Sophos Cloud Optix
British hacker Gary McKinnon will find out today whether or not he will be extradited and stand trial in the United States for what was described as “the biggest military computer hack of all time”.
UK Home Secretary Theresa May is due to announce whether 46-year-old McKinnon’s extradition will be blocked on medical grounds this afternoon, in a statement to MPs at the House of Commons this afternoon.
Media reports also suggest that she will also announce changes to the UK’s extradition agreements with the United States, making it more likely that UK citizens would face trial in their own country.
46-year-old McKinnon, who has Asperger’s syndrome, has admitted hacking into United States military systems in late 2001 – but claims that he was hunting for evidence of UFOs, anti-gravity propulsion systems and extraterrestial technology.
McKinnon has become something of a cause celebre with figures such as Sting, London Mayor Boris Johnson, former Beirut hostage Terry Waite, Pink Floyd’s David Gilmour, and Julie Christie amongst those supporting his ten year fight to avoid extradition.
And it’s not just celebrities who are supporting McKinnon in his fight against extradition. In 2009, a Sophos poll of 550 IT professionals found that 71% believed that McKinnon should not be extradited to the USA:
That’s an extraordinary level of support for a self-confessed hacker – especially when you consider it is a vote amongst the very people who in their day-to-day lives spend their time protecting computer systems from intruders.
Here’s a video of McKinnon’s mother Janis Sharp talking to the BBC:
I think there are two separate principles here, and it's important not to conflate them. One is the general principle of where a crime can be said to have been committed in an age where it's possible for them to be committed remotely; the other is compassion.
On the second point, I don't know the details well enough to have a strong opinion, but if it is accepted that extradition is likely to lead to a high risk of suicide, that is probably enough to warrant not extraditing him.
On the first point, what's the principle behind the grounds to refuse extradition? If it's that the accused was physically located in the UK when he committed his crimes, would we be happy for that principle to be applied more widely? For example, imagine a case where a perpetrator of the K419 fraud is arrested in Kenya, and accused of defrauding several Britons of their savings, although he's never set foot outside Kenya. The principle would mean that he should be tried in Kenya, although some or all of his victims are in Britain. Does the principle still hold up in this case?
Rod
In your 419 example, I think that principle should apply if the offence committed is actually an offence in the country concerned. Someone in Kenya committing these frauds has committed an offence in Kenya regardless that the victims are elsewhere.
By his admission to the charges of hacking US based systems McKinnon has admitted to committing an offence in the UK under the Computer Misuse Act. Though he's never been charged with a UK offence.
There is of course the chance of a massive disparity in sentencing, under UK law McKinnon would likely serve under 2 years in prison, the USA would have him locked away for life.
The historic requirement for extradition agreements was in case of people committing a crime then fleeing the country to avoid justice. Technology has changed, so perhaps the whole extradition process needs a comprehensive review.
I think your final paragraph sums it up. This is one of many areas where technology has moved so far beyond what was envisaged when particular laws were framed, and so quickly, that the laws need to be reviewed in this light. The same goes for a number of other areas e.g. privacy and copyright.
However, we would do well to try and have these reviews in a wider context than a single, highly emotive, case.
Rod, I think you have made good points here. We need to consider , in the global light of technology, that it is more probable that a crime can be committed from outside a country against said country. So shouldn’t the effected country have the right of trial?? Second , on compassion, I agree that compassion is important, however I find it suspect that he was diagnosed with Aspergers Syndrome AFTER the crime, and since Autism Spectrum Disorder is hard to diagnose, I would be suspicious of its use in this case. And third, just because the US system of Justice includes the possibility of Capital Punishment every other country does not want it’s citizens to face Justice in the US.. However , with the mandatory and extensive appeals process, very few criminals are ever executed.
I'd still like to know exactly what Gary hacked into and how.
I do sometimes wonder if we should reward hackers for breaking into systems *IF* they firstly do no damage and secondly report the breach responsibly so that it can be stopped in future.
I made a comment about the previous item about Gary. I still think a lot depends on what kind of care you expect him to receive. Also, did his hacking cause any death or bodily harm? I don't hear about any occurring, so I still feel he is better off in British hands and let them prosecute him, is this out of the question?
I'm not against the USA extraditing nor am I against the death penalty, if the deed shows it's needed. If he is truthful, then I can't see why he needs to come here for prosecution and I still worry about a penalty that becomes a death sentence.