So I Took Your Data, But I Am Safe Here...

Monday, July 25, 2011

Anup Shetty


Is an extradition treaty a control that needs to be in place to fight cyber crime?

Controls that are administrative in nature are never much emphasized, nor are they in too much in the limelight as is their technical counterpart.

Various technical mechanisms have emerged to combat the evils of botnets, malware, Web app vulnerabilities and more.

But what happens when you find out that the culprit is hiding somewhere abroad in a safe haven in a little corner of a world? Are we denied justice?  

Recent news I heard was of a 23-year-old UK citizen Richard O'Dwyer. Now this is guy is currently defending himself from getting extradited to the United States.

Guess what? What he has going for him is that he is a UK citizen.

His crime? Setting up and operating a website that offered links to free movies and TV shows - now this under the UK law might not even be illegal because this guy did not host any copyrighted material on his website, he simply provided a link.

Now what is against him is that the site used a US-controlled .net domain, and this fact is being used by the US Immigration and Customs Enforcement (ICE) agency, and if the request is granted, he could be charged by a US court with criminal copyright infringement and conspiracy.

If he is found guilty, he could get a prison sentence of up to five years. Well, this is best left for the court to decide his fate.

Although, this may now fuel the already existing unpleasantries associated with the 2003 UK extradition agreement with the U.S. and the claims of it being one-sided.

One-sided or well drafted out? Should an extradition treaty be a control that needs to be in place to fight cyber crime? Should organizations collectively be working with the Government and get this control in place?

It is well known that with the ever-growing global crime scene, the investigation takes a back seat as soon as the perpetrators are identified to be operating from locations that are out of jurisdiction or have too many intricacies associated that make the nature of the investigation too complex to complete its course.

The last I heard, United States lacks an extradition treaty with China (I don't need to be long winded about state of affairs relating to cyber crime there).

The various scams originating from Nigeria have led to cases where people have lost their lives. With many paving the path to the cloud infrastructure, would extradition be something that might come in handy?

There are of course too many inherited intricacies associated with extradition itself, but again the question remains - is this something that the corporate world needs to push the governments on so that they can see a ray of hope the next time they identify criminal activity that originates from the darkest corners of the cyber crime world?

Possibly Related Articles:
General Legal
Legal Cyber Crime Law Enforcement United Kingdom United States Extradition
Post Rating I Like this!
cliff sull Everyone knows of my minor link to the #FreeGary campaign, which is fighting against the Extradition of Gary Mckinnon and so, what I say next, might surprise a few of them.
I am all FOR Extradition of Dangerous criminals and 'Terrorists', but on the proviso that the Extradition is applied 'Fairly' to the accused.
I stand against the current Extradition Act (2003 Blair/Bush) because it is not an equal Act in my view.
It currently stands that the US Government does NOT have to provide any Prima Facea evidence to issue a request for a UK Subject.
How would any of you like to be 'extradited' from your home country - WITHOUT EVIDENCE?
That said - I do think Extradition is a good tool when applied properly.
Extradition will never really work with regards Computer Crime (in my opinion)...
I believe strongly that Governments should draw up an agreeable plan to have Cyber Criminals arrested and tried in their Home Country by joint prosecution teams from both Nations.

( P.S. - Did I mention #Freegary #NoExtradition ? )

Anup Shetty Agreed, extraditions should be applied fairly and such treaties should be well chalked out ones.

A government that assures to an organisation that justice wont be denied might as well act a selling point...

take for instance that a breach caused an organisation to loose millions of dollars.. and the investigations led to miscreants being located in a country with which the government has a mechanism that can allows the legal action to complete its course...wouldn't the organisation be pleased with its government?
bert wert .net, .com etc domains are not US domains they are generic worldwide TLDs, ICE is simply lieing (and scraping the bottom of the barrel) by saying they have juristiction over any website because the company running them is US based, the same company runs domains for the cook islands too for example
cliff sull @bert - Possesion is 9/10ths of the Law. The domain extensions may be used generically - but they ARE 'owned' by USA Companies?
Time to start our own NEW internet methinks ;)
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.