It's a commonplace that motorists are very rarely charged in these situations, because they "didn't see the cyclist" and also "why was the victim riding a bicycle on the street?" I guess we've established that the eggshell rule is yet another legal instrument to increase the "discretion" of LEOs, prosecutors, and judges, as if they really needed more of that.
That's a coherent argument, but then I feel like I get to point out that you're litigating the whole concept of the justice system, not Keys sentence in particular. Keys is both extremely lucky and extremely privileged compared to the average person serving a multi-year sentence.
I'm much more concerned with the obvious flaws of the system than I am with the "concept" of the system. I'm sure Keys would prefer not to trade sentences with e.g. the average drug "offender", but I doubt he'd consider himself "extremely lucky and extremely privileged". What could that even mean, for a person who shouldn't have been incarcerated a day, convicted, with evidence circumstantial at best, of an act that shouldn't even be a crime?
Despite the big scary words [seriously, "exfiltrating" and "exhorting" in a single sentence; whom are we trying to convince?], it shouldn't be a crime. No fraud took place here. No personal or business data was stolen. No one was hurt. The damage was the online equivalent of "Kilroy was here" on a bathroom wall. The "victim" in the case is a giant media conglomerate responsible for the silencing of thousands of independent local voices. That is, they have no difficulty continually broadcasting their animating political philosophy: "More power and wealth for us! Glory to the top-down authoritarianism that makes us rich!" We don't hear the opposing side in that debate.
Rather, when it's heard, it's quickly silenced as in this case. (Keys was explicitly fired for political reasons. Who doubts he was prosecuted for the same reasons?) There isn't a chance that a similar episode at a small-town newspaper or independent broadcaster or even a popular online-only media site would receive the publicly-funded attention of a federal prosecutor. Most of those dream of higher public office, and they all know whom to make happy and whom to ignore, to make those dreams come true.
Resident HN Qin Dynasty fans might think the problem I describe is one of insufficient enforcement, that if only every knucklehead site defacement could be punished with the full weight of the USA-Justice Dept., we'd live in a utopia. Please realize, however, that this arbitrary authoritarianism is the only possible use of such a law, because it is the design of the law. There will never be enough federal prosecutors to send everyone involved with any defacement anywhere to prison. The point is not to prevent site defacement. The point is to centralize, to provide every benefit to large corporations and deny the same to other firms. That's actually the point of most laws that get passed nowadays. In this case, since this is a media company, the specific point is to control public discourse and destroy those who challenge it, and thereby to keep those profits and campaign donations up. For the rest of us, the cure is worse than the disease.
Security experts are the real fools, when they support the criminalization of minor shit like this. You're going to get paid anyway, whether someone goes to FPMITAP or not. In fact, you'd probably get paid more, if more people were comfortable poking giants in the eye. Executives bitch about all consultants, but do you imagine there is any particular type of consultant they'd be happier to fire? Giant corporations are not good, they are not your friends, and you owe them only the services they purchase. You don't owe them any political allegiance, and sending people like this to prison actually harms you in the long run.
Very little of this is responsive to what I wrote earlier. I think the problem here is that you're unconsciously building a whole lot of hindsight into your analysis. You know now that very little damage was done to Trib Corp (or whoever). But at the time, that was not known. It took a very expensive investigation to resolve those questions. The cost of that investigation should be borne by the people whose actions necessitated it.
I suppose there's a completely coherent argument to be made that anything you do with a computer to someone else's computer that doesn't cause physical, kinetic damage shouldn't be a crime. I'm unlikely to agree with that argument, though, so while it's good to know that that's what you think, we're probably at diminishing returns on this thread.
Responsive? I thought we were talking about the law. You asked, incredulously, if I thought a certain set of actions should be legal. I told you why I think they should. In short, the harms of inconsistently-enforced inherently-arbitrary only-for-bigcos laws such as these exceed those of not having such laws.
I stipulated at the very top of the thread that the investigation was surely very expensive. Most citizens wish these giant conglomerates, whether in media or banking or whatever, were smaller. We're not mollified when the costs of their giant size are passed along to the taxpayer and average citizen.
Actual crimes with actual harms to actual victims should still be crimes, whether they involve computers or not.
No, investigations for very small tech companies also cost far more than $20,000. Source: I've been a party to those, too.
Even if you adopt the position that we should have laws that treats victims differently depending on how big their companies are, that wouldn't have much bearing on this case.
I'll further stipulate that the costs of investigating vulnerabilities at tiny two-engineer firms far exceed the costs of investigating vulnerabilities at giant conglomerates like Tribune Media. When those vulnerabilities amount to "don't turn off credentials for fired employees", I still say they should pay for their own damn security work, and no criminal statute should say otherwise.
That's not what they're paying for. They're paying for the cost, in employee hours and outsourced contractor hours, of ensuring that all that happened was that a page got modified. Rest assured, their CMS is surely as crappy as it was before Keys laid his stubby little fingers on it.
"Stubby little fingers"? Ouch. He's probably going to get hassled enough for his appearance in FPMITAP. It makes sense that one would need to demonize him, though. That's the same maneuver we've seen with drug users, undocumented immigrants, etc.
Why denigrate a CMS when it's well established that Tribune Media weren't removing the passwords of fired employees? If you're sure they're still not doing that, it will be grimly hilarious the next time this happens.
It's super weird of you to try to position me alongside drug prohibitionists and deporters of immigrants. I take offense. Thankfully, this thread was long enough already.
