Cybersecurity

Is One Act of Cyber Vandalism Worth 25 Years in Jail?

Pedro Rufo / Shutterstock.com

Matthew Keys is in some hot water.

The deputy social media editor for Thompson Reuters was federally indicted Thursday on three counts of conspiracy to hack the Tribune Company, his former employer. If he's convicted, Keys faces up to 30 years in prison and a $750,000 fine. According to the indictment (PDF), first obtained by The Huffington Post's Ryan Reilly, Keys made himself known to a member of the hacking collective Anonymous and offered up login information that allowed Anonymous to change information displayed on The Los Angeles Times.

Keys' indictment is a big deal for obvious reasons, but also because it's the second case this year in which legal action has raised momentous ethical questions concerning Internet crimes. It's impossible to read the potential penalties at stake and not think of Aaron Swartz, the Reddit co-founder and RSS developer who committed suicide after allegedly violating the Computer Fraud and Abuse Act. According to prosecutors, Swartz wilfully committed a massive act of intellectual property theft when he downloaded millions of articles from JSTOR, the online repository for academic research. Swartz' defenders argued that even if he had stolen the content, he hurt nobody -- and therefore the sentence he faced was vastly disproportionate to the nature of the crime.

By most accounts, the prosecutors came away from the encounter looking like the bad guy -- critics charged them with pursuing Swartz to the point of suicide just because they could. The moral issues raised by his case, meanwhile, are still unresolved. That's why Keys' case is so important: the precedents established here will go a long way toward establishing how the Internet functions and governs itself.

What we have here is another potential Swartz-type situation where every incentive is telling prosecutors to go after Keys as aggressively as they did Swartz, if not more so. From the government's perspective, what Keys allegedly did was a Very Serious Crime. Keys' actions resulted in a hacking attempt against a major U.S. company. With Washington newly alerted to the threat of cyber espionage, it's understandable that the government would want to deter network penetrations of all kinds. Deterrence requires stiff penalties -- ones the government isn't afraid to enforce.

Those who would defend Keys might argue that what he did was no more harmful than when Swartz scraped his gazillionth article from JSTOR. Based on the damage he allegedly caused -- indirectly, at that -- what penalty should such a crime deserve? In the next few weeks, expect a public battle over the severity of not just his supposed crime, but of Internet crimes writ large.

Yes, Matthew Keys is in hot water. But how hot will be largely up to us.

(Image via Pedro Rufo / Shutterstock.com )

Threatwatch Alert

Data dump / Network intrusion

IDs of all Serbians Exposed in Attack on State Network

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// December 18
X CLOSE Don't show again

Like us on Facebook