McKinnon the scapegoat

Gary McKinnon’s fate is now bound up in cyberwar and matters of espionage as governments try and fai

After all the coalition posturing for the cause of Gary McKinnon, it looks like the government will not stop the autistic hacker's extradition after all.

The Prime Minister was applauded for discussing McKinnon with President Barack Obama in Washington on 20 July and later suggesting that the US might allow the hacker to serve any prison sentence in the UK. But this was a hollow victory. McKinnon's campaign was always about his extradition to the US, not whether he might serve time there, as David Cameron and other coalition MPs well knew when they made political capital from it before the election that brought them to power. The last government promised repatriation. Cameron has done nothing more.

The apparent injustice of this is greater than mere hypocrisy. To understand why, we must return to November 2000, barely three months before McKinnon was detected hacking US computers, when FBI agents performed an audacious hack of their own -- to collect evidence from computers in Russia.

The FBI hack has haunted US attempts to legitimise the cross-border collection of electronic evidence (known as trans-border access) ever since. Its illegitimacy was established in 2004 by the Budapest Convention on Cyber Crime, a US-backed cyberlaw treaty.

This was no surprise. The US helped design the treaty. The first draft was published six months before the FBI hack; the US signed it a year later, within weeks of convicting Vasili Gorchkov, one of the Russian extortionists.

In 2002, three months after a US court indicted McKinnon for hacking into US computers, the FBI hackers were decorated. Moscow reportedly responded by filing charges against the FBI agents in retaliation for their infringement of Russia's national sovereignty.

The evolving legal context was not overlooked in McKinnon's case. By the time the US requested his extradition in October 2004, the US/UK Extradition Act 2003 had entered into force. It allowed the US to order his extradition on less evidence than would normally be required to put someone before a British court. It promptly did so, citing evidence that, the high court heard last year, was insufficient to support its allegations.

Rough justice

Both cases illuminate the reasons why the progress of international cyberlaw, though slow in comparison with growing computer crime, has been plagued by concerns that it encroaches on established ideas of sovereignty, jurisdiction and human rights.

The problem is one of balance. On one side, a desire for justice to operate effectively in the computer age, when networks permeate our borders and so much of life transcends sovereign boundaries. On the other side, a desire for sovereign responsibilities and human rights not to be bowled aside in the rush for justice to operate at this height and at digital speeds.

These concerns were significant enough to trigger treaty reviews at both the United Nations and the Council of Europe, after 80 per cent of votes supported Russia's opposition to trans-border access at a UN meeting in April.

Hence also the proposed review of UK extradition law, under which prosecutors have justified the extradition of numerous people on flimsy evidence.

It all helps show how McKinnon's extradition rests on weak moral ground. Yet still the law leaves the government little choice but to let it proceed. A UK trial is permissible, if the US would agree to it. But even if the US evidence was good enough to stand up in a British court, neither government wants to stop the extradition.

Cyberwar

This is because the inherent insecurity of computer networks has now become a matter of national security. Computer breaches are a serious crime, Obama told Cameron, because they would increasingly leak valuable information. Within a week of that conversation, WikiLeaks had exposed 92,201 classified computer files with damning details of the US-led invasion of Afghanistan.

Nine and a half years after McKinnon was caught hacking, the threat of cyberwar and espionage makes his crime seem far graver than it ever was. The military can't secure its networks. It can't even tell the difference between organised hoodlums, foreign military agents and hobby hackers. As a result, all states can do is use punishment as a deterrent.

McKinnon will be strung up, metaphorically speaking, to demonstrate just how serious the US and UK are about protecting their networks. Computer systems won't be any more secure. Serious criminals and foreign states won't be deterred. But a semblance of justice will have been seen to be done.

As for actual justice, McKinnon's lawyers still have some appeals up their sleeves. The hacker's Asperger's syndrome may lead yet to his extradition being halted. That will be good enough for Cameron, so long as he can continue to give the impression he's working for McKinnon's cause.

Mark Ballard is a freelance journalist who writes about computer policy, crime, security, law and systems.

Read the full archive of the New Statesman's coverage of Gary McKinnon's case, in particular Sophie Elmhirst's exclusive interview.

Photo: Getty
Show Hide image

The EU’s willingness to take on Google shows just how stupid Brexit is

Outside the union the UK will be in a far weaker position to stand up for its citizens.

Google’s record €2.4bn (£2.12bn) fine for breaching European competition rules is an eye-catching example of the EU taking on the Silicon Valley giants. It is also just one part of a larger battle to get to grips with the influence of US-based web firms.

From fake news to tax, the European Commission has taken the lead in investigating and, in this instance, sanctioning, the likes of Google, Facebook, Apple and Amazon for practices it believes are either anti-competitive for European business or detrimental to the lives of its citizens.

Only in May the commission fined Facebook €110m for providing misleading information about its takeover of WhatsApp. In January, it issued a warning to Facebook over its role in spreading fake news. Last summer, it ordered Apple to pay an extra €13bn in tax it claims should have been paid in Ireland (the Irish government had offered a tax break). Now Google has been hit for favouring its own price comparison services in its search results. In other words, consumers who used Google to find the best price for a product across the internet were in fact being gently nudged towards the search engine giant's own comparison website.

As European Competition Commissioner Margrethe Vestager put it:

"Google has come up with many innovative products and services that have made a difference to our lives. That's a good thing. But Google's strategy for its comparison shopping service wasn't just about attracting customers by making its product better than those of its rivals. Instead, Google abused its market dominance as a search engine by promoting its own comparison shopping service in its search results, and demoting those of competitors.

"What Google has done is illegal under EU antitrust rules. It denied other companies the chance to compete on the merits and to innovate. And most importantly, it denied European consumers a genuine choice of services and the full benefits of innovation."

The border-busting power of these mostly US-based digital companies is increasingly defining how people across Europe and the rest of the world live their lives. It is for the most part hugely beneficial for the people who use their services, but the EU understandably wants to make sure it has some control over them.

This isn't about beating up on the tech companies. They are profit-maximising entities that have their own goals and agendas, and that's perfectly fine. But it's vital to to have a democratic entity that can represent the needs of its citizens. So far the EU has proved the only organisation with both the will and strength to do so.

The US Federal Communications Commission could also do more to provide a check on their power, but has rarely shown the determination to do so. And this is unlikely to change under Donald Trump - the US Congress recently voted to block proposed FCC rules on telecoms companies selling user data.

Other countries such as China have resisted the influence of the internet giants, but primarily by simply cutting off their access and relying on home-grown alternatives it can control better.  

And so it has fallen to the EU to fight to ensure that its citizens get the benefits of the digital revolution without handing complete control over our online lives to companies based far away.

It's a battle that the UK has never seemed especially keen on, and one it will be effectively retreat from when it leaves the EU.

Of course the UK government is likely to continue ramping up rhetoric on issues such as encryption, fake news and the dissemination of extremist views.

But after Brexit, its bargaining power will be weak, especially if the priority becomes bringing in foreign investment to counteract the impact Brexit will have on our finances. Unlike Ireland, we will not be told that offering huge tax breaks broke state aid rules. But if so much economic activity relies on their presence will our MPs and own regulatory bodies decide to stand up for the privacy rights of UK citizens?

As with trade, when it comes to dealing with large transnational challenges posed by the web, it is far better to be part of a large bloc speaking as one than a lone voice.

Companies such as Google and Facebook owe much of their success and power to their ability to easily transcend borders. It is unsurprising that the only democratic institution prepared and equipped to moderate that power is also built across borders.

After Brexit, Europe will most likely continue to defend the interests of its citizens against the worst excesses of the global web firms. But outside the EU, the UK will have very little power to resist them.

0800 7318496