Like many cybersecurity professionals, I was somewhat pleased to finally read about the sentencing of
convicted Russian cybercriminal Roman Seleznev to 27 years imprisonment by a US court. While this sets a new precedent in the sentences handed out to cybercriminals, many of whom have cost banks and retailers billions of Dollars, Pounds and Euros in losses, and forced other businesses to close up shop entirely, the case raises some interesting legal, moral and political questions.
Should it be the role of the United States judiciary to police the Internet and prosecute perpetrators of cybercrime, many of whom, reside in parts of the world outside of accepted standards of functional law enforcement. And if so, what lengths should be considered internationally acceptable for US law enforcement to go to, in order to capture, or apprehend individuals for future prosecution, when those individuals are discovered in, or transiting through, other countries, with whom the United States has no extradition treaty?
This was plainly the case in the apprehension of Seleznev who was vacationing with his family in the Maldives – a country with no extradition treaty with the United States. Yet, he was detained, handed over to US law enforcement officials, who then took him against his will to Guam, and onto Washington State where he was charged under US law for his crimes in the United States having never (as far as we know) even visited the country. Essentially, this is a non-US citizen, kidnapped by US law enforcement officials, in a neutral third country, and forcibly extradited without warrant to the United States to face charges for crimes allegedly perpetrated in that country.
Don’t get me wrong, I’m all for the arrest of cyber criminals and the imposition of long deterrent sentences to keep them off the cyber streets. I'm also keen for this to send a message to other (young) wannabes that cybercrime doesn’t pay. My concern is one of the basic rule of international law and whether this could one day back-fire against the United States.
I’m no lawyer but if due process was ignored in the apprehension of this individual then he’ll be out of jail on a technicality very quickly when this goes to appeal. If the intent was to use Saleznev as a bargaining chip with the Russians, then that raises a whole different set of questions, and this entire case moves more towards a political abduction / ransom scenario.
While Seleznev, the son of an influential Russian politician, was plainly protected in Russia from prosecution by the country’s barely functioning legal system, and by his father’s close friendship with Vladimir Putin and contacts at the FSB, does the United States have a moral, ethical or legal right to enforce its laws half the way around the globe in countries where it has no legal jurisdiction and against citizens of other nations? Does the United States regard itself as the Internet judge, jury and executioner for electronic crimes?
Few would dispute the morality of the lengths undertaken to bring to justice a mass-murderer like Osama Bin Laden by the US military, but does this morality extend to perpetrators of financial crimes, and, if so, where do we draw the line?
Jeff Fridges raised some interesting questions in his comments to Brian Krebs story of the sentencing of Roman Seleznev and while the
scenario Jeff paints might be considered a little far fetched, let's not forget that we have seen these kind of event-chains in the past. No one expected the Spanish Inquisition, and few predicted the rise of the Nazis, Kim Il Sung, Mao Tse Tung, or Stalin.
[quote]
I’m bothered that the US apparently feels it has jurisdiction over the entire Internet, and can arrest anyone ‘anywhere in the world’ who violates ‘US law’ online.
Sure, this guy was a crook … but what about the next guy?
Consider this scenario. Street violence by right-wing militias in the US gets worse over April and May. Early in June, someone caps Trump. Pence becomes President and at the same time the assassination spurs a huge mobilization of Trump’s right-wing base. By the time everyone’s heads have stopped spinning, it’s martial law, draconian new legislation is being passed by the Republican congress (dominated by Tea Party evangelicals) and rubber-stamped by Pence. A Supreme Court stacked with ultraconservative Christian judges (Gorsuch, et al) looks the other way as the Constitution is put to the torch. Trade unionists and Muslims are rounded up and “disappeared” or deported, after which a purge of Hispanics begins — later it will be the Jews, though until the new forces have cemented their power thoroughly they and their powerful lobby and bankster friends will be left alone or even, for a while, convinced that “this time won’t be like the last time” for them.
By December the US is a de-facto fundamentalist Christian theocracy. Free speech is outlawed. Non-Christian religions, the teaching of evolution or climate change, p0rn, etc. are all outlawed.
And the US continues to act as if its borders contain the entire Internet.
Now someone in Cambodia blogs about climate change, or a European scientist publishes online a paper about evolutionary biology. Plenty of websites exist for mosques, synagogues, Buddhist temples, etc., run out of various corners of the world. And of course the net is awash in p0rn.
Do the proprietors of all of these websites start getting rounded up and renditioned, “extradited” to the US? After all, though they’re not inside US borders, what they are doing is illegal under US law and they are doing it online …
Now are you worried?
[end quote]
Regardless of who’s in the US White House (or Mar-a-Lago) and lets face it, Washington is a revolving door every few years, the questions that Jeff raises, and the scenario he paints, needs further discussion rather than simple dismissal as being radical.
While the United States with its overwhelmingly superior military might, has been the global policeman for many years, is this a role that the US intends to formally expand to the policing of the Internet, and is this a conscious decision as agreed by elected leaders and set in policy and law, or one brought about by the independent actions of US law enforcement officials frustrated at the failure, or lack of functional legal systems in other parts of the world. Legal systems rife with corruption, where cyber criminals can “live big” and publicly boast about their activities as Seleznev did, (till now) safe in the knowledge that the right people have been paid off, and that they are immune from prosecution?
Did the United States make a conscious decision to go to war and militarily occupy South Vietnam, or was it a political slippery slope driven by a succession of events and decisions from which it became increasingly difficult to turn back?
“Those who don't know history are doomed to repeat it.”
- Edmund Burke
Perhaps an examination of historical events is necessary to attempt to understand where this action could lead, and if it is the right type of action to address the policing of the Internet globally.