British Hacker Faces Extradition To US, Not To Mention Five Years' Imprisonment In UK For Failing To Hand Over Encryption Keys
from the anything-else? dept
Techdirt followed the the saga of the hacker Gary McKinnon, whom the US authorities wished to extradite from the UK to face charges of causing damage to military computers, for some years before the UK Home Secretary blocked his extradition, and the case against him in the UK was dropped. That was a great result for McKinnon after a 10-year fight to avoid extradition, but it meant that the key issues that his situation raised were never addressed. Now a new case with many similarities to that of McKinnon's looks like it will revisit some of those legal questions -- and add some more of its own:
A British man has been charged in the US with hacking into thousands of computer systems, including those of the US army and Nasa, in an alleged attempt to steal confidential data.
But even before he can begin to fight that case, Love has an additional problem to deal with because of the following:
Lauri Love, 28, is accused of causing millions of pounds of damage to the US government with a year-long hacking campaign waged from his home in Stradishall, a village in Suffolk.
On February 7th the deadline for Lauri Love to turn his encryption keys over to the UK government expired.
As the post on FreeAnons explains:
The UK government are now free to charge Lauri for his lack of cooperation with their demand for his passwords, in accordance with section 49 of the controversial Regulation of Investigatory Powers Act 2000, but what is section 49 and why is it being levied against Lauri Love?
Actually, RIPA's punishment for withholding keys seems to be up to two years' imprisonment in general, and up to five when the magic spell "national security" is invoked, but it's still a long time. And the crucial point is the following:
Section 49 essentially allows the UK government to compel, under threat of up to five years imprisonment (this doubles to ten years if national security is seen to be at stake), any citizen to disclose their personal encryption keys. The law allows for this legal compulsion on grounds ranging from "the interests of national security" to "the purpose of preventing or detecting crime" and "interests of the economic well-being of the United Kingdom".
Lauri has been charged with no crime in Britain, yet their government is still invoking this law to attempt to force him to provide information that could incriminate him or damage his defense should he go to trial.
So Love faces two extremely serious problems: the threat of imprisonment from RIPA, and the threat of extradition to the US, with a long prison sentence there if he's found guilty. Here's what the US Department of Justice is accusing him of:
The indictment, which was released by the US department of justice on Monday, describes Love as a "sophisticated and prolific computer hacker who specialised in gaining access to the computer networks of large organisations, including government agencies, collecting confidential data including personally identifiable information from within the compromised networks, and exfiltrating the data out of the compromised networks".
"Gaining access", "collecting confidential data", "exfiltrating data out": isn't that precisely what the NSA and GCHQ have been doing around the world on a rather larger scale...?