Security from A to Z: Extradition

Hacking is an international crime. Is extradition the right way for governments to go? Part of a series on hot topics in security.

Natasha Lomas Mobile Phones Editor, CNET UK

Natasha Lomas is the Mobile Phones Editor for CNET UK, where she writes reviews, news and features. Previously she was Senior Reporter at Silicon.com, covering mobile technology in the business sphere. She's been covering tech online since 2005.

See full bio

Natasha Lomas

Nov. 28, 2006 12:27 p.m. PT

3 min read

The global reach of the Internet has clear advantages when it comes to connecting up the world and enabling a worldwide exchange of data. But it has also given criminals the chance to exploit this connectivity. They now have the opportunity to perpetrate cross-border crime without leaving home.

By its very nature, cybercrime is an international phenomenon. A virus, once unleashed, is not limited to a particular geographical region. The "419" e-mail scams may be associated with Nigeria, as the country they commonly originate from, but victims of the fraud can hail from anywhere in the world.

The worldwide threat posed by Web-based crime has led to Europe and the U.S. backing an international anti-cybercrime treaty, in an attempt to improve cross-border collaboration.

Extradition comes into play when the government of a country affected by cybercriminal activity wants to prosecute an alleged perpetrator who resides elsewhere in the world. Countries rely on existing extradition treaties to do this. Where there is no treaty in place between two nations, there will be no chance of a cybercriminal being handed over for prosecution.

In 2004, a U.S. attempt to extradite Hew Raymond Griffiths, a 42-year-old computer programmer from New South Wales, Australia, for his alleged role in leading the DrinkorDie piracy group, failed after an Australian magistrate ruled the U.S. had not provided enough information about the specific instances of his alleged copyright infringement.

A higher-profile extradition attempt by the U.S. involved the so-called NASA hacker Gary McKinnon, a U.K. national who lives in north London. The extradition process started in 2002, after McKinnon was charged by a grand jury in New Jersey with intentionally damaging a federal computer system. The alleged hacks included breaking into systems belonging to the U.S. Air Force, the U.S. Army, the U.S. Department of Defense, the U.S. Navy and NASA.

In 2005, McKinnon's extradition hearing began in London. His lawyers argued that extradition would breach his human rights, owing to the possibility of his being tried under U.S. antiterrorism laws. That could see McKinnon being treated as a terrorist and jailed for up to 60 years, they argued.

However, this argument failed to sway the court. The presiding judge acknowledged McKinnon is likely to face a harsher sentence in the U.S. than he would in the U.K., but he said: "It must be obvious to any defendant that if you chose to commit a crime in a foreign country, you run the risk of being prosecuted in that country." McKinnon's extradition was rubber-stamped back in July by British Home Secretary John Reid, though he has yet to be handed over to U.S. authorities.

Further controversy surrounds the McKinnon case, because he is being extradited under the U.K. Extradition Act 2003. This was rushed into law after the terrorist attacks of September 11, 2001, and does not include a requirement for an extradition request from the U.S. to contain prima facie evidence of the charges. The Act has also not been ratified by the U.S. government, so while McKinnon is being extradited to the U.S. under its terms, the U.K. government cannot extradite a U.S. citizen to the U.K.

Natasha Lomas reported for Silicon.com in London.