A British hacker facing decades in a US prison has called for reforms to cyber crime laws and issues of jurisdiction after waiting two years for details of allegations against him.
Lauri Love, a student from Sussex, has been arrested twice — in October 2013 by the National Crime Agency, and last July — to start extradition proceedings in three US courts.
The FBI and Department of Justice allege Mr Love, 31, was involved in hacking into government agencies including the US Army, Nasa, the Federal Reserve and the Environmental Protection Agency. The indictments cite evidence that Mr Love used pseudonyms to talk about the hacks in online chat rooms.
“I have not been charged [in the UK] so I have not been able to see evidence against me,” Mr Love said.
“Because of how extradition law works, the US doesn’t have to prove anything … The issue of jurisdiction becomes complicated with the internet. Where does the crime take place?
“We have 1980s laws and 1980s understanding of technology. We need to revisit these laws.”
This month, Mr Love won a victory over the National Crime Agency when a judge agreed he did not need to hand over the encryption keys to his computer.
The NCA said it needed access to the hard drive to find evidence but Mr Love said widely used encryption software should not reverse the basic presumption of innocence. The NCA has held his computers since 2013.
“If they charged me then I might have assisted them but there were no charges and I am facing extradition to the US,” said Mr Love, who lives mostly with his family.
“They have to decide whether there is enough evidence on the computer to be charged. Then great, I will be prosecuted in the UK. If there is no evidence then I should just be returned the computer and I can get on with my life.”
The NCA said: “As court proceedings are ongoing we cannot comment further.”
Next month Mr Love will hear whether the US has been successful in its attempt to extradite him to face charges. This is a particular worry for Mr Love, who said he “would rather face a murder charge in the UK than a computer charge in the US because I know at least I would get out in 20 years”.
“In the US the evidence doesn’t really matter because your chances of winning if you try to plead innocent are so remote and so costly,” he argued.
Fighting a court case in the US would be impossible, he said, pointing out that his parents had sold their mobile home to help cover the original £5,000 bail. The most recent hearing in the UK against the NCA was fought by barristers working pro bono.
“Even if I could afford to pay an attorney long enough to go to trial in New York, it might take three-four years and cost me $100,000. And then they can just take me to the next jurisdiction. So they can ruin the next 10-15 years of my life and bankrupt me for ever.”
The electrical engineering student at Sussex University is part of a Hacker House, a centre for hackers to work together to build cyber skills and develop security consulting services for companies.
Companies underestimate the risk of cyber attacks, he said, mostly because people do not realise that computers need to be constantly updated to deal with threats.
But he argued that risks are not best addressed by increasing penalties for hacking but by working in schools to channel pupils’ efforts into more productive uses of their skills. He likened the war on hackers to the war on drugs — where scare tactics ultimately did not work.
The level of expertise used in the TalkTalk hack was “not high”, he said, pointing to this as an example of young people being led astray.
Mr Love offered to work with the government and police forces to help tackle cyber crime after his case has been resolved.
“I don’t think we can afford to have the rivalry between the hacker and the state … No one wants terrorists to be able to recruit kids who could be directed towards fulfilling careers in information technology. If we don’t address this we are heading for all sort of chaos.”