Why Matthew Keys is not ‘the next Aaron Swartz’

Matthew Keys is no Aaron Swartz. But the Reuters social media producer will face decades in jail under the same law used against Swartz if convicted of helping Anonymous hack the Los Angeles Times Web site in late 2010 — a parallel that has Keys’s lawyers and some commentators grouping the two as twin victims of America’s mangled computer crime laws.

Swartz, a prominent Internet activist who lobbied for free information online, killed himself in January, six months after the Department of Justice charged him with wire fraud, computer fraud and several other cyber crimes for downloading some 4 million paywalled academic articles from an academic archive at MIT.

Keys was recently charged with different computer crimes under the same law. Prosecutors allege the 26-year-old journalist, who has been suspended from Reuters with pay, helped Anonymous deface the Los Angeles Times Web site by giving log-in credentials to a hacker in an Anonymous chatroom, shortly after Keys was fired by the company that owns the Times.

But legal experts caution that the cases are different, despite their apparent parallels. And bloggers like Jason Gooljar are finding out exactly how controversial it is to call Keys “the next Aaron Swartz” — Gooljar quickly updated a post with that title after Redditors slammed the comparison as an “insult” to Swartz’s memory.

“Aaron Swartz and Matthew Keys are very different,” said Orin Kerr, a law professor at George Washington University and a respected expert on cyber crime. “They were charged under completely different parts of the law.”

The law in question is the Computer Fraud and Abuse Act, the much-maligned, much-amended 1984 computer crime law that governs many government and commercial cases. The CFAA has not gotten much love from legal experts in the past few years: it’s “outrageous,” “bullying” and “shockingly vague,” depending on whom you ask, and its sweeping terms have been used to charge people for crimes ranging from hacking a Playstation 3 so it could run third-party programs to downloading the client database of an ex-employer.

But while it’s easy to see the CFAA as one monolithic relic, Kerr says, the law actually has several parts, and Keys was charged under the least controversial one. That’s because the CFAA’s biggest problem lies in its use of the phrase “unauthorized access” — a vague, only loosely defined term that has left prosecutors and courts to their own interpretations. Keys’s part of the law doesn’t mention that term. Swartz’s does.

Aside from the difference in their alleged crimes, there’s also a split in apparent motives. As many of Swartz’s defenders have pointed out on social media, Swartz was a documented Internet activist who fought publicly for freedom of information.

On the other hand, in chat room transcripts released by the Department of Justice, the user alleged to be Keys urges an Anonymous hacker to “go f--- some s--- up.” That isn’t just a public-relations issue: motives can factor into sentencing, too, Kerr says.