A View from Rachel Metz
Twenty-Five Years in Prison for Helping Hackers? Seriously?
A maximum sentence of 25 years for enabling hackers to vandalize a news website is totally nuts.
Yesterday, the U.S. Department of Justice announced that it indicted Matthew Keys, 26, Reuter’s deputy social media editor, for allegedly enabling some members of hacker organization Anonymous to hack and change content on the LA Times website back in 2010. The possible maximum sentence he could face if convicted? Twenty-five years in prison.
According to the DOJ, Keys was charged with “conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer and attempted transmission of information to damage a protected computer,” after he allegedly offered Anonymous members login details for a Tribune server in December 2010—shortly after he was fired from his job as Web producer at Tribune-owned TV station KTXL Fox 40 in Sacramento, California. The DOJ contends one or more Anonymous hackers then used the login information to change a story on the website for the Los Angeles Times, which is also owned by Tribune. You can click here if you’d like to read the entire indictment.
My immediate reaction is the same as many others: Wha?!
This case, along with the case of Aaron Swartz (which, sadly, ended with his suicide in January), both involve supposed violations of the Computer Fraud and Abuse Act. As this excellent piece on the Electronic Frontier Foundation’s website notes, the penalty for the conspiracy count alone could be as much as five years in prison under this act, which is much steeper than the maximum sentence in California for real-world vandalism.
Even if Keys did everything that he is being accused of, 25 years behind bars seems completely off the wall. Do the investigators and prosecutors know how easy it is to fix a vandalized website? It’s not like Keys or the hackers entered the LA Times office and literally trashed the place, or physically assaulted someone.
Sure, anyone who hacks or aids hackers should be punished. And perhaps the maximum penalties are more scare tactic than realistic threat. But even the possibility is mind-boggling, and should frighten anyone who has even considered making any mischief on the Internet.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today