This week we feature two stories that show how ICT intersects
with national legal systems to produce very novel scenarios of
crime and punishment.
A Dutch judge has given a team of security researchers from
Radboud
University the go-ahead to
publish information about how to crack some of the security
used on
London's Oyster card. The card uses the same
Mifare Classic chip as transport systems in Boston, Hong Kong
and the Netherlands, as well as building access systems throughout
Europe and the US.
The Dutch researchers should, some argue, have worked with
Mifare technology vendor
NXP Semiconductors and
users to find a solution before disclosing the vulnerability.
This is the perennial security argument around disclosure. How
much publication of vulnerability and exploit information is for
the common good? Can, indeed, any such disclosure be in the public
interest since it provides fodder for hackers?
Bart Jacobs, professor
of computing security at Radboud University has said the aim of
publication is to enable people to make their own judgement on the
seriousness of the vulnerabilities of the smartcard technology. And
the Dutch legal system has backed him up.
Meanwhile, hapless hacker
Gary McKinnon continues to find himself enmeshed in a
trans-national web of jurisdiction. He has just lost his six-year
battle to avoid standing trial in the US for hacking into military
databases.
The Law Lords have rejected his appeal against extradition.
They unanimously decided that a plea bargain offered to McKinnon by
US officials was not coercive and an abuse of the extradition
process. McKinnon, 42, an unemployed systems administrator, now
faces extrusion to the US and charges that carry a penalty of up to
60 years. His solicitors have stated that the UK government has
declined to prosecute McKinnon on the territory from which he
hacked in order to enable the US government to make an example of
him.
The long arm of the law has truly been extended in
cyberspace!
Computer Weekly readers - IT directors and managers - will
discern in the features of Gary McKinnon a certain IT type: one
that tends not to speak with ease with senior management.
"The art of persuasion" speaks of a battery of techniques that
even the most introverted of IT workers can use to play better the
corporate political game.