US Lynch Mobs Howl At London's Kid Cracker Sentence
By Richard Chirgwin
Date: February 05, 2004
In the UK, a teenager is convicted of a computer crime but escapes gaol. Where do the screams come from?
As is typified by this ignorant editorial in Silicon.com, there's outcry in the US because a court in Britain has decided not to lock up an 18-year-old convicted of breaking into computers at Fermilab.
Rather than delve into the case, read the judges comments, and come to terms with a legal system not their own, American IT press and security experts have instead reverted to type. Insularity? We've heard of it...
Even the wire agencies seem to be quietly pandering to the agenda of the US press: America wants anti-hacker stories, the wires want syndication income - and so few of the wire stories include the inconvenient details that the police supported the gaol-free sentence^; or that the accused, Joseph McElroy pleaded guilty and helped the police in their investigation^; or that he was just 16 at the time of the offence.
Hell no: the computer security industry, particularly in America, is overpopulated with hysterics and screaming posses. Armed with just one piece of knowledge - the five-year maximum sentence - the US security industry has let fly, and the sycophantic end of IT media, which counts itself as a servant of rather than a reporter of the industry, is coming along for the ride (don't bite the hand...).
The US IT press can't even consistently locate McElroy's home, agree on a spelling for the software they allege he wrote (yeah, a 16 year old wrote a server that can hack Fermilab, suggesting that at best a 12 year old was in charge of security there), or grasp that a criminal conviction doesn't equate to the court rubber-stamping another government's demands.
It's a sickening display.
Then there's the matter of Fermilab's demand for compensation - which is becoming a common refrain in computer-related criminal cases. "He should have been made to pay!"
As in the Sydney piracy case here last year, the lynch mobs have forgotten a fundamental aspect of criminal law: the plaintiff is the government (the Crown in the UK, "the people" in America). The US Department of Energy wasn't the plaintiff, it was the victim. Its standing in a criminal matter is not the same as if it had sued the kid in a civil court^; and I would imagine that, as in Sydney last year, an English court can't accept an arbitrary cost figure invented by the victim without testing it as evidence.
The computer industry may have faked its way into lots of money by inventing numbers for "projected savings", TCO, productivity gains and the rest. But this time, we're not talking about a vendor smooth-talking an analyst. In the criminal law, numbers have to be proven.
I'll bet that had the US DoE been told "demonstrate the cost of damage beyond reasonable doubt", it would have answered with a red-faced silence^; but out in the street still complained that it couldn't understand English courts.
I'd like to close on this thought: knowing the degree to which IT security is, itself, compromised by individuals with murky pasts, can that industry suddenly cloak itself in purity and light, and act as if it should be the final arbiter of justice in a free society? Can a VP in the Valley really dump on McElroy with a clean conscience while signing his name d3ViLLhkor after-hours and calling it "research"?
^macro[showdigestcomments;^uri;US LYNCH MOBS HOWL AT LONDON'S KID CRACKER SENTENCE]