Matthew Keys Gets 2 Years In Jail For 40 Minute Web Defacement He Didn't Even Commit

from the punishment-fitting-the-crime? dept

The latest in the Matthe Keys case is that Keys has been sentenced to two years in federal prison for his involvement in a minor incomprehensible web defacement of an LA Times story that lasted for all of about 40 minutes. The prosecution was asking for 5 years, while Keys’ lawyers asked for nothing more than probation. As we noted, the whole thing seems fairly crazy. It is entirely possible that Keys acted like an immature jackass regarding his former employer, but the actual case revolved around a single action: the claimed sharing of login credentials for the content management system of the Tribune Company, which another person (who is apparently known to law enforcement, but has never been charged with anything) used to do a minor defacement of a single story to have the headline read: Pressure builds in House to elect CHIPPY 1337.

This minor defacement was up for about 40 minutes before being taken down. When the government tried to add up the damages, the Tribune Company at first admitted that there were basically none.

After being pushed, they “found” more damages and somehow it turned into nearly a million dollars, by making emails that “cost” $225 and talking about something totally unrelated to this hack — some alleged harassment Key did by emailing people in a database from his former employer. If he actually did this (he denies it), it was a really shitty thing to do, but it also was not what he was on trial for.

Either way, the government needed the number to be at least $5000 so it could use the CFAA (Computer Fraud and Abuse Act) against Keys. From the sound of things at the sentencing hearing (mainly via reporter Sarah Jeong’s excellent tweets), the judge initially did sound fairly skeptical about the government’s arguments, but eventually went with 24 months in prison. Somewhat incredibly, someone from the LA Times even presented that this minor bit of digital vandalism was “an attack” on the entire journalism field, and since there’s already difficulty in figuring out what news is real, this was a true threat to credibility for journalism as a whole. Really, now?

The prosecution also apparently whined to the judge that Keys has been talking publicly about his case, which, last I checked, is protected free speech:

While the judge at least indicated she didn’t care about all that — she still sentenced him to two years in prison.

And, really, that’s the crux of the issue here. For everything that Matthew Keys was accused of doing — and some of it was undoubtedly obnoxious — the single thing he was charged with was violating the CFAA by distributing a username and password. And he’s now been sentenced to two whole years in jail for that. How in the world does the punishment here fit the crime? As David Graham noted, this is basically the same sentence (actually slightly longer) that the “affluenza teen” received on the same day for killing four people while driving drunk. Or, as Adam Steinbaugh notes, Keys will end up spending about 18 days in prison for every minute that the LA Times defacement (which, again, he didn’t actually do) remained online.

And while Keys still maintains his overall innocence, even if he did exactly what he’s accused of doing this sentence is absolutely insane and highlights just how ridiculous the CFAA is as a law — and why it’s so beloved by prosecutors who can use it to go after lots of people for doing really small things.

Filed Under: , , , , , ,
Companies: tribune company

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Matthew Keys Gets 2 Years In Jail For 40 Minute Web Defacement He Didn't Even Commit”

Subscribe: RSS Leave a comment
46 Comments
That One Guy (profile) says:

Said to the tune of the world's smallest violin

Somewhat incredibly, someone from the LA Times even presented that this minor bit of digital vandalism was “an attack” on the entire journalism field, and since there’s already difficulty in figuring out what news is real, this was a true threat to credibility for journalism as a whole.

Yeah, you want ‘attacks’ against the credibility of journalism as a whole, you don’t have to look any farther than the pathetic jobs the major ‘news’ groups do. Changing the title of an article for 40 minutes is a joke, but not nearly as big a one as the ‘standard’ reporting you get these days from most of the major news agencies, which seem to care more about getting attention than accuracy.

Anonymous Coward says:

Re: Re: Re: Said to the tune of the world's smallest violin

Yea, I notice a lot of folks hate on Fox for what is essentially the same accuracy problems as the rest.

Is there a particular reason to single out Fox? I mean… pot calling kettle black much? O yea right, accuracy and honest does not matter to you guys, just the direction of spin amiright?

They all suck, and to a degree that is very difficult to even figure out which one lies more or less, which only leaves the direction of spin to bitch about, and thus we arrive at the truth!

I like John Oliver, not because of his direction of spin, I do not like the direction, but because he seems to provide far more factual data and information than many other sources that I pay any attention too… That and the humor factor seems to help a lot too!

WeTheSheeple says:

Re: Re: Re:2 Said to the tune of the world's smallest violin

Because it is more fun to call them Faux News, Fox “News,” Faux News Entertainment, etc.

“Accuracy problems” Thats cute. Like the time when CNN had 2 “reporters” on “location” different ones mind you, and the same cars could be seen in background driving by?

Call the Letter media syndicates what they are. A government propaganda machine.

nasch (profile) says:

Re: Re: Re:2 Said to the tune of the world's smallest violin

Yea, I notice a lot of folks hate on Fox for what is essentially the same accuracy problems as the rest.

Did you read the quote Tom Betz linked to? Fox News’ accuracy problems are more severe than the rest, as indicated by the fact that theirs are the only viewers who actually did worse on a news quiz than people who don’t watch any news. Their news is literally less informative than no news at all.

Anonymous Coward says:

can someone explain why it is far more important to get a conviction than to get what the prosecutors are employed to do, ensure JUSTICE prevails?
even worse, it threatened journalists ability to do their job and worse still is another win for those who are trying every trick they can think of to make the USA a police state! what else would you call a country’s legal system that allows cops to slam kids into concrete, face first, kill black kids with multiple shots for doing nothing other than ignoring cops and then get people imprisoned for trying to put back into the USA what it was supposed to stand for, above all other things, FREEDOM??

Anonymous Coward says:

Re: Re:

In the US, Freedom is a right only the entitled have. Everyone else gets to live in pseudo freedom that is enforced by a justice system that likes to see how many years they can attach to petty crimes.
I even think they over estimated the $3600 it took to fix the problem if it was only up for 40 minutes. Pretty sure if it cost that much for every typo and mistake news companies made, they would all be bankrupt within a year.

Anonymous Coward says:

Re: Re: Re:

A Better Explanation

There are multiple forces associated with the loss of freedom in America.

#1. A wholesomely ignorant, unwise, and willfully deceptive citizenship. Most might say they support the Constitution but you will find frequent assaults on the 1st & 2nd Amendment by the left and the 4th & 6th by the right. The efforts of both sides generally only result in weakening rights globally and at best only slowing the erosion being caused by the other side.

#2. Standard Police State mentality. The natural flow of government is to Tyranny, instead of stopping or slowing it, the Americans are only helping it gain.

#3. Corporate Prisons. The more prisoners, the more the prisons make money, therefore they have a very Social and Economic interest in making laws the put more people with politics they don’t like behind bars where they are ‘literally’ paid to imprison & bully the people they hate.

Number One has been, and will always be the biggest problem brought on by revisionist history and a sickening desire by American citizens to harm their fellow man over politics. Most people only care about their own liberty, and never recognize that to have liberty in the first place requires protecting others before yourself!

Anonymous Coward says:

Re: Re: Re:

Many are discovering they have no rights at all when those in charge want to make an example of them.

In reality barely any citizen has any rights in America when their government acts unlawfully constantly. They just assume they have rights and defend their criminal government’s actions until of course they are targeted.

Quiet Lurcker says:

Re: Re:

>>can someone explain why it is far more important to get a conviction than to get what the prosecutors are employed to do, ensure JUSTICE prevails?

(sticks hand up)That would be because it’s their job? Prosecutors are – in theory – paid to ensure justice is done. But that carries with it the assumption that they can teach George Washington and Abe Lincoln both a thing or two about honesty and integrity.

Because prosecutors, courts, and cops alike are challenged in the honesty and integrity departments, we get something a little different, namely prosecutors who are paid to get convictions.

>>>even worse, it threatened journalists ability to do their job

Just, no.

>>>….[W]orse still is another win for those who are trying every trick they can think of to make the USA a police state!

I’ll only say that the stunt the FBI pulled with the San Bernardino iPhone, James Comey’s verbal antics surrounding that subject, the NSA’s ‘counter-terror’ programs and the TSA’s security theatre are the far greater threats in that direction.

>>>….[W]hat else would you call a country’s legal system that allows cops to slam kids into concrete, face first, kill black kids with multiple shots for doing nothing other than ignoring cops and then get people imprisoned for trying to put back into the USA what it was supposed to stand for, above all other things, FREEDOM??

Our system of criminal justice as a whole these days seems to be morally and ethically bankrupt. Not saying there aren’t honest cops, judges and lawyers. They’re just really hard to find, especially among the more senior ranks – the management, for lack of a better term.

Violynne (profile) says:

Look, I get the whole “way out of line” point of the article, but I’m going to be the one who sides on “justice” in this case: it could have been worse.

In fact, had Keys been given the chance to turn over credentials of a higher power within the organization, would he have?

The realization this was only “graffiti” is noted, but he deserves much more than 2 years in prison.

He gave away credentials to a network with the sole intention of watching someone else perform the abuse.

No offense, but I can’t imagine anyone at Techdirt would be “Oh, it’s okay Tim, we fully understand you gave away credentials as a joke to see what someone would do to our site” with a laugh and a hug.

They’d be pissed. So would readers, when it’s discovered why the site suddenly turned all TMZ (or worse!) on them.

Keys admitted he turned over the credentials to Anonymous.

Guilty. 10 years. Minimum.

Because in this day and age, he did commit fraud and abuse via computer.

Be thankful it was only for the website.

What about the next person who gives credentials to Anonymous for banking info? Let them off with a hug too?

Anonymous Coward says:

Re: Re:

This shouldn’t even be a crime. It should be a matter of contract violation and thus open him up to getting sued, not arrested. When you violate an NDA, you get sued, not thrown in jail.
And that’s almost exactly what happened here. This guy knew a secret that he’s not supposed to tell anyone, but he told some one. But because that secret was ON A COMPUTER of a sudden that gets him thrown in jail? What the fuck?

Anonymous Coward says:

Re: Re:

So if giving credentials is worth 10 years, speeding must be worth 100 years, as you could potentially kill many people with a car, hell owning a car should get you 25 years as it has the potential to kill multiple people.

Ever told someone a secret? That has to be worth 20 years.

Drinking and driving? Death sentence.

Robbing a store, does more harm than you could ever imagine – life.

Anonymous Coward says:

Re: Re: Re:

How about posting foolish and tyrannical bullshit on a forum where someone might take it to heart, become a tyrannical leader and ruin entire economies? What should be the punishment for that?

We need to try and put Violynne state prison before it posts again! The Potential Damage from this persons speech might cause a riot and get people murdered! We can’t have that!

Wendy Cockcroft (user link) says:

Re: Re:

I get where you’re coming from, Violynne, but we need to punish people for what they actually do, not for what the others involved MIGHT have done.

As you correctly inferred, Keys is being punished thus to Set An Example, not because he did something that even resulted in Bad Things Having Occurred. Where we differ is on whether this is appropriate or not. I say it’s not because Keys is only responsible for what Keys does, not for what anyone else does, however heinous they are. And bearing in mind that nothing bad happened, probation should have been the most punishment he got.

Jeffrey S. Laing (user link) says:

Perhaps the newspaper should be prosecuted

All of Key’s login credentials should have been revoked the moment his employment was terminated. Not doing so demonstrates a cavalier attitude toward security on the part of the newspaper.

I suppose the CFAA makes it illegal to share a password as Keys allegedly did, but the CFAA is just a law and it does nothing to actually protect a system from unauthorized access. (Just as most gun laws do nothing to prevent criminals from using guns.)

Anonymous Coward says:

Re: Re:

Your analogy isn’t quite complete – in terms of the credentials he used, it would be like breaking into a house where the door was left wide open.

It doesn’t take nearly the same effort, and once you reported it, the cops would (and rightfully should) call you a fucking idiot who deserved it.

To quote Gunnery Sgt Hartman: “If it weren’t for dickheads like you, there wouldn’t be any thievery, would there, Private Pyle?”

Anonymous Coward says:

Re: Re: ...and what about

Fair enough…I’m perfectly fine with revising my statement (if it’s found that the problem is HR-related instead of IT-related) to:

…and what about
the incompetent asshat in HR who didn’t notify IT immediately to deactivate Keys’s credentials upon termination of his employment?

Either way, there’s a lack of security policy in place for a large organization, which resulted in the hacker’s ability to reuse the credentials, and I don’t see anyone faulting anyone at the Tribune for the fuck up.

They should know better, given how what happened is such a threat to journalistic integrity, according to the LA Times.

Whatever (profile) says:

Re: ...and what about

You know what? In a big organization, it sometimes takes days or even weeks before HR gets around to actually spreading the news. OFten enough, they never spread the news and users get removed when you do a username audit (not often enough, apparently).

It’s not like the guy gets fired and calls IT to let them know…

John Fenderson (profile) says:

Re: Re: ...and what about

Presumably, the employee had some sort of badge that is used to gain access to the building. It’s a solid bet that the badge was promptly deactivated. There have been cases where that didn’t happen, but companies tend to be careful about that nowadays.

It should be an automatic part of the badge deactivation process that all logins (and phone system access codes, etc.) are disabled as well.

Mike Masnick (profile) says:

Re: Re: ...and what about

You know what? In a big organization, it sometimes takes days or even weeks before HR gets around to actually spreading the news. OFten enough, they never spread the news and users get removed when you do a username audit (not often enough, apparently).

I don’t know any medium to big organization that does not have a fairly complete and comprehensive termination procedure set up that shuts down all such access. The idea that the Tribune Company would not have that is corporate malpractice. That’s stunning.

Wendy Cockcroft (user link) says:

Re: Re: Re: ...and what about

Agreed. Is it not reasonable for HR to immediately email IT to advise that the employee has been terminated, please remove all access, etc.?

Remember that worker who wrote a blog post about how much she was struggling on her low paycheck? Shortly after it appeared, she had no access to her work email any more. Game over.

Whether that was actually fair or not (we can argue about this later) is not the point; when Yelp/subsidiary fires someone, they lose all access. That the Tribune company didn’t revoke Keys’s access says their HR and IT departments aren’t communicating with each other. That’s a problem at any level.

Anonymous Coward says:

Re: Re: ...and what about

it sometimes takes days or even weeks before HR gets around to actually spreading the news

It’s not like the guy gets fired and calls IT to let them know…

So poor security practices. Just like I said.

Since they have more to lose, being such a big organization and all (including “journalistic integrity”) if it isn’t important to them to take the proper measures when an employee is fired, they deserve what they got.

Carol Alfonso says:

What about Andy Samberg's HBO Password sharing on TV?

I’m a full supporter of Matthew Keys and let me remind everybody, that on September 2015, Comedian Andy Samberg of Saturday Night Live fame, while hosting the Emmy Awards on Fox Television, he made a monologue about HBO allowing users to share their login credentials without paying for Cable TV services.

There is a video where it clearly shows Samberg telling audiences, while showing on screen, the username “Khaleesifan3@EmmyHost.com” with “Password1” below. Samberg said “Go out of town and watch Game of Thrones… HBO doesn’t care, they said so on the record…”

Like if you are telling me, the password sharing is a crime, but is OK when big celebrities tells you otherwise? Wow #DOJ! The injustice will not prevail. As of this, I stopped reading all Tribune content, including the Orlando Sentinel and will not watch WGN TV or Antenna TV.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...