Privacy concerns at Act's website stunt

By EUGENE BINGHAM political reporter

Internet privacy specialists are alarmed at Act's "naming and shaming" campaign identifying Government staff who have accessed its website.

Party leader Richard Prebble claims that Government MPs used the Act website to obtain information about the Employment Relations Bill.

He identified the Labour Party parliamentary research unit, MP Graham Kelly's executive secretary and a Government press secretary, Josie Harbutt, as visitors to the site.

Complicating the issue is the fact that Ms Harbutt was incorrectly identified. Her name was wrongly assigned to a computer within the Act office, meaning that it was not Ms Harbutt who accessed the site but an Act staff member.

Most times a computer user accesses a website, the computer leaves an identifying mark known as an IP address. Website owners are able to access lists of IP addresses belonging to those who have made a "hit."

A lawyer specialising in privacy issues, John Edwards, said the party's actions in divulging the information might be a technical breach of the Privacy Act, though it might not necessarily be liable.

He said that under the law, Act should disclose why it collected details of who was accessing its site and ensure that the information was accurate.

It might then be a breach to disclose that information. However, to be liable, it would have to be proven that the people named had been significantly humiliated and distressed.

Another lawyer, Don McIlroy, said he was concerned that Act had made public a "stupid" assumption that just because a person's IP address had shown up on a list that meant that he or she had visited the website.

"An e-mail address is very much like a phone number," Mr McIlroy said.

For that reason, he did not believe that it was personal information, although he held concerns.

Regular internet user and Herald web columnist Peter Sinclair said only the most naive surfers would not know that they left traces almost very time they accessed a website. This information was used to refine and fine-tune websites.

"Everyone accepts the need for it to be collected but I don't think anybody would accept it being published, certainly not without permission," Mr Sinclair said.

"How far are you going to take it? What if a porn site published all the people who have been to it?"

An Act spokesman said last night that the party had done nothing wrong. Its action was the same as publishing the names of people who had phoned or written in.