Summary: Anakata was seized without warning in Cambodia, shoved on a plane, flown half-way around the world, arrested and imprisoned upon his arrival in Sweden under new charges (alleged hacking of 'Logica') and questionable circumstances (including well timed aid donations and high level, out of the ordinary political exchanges) Anakata has been in prison, largely under 23 hour a day solitary confinement which under UN definition may constitute torture. He and his mother have been trying to gain him access to distance education in mathematics, but prison authorities have denied him access to even a graphing calculator. 225MB of bilingual English/Swedish documents have also been released.
Sweden sends aid to Cambodia every year, they did not receive any extra for arresting Anakata.
What you call "solitary confinement" is standard procedure before a trial. This is not considered torture by either the UN or Amnesty International. As soon as the trial is over he'll be transfered to a regular prison and restrictions will be relaxed. He may then study mathematics if he feel like it.
But it's not solitary confinement in that way. You are allowed to see your lawyer, you interact with staff and you are allowed to go outside every now and then.
Isn't a graphing calculator an unreasonable demand for someone who's been brought in on hacking charges? You and I know he couldn't do much with it, but it's a common term of parole for computer criminals to be denied computer use, even for their work. I'm not saying I agree with it, but it seems like a ridiculous point to milk, saying "they won't even let him have a graphing calculator!". They also won't let him have a 286, or a PDP-8, or a smartphone.
Are you kidding me? A graphing calculator unreasonable? You can't seriously think that any hacking could be done from a graphing calculator inside a prison with no Internet connection. He's a hacker, not a goddamn Salem Witch.
I missed this comment a few days ago, but I feel like it's worth replying to anyways:
It's not about hacking, per se. It's about not using computing devices, and it's about convenience for the legal system. If they allow a graphing calculator, should they allow a PDP? Is internet access the limiting factor? Can he send code on a USB key to his teacher?
For a non-technical person to decide where that line is would be very difficult (as a technical person, I couldn't tell you offhand where it stops). 'No computing devices' is easy, and not unreasonable.
Of course, anyone on HN will complain that the legal system needs to be aware of technology. If we get into that argument, every public representative will need to be a painter, race car driver, astronaut and programmer. Because they don't really understand <x> well enough to legislate about it.
> it's a common term of parole for computer criminals to be denied computer use, even for their work.
He's not sentenced. And he's in Sweden (not common to deny computer use in the same way as in the U.S.) I would be interested in finding out on what grounds they are denying him. It's not that I'm too lazy to find out myself, but I'm on a phone and it's a lot of data to look at.
If the investigation was ongoing they could deny him based on risk of tampering with evidence ("kollusionsfara"), I guess. A bit farfetched, but possible. The investigation is finished, is he still being denied access to a calculator?
EDIT: OK, after looking into this a bit I'm guessing BrB 24 kap 5a makes it legal.
I have down-voted you for posting an extremely useless request. If you believe the summary is biased, it's up to you to prove that it is biased and/or provide your own. Requesting one in some strange passive-aggressive manner is not the right way to do that.
I haven't had the time to go through it all, but I tried to gain an overview as to why he was refused distance learning. The main problem is that the official response is missing and I can only find letters from Anakata and his mother, either requesting or appealing the missing decisions.
Side-note, I had no idea that his mother was a professor (emeritus) in linguistics.
If I read this correctly from the "IT security incident report", they had a mainframe on the public internet, with FTP and other common daemons openly exposed. And thousands of user accounts, some more, some less privileged, with access to it.
Instead of debating how "cyberwarriors" can attack our public infrastructure and how we need to add new human rights violations to curb it, I think we need to institute exponential fines for companies that have failed in employing even very basic security principles.
Now, while I agree with you that we better preserve civil rights, being stupid and forgetting to lock your front door certainly isn't a crime. However, opening said door and copying sensitive documents certainly is, no matter how dumb it was of the owner to not lock the door in the first place.
What I think we need is public disclosure of who had their data leaked and to make sure that the ToS can't cover "loosing" the data. Then at least we could have a class-action lawsuits and make sure that the incentives push companies towards securing their damn infrastructure instead of relying on insurance coverage and public ignorance.
the unlocked door analogy makes no sense in a business context.
Businesses have a legal obligation to secure private information of third parties (you and me).
If I, as an individual, choose to leave my doors unlocked, that's my prerogative, but if it endangers the security of those that depend on me, then that's my responsibility to take the fall if thieves rob my house.
Exactly. If I own a bank, and keep a shed with all my money in it, with no padlock, and someone robs me, I'm going to prosecute them to the fullest. Meanwhile, I'm just as guilty for failing to secure the holdings of my customers.
Now, what happens if instead of robbing, someone informs me, "your vault (shed) is highly vulnerable, you need to fix it." Right now, businesses say, "Ha! That's theft! You're going to prison, and you probably stole some money too!"
The problem is not with the hacker, but with the system.
>being stupid and forgetting to lock your front door certainly isn't a crime.
It's sidewalks all over again. If I have sidewalk and I don't make it safe for people to walk on, I am liable. No different with security, companies have a responsibility.
You are not liable. At least not according to most laws in european countries. It may be different in the US though.
If you don't make your sidewalk safe for people and someone breaks his neck because of that you are only liable if it was not obvious that the sidewalk was not safe. For example: If there is ice on the sidewalk it is obvious that it is not safe to walk on.
Same is true for a wet floor in the supermarket. Even without a sign saying "DANGER" it is obvious that it is dangerous to walk over the wet floor fast.
In most european countries not removing the ice from your sidewalk can only be punished with a monetary fine. But it has nothing to do with paying for other peoples injuries.
If there is 0 F outside, snow, dark, icy sidewalks and you are going outside acting like it is summer and you fall down it is your own fault and nobody except you is liable for that. I think we agree here.
I can only talk about the German court system in detail but usually cases where somebody breaks his arm because of an icy sidewalk do not even end up in a court room. For a sidewalk to be icy it has to be cold. If you are going outside, it is cold and your are acting like it is summer (even without snow, it being dark, ...) you are the one who fell and nobody is liable for that. It is common knowledge that you should be careful.
This is at least how it works in Germany and in many countries in Europe.
If it's a company's own data, then fine. But if they take my personal data and then expose me to risk by showing it to any passer-by, they should face criminal charges.
In that case, say goodbye to the Internet. Running any website with user accounts would be untenable if you can go to jail just because somebody found yet another Rails 0-day.
The evidence looks pretty strong to me, but I am not an expert in any way. Anakata's encrypted files (which the police did manage to decrypt) and plenty of IRC and server logs among other things.
A quick overview of the investigation suggests to me and the Swedish police did a pretty damn thorough job investigating. The IRC logs start at page 435 in the FUP, though they are mostly in Swedish.
As far as I can tell, the investigators have very solid evidence and going to the length they did to arrests anakata seems reasonable. That is not to comment on his time as 'häktad'.
The investigation was fine. Its everything else that aren't. I can't see how you can support the claim that the length they did to arrests anakata was reasonable.
The use of counter terrorists personal and facilities. Three months in solitary confinement. Lies given to the defendant mother and the denying of her request for information regarding the whereabouts of her son. The lies to media about why he was extradited. The denying of lawyer. And last, the restriction to talk to his family members (and lawyer) for several days/weeks.
Had this been a non-political matter, then it would had been a regular case with regular results. It wouldn't been a blimp on the HN radar. Sadly, because of how it was handled, its now a mess.
I have not read about how the extradition was handled (counter-terrorism things that is, in which document is that?).
The three months wasn't strictly solitary as far as I can tell but it gets spun to all hell every time 'häkte' is mentioned so I don't know what is true or not. Somehow the fact that he can't get a graphical calculator is more important than what he is accused of. If that is not spin I don't know what is.
As for the lies to the media, denying lawyer etc; sources? There is so much newly released data so I don't know where to look to find it so an indication in the right direction would be helpful.
Lastly, the matter is political because anakata, and the others, allegedly released a lot of protected identities, hacked government related services as well as a bank. The identities are protected for a reason (police, domestic violence, witnesses and so forth). This is a very high profile case with influential interests on both sides (TPB/Wikileaks supporters on one side and Swedish govt/Nordea/Logica on the other), thus it appears on HN.
Edit: I forgot, if it is indeed the case that he has been treated in ways that are not up to scratch with what we expect from countries with respectable rule of law then that is of course worrying and will hopefully come to light during the trial, or afterwards.
While I normally applaud the asking for sources, when the main article has both base data as well as linked blogs, some expectation of honest attempt of self-research is expected. However, here is some short number of links. More could probably be found if I was really digging.
I would add that sweden do not have solitary treatment as an separate thing. It has 'häkte' with additional restrictions. In this case, the additional restrictions meant no talking to other prisoners. One hour per day of rest outside the cell, but strictly alone. One hour of visitation for the family per week, through only if the police had time. If that can be translated to the US version of solitary confinement is up to the reader to decide.
They initially claimed that he was deported because of a revoked passport. Once in Sweden, they changed their tune. Saying something in false pretense, then changing it once the circumstances is more favorable is the definition of a lie.
Last, I would like to add that this is likely not to effect the trial. Swedish law do not address those kind of circumstances when determining guilt. If Gottfrid Svartholm lawyers brings it up, it could be an argument for lowering any sentence but other than that, its unlikely to be even brought up.
