It is the 1729th of March 2020 (aka the 23rd of November 2024)
You are 3.135.184.195,
pleased to meet you!
mailto:blog-at-heyrick-dot-eu
Gary McKinnon and The Law - jurisdiction where?
The popular media image is of a lone hacker looking for information on UFOs and the like. Allegedly he deleted user accounts, files, and did all manner of chaos. [source]
The Americans would like to point out how much damage was caused, and to place a dollar amount on it plus throw the guy in the clink for serious breaches of national security. Allegedly he wasn't so much a hacker as a person who happened upon an unsecured server. [a small throwaway line in Gary's Wiki page]
While there is no denying that what Gary did was wrong, and monumentally stupid, we have to step back and ask if there actually is a case to answer here. This will hinge not so much upon America's macho shouting, but more upon the technicality of "was this computer secured"?
For example, if somebody hacked my server and messed up my files, I would be justified in trying to track down and stamp upon the individual responsible. If, on the other hand, I told you my login was "rick" and my password was "iamgod", then I would pretty much lose any case I have. I might be able to push for misuse of computer equipment, but given the facts, would anybody be interested?
Don't bother trying it, that's not my password! ☺
Then, we get to another very important factor, and one that the EU is going to have to look at in detail. For while the effects were felt in the United States, any "criminal" activity actually took place within the United Kingdom. His computer, in his flat, spoke to his ISP. He was physically present in the UK at the time.
It would appear from stuff I have read that under UK law he doesn't have much of a case to answer. Thus it seems America, unsatisfied with the British legal process, wants to pull the guy to the US to stomp on him there - a spokesman for The Pentagon said to The Sunday Telegraph "US policy is to fight these attacks as strongly as possible." with a potential result of up to 70 years of imprisonment. The only way I would ever see this as reasonable is if the system administrator(s) responsible for the compromised system are in the cell opposite. To scream "attack" and jump up and down because you're caught with your pants down is... childish.
This isn't the first time America has been seen to show a disregard for another country's legal process. The name Abdelbaset al-Megrahi will be familiar to those following the Lockerbie bombing. Now he has been released to Libya to "die in peace with his family". The Americans would like him to be extradited to the US and returned to custody. What they fail to understand is he was held under Scottish law, imprisoned under Scottish law, and given compassionate release under Scottish law. As Alex Salmond said, it isn't your call so sod off. (not a quote, he said it in a much more tactful way, but that's the gist of it)
I might suggest America think long and hard before wantonly disregarding the jurisdiction of another country, lest other countries start to think likewise of American law.
This leads to a motion I would like to present to the European Parliament - and if anybody knows how I would go about this, email me.
If it as follows:
Given that geographical boundaries are more or less irrelevant in the wired world... if a crime is committed then where, exactly, should such a crime be answered?
This needs to be laid down in law.
If something I write is not considered acceptable in, say, Saudi Arabia. Should it be possible to drag me to their to answer under Sharia Law?
which is the start of the DeCSS perl script. Which is technically illegal (circumvents DVD copy protection, contrary to the DMCA). I say "technically" because I personally make use of a DVD ripper in order than I can, lawfully, watch some "protected" films where the protection itself interferes with my viewing. Either way, the MPAA is known to not like it. I, however, live in France, in Europe.
And to Gary. Surely common sense (regardless of anything the Americans think) would say that his actions took place within the United Kingdom, thus British law will apply. I can understand the Americans feeling wronged, as they rightly were. However they should send their request for retribution to the British government who will deal with it according to British law. To request extradition to have him stand under American law just seems wrong. And potentially the thin end of a very very slippery slope.
We place our information online for others to read, access, enjoy. Sometimes this is for illegal purposes (file share, for instance), sometimes this is for entertainment (blogs) or information (blogs/howtos), or commerce (company websites). We, at least the lawful ones, try to stay within the laws of what is acceptable in our jurisdiction. The majority of us will make no attempt to appease other jurisdictions (unless business requires such) for it is difficult, if not impossible, to know the minutae of every other legal process. Even if we did, there is still much room for error. Lawyers get a handsome pay for interpreting and applying the law, and things frequently goes before a judge for a ruling - this showing that even something codified in writing may still not be sufficiently obvious as to not leave room for differences of opinion. If we had to consider the legal jurisdictions of other places, this would leave us with two options:
Use technological methods to intentionally restrict who can visit our sites (you can (mostly) block all IPs from a specific country).
Write nothing that can be seen as controversial anywhere.
Either way, both approaches are a chilling effect and may in themselves contravene laws in countries with freedom of speech.
Your comments:
Please note that while I check this page every so often, I am not able to control what users write; therefore I disclaim all liability for unpleasant and/or infringing and/or defamatory material. Undesired content will be removed as soon as it is noticed. By leaving a comment, you agree not to post material that is illegal or in bad taste, and you should be aware that the time and your IP address are both recorded, should it be necessary to find out who you are. Oh, and don't bother trying to inline HTML. I'm not that stupid! ☺ ADDING COMMENTS DOES NOT WORK IF READING TRANSLATED VERSIONS.
You can now follow comment additions with the comment RSS feed. This is distinct from the b.log RSS feed, so you can subscribe to one or both as you wish.
This web page is licenced for your personal, private, non-commercial use only. No automated processing by advertising systems is permitted.
RIPA notice: No consent is given for interception of page transmission.