This week we feature two stories that show how ICT intersects with national legal systems to produce very novel scenarios of crime and punishment.
A Dutch judge has given a team of security researchers from Radboud University the go-ahead to publish information about how to crack some of the security used on London's Oyster card. The card uses the same Mifare Classic chip as transport systems in Boston, Hong Kong and the Netherlands, as well as building access systems throughout Europe and the US.
The Dutch researchers should, some argue, have worked with Mifare technology vendor NXP Semiconductors and users to find a solution before disclosing the vulnerability.
This is the perennial security argument around disclosure. How much publication of vulnerability and exploit information is for the common good? Can, indeed, any such disclosure be in the public interest since it provides fodder for hackers?
Bart Jacobs, professor of computing security at Radboud University has said the aim of publication is to enable people to make their own judgement on the seriousness of the vulnerabilities of the smartcard technology. And the Dutch legal system has backed him up.
Meanwhile, hapless hacker Gary McKinnon continues to find himself enmeshed in a trans-national web of jurisdiction. He has just lost his six-year battle to avoid standing trial in the US for hacking into military databases. The Law Lords have rejected his appeal against extradition. They unanimously decided that a plea bargain offered to McKinnon by US officials was not coercive and an abuse of the extradition process. McKinnon, 42, an unemployed systems administrator, now faces extrusion to the US and charges that carry a penalty of up to 60 years. His solicitors have stated that the UK government has declined to prosecute McKinnon on the territory from which he hacked in order to enable the US government to make an example of him.
The long arm of the law has truly been extended in cyberspace!
Computer Weekly readers - IT directors and managers - will discern in the features of Gary McKinnon a certain IT type: one that tends not to speak with ease with senior management. "The art of persuasion" speaks of a battery of techniques that even the most introverted of IT workers can use to play better the corporate political game.
This was first published in August 2008