Matthew Keys Gets 2 Years In Jail For 40 Minute Web Defacement He Didn't Even Commit
from the punishment-fitting-the-crime? dept
The latest in the Matthe Keys case is that Keys has been sentenced to two years in federal prison for his involvement in a minor incomprehensible web defacement of an LA Times story that lasted for all of about 40 minutes. The prosecution was asking for 5 years, while Keys’ lawyers asked for nothing more than probation. As we noted, the whole thing seems fairly crazy. It is entirely possible that Keys acted like an immature jackass regarding his former employer, but the actual case revolved around a single action: the claimed sharing of login credentials for the content management system of the Tribune Company, which another person (who is apparently known to law enforcement, but has never been charged with anything) used to do a minor defacement of a single story to have the headline read: Pressure builds in House to elect CHIPPY 1337.
This minor defacement was up for about 40 minutes before being taken down. When the government tried to add up the damages, the Tribune Company at first admitted that there were basically none.
Either way, the government needed the number to be at least $5000 so it could use the CFAA (Computer Fraud and Abuse Act) against Keys. From the sound of things at the sentencing hearing (mainly via reporter Sarah Jeong’s excellent tweets), the judge initially did sound fairly skeptical about the government’s arguments, but eventually went with 24 months in prison. Somewhat incredibly, someone from the LA Times even presented that this minor bit of digital vandalism was “an attack” on the entire journalism field, and since there’s already difficulty in figuring out what news is real, this was a true threat to credibility for journalism as a whole. Really, now?
The prosecution also apparently whined to the judge that Keys has been talking publicly about his case, which, last I checked, is protected free speech:
Prosecutor does not like that Keys has been tweeting and giving interviews as follows pic.twitter.com/jdG5eUHkC2
— sarah jeong (@sarahjeong) April 13, 2016
And, really, that’s the crux of the issue here. For everything that Matthew Keys was accused of doing — and some of it was undoubtedly obnoxious — the single thing he was charged with was violating the CFAA by distributing a username and password. And he’s now been sentenced to two whole years in jail for that. How in the world does the punishment here fit the crime? As David Graham noted, this is basically the same sentence (actually slightly longer) that the “affluenza teen” received on the same day for killing four people while driving drunk. Or, as Adam Steinbaugh notes, Keys will end up spending about 18 days in prison for every minute that the LA Times defacement (which, again, he didn’t actually do) remained online.
Matthew Keys will spend ~18 days in prison for every sixty seconds that the LA Times said Chippy 1337 might pass in the House.
— Adam Steinbaugh (@adamsteinbaugh) April 13, 2016
Filed Under: cfaa, cfaa reform, defacement, doj, jail, matthew keys, vandalism
Companies: tribune company
Comments on “Matthew Keys Gets 2 Years In Jail For 40 Minute Web Defacement He Didn't Even Commit”
Said to the tune of the world's smallest violin
Somewhat incredibly, someone from the LA Times even presented that this minor bit of digital vandalism was “an attack” on the entire journalism field, and since there’s already difficulty in figuring out what news is real, this was a true threat to credibility for journalism as a whole.
Yeah, you want ‘attacks’ against the credibility of journalism as a whole, you don’t have to look any farther than the pathetic jobs the major ‘news’ groups do. Changing the title of an article for 40 minutes is a joke, but not nearly as big a one as the ‘standard’ reporting you get these days from most of the major news agencies, which seem to care more about getting attention than accuracy.
Re: Said to the tune of the world's smallest violin
Completely Agree, I rather like how John Oliver does his news, and I do not even agree with his leftist politics, but he is doing a much better job then just about anyone else.
Re: Said to the tune of the world's smallest violin
I am better informed from reading Techdirt then watching Fox “News.”
Re: Re: Said to the tune of the world's smallest violin
Some could argue that you would be better informed reading The Onion then Fox News.
Re: Re: Said to the tune of the world's smallest violin
You’re better informed by watching and reading nothing than you are watching Fox News.
Re: Re: Re: Said to the tune of the world's smallest violin
Ah, I left out the link: http://pllqt.it/1oxoO2
Re: Re: Re: Said to the tune of the world's smallest violin
Yea, I notice a lot of folks hate on Fox for what is essentially the same accuracy problems as the rest.
Is there a particular reason to single out Fox? I mean… pot calling kettle black much? O yea right, accuracy and honest does not matter to you guys, just the direction of spin amiright?
They all suck, and to a degree that is very difficult to even figure out which one lies more or less, which only leaves the direction of spin to bitch about, and thus we arrive at the truth!
I like John Oliver, not because of his direction of spin, I do not like the direction, but because he seems to provide far more factual data and information than many other sources that I pay any attention too… That and the humor factor seems to help a lot too!
Re: Re: Re:2 Said to the tune of the world's smallest violin
Because it is more fun to call them Faux News, Fox “News,” Faux News Entertainment, etc.
“Accuracy problems” Thats cute. Like the time when CNN had 2 “reporters” on “location” different ones mind you, and the same cars could be seen in background driving by?
Call the Letter media syndicates what they are. A government propaganda machine.
Re: Re: Re:2 Said to the tune of the world's smallest violin
“They all suck”
Agreed – some more than others and it varies, but Fox is rather consistent. Personally I like the Fox News pie charts, frequently they add up to over 100%.
Re: Re: Re:2 Said to the tune of the world's smallest violin
Yea, I notice a lot of folks hate on Fox for what is essentially the same accuracy problems as the rest.
Did you read the quote Tom Betz linked to? Fox News’ accuracy problems are more severe than the rest, as indicated by the fact that theirs are the only viewers who actually did worse on a news quiz than people who don’t watch any news. Their news is literally less informative than no news at all.
Re: Said to the tune of the world's smallest violin
Getting attention or serving some corporate owner’s business interests.
can someone explain why it is far more important to get a conviction than to get what the prosecutors are employed to do, ensure JUSTICE prevails?
even worse, it threatened journalists ability to do their job and worse still is another win for those who are trying every trick they can think of to make the USA a police state! what else would you call a country’s legal system that allows cops to slam kids into concrete, face first, kill black kids with multiple shots for doing nothing other than ignoring cops and then get people imprisoned for trying to put back into the USA what it was supposed to stand for, above all other things, FREEDOM??
Re: Re:
In the US, Freedom is a right only the entitled have. Everyone else gets to live in pseudo freedom that is enforced by a justice system that likes to see how many years they can attach to petty crimes.
I even think they over estimated the $3600 it took to fix the problem if it was only up for 40 minutes. Pretty sure if it cost that much for every typo and mistake news companies made, they would all be bankrupt within a year.
Re: Re: Re:
A Better Explanation
There are multiple forces associated with the loss of freedom in America.
#1. A wholesomely ignorant, unwise, and willfully deceptive citizenship. Most might say they support the Constitution but you will find frequent assaults on the 1st & 2nd Amendment by the left and the 4th & 6th by the right. The efforts of both sides generally only result in weakening rights globally and at best only slowing the erosion being caused by the other side.
#2. Standard Police State mentality. The natural flow of government is to Tyranny, instead of stopping or slowing it, the Americans are only helping it gain.
#3. Corporate Prisons. The more prisoners, the more the prisons make money, therefore they have a very Social and Economic interest in making laws the put more people with politics they don’t like behind bars where they are ‘literally’ paid to imprison & bully the people they hate.
Number One has been, and will always be the biggest problem brought on by revisionist history and a sickening desire by American citizens to harm their fellow man over politics. Most people only care about their own liberty, and never recognize that to have liberty in the first place requires protecting others before yourself!
Re: Re: Re:
Many are discovering they have no rights at all when those in charge want to make an example of them.
In reality barely any citizen has any rights in America when their government acts unlawfully constantly. They just assume they have rights and defend their criminal government’s actions until of course they are targeted.
Re: Re:
Re: Re: Re:
[Sad but True]
“You violated company policy, you’re fired. Wait, you violated company policy ON A COMPUTER?!?! THROW THIS MONSTER IN PRISON!”
Now the world is a safer place. /s
Look, I get the whole “way out of line” point of the article, but I’m going to be the one who sides on “justice” in this case: it could have been worse.
In fact, had Keys been given the chance to turn over credentials of a higher power within the organization, would he have?
The realization this was only “graffiti” is noted, but he deserves much more than 2 years in prison.
He gave away credentials to a network with the sole intention of watching someone else perform the abuse.
No offense, but I can’t imagine anyone at Techdirt would be “Oh, it’s okay Tim, we fully understand you gave away credentials as a joke to see what someone would do to our site” with a laugh and a hug.
They’d be pissed. So would readers, when it’s discovered why the site suddenly turned all TMZ (or worse!) on them.
Keys admitted he turned over the credentials to Anonymous.
Guilty. 10 years. Minimum.
Because in this day and age, he did commit fraud and abuse via computer.
Be thankful it was only for the website.
What about the next person who gives credentials to Anonymous for banking info? Let them off with a hug too?
Re: Re:
Thats it my pretty. Yes. Yes.
Re: Re:
This shouldn’t even be a crime. It should be a matter of contract violation and thus open him up to getting sued, not arrested. When you violate an NDA, you get sued, not thrown in jail.
And that’s almost exactly what happened here. This guy knew a secret that he’s not supposed to tell anyone, but he told some one. But because that secret was ON A COMPUTER of a sudden that gets him thrown in jail? What the fuck?
Re: Re:
So punishment should not fit the crime?
We cannot punish people over “Potential” damages. It never ends.
We need to only punish over proven damages.
Get real and figure out your logic is what is bringing us down the road to hell!
Re: Re:
So if giving credentials is worth 10 years, speeding must be worth 100 years, as you could potentially kill many people with a car, hell owning a car should get you 25 years as it has the potential to kill multiple people.
Ever told someone a secret? That has to be worth 20 years.
Drinking and driving? Death sentence.
Robbing a store, does more harm than you could ever imagine – life.
Re: Re: Re:
How about posting foolish and tyrannical bullshit on a forum where someone might take it to heart, become a tyrannical leader and ruin entire economies? What should be the punishment for that?
We need to try and put Violynne state prison before it posts again! The Potential Damage from this persons speech might cause a riot and get people murdered! We can’t have that!
Re: Re:
I get where you’re coming from, Violynne, but we need to punish people for what they actually do, not for what the others involved MIGHT have done.
As you correctly inferred, Keys is being punished thus to Set An Example, not because he did something that even resulted in Bad Things Having Occurred. Where we differ is on whether this is appropriate or not. I say it’s not because Keys is only responsible for what Keys does, not for what anyone else does, however heinous they are. And bearing in mind that nothing bad happened, probation should have been the most punishment he got.
Perhaps the newspaper should be prosecuted
All of Key’s login credentials should have been revoked the moment his employment was terminated. Not doing so demonstrates a cavalier attitude toward security on the part of the newspaper.
I suppose the CFAA makes it illegal to share a password as Keys allegedly did, but the CFAA is just a law and it does nothing to actually protect a system from unauthorized access. (Just as most gun laws do nothing to prevent criminals from using guns.)
The duration of the crime (how long the defacement lasted) really isn’t relevant in many ways. The hack happened, and that is that. It would be like breaking into a house – 1 minute or 1 hour would be the same thing, because it’s the breaking into the house that is relevant.
Re: Re:
But breaking into a house and not taking anything or harming anyone is just trespassing, where there are much harsher punishments for burglary and assault with a deadly weapon. Your analogy fails.
Re: Re:
Whatever
Re: Re:
Except that he wasn’t charged with hacking the site. He was charged with sharing his login credentials. That’s like me giving you a key to the apartment I just vacated and you used the key to get into that apartment and trash the place.
Re: Re: Re:
“Trash the place”?
The who got prosecuted wasn’t even the guy who “trash[ed] the place”.
It’s more like, you giving a key to some one else and they use it to put up a sign in the window facing the street that says “Trump 2016”.
Re: Re:
Except, nimrod, is that he had a key to the house and used it for many years. And when the owner had him leave, he didn’t get the key back nor changed the locks, DERP!
Re: Re:
Your analogy isn’t quite complete – in terms of the credentials he used, it would be like breaking into a house where the door was left wide open.
It doesn’t take nearly the same effort, and once you reported it, the cops would (and rightfully should) call you a fucking idiot who deserved it.
To quote Gunnery Sgt Hartman: “If it weren’t for dickheads like you, there wouldn’t be any thievery, would there, Private Pyle?”
Re: Re:
And could you guess who would side with the overbearing assholes again?
...and what about
the incompetent asshat in IT who didn’t deactivate Keys’s credentials upon termination of his employment?
Does anyone know if this threat to journalistic integrity still has a job?
Re: ...and what about
As one of those IT people. I would like to say the HR department doesn’t always inform you that someone has been terminated.
Re: Re: ...and what about
Fair enough…I’m perfectly fine with revising my statement (if it’s found that the problem is HR-related instead of IT-related) to:
…and what about
the incompetent asshat in HR who didn’t notify IT immediately to deactivate Keys’s credentials upon termination of his employment?
Either way, there’s a lack of security policy in place for a large organization, which resulted in the hacker’s ability to reuse the credentials, and I don’t see anyone faulting anyone at the Tribune for the fuck up.
They should know better, given how what happened is such a threat to journalistic integrity, according to the LA Times.
Re: ...and what about
You know what? In a big organization, it sometimes takes days or even weeks before HR gets around to actually spreading the news. OFten enough, they never spread the news and users get removed when you do a username audit (not often enough, apparently).
It’s not like the guy gets fired and calls IT to let them know…
Re: Re: ...and what about
Presumably, the employee had some sort of badge that is used to gain access to the building. It’s a solid bet that the badge was promptly deactivated. There have been cases where that didn’t happen, but companies tend to be careful about that nowadays.
It should be an automatic part of the badge deactivation process that all logins (and phone system access codes, etc.) are disabled as well.
Re: Re: ...and what about
You know what? In a big organization, it sometimes takes days or even weeks before HR gets around to actually spreading the news. OFten enough, they never spread the news and users get removed when you do a username audit (not often enough, apparently).
I don’t know any medium to big organization that does not have a fairly complete and comprehensive termination procedure set up that shuts down all such access. The idea that the Tribune Company would not have that is corporate malpractice. That’s stunning.
Re: Re: Re: ...and what about
Agreed. Is it not reasonable for HR to immediately email IT to advise that the employee has been terminated, please remove all access, etc.?
Remember that worker who wrote a blog post about how much she was struggling on her low paycheck? Shortly after it appeared, she had no access to her work email any more. Game over.
Whether that was actually fair or not (we can argue about this later) is not the point; when Yelp/subsidiary fires someone, they lose all access. That the Tribune company didn’t revoke Keys’s access says their HR and IT departments aren’t communicating with each other. That’s a problem at any level.
Re: Re: Re: ...and what about
Nuh-uhh! Whatever says otherwise! You must be wrong!
Re: Re: ...and what about
it sometimes takes days or even weeks before HR gets around to actually spreading the news
It’s not like the guy gets fired and calls IT to let them know…
So poor security practices. Just like I said.
Since they have more to lose, being such a big organization and all (including “journalistic integrity”) if it isn’t important to them to take the proper measures when an employee is fired, they deserve what they got.
Seems about time to cut the other cord as well.
What about Andy Samberg's HBO Password sharing on TV?
I’m a full supporter of Matthew Keys and let me remind everybody, that on September 2015, Comedian Andy Samberg of Saturday Night Live fame, while hosting the Emmy Awards on Fox Television, he made a monologue about HBO allowing users to share their login credentials without paying for Cable TV services.
There is a video where it clearly shows Samberg telling audiences, while showing on screen, the username “Khaleesifan3@EmmyHost.com” with “Password1” below. Samberg said “Go out of town and watch Game of Thrones… HBO doesn’t care, they said so on the record…”
Like if you are telling me, the password sharing is a crime, but is OK when big celebrities tells you otherwise? Wow #DOJ! The injustice will not prevail. As of this, I stopped reading all Tribune content, including the Orlando Sentinel and will not watch WGN TV or Antenna TV.