The full text of the US Government indictment against Babar Ahmad (.pdf), the British IT support person at Imperial College in London, who is in the process of being extradited to the USA, rather than being put on trial here in the UK, makes interesting reading.
It seems to show that Babar Ahmad paid for and administered the "Azzam Publications" website, hosted in the USA, which ran a bulletiin board discussion forum, in which alleged Islamic fundamentalists discussed support for the Taleban in Afghanistan and the groups fighting for the independence of Chechnya from Russia.
It is hard to see how any of this was illegal in the UK, or even the USA, back in the late 1990's, before September 11th 2001.
Neither the Taleban nor the particular group of Chechen rebels were proscribed terrorist organisations at the time. Even today, for some unfathomable reason or other, they are not on the list of proscribed terrorist groups published by the Home Office i.e. it is not illegal to support them with money for "humanitarian relief" or "charitable" purposes etc.
There is nothing in the indictment which alleges that the Azzam Publications website actually collected any money online through credit cards, PayPal etc. or that any that Babar Ahmad was actually sending any money to Chechnya or Afghanistan himself.
There may well have been illegal activities by the people who used the Azzam Publications website and email accounts e.g. someone actually in the USA (not Babar Ahmad himself) sending money to Afghanistan, which was under economic sanctions put in place by President Clinton in 1999.
It is clear from the indictment, that despite Babar Ahmad working in IT support, he did not hack in to US Navy systems to obtain a classified US Navy document, as some of the media hype has given the impression.
The "accurate", but rapidly out of date information, circa April 2001, in his possession about the composition of a "US Navy battle group" patrolling the Persian Gulf, and its continued vulnerability to attacks like that on the USS Cole, came, apparently, from some emails from an "enlisted serviceman" on a US Navy warship, the USS Benfold. The fate of this individual, is deliberately not made clear in the indictment. Is he now being held in Guantanamo Bay without trial or is he facing a proper court martial ? Was this all a false "intelligence" entrapment operation, or an amateur attempt to try to contact Islamic fundamentalists by a bored US Navy serviceman ?
If this "US Navy enlisted serviceman" is not available to be questioned in person as a witness in court, then any charges against Babar Ahmad regarding this alleged "Naval intelligence" must be unfair, since an email can be so easily faked, even one in which was allegedly sent from the actual USS Benfold itself, hardly the action of a trained spy or terrorist.
Why did the UK and USA authorities not simply continue to monitor the website and email traffic rather than arrest Babar Ahmad ? After all, this had already uncovered a security risk on active service aboard a US warship.
The interesting part of the indictment, from the point of view of those people like ourselves who value our privacy is the use of Pretty Good Privacy (PGP) encryption by Babar Ahmad.
It seems that a PGP private signing keyring and a public encryption keyring were recovered from Babar Ahmad's computers seized in his office at Imperial College.
The indictment tries to paint the use of a PGP keyring and digital signature with respect to the domain registration details for the Azzam Publications website as something sinister, when in fact it is a standard security feature used to prevent the hijacking of .com domain names by people who forge faxes , letterheads and emails, purporting to come from the true owners of a domain name.
There is no mention in the indictment of any actual PGP encrypted emails to and from Babar Ahmad.
There is mention of a PGP Disk volume, which seems to have been decrypted and deleted directories and files recovered, which were postings and pages which had been published on the Azzam Publications website using the website design and upload tool Dreamweaver i.e. they had already been made public to the whole internet.
There is no mention of whether or not Babar Ahmad supplied the PGP passphrase to decrypt the PGP Disk volume or if brute force or dictionary attack or other methods were used.
The legal situation regarding the seizure of encryption keys in the UK is still unsatisfactory, because, even though this area is addressed in Part III "Investigation of electronic data protected by encryption etc." of the Regulation of Investigatory Powers Act 2000, this part of the Act has still not yet been brought into force, nearly 4 years after it was passed into law.
Given that Babar Ahmad was arrested in December 2003 under the Terrorism Act, and was released without charge, is this extradition to the USA simply an exercise in "jurisdiction shopping" in order to convict a British citizen of activities which are not actually illegal in the United Kingdom ?
We do not support either the Taleban or Chechen rebels, but they do not really represent a military or terrorist threat to the United Kingdom, a view which seems to be borne out by the Home Office, which does not bother to list them as proscribed terrorist organisations.