Thursday, August 28, 2008

European Court of Human Rights, the hacker and the issue of jurisdiction in Cyberspace

Today has been widely reported that the European Court of Human Rights has refused to hear the case of Gary McKinnon, the hacker that few years ago penetrated NASA and other military systems and was indicted by the US Government, which requested the extradition of the hacker. There are many places that refer the story of McKinnon and the reasons he alleges motivated him to intrude the US defence systems, but it is important, however, to note that although it has been widely publicized that his intentions were to find out whether the US government was hiding evidence about the existence of UFOs, English courts have taken for proven that he

deleted data from them including critical operating system files from nine computers, the deletion of which shut down the entire US Army’s Military District of Washington network of over 2000 computers for 24 hours, significantly disrupting Governmental functions; 2,455 user accounts on a US Army computer that controlled access to an Army computer network, causing these computers to reboot and become inoperable; and logs from computers at US Naval Weapons Station Earle, one of which was used for monitoring the identity, location, physical condition, staffing and battle readiness of Navy ships, deletion of these files rendering the Base’s entire network of over 300 computers inoperable at a critical time immediately following 11 September 2001 and thereafter leaving the network vulnerable to other intruders” and that “He admitted leaving a note on one army computer reading:

“US foreign policy is akin to government-sponsored terrorism these days . . . It was not a mistake that there was a huge security stand down on September 11 last year . . . I am SOLO. I will continue to disrupt at the highest levels . . .”

So, not much of UFO searching there…

For those really interested in what actually happened and the judicial history of the case in UK, the House of Lords’ case summarizes it properly, but what the case brings back to the table is the issue of jurisdiction, not in civil cases but in crimes committed using Internet. According to Sky news, the hacker’s lawyer has said that his “client's case highlights a worrying trend where UK citizens are at the mercy of the ever-increasing tendency of overseas prosecutors to extend their jurisdiction to crimes allegedly committed in this country”, but is he correct? Has the crime been committed in this country?

The discussion permeates Internet and takes us back to two distinct but interrelated issues, like the principles of criminal jurisdiction in the international arena and the place where a crime is perpetrated. So, when a court has jurisdiction over a defendant accused of a crime? A court would normally have jurisdiction over an allege criminal if there is a connection (nexus) between either the crime or the defendant with the forum of the court, and the nexus could be established based on territoriality (the crime was committed in the court’s forum), nationality (the defendant is national of the forum), protective (a national or an interest of the forum is injured by the defendant actions), and/or universality (every court would have jurisdiction over defendant violating certain principles deemed fundamental by civilized nations). In the case in question, in principle it seems that the US would have jurisdiction over McKinnon based on the protective nexus, but since following these principles more than one country may have jurisdiction over a defendant, there are rules of law and comity that make some of the “prevail” over others. While not strictly true in this case, and mainly due to specific agreements between UK and the US, let’s assume that the territoriality nexus prevails over all the others and that the other forms of nexus should be set apart unless the courts of the territory in question refuse to try a case (like in the Spanish and Swedish intervention in human rights violation cases in Argentina and Chile for the lack of action from the later countries courts). In this hypothetical situation, the issue would be to decide where the crime has been committed and here there are mainly two theories: the initiatory or subjective theory and the terminatory or objective one, where the former understands that a crime is committed where the defendant carries out his actions, in the later the crime is seen as perpetrated where the injury or damage results.

During Imperial times English law has not been, in principle, very friendly to the notion of terminatory theories of criminal conduct and as Lord Halsbury said in Macleod v New South Wales [1891] AC 455, “all crime is local”, but the position changed for most of the 20th Century until the idea that a crime could be committed in parts was somehow rejected by the House of Lords in DPP v Treacy [1971] AC 537. However, the pervasiveness of information and communication technologies and the possibilities of committing crimes in multiple jurisdictions from a computer connected to Internet and located almost anywhere in the world, brings the necessity of recognizing that for certain types of crimes the objective theory is the only providing the protection to society and individuals that criminal law is supposed to confer. Accordingly, it seems that McKinnon’s lawyer is not right; if any crime has been committed, it is very, extremely likely, that it was committed in the US and he should probably be thinking how to deal with the US lawyer that advised him to not accept the original guilty plea bargain offered by the US Government in a meeting in London…

No comments: