My response to these allegations has not altered from the time they were first put to me on 4 September 2001. I
reiterate that I do not accept responsibility for the leaks.
Deficiencies in the Inquiry
Refusing access to information
The fundamental deficiency in the report is that I have been refused access to the apparent evidence that the Inquiry
claimed to have found. This includes a large quantity of technical data which I wanted to have reviewed by my own IT
expert. Through my lawyer I offered to comply with any requirements of the Inquiry or Treasury to ensure security of the
information disclosed during this process. I consider that this has made the Inquiry process inherently unfair and
taints the final report.
Ignoring other sources of leaks (document 6)
The report makes much of document 6, the draft letter dated 26 June from the Minister to Dr Armstrong. The report
speculates that this could have only been leaked by whoever accessed to the computer using my password. This conclusion
of the Inquiry contradicts the advice given them by their own forensic IT engineers who have stated they cannot
eliminate the possibility that this leak did not originate from within Parliamentary Services or others at Parliament
who had access to the document in both electronic and hard copy. The elimination of this possibility does not appear to
have been addressed by the Inquiry. If the leak of that document could have occurred within Parliamentary Services, why
could not others have occurred from within the Ministers Offices or by anybody else within CCMAU? However, within the
report, there is no consideration at all of whether other persons who have had access to any of the identified documents
could have leaked them.
Ignoring other leaks
The Inquiry has also ignored leaks of documents prior to my period of engagement and has sought to exonerate anyone
other than me from blame, without providing any creditable evidence to support either claim. I am strongly of the
opinion that this Inquiry has been set up with such narrow focus that I have become a convenient scapegoat for leaks
that are now endemic throughout the Public Service. There is a fine line between narrow focus and tunnel vision, and I
consider that the Inquiry has crossed it. It is an example of the narrow focus of the report that a version of document
6, appears to be the subject of an article in the Herald of 25 June. I am not accused of being the source of that leak
because on the reports analysis the documents were not accessed until 26 June. It begs the question as to who was and
where did they get it? Whether it was Treasury, CCMAU, Parliamentary Services or Parliament itself is not investigated.
Yet the report is quick to exonerate Treasury as a source of the leaks and to damage my reputation.
Ignoring basic IT understanding (document 4)
During the course of the interview that took place on 4 September 2001, Mr Oughton stated that part of a document that
had appeared on the ACT website was an altered version of a document given to CCMAU only in hard copy format. He then
went on to say that traces of this document were found on the PC that serviced the scanner. He further stated that even
though the document on the website had been altered, a footnote on the document had maintained its relationship with the
applicable text, indicating that ACT had access to an electronic copy of that document. He therefore postulated that I
had scanned the document and transmitted the resulting electronic file to ACT.
Scanning would not recreate the internal electronic coding necessary to link a footnote to its applicable text, simply
because it had been scanned. If indeed the document that appeared on the ACT website had been obtained as an electronic
version, the evidence of the imbedded footnote means it must have been obtained as an original electronic document,
rather than a scanned copy. This means that the leaked version of document 4 came from somewhere other than CCMAU. As I
understand from the Inquiry the somewhere else that had it in electronic form was Treasury. Further no investigation
appears to have been done into who at CCMAU had the hard copy and how it could be accessed.
Because of the limitations of the Inquiry in being able to critically evaluate evidence gained from forensic IT
examinations, I have been placed in the position of having to do the work of the Inquiry. For example, it was only after
I had pointed out to the Inquiry their failure to check the CCMAU PC’s for evidence of secure deletion software that the
Inquiry undertook such a process. The careless investigative work of the Inquiry has given me the impression that unless
I somehow name the leaker along with his or her modus operandi, I must accept responsibility for the leaks by default.
In order to assist me in making responses to those allegations, which were often based on quite bizarre suggestions
about my conduct, I requested from the Inquiry access to the evidence upon which it had based the allegations. The
Inquiry chose not to provide the information as it was requested, making it impossible for me to comment or respond.
This resulting failure to respond in a manner that the Inquiry found acceptable, has meant that an inference has drawn
against me that I must be the person responsible.
Security Problems at CCMAU
Both my IT expert and the experts retained by the Inquiry agree the CCMAU computer systems were open to abuse. Some
relevant issues are as follows:
Access to the CCMAU offices
- The swipe card access to the offices only operated on entry and did not record who left and when.
- The PC with the scanner and CD burner was in an office directly off reception, not secured by the swipe card system
(n.b. reception was not always staffed).
- This unsecured office allowed further unsecured access into the other offices of CCMAU, thereby completely by passing
the swipe card.
- The secure door into the offices was on occasions left open.
- Accordingly there is no record of who was in the offices at any one time.
- Any of the computers at CCMAU could be logged on using a password (not a swipe card as erroneously reported by TVNZ
News on 27 September).
- More than one computer could be logged onto by the single user at any one time.
- The computers did not have automatic shut down. This means once logged onto the computer remained active, regardless
of whether the person who logged on using it or had left the office to go elsewhere. This includes the computer with the
CD burner in the unsecured office.
- There was no restriction on the type of password used. In my instance the password was made up of six letters,
including a first name and a suffix using two numbers.
- The computers did not prevent software being introduced by a user. This allows the introduction of “secure deletion”
software, which when properly used and removed covers any trail of unauthorised copying of material (again contrary to
the assertion of TVNZ News).
- Access to documents and physical document storage is uncontrolled, with no record of who has accessed particular
- Even the Inquiry IT experts concede that they can not place me at the machines at the relevant times.
30th July: Treasury instructs David Oughton to conduct Inquiry into alleged leaks of information pertaining to New
29th August: Dr Allan Bollard contacts my employer and informs him that he has incontrovertible evidence that I am the
source of the CCMAU leaks. As at this date, I have not been apprised of any allegation by the Inquiry about me.
30th August: I am notified that I am under suspicion as being the source of the CCMAU leaks and my employer places me on
a period of indefinite leave.
31st August: Chen & Palmer’s political newsletter cum gossip sheet carries a brief summary of the findings of the Inquiry. As at that date,
I was still to be fully appraised of the allegations against me, yet the Inquiry’s conclusions had already found its way
into the public arena.
4th September: the specifics of the allegations are put to me in a 70-minute interview with the Inquiry.
5th September: Dr Bollard releases a press statement saying he anticipates making a public statement on the results of
the inquiry the following Wednesday. As at the date of the press release, I was still considering the information and
allegations put to me only the day before. I find it difficult to understand how Dr Bollard could have assumed that the
inquiry would be complete and public within another week, when my response had not been received and it was highly
likely that I would require further information and access to source material before being able to do so.
10th September: Through my lawyer I provide a written response to the Inquiry’s interview. In that letter I sought, as a
matter of natural justice, access to the Inquiry’s apparent evidence and sought answers to specific questions relating
to the conduct of the Inquiry. Dr Bollard releases another press statement saying that he had received a draft of the
12th September: the Crown Law Office send me a draft version of the Inquiry’s final report, refusing to provide access
to the information sought and refusing to answer any of the questions I had posed in my initial response. The Inquiry
demanded a response to the report by 17th September.
14th September: I respond to the initial draft of the Inquiry’s report, rejecting its findings and again seeking the
information necessary for me to properly answer the allegations. Chen & Palmer’s political newsletter cum gossip sheet of the same date again carries reference to the progress of the report
that clearly indicates inside knowledge. This edition also indicates knowledge not just of the report but also the
content of my legal representatives 10th September correspondence with the Inquiry.
17th September: At my request a meeting is held between my IT expert and those used by the Inquiry. This confirms that
the Inquiry IT experts can not exclude those who had access to the apparent crucial document 4 in the report from having
the opportunity to leak it in its “unique form”. The Inquiry’s IT experts further confirm security deficiencies at
CCMAU, that the computer system is open to abuse and that they can not physically put me at the computers accessed with
my password. The Crown law office responds to my lawyer’s letter of 14 September again refusing to provide the requested
18th September: the NZ Herald carries a story that the inquiry into the leaked documents had been completed and the
culprit identified. As at that date, my response to the Inquiry’s draft report was still being prepared.
19th September: through my lawyer I respond to the Crown Law Office’s letter, again protesting at the refusal to provide
the information sought.
20th September: the Dominion, the Evening Post and the Southland Times carry a story that the probe into the leaked
documents had been completed. As at that date, my response to the Inquiry’s draft report was still being prepared, so
again I fail to see how a final copy of the report could have been presented, unless it was predetermined that my
response would not affect the Inquiry’s findings. I respond to the draft report of 10 September rejecting its findings
and setting out deficiencies as best I am able in the absence of the requested information.
24th September: the Crown Law Office supplies a further draft of the Inquiry’s report to comment on, asking for a
response by 26th September.
25th September: a “secure deletion” check is conducted by the Inquiry on the CCMAU PC’s to determine if software has
been introduced that allows the copying of information and subsequent removal of evidence without leaving a traceable
trail. This check can not exclude the possibility of such software being used by staff at CCMAU.
26th September: I respond to the further draft, again rejecting its findings. The final version of the report is sent by
David Oughton to Treasury. The report in this version does not name me.
27th September: the report is released to the public. I am named in it as the password holder whose password was used to
access computers through which it is alleged the leaks occurred.