American journalist Matthew Keys was sentenced today to two years in prison for breaking the Computer Fraud and Abuse Act. “We are appealing,” Keys told iMediaEthics by e-mail.
One of Keys’ attorneys, Tor Ekeland, told iMediaEthics by phone that they have fourteen days to appeal the sentencing and that “appeals can take anywhere from half a year to a year to two years.”
“We’re hoping to get bail pending appeal,” Ekeland said, which would keep Keys from having to surrender for prison while the appeal is ongoing. “I’m hopeful that he will get that, but that is entirely up to the court,” Ekeland said.
Keys wasn’t directly accused of hacking, but of giving login information for the Los Angeles Times‘ website to allow others to hack.
In October, Keys was found guilty of helping hackers affiliated with Anonymous hack the Los Angeles Times website, as iMediaEthics wrote at the time. He was accused of posting login information for the Tribune Company content management system to an Anonymous chat room. He once worked for KTXL, owned by the Tribune Co., which also owns the Los Angeles Times. The Times‘ website was hacked and an article was changed for about 40 minutes.
Sarah Jeong, contributing editor for Vice‘s Motherboard, has an excellent rundown on the background of the case and the sentencing, which she attended. The judge in the case, Kimberly Mueller, argued the hackers only made “relatively modest” changes that “did not do much to actually damage the reputation of that publication.” That said, the judge thought Keys wanted to “wreak further damage,” Jeong reported. Keys is supposed to surrender for his sentence in mid-June but his attorneys plan to appeal.
Keys’ “attorneys argued the hacking was a relatively harmless prank,” the Chicago Tribune reported, arguing that it took the Times little money and time to fix the hack (“less than an hour” and “less than the $5,000.”)
On the other hand, prosecutors argued it took hundreds of hours and more than $10,000 to fix. That figure matters because, as Motherboard’s Jeong explained, “In order to be convicted of felony under the particular provisions of the Computer Fraud and Abuse Act which prosecutors used to charge Keys, the conduct must exceed a threshold of $5,000.”
Ekeland said “from one angle we managed to chip away” at the case against Keys, given that the government wanted five years in prison and claimed a much larger financial loss. ”
Keys tweeted numerous times after the verdict:
In a statement posted on Medium before the sentencing, Keys wrote in part: “I am innocent, and I did not ask for this fight. Nonetheless, I hope that our combined efforts help bring about positive change to rules and regulations that govern our online conduct.”
He went on to criticize the law he was convicted of breaking: “As I’ve previously wrote about, nobody should face terrorism charges for passing Netflix username and password. But under today’s law, prosecutors can use their discretion to bring those exact charges against people—including journalists—whenever they see fit. Prosecutors did so in this case. Until the law catches up with the times, there’s no doubt that prosecutors will do it again.”
In 2013, Keys was fired from Reuters, where he was deputy social media editor.
UPDATE: 4/14/2016 1:46 PM EST With response from Keys and his lawyer.