Is an extradition treaty a control that needs to be in place to fight cyber crime?
Controls that are administrative in nature are never much emphasized, nor are they in too much in the limelight as is their technical counterpart.
Various technical mechanisms have emerged to combat the evils of botnets, malware, Web app vulnerabilities and more.
But what happens when you find out that the culprit is hiding somewhere abroad in a safe haven in a little corner of a world? Are we denied justice?
Recent news I heard was of a 23-year-old UK citizen Richard O'Dwyer. Now this is guy is currently defending himself from getting extradited to the United States.
Guess what? What he has going for him is that he is a UK citizen.
His crime? Setting up and operating a website that offered links to free movies and TV shows - now this under the UK law might not even be illegal because this guy did not host any copyrighted material on his website, he simply provided a link.
Now what is against him is that the site used a US-controlled .net domain, and this fact is being used by the US Immigration and Customs Enforcement (ICE) agency, and if the request is granted, he could be charged by a US court with criminal copyright infringement and conspiracy.
If he is found guilty, he could get a prison sentence of up to five years. Well, this is best left for the court to decide his fate.
Although, this may now fuel the already existing unpleasantries associated with the 2003 UK extradition agreement with the U.S. and the claims of it being one-sided.
One-sided or well drafted out? Should an extradition treaty be a control that needs to be in place to fight cyber crime? Should organizations collectively be working with the Government and get this control in place?
It is well known that with the ever-growing global crime scene, the investigation takes a back seat as soon as the perpetrators are identified to be operating from locations that are out of jurisdiction or have too many intricacies associated that make the nature of the investigation too complex to complete its course.
The last I heard, United States lacks an extradition treaty with China (I don't need to be long winded about state of affairs relating to cyber crime there).
The various scams originating from Nigeria have led to cases where people have lost their lives. With many paving the path to the cloud infrastructure, would extradition be something that might come in handy?
There are of course too many inherited intricacies associated with extradition itself, but again the question remains - is this something that the corporate world needs to push the governments on so that they can see a ray of hope the next time they identify criminal activity that originates from the darkest corners of the cyber crime world?