Notes from on Publically Accessible Information.
- The information in the “Publically Accessible Information” section of the draft letter provides an admission regarding your conduct. We discussed whether or not to take out some of the content. However, you have already stated (1) to Apperta’s lawyer and (2) on the public fundraising page what you have done. Further, based on your instructions, there can be little criticism of you for finding the repository - this was in the public domain. The issue is probably whether or not you should have then used that information in order to view the information in the portal having registered as a user. The content in JMW’s letter to McEvedy might (potentially) be passed to the Police (and would amount to hearsay evidence), but it simply adds context to what you have already stated elsewhere and aims to show that (1) the repository was in the public domain and (2) anyone could have registered and then searched for the URL using information from the repository ie there was no unauthorised access to information (no “hacking”). It also serves to address any civil claim. The content of the letter is succinct.
- We will further stress the significance of the 2017 security policy in the draft letter. This supports the argument that you considered that you were authorised to investigate the security issue, collect information and report back to Apperta. Apperta thanked you for bringing the matter to their attention. Computer Misuse offences in part involve unauthorised conduct, and the letter should emphasise that you did not consider that your actions were unauthorised. This is relevant in terms of showing that no criminal intent existed, and neutralising the suggestion that you committed a criminal offence under Computer Misuse.
- There is a legal risk in providing the proposed information to McEvedy, but this is a calculated risk and on balance we would provide them with the information suggested.