Local Journalist Could Face 25 Year Prison Sentence for Defacing LA Times Website

Yesterday, a jury in Sacramento found local journalist Matthew Keys guilty of computer hacking, the long-awaited denouement of a case that began in December 2010.

[jump] That’s the year Keys, who’d recently left employment at KTLX in Sacramento (KTLX says he was fired, Keys claims he left on his own), allegedly leaked log-in credentials of the Tribune Media Company’s CMS (content management system). The hacker collective Anonymous used these credentials to access and “deface” an article on the Los Angeles Times’ website, inserting mostly nonsensical language in a story about senate tax cuts. Although the corrupted article was live for only 40 minutes, the prosecution argued that it caused nearly a million dollars in damages.

But court documents revealed that the Tribune spent nearly $18,000 for the 333 hours employees spent responding to the hack, as The Guardian reports. Keys’ attorneys argued that employees actually spent less than an hour restoring the article, and the cost of doing so fell below the $5,000 required to qualify the incident as a felony.

Keys denies leaking any passwords.

As Sarah Jeong points out at Motherboard, the maximum sentence for Keys’ crime is 25 years, but a spokesman for the US Attorney’s office said a five year sentence is more likely.

“It’s bullshit. The verdict is bullshit, the case is bullshit, the charges are bullshit. It’s all bullshit,” Keys told The Washington Post.

US Attorney Benjamin B. Wagner said in a statement, “This was simply a case about a disgruntled employee who used his technical skills to taunt and torment his former employer. Although he did no lasting damage, Keys did interfere with the business of news organizations, and cause the Tribune Company to spend thousands of dollars protecting its servers. Those who use the Internet to carry out personal vendettas against former employers should know that there are consequences for such conduct.”

David Segal, executive director of Demand Progress, a civil liberties advocacy group, issued the following statement:

It’s idiomatic that the punishment is supposed to fit the crime, yet the Computer Fraud and Abuse Act’s penalty scheme remains divorced from the severities of the behaviors it’s been wielded against. Today’s conviction of Matthew Keys is yet more evidence that this needs to be fixed.

With much bluster, the Department of Justice has pointed to the absurd statutory maximal penalty for somebody in Keys’s shoes: 25 years for enabling a harm that entailed changing the words on a website for all of an hour.

So we are witness to yet another abuse of a law that’s used to police online behavior even though it was written in 1986 — years before the World Wide Web was invented.

In 2013, Keys found himself in the crosshairs of another controversy after Reuters, for which Keys was then deputy social media editor, fired the journalist for purportedly posting inaccurate information about the Boston Marathon bombing on his personal twitter account. The union that represented Keys challenged the termination.

Keys, who refused a plea deal in the Los Angeles Times case, says he plans to appeal. He’s due to be sentenced in January.

Tags: , , , ,

Related Stories