Antiterror law lets government nab foreign hackers
WASHINGTON -- The recently approved antiterrorism law could be used to prosecute foreign hackers, a move critics say could make the United States the world's Internet policeman.
The new prosecutorial powers, which have no parallel in other nations, affect computer hacking cases and take advantage of nation's pivotal role in Internet communications.
The precedent could be used to apply to pornography or other crimes in which laws differ between nations, according to a former Justice Department computer crimes prosecutor.
"It's a massive expansion of U.S. sovereignty," said Mark Rasch, now with computer security firm Predictive Systems.
A prosecution can occur if any part of a crime takes place within U.S. borders. A large part of the Internet's communications traffic goes through the United States, even in messages that travel from one foreign country to another.
The change was highlighted last month by the Justice Department in its field guidance to federal prosecutors.
"Individuals in foreign countries frequently route communications through the United States, even as they hack from one foreign country to another," the recommendations said. "The amendment creates the option, where appropriate, of prosecuting such criminals in the United States."
The FBI referred questions to the Justice Department. A Justice Department spokeswoman did not return calls.
Access via U.S.
More than 80 percent of Internet access points in Asia, Africa and South America are connected through U.S. cities, according to Jessica Marantz of the Internet statistics firm Telegeography.
So, for example, an e-mail sent between two cities in China probably would travel through the United States -- putting its contents under American jurisdiction.
The Justice Department pushed for the legislation as a way to fight terrorism, and American interests overseas could be protected by the change.
But the change in law creates a precedent that could be used to prosecute any computer crime, Rasch said, from basic data theft to sending pornographic pictures. Current law already allows pornography prosecutions in any jurisdiction the pictures pass through, but this has not yet been applied on an international scale to Internet transmissions.
For example, an owner of a pornography Web site in Sweden might be prosecuted for sending a racy picture to a friend in Norway if the message happened to travel through a computer in Fairfax, Va. In that case, a U.S. prosecutor could try to extradite the sender and prosecute him for breaking Virginia law, using Virginia's standards for obscenity.
"We haven't done that yet, because it's an affront to the way the Internet works," Rasch said. "But now we're criminalizing anything that happens over the Internet because traffic passes through the United States."
"What it basically says is that we will impose our values on anything that happens anywhere in the world provided it passes through our borders," he said.
FBI agents complain about the difficulty of computer crime investigations that almost always venture overseas, requiring time-consuming search warrants at every step and the cooperation of foreign governments. They also are frustrated by offshore pornography and gambling Web sites, accessed by Americans, that are legal in their own countries.
David Sobel, general counsel of the Washington-based Electronic Privacy Information Center, said the change is particularly troubling when coupled with powers to send federal agents overseas to abduct and bring back suspects for trial.
"It is a significant expansion of U.S. jurisdiction with respect to so-called cybercrimes," Sobel said. "It was enacted under the guise of counterterrorism, but it is in fact applicable to all types of crimes."