Judge Won't Lower $5M Bail For Jailed SF IT Admin 429
snydeq writes "San Francisco County Judge Charles Haines has denied Terry Childs' motion to reduce his $5 million bail, alluding to 'public security concerns,' according to Richard Shikman, who is representing Childs in court. The ruling comes in the wake of a recent decision to drop three of the four changes that have been levied against Childs, who has spent the past 14 months in jail. The fourth charge — that Childs violated a California statute regarding illegal denial of service for the San Francisco FiberWAN — has been called into question by those closely monitoring the case. As a point of comparison, the San Francisco Felony Bail Schedule lists a $1 million bail for the most serious crimes, such as sexual assault of a child, aggravated arson, or kidnapping for ransom. Prosecutors have argued that the bail is appropriate because, if released, Childs could cause damage to San Francisco's network."
too easy (Score:5, Funny)
Childs could cause damage to San Francisco's network.
But, but... think of the children
Re:too easy (Score:5, Insightful)
Prosecutors have argued that the bail is appropriate because, if released, Childs could cause damage to San Francisco's network.
Yeah, so can anyone who's competent with networking.
Just admit that he was presumed guilty before a trial you incompetent fools. You all are making yourselves look more and more like idiots, and the Childs is laughing his ass off in jail.
Oops shouldn't have said that out loud, I might be labeled a terrorist.
Re:too easy (Score:5, Funny)
Yeah, so can anyone who's competent with networking.
Or incompetent.
Re:too easy (Score:5, Insightful)
Re:too easy (Score:5, Insightful)
this is preposterous. basically they're condemning him for being arrogant while competent. he always stated that he was only refusing to hand out the passwords because he didn't trust the competence of the people that were still working there.
what harm could he now do to the city network? he was fired, the password has already been disclosed to the mayor about a year ago... or have they forgotten to change the passwords?
and if he did have backdoors, it's already time they had them fixed. if he uses them, then, yeah, he's provoking the wrath of law, but... 5 million?
each year he spends on the jail probably means about 10 years he looses from his lifespan from physical and emotional distress. fsck the fscking judges and DAs.
Robin Williams said it right:
"You know, I heard scientists are now using lawyers instead of mice for experiments, for two reasons: one, scientists grow less attached to lawyers and two, there are somethings that even mice won't do."
add "judges" to that, will you?
Re:too easy (Score:4, Insightful)
what harm could he now do to the city network? he was fired, the password has already been disclosed to the mayor about a year ago... or have they forgotten to change the passwords?
Likely none, and they realize this. But they've imprisoned a man - a competent, intelligent man - for over a year now. They've ruined his ability to do what he evidently got a great deal of satisfaction from (noted due to his level of competency). They've smeared his good name, lied about him, and ruined his life.
I suspect they're quite worried about him getting out. On the outside, he'd be able to sue the life out of them and/or the city - and if the city gets sued, then those who invoked the lawsuit will face scrutiny.
Oh yeah, and again, the "smart, competent" bit. What was it about the mental stability of IT workers, nurses, and postal workers and our propensity to go off the deep and which is so wantonly stereotyped in the media? Oh, right. They're probably at least a little concerned that the guy would kill them all in their sleep. I don't doubt he's thought about it, wistfully (there's likely not much else for him to do).
Re:too easy (Score:5, Interesting)
no, it was a network that had him as the "caretaker". Despite the methods, from what has been said, what he was doing was trying to protect the network. As a "caretaker", it's his job to do what he must to protect the network. Of course, there are proper methods and limits, but I don't see why what he did would justify 14 months in jail and $5M bail. They've had the passwords for over a year, for God sake. If he wanted the network to get stuffed, he could have very well also let the passwords somewhere else or with someone else to do the job for him in case anything happened to him, so they could hold the network hostage. Did that happened? Childs seems to be a guy to smart to NOT do something like this if his intentions were less than honorable (regardless of the methods).
Re:too easy (Score:4, Insightful)
no, it was a network that had him as the "caretaker". Despite the methods, from what has been said, what he was doing was trying to protect the network. As a "caretaker", it's his job to do what he must to protect the network.
Actually, all of his authority with respect to this network come from his supervisor/manager. He only has the authority to "do what's best for the network" as long as it's still granted to him by his supervisor. As soon as his supervisor revokes that authority, he no longer has the privilege of deciding what is best for the network.
After all that, he was just being a dick, and it's stupid to be a dick to people who can have you locked up in jail. This may be United States, but it's not the United States you were (probably) taught about in grade school.
Re:too easy (Score:4, Interesting)
As I said: I'm not judging his ability to choose the best method of action, which most likely is somehow impaired, but his intentions, which were clearly shown to be good, although improperly applied.
Re:too easy (Score:5, Insightful)
His duty to help them by giving them passwords and other confidential information ALSO ended when his employment contract ended. That's what the law says. In fact, legally, he should have destroyed all confidential information in his possession, and as such, suing because he wouldn't turn over confidential passwords that he was not obligated or even allowed to retain is a new level of absurd.
When this is over, $5 million is likely to seem like peanuts compared with the settlement that San Francisco will end up paying out.
Re:too easy (Score:5, Insightful)
Actually, all of his authority with respect to this network come from his supervisor/manager. He only has the authority to "do what's best for the network" as long as it's still granted to him by his supervisor. As soon as his supervisor revokes that authority, he no longer has the privilege of deciding what is best for the network.
Yes. The issue is, however, that none of the people who informed he had been fired and demanded he handed over the passwords _were actually his supervisor_. AIUI, a subordinate had been promoted over him, and he hadn't been notified of this.
Look at it this way: you're in charge of a network and have the passwords that can be used to do just about anything with it. One day your assistant comes to you and says, "I've just been promoted to your job, and you've been fired. Hand over the passwords." Wouldn't you think maybe you were in some kind of social engineering attack, and want to confirm it with somebody you knew to be your superior? That's all Childs did.
Re:too easy (Score:5, Insightful)
no it shouldn't. The whole thing could have been fixed with a simple contempt of court charge and sweat him till he tells, that was their legal option and they chose not to do that.
Beyond that all the attempts of the management to "hack in" were unnecessary and not relevant to the criminal case. (like breaking the windows out of YOUR car because somebody stole it) HE did not do any damage after he was fired... the trouble was that he was fired TWICE... the first time the manager didn't write him up per union policy for being a dick and he got his job back. So he was refusing to turn his password over to the people that GOT him fired and weren't qualified to properly manage the network... they broke it because they didn't call a certified person FIRST. Also, they had already accused him of wrongdoing when he hadn't done anything....how do you prove you DIDN'T attempt to commit a crime?
Re:too easy (Score:4, Insightful)
how do you prove you DIDN'T attempt to commit a crime
Theoretically, you shouldn't have to, it should be up to the state to prove that you did actually commit a crime.
Theoretically.
Re:too easy (Score:5, Insightful)
Re:too easy (Score:4, Insightful)
Most that I have delt with would fall into the "serious business practice problems" category. A company I worked with years ago had a lead admin that was completely paranoid, he was the only one in the company with root access, he supposedly kept the password in a safe that only he, the ceo and the cfo had access to. The lesser admins (thats actually how they referred to us in the department procedures) were the ones who were stuck with being on call and had to call up the lead any time there was a problem...all would be fine if it weren't for the fact that he was very cranky in the middle of the night and would yell at us if we actually called the hesitantly give us temporary access and tell us to figure it out and not bother him. Sometimes outages would go on for hours because we couldnt reach him.
I could only take about 6 months...shortest job I have ever held. I can handle alot of crap, dont trust me with root fine...but at least give me pseudo or at minimum dont bitch when your underlings have to call because you set it up that way.
Re:too easy (Score:5, Informative)
Re:too easy (Score:5, Informative)
immunity for officials != immunity for the city.
You're probably right that the DA can't be sued personally (that's a symptom of the general failure in the US to understand that government != state), but that doesn't mean that the department can't be sued, or that the department can't take action against the individuals responsible for exposing it to liability.
Re:too easy (Score:5, Insightful)
Re:too easy (Score:5, Insightful)
That's what you get when state prosecutes are chosen at the whim of the vindictive masses instead of by careful selection based on merit and principle.
Re:too easy (Score:4, Insightful)
10 days is hardly enough time to mount a defence.
Especially when you need to convince a bunch of hicks, who don't know what a computer is that you could not have done it.
Re:too easy (Score:5, Funny)
Just admit that he was presumed guilty before a trial you incompetent fools. You all are making yourselves look more and more like idiots, and the Childs is laughing his ass off in jail.
They may just be keeping him in long enough for all of his certs to expire.
Re:too easy (Score:4, Funny)
the poor guy's in jail and you talk about shelf life of breath mints?
have you no shame?
Re:too easy (Score:5, Insightful)
Prosecutors have argued that the bail is appropriate because, if released, Childs could cause damage to San Francisco's network.
This oddly sounds like crap that brought up in Kevin Mitnick's trial.
My guess is the DA knows he's fscked and is grasping at straws. I wouldn't be surprised once the last charge is dropped, Childs counter sues for being charged, arrested, and in jail.
Only if... (Score:5, Insightful)
He's a danger to their network only if no one has yet changed the passwords on the routers and other equipment.
Re:Only if... (Score:5, Insightful)
"The defendant's withholding the passwords caused DTIS to be denied administrative access to the FiberWAN, which constituted a denial of computer services," Judge McCarthy wrote.
The defending not giving up the administrative passwords for his former employer's network didn't cause anyone to be denied administrative access. Their own incompetence and lack of planning were responsible for that.
This whole thing is ridiculous, yet it's still not over... The people who need to be held accountable are the managers responsible for allowing such a major fuck-up to occur with something as critical as they claim.
Re:Only if... (Score:5, Insightful)
He's a danger to their network only if no one has yet changed the passwords...
No kidding. Are those routers and servers just running on on the same settings they were set on 14 months ago? No one has run updates? Changed any settings? Heck, in a lot of places half that equipment would have been replaced in a year. Any reasonably competent admins could have secured that network before now. Most routers have a way of resetting the root password, even if that means taking them off-line a few at a time and reprogramming them.
This is insane. 14 months in jail. Come on San Francisco, time to extract your head out of your boyfriend's ass.
Hopefully his lawyers can appeal to a judge with clue before this stupidity goes any further.
Re: (Score:3, Insightful)
Any reasonably competent admins could have secured that network before now
I believe it was the lack of those that got Child's in this trouble in the first place.
Re:Only if... (Score:5, Informative)
Re:Yes. (Score:5, Insightful)
it's not at all inconceivable that Childs could cause damage to that network if he chose to do so.
You are correct, of course. Childs should be immediately lobotomized, or if the procedure appears to be unreliable then he should be just killed. He knows too much and can never be released. His possible future crime must be prevented at any cost. Same applies to all future sysadmins of SF - once they learn the network (a few weeks on the job, perhaps) they will have to be destroyed.
Re:Yes. (Score:5, Insightful)
it's not at all inconceivable that Childs could cause damage to that network if he chose to do so.
It's not at all inconceivable that the average slashdot reader could damage the network if he chose to do so (with some basic research + social engineering, to gather some general info).
Re:Yes. (Score:5, Insightful)
Re:Yes. (Score:5, Informative)
Which requires them to know what all of the equipment is, and potentially all of the software installed in all of it. Information for which Childs was supposed to be the source.
I'm not saying that the $5 million bail is right, but it's not at all inconceivable that Childs could cause damage to that network if he chose to do so.
Childs should not be the "source" of knowledge on their equipment. Their internal inventory and documentation policies are the source for that information. Childs designed and maintained the network, he did document it, even going so far as to Copyright the network design. Childs even followed policy when he refused to disclose his password to members of the San Francisco Police Department, representatives from HR, and an unknown group of people on the phone.
San Francisco government policy, from http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf [sfgov.org]
"Password Policy"
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.
All passwords are to be treated as sensitive, confidential County information.
Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your password while on vacation."
This is a corrupt government using its influence over the DA and judicial appointees to persecute Mr. Childs. After this last charge is throw out, Mr. Childs will undoubtedly counter-sue in a different jurisdiction to stay clear of the corruption in the SF government.
Re:Only if... (Score:5, Insightful)
You would think, by now, that someone would have come in and cleaned up the network and battened the hatches. After all the publicity this has gotten, if there's _still_ a hole for Child's to access, then they deserve whatever skull-fucking he can give them.
I know these are government employees, but, as I said, with the publicity surrounding this one, they might have justified breaking the piggy bank to pay for a real network guru to give it a once-over, at least.
Re:Only if... (Score:4, Insightful)
He doesn't deserve to sit in jail until someone gets around to changing the passwords.
Re:Only if... (Score:5, Insightful)
What makes you think that he'd do that if let loose? If it did get screwed up, I'd think he'd be the first to receive blame at this point. Unless one has a very, very good escape plan that is sure-fire and won't fail, I would think that unless they're completely nuts, a person in Childs' position is not going to go at them for "revenge".
They're more in danger from other threats than this man at this point. To put it more succinctly: The risk is imaginary; the DA's whipping up fantasies that're just plausible enough that the Judge is willing to sign off on them. He didn't do a denial of service. He didn't intend to do so, as best as can be determined. He followed their internal security policies per passwords, even.
Re:Only if... (Score:5, Insightful)
Since one can never prove that a network is secure, what are they going to do: lock him up forever?
Witchcraft (Score:5, Insightful)
Re:Witchcraft (Score:5, Insightful)
Re:Witchcraft (Score:5, Informative)
Re:Witchcraft (Score:5, Insightful)
While it's lots of fun to make fun of right wing crazies, it should be noted that this case is taking place in San Francisco, California, one of the most liberal places in the country. Just further proof that stupidity knows no political or ideological boundaries.
Re:Witchcraft (Score:5, Funny)
Re:Witchcraft (Score:4, Funny)
Re:Witchcraft (Score:5, Interesting)
They were treated that way because Mitnick and in this case Childs didn't learn from the down falls of others. I was into messing with phone systems, cellular systems and other "key infrastructure" type systems in the early 1990s. At that point in time I was in my early teens and pretty much immune from prosecution for my actions. I also had the benefit of the fact that very few people knew anything about networked systems and laws like DCMA and the like weren't on the books. When I turned 18 I took a look around me and I realized this very key thing. The "powers that be" made a conscious decision to spend their efforts prosecuting people who exploit obvious and "easy to secure" holes in systems. I had access to 5ESS switches not because I was an uber hacker, but because the admins were lazy and never changed default passwords and/or failed to shred trash. Rather than spending the effort to educate/train competent admins and put an emphasis on securing systems, they decided to take the approach of severely punishing anyone who messed with the systems. In my case, the approach worked. Free phone calls and root accounts on systems weren't worth trading for jail time in Federal prison.
Terry Childs seems to have made the mistake that a lot of socially inept people make. They tend to believe that their knowledge will insulate them from the brute force of the establishment. Childs apparently felt that he was doing the right thing and wasn't able to distance himself from his own beliefs long enough to recognize that they were putting him in jeopardy. The way he has been treated is absolutely reprehensible. What it isn't is unpredictable. A person who stands in the way of the government should either be ready to start a full on insurrection, or be prepared to be cast aside. The government doesn't do what is "right". They do what needs to be done to maintain order.
Re:Witchcraft (Score:5, Insightful)
take that SF (Score:5, Funny)
Re:take that SF (Score:5, Interesting)
If I were Mr Childs, at this point my thoughts would be less on vandalizing the network and more on vandalizing the nose of the prosecuting attorney who convinced the judge that there was some sort of danger to the network if I was released.
Re: (Score:3, Insightful)
or, more importantly, since the prosecution doesn't want him out of jail during the trial, and the judge clearly subscribes to that view, why doesn't he just drop the whole charade of offering him bail that he'll never be able to meet?
Re:take that SF (Score:4, Insightful)
then why isn't he forced to hold him with bail that he can reasonably meet? What happens when Childs get $5m together? Does the prosecutor just go and ask for it to be raised to $10m?
I suppose my question is what, functionally, is the difference between being held without bail, and being held with bail deliberately constructed to be so high as to be unmeetable? And if there's no difference, why have the distinction?
No confidence (Score:5, Insightful)
> Prosecutors have argued that the bail is appropriate because, if released, Childs could cause damage to San Francisco's network.
It sounds like they have zero confidence in whoever is now in charge of securing their network.
Re: (Score:3, Interesting)
Re:No confidence (Score:5, Insightful)
No, my point was kind of that there is an implicit trust between all employees and their IT personnel. The IT people have all the keys to all the doors, they can know anything about your company, even that which should be restricted to the highest personnel. Refusal to divulge root passwords to those who shouldn't have them isn't a very good reason to throw someone in jail, even if it IS a city government network.
Instead of holding this man, they should congratulate him for bringing to light the colossal insufficiency of their manpower in this department and the total negligent lack of redundancy in key positions. The fact that they got into this position at all, with only a single person having the root passwords for key infrastructure is a sign of the departments lack of intelligible oversight.
Re:No confidence (Score:5, Informative)
There were no "actual owners" for Childs to divulge the passwords to! In fact, Childs was both fired and arrested because he insisted on following the documented password policy even though unqualified-but-politically-powerful assholes demanded that he break it. Agreeing to give the passwords to the mayor, a compromise he made while already in jail, was actually the only thing he did wrong (because, according to the policy, the mayor wasn't entitled to be given the passwords either)!
Re:No confidence (Score:5, Funny)
It's in safe hands. The city hired The Geek Squad.
Re: (Score:3)
Well, the prosecutors work for the City and County of San Francisco, too; certainly, its not that uncommon for people on the business side of an operation to have low confidence in their own IT staff.
Sick of this (Score:4, Insightful)
Re: (Score:3, Insightful)
Judge doesn't quite understand (Score:5, Insightful)
One thing I don't understand is why this guy doesn't exercise his right to a speedy trial. He's already been punished enough considering all the evidence I've seen suggests he is innocent. Maybe he is getting some kind of zen experience living in jail and he actually likes it or something. From what I've heard from some sysadmins, living in jail can't be much worse than that job.
Re: (Score:3, Funny)
In jail, they schedule time for you to SLEEP.
Re:Judge doesn't quite understand (Score:5, Insightful)
You're right, and you're wrong.
The Judge doesn't understand, he is not paid to understand.
What the Judge does understand is that letting this guy out of jail on BOND is dangerous to SF political types running the city. This is far more dangerous, in their mind, than a child rapist, mass murderer or other heinous criminal, hence the steep bail.
And the city wonders why nobody wants to visit there any more.
Re: (Score:3, Insightful)
Um, I'd be surprised if most people visiting SF had heard of this case. There are plenty of other reasons why nobody wants to visit SF anymore, and most derive from the rampant homelessness problems, crumbling infrastructure and systematic discrimination against people with cars.
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
except it's a self correcting issue. Don't build more roads, but keep the current in repair.
People will get sick of the traffic and find other was to get into the city.
Re: (Score:3, Insightful)
Amazing, isn't it? But it's the way a stereotypical politician typically thinks- when they do manage to think. I certainly wouldn't want to work for them after this whole debacle- the stuff tha
Re:Judge doesn't quite understand (Score:5, Informative)
There's also a constitutional right protecting us from excessive bail, but it doesn't look like the judge cares about that either, and even if bail was appealed, it would be held up on appeal.
What happens if he beats the rap? (Score:5, Insightful)
Prosecutors have argued that the bail is appropriate because, if released, Childs could cause damage to San Francisco's network.
So if the 4th charge is dropped and he is freed, can they keep him jailed? He could, at that point, still cause the same damage that he can now.
Seems excessive (Score:5, Insightful)
I think the problem is they know he's not going to be convicted of anything in the end. So the judge is trying to send a message to people who might be inclined to do the same thing.
"We can get you. We don't need to actually convict you, either. We can get you anyway."
14 Months? (Score:5, Informative)
Doesn't this guy have a sixth amendment right to a speedy trial?
Besides (and Google may have led me the wrong CA statute) but it look like the penalty for the remaining charge could be as little as a $5,000 fine. It also seems to have an out:
"Subdivision (c) does not apply to punish any acts which are committed by a person within the scope of his or her lawful employment. For purposes of this section, a person acts within the scope of his or her employment when he or she performs acts which are reasonably necessary to the performance of his or her work assignment."
Re:14 Months? (Score:5, Insightful)
You actually think that laws to protect you from the government actually apply to you?
Wow, Let me guess, you also think we run by a Innocent until proven guilty system as well.
If you enter the legal system you are FUCKED. They play by their rules and will PUNISH YOU for trying to exercize any of your rights. you are a piece of shit and everyone in the system knows you are guilty.
Honestly, you have a better chance at running and hiding out than getting justice through the legal system. It really is that fucked up.
Re:14 Months? (Score:5, Insightful)
I believe that this is less about malicious intent of those participating in the system (poilice, lawyers, judges, lawmakers), and more about Perceived Effectiveness. It's not that they don't want justice, but they need measurable numbers. They need to show that they're Being Effective at deterring crimes, stopping pedophiles, stopping hackers, winning the war on drugs, etc.
Police are there to make arrests and get the DA a case good enough to go to trial. It's not about "justice", or even your guilt: If something you say can be interpreted as implication, you're dealing with a DA.
DA's care about looking good to constituents (and/bosses). They can't NOT prosecute cases that the police give them. (Perhaps they CAN, but it looks bad, so I doubt it happens unless they feel they can't win it ... and even then they'll try to plea bargain you out.)
Judges care about ... who knows what. :) They don't like to have things overturned, as that makes them look bad, but at the same time they tend to be very keen on interpreting the letter of the law. It's generally the higher appeals courts that seem to care about the "spirit" of the law, and even then the letter's pretty strong.
Re: (Score:3, Insightful)
You actually think that laws to protect you from the government actually apply to you?
Well, speaking as a relatively wealthy white guy with a few political connections and at least a basic understanding legal procedures, I'd say yes. If I were, say, poor, black, or less connected, I'd probably be very very screwed if I were accused of something.
Disagreement (Score:4, Insightful)
When I was a corporate IT guy (about 3 years in the middle of about 16 years as a consultant), I took responsibility over a large part of the network in a multi facility health care business. This wasn't life or death stuff, but network outages did cause problems with appointments and general "face" of the corporation. When I came on board, the network was down a lot. No change control, no "chief" in charge of the network, and about 9 people mucking with stuff constantly.
I put my job on the line, in exchange for FULL control of that system (It was a 85 server Netware + Groupwise environment). The first thing I did was take *everyone's* admin away, removed "admin" from supervisory rights to the tree. I then doled out the appropriate levels of access to the security team (read new users, password resetters), put in a hidden OU with a tree supervisor in it and then wrote the "master" admin/login information down. Lightly, in pencil. Folded it up, put it in an envelope with a tamper seal, that went into another tamper evident envelope and that went into the safe. Every month or two I changed the password and replaced the envelope.
That was in case I died, they could easily get in. That is what Terry should have done. Then it wouldn't have come to this - he might have gotten sacked, and/or lost control over what he considered to be his "creation" -- but he wouldn't be rotting in jail....
Re:Disagreement (Score:5, Insightful)
Your reasoning is very short sighted. Yes the "in case of bus" envelope is important, but if you've ever actually been a sysadmin, you know you're the blame guy. There are always idiots up the corporate chain that will blame you for anything technical even if the problem stems directly from them not following your instructions, or otherwise doing something stupid.
That aside, this isn't about you. I know it's hard to imagine, but try to bear with me. It goes like this:
Maybe he's a dick, but that doesn't matter. What matters is that WHAT HE DID WAS CORRECT! You do NOT give the "bus envelope", password or whatever, to some guy, the janitor, the mail boy or whoever, you give it to one of a small number of people only. It may be handled by a secretary or other assistant, but opening said envelope would be grounds for immediate dismissal, as would revealing that same password info to any of the afore mentioned individuals without appropriate "clearance" or what have you.
So here's the situation, your boss, who may or may not have the right to know the password, with some people in the room who DEFINITELY aren't on the access list demands the password.
Situation #1:
You refuse to divulge sensitive info in front of inappropriate individuals because 1) it's actually your job, and 2) if you do so, you can be held liable for any damage done as a result. You are arrested immediately. Happy fun.
Situation #2:
You give up the password immediately, someone brings the system to a crashing halt by incompetence, and you are arrested immediately because it's obviously something you did. Happy fun.
Sure, an envelope is a good idea, but there wasn't one, and that's not his fault, that's a management oversight. Even if this guy's difficult, or abrasive or whatever, he didn't break anything, and was willing to go forward with relinquishing the password, just on very specific terms. If that's a reason to spend over a year in jail, then we better start handing out life sentences for J walking, because unlike not giving up a password, J walking could actually harm someone.
Re:Disagreement (Score:5, Informative)
San Francisco official password policy
"Password Policy"
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.
All passwords are to be treated as sensitive, confidential County information.
Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your passwordwhile on vacation."
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf [sfgov.org]
Re:Disagreement (Score:4, Insightful)
He's not the innocent child that some are alluding to - he did willfully not give the passwords out.
He did willfully not give the passwords out TO PEOPLE HE DIDN'T KNOW, AND DID NOT KNOW IF THEY WERE AUTHORIZED TO HAVE THE PASSWORDS.
Sheesh.
If you're a lowly private in charge of highly classified information, even if a colonel comes along, you're not supposed to hand over the highly classified information without determining that the colonel is authorized to have it. Even if the colonel yells really loud.
Re: (Score:3, Insightful)
He's not the innocent child that some are alluding to - he did willfully not give the passwords out.
Neither would you if your boss asked you to blab the keys to the kingdom to random unknown persons on a conference call. Even with what he did - hell, what I can do in the scope of my job - the worst he should expect without demonstrated malice is getting canned.
Re:Disagreement (Score:5, Insightful)
Fixed that for you.
I have to ask you - if the facility manager demanded that you tell him the password while standing in the middle of a conference room full of people you don't know and with a live conference call going on would you have done it? I doubt it. You might have directed him to the envelope in the safe, but more likely you would have pointed to the security policy in effect and told him you can't do that, but if he would like to make a written request through your boss then an arrangement could be made.
You're making the mistake of believing this is about the actual security issues or the proper performance of duties. This is about a manager waving his dick around and screaming bloody murder when he's told to put it away. Look at all of the case. When he was told to disclose the passwords, there were about a dozen people in the room and an unknown number of people on the conference call. None of the people in the room had any reason to know the password - and he did not directly report to the manager demanding the password.
Remember, Childs said he would turn the passwords over to the City Manager - who was the only person above him in the network foodchain - before he was arrested, and the city lawyers blocked the manager from talking to him for over a week after he was arrested. He never refused to turn over the passwords, he refused to turn them over to people with no right/reason to have them.
Re: (Score:3, Informative)
It's been a while, so you probably don't remember what led to this situation.
Here's how I remember it: Terry's superiors asked for the passwords. He refused, because in his estimation handing them over would have been a breach of security (which is true - you don't give the PHB root access, because he doesn't need it and will probably abuse it). They fired him, jailed him on some trumped-up charges (as we can infer from 75% of the charges against him being thrown out), and asked again. He refused, but since
Re: (Score:3, Interesting)
Exactly, the entire thing was a CIVIL matter, not criminal, because he legally had the right to possess the passwords and he was questioning the right of the managers to ask for what they claimed was their stuff. The very arresting him without some kind of charge first .. the DA isn't a JUDGE... and isn't a police officer there's no obligation to follow any orders from them.
They KNEW they were going to fire him and could have gotten an injunction from a judge to compel the passwords before they even told hi
Re:Disagreement (Score:4, Insightful)
Terry Childs played the "battle of wills" game and lost. He's not the innocent child that some are alluding to - he did willfully not give the passwords out.
When I was a corporate IT guy (about 3 years in the middle of about 16 years as a consultant), I took responsibility over a large part of the network in a multi facility health care business. ...that is what Terry should have done. ...
Uh, so because he didn't do what YOU did you think it is right to throw him in Jail for a year? Our prisons are swelling with thousands of people who are their on someone's whim. EVERYONE is a federal felon nowadays. I mean everyone. There is some federal law you are violating that can land you in prison indefinitely. Now, if you are a member of Congress or the cabinet you can "forget" to pay some taxes. Otherwise, you better hope you don't tick off someone in power because they can and will destroy you. http://www.amazon.com/Three-Felonies-Day-Target-Innocent/dp/1594032556 [amazon.com]
We are living in some scary times. The political class is treated like royalty and every crime is forgiven (see Kennedy, Chappaquiddick, and the royal state funeral he was given). And the average American, who is thrown into prison just to pump up some prosecutor resume.
No hit-by-bus protection (Score:3, Interesting)
While it seems the prosecutors in this case are overreacting (why's this even a criminal case?), what I find curious is that there was no scheme to retrieve the passwords if Childs were to pass away accidentally (no HBB protection). Passwords written on paper in a safe, safety deposit box or similar, or the passphrase to Password Safe written down somewhere secure.
It's pretty stupid to have to physically access all the routers to reset passwords in the event that the network admin dies or quits in fury. Just write the procedure into the admin's job description.
Maybe I don't remember Civic's very well.... (Score:5, Interesting)
Maybe I don't remember HS Civic's very well but I thought the point of bail was ONLY to prevent flight, not that it had been redefined to be large as a result of danger the innocent (until proved otherwise) person poses. He's being jailed not because he's a flight risk but because of political posturing by the DA, that is a serious miscarriage of justice. I don't have a lot of sympathy for the guy but bail is clearly being misused here.
Re:Maybe I don't remember Civic's very well.... (Score:4, Informative)
You badly misremember your HS civics, or were badly misinformed in that class, then. Bail has historically been discretionary, and dangerousness has almost always been a consideration. It was briefly, in non-capital federal cases, restricted to a guarantee of appearance under the Bail Reform Act of 1966, but considerations of dangerousness for non-capital defendants were restored in the District of Columbia Court Reform and Criminal Procedure Act of 1970 and, more broadly, in the 1984 revisions to federal bail law.
Something is Rotten in the State of SF (Score:3, Informative)
Whatever happened to the constitution? (Score:5, Insightful)
Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.
Judge needs to be removed and disbarred.
a bit of context on the 5m bail (Score:4, Informative)
The pervert/sickos they just caught in SF had their bail set at $500,000 each
for imprisoning and raping kids for 20 years
10% of what this admins bail is set at
good to see the USA court has its priorities set
raping kids is only 10% of the risk to society than this guy?
Common to place conditions on bond (Score:3, Insightful)
House arrest, and GPS monitor. Any damage to their network can easily be traced to an IP address, which if he can't move with freedom, makes it pretty easy to identify if it came from his computer. (I'm assuming they can't restrict his access to computer.) If he does, charge him with another crime. If he were to attack the network under such conditions, he'd be demonstrating his utter desire for being raped in prison, as I can't think of any other sane reason why he'd do it. Only reason bond should be denied is flight risk or a risk to further harm against a human victim/witness.
No sense of proportion (Score:5, Interesting)
Re: (Score:3, Funny)
The DA's Gonna Regret This... (Score:4, Informative)
$5 million (Score:4, Funny)
Can we help him? (Score:4, Interesting)
As a SysAd and citizen I find this case to be disturbing. I don't know if visiting him in jail would be helpful.
Do they even let one have cookies in there? Cookies may not help him or his case, but cookies can taste good.
Scalia's wet dream (Score:4, Insightful)
Excessive Bail == pressure for plea (Score:5, Insightful)
On one charge? This looks _very_ fishy. Conditions on bail would certainly include no computer use. I suspect the real motive for the DA is to use incarceration as pressure for some sort of plea bargain. Any bargain, because their case is weak / non-existant. Highly corrupt.
The DA has to pressure, because if he does NOT cave, they're facing a multi-million $ lawsuit for wrongful (or even malicious where less would be protected by privilige) prosecution. This will ruin careers. As it should.
Re:Excessive Bail == pressure for plea (Score:4, Insightful)
The DA has to pressure, because if he does NOT cave, they're facing a multi-million $ lawsuit for wrongful (or even malicious where less would be protected by privilige) prosecution. This will ruin careers. As it should.
Then that DA is exceptionally short-sighted. They've already gone so far as to set up a storm that won't blow over. Having a powerful official visibly give the shaft to an employee is not something that goes down well in a first world country. Whatever the city does at this point is meaningless, it's already over, the only important thing now is how long they intend to thrash around until they fall down.
Maybe their network still isn't secure. (Score:5, Insightful)
What skilled, knowledgable, trained network administrator would work for them at this point?
Some may be willing to take a crappy job to put food on their kids table... but one that's likely to put you in jail for following their own proceedures?... I wouldn't do that to my kids.
Man, I shouldn't have blown my mod points. (Score:4, Insightful)
Since I can't mod you down, I'll just note that they've now had over a year to change the passwords and otherwise secure the allegedly compromised LAN.
Re:Admin can do much more harm! (Score:4, Insightful)
You are right, any nutso can get a sniper rifle, case full of ammo, and take out half a campus from the church tower. It's the really dangerous folk, like the ones who haven't had access to your network in the past year (which you somehow haven't secured on your own because you are too fucking stupid) that are the real danger to society at large.
Here's a tip for the Judge, if there is still something out there on SF's network that Childs actually could manipulate with greater access or affect than a normal citizen, then the folk who should be in jail are the ones who cleaned up the mess.
Re: (Score:3, Interesting)
I agree with a bit of what you've said, but I totally disagree with the last two sentence in your post... and since you weren't there how would you know?
So what, you think this man is sitting in jail all of this time and wouldn't hand the password over to someone *just to be a dick*?
It is true that every place has politics, and that you have to be mindful of them, and sometimes the most technically gifted among us seem to (at times, but not everyone and not always) be short of the political and "working wel
Re: (Score:3, Informative)
Since when is behaving like a raging asshole a crime?
Office politics can get you fired. They can't get you locked up.
Re: (Score:3, Insightful)
he could even claim he's still an employee and due back wages. The original fight was because he was an ass to a new woman manager and she walked to her boss and claimed "sex harassment". The manager tried to fire him without following city process in the first place... and didn't follow legal process to get the passwords in the second place... he could probably go back to the city worker's union and actually win his job back for managerial misconduct if charges don't stick!!!! After all he hasn't even ha