Investigative journalist Nicky Hager has accepted a police apology and payment of "substantial damages" after the unlawful search of his home during the investigation into the hacking that led to the Dirty Politics book.
The settlement revealed police had sought information claiming Hager was suspected of criminal behaviour, including fraud.
"Police accept that they had no basis for such allegations," the settlement document read.
"Police apologise unreservedly for these breaches of his rights and have agreed to pay Mr Hager substantial damages and a contribution towards his legal costs."
The settlement also included police making a key admission around accessing Hager's banking data - a police practice used to get people's personal financial information without any legal order.
• Police got Hager data without court order
• Chilling details of intrusion into Nicky Hager's privacy
• Police to destroy Nicky Hager data clones
The settlement comes almost four years after the publication of Dirty Politics, which alleged the office of former Prime Minister Sir John Key ran a dirty tricks campaign through right-wing bloggers.
Hager wrote the book after an anonymous source known only as Rawshark provided information said to have been hacked from Whaleoil blogger Cameron Slater.
Police launched an investigation into the identity of Rawshark after Slater complained about being a victim of hacking.
It was this complaint that led detectives to search Hager's home on October 2, 2014. They took computers, paperwork and other material for investigation.
Subsequent legal action forced the destruction or return of the material, and prompted High Court concern over the way detectives obtained and executed the warrant.
Hager said: "The police have admitted that many things they did in their investigation and search were unlawful. This sends a vital message that people can share important information with journalists with confidence that their identities will be protected.
"The police have apologised for threatening that confidentiality and trust."
The settlement agreement with police was released today by Hager's lawyer, Wellington barrister Felix Geiringer.
Hager said the agreement meant he was not allowed to say how much had been paid to settle the claim.
"However, it gives the strongest possible indication that police accept the harm they caused and are much less likely to treat a journalist this way again. The money will help support important work in years to come."
In the agreement, police conceded that officers applying to a judge for the search warrant left out key details when seeking judicial sign off. Among details left out was Hager being a journalist and that the intent of the search was to get confidential source information.
As a result, police ignored legal protections for journalists' sources which "threatened" the ability of Hager and of the "wider media" to obtain information from confidential sources.
The settlement document stated: "Police failed to mention in their application for the search warrant that they sought information to identify one of Mr Hager's confidential sources and failed to mention that Mr Hager was a journalist who could claim journalistic privilege."
The police concession follows High Court criticism that detectives applying for the warrant "failed to discharge their duty of candour and the warrant was unlawful".
There was also concern from the High Court over whether there were even grounds to get a warrant.
"Police accept the High Court's preliminary assessment," the settlement stated. The settlement stated police accepted the "search warrant was overly broad and should have contained conditions to address concerns raised to protect journalistic privilege".
In the settlement, police apologised for a range of breaches of Hager's rights, including wrongly using an exception in the Privacy Act to access 10 months of Hager's banking data from Westpac.
"Police acknowledge that Mr Hager had a reasonable expectation of privacy in relation to that information."
The NZ Herald has detailed how police would use the exploit frequently to get detailed, personal information about people who were of interest. A recent Supreme Court judgment has confirmed a "production order" - generally called a search warrant - is needed to get such information.
Geiringer said police now accepted a warrant was needed to get banking data.
During the search of the house, police took a photograph of a printed copy of an email exchange involving Hager and used it to make inquiries.
Detectives also photographed documents with login information for online accounts and tried to access those internet services.
Mobile phone details were also obtained and used as the basis for production orders from phone companies.
"Police acknowledge that these were breaches of Mr Hager's legal right to protect his sources that should not have occurred," the settlement said.
The police inquiry included detectives seeking private information about Hager from Air New Zealand, Paypal, NZ Customs, and Jetstar. In each case, police did not disclose Hager's status as a journalist legally entitled to claim privilege to protect courses.
The settlement agreed: "These were breaches of their duty of candour in each instance."
The book alleged Slater attacked public servants and others at the behest of National Party figures, that the Prime Minister's office enabled him to get information used to attack political opponents and that he was paid to carry out "hit jobs" on his blog by others.
Details of the settlement were initially embargoed until 11am today but details of the settlement emerged on social media.
Assistant Commissioner Richard Chambers said police acknowledged their actions were unlawful and had apologised to Hager.
"The settlement includes costs and damages, details of which remain confidential between the parties. Police investigation processes have since been updated in consultation with the IPCA and the Privacy Commissioner."
The settlement raises questions about others whose personal financial details the police have obtained through what was claimed to be an exception in the Privacy Act.
Those included internet entrepreneur Kim Dotcom and blogger Martyn Bradbury.
Investigations by the NZ Herald found police asked banks to hand over customers' personal information, saying it was needed to uphold the law, and the banks did so without telling customers.
In some cases, banks have used the police requests as an early warning system to restrict any perceived risk they might have from those customers and have refused credit and
Bradbury found police accessed his banking records - as they did Hager's - as part of the Rawshark investigation. Like the Hager case, police told Bradbury's bank he was suspected of breaking the law.
Bradbury said it was time for police to admit they had done wrong and settle his case, now before the over-stretched Human Rights Tribunal.
"You shredded my credit rating to every major bank in NZ by claiming I was a computer fraudster, caused me huge personal anguish and seized my banking records all for a case against Nicky Hager that you have now admitted you were wrong in proceeding with in the first place.
"I had nothing to do with hacking Cameron Slater's computer and yet my case still sits in front of the Human Rights Review Tribunal despite the Privacy Commissioner recommending my rights have been breached."