Matthew Keys "faces" 25 years in prison like I "face" being eaten by an angry lion

By Paul Bradley Carr , written on October 8, 2015

From The Legal Affairs Desk

Yesterday, former Reuters journalist Matthew Keys was found guilty in federal court of three hacking-related offences.

Keys was charged with helping hackers access servers owned by his former employer, the Tribune Company, and encouraging them to “go fuck some shit up.” Fuck shit up they did – altering editorial content on the homepage of of the LA Times.

Hopefully all lovers of the First Amendment can agree that a reporter who helps hackers to edit or delete the work of other journalists – particularly altering the headlines of news reports – probably deserves to get in some kind of mild legal trouble. But, if the reports of Keys’ imminent sentencing are to be believed, his likely punishment goes way beyond “trouble.”

Social Media Journalist Matthew Keys Guilty on Hacking Charges, Could Face 25 Years in Prison” says the Gawker headline.

Agrees The Verge: “Keys faces up to 25 years in prison on counts of conspiracy to cause damage to a protected computer, transmission of malicious code, and attempted transmission of malicious code.”

“Keys, 28, faces a maximum of 25 years for three felonies related to sharing login information from the Tribune Media Co.” concurs the Huffington Post.

Supporters were quick to express outrage at the lengthy sentence “faced” by Keys. Supporters including Edward Snowden, who tweeted…

It’d be churlish to point out to Snowden that at least America has the decency to jail its alleged criminals as opposed to poisoning them with polonium. Or that, unlike Russia, America doesn’t tend to jail women for two years for saying mean things about the President or men for 14 years for writing a letter. But one could easily lose an afternoon pointing out all the jarring statements found on Snowden’s self-parody account. The “is this guy for real?” ship sailed around the time he appeared on the cover of Wired, from Moscow, getting to third base with the American flag.

Also, on the Keys reports at least, Snowden seems to make a good point. 25 years would be a shockingly long amount of jail time for someone to face. And more shockingly, a quick scout of other hacking sentencing headlines suggests Keys’ reported fate isn’t even particularly unusual.

Even before he fled to Russia, the Daily Mail reported that Snowden himself “faced” 35 years or more in prison for taking data from the NSA and leaking it to journalists.

…which is still chickenfeed to Barrett Brown who, back in 2013, according to Vice, “faced” 100 years for offences relating to his work with Anonymous. (According to Democracy Now, the sentence “faced” by Brown was actually 105 years.)

And if that sounds extreme consider Fidel Salinas, a hacker also accused of ties with Anonymous, who in 2014 “faced” a simply incredible 440 years of prison time for misdemeanor offences.

440 years!

And yet, and yet.

Unlike Snowden and Keys, Brown and Salinas have actually been sentenced and -- here’s a funny thing -- Brown eventually received a total of five years in prison, a whopping 100 years less than he reportedly “faced”. And Salinas received not 440 years, not 340, not 40, not 4 but… zero.

Snowden is still on the run, but another government whistleblower, former CIA agent John Kiriakou, received just 30 months in jail despite “facing” a maximum of 45 years before sentencing.

We can debate whether hacking and whistleblowing should be a crime, and whether even 30 months or five years are reasonable punishments for the perpetrators. What isn’t up for debate is the fact that, in almost every recent high-profile hacking case, we have seen a massive gap between the sentence reportedly “faced” by the accused and what they ultimately receive.

The phenomenon has become so ridiculous, and so predictable, that you can now pretty much guarantee when you see the word “faces” in a sentencing headline about a hacker that you’re being sold a load of crap. You can also guarantee that when, a few months later, the hacker receives nothing like that sentence, there will be way fewer headlines, and much less outrage.

The reason for the disparity is simple and reflects the fact that both the media and prosecutors benefit from early reports warning of ludicrously high sentences for hackers and whistleblowers.

For prosecutors, a high reported sentence – which is always based on multiplying the number of alleged offences with the maximum sentence for each of them – acts as a useful deterrent to anyone who might be thinking of committing crimes themselves. Kids are much less likely to join Anonymous-like groups if they think they’ll face 400 years in prison than if the more likely punishment were  a slap on the wrist. Similarly, a high possible sentence is a great way to encourage the accused to agree to a plea deal before trial.

Meanwhile, centuries-long prison terms “faced” by hackers are traffic gold for blogs like Gawker, especially when they prompt outraged commenters to point out that even rapists don’t get thrown in jail for 100 years. Cue the rage machine! Cue the traffic!

What those reporters are banking on, of course, is that readers won’t notice that they’re the contrasting the maximum hypothetical sentences being “faced” by accused hackers with those actually received by some rapists and murders.

What those reporters also frequently fail to do is report the real sentence that’s actually being sought by prosecutors. In Keys’ case, he "faces" 25 years in jail like I "face" being killed by a moose every time I rent a Zipcar.

In reality, prosecutors say they’re likely to seek a jail term of less than five years. That's still a bitch of an amount of time to spend behind bars -- and, again, we can argue whether that would be too high for a disgruntled former employee using hackers to get back at his old boss --  but still nothing like the near-life sentence being reported, especially when you consider that he’ll probably be released long before he serves his eventual sentence. Even Kiriakou, a bona fide CIA leaker, was recently let out of jail early under house arrest.

It’s too much to hope, of course, that prosecutors will stop bullshitting us with the sentences “faced” by alleged criminals. If it ain’t broke… But that doesn’t mean reporters should continue to play along.

Not only are they treating their readers like morons by doing so, but they’re also making it impossible to have an intelligent conversation about the laws around hacking. What is the appropriate punishment for a journalist accused of aiding and abetting hackers? What about the subtleties around black hat hacking and white hat hacking? Most readers will never hear those questions let alone be given the information necessary to answer them – all they’ll hear is HACKER FACES SPENDING FIVE LIFETIMES IN PRISON WHILE RAPIST IS OUT IN FIVE YEARS! And then when the real sentence is handed down, they can forget all about the issue knowing actually it’s not really so bad.

When you report that a hacker “faces” a billion years in prison, you guarantee that’s all anyone will talk about. Just look at the responses to Snowden’s tweet, with 1.5k retweets (and counting) and the few people pointing out the actual likely sentence being handily drowned out by those screaming about rapists and murderers. We saw a similar thing happen when questions around Snowden’s decision to accept the protection of Russia’s FSB were drowned out by headlines suggesting that Snowden might “face” the death penalty if he returned home. It didn’t matter that the attorney general insisted that was never going to happen, the headlines had done their work and much of the world accepted that, “facing” death, Snowden had no choice but to continue AirFSB'ing. 

Snowden might have a vested interest in perpetuating the bullshit around “facing,” but the rest of us have no excuse.