Leaking Digital Information
Some Unanswered Questions
In 2011 a Mr Dixon was employed by a security firm in Queenstown. One of the clients of the firm was Base Ltd which operated the Altitude Bar in Queenstown. Base had installed a closed circuit TV system in the bar.
In September 2011 the English rugby team was touring New Zealand as part of the Rugby World Cup. The captain of the team was Mr. Tindall. Mr. Tindall had recently married the Queen’s granddaughter. On 11 September, Mr. Tindall and several other team members visited Altitude Bar. During the evening there was an incident involving Mr. Tindall and a female patron, which was recorded on Base’s CCTV.
Mr. Dixon found out about the existence of the recording of Mr. Tindall and asked one of Base’s receptionists to download it onto the computer she used at work. She agreed, being under the impression that Mr. Dixon required it for legitimate work purposes. The receptionist located the file and saved it onto her desktop computer in the reception area. Mr. Dixon subsequently accessed that computer, located the relevant file and transferred it onto a USB stick belonging to him.
Mr. Dixon attempted to sell the footage but when that proved unsuccessful he posted it on a video-sharing site, resulting in a storm of publicity both in New Zealand and in the United Kingdom.
Do these facts sound familiar?
A complaint was laid with the Police and Mr Dixon was charged under s 249(1)(a) of the Crimes Act 1961.
That section provides as follows:
249 Accessing computer system for dishonest purpose
(1) Every one is liable to imprisonment for a term not exceeding 7 years who, directly or indirectly, accesses any computer system and thereby, dishonestly or by deception, and without claim of right,—
(a) obtains any property, privilege, service, pecuniary advantage, benefit, or valuable consideration;
The indictment against Mr Dixon alleged that he had “accessed a computer system and thereby dishonestly and without claim of right obtained property.”
The case went all the way to the Supreme Court [2015] NZSC 147. The issue was whether or not the digital file was “property”.
The Court suggested that the nature of property depended on context.
The context in Dixon was that of the computer crimes provisions of the Crimes Act 1961. This meant that within the context of computer crimes and the dishonest acquisition of property (among other things) a digital file fell within the ambit of “property”.
The file that Mr. Dixon copied on to his USB device were, as the Court described it, a compilation of sequenced images from a CCTV system that had an economic value and were capable of being sold and had a material presence – the association of medium and information.
The Court stated:
“… we have no doubt that the digital files at issue are property and not simply information. In summary, we consider that the digital files can be identified, have a value and are capable of being transferred to others.”
The issue of whether digital files can amount to property has been considered by the case of Henderson v Walker [2019] NZHC 2184 which held that digital data could be considered digital assets and therefore could amount to property.
There is a technical reason why this can be so in that a digital file can amount to property within the context of the logical file construct of a digital filing system.
Can a difference in data organization apply in other cases. The answer is yes on the basis of an examination of cryptocurrency in Ruscoe and Moor v Cryptopia Ltd [2020] ] NZHC 728.
The cases of Cryptopia and Henderson do give us is an analytical pathway to a consideration of whether the different flavours of digital data comprise property.
One thing is clear. The Supreme Court has held that a digital file may be property for the purposes of the Crimes Act.
Recently there has been considerable discussion in the news media about the leaking of security footage.
“a security guard passed the image to a third party without authorisation, and has since been fired, with Foodstuffs North Island (NI), which operates the Pak’nSave brand, apologising to Ghahraman, NZ Herald reported general counsel for the supermarket business, Julian Benefield saying.
“The store is deeply disappointed by the third-party subcontractor’s unauthorised disclosure and the store apologises to you for it.”
Some of the wider implications surrounding the gathering, storage and use of the security footage on the Auror crime reporting platform have been considered by Herald senior journalist David Fisher.
Sasha Borissenko who also writes for the Herald wrote about the leaking of security footage, focusing upon the issue of whether or not Golriz Ghahraman had committed an offence – she hadn’t as I made clear in my post “Blood in the Water”.
She segues off into a discussion of the “Big Brother” implications of CCTV coverage and then, inexplicably, states:
“Finally, in a digital age where civil liberties are rapidly eroding and the extreme far-right gains momentum, this all sits uncomfortably, knowing it’s possible that said footage could end up in the hands of those wanting to cause physical harm.”
Interesting comment given that the most egregious recent erosion of civil liberties in New Zealand occurred during the tenure of the Ardern/Hipkins Government. The reference to “extreme far right” maybe a throwaway or an unconscious slip. It is useful because it gives readers a perspective of the writer’s direction of travel.
Ms. Borissenko then analyses some fairly basic legal principles about shoplifting and then moves on to discuss the Rule of Law and the attempt (unsuccessful) of the Police to use the incident at Ms Ghahraman’s appeal as indicative of a tendency on her part to engage in this behaviour. That approach was rightly rejected. Difficult to work out the Rule of Law issue here. The issue of admissibility of evidence is a staple of the criminal law.
For some reason Ms Borissenko focusses on the Privacy Act and associated implications which seems to be the main thrust of the rest of her article and the checks and balances on retailers and police sharing of digital surveillance information.
But in the scurry to condemn the management of this information, the implications of privacy considerations and any oversight of the Auror system and Police use of it, something seems to have been lost in the rush, especially by Ms. Borissenko whose agenda seems to overlook the criminal law.
Which takes me back to the Dixon Case.
1. There was a digital file kept by the Auror system
2. A person accessed that file and “leaked” it
3. It is clear that person did not have authority to use the file in that way
4. It would seem that there may be evidence of the elements of an offence against section 249 of the Crimes Act.
Those who obtain digital files in dodgy circumstances and then “leak” them need to be careful lest they fall foul of the criminal law
The question falls to be answered regarding this recent case – was anyone charged with that offence?
And if not, why not?