Labour reports Starmer campaign to Information Commissioner for alleged data hack

Allegations against two Starmer team members – including his data compliance official, according to BBC.

The Labour Party has complained to the Information Commissioner’s Office (ICO) about the alleged ‘serious’ hacking of member data by two members of Keir Starmer’s leadership campaign – including his compliance official.

If the complaint is upheld, this will not be the first data breach involving Labour leadership campaigns.

In 2018, the ICO found that failed Unite leadership challenger Gerard Coyne had received and used Labour member data from Owen Smith’s campaign. Smith had received the data for his 2016 leadership bid, but data laws forbid the use of data for any purpose for which the ‘data subject’ has not given permission. The breach had been exclusively uncovered by the SKWAWKBOX more than a year earlier.

Starmer has appointed Smith’s former head of compliance to his own campaign, although it is unclear to which role.

Starmer has dismissed the claims as “utter nonsense”, writing late last night to the party denying any wrongdoing and insisting, according to the BBC, that:

they were investigating a means of penetrating the database – called Dialogue – with no intention to use it.

The SKWAWKBOX needs your support. This blog is provided free of charge but depends on the generosity of its readers to be viable. If you can afford to, please click here to arrange a one-off or modest monthly donation via PayPal or here for a monthly donation via GoCardless. Thanks for your solidarity so this blog can keep bringing you information the Establishment would prefer you not to know about.

If you wish to reblog this post for non-commercial use, you are welcome to do so – see here for more.

67 responses to “Labour reports Starmer campaign to Information Commissioner for alleged data hack

  1. Well for a ex lawyer its obvious that he feels he can play The law better than most.,.This time hes not looking for a knighthood just an advantage on the other candidates by hacking the membership data.C we trust the ex lawman. to abide by the law of the land,and whats going to happen when he lets one of his team take the rap ?

    • Answer is we cannot trust anybody who violates laws/regulations.

  2. Take a long look at that photo.

    And then tell me that’s NOT the most smarmy-looking, oleaginous, disingenuous, and dull-as-ditchwater character you’ve ever had the misfortune to listen to.

    Refused to prosecute that plod what murdered Ian Tomlinson and Jean Charles de Menezes, refused to prosecute two doctors what were caught on tape offering abortions based on the unborn child’s gender, and instead of prosecuting michael green/ seb fox, or grant ‘spiv’ shapps as he’s best known, in spite of even the chief of the met telling the public that shapps’ actions ‘May have constituted FRAUD’ , starmer decided to resign without doing so.

    He also refused to prosecute damian green over leaked home office documents. That’s the measure of him. He’s actually helped, rather than hindered the toerags over the years. Now he wants YOU to vote for HIM to lead LABOUR?!!

    The reptile’s just another establishment creation; yet another failed lawyer that wants a westminster career.

    God almighty! How ANYONE could countenance that defies all known reason.

    That said, the other candidates aren’t worth a carrot neither. But none are anyhwere’s near as piss-poor as starmer.

    • Look closer at Starmers DPP record and it gets worse.
      Here are just two examples.
      1) The numbers of prosecutions and convictions for rape crimes started to go down (and are still going down) after Starmer issued guidelines
      about it in 2010.

      2) There’s the abuse of Julian Assange’s human rights which began with collusion of the CPS (under Starmer) with Sweden.
      (Regardless of what anybody may beliave about Assange that’s wrong)
      UK is now being accused of torture by UN.

      • …….but better to have guilt assumed by allegation?

    • Toffee you sum up the case against Starmer better than I could ever do and I have exactly the same feelings about the candidates being a poor selection of the the Mps we are allowed to vote for by our masters.

  3. It should be noted that it was KS’s team who originally reported the potential misuse of data by RLB’s team.

    This appears to be a case of the NEC reporting Starmer’s staff to the ICO for checking their facts before Starmer’s team reported their concerns to the NEC. (using links widely distributed by RLB’s team)
    https://labourlist.org/2020/02/row-explodes-over-data-breach-claims-in-labour-leadership-election/

    I acknowledge that the NEC may have been obliged to report this to the ICO but what actually happened appears to be a quite different from the partial account given above.

    • Sorry that was badly worded.

      what actually happened appears to be a quite different from the partial incomplete account given above.

    • Indeed! There seems scant mention from Labourlist that it is the STARMER team which Labour has reported, NOT RLB’S. That doesn’t seem to stop Labourlist from trying to make RLB’s team the villain of the peace, notice…

      • Huffington post details RLB team using outdated data and doing something about it, whereas Starmer team used the weak excuse detailed by Skwawkbox, which is why Labour is quite right to report Starmer team to information commissioner.

    • Steve, I know nothing about this situation other than what I’ve read here on Skwawkbox and the comments.
      The word “link” has been used to describe how RLB’s team had informed their potential canvassers I think?
      If obtaining or transmitting that link didn’t involve unauthorised access to a computer am I correct in thinking that wouldn’t be an offence – and that Starmer’s team, in investigating RLB’s team, would probably have had to access a server/computer/program/file without authority?
      I’m the furthest thing from an IT expert so that’s just my best guess as to why Starmer’s team might be the one on the hook instead of RLB’s – and without more information I can’t even begin to form an opinion on the rights and wrongs of the situation.

  4. The Computer Misuse Act 1990 says
    1Unauthorised access to computer material
    (1)A person is guilty of an offence if—
    (a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
    (b)the access he intends to secure is unauthorised; and
    (c)he knows at the time when he causes the computer to perform the function that that is the case.

    They were deliberately trying to “secure access” to (i.e. penetrate) the Dialogue database system.
    Looks like Team Starmer are on the wrong side of the Law.

  5. Indeed @ iamcrawford.

    You’d think being a top-jolly lawyer (allegedly) that starmer’d know when to keep his gob shut. Instead he’s bubbled himself AND his mates, the utterly idiotic gobshite.

    Black cap issue, your honour? I know I would.

  6. Explaining the situation, Starmer’s campaign chair Jenny Chapman told the BBC: “What happened was, another [RLB’s] campaign sent out an email to thousands of their supporters saying ‘please follow these links and you can make phone calls on behalf of our candidate’.

    “They then proceeded to do that, and found themselves accessing the Labour Party’s phonebank, which obviously the Labour Party isn’t involved in the campaigns and is supposed to be neutral and separate.”

    She added: “We looked at it, discovered that that was indeed the case, that which we’d been alerted to. We wrote to the party and said ‘we think there’s something wrong here’.

    “And that was really the end of it as far as we were concerned. But we were interested in finding out what had happened, because obviously it’s a very serious breach if that is what was going on.

    “The next thing you know, people on our campaign get letters saying ‘actually we think you’ve done something wrong’,” Chapman concluded, adding that the claims against her team were “utter, utter nonsense”.

    • Yep this is reported by Huff Post and/or Labourlist and seems a vain effort to get themselves off a much bigger hook than the RLB campaign’s … and making a pathetic job of it…

  7. utter nonsense…

    They can say it as many times as they bleedin’ well like, they’ve grassed themselves up in the act of grassing someone else up, and the excuse starmer tried to palm us off with is ‘utter nonsense.

    No surprise to see you trying put up a case for the right-leaning establishment candidate, though, eh, steve?

    • I guess we’ll have to wait and see what the ICO has to say. Personally I can’t see the ICO prosecuting someone for simply checking that the information they’d received about RLB’s campaign emails was correct and then passing on this evidence to the person legally responsible for that data.

      I hope the ICO consider this case in a timely manner (ie: asap) along with the original ‘errors’ that RLB’s team made giving out the links to the membership database to all and sundry.

      A wider and much more serious question that the ICO will probably look into is how on earth did the Labour Party get themselves into the position where anyone with the correct link address could access membership data. The GenSec has a legal responsibility to ensure the security of this data. They self evidently failed to do so.

      • Hmmm…

        Deflect, deflect, deflect.

        Your mate’s grassed himself up, and you still have nothing to say about his crass imbecility and the insult to people’s intellligence with the risible excuse he has proffered.

        Nope, it’s someone else’s fault more than starmer’s innit, steve?

        The moron’s been in THE top position of his sector which directly relates to the matter in hand, and the best he can do is come up with the kind of excuse that you’d expect some knuckle-dragging divvy of the type you read about that grassed themsleves up on facebook, to come up with?

        You want someone like that in charge of the party, steve?

        Although he’s the div that gave you your 2nd ref/remain option without it going through congress; which makes his idea of democracy the same as yours, so I guess you owe him some loyalty, however badly misplaced it is.

      • The Toffee – You can bleat all you want but the Labour Party and the GenSec has an absolute legal duty to protect this data. If the links provided by RLB’s team allowed access to this data then the GenSec’s office as the body responsible for it’s security self evidently failed and therefor breached GDPR.

        You can rant and rave to your hearts content but none of the above would have been possible, from the initial error by RLB’s team onwards, if our data was being held securely as required by law. The Labour Party could be in really deep shit over this apparent breach of GDPR.

        This is a really serious matter, if the Labour Party is found guilty of breaking GDPR then it could cost the party an absolute f…ing fortune in fines.

      • Bleat? ME?

        You been at those mushrooms again, boy?

        Your establishment mate’s in deep shite and STILL you deflect.

        If the party’s to be found in breach of GDPR it’s because starmer’s gone all perry bleedin’ mason thinking he’s a clever bastard by trying to get one over on the ‘socialist’ candidate.

        When in all actuality he’s a blairite fraud that doesn’t know his arse from YOUR elbow.

        And you claim to have socialist leanings? You’re worse than those you defend, you joke.

  8. Utter nonsense…

    Strangely enough, nonsenses give a similar excuse when they’ve been caught downloading child abuse images.

    ‘Oh, I downloaded them, but wasn’t gonna view them”.

    But like nonsenses, even if found guilty, they’ll be merely slapped on the wrist.

    • In your 3,34 pm post (no reply facility) amidst your general uninformed hyperbole, you say ” he’s the div that gave you your 2nd ref/remain option without it going through congress;”. Congress; ? That is not a word in the LP Lexicon at all. I wonder, have we met when I was in Omsk a few months ago ?

  9. “…they were investigating a means of penetrating the database – called Dialogue – with no intention to use it.”

    Rofl…

  10. Maria 09/02/2020 at 2:57 pm
    “…they were investigating a means of penetrating the database – called Dialogue – with no intention to use it.”

    You mean by simply typing in the links kindly given out to all and sundry by RLB’s campaign team.

    A wider and much more serious question that the ICO will also be inevitably looking into is how on earth did the Labour Party get themselves into the position where any unauthorised person with the correct link address could access membership data. The GenSec has a legal responsibility to ensure the security of this data. They self evidently failed to do so.

    • Who gave starmer’s side the authority to HACK the database, steve?

      Nobody?

      Cos if nobody has, he’s up shit creek, isn’t he?

      • The point is who gave the party permission to expose the membership’s data to being accessed by unauthorised personnel.

        Describing the knowledge of a web address that had been widely published by one of the leadership candidates as ‘hacking’ is stretching the definition past breaking point.

      • ”The point is who gave the party permission to expose the membership’s data to being accessed by unauthorised personnel

        Describing the knowledge of a web address that had been widely published by one of the leadership candidates as ‘hacking’ is stretching the definition past breaking point.. ”

        No, it REALLY, REALLY isn’t. You’ve already abused and distorted the meaning of ‘democracy’ to suit your own ends (And look how THAT turned out, brains?!) and you’re fucked if you think that you, your mates on here & starmer’s (your) lot ought to be allowed to wreck and alter beyond recognition the definition of the word ‘AUTHORITY’ as well.

        By virtue of the database being brought to anyone’s attention is NOT sufficient reason to attempt unauthorised entry. Or are you one of these twats what think women who wear short skirts deserve rape?

        Trying to make out that starmer was in fact helping the party when every reasonable person can see he was trying to shaft the only socialist candidate to further his own ends is a shithouse trick that nobody, but NOBODY will buy – like starmer’s fucking godawful insult to people’s intelligence of an excuse.

        starmer (Or team member[s]) freely admitted to ‘finding a means of penetrating the database’

        Paint that any which way you like but any sane person understands it’s no more than a euphemism for a hack.

        hack1
        /hak/
        verb

        2.
        gain unauthorized access to data in a system or computer.
        “they hacked into the bank’s computer”

        It’s been admitted in all but as many words.

        I sincerely hope he’s found guilty and the they can hang the slimy gobshite out to dry…Along with all his supporters.

    • You gonna answer that, steve?

      Or are you gonna try to think we’re as gullible as starmer thinks we are by trying to say you already have – y’know? Like you always do?

    • Seems the moderates scum use the database like a corner shop from uncle Tom Watson to knightly Starmer…poping in and out and its been going on for some time..Unfortunately the corner shop has disappeared from the streets.Hopfully Starmer is nailed for the slippery lawyer he his.and disappears from the Labour party.

    • I think Huff P/ Labourlist have reported the RLB team correcting this error, whereas Starmer’s team have consciously & deliberately used these data/links to cause a breach which RLBs team has not.

  11. I’m just wondering…

    With all the wrong calls he made when he WAS the DPP, if starmer was DPP right now – Would he prosecute himself?

    After THAT excuse I honestly think he would, the divvy.

    • I may be wrong but I think the ICO is the enforcement authority for GDPR.

      • Ok, fair enough – if correct.

        Now….

        WHO gave starmer’s team the authority to *ahem* penetrate’ the database?’

        And will you continue to deflect blame drom starmer and his team if nobody has?

      • Having reflected on it for a little while In my opinion (as a non lawyer) I don’t think either KS’s or RLB”s teams have broken GDPR. (I’m less sure about RLB’s team because their actions in distributing access would make them joint data controllers) Also the ICO may regard the various teams getting access to the data a few days early as an internal party matter that doesn’t come under their jurisdiction.

        The Labour Party however appears to have breached GDPR by failing to keep our data (not yours) secure. I sincerely hope it turns out that the data controllers have taken all reasonable steps to ensure that our data is secure from unauthorised access. The fines that the ICO can impose are draconian plus there is the reputational damage.

        Tools at our [ICO] disposal include assessment notices, warnings, reprimands, enforcement notices and penalty notices (administrative fines). For serious breaches of the data protection principles, we have the power to issue fines of up to £17 million or 4% of your annual worldwide turnover, whichever is higher

      • For breaches of GDPR that’s correct and but
        Howver “Misuse of a computer” is a criminal offence and so should be referred to police.

      • iamcrawford 09/02/2020 at 5:24 pm

        I doubt that these circumstances would reach the threshold for a criminal prosecution, however there is absolutely nothing to stop you reporting this to the police if you genuinely feel that the criminal law has been broken.

      • The Daily Mirror is reporting that “Both sets of claims against both frontrunners [KS & RLB] have now been passed to the Information Commissioner – but with a note that a “reportable breach” by Ms Long-Bailey’s team was not found.

      • ”The Labour Party however appears to have breached GDPR by failing to keep our data (not yours) secure.”

        Damn right they’re not having MY data. Or my subscription fee. And if starmer becomes leader then they won’t even get my vote.

        The majority of the PLP represent neither me, my family & friends nor our politics and the party’s infested with people like you – claiming to be one thing when not even bothering to hide the all too visible fact you’re another.

        The party’s in need of an enema, and starmer’s where you should insert the tube.

        So shove YOUR party where it doesn’t shine, squire. You’re quite welcome to it.

  12. Democracy is expensive, apparently

    Candidates who make the ballot can obtain lists of members and supporters’ names, telephone numbers and addresses, to help them appeal for people’s votes.
    But they will be charged a £5,000 administration fee for the privilege, a sum branded “outrageous” by deputy leadership candidate Rosena Allin-Khan.

    I agree with Rosena. It’s difficult to see bow our party can justify charging candidates £5,000 for access to membership details to facilitate our own leadership elections.

    • WHAT!? They’re SELLING my data? (Sorry – your data – I bailed)
      I don’t remember authorising Labour to SELL my data to anyone, even internally.
      Giving candidates who can afford £5,000 an unfair advantage – wtf?Apparently somebody forgot that the whole point of Labour’s existence is that it’s wrong for the wealthy to be able to buy democracy.
      I don’t care that it’s an election with only MPs running and they can all afford it – principle is a slippery slope..

    • I can see justification for such a sum, given that a breach has happened – due to the Starmer team and not the RLB team , according to the Mirror.

    • Noted that its the Starmer team to take the blame now,not Starmer? Now remember how it was always Corbyns fault,never the team or the Labour governance?Now the mister Knightly starmer whos expert at manipulating the Net and removes anything damming against him like his whole history from posh Reigate grammar school boy to the “man to go to” if you are a dodgy cop to Hacker extraordinaire..Who do you think youre kidding Stevie boy..?

  13. Penetration testing – which is what they admitted to – is used for two reasons mainly, testing the security of a system – or illegal access (hacking). The former would be no business of the Starmer Starmer chameleon team 😖🤐

  14. There’s now an online welter of Tory activists rooting for Starmer to become Labour leader. For them, he is indeed an alluring candidate.

    First, with Starmer the new Tory “red wall” is safe and will probably expand. Expect the Tories to endlessly replay his pro Remain pro PV speeches in the run-up to the next election which will go down like a lead balloon in Labour’s Leave-voting former heartlands.

    Secondly if he became Prime Minister he could, like Blair and Brown, be relied upon not to change the balance of wealth and power in favour of working people.

    • Under Corbyn, the Labour Party staged an initial recovery.

      The first 4 by election results show this:

      Oldham West: Labour up 7.3%
      Ogmore: Labour down 0.3%
      Sheffield Brightside and Hillsborough: Labour up 5.9%
      Tooting: Labour up 8.7%

      And then came the coup in which Keir Starmer and Lisa Nandy were active participants. Labour’s popularity plummeted. It is quite likely that the recovery would have continued and there would now be a Labour government if they had not acted as they did.

      In this leadership election, do we really want to reward such dreadful behaviour?

  15. If I’ve followed this correctly (do feel free to tell me if I’ve got this wrong):

    1: RLB’s campaign team found a way to extract Membership details from Dialogue, and passed on how to do this to supporters.

    2: KS’s campaign team found out about this, and tested it, then reported it.

    3: KS’s team were reported for attempting to extract Membership details from Dialogue.

    If I understand the chain of events properly, then neither team comes out smelling of roses. RLB’s team conspired (in the legal sense of the word) to extract the data, and KS’s team attempted to. I don’t particularly think either side should escape scrutiny or sanction for that.

    There’s also the question about how Membership data can be extracted from Dialogue. I don’t recall what disclaimers I signed off when I joined the party, but it’s a touch alarming that details like that can be found by anybody using Dialogue.

    However, I’m reluctant to attribute blame to the candidates themselves unless evidence to the contrary arises, vicarious liability permitting. After all, Starmer has just lost his mother-in-law, and probably has been dealing with that, and her stay in hospital, for a while. And, before anyone asks, no, I’m not voting for Starmer.

    • You appear to be more or less correct on the time-line. My understanding from reading several different news reports is that Starmer’s team were testing out concerns that had been reported to them before passing on this information to the data controller at Labour HQ. They appear to have passed on this info over a week ago.

      For what it’s worth I suspect that RLB’s staff weren’t aware of what they were handing out and they were just preparing for when they, along with all the other candidates, expected to receive this data anyway in return for the £5,000 fee that the NEC has charged each candidate for data access.. They would have to be incredibly stupid to think they’d get away with it, any potential advantage wouldn’t be worth the risk.

      The lack of security on this data held by the NEC is at the root of all this.

      • Testing their concerns was, to be blunt, a dumb thing to do. I find myself agreeing with The Toffee in that regard. If you find yourself aware of wrongdoing, you don’t go testing it before reporting it. You report it.

        RLB’s staff haven’t covered themselves in glory either, mind. She’s got the Unite and Momentum lists to work from already, and McCluskey and Lansman have experience of leadership campaigns, so – respectfully – I don’t agree with your forward planning notion.

        But you’re right about one thing in particular – if my data is so easily accessed by anyone with the right links, that concerns me.

    • No Stark this is not what happened at all.See Huffington post article here:

      https://www.huffingtonpost.co.uk/entry/labour-member-data-long-bailey-momentum-dialogue-phonebank_uk_5e375fbec5b69a19a4b14d25?guccounter=1

      As you will see from reading this, what the RLB team did resulted from out of date data and systems ie wasn’t deliberate. Hence Labour hasn’t accused RLB team of a data breach and RLB team have updated their systems.

      Whereas Starmer team HAS been accused of a data breach by Labour and has issued the clumsy, mind-bogglingly obvious “excuse” given at end of above article by Skwawkbox, trying to make it look like they were just testing security by deliberately trying to hack dialogue.

      The wheels are falling off the Starmer campaign…

  16. Now. Here’s the real News : Looks like Lansman’s sock puppet team is getting a bit desperate.

  17. This is very telling and very useful. Wew could sink this careerist opportunist over this. Poetic justice for one who is responsible for GE19 debacle and then has gall to stand for Leader of the party he destroyed last December.

  18. There are different sanctions for “conspiring to” And knightly Starmer actually commited a criminal . by carrying out the offence.Lets hope that the NEC remove him with the same speed that Chris Williamson was removed..We cannot allow dodgy ambitious criminals in the leadership election.The membership and the info has been filched and you can be sure that the info will be used against the membership.Heads must roll and lets start with the Knight.

  19. When you say “The Labour party”, who exactly do you mean? Which body within the party made this “report”? Or was this just an individual or two trying to make something out of nothing knowing that the media, yes that includes Skwawkbox, will big it up regardless?

    This is all very vague and for that reason suspect. We have yet to see any independent verification that anything untoward happened at all.

    I’m a scurrilous lefty, but I’m also sick and tired of propagandising nonsense.

    If the Swawk wants to counter rightwing propaganda, it needs to do so with verified facts, not outrage at vague accusations from anonymous sources.

    Unless someone stands for truth, no one will be trusted…

  20. “The UK Labour Party is having a very interesting time of its own as the leadership race has turned sour. Over the weekend, the party apparently reported Keir Starmer’s campaign team to the Information Commissioner for an alleged data breach, and this letter was then leaked to the BBC. The claim that they hacked into a party database and illegally obtained information on members was described as “utter, utter nonsense” by campaign chair Jenny Chapman yesterday. So, what happened exactly?
    Team Keir say they were alerted to emails sent out by Rebecca Long-Bailey’s campaign that included links to Dialogue, Labour’s phonebanking system. This took place at the start of the month. It appeared that the candidate had been encouraging supporters to use party membership data, to which none of the contenders should have access until nominations close on February 14th. Team RLB said they were simply using resources from the 2019 general election campaign that had not been updated. An understandable mistake. It’s not as if the problem with their campaign is lack of data anyway – they have plenty of that thanks to Momentum.
    Starmer’s camp then went to investigate the links. Again, understandably, they wanted to have a poke around to see how exactly Dialogue was used and – purposefully or not – promoted by their rivals against the rules. But in doing so, sources say they went further than Long-Bailey’s team by logging into Dialogue, which has led to two members of Team Keir being reported by the party and no members of Team RLB being reported. The whole series of events seems quite ridiculous when it was the party in the first place that should have closed access to Dialogue (now suspended). And it is the fact that the letter was leaked to the BBC, making this dispute public, which has really angered Starmer’s campaign team. Allegations of “dirty tricks” are everywhere now”

    https://labourlist.org/2020/02/labour-leadership-race-turns-sour-with-alleged-data-breaches/

  21. And at the end of all this self abuse, the Tories are laughing all the way to the bank.

    Great strategy!

Leave a Reply