I never said no UK laws were broken. Please read what I wrote again

Nor did I say that you did :)
thus

Please read what I wrote again

right back atcha ;))

I was refuting them not you ..but "they" didnt "post in this thread" so I was lazy and put the quote tags around your text ..

I probably should have inserted and bolded "In spite of what the UK govt may claim" ..

The italics in your most recent post make it clearer to other readers ..

I suspect that you and I are in broad agreement on the legal niceties or lack of such that have been used or abused in this case ..
edited for grammar and speeling..post in haste ..regret in edit box;)

In this example, UK laws (against fraud) would certainly have been broken, however, the US has jurisdiction.

I must again respectfully disagree. The only laws broken in your example appear to be US. The perpetrator wasn't in the UK and didn't use anything in the UK to aid in his crimes. Unlike McKinnon, who was both in the UK and used UK telecommunications equipment to commit his alleged crime against US interests.

I suspect that you and I are in broad agreement on the legal niceties or lack of such that have been used or abused in this case

If you think laws of both countries have been broken then yep, we're in general agreement about what's happened. :)

If you think laws of both countries have been broken then yep, we're in general agreement about what's happened. :)

that we appear to be :)

with the teensy caveat ..I trust it keeps us in agreement nonetheless :)

If you think laws of both countries may have been broken then yep, we're in general agreement about what's happened. :)

my insert and bold ..

because he has yet to be tried and thus yet to be found guilty or not

..anywhere ..

confessions dont count until the judge and / jury has pronounced a guilt verdict ..in either juristiction ..

I must again respectfully disagree. The only laws broken in your example appear to be US.

So you believe that fraud is legal in the UK - I don't think so.

Of course UK laws were broken in the example I gave - BUT THEY WEREN'T BROKEN IN THE UK. Had the crime I described taken place in the UK, is would have been prosecuted in the UK, but in this example, the US has jurisdiction because the crime was committed in the US.

The Gary McKinnon case is a long-distance crime and, so far as I am aware, there are no specific treaties either multilateral or bilateral that specify where prosecution should take place. So, given that the US have told a pack of lies about the cost of the damage caused, I think it is entirely reasonable to insist the prosecution takes place in the UK or not at all (if the US Govt is unwilling to provide the necessary evidence).

Kaled.

Kaled, you're twisting my words around to suit your purposes. That's not right!

Of course I don't think fraud is legal in the UK. In your Barclay's example though, no crime was committed in the UK. So how can someone be prosecuted for it? Simple answer...they can't.

In this very real case involving Mr. McKinnon, it appears he committed crimes in both the UK and US. But for whatever reasons UK authorities keep asserting no crime has been committed there.

This actually makes perfect sense when you look at how easily the UK gives into US demands regarding extradition. One only has to look at The Extradition Act 2003 for proof of this.

Under the terms of that treaty the US is not even bound to provide prima facie evidence of any crime when requesting extradition. So I'm not really sure why the US is keeping up this admittedly bogus claim of there being a huge amount of monetary damage caused by Mr. McKinnon. Just demand his return and be done with it. We can dream up whatever charges we want once he's here.

Please note I'm not saying I agree with there being no need for prima facie evidence. In fact I wish it were a requirement.

So it's no real surprise the UK is once again giving into US demands they hand over an alleged criminal. And coming up with whatever reasons are necessary to support their decision and attempt to save face.

Ten minute break. Smoke 'em if you got 'em. :)

If you think laws of both countries may have been broken then yep, we're in general agreement about what's happened.

I didn't see your post until now. Yep, you're certainly right about that.

I'm a bit peeved at myself cause all along I've been careful to say alleged when referring to possible crimes.

Oh well. I'm blaming it on being Saturday and my brain having the weekend off. ;)

Ten minute break. Smoke 'em if you got 'em.

I'm not the least bit angry. Sorry if it seemed otherwise.

In the example I gave, the crime would have been committed in the US but at least some of the victims would have been in the UK - i.e. there would have been UK victims (shareholders) of a fraud committed in the US.

The point I have made, and made clearly, is that if victims are present in more than one country, the only logical place where a trial can be held is the country in which the perpetrator was located at the time of the crime.

In the case of Gary McKinnon, the only victims (that have come forward) are in the US. However, that does not negate the principle that I have established perfectly logically that the trial should take place in the country where the perpetrator was located at the time of the crime.

If Gary McKinnon had been living in the US, then, assuming the US authorities lodged truthful extradition papers, then extradition would be reasonable.

Let's not forget here, that everyone with an ounce of technical knowledge knows that the US authorities have lied and done so blatantly and utterly disrespectfully - that in and of itself is grounds to believe that Gray McKinnon would not receive a fair trial and so no extradition should be granted.

Furthermore, the name of the game is reciprocity. If circumstances were reversed, there is not a snowball's chance in hell that the US would extradite a hacker to the UK (esp if UK authorities told a pack of lies) therefore we should not do so.

Kaled.

I'm not the least bit angry. Sorry if it seemed otherwise.

No worries. Directed at everybody. :)

I think we're better off debating only the merits of the McKinnon case.

I agree the only victims of his alleged crime are in the US.

But if he used UK-based telecommunications equipment to commit whatever crimes he winds up being convicted of then didn't he break laws in both countries? The UK does have laws which make use of telephones and computers to commit crimes illegal. And so, in my mind, this has little to do with victims and everything to do with criminal activities.

OK, it really has everything to do with the US being embarrassed about being caught with its firewalls down! But let's not get bogged-down in actual facts. ;)

Let's not forget here, that everyone with an ounce of technical knowledge knows that the US authorities have lied and done so blatantly and utterly disrespectfully - that in and of itself is grounds to believe that Gray McKinnon would not receive a fair trial and so no extradition should be granted.

Finally something we can sort of agree on.

Of course the US has lied about this. Given what I said before about the extradition treaty that exists between the US and UK I don't see why they did this. The US could have just said, hand him over!

Either way, once he's here the US could have changed whatever they might have been pretending to charge him with and dreamed up new, perhaps far more serious charges.

So what guarantees are there he'd get a fair trial just because the US gives up on this financial damage nonsense?

As I see it absolutely none.

So what do we do? Charge him with some crimes, hire him as a security consultant, or perhaps just ignore the whole thing and hope it goes away?

I've taken ten minutes. Lit the smoke. And still haven't changed my mind. McKinnon, who has CONFESSED to the act, should be tried for the criminal acts and that's that. Sincerely believe there is no doubt by anyone participating on this thread McKinnon "did it". What is being discussed is private protest regarding the extradition treaty which (and as an American I also agree) is a bit one-sided.

He will be tried. In the US. Not so much a prediction as a certainty...

McKinnon, who has CONFESSED to the act...

Wrong...

Gary McKinnon has confessed to snooping, he has not confessed to the malicious damage of which he stands accused, and of which he is clearly innocent.

In order for a hacker to do the sort of damage of which he is accused whilst going undetected for months he would have had to leave behind time-bombs or remote-control bombs and, given that the charge is that of causing damage (not attempting to do so) the bombs would have had to detonate.

He is currently under threat of 70 years imprisonment in a country that does deals with murderers (with useful information) so that they serve perhaps five years!

Kaled.

Even our PM seems to agree that this is wrong.

[youtube.com...]

I don't really understand why the US would want a public trial where the guy will basically expose how ridiculously easy it was to break into a US gov. network.

Personally I would have hired him and made a public spin story about the guy being a complete genius and achieving the impossible.

Major embarrasment for the US doing it this way.

In the general scheme of things this is a tempest in a teapot. And a vast determination by folks like David Gilmour and some on this list to don the wooly blinders as to criminal acts for whatever reason they chose to disseminate FUD. "Snooping", by the way, as regards computer networks, is a criminal act.

Kaled, we personally are at loggerheads, so I will bow out. Rule of law works for me more than rule of heart. I like your heart. I'll leave it at that. But I want McKinnon tried, and convicted for his confessed crime of penetrating US military computers (there's no question of that, out of his own mouth) and that act, alone, is criminal.

And for all the others wondering why a trial should follow... just imagine YOUR WEBSITE hacked by those seeking evidence of alien spaceships or antigravity drives, or just inserting spam and/or malicious driveby software. And they had Asperger's. Let 'em go, right?

Right.

And for all the others wondering why a trial should follow... just imagine YOUR WEBSITE hacked by those seeking evidence of alien spaceships or antigravity drives, or just inserting spam and/or malicious driveby software. And they had Asperger's. Let 'em go, right?

No, try them in the country in which the offence was committed. However, you have raised a very interesting point...

Suppose my .co.uk website was hosted in the US and hacked by a US citizen - where should the trial take place?

Suppose my .co.uk website was hosted in the UK and hacked by a US citizen - where should the trial take place?

Suppose I am English, living and paying taxes in France, running a .co.uk website that is hosted in the US and is hacked by someone in Germany - where should the trial take place?

Determining where the crime of hacking was committed in these examples would be a complete nightmare unless you take the simple, obvious and principled decision the crime was committed in the country where the perpetrator was located.

Kaled.

It's not like double (triple, quadruple?) jeopardy applies. Each sovereign can determine which of its laws were broken and prosecute accordingly. Of course, that brings us back to the topic of this thread - extradition. :)

I've had discussions on the jurisdiction where a crime is committed with regard to hacking over the Internet with some local lawyers specialized in cybercrime. And from what I remember, their clear viewpoint -in the Belgian law- is the location of the server being hacked determining the jurisdiction, not the location of the perpetrator. This is obviously based on local law as that's what was being discussed.

In the same sense hacking a foreign server from Belgian soil is not unlawful under the Belgian cybercrime laws, but hacking a Belgian server from abroad is something the law allows for severe punishments. The tricky bit is of course getting hold of the alleged perpetrator and getting them in a court.

If we suppose most laws in an international context are like that, then aside of the extradition, there is really little else to get hackers convicted of the crimes they commit. Hence extradition treaties are what we need to fight cybercrime.

It's more or less the same with a murder case: let's assume a Irish in Ireland with a sniper gun kills an English in the UK (or northern Ireland or so). Where was the murder committed ?

Hence extradition treaties are what we need to fight cybercrime.

Agreed, but they should be 100% reciprocal and based on hard evidence. The US are using lies about the dollar figure they claim they lost as a result of this because apparently a dollar figure is a requirement for extradition.

This guy used a commonly available Perl script to search for blank and default passwords and he found them. If there was in fact any loss then it could also be argued that it was the incomptence and downright carelessness of the IT people and government employees that caused this loss. Was anyone ever disciplined for this?

And from what I remember, their clear viewpoint -in the Belgian law- is the location of the server being hacked determining the jurisdiction

And what happens, in Belgian law, if for instance, Google servers in multiple countries were hacked? Does the culprit have to face trial in every country where an affected server is located? I'm sorry, but that makes no sense!

Incidentally, there have been cases of people being shot across borders but I'm not aware of any extraditions. In the UK, WPC Yvonne Fletcher was shot and killed from the Libyan embassy but no extradition took place. From memory, diplomatic immunity could not apply because the culprit was not officially identified.

Kaled.

Basically they ( both govts ) dont want him tried in the UK because the trial would have to be held in public ..( and they couldn't hold any parts in camera so as to be "protecting national secrets" ..because they wouldn't be UK secrets )..and UK judges wouldn't accept in camera to protect US "secrets".

Unless the UK govt pulled another BAE systems "corruption trial/prosecution/investigation" squashed "not in the national interest" move as under Blair ..

So both want it held in the US where if the charge is changed upon his arrival ..or added to then it can be argued that some if not all of it must be dealt with in closed court ( camera) or even military tribunal ...a la gitmo ..

They know what he saw because they have their log files ..but they dont know what he can remember ..they dont want him telling publically before they can find out ..

And both govts have lied so much about the whiole episode that they have now dug the hole ..are still digging ..and dont know how to put down the shovels without admitting that they lied ..

Get him to sign the uK official secrets act ..one doesnt have to be a serving member of the UK military nor employed by the MOD etc to do so ..then try him for the missuse of computors act offense ..give him short uk sentence ( or even suspended sentence ) ..and tell him if he discusses or writes then ..its covered by the "official secrets act" and he'll risk more jail ..do all of this trail in the UK ..some of the trial could then ( if he'd signed the act ) even be in camera as he must have gone through NATO machines at some point in his hacking ( not saying I approve of in camera trials but just this way strikes me as a practical way out for both govts ..if they dont want to just "fess up" ..and he gets tried ..win/win/win ?

Face saver for all ..and justice will have been served ..and to a degree seen to have been served ..

And it's not like he was a very clever hacker as he tagged his tracks all over the place ..in and out quietly leaving no trace wasnt his style nor I suspect within his capabilities ..

( and then the incompetant sysads etc ..that have not already been fired ..can be put out to grass )

[edited by: lawman at 3:15 pm (utc) on Aug. 2, 2009]
[edit reason] italicize latin phrase for clarity :) [/edit]

The US are using lies about the dollar figure they claim they lost as a result of this

Isn't it part of the -still to be held- trial to determine if the accusations are false or not? If I'm not mistaken the purpose of a trail is exactly that.

This guy used a commonly available Perl script to search for blank and default passwords and he found them.

*If* that's true (needs to be proven in the trial) it's still the equivalent of using a commonly available lock pick to enter a weakly protected building (it remains breaking and entering, regardless of how easy it is to do so)

Weak protection is no excuse for committing a crime.

Isn't it part of the -still to be held- trial to determine if the accusations are false or not? If I'm not mistaken the purpose of a trail is exactly that.

Problem is that if he is extradited and then the charges are changed the false figures will never have to be proven ..and he will have been extradited under possibly false pretenses ..UK govts fault for signing something which puts their citizens in the position that the US can lie to get them ( no proof of accusations required )..but that if the treaty runs the otherway ( US citizen to UK )all accusations must be proven proir to extradition being granted ..

@kaled

Suppose I am English, living and paying taxes in France, running a .co.uk website that is hosted in the US and is hacked by someone in Germany - where should the trial take place?

I'm not sure if this is relevant or not. But let's give it a try.

Let's say instead of hacking a website I make an e-commerce purchase.

In which country will I pay sales tax/VAT?

I think it would be the US, but I'm really not sure since I've never been in this situation before.

@BeeDeeDubbleU

This guy used a commonly available Perl script to search for blank and default passwords and he found them. If there was in fact any loss then it could also be argued that it was the incomptence and downright carelessness of the IT people and government employees that caused this loss.

Therefore, if I leave my house and forget to lock the doors and someone walks in and steals all my stuff I'm the one to blame? That's certainly not how it works here in the US.

@swa66

Weak protection is no excuse for committing a crime.

Quite right. See the above comment to BeeBeeDubbleU.

@Leosghost

UK govts fault for signing something which puts their citizens in the position that the US can lie to get them ( no proof of accusations required )..but that if the treaty runs the otherway ( US citizen to UK )all accusations must be proven proir to extradition being granted

And finally, getting back on-topic. Were it not for this minor inconvenience this would, I suspect, be a relatively simple issue. The US would have to present realstic evidence to UK authorities, in this case now the House of Lords instead of a District Judge, before any decision about extradition could be made. That would certainly nullify the financial damages claim as I think any reasonably technically-minded person would laugh out loud at such a claim. And it would bring up much more realistic charges of hacking into unauthorized computer systems.

As the law stands, for better or for worse, McKinnon can certainly be extradited, will be extradited. What he'll be tried on remains to be seen because of what the UK agreed to in the most recent extradition act.

Regardless, it does appear a crime has been committed. And as with all crimes the alleged perpetrator needs to face justice. In this case, since the UK clearly doesn't want to press charges, it's up to the US to do so.

Let's say instead of hacking a website I make an e-commerce purchase.

Making an e-commerce purchase isn't a crime, nevertheless you seem to have come to the same conclusion that I did - the tax should be paid in the country in which the purchaser is located. Oddly, that's not always what happens!

Kaled.

Therefore, if I leave my house and forget to lock the doors and someone walks in and steals all my stuff I'm the one to blame? That's certainly not how it works here in the US.

But we are not talking about your house. We are talking about the US government's apparent incompetence and naivete in matters IT. That is the scary thing. Aren't you at all concerned that your government left the door open?

As the law stands, for better or for worse, McKinnon can certainly be extradited, will be extradited.

I wouldn't bet on that. There is a growing support for McKinnon's cause here in the UK and many politicians, intellectuals and celebrities feel that the UK should not throw McKinnon to the lions. If he gets sent over there that will not be the end of the matter.

The US government seem to be incapapable of seeing the damage they do to their reputation with this sort of stuff.

See [timesonline.co.uk...]

Making an e-commerce purchase isn't a crime, nevertheless you seem to have come to the same conclusion that I did - the tax should be paid in the country in which the purchaser is located. Oddly, that's not always what happens!

Obviously e-commerce is not a crime. I'm trying to find other scenarios from which to drawn parallels.

Aren't you at all concerned that your government left the door open?

Of course I'm concerned. Embarrassed in the extreme as well! But that doesn't mean I can hack my way into NASA computers with impunity.

Thank you for that link to Times Online. I didn't realize until just now the extent of the damage McKinnon appears to have done. I thought he had broken in, looked around for UFO-related stuff, and left. Yes, I know he supposedly did this numerous times. But I had no idea he'd done the things of things your Home Secretary mentioned in the piece he wrote for the Sunday Times:

The Home Secretary wrote in the Sunday Times that the crimes he is accused of are “far from trivial”.

He points out that he is alleged of repeatedly hacking into US government computer networks, including 97 US military computers, deleting vital software and then copying encrypted information onto his own computer, shutting down the Washington computer network for 24 hours.

And what happens, in Belgian law, if for instance, Google servers in multiple countries were hacked? Does the culprit have to face trial in every country where an affected server is located? I'm sorry, but that makes no sense!

From the Belgian law (which I'm not defending, just explaining) there is no problem with hacking Google servers as long as you stay away from those located in Belgium, no matter where you are located.

Facing trial in many countries is also not really a problem, I'm sure there have been others committing crimes in multiple countries: they get convicted in one, serve their time, get extradited, and it starts again and again as needed, or they can be allowed serving all their time back home, it all depends what's in the treaties.

UK govts fault for signing something which puts their citizens in the position that the US can lie to get them ( no proof of accusations required )..but that if the treaty runs the otherway ( US citizen to UK )all accusations must be proven proir to extradition being granted

Well, if a government wants their country to be a poodle....

Blame Blair, and (if you are British) campaign to get the law changed.

Facing trial in many countries is also not really a problem

In principle, you are right, but practicalities have to be considered. Also, whilst there have been many instances of extradition after serving a sentence, I am not aware of any cases where extradition has taken place prior to serving a sentence, nor am I aware of any instance in which someone has been tried and sentenced in two countries for the same crime.

Kaled.