Feeds

McKinnon a 'scapegoat for Pentagon insecurity'

US mil still wide open to attack, says reformed hacker

The Power of One eBook: Top reasons to choose HP BladeSystem

Fast-track extradition is a one-way street

The US Congress has not ratified the fast-track extradition treaty between the UK and the US. UK prosecutors would need to present a compelling case before a US court before securing an extradition, whereas US authorities, as in the McKinnon case, have far fewer hurdles to clear.

"If it was an American hacker who had breached our computers - would we be fighting for extradition? I doubt it. In fact, we would most likely have to issue a public apology for our lapse in security and the media would be up-in-arms about how weak our defences are."

He added that the human factor is often ignored in the debate over McKinnon's fate, which is split between the 'burn him' camp and the 'deal with him here or let him go' lobby.

"People seem to forget that Gary is not just a meme or a 'hacker' - he is a real person. This guy has been waiting for six and a half years already. Now the chances are that if it had been dealt with over here he would have long served his time and be free to carry on his life.

"Due to political wranglings, all we are going to see is more time lumped on top of what has already been spent waiting in the wings and as many expect that time could be way in excess of the sentences for murder here."

According to papers submitted to his failed House of Lords appeal, McKinnon was offered a plea bargaining deal featuring a sentence of between three and four years in jail, if he cooperated with the US authorities and dropped his opposition to extradition against eight to ten years behind bars in a high-security prison after a US trial. Lawyers acting for McKinnon said that this deal might not be binding, and expressed concerns that McKinnon might be prosecuted by a US military rather than civilian court.

McKinnon (AKA Solo) has always admitted that he broke into US government computer systems but denies causing any damage. Bevan said McKinnon has not had enough credit in admitting responsibility for his misdeeds.

"Under UK law we are supposed to be more lenient on criminals who admit their crimes and accept the consequences. In this case, the effect appears to be the opposite - plead guilty then wait for the consequences. In the meantime have your charges upgraded as new laws are introduced and applied retrospectively."

Supporters of McKinnon argue that the prosecution may yet blow up in their faces by placing the security shortcomings of US government systems under the microscope, especially if the case goes to trial. Sysadmins may be faced with awkward questions about why their systems were so easy to infiltrate. Even if such questions fail to arise at trial, they might spark unwelcome Congressional scrutiny.

Stars and prison stripes

Bevan said McKinnon can expect to be treated harshly by a US court, especially if (as expected) he is tried in Virginia.

"Virginia is not exactly the most friendly state to foreigners and somehow I do not think that someone who 'attacked the United States' is going to be treated that well," Bevan said, adding there was a "high chances of abuse, torture, rape and drug abuse" in US prisons.

McKinnon's supporters argue the case has wider political implications involving the UK's willingness to deport suspects to the US and Europe without requiring evidence to be presented. Bevan is also critical of the fast-track deportation system.

"Is this the new way forward for the UK justice system, to allow citizens to be removed from the country without any evidence having to be presented? To allow them to go to a penal system which allows torture and brutality of its inmates is a clear violation of his human rights."

McKinnon has shown clear signs of remorse, according to Bevan, yet this has not counted in his favour. Bevan predicts that the case sets a pattern for how the prosecution of other UK hackers accused of committing offences in the US will be treated - marking a permanent move away from local prosecution to extradition as the preferred route.

"It saddens me that the USA can remove our citizens without any prima facie evidence, yet we cannot do the same when we wish to prosecute one of their citizens. This always felt like one of the main test cases and I am sure that we will see more people being treated in this way - guilty or not makes no difference," Bevan told El Reg. "If you do not have to argue your case or can justify closed hearings based on 'national security', we are clearly moving deeper into a system of control and away from any kind of democracy."

"People talk about 'Don't do the crime if you can't do the time', but what if the crime did not have the consequences at the time that it has now? When he was doing what he was doing, the extradition laws were not made and hacking was not a terrorist offence."

McKinnon was recently diagnosed with Asperger syndrome. Bevan is sceptical whether this, and more especially his heavy use of marijuana while hacking, will be counted as mitigating by the US court system.

"People clearly forget to consider that Gary has Aspergers, was using huge quantities of skunk. Is this a person that was thinking clearly?"

"Do you think that he had any real comprehension of what he was doing? The internet is 'not real' to many people, it's just stuff that happens somewhere else. It is here that people can do things they would never normally do in the real world and do not see the correlation between online activities and real world consequences. Someone who is wasted on weed can suffer many mental effects of doing so. Here, this would be taken into consideration, but in the States, he could be looking at ten years on top of his sentence for committing a crime under the influence of drugs." ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.