissioner Peter Hughes has today announced an investigation into recent questions raised concerning the Chief Executive and Secretary to the Treasury, Gabriel Makhlouf, and his actions and public statements about the causes of the unauthorised access to Budget material. 

The investigation will establish the facts in relation to Mr Makhlouf’s public statements about the causes of the unauthorised access; the advice he provided to his Minister at the time; his basis for making those statements and providing that advice; and the decision to refer the matter to the Police.

Mr Hughes said the questions that have been raised are a matter of considerable public interest and should be addressed.

“It’s my job to get to the bottom of this and that’s what I’m going to do,” said Mr Hughes.

Mr Hughes has asked Deputy State Services Commissioner, Mr John Ombler QSO, to lead the investigation. It will be done as quickly as practicable and the findings, and the Commissioner’s view of them, will be made public.

“Mr Makhlouf believes that at all times he acted in good faith,” said Mr Hughes. “Nonetheless, he and I agree that it is in everyone’s interests that the facts are established before he leaves his role on 27 June if possible. Mr Makhlouf is happy to cooperate fully to achieve that. I ask people to step back and let this process be completed.”

Neither Mr Hughes or Mr Makhlouf will be making any public comment until the investigation is finished. Mr Makhlouf will be working as usual during this period.

The investigation announced today is separate to the inquiry announced last week into the unauthorised access of Budget information. The Terms of Reference and who will lead this inquiry, which is expected to take some months, will be announced shortly.

What about an inquiry into why politicians waste so much time (and public service time) doing negative crap that has no real benefit to the country?

Police say that budget leaks not unlawful

Police have conformed what has been widely claimed already about the budget leak – they say the information was obtained by ‘exploiting a bug’.  What? Online viruses exploit bugs, but that doesn’t make them lawful.

Whatever the law says on this, questions about the ethics of National publicising the material they obtained remain. As has been pointed out, they could have highlighted the flaws in information security without abusing the budget process.

Stuff:  Budget leaks ‘not unlawful’, no further police action

In a statement ahead of Thursday’s budget and an expected press conference from the National Party where leader Simon Bridges was to explain how he got his hands on budget information early this week, the Treasury said that police had advised that “an unknown person or persons appear to have exploited a feature in the website search tool” – but that this “does not appear to be unlawful”.

Police are therefore not planning further action, but the State Services Commission will undertake an inquiry into the issue.

The Treasury said it and and the GCSB’s National Cyber Security Centre has been working on establishing the facts.

“As part of its preparation for Budget 2019, the Treasury developed a clone of its website. Budget information was added to the clone website as and when each Budget document was finalised,” it said in a statement.

“On Budget Day, the Treasury intended to swap the clone website to the live website so that the Budget 2019 information was available online. The clone website was not publically accessible.

“As part of the search function on the website, content is indexed to make the search faster. Search results can be presented with the text in the document that surrounds the search phrase.

“The clone also copies all settings for the website including where the index resides. This led to the index on the live site also containing entries for content that was published only on the clone site.

“As a result, a specifically-worded search would be able to surface small amounts of content from the 2019/20 Estimates documents.

“A large number (approx. 2000) of search terms were placed into the search bar looking for specific information on the 2019 Budget.

“The searches used phrases from the 2018 Budget that were followed by the ‘Summary’ of each Vote. This would return a few sentences – that included the headlines for each Vote paper – but the search would not return the whole document.

“At no point were any full 2019/20 documents accessible outside of the Treasury network.”

The Treasury said the evidence shows “deliberate, systematic and persistent searching of a website that was clearly not intended to be public”.

So there seem to be problems that need resolving.

But what about what National did with the information they obtained?

Lawyer Stephen Price yesterday – Budget leak: Nats’ behaviour “entirely appropriate”?

I’ve just been listening to Simon Bridges’ press conference at Parliament about the budget leak. His main point was to deny that the leaked budget material was a result of a hack. But he made the broader claim that the Nats’ behaviour throughout was “entirely appropriate”. He said there had been “nothing illegal or anything approaching that from the National Party.” He denied that their conduct was at any point unlawful.

I think he’s wrong. I think the Nats have probably engaged in  unlawful behaviour from the get-go. That’s regardless of whether the budget material they released was hacked. The Nats have broken the law relating to Breach of Confidence.

That’s not a crime. It’s a civil claim, like defamation or negligence. But it is the law.

If information is confidential in nature – that is, not in the public domain – and was created and shared in circumstances in which those possessing it knew is was supposed to be confidential, and was then disclosed without permission, that’s a breach of confidence. That obligation of confidence will usually bind anyone else who comes into possession of the information.

There is a public interest defence. That’s what usually protects the media when they receive leaks. Otherwise, as you might have noticed, almost all leaks to the media (especially from employees with clear obligations of confidentiality) fall foul of this law. But usually, there will be some substantial justification the media can use. They will be able to point to some significant way the public is being served by the release of the information that would otherwise be protected by the obligation of confidence.

Is there public interest here? I can’t see it. The information was to be publicly released in two days. The National Party could freely criticise it then. How are the public really made better off by learning of these criticisms two days in advance? Is there really any benefit to a matter of legitimate public concern that overrides the obvious – and perhaps even constitutional – confidentiality that attaches to budget papers?

Nor can National argue that it needed to release the information to hold the government to account for its bungling in allowing the leak. It could have made that case without actually releasing the data.

I think there is a better argument that it was against the public interest for National to have publicised the budget information they obtained.

What could National argue? The best I can come up with is: “We felt it was in the public interest to prick the balloon of spin that the government was floating about the budget being a ‘wellbeing’ budget, and itself revealing bits of it in advance, by providing the public with information that revealed these claims to be misleading. In this we were fulfilling our constitutional duty to hold the government to account. And we didn’t release any market sensitive information.”

I don’t think that works. They could make those arguments in two days time and the public would be no worse off. I also note that it turns on the accuracy of the criticism. If the numbers are wrong, or taken out of context, or do not really reveal any misleading government behaviour, that would undermine any attempt to say that the releases were in the public interest. Finally, the fact that the National Party was drip-feeding the leaks tells against any claim that the public needed to have the information urgently and couldn’t wait two days for the budget.

Treasury has been embarrassed by the leak of budget information, whether it was obtained legally or not.

I think that National could have acted with integrity in pointing out the flaw, but they went much further than this by playing politics – they acted on heir own interests rather than public interests. Except that if the public doesn’t like the way they have done things it may not be in their own interests.

I don’t think it enhances Simon Bridges’ leadership credentials. If he wanted to prove himself as a responsible leader he would have highlighted the bug without exploiting it for some short term (two day) political gain.

 

 

 

Treasury refer claimed hacking to police following budget leak

The budget leak publicised by National yesterday has got a lot murkier, with Treasury now saying they have been hacked. The matter has been referred to the police, but Leader of the Opposition Simon Bridges is unrepentant for trying to hijack Thursday’s budget announcement.

The leak looks embarrassing for the Government, and also for Treasury, but I think the leak stunt also reflects very poorly on Bridges and National. Bridges has demanded that Minister of Finance Grant Robertson resign over the leak.

1 News: Budget 2019 leaks by National came after Treasury was ‘deliberately and systematically hacked’

Earlier today the National Party leaked what it claimed were highly secretive details of the Government’s wellbeing Budget, due to be delivered on Thursday.

Treasury has confirmed in a statement it was the source of National’s Budget 2019 leaks today after its “systems were deliberately and systematically hacked”.

Confirming the hack this evening Treasury released the following statement:

“Following this morning’s media reports of a potential leak of Budget information, the Treasury has gathered sufficient evidence to indicate that its systems have been deliberately and systematically hacked.

“The Treasury has referred the matter to the Police on the advice of the National Cyber Security Centre.

“The Treasury takes the security of all the information it holds extremely seriously. It has taken immediate steps today to increase the security of all Budget-related information and will be undertaking a full review of information security processes.

“There is no evidence that any personal information held by the Treasury has been subject to this hacking.”

Responding to confirmation of the the hack, Finance Minister Grant Robertson said is a statement:

“This is extremely serious and is now a matter for the Police. We have contacted the National Party tonight to request that they do not release any further material, given that the Treasury said they have sufficient evidence that indicates the material is a result of a systematic hack and is now subject to a Police investigation.”

But Bridges continued on the attack:

If it turns out that budget documents were hacked from Treasury will Bridges resign for using hacked material to try to undermine the Government?