30 comments

[ 2.9 ms ] story [ 72.8 ms ] thread
The whole concept of getting six decades for victimless crime is deeply disturbing.
the costs of fixing the security breaches are bourne by the US tax payer - also peoples carears will be nagativly impacted.

I used to work for the Guy in charge of the system that was hacking in the very well known "Prince Phillip Prestel" case - he neaver made it past MPG4

This story just has so much PR spin around it:

"could face 60 years in jail if convicted in the US" (nah) "Asperger's Syndrome" (this came out a long time after the initial charges) "evidence of UFOs" (he's kooky, not malice!) Quotes from his mum, she wrote to The Guardian (adds to the slightly confused school child vibe)

This has dragged on way too long. Glad there's finally going to be a decision (hopefully it's the right one). Even if you take away the Asperger's Syndrome a UK citizen should not be able to be extradited and face prison in the US for a computer crime of this nature (arguably any computer crime).

We will probably see more of this throughout the world. With the ability to commit crime on the internet deciding 'where' that crime took place and who's jurisdiction it falls under is going to be tricky.

Why any computer crime? Is it not crime in some way?

There are valid arguments about where the crime takes place and the jurisdiction in question (the location of the attacker or the victim), but can you say you should never extradite someone for computer crimes?

You also need to ask yourself how you think an attack by someone in Iran on the US should be handled. Are you happy with that being dealt with by Iran?

>> "...can you say you should never extradite someone for computer crimes?"

That's a big question and as someone with now law experience I can't really answer it. I guess it would all come down to the jurisdiction, that seems to be an important point which needs to be worked out and made clear. Once there are a clear set of rules for determining that I think these cases will be much easier.

>> "You also need to ask yourself how you think an attack by someone in Iran on the US should be handled. Are you happy with that being dealt with by Iran?"

Creating laws on a country by country basis won't work. If it is agreed that the computer crime takes place in the country the computer and person was in it should be up to that country to deal with it not the country attacked.

And, although Iran may not have a good record, if speculation is correct Stuxnet was a US/Israeli invention [1]. What gives the US the right to create/spread a computer virus and then extradite someone for breaking into their computers? It's the double standards that piss me off.

[1] http://en.wikipedia.org/wiki/Stuxnet#United_States

OK, you flip it around and say if you're Iran, are you happy with the US investigating and prosecuting the Stuxnet attack?

I'm not saying I have answers, just that the blanket statement no extradition for computer crimes seems wrong (as most blanket statements are).

That's not really what I meant. I phrased it incorrectly, forming my opinion as I wrote. I was trying to say that there should be specific rules that are followed in cases of computer crimes. Rules that should apply to all persons and that all countries should sign on to follow. I think this needs to be done because of the issues of jurisdiction. Treating everyone on a case by case basis is unfair and time consuming as this case showed. So you are right, a blanket statement of no extradition for computer crimes is wrong.
The way this guy has been treated for the past six years is disgusting. Sure he committed a crime, but he is obviously a very capable guy with talents that the UK & US governments could benefit from. What Gary did was victimless, it's not like he stole files and tried selling them nor passing them to a third party who could have done damage.

This is the backwards way the world works. If I were the US or UK Government I would be offering this guy a job in a cyber crimes division and give him the task of security testing Government infrastructure, there aren't many people who can say they've successful breached a secure US network and been able to access classified documents.

> The way this guy has been treated for the past six years is disgusting

Even more so in light of what he actually did: poke around on systems with no password protection - yet they act as if he was an insanely skilled, extremely-dangerous super-hacker who is just a few mouse clicks away of blowing up nuclear reactors when actually all he did was catching them with all their pants down. Really, "biggest military computer hack of all time"? It is pathetic.

Not as disgusting as the US refusing to extradie IRA suspects with very striong eveidence!
It's not entirely victimless.

The US tax payer had to stump up cash for a whole bunch of investigation into what had happened, what had been compromised and so on.

Now, you can make a good argument that it actually made them pull their collective finger out and sort some stuff out that really needed sorting out, and that's probably true, but it's also probably true that having to do it in the way that they did (in response to an attack) cost more and was more disruptive than it would otherwise have been, and came with a larger bill as a result.

It's easy to think of attacks on the government as victimless but ultimately it all comes back to the citizens of that country (in the same way insurance fraud isn't victimless, the victims are those whose pensions are invested in the firms and those who have to pay the increased premiums that result).

My reading of it is that from a legal point of view it's a fair cop (both in terms of the crime and the extradition). The issue is that the American's seem to have made it clear that they don't give a toss about his Aspergers and the complications that it presents and that's where the calls for leniency and not extraditing him become justified.

Personally, I think the citizens should pay for the cock ups of their elected representatives and their public servants.

Pointing fingers at this guy is all fine and that, but no-one dares mention the bus size hole they left in their security infrastructure as that would be bad for business...

Of course, who else is going to pick up the bill?

I'm really just disputing the term victimless - it implies that no-one suffers which rather skews how it's seen and isn't the case.

We can debate your suggestion that they should be victims but that doesn't change the fact that they are victims.

(comment deleted)
So what you're saying is that because this guy found a security hole and used it to access classified material looking for UFO's he should be thrown into jail for sixty years because he cost tax payers money cleaning up the mess and investigating what happened? I am not so sure I agree with that. He definitely committed a crime, but not a crime worthy of sixty years imprisonment, perhaps 2 or 3 years in minimum security maximum.
The UK has The Computer Misuse Act (1990), which quite adequately covers the allegations made against Mr McKinnon. Whether or not he has Asperger Syndrome, or is potentially suicidal is irrelevant with regards to his extradition in my opinion. He should not be extradited to the US for a crime that took place on British soil.

The evidence should be presented to the UK Crown Prosecution Service and they should decide whether or not it is in the public interest to try Mr McKinnon in a court of law in front of a jury of his peers.

If damages are owed, then Mr McKinnon should be required to make amends and serve any prison time should he be found guilty.

The US should be simply a party claiming criminal damages, in the same way that a British yob might smash the car window of a diplomatic vehicle owned by the United States also on British territory.

If Mr McKinnon is extradited, then the British people need to seriously question the validity of their sovereignty.

We already question the validity of our sovereignty. Unfortunately that brands us as "terrorists".

The media here is still in a "terrorism" frenzy.

I believe North Korea agrees with you, if one of their citizens set off UK nuclear missiles to attack UK targets, they would prefer to be tried in a North Korean court. You should respect their sovereignty ;-)

Just to be clear, I don't believe the punishment the US has in mind for him is fair and in proportion for his crimes. That said, if you use a hacking tool on purpose to target the US military from your home computer, it's also not going to get much sympathy from me.

Criminal damage is slightly different to killing millions of people, especially if that act is undertaken by a state.
Just an update everyone: Gary McKinnon's extradition has been blocked by the Home Secretary. I have been watching live here:

http://www.bbc.co.uk/news/uk-19962844

"Home Secretary Theresa May says there is no doubt Mr McKinnon is seriously ill. She says she has carefully examined the medical evidence and taken legal advice and has concluded that his extradition would give such a high risk that he would end his life that it restricts his human rights."

It's just been announced that the extradition is to be blocked. Superb!
(comment deleted)
Breaking news - Home Secretary has blocked his extradition see http://news.ycombinator.com/item?id=4659305

Its the first thing she has done right in the job. Probably the last as well. She only did it because of public pressure, which while thats the way democratic government should work, its a pity she couldn't personally see the case for it (cf her previous comments).

She's used the Human Rights act, which she broadly despises, to get herself off the hook.

While it is public pressure I suspect that the pressure from the Daily Mail (a paper which with two exceptions - of which this is one - has been on the wrong side of pretty much every significant issue up to and including it's support for Hitler) might have been a major factor.

As a Tory you don't want to mess with the Mail, it's the paper of much of your core vote and you don't want it rounding on you and it's been very anti-extradition.

I had to move the Daily Mail off a seat on the bus the other week and it literally made my skin crawl. A childish and visceral reaction perhaps, but not an unusual one for anyone with an ounce of empathy for others I think.

Edit: Yes, that deserved the down-votes. I think there is perhaps a more constructive comment that better puts the emotional and physical responses a particular brand associated with a particular line of thinking can elicit, but I can't think of that comment right now.

The US should have been sensible and just handed the evidence over to the UK courts and said "Look, it's overwhelming, criminal computer use etc etc get the courts moving".

He should be tried in front of a jury of his peers, which amazingly aren't Americans and for a proportional crime which would be unauthorised access to a machine, not criminal computer damage which is ridiculous on the face of it. It's not like he was trashing disks.

Oh, for the people who say he must be a genius or you'd offer him a job, he's admitted repeatedly he's got basic skills and mostly got into where he did through the repeated incompetence of some of the US' biggest security establishments. And he genuinely was after UFO stuff, there's an interview with him on one of the UFO conspiracy websites where he talks about trying to find it.