McKinnon a 'scapegoat for Pentagon insecurity'
US mil still wide open to attack, says reformed hacker
Fast-track extradition is a one-way street
The US Congress has not ratified the fast-track extradition treaty between the UK and the US. UK prosecutors would need to present a compelling case before a US court before securing an extradition, whereas US authorities, as in the McKinnon case, have far fewer hurdles to clear.
"If it was an American hacker who had breached our computers - would we be fighting for extradition? I doubt it. In fact, we would most likely have to issue a public apology for our lapse in security and the media would be up-in-arms about how weak our defences are."
He added that the human factor is often ignored in the debate over McKinnon's fate, which is split between the 'burn him' camp and the 'deal with him here or let him go' lobby.
"People seem to forget that Gary is not just a meme or a 'hacker' - he is a real person. This guy has been waiting for six and a half years already. Now the chances are that if it had been dealt with over here he would have long served his time and be free to carry on his life.
"Due to political wranglings, all we are going to see is more time lumped on top of what has already been spent waiting in the wings and as many expect that time could be way in excess of the sentences for murder here."
According to papers submitted to his failed House of Lords appeal, McKinnon was offered a plea bargaining deal featuring a sentence of between three and four years in jail, if he cooperated with the US authorities and dropped his opposition to extradition against eight to ten years behind bars in a high-security prison after a US trial. Lawyers acting for McKinnon said that this deal might not be binding, and expressed concerns that McKinnon might be prosecuted by a US military rather than civilian court.
McKinnon (AKA Solo) has always admitted that he broke into US government computer systems but denies causing any damage. Bevan said McKinnon has not had enough credit in admitting responsibility for his misdeeds.
"Under UK law we are supposed to be more lenient on criminals who admit their crimes and accept the consequences. In this case, the effect appears to be the opposite - plead guilty then wait for the consequences. In the meantime have your charges upgraded as new laws are introduced and applied retrospectively."
Supporters of McKinnon argue that the prosecution may yet blow up in their faces by placing the security shortcomings of US government systems under the microscope, especially if the case goes to trial. Sysadmins may be faced with awkward questions about why their systems were so easy to infiltrate. Even if such questions fail to arise at trial, they might spark unwelcome Congressional scrutiny.
Stars and prison stripes
Bevan said McKinnon can expect to be treated harshly by a US court, especially if (as expected) he is tried in Virginia.
"Virginia is not exactly the most friendly state to foreigners and somehow I do not think that someone who 'attacked the United States' is going to be treated that well," Bevan said, adding there was a "high chances of abuse, torture, rape and drug abuse" in US prisons.
McKinnon's supporters argue the case has wider political implications involving the UK's willingness to deport suspects to the US and Europe without requiring evidence to be presented. Bevan is also critical of the fast-track deportation system.
"Is this the new way forward for the UK justice system, to allow citizens to be removed from the country without any evidence having to be presented? To allow them to go to a penal system which allows torture and brutality of its inmates is a clear violation of his human rights."
McKinnon has shown clear signs of remorse, according to Bevan, yet this has not counted in his favour. Bevan predicts that the case sets a pattern for how the prosecution of other UK hackers accused of committing offences in the US will be treated - marking a permanent move away from local prosecution to extradition as the preferred route.
"It saddens me that the USA can remove our citizens without any prima facie evidence, yet we cannot do the same when we wish to prosecute one of their citizens. This always felt like one of the main test cases and I am sure that we will see more people being treated in this way - guilty or not makes no difference," Bevan told El Reg. "If you do not have to argue your case or can justify closed hearings based on 'national security', we are clearly moving deeper into a system of control and away from any kind of democracy."
"People talk about 'Don't do the crime if you can't do the time', but what if the crime did not have the consequences at the time that it has now? When he was doing what he was doing, the extradition laws were not made and hacking was not a terrorist offence."
McKinnon was recently diagnosed with Asperger syndrome. Bevan is sceptical whether this, and more especially his heavy use of marijuana while hacking, will be counted as mitigating by the US court system.
"People clearly forget to consider that Gary has Aspergers, was using huge quantities of skunk. Is this a person that was thinking clearly?"
"Do you think that he had any real comprehension of what he was doing? The internet is 'not real' to many people, it's just stuff that happens somewhere else. It is here that people can do things they would never normally do in the real world and do not see the correlation between online activities and real world consequences. Someone who is wasted on weed can suffer many mental effects of doing so. Here, this would be taken into consideration, but in the States, he could be looking at ten years on top of his sentence for committing a crime under the influence of drugs." ®
Sponsored: 2016 Cyberthreat defense report