Matthew Keys is no Aaron Swartz. But the Reuters social media producer will face decades in jail under the same law used against Swartz if convicted of helping Anonymous hack the Los Angeles Times Web site in late 2010 — a parallel that has Keys’s lawyers and some commentators grouping the two as twin victims of America’s mangled computer crime laws.
Swartz, a prominent Internet activist who lobbied for free information online, killed himself in January, six months after the Department of Justice charged him with wire fraud, computer fraud and several other cyber crimes for downloading some 4 million paywalled academic articles from an academic archive at MIT.
Keys was recently charged with different computer crimes under the same law. Prosecutors allege the 26-year-old journalist, who has been suspended from Reuters with pay, helped Anonymous deface the Los Angeles Times Web site by giving log-in credentials to a hacker in an Anonymous chatroom, shortly after Keys was fired by the company that owns the Times.
But legal experts caution that the cases are different, despite their apparent parallels. And bloggers like Jason Gooljar are finding out exactly how controversial it is to call Keys “the next Aaron Swartz” — Gooljar quickly updated a post with that title after Redditors slammed the comparison as an “insult” to Swartz’s memory.
“Aaron Swartz and Matthew Keys are very different,” said Orin Kerr, a law professor at George Washington University and a respected expert on cyber crime. “They were charged under completely different parts of the law.”
The law in question is the Computer Fraud and Abuse Act, the much-maligned, much-amended 1984 computer crime law that governs many government and commercial cases. The CFAA has not gotten much love from legal experts in the past few years: it’s “outrageous,” “bullying” and “shockingly vague,” depending on whom you ask, and its sweeping terms have been used to charge people for crimes ranging from hacking a Playstation 3 so it could run third-party programs to downloading the client database of an ex-employer.
But while it’s easy to see the CFAA as one monolithic relic, Kerr says, the law actually has several parts, and Keys was charged under the least controversial one. That’s because the CFAA’s biggest problem lies in its use of the phrase “unauthorized access” — a vague, only loosely defined term that has left prosecutors and courts to their own interpretations. Keys’s part of the law doesn’t mention that term. Swartz’s does.
Aside from the difference in their alleged crimes, there’s also a split in apparent motives. As many of Swartz’s defenders have pointed out on social media, Swartz was a documented Internet activist who fought publicly for freedom of information.
On the other hand, in chat room transcripts released by the Department of Justice, the user alleged to be Keys urges an Anonymous hacker to “go f--- some s--- up.” That isn’t just a public-relations issue: motives can factor into sentencing, too, Kerr says.
“For example, acting with an intent to profit can turn a misdemeanor into a felony,” he says. “Also, acting as part of a broader criminal scheme can lead to a sentencing enhancement.”
Keys’s lawyers contended he was conducting “an undercover-type, investigative journalism thing” in an interview with the Huffington Post. They have also accused the Justice Department of pushing cases like Swartz’s and Keys’s too aggressively and threatening over-harsh sentences. The Justice Department has previously denied that type of allegation, saying in a statement after Swartz’s suicide that prosecutors only “enforc[ed] a law they had taken an oath to uphold” and blaming Congress for severe sentencing guidelines.
Since Swartz’s death, advocacy groups like the Electronic Frontier Foundation have rallied around sentencing reform, arguing that the maximum terms for computer crimes are not proportional to their damage. The news release that announced Keys’s indictment dramatically trumpeted a maximum term of 25 years. Swartz faced a maximum sentence of 35 years.
Receiving the maximum sentence is rare, of course. According to the the U.S. Sentencing Commission, the agency that makes sentencing policy for federal courts, almost 45 percent of convicted criminals serve sentences below the minimum guideline, to say nothing of the maximum. And a 2011 study by researchers at the Universities of South Georgia and Louisville found that the average term for a computer crime was just under three years — and even less, on average, for young men like Keys and Swartz.
But that hasn’t stopped Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation and a former public defender, from counting Keys as the latest victim of sentencing overreach. He argues that high maximum terms stretch the sentencing scale toward more severe penalties — and intimidate defendants into pleading out entirely.
“I’ve been to court, and I’ve seen the reaction when the judge reads [the maximum sentence],” Fakhoury says. “It can be a blunt instrument in deterring people from trying their luck at trial.”
But regardless of the calls for sentencing reform, few have supported Keys’s cause the way they did Swartz’s. That may have less to do with the legal issues at stake than with the public perception of Keys and his case.
“Don’t compare Matthew Keys to Aaron Swartz, even in their prosecution,” tweeted Tony Webster, a prominent engineer and open data researcher. “Keys: disgruntled loser. Swartz: genius, advocate for open knowledge.”
Asked if he felt the maximum sentence was too harsh, Webster wrote back: “Absolutely agree—nothing Keys allegedly did is worth absurd sentencing potential. Merely highlighting a difference in character.”