Reuters Editor Faces 10 Years In Prison Because Vandalism Is A Federal Crime When It Involves Computers

from the don't-do-that dept

In what seems like a pretty cut and dry case, Reuters editor Matthew Keys has been indicted for letting some hackers into the content management system of his former employer, Tribune, after he was fired. Barring a case of mistaken identity (and if that defence were raised, things would get interesting) it doesn't look good for Keys, as the indictment includes some damning IRC chat logs:

According to a federal indictment first obtained by the Huffington Post, Keys used a chat site to pass information to Anonymous. Using the name AESCracked, Keys handed over the login credentials and told hackers to "go fuck some shit up", the indictment says.

The hacker accessed at least one Los Angeles Times story and altered it, the charges say.

On the one hand, when compared what happened with Aaron Swartz, this is a step in the right direction. We're not talking about someone with positive intentions who walked the line between hacking and innovation, but someone who acted with obvious malice. But on the other hand, this highlights the big problem with federal hacking laws. The damage amounted to little more than inconvenience for a system administrator, making this essentially a case of small-scale vandalism—but because it involves computers, it's elevated to a federal crime. This really makes no sense. Computers and the internet are present in every part of life today, and computer crime can happen at every scale. In this case, it was the sort of reckless but small act of spite that would result in a much less serious punishment if it didn't happen online, and if it didn't allow the government to place Anonymous in the villain role of another story.

The case against Keys looks strong, and I'm guessing it will end with some sort of deal for a lesser punishment—possibly in exchange for information about other hackers. The real penalty will be the damage done to his career by this breach of trust (which further highlights the pointlessness of trying to put him in jail), but the biggest takeaway is that federal computer crime laws are in serious need of reform. Elevating the severity of simple crimes because they involve what is now one of the most common tools in the world is a senseless imbalance of justice, and makes it much harder to identify and combat serious crime online.

Filed Under: anonymous, cfaa, hacking, matthew keys, vandalism

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Duane, 15 Mar 2013 @ 10:29am

    Someone is confused...

    1- Keys didn't do any vandalism. He gave up his credentials to an unknown third party. He had no say or control in what they did. It's like he was fired from a job where he had keys to a building, and he handed those keys to the fist gangbanger he saw on the street. He didn't vandalize the shop, but he does bear some responsibility.

    2- No "hacking" occurred here. Unauthorized access, sure, but that's not "hacking." To use my analogy above, once you're given the key, you don't have to "Break and Enter."

    3- Shame on the IT and HR staffs at Reuters for not having a solid employee termination procedure in place, and following it. I work for a very small company, but we always ensure that people's accounts are disabled or passwords changed before they come out of the firing meeting.

    4- I agree that the punishment needs to fit the crime. The question is, what fits? It's like we have someone who has released a tiger onto a city street, but the tiger just took a nap under a shady tree, and was recovered without harm to anyone. Do we punish him harshly, because the tiger was capable of maiming and killing the dozens of people in the street, or let him off with a small fine and a warning, because nobody was hurt? Keys gave is password up, so he had no control over what was done. They could have filed plausible stories which would alarmed the public and caused a panic. (War of the Worlds, anyone?) That's extreme, but they certainly had more potential for harm than they ultimately caused.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.