recommended reading

Is One Act of Cyber Vandalism Worth 25 Years in Jail?

Pedro Rufo /

Matthew Keys is in some hot water.

The deputy social media editor for Thompson Reuters was federally indicted Thursday on three counts of conspiracy to hack the Tribune Company, his former employer. If he's convicted, Keys faces up to 30 years in prison and a $750,000 fine. According to the indictment (PDF), first obtained by The Huffington Post's Ryan Reilly, Keys made himself known to a member of the hacking collective Anonymous and offered up login information that allowed Anonymous to change information displayed on The Los Angeles Times.

Keys' indictment is a big deal for obvious reasons, but also because it's the second case this year in which legal action has raised momentous ethical questions concerning Internet crimes. It's impossible to read the potential penalties at stake and not think of Aaron Swartz, the Reddit co-founder and RSS developer who committed suicide after allegedly violating the Computer Fraud and Abuse Act. According to prosecutors, Swartz wilfully committed a massive act of intellectual property theft when he downloaded millions of articles from JSTOR, the online repository for academic research. Swartz' defenders argued that even if he had stolen the content, he hurt nobody -- and therefore the sentence he faced was vastly disproportionate to the nature of the crime.

By most accounts, the prosecutors came away from the encounter looking like the bad guy -- critics charged them with pursuing Swartz to the point of suicide just because they could. The moral issues raised by his case, meanwhile, are still unresolved. That's why Keys' case is so important: the precedents established here will go a long way toward establishing how the Internet functions and governs itself.

What we have here is another potential Swartz-type situation where every incentive is telling prosecutors to go after Keys as aggressively as they did Swartz, if not more so. From the government's perspective, what Keys allegedly did was a Very Serious Crime. Keys' actions resulted in a hacking attempt against a major U.S. company. With Washington newly alerted to the threat of cyber espionage, it's understandable that the government would want to deter network penetrations of all kinds. Deterrence requires stiff penalties -- ones the government isn't afraid to enforce.

Those who would defend Keys might argue that what he did was no more harmful than when Swartz scraped his gazillionth article from JSTOR. Based on the damage he allegedly caused -- indirectly, at that -- what penalty should such a crime deserve? In the next few weeks, expect a public battle over the severity of not just his supposed crime, but of Internet crimes writ large.

Yes, Matthew Keys is in hot water. But how hot will be largely up to us.

(Image via Pedro Rufo / )

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.