NASA hacker debate rages on

Security experts are divided over whether Gary McKinnon, the alleged NASA hacker, should stand trial in the US.

McKinnon was told last week he would be sent to the US after Home Secretary John Reid signed his extradition papers, but he has vowed to appeal the decision in the House of Lords and the European Court of Human Rights.

McKinnon's potential extradition has garnered strong reactions from security professionals.

Richard Starnes, UK president of the Information Systems Security Association, believes that the US Government wanted to prosecute McKinnon in the US as "the UK has a long history of giving lenient sentences for computer crimes".

"Under the Computer Misuse Act, the maximum penalty you get is five years. You can get 10 years for the criminal misuse of copyright. You can break into a small business's systems and do irreparable damage here, and can get more time for selling Microsoft bootlegs at a car-boot sale," said Starnes.

"I'd be very surprised if he doesn't get approaching 10 years," Starnes added.

McKinnon could be jailed for up to 70 years if found guilty of hacking US military systems. He said in May he is unlikely to receive a fair trial if extradited, and his defence has argued he could be held indefinitely without trial under Military Order Number One.

However, McKinnon will not be tried under the Patriot Act, under which he could have received the death penalty.

McKinnon has always maintained he was looking for evidence of UFOs, but has also said he accidentally deleted files "during a batch file clean-up".

Les Fraser, ICT security consultant at the British Computing Society, argued that the two statements were incompatible.

"He seems to be saying two conflicting things — that he was doing no harm by looking for evidence of UFOs, but he's admitted deleting files. He's presented himself as an old-fashioned, idealistic hacker. Whether that's true or not is a different matter," said Fraser.

"From a company's or organisation's point of view, even if he genuinely did do nothing, you would want to pull down the systems and start again," said Fraser.

Frank Coggrave, senior Websense director for Western Europe, said: "He's been doing illegal stuff, but the press have been positioning him as some kind of anti-hero, giving the impression that he's a nice guy really."

"He might be a hero to somebody," said Les Fraser.

Some security consultants have pointed out that he shouldn't be judged by anyone until the evidence has been weighed up.

"You can't sentence someone until you know the facts," said Greg Day, security consultant for McAfee. "I don't think it matters whether he was well-intentioned or evilly minded — it's about the level of damage he did to a third party. I'm not in a position to say how much damage has been done," Day added.

The majority of ZDNet UK readers do not think that the Home Secretary made the right decision. In a reader poll, 74 percent believed the Home Secretary was wrong to extradite McKinnon to the US to stand trial.

In a reference to American prosecutors not producing any evidence to back up the extradition request, ZDNet UK reader JG Downs said:

"It's an absolute nonsense to extradite [McKinnon] when no evidence has been produced to convince anyone that it is necessary," said Downs.

"Our Government is assuming his guilt. He is not 'innocent until proven guilty' in their eyes. He stands to be imprisoned for two years waiting to be brought to trial. Is that the treatment our citizens can expect from this Government? Is that fair and normal treatment for one of our own citizens?" Downs added.

Another reader said: "The US Government is just trying to cover up its shoddy security and poor IT skills."

However, other readers argued that McKinnon should be extradited.

"He broke the law, the US has the right to prosecute him. Get over it," said one reader who chose to remain anonymous.