Career Criminal

Alan Johnson's final judgement on Gary McKinnon's extradition, which he announced last week, is the last word of an unsaid sentence that started sometime in 2002. The first word was George W Bush's claim that he wasn't concerned about tracking down Osama Bin Laden, while letting the US military start their ruthless hounding of a vulnerable, shy computer geek. Gordon Brown's weekend announcement on Pakistan's inability to catch Bin Laden is the full-stop to this unsaid sentence. In a nutshell, the UK and US have given up the moral compass of catching the real terrorists in the world. It's just too darned difficult. They are instead labelling easy prey as the target or telling other people that they're not doing enough to fight the amorphous malleable concept they nicknamed the War On Terror. The British government mindset of being unable to fight an abstract concept has also been extended to the internet in general - if you can't control what goes on there and you can't deal with all those cunning cyber-criminals, then just make everyone online a suspect and go after people you know you can catch. In the United Kingdom, the logical outcome of this mindset became Lord Mandelson's Digital Economy Bill.

The UK and US governments should take a page from mogeneration's book. Last week, the iPhone product got the Rickrolling treatment by Ashley Towns, so an Australian company gave the enterprising young hacker a job. As The Guardian helpfully point out, Ashley Towns's iPhone worm is similar to a lot of viruses in that they are examples of proof-of-concept code going down a blind alley. I should know - I've created malware three times and all were an accidental side-effect of a proof-of-concept design. Aside from the different (non-malicous) motivations behind the hacking behaviour of Ashley Towns and Gary McKinnon, the end-result remained the same; a cheeky online rude message telling the boss-in-charge that he should really sort his crap security out. Yes, I realise that comparing the consequences of hacking a US military network against an iPhone network is disingenuous - all I mean is that both hackers essentially did the organisations a service before the real criminals or terrorists did something similar, but with a nastier conclusion.

From a personal viewpoint, I'd already advanced the real possibility in an earlier blog article that my career as a web developer automatically put me in the same category as Gary McKinnon. When I wrote that blog article, I had little idea that Lord Mandelson would be putting his signature to the Digital Economy Bill a few months later. In combination with the Extradition Act, it's a toxic mix for any web developer's career path. Bear in mind that when a simple web page is accessed, a request for that page is routed through a number of servers, many of which will be located in the States. It's almost inevitable that you'll come across the Stars and Stripes when trying to patch and fix web insecurities. The UK/US Extradition treaty frightens the life out of me as a result. Remind me never to do any anonymous unsecure servers any quick favours. In fact, when Shami Chakrabarti appeared on yesterday's Andrew Marr Show with Janis Sharp (Gary McKinnon's mother), she went further by saying any British citizen sitting at a networked computer could be under threat. In addition, being part of a community of Linux web programmers means I have to use filesharing and P2P networking on a daily basis for the maintenance of open source code. Mandelson's Bill targets all filesharers, via their Internet Service Providers (ISPs), and their internet connection can be cut if illegal filesharing is suspected in a crude "3 strikes" rule. This is before any legal or civil action is taken. So, theoretically, if Mandelson's Bill is passed, I'll be a criminal suspect every day of my life. That's the thanks I get for a job well done.

On the subject of doing a good job, I had an idea of starting up a green energy internet server company, which I've since had to junk. I didn't junk the idea because of bureaucratic red tape or being stung by IR35 in the past. It was the risk of being perceived as a homegrown or overseas criminal (rather than a budding entrepeneur) if I go through with that enterprise. Why? Well, I'd end up having to do large file transfers for such an operation, so I'd instantly be a suspect by my ISP under Mandelson's Bill. Plus, if I host third-party content on a server which, by some obscure twist of fate, offends some sensibility in American Law, I could end up being extradited to the USA. This is what has already happened to Brian Howes and his wife, Kerry. Unlike Mr McKinnon's rather silly felony, Brian has not even committed a crime. He sold some chemicals from his company in Scotland. A group of drug-dealers in the USA decided to make crystal meth out of those chemicals that they'd ordered online from Mr Howe's company website. What was the US authorities response? Well, let's just grab the dude from the UK - we're not sure he's guilty, but he's easier to catch than those pesky light-footed drug-dealers. Essentially, Mr and Mrs Howes are being dragged across the Atlantic away from their home, leaving behind four children, to try and prove their innocence. Yet again, that's someone fighting a "guilty until proven innocent" verdict. The US authorities have provided no evidence. They don't need to under the Extradition Act.

So, it's not just severe punishment for relatively minor crimes. It's about punishment being administered before a suspected crime is even shown to exist. Cyber-criminals shrug their shoulders and carry on doing what they're doing. After all, if they're clever enough, there's so many ways they can carry on filesharing or hacking and, even better, they can actually use Mandelson's Bill to scapegoat people (IP address spoofing anyone?), while they make good their escape. Historically, the British political establishment has always had an uneasy relationship with the technology community. The political authorites have always been innately suspicious of gadgets and have always had a deep suspicion of the internet. It gives too many "little people" a voice and access to resources that the privileged classes don't think they should have. This lack of support or even interest in the digital economy means that the UK government have aligned themselves with an anologue economy. That's the reason for the profound mistakes being made in digital law. It's an attempt to force one industry's laws into another industry that won't fit. Coupled with the moral failure of the War on Terror, it means that the real terrorists are well-equipped to be completely hidden behind rows upon rows of baffled, innocent civilian computer users. Some of those technically-gifted civilians, like Gary MacKinnon, could easily help government authorities track down real cyber-terrorism. Instead of Mr MacKinnon being treated like a vicious terrorist himself, they could look to the example set by Australia, when an Aussie company asked Ashley Towns to close a security hole and help protect them.

3 responses

would you hire a freelance home security expert if he broke into your house and left notes on your bed and some unwashed dishes from the tea and steak he had off with from your fridge?

not that i dont think its harsh what they are doing to gary, in fact i'd support the government telling the yanks to fuck off just for the sake of it and not because of anything else but we can't justify intentional security breaches on the basis that it does you a favour by letting you know of the vulnerability before someone malicious does something. an email would suffice for that!

I'd ask the same questions as you about such an intruder, until I was then told he had Aspergers Syndrome or borderline autism.

Did you read the article where I talk about Aperger's more? I know three people with it.

i still don't believe that aspergers is a sufficient defence. i'd just be over the moon if we told those self-righteous mongs over the pond to chase themselves.