Business as Usual at DOJ: Threatening Guy with Prison Over an Altered L.A. Times Headline

Why do people keep accusing them of overzealous prosecution?

Scott Shackford | 3.15.2013 12:17 PM

Sometimes folks do stupid things to former employers out of spite. These actions can be quite harmful, but often they're just embarrassing. Former Tribune employee Matthew Keys' actions fell on the embarrassing side. He gave his username and password to a member of Anonymous, who then changed the headline of a story on the Los Angeles Times website.

For this, Keys has been charged with a federal crime and could go to prison:

Matthew Keys, 26, of Secaucus, N.J., was charged in the Eastern District of California with one count each of conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer and attempted transmission of information to damage a protected computer. …

Each of the two substantive counts carry a maximum penalty of 10 years in prison, three years of supervised release and a fine of $250,000. The conspiracy count carries a maximum penalty of five years in prison, three years of supervised release and a fine of $250,000.

Just as with the Aaron Swartz case (and really most federal prosecutions), Keys won't face anywhere near the maximum penalties. But obviously the feds are piling on any possible charge to intimidate him into a plea agreement.

More importantly, there was no actual hacking here. Keys gave an Anonymous member his old access information after losing his job with a Tribune-owned television station in 2010. It turned out the codes still worked. Once Tribune discovered his old access information was being used, they locked him out. The end. Tribune could have saved itself this minor embarrassment (An image of the hack was posted on Reddit! The horrors!) if they had blocked his online access when he left the job.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Iraq War Latest Cost Estimate: Likely $6 Trillion Over Next Four Decades

Hide Comments (30)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Night Elf Mohawk 12 years ago

Changing a text file is damaging a computer?
Trespassers W 12 years ago

I don't get the alt-text. Must be one of them obscure Battlestar Galactica references.
CampingInYourPark 12 years ago

I don't get it. If Keys wanted to embarrass the LA Times, why did he need to give his credentials to someone else to do it? If it was simply a matter of changing a text file, was he not capable of that? Something is missing from the story.
JW 12 years ago

Former Tribune employee Matthew Keys' actions fell on the embarrassing side. He gave his username and password to a member of Anonymous, who then changed the headline of a story on the Los Angeles Times website.

Wait. He was a former employee and the company hadn't deactivated his account yet?

You get what you pay for, fuckheads.
1. Gadianton 12 years ago
  
  This. What kind of security do they have where they don't take out your password when they fire you or you quit?
2. CampingInYourPark 12 years ago
  
  Curious Is there any legal precedent concerning accessing a network after employment ends without it being stated as a policy or in a contract by the company?
  1. CampingInYourPark 12 years ago
    
    That is, with the same credentials given to you by the company
    1. JW 12 years ago
      
      Trespassing, or the electronic equivalent of.
3. Stormy Dragon 12 years ago
  
  So if I forget to lock the door to my house, it's perfectly legal to burglarize it?
  1. mnarayan 12 years ago
    
    I'd say it's worse than that. A better analogy seems to be if you loan someone the key and then don't get the lock changed.
  2. Rasilio 12 years ago
    
    No but it is hard to argue that if you give me the keys to your house and after we have a falling out I use them to go in an rearrange the magnetic poetry on your Fridge that it justifies multiple felonies with the possibility of decades in jail either
Voros McCracken 12 years ago

I'd like to see some legal scholars come up with a way to pass some sort of law to put an end to the ridiculous amount of overcharging that goes on in prosecutors offices in this country, for the sole purpose of extracting plea deals.

If your choices are 6 months probation, or rolling the dice on either walking or getting a life sentence, you really don't have much of a choice and must plead guilty regardless of whether you are or not. It's an absurdity and truth be told probably a violation of the defendant's legal rights.
1. ant1sthenes 12 years ago
  
  The plea bargain they can offer should be constrained based on the maximum sentence (e.g., they can take off no more than 30% of the sentence). It should also be fixed to a set of charges they commit to bring, so they can't offer a plea bargain based on 3 offenses, but threaten to charge you with 3,000 offenses.
  
  Less leverage means they either drop charges or take this sort of the thing to a jury and argue for draconian punishment for minor crimes, which will probably spark sentencing reform for lesser crimes as well as more jury nullification as jurors refuse to subject even obviously guilty people to punishments that are grotesquely disproportionate to the crime.
Fist of Etiquette 12 years ago

Disable access credentials of staff who end employment, even on good terms, idiots.
1. jesse.in.mb 12 years ago
  
  I made this mistake...once. Our old office manager had been using her work email as a personal email address (against poorly enforced company policy and common sense) when she was let go, I let her retain access to it while she set up a new personal account and transferred all of her banking and whatnot to said new account. I also backed all of her emails and work contacts up. The next day she'd wiped the account clean. I locked her out and disabled the account, restored the data and wrote a legal looking letter warning her that sabotaging company property was a crime, and then sat back and watched her squirm.
Stormy Dragon 12 years ago

More importantly, there was no actual hacking here.

What do you consider hacking? This is one of those issues where both sides seem to go to ridiculous extremes. One side makes the definition of hacking so broad that everything qualifies; the other makes it so narrow that nothing does.
1. Endless Mike 12 years ago
  
  How hacking really works
2. mnarayan 12 years ago
  
  The claim that no actual hacking took place here is particularly cumbersome given that the main point of the post seems to be that the ex-employee did nothing wrong.
  1. Rasilio 12 years ago
    
    Actually you are wrong, the main point of the post is that what this guy did was a minor and trivial affair which while wrong probably does not rise to the level of criminal activity however the Feds are seriously overcharging him in an effort to force him into a plea bargain.
    
    No one, in the article or the comments, has said he didn't do anything wrong and if they charged him with a misdemeanor and hit him up with a $1000 fine and a couple hundred hours of community service this article would never have been written
    1. Stormy Dragon 12 years ago
      
      Well no, several people up thread seem to be making the argument that if the victim didn't do everything they could to prevent the crime, that it becomes their fault that it occurred.
Scott S. 12 years ago

Do I really, seriously have to explain proportionality every single time I talk about Department of Justice prosecutions? Saying that this prosecutorial behavior is absurd is not the same as saying a crime didn't happen.
1. Stormy Dragon 12 years ago
  
  Except you didn't say "the federal government is overreacting to the hacking" you said "no actual hacking occured".
  1. Scott S. 12 years ago
    
    "No hacking occurred" isn't the same as saying "no crime occurred."
    1. Stormy Dragon 12 years ago
      
      So again, what is your definition of hacking?
    2. mnarayan 12 years ago
      
      None of the charges appear to mention "hacking"; it seems reasonable to assume that you mean that no actual crime occurred when you bring it up out of nowhere.
      
      I can't believe I'm even tangentially defending this kind of prosecution; I'm not even sure I think any criminal liability is appropriate here. This post is just woefully undeveloped given the things that a reasonable reader might conclude it implies.
2. mnarayan 12 years ago
  
  Nothing in this post gives any indication of how the government is over-charging here. I'm sure they are, but only because it seems they always over-charge any hacking related offense that they charge.
  1. Scott S. 12 years ago
    
    It seemed clear to me, but if more than one commenter feels the blog post is incomplete (both you and Stormy), I'll definitely keep that in mind for future posts.
Roger Cuddy 12 years ago

90% of the fault lies with the company for not inactivating the account. However let's not totally trivialize the ex-employee's actions. Giving your old account info to someone is little different than giving them your old keys to the building. Yes, they should have changed the locks but you still intended to facilitate someone else causing harm. Admittedly its somewhat funny because it affected the paper but it wouldn't be comical at all if had been a financial institution with peoples savings at risk.
1. Stormy Dragon 12 years ago
  
  The company should have inactivated the account for practical reasons, but the failure to do so doesn't shift any of the legal or more responsibility to them.
  
  The failure of the victim to prevent a crime does not make them responsible for it.
Suthenboy 12 years ago

New headline:

'Dunce shoots his own nuts off'

Please log in to post comments

Latest

'Libertarian' Gov. Jared Polis Signs 'Restrictive' Gun Law and Booze Ban

Salvadoran President Says He Won't Return Kilmar Abrego Garcia

Trump Flagrantly Targets Political Opponents in Executive Orders

Markets Are Smart Even When They Seem To Panic

Feds Borrowed $1.3 Trillion in the First 6 Months of This Fiscal Year

Recommended

Login Form