back to article Activist raided by police after downloading London property firm's 'confidential' meeting minutes from Google Search

A man who viewed documents online for a controversial London property development and shared them on social media was raided by police after developers claimed there had been a break-in to their systems. The raid by four Metropolitan Police constables took place after Southwark campaigner Robert Hutchinson was reportedly …

  1. This post has been deleted by its author

    1. 2+2=5 Silver badge

      Simpler than that: Google links to the originals. So he finds a link on Google, follows it, and his IP address is in their server logs. No mystery there.

      What he should have done is save a screenshot or PDF of the search results page rather than re-publish the docs himself. But he's not a professional activist nor investigative journalist so that's not really a surprise.

      If these docs have actually been indexed by Google then someone at Leathermarket needs to be given a Police caution for wasting police time at the very least.

      1. tip pc Silver badge

        "If these docs have actually been indexed by Google then someone at Leathermarket needs to be given a Police caution for wasting police time at the very least."

        I'd suggest that the board need to have a dawn raid, followed by arrest, interrogation then release under caution for a few months.

        Might sharpen a few minds.

        1. NoneSuch Silver badge
          FAIL

          "He was taken into custody and later released under investigation. Following a review of all available evidence, it was determined no offences had been committed and no further action was taken."

          Is it too much to ask that the "available evidence" be reviewed BEFORE depriving someone of their liberty? Or is that too much to ask.

          1. Anonymous Coward
            Anonymous Coward

            > Is it too much to ask that the "available evidence" be reviewed BEFORE depriving someone of their liberty? Or is that too much to ask.

            It's a subtle way to say you did nothing wrong but don't ever do it again

            AC because I received this very message

            1. ShadowDragon8685

              To which the best antidote is media attention.

              If they do it once, you can't stop them, and media attention obviously cannot alter the past.

              If they do it twice with media attention, it starts looking like harassment.

              If they do it thrice, then even in the UK, you should be able to strap their asses over a barrel and have solicitors lining up to sue the ever-loving shite out of them on spec.

          2. Trigonoceps occipitalis Silver badge

            Arrest

            One reason for police arrest (in the UK at least) is preservation of evidence. I agree that it is better to review the evidence before arrest but when dealing with what can be very mutable and ephemeral data, arrest and seizure of devices may be justified.

            On balance I would say that this was not the case here.

            1. Falmari Silver badge

              Re: Arrest

              @Trigonoceps occipitalis "On balance I would say that this was not the case here."

              It was most certainly was not the case here.

              I agree one reason for arrest is the preservation of evidence and the gathering of more evidence. But that's not the case here because they arrested Hutchinson before they even had evidence that a crime had been committed.

              When a crime is reported you don't just take the word of the person who reported it and arrest someone.

              Leathermarket CBS made a false report to the police and at the minimum should be charged with wasting police time.

              1. Cav

                Re: Arrest

                They didn't make a false report: "When it came to the CBS's attention that confidential information had been accessed and subsequently shared via Twitter, the CBS made a general report of the data breach to the police.". The police asked for the IP log and decided to proceed having determined who accessed the website.

                A false report is a deliberately wrong report. The company may be incompetent, in not keeping their data secure and in not realizing that it was accessed without illegal entry to their systems, but can't be accused of deliberate malice.

                1. Falmari Silver badge

                  Re: Arrest

                  It was still false there was no data breach, just because they were mistaken does not make it any less false.

                  They were incompetent jumped to conclusions and made a false report, it is still wasting police time.

                  1. ShadowDragon8685

                    Re: Arrest

                    > It was still false there was no data breach, just because they were mistaken does not make it any less false.

                    > They were incompetent jumped to conclusions and made a false report, it is still wasting police time.

                    Do you really want to set the precedent that persons making an innocent mistake in reporting a happenstance to the police get in trouble? Because that sounds an awful lot like the case of Kitty Genovese to me. Look it up for yourself and be forewarned: it is grim and has more trigger action than a military small arms firing range.

                  2. gnasher729 Silver badge

                    Re: Arrest

                    Being incompetent doesn’t make it a false report. It would be a false report if they knew he was innocent. And just because the data could be found through Google doesn’t mean a hacker couldn’t hack their password protected website.

          3. AndrueC Silver badge
            Holmes

            Arresting someone provides the following benefits to society:

            * Prevents them harming life or property (especially evidence) while further investigations are undertaken.

            * Provides a legal framework for interview requiring that the arrestee be provided with access to legal council.

            In the UK at least being arrested then released without charge has pretty much no long term consequences. It won't show up on any except the highest level of criminal record check so doesn't matter unless you're applying for a really sensitive job. Even then it will be clearly marked as 'without charge' so only a paranoid or stupid recruiter would care about it.

            Granted being detained for a day or two is disruptive but if you accuse someone of a crime then allow them to go home for a couple of days while you investigate any evidence may well vanish down the sewer system.

            At least in the UK the vast majority of arrested and even charged people get to go home after a couple of days without having to pay any money. In the so-called 'land of the free' a disturbing number of people can languish in prison for weeks, months or even years despite never having been found guilty purely because they don't have enough money to buy their freedom.

            1. Anonymous Coward
              Anonymous Coward

              No long term consequences you say? Trying to go to the US is one.. Just being arrested anywhere in the world makes you ineligible for an ESTA for the rest of your life.. And I'm not sure you want to withhold the information as if they find out, they might ban you from ever going there..

              one would hope they also "de-arrested" him as well as released without charge..

              1. AndrueC Silver badge
                Meh

                No long term consequences you say? Trying to go to the US is one.. Just being arrested anywhere in the world makes you ineligible for an ESTA for the rest of your life

                Alright then, no negative long term consequences :D

                But of course what I meant is that there are no consequences for Britons living their lives in Britain. It doesn't affect your job prospects or your standing in society. Contrast that with the US where being arrested and released without charge can blight your life for years and require you to pay money to have the record expunged. Utterly disgusting.

                The British legal system cannot be held responsible for restrictions imposed on its citizens by other nations. The US reaction just sounds like another example of its warped legal system. Anyway you can still visit the USA if you really want to. You just have to apply for a visa as someone I know had to.

  2. Eclectic Man Silver badge

    I wonder

    how diligent Leathermarket will be in seeking out the source of the breach from their side? Particularly if it turns out to be due to some poor IT security that they declined to pay to be upgraded? Having a Pa55w0rD protected web site is all very well, but there are far too may articles on the Register to refer to them all on how these things can easily fail.

    Only time will tell.

    1. katrinab Silver badge
      Flame

      Re: I wonder

      Even if the password was "password", that would be sufficient for a CMA prosecution.

      The fact that it was indexed on Google and directly accesible means that no password was required at all to access the data.

      1. Triggerfish

        Re: I wonder

        I often look up tech, suprsing how many in house documents etc end up being indexed, if not on the companies own website often on someone else's it has been shared with. I had to backtrack who made some rebadged tech once (ended up being some company on China) , found it because one company who had rebranded hadn't changed some info on their page and it was displaying in Chinese at the top.

        Slack web security would not be a suprise.

        1. Snake Silver badge

          Re: slack web security

          Upvote, my thoughts exactly.

          A careful re-read of the screengrab shows the Google links lead directly to Leathermarket's own web servers, not some hacker / third-party. So the "breach" was either incompetence or someone intentionally setting the document's permissions to public.

          1. Nunyabiznes

            Re: slack web security

            I wonder if it could be someone internal to Leathermarket that, due to lack of proper security policy, was able to leave certain data accessible without (legal) repercussion. Someone quietly supportive of the opposition to LM's plans, but also wishful of continued employment.

            If so, beers to them.

            *Personal conspiracy theory not related to any hard data provided in article*

            1. Aitor 1 Silver badge

              Re: slack web security

              It is illegal for them not to have proper security.. but hey, no consequence for that.

              1. Doctor Syntax Silver badge

                Re: slack web security

                Illegal on what basis? There's nothing in the report to say it would have come under GDPR. It doesn't appear to have been a plc so it seems unlikely that there would have been any financial regulatory implications. AFAICS they might well have regarded it as commercially confidential information in which case their only responsibility would have been to themselves.

                1. Snake Silver badge

                  Re: illegal basis

                  I am pretty sure it was a healthy use of /s

                2. The Mole

                  Re: slack web security

                  The document containing a list of 100 tenants/ prospective tenants/ supportive parties would put it under GDPR

                  1. Cederic Silver badge

                    Re: slack web security

                    The excerpt cited in the article referenced a list of 100 tenants, but didn't actually list them.

                    It feels unlikely the meeting minutes would include such a list.

        2. Eclectic Man Silver badge
          Facepalm

          Re: Aside - MS Word metadata

          Triggerfish: "one company who had rebranded hadn't changed some info"

          Working for a consultancy company* we would consult on similar work for various client companies, and re-use documents. I raised an alert once that although we would change the text in the documents to be specific to the client, we often left the metadata alone. So a document for 'Bank of Grandpapa' for example would have metadata that said it had been created by someone other than the author credited on the front page for a completely different bank, maybe 'Bank of Mum and Dad'. As we supplied electronic as well as hard copy deliverables, this could prove embarrassing if the original client happened to be a direct competitor (as was often the case).

          I don't think that we ever had any complaints about this but I do wonder whether any of the clients (some of whom were actually quite intelligent) noticed.

          *Someone's got to do it, sorry.

      2. Doctor Syntax Silver badge

        Re: I wonder

        "The fact that it was indexed on Google and directly accesible means that no password was required at all to access the data."

        And if they'd reviewed the logs properly Google's crawler should have been in there as well. Didn't they arrest anyone from Google?

      3. Anonymous Coward
        Anonymous Coward

        Re: I wonder

        Maybe it shouldn't be. Time to stop coddling people who control 100s of thousands in legal tender and hold them responsible for their abject stupidity, laziness and deflection. Computer security (not the popular culture "cybersecurity": which is a brand designed to attract media attention and the patronage of idiot executives), is just not that hard. Failing at it the way that happened here should at a minimum lead to derision and shame, and perhaps at career-ending event depending on the circumstances.

        1. Eclectic Man Silver badge
          Joke

          Re: I wonder

          I say! That would attack the whole basis of the carefully preserved feudal society disguised as democracy that has served the rich and powerful in the UK so well for centuries.

    2. Tom 7 Silver badge

      Re: I wonder

      I've seen this flaw before - you are in a directory with a list of files and sub directories, click on a protected directory and it asks for a password. Add the name of the directory to the url and in you go no problems.

  3. Steve Button

    Loss of income? Inconvenience?

    Is there any recourse, or do the property firm get away with the "punishment" that they have given someone for having them arrested and questioned?

    Seems that some compensation should be in order, partly from the property company and partly from the Policy (or the CPS) for not doing any form of checks before arresting someone?

    1. John Robson Silver badge

      Re: Loss of income? Inconvenience?

      No - the police appear to have done everything correct here.

      The property company however...

      1. ForthIsNotDead
        Black Helicopters

        Re: Loss of income? Inconvenience?

        I was thinking the same thing - at the very least I would want assurances (and confirmation) that any subsequent entries on my 'record' in the police database would make the situation for my arrest and subsequent release without charge crystal clear.

        Then I would turn my lawyers on the housing developers.

      2. Just Enough

        Re: Loss of income? Inconvenience?

        "the police appear to have done everything correct here."

        Is it not usual practice to investigate before arresting? They could have even asked him what happened as part of their investigation. I think he'd would have happily helped.

        Otherwise, what's stopping anyone naming a culprit on zero evidence and getting them arrested?

        1. John Robson Silver badge

          Re: Loss of income? Inconvenience?

          Not necessarily - preservation of evidence is likely a key determination of when people are arrested or just questioned - additionally there was pretty clear evidence that the files had been downloaded and shared.

          1. Doctor Syntax Silver badge

            Re: Loss of income? Inconvenience?

            If the files were sitting around openly on the web then the expectation should have been that this could happen. If they didn't want that they shouldn't have left them sitting around in the open but it was entirely their own fault that they didn't ensure reality and intent didn't match.

        2. Anonymous Coward
          Anonymous Coward

          Re: Loss of income? Inconvenience?

          > Otherwise, what's stopping anyone naming a culprit on zero evidence and getting them arrested?

          Err, that happens. People have not only been arrested, but shot dead.

        3. Cliffwilliams44 Bronze badge

          Re: Loss of income? Inconvenience?

          Disclaimer: I am completely ignorant of UK Law.

          Was he arrested & booked? (In the US booked means that charges are officially files)

          In the US you can be detained, taken into custody and evidence preserved. Then questioned and initial evidence reviewed, if then you are found not to be a viable suspect you are released without any "official" record.

          1. sketharaman

            Re: Loss of income? Inconvenience?

            True but, in the USA, AFAIK, "Probable Cause" is required to get an arrest warrant. Question is, was there probable cause in this incident? Given that the said document was clearly an internal company document, the answer appears to be yes. But, given that it was downloaded from a public domain website, the answer would be no. Tricky as it is, it becomes trickier considering that evidence gathered without probable cause would be inadmissable after the booking / arraignment stage.

            1. Falmari Silver badge

              Re: Loss of income? Inconvenience?

              @sketharaman "Probable Cause" is very easy to argue after the event if evidence is found. Hell it does not even have to be probable cause for the crime you end up being charged with, just probable cause for a crime. In the UK police can arrest you and think about Probable Cause after.

              When I was 26 I was stopped by police at 2 AM. I had just got back from a Banshees gig parked up the car and walking the 200 yards to my house when a patrol car pulled up. The two officers stopped and questioned me and then asked to search me. When I refused they said they would arrest me and search at the station. So I agreed to the search which was not far short of a strip search, left only wearing my underpants.

              Now if they had found anything on me like drugs, I am sure they would have be able to come up with a probable cause.

              @Cliffwilliams44 all arrests in the UK are stored on the PNC regardless of there being a charge.

              1. genghis_uk Silver badge

                Re: Loss of income? Inconvenience?

                For info:

                https://www.gov.uk/police-powers-to-stop-and-search-your-rights

                They should have probable cause and they can't arrest you just for refusing to answer questions

                "You don’t have to stop or answer any questions. If you don’t and there’s no other reason to suspect you, then this alone can’t be used as a reason to search or arrest you"

                The only reason they could implement a stop and search without cause is if you happened to be in an area that was being targetted due to something else going on (and that has to be authorised at senior level)

                They know this but they rely on people being ignorant of their rights

        4. gnasher729 Silver badge

          Re: Loss of income? Inconvenience?

          They did. They were shown a password protected website. They were shown published files copied from the password protected website. They found an IP address and found the activist.

          So the arrest was legit. There was plenty of evidence that he was guilty. He had plenty of evidence that he was innocent. If the police was only allowed to arrest people who are guilty, we wouldn’t need courts, would you?

      3. Anonymous Coward
        Anonymous Coward

        Re: Loss of income? Inconvenience?

        "No - the police appear to have done everything correct here."

        The Police arrested someone just on the basis that a company said their documents had been stolen, without checking what policies were in place to make sure the data was secure in the first place.

        Clearly, the property developer should have also immediately self reported to the ICO, did the Police advise they do this or just ignore that part?

        Because if there is no self reporting, there is potential here for companies to set up so called 'Honeypots' of data to draw in their opponents, by placing controversial documents online in an insecure manner, then make their opponents life hell, by reporting the IP Addresses of anyone that downloads them, so called 'leaks' to the Police.

        Something doesn't add up here, with this case.

        1. TimMaher Silver badge
          Facepalm

          Re: ICO

          My thought exactly.

          If they exposed confidential data to Google, such as a list of their targets, they should get a serious smack from the ICO.

        2. tiggity Silver badge

          Re: Loss of income? Inconvenience?

          Has the look of a setup to me, or at least malicious accusation.

          Rule of thumb, 99% of property developers are scum

          1. Arthur the cat Silver badge

            Re: Loss of income? Inconvenience?

            Rule of thumb, 99% of property developers are scum

            Sadly I have only one upvote to give.

            The ones plaguing my neighbourhood have at least been jailed for money laundering.

          2. Marty McFly Silver badge
            Holmes

            Re: Loss of income? Inconvenience?

            Developers are scum??

            Here is a question for you... Do you know the difference between a developer and an environmentalist??

            An environmentalist already has their house in the woods.

        3. Kevin Johnston

          Re: Loss of income? Inconvenience?

          The article mentions that the docs disappeared from Google 3 months before the arrest so it is possible, almost a certainty actually, that the company fixed the issue and then reported the 'theft of documents'. This would mean that when the police checked they could not be accessed without logging in through the site hence they must have been 'hacked'

        4. Doctor Syntax Silver badge

          Re: Loss of income? Inconvenience?

          "Clearly, the property developer should have also immediately self reported to the ICO"

          Only if the data was of a nature that required that.

        5. MarkSitkowski

          Re: Loss of income? Inconvenience?

          In the US, there's an extension to this method of involving the police without evidence, known as 'SWATting'. Usually with more serious results.

        6. gnasher729 Silver badge

          Re: Loss of income? Inconvenience?

          You give a very good reason why he was released. But what you are saying is basically “they should have investigated before they investigated”. If a burglar comes into your home, would you ask the police to act that way?

    2. Flak
      Flame

      Re: Loss of income? Inconvenience?

      Guilty until proven innocent - with all of the above that it brings...

      1. Cav

        Re: Loss of income? Inconvenience?

        That isn't true at all. Many people are arrested and then released. There has to be an investigation and for many crimes, the accused has to be held securely, so that they can't tamper with evidence, potentially commit further crimes or disappear. You are only guilty once the courts decide that to be the case.

    3. DrewWyatt

      Re: Loss of income? Inconvenience?

      The loss could be much more substantial than that. I used to work for a large, multinational company that had as a clause in the terms of employment that being arrested was considered an instant dismissal offence. I asked HR about it and they told me that even if you were innocent, there would be disruption to your working life while you proved it, which would make you less effective doing your job and would involve substantial time off work, so it was in the companies best interest to sever ties as early as possible, especially if it turned out you were guilty.

      1. Cliffwilliams44 Bronze badge

        Re: Loss of income? Inconvenience?

        In the US, you can be seriously sued for a policy like that,

        They can have a policy that a criminal conviction can get you fired but not just an arrest, As anyone can get arrested by being falsely accused.

        There used to be employment application questions here like "Have you ever been arrested?" which has led to many law suits for discriminatory hiring practices.

        They have been replaced with "Have you ever been convicted of a crime in a court law?"

        BTW: If a policy like that were allowed to stand a policy that states: "If you get injured and require a hospital stay you will be immediately dismissed." Because it is taking away from your work time.

  4. Howard Sway Silver badge

    a property development firm that wants to build flats over a children's caged ball court

    then sets the police on those who object on the basis that they're supposed to have illegally gained access to stuff that could be found with a simple Google search.

    Lovely.

    Please do let them know if there's any orphanages or hospitals they can make money out of bulldozing. Alternatively, I'd hope that the police might not be too keen on wasting their time investigating any more allegations made by this bunch of you know whats..

    1. Anonymous Coward
      Anonymous Coward

      Re: a property development firm that wants to build flats over a children's caged ball court

      I googled and found a picture of the LeatherMarket CBS board meeting. Anonymous because I don't want plod coming around.

      http://thedarkcrystal.weebly.com/uploads/4/0/5/4/4054921/9153356.png?669

      1. Anonymous Coward
        Anonymous Coward

        Re: a property development firm that wants to build flats over a children's caged ball court

        Lol, had a feeling that's what the image was, based on the domain.

  5. Anonymous Coward
    Anonymous Coward

    Met police cybercrime unit ?

    Robert Hutchinson asked why the "Met police cybercrime unit" didn't check the website's security before arresting him. Does the Met Police even have a cybercrime unit? I thought that cybercrime was investigated by the National Crime Agency (they run the ActionFraud report-line) rather than individual forces.

    Gven that most of the information on the NCA's site is about serious organised crime, I somehow doubt that they were involved with this. So who in the police did check the website logs?

    1. katrinab Silver badge
      Meh

      Re: Met police cybercrime unit ?

      For "serious" matters yes. I think it is City of London Police that do the actual investigating. The Met does terrorism for the whole country, including Scotland.

      But someone downloading "confidential" board minutes isn't that serious when there is a huge epidemic of ransomware attacks going on, so I guess it would be done at a very local level.

      1. Anonymous Coward
        Anonymous Coward

        Re: Met police cybercrime unit ?

        (AC above). I agree that the NCA (or City of London Police) wouldn't have been involved, and it would have been done at a very local level. But does the Met have cybercrime specialists at the local level?

        Isn't it more likely that, as Hutchinson himself said "it doesn't add up", and that the initial inspection of the website logs was more along the lines of someone from the CBS saying to a Met officer "look, this IP address accessed the documents. You need to arrest them." Then, after his arrest, and him saying "I just googled them and downloaded it" the officer went back to the CBS, who shuffled their feet and finally admitted "Ah. We did reorganise the website a few months ago for... reasons. I suppose it's possible that they were publicly accessible for a bit from the old location..."

        Officer rolls eyes, makes sharp remark about wasting their time, case closed, move along nothing to see here.

        Which then begs the question, what did the CBS say to persuade the Met to take the case up in the first place? "Man reads meeting minutes" is hardly the crime of the century is it?

        1. TomPhan

          Re: Met police cybercrime unit ?

          Possibly a funny handshake was involved.

    2. mark l 2 Silver badge

      Re: Met police cybercrime unit ?

      When I reported a theft of £300 worth of laptop to the MET all i got was a crime reference number and told I wouldn't even get a call back never mind any investigation into it. Because the likely hood of them catching someone for it and getting a successful prosecution was low. Whereas this seems like an easy crime to investigate and get their stats up, they have the guys IP and Facebook account so nothing to loose by investigating.

      Of course it could also be that from looking at that list of directors at Leathermarket, they could have some friends in high places who could pull strings at the MET on their behalf to get this investigated?

      1. sketharaman

        Re: Met police cybercrime unit ?

        Of all the explanations for this incident that I've read in the article and comments, yours is easily the most plausible one:)

    3. Anonymous Coward
      Anonymous Coward

      Re: Met police cybercrime unit ?

      Maybe the cyber crime unit is staffed by some of the Met's latest recruits.

      https://www.theguardian.com/uk-news/2021/jul/17/revealed-police-trainees-violence-and-dishonesty

  6. ancilevien74

    In France, someone was convicted for nearly the same thing

    Bluetouff (https://twitter.com/bluetouff ) got access to documents via a google search. These documents were not protected, but the admin thought they were.

    He was order to pay 3000€ and registration on his criminal record.

    In French: https://www.lepetitjuriste.fr/laffaire-bluetouff-condamne-pour-vol-de-donnees-librement-accessibles/

    In French with paywall from the news site he was working for: https://reflets.info/articles/notre-pourvoi-en-cassation-est-rejete

    1. Peter2 Silver badge

      Re: In France, someone was convicted for nearly the same thing

      That's France though, and an excellent example of why businesses from all over the world come to England to use our courts to settle disputes; they produce outcomes that make sense.

      1. Anonymous Coward
        Anonymous Coward

        Re: In France, someone was convicted for nearly the same thing

        "[the courts in England]... produce outcomes that make sense."

        Not all of the time. The Daniel Cuthbert case from 2005 springs to mind. Don't go adding ../../../ to any web addresses you visit now.

        1. tip pc Silver badge

          Re: In France, someone was convicted for nearly the same thing

          care to drop a link to what you mean?

          1. Anonymous Coward
            Anonymous Coward

            Re: In France, someone was convicted for nearly the same thing

            Comment on the case is here:

            https://www.theregister.com/2005/10/11/tsunami_hacker_followup/

            The Register covered the trial - searching for "Daniel Cuthbert" using their search tool will return other relevant articles.

            He donated to a disaster-relief fund online, but after he had paid, he became worried that the site was fake, so added ../../../ to the address in the address bar. This triggered some sort of alert on the server, and he was convicted for unauthorised access to the server under the Computer Misuse Act.

            1. gnasher729 Silver badge

              Re: In France, someone was convicted for nearly the same thing

              To me, with a bit of knowledge how URLs work, it is obvious that inserting../ in a URL _might_ allow me access to badly protected content. So that’s something I might try when trying to access things I’m not authorised to access.

              When you hack into a computer it doesn’t make a difference how badly protected the contents is, as long as hacking is involved. The ../ can be considered hacking, going on Google not. If there is a link to “Report March 2021” but none to “Report April 2021”, whether entering the changed link is hacking would be very dubious.

        2. Phones Sheridan

          Re: In France, someone was convicted for nearly the same thing

          It wasn't the ../../../ that got him in trouble. It was that he self-admittedly ran penetration tests, i.e. he hacked it. A lot of the media didn't really mention that part, they just focussed on the ../../../

          https://www.computerworld.com/article/2560498/why-judgment-matters-in-a-security-professional.html

      2. Potemkine! Silver badge

        Re: In France, someone was convicted for nearly the same thing

        UK is like France. When the State wants somebody to be condemned, the courts follow the State.

    2. Potemkine! Silver badge

      Re: In France, someone was convicted for nearly the same thing

      It's a little bit more complicated. Discharged in a first trial, Bluetouff was finally condemned because he recognized having seen a login page on the server. The second court decided it was a proof he knew the access was illegal, even if he reached that server with Google. The decision was absolutely scandalous, and the State through the different Procurators made whatever possible to make Bluetouff condemned.

      Unless you are part of the judicial system, you have very few possibilities to avoid the wrath of the State.

  7. tip pc Silver badge

    And Apple think it's ok to check all your photos

    This is just yet another example of over reach.

    Instead of the police working to safeguard its citizen the police brought harm to its citizen.

    Being arrested and treated like a criminal is not harmless.

    I'd like to see all authorities disclose all data they hold on each citizen.

    been investigated by the police or any other authority then they should tell that person they've been investigated.

    No one should be compiling secret, yes undisclosed is effectively secret, data sets on anyone.

  8. Mike 137 Silver badge

    Reasoning

    "Board reports, none of which were marked confidential. So I have no question that it was in the public domain"

    "Exposed to the public" is not quite what "public domain" means actually.

    However if the documents were unprotected (even if accidentally or negligently) and not marked confidential it's not quite clear what statute has been breached. Indeed "Following a review of all available evidence, it was determined no offences had been committed", so this was most likely a heavy handed response due to him being an "activist".

  9. low_resolution_foxxes Silver badge

    Interesting.

    At least plod reviewed and decided no crime had been committed.

    Silly question, why were the blessed things uploaded to a website?

    1. Doctor Syntax Silver badge

      If, however, he was actually arrested rather than just questioned it would appear to have been done in the wrong order. At the very least they seem to have risked a wrongful arrest suit.

      1. Anonymous Coward
        Anonymous Coward

        Don't worry, it'll soon be a crime itself to be arrested without cause.

        1. Bob Scrantzen

          During Thatcher's 1980s reign, 'The Miners' Strike', some Miners were arrested.

          When they came to Court, the ONLY Charge was 'Resisting Arrest'

          1. TDog

            Bit dodgy

            In UK resisting arrest can be an offence. So if, for example you chucked a brick at someone and the police arrested you then you could be resisting arrest if you took a swing at the officer. The police (pre CPS days) may well decide they had insufficient evidence to prove you chucked the brick but you could still be guilty of resisting arrest.

            So not necessarily evil or malicious. I understand that in some countries the officer just checks the colour of the suspect and either bludgeons, suffocates or shoots the alleged perpetrator dependant on the targets hue.

  10. a_yank_lurker Silver badge

    Really?

    This sounds like sloppy internal IT if it is available on a Google search. May be they should not have let the intern upload the minutes.

    1. Jonathan Richards 1 Silver badge
      Alert

      Re: Really?

      Maybe someone thought that robots.txt would be the answer to keeping the pages away from Google? I have to say that I thought so, right up until I read:

      A robots.txt file tells search engine crawlers which URLs the crawler can access on your site. This is used mainly to avoid overloading your site with requests; it is not a mechanism for keeping a web page out of Google. To keep a web page out of Google, block indexing with noindex or password-protect the page.

      Source: https://developers.google.com/search/docs/advanced/robots/intro

  11. tenderj67

    Arrest Necessity

    The police have clearly failed to apply PACE, there was no necessity for his arrest, in that it could have been easily established that no offence had taken place. Furthermore, in the event that there was some specific question as to his conduct the matter could have been resolved by appointment in a PACE compliant interview. The only justification for arrest is the preservation of evidence, which in this case does not appear to have been a valid consideration.

    The arrested party should consult a solicitor and bring legal proceedings for false arrest.

    1. Andy J

      Re: Arrest Necessity

      Would you care to be specific about which part of PACE was not followed? Section 24 provides that any constable can arrest a person who he reasonably suspects has committed or is about to commit a criminal offence and where the constable has reasonable grounds for believing the person's arrest is necessary. PACE provides for a number of Codes of Practice, the relevant one here being code G covering the statutory power of arrest by police officers. In paragraph 2.9 of the Code, there is an exhaustive list of the grounds on which arrest may be considered necessary. I'll pick out just a few which might just have been applicable in this case:

      "(e) to allow the prompt and effective investigation of the offence or the conduct of the person in question ... when the suspect is found in possession of incriminating objects ...it is thought likely that the person may steal or destroy evidence ... there is a need to enter and search any premises occupied by the arrested person ... it is necessary to secure or preserve evidence in connection with a recordable offence."

      Given that the alleged offence concerned the misue of computers, it goes without saying that the police would want to seize any computer or device likely to have been used to commit the alleged offence.

      PACE also contains a system of checks and balances. Once the arresting officer had got his suspect back to the custody suite he would have to convince the custody sergeant that the grounds for arrest were justified. OK I admit this is a pretty low hurdle, but the custody sergeant has a statutory duty (section 37) to ensure these grounds are reasonable. The detained person can then ask to speak to a solicitor who would soon challenge any obvious abuse of the power of arrest.

      Not saying that he should have been arrested, but I can't see any reason for thinking that PACE was not followed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Arrest Necessity

        The key sentence there is: "when the suspect is found in possession of incriminating objects", if you're setting up a Police raid on someone's property, might be a good idea to make doubly sure 'incriminating objects' are actually incriminating objects.

  12. Doctor Syntax Silver badge

    It's not all bad

    They seem to have achieved a Streisand result.

  13. Dante Alighieri
    Devil

    Tardis

    so one board member resigned in 2018 and was appointed in 2019 - fixing the website seems to have scrambled causality

  14. ChrisBedford

    Pet Peeve

    I know I'm being 'anal' but it really gets up my nose when people say "it's on Google" or "I downloaded it from Google". NO YOU F%^**ING DIDN'T you SEARCHED for it on Google. You downloaded it from wherever Google pointed you, dammit.

    1. hayzoos

      Re: Pet Peeve

      I now suppose you are going to tell me that Google is not the Internet.

      1. Tim99 Silver badge

        Re: Pet Peeve

        You mean it isn't Yahoo! ?

  15. redpola

    A better title for this story would be

    “Clueless IT admin misconfigures web server and is charged with wasting police time”

  16. Efer Brick

    Great publicity for the campaign though

    Let's see how far it goes.

  17. Anonymous Coward
    Anonymous Coward

    Ha.......cyber crime is sexy............

    ...........but people doing 70mph in a 30mph zone can be ignored all over London. Someone is going to get killed........but speeding isn't nearly as sexy as "cyber crime".

    *

    So.....the message here is clear......if you have a beef with someone, just tell the plod that they are committing a "cyber crime".......immediate harassment and arrest! But if you complain about Ferraris speeding on narrow streets.......the plod just tell you to f**k off!!! Your taxpayer dollar at work!!!

  18. Fazal Majid

    Isn’t making false statements to the police an offense?

    And couldn’t he sue them for that?

    1. gnasher729 Silver badge

      Re: Isn’t making false statements to the police an offense?

      What false statement? The company had a password protected website. Files from the password protected website turned up on the internet. And they had the up address of someone downloading the files.

      Did they tell the police “it is impossible to download the files other than having the password or hacking into our site”, that would still not be a false statement but a mistake.

  19. Anonymous Coward
    Anonymous Coward

    Sounds like poor system admin.

    If it's illegal to access a restricted directory, why isn't it illegal to allow someone to gain improper access to the same?

    1. jtaylor Bronze badge

      Re: Sounds like poor system admin.

      It's the method of obtaining access that could be illegal. If it's protected, that raises the question of how an unauthorized person got in, e.g. did they hack the server or steal someone's login info.

      Leaving something unsecured against unauthorized access is not itself a crime. Why would it be? (There are crimes related to the consequences of leaving it unsecured, but absent such consequences "no harm, no foul" or "de minimus non curat lex" as you prefer.)

  20. Jake Maverick

    Companies and other people often manipulate the morons that work for the 'police' extremely easily....it's also surprisingly easy to manipulate them into murdering people, or have them locked up in mental institutions....or fit them up for drug related crime by POSTING drugs to them and then tip of the poolice anonymously.....Harry Stanley if another name that immediately springs to mind!

    This guy should consider himself lucky. But he also needs to check what has been stolen, throw all food and drink away, burn all his clothing...and rip down all the ceiling and replaster as that is where they usually put the cameras! Of course, all his IT equipment also needs to be destroyed in order to protect himself and other people....

  21. MartinO'Holcombe

    The minutes of their 9th Jan 2018 board meeting - as in the screenshot - are still available on docsbay.net

  22. Winkypop Silver badge

    I’m picturing Dibly parish council

    Frank must have stuffed up again.

    No, no, no, no, no, yes!

  23. Potemkine! Silver badge

    He was taken into custody

    Police is a tool in the hands of the 1 percent. No wonder this poor guy was arrested when he committed no offence.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021