×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Trial of Terry Childs Begins

kdawson posted more than 4 years ago | from the there-but-for-luck-and-precedent-go-we-all dept.

Government 502

snydeq writes "Opening arguments were heard today in the trial against IT admin Terry Childs, who was arrested 18 months ago for refusing to hand over passwords to the San Francisco city network. InfoWorld's Paul Venezia, who has been following the case from the start, speculates that the 18-month wait is due to the fact that 'the DA has done no homework on the technical issues in play here and is instead more than willing to use the Frankenstein offense: It's different, so it must be killed.' On the other hand, the city — which has held Childs on $5 million bail despite having already dropped three of the four charges against him — may have finally figured out 'just how ridiculous the whole scenario is but is too far down the line to pull back the reins and is continuing with the prosecution just to save face,' Venezia writes. The trial is expected to last until mid-March. San Francisco Mayor Gavin Newsom, to whom Childs eventually gave the city's network passwords, will be included in the roster of those who will testify in the case — one that could put all admins in danger should Childs be found guilty of tampering."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

502 comments

Idiots (0)

Anonymous Coward | more than 4 years ago | (#30442948)

'the DA has done no homework on the technical issues in play here and is instead more than willing to use the Frankenstein offense: It's different, so it must be killed.'

The problem with a democracy is that the masses are ignorant. I will be following this case closely, but am already concerned for the outcome.

Re:Idiots (1)

PopeRatzo (965947) | more than 4 years ago | (#30443514)

the Frankenstein offense: It's different, so it must be killed.

That may be an offense for a juiced-up district attorney, but it's no legal strategy with which to prosecute a case.

It gets thrown out before it ever gets to a jury.

All admins (5, Insightful)

RichardJenkins (1362463) | more than 4 years ago | (#30442956)

Surely you mean all admins who refuse to provide passwords when asked by an authorised official at the company they set the passwords for?

Re:All admins (1)

calmofthestorm (1344385) | more than 4 years ago | (#30442976)

Well the issue is that if they disclose the passwords and he fucks things up, they can already be screwed, so this precedent has potential to just invalidate their only option

The law is an ass. (2, Insightful)

TapeCutter (624760) | more than 4 years ago | (#30443210)

This guy decided to be ass and he's finding out the hard way that law is a bigger ass.

Re:All admins (4, Interesting)

tdobson (1391501) | more than 4 years ago | (#30443054)

There is a potential for problems if a very manager with very insecure security tendencies asks a sysadmin for very important passwords. In some circumstances, the sysadmin might feel justified not handing the passwords over as it would compromise the security of the existing system.

Re:All admins (4, Insightful)

DJRumpy (1345787) | more than 4 years ago | (#30443100)

It doesn't matter since in this case, the people this guy works for asked for the passwords. He is completely free of guilt should they screw things up and no court would hold him responsible for doing exactly what his duties required him to do.

He never owned these passwords, the hardware, the systems, or the infrastructure he worked on. When the owners asked for the password, he should have noted his concerns, and given them up.

Re:All admins (4, Insightful)

DarkOx (621550) | more than 4 years ago | (#30443214)

The answer is obvious. You simply put it in writing that in your professional opinion someone without an educational background or specific vocational training related the security and operation of whatever system you are dealing with should not operate its administrative features. You than state that you cannot be solely responsible for security or system failures if you are not permitted to be the gatekeeper. You then hand over the passwords if your employer or client agrees.

There is really no problem here at all.

Re:All admins (4, Insightful)

remmelt (837671) | more than 4 years ago | (#30443252)

Except when they still ass rape you for killing their system. Yes, this happens. You're the admin, you're responsible! Sucks to be you! Sure, you have some bullshit in writing, but who cares? Go look for another job! Oh, you want to sue us now? Go right ahead, see who has the deeper pockets.

Either way, you lose.

Re:All admins (1, Troll)

DJRumpy (1345787) | more than 4 years ago | (#30443316)

It's not like this guy started yelling the passwords while his bosses were screaming "La La La La" with their fingers in their ears. He has a very clear request from his management that they requested the passwords. What they do with them from that point on is solely their responsibility.

If employees could simply do what they wished at work because they didn't happen to like what their place of employment was doing, we would have a very different workplace these days. That obviously isn't the case.

Mod parent up! (3, Insightful)

khasim (1285) | more than 4 years ago | (#30443336)

If anything, the fact that you wrote down that there might be a problem would be used against you. You set a trap or something. That's how you knew there would be a problem.

This is management. Does anyone who's ever held a tech job believe that you writing down that your boss is, effectively, an idiot won't be used against you?

Re:All admins (1)

Lord Bitman (95493) | more than 4 years ago | (#30443704)

Now, you may live in an alternate reality where being an asshole is the number one concern in any situation, but here on Earth, liability is not the only issue when a system has the potential to be compromised.

If my boss asks me to do something which has the potential to destroy the systems I am responsible for, it's not just the ability to run away and shout "not my fault!" in as loud a voice as possible to my next potential employer- see, it turns out I (and most people) like keeping my/their current job.

Meanwhile, you can see how far "though, it wasn't my fault" gets you in a job interview.

Meanwhile, this whole line of thought is completely unrelated to the article, which has nothing to do with protecting the security of a system.

Fired him first? (5, Insightful)

Mathinker (909784) | more than 4 years ago | (#30443226)

> the people this guy works for asked for the passwords

My impression was, that in a nice show of cluelessness, they decided to fire this guy first, and then ask him for the passwords which they didn't have (i.e., they didn't have any plan of action if he got run over by a bus or otherwise dropped dead).

Re:Fired him first? (1, Insightful)

DJRumpy (1345787) | more than 4 years ago | (#30443446)

Irrelevant. He is still obligated to supply the passwords as they are not his property. When you are fired from work, you can't simply raid your cubicle and take everything in it. The same applies to any company property.

Re:Fired him first? (4, Funny)

PopeRatzo (965947) | more than 4 years ago | (#30443592)

When you are fired from work, you can't simply raid your cubicle and take everything in it.

The sweet Humanscale Freedom High-back chair in plum vellum with the graphite frame in which I am now sitting begs to differ.

Re:Fired him first? (1)

edittard (805475) | more than 4 years ago | (#30443624)

His obligations to them ended as soon as they fired him. He's under no obligation to work for free. As to the stealing things analogy, the network is still there, isn't it?

Re:Fired him first? (0, Troll)

DJRumpy (1345787) | more than 4 years ago | (#30443694)

He didn't steal the network. He stole the passwords. Passwords are not an obligation. They are company property. He still has to leave everything company owned behind, unless you can point out the relevant law that says otherwise?

Re:Fired him first? (4, Insightful)

GaryOlson (737642) | more than 4 years ago | (#30443638)

No, not irrelevant. Termination of employment means a termination of responsibilities in both directions:
the employer does not provide any services to you; and, you are not obligated to provide any services to the ex-employer. Those passwords are not the property of the employer; but merely a method for controlling the assets of the employer. The failure of the employer to implement methods to regain control of their assets is not the ex-employees problem.

The Nick Burns question (1)

jafiwam (310805) | more than 4 years ago | (#30443234)

This really comes down to;

Is Nick Burns a dick, or is he not a dick?

That's it. Pick your camp and fuck off. There is really nothing else to discuss, there is no middle ground.

Re:All admins (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30443112)

It is very simple actually: No responsibility without authority. Either the admin is responsible for the security of the system, then he must be responsible for the security of the passwords and must consequently have the authority to withhold them from other people, even in the same company. Or the admin is not allowed to withhold the passwords, then he can not be responsible for the security of the passwords and therefore he can not be responsible for the security of the system. This is not the admin's decision, but he should make the consequences clear to his superiors and insist on a documented policy decision before handling credentials.

Re:All admins (1)

Lundse (1036754) | more than 4 years ago | (#30443262)

Exactly!
The relevant thing, when considering guilt here, is what standard he believed he was going to be held to: Am I responsible for the security first (he should have withheld the passwords) or is someone else responsible for security (he should have handed the passwords over).
Unless someone said the three magic words ('I accept responsibility'), I cannot see how he could ever be guilty of anything but being dedicated.

Re:All admins (0)

Anonymous Coward | more than 4 years ago | (#30443304)

Because 3 of the counts involve 'providing a means of accessing a computer, computer system, or computer network in violation of section 502,' referring to the modems he had attached to access parts of the system. If you bothered to read the links in the summary you would have found this. You didn't even have to RTFA, you just had to RTFS of another slashdot article.

So...to recap. Enable remote access to systems = providing a means of ... = jails! = all admins at risk. It had squat to do with passwords.

Re:All admins (0)

Anonymous Coward | more than 4 years ago | (#30443438)

In this case he should have put the list of passwords on a sheet of paper in a sealed envelope and put that envelope into a larger envelope along with a note and mailed it as registered mail to the Chief of Police.

Re:All admins (3, Informative)

Anonymous Coward | more than 4 years ago | (#30443462)

Surely you mean all admins who refuse to provide passwords when asked by an authorised official at the company they set the passwords for?

The person who asked Childs for the passwords wasn't an authorized official.

Re:All admins (4, Insightful)

QuantumRiff (120817) | more than 4 years ago | (#30443500)

If someone higher ranking than me from our accounting division wants the Domain admin password, should I hand it to them? What about the head marketing person? How do you determine who it is "Safe" to hand over the passwords to?

Re:All admins (3, Interesting)

vvaduva (859950) | more than 4 years ago | (#30443572)

It's called CYA - report it to your direct manager, if you are overridden, have it all in writing for the blame game which is certain to happen later.

Re:All admins (2, Interesting)

Tuoqui (1091447) | more than 4 years ago | (#30443512)

Sure you turn over the password, they delete something and YOU are on the hook for obstruction of justice.

Being forced to 'hand over the passwords' should be like a vehicle transfer. The moment you hand the keys off to the person who you are obligated to give them to THEY become responsible for the entire network including their own fuck ups.

Re:All admins (2, Informative)

eosp (885380) | more than 4 years ago | (#30443524)

Said authorised individual should have already had access to those passwords. This guy was more interested in not giving them up to parties that he could not see over a teleconference, or at least that's what his defence will say.

Re:All admins (2, Insightful)

mysidia (191772) | more than 4 years ago | (#30443556)

What about IT admins who configure systems to use Biometric authentication?

Do they have to cut off their right hand, if a manager asks them?

IT admins' user accounts on enterprise systems may use the same password the person uses on personal systems, like their bank account.

What if the hand scanner includes liveness detection?

Passwords and authentication credentials aren't for managers, they're for technical workers who can actually competently administer the systems they access.

They don't need to be asked to tell passwords. They need to be asked to provide access to such and such person.

And if they're leaving: to surrender that access.

And they need to give a fair amount of time for the person to make sure they are indeed authorized and a proper security procedure is being followed. Otherwise ANYONE could walk up to you in the company, and claim they are authorized to know the password, and authorized to require you to give them access.

If the company's IT operations were so poorly run as to not have policies already in place to ensure multiple people can access critical systems, then that's not the person's fault.

Re:All admins (4, Informative)

tibman (623933) | more than 4 years ago | (#30443710)

I remember it being different than that. He wasn't supposed to tell anyone other than the mayor what the password was. Some new manager showed up one day and said "Hey, what's the password?" He says "I can't tell you." So the new manager called the police. Then as soon as the mayor showed up and asked for the password, Mr Childs told him.

As far as i remember, there was zero authorized officials at the company to receive the password.

ugh (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30443012)

@RichardJenkins - I don't know what you think you know about this, but you're wrong. #TerryChilds is a hero.

Why is this guy being treated as a Martyr to IT? (0, Flamebait)

Puls4r (724907) | more than 4 years ago | (#30443014)

This guy denied access to the owners of that network. Just because there isn't a law to fit the crime doesn't mean he is innocent of wrong doing. Hell, it's not a stretch to say that for a time, before they recovered it, he had stolen the entire network from them.

Take your word smithing and semantics and stick 'em where the sun don't shine. What he did was wrong for it, and he needs to be punished.

Re:Why is this guy being treated as a Martyr to IT (1)

bsDaemon (87307) | more than 4 years ago | (#30443038)

I think he's only being treated as a martyr to it by people who never got rid of their "Free Kevin" tshirts. While I may envy his committment to BOFHism, he really didn't have a right to do what he did and treating him like some sort of hero is just asinine and, much like Christmas, something I wish would just be overwith already.

Re:Why is this guy being treated as a Martyr to IT (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30443060)

.Just because there isn't a law to fit the crime doesn't mean he is innocent of wrong doing

Maybe, but, if there's no law to fit the crime, then he certainly can't be prosecuted for anything. Maybe sued for economic damages, but not criminally prosecuted.

Take your word smithing and semantics and stick 'em where the sun don't shine. What he did was wrong for it, and he needs to be punished.

Oh, I see, you're just trolling before the school bus picks you up. My mistake.

How so "stolen"? (1)

khasim (1285) | more than 4 years ago | (#30443064)

The equipment was still in the same place it was before. The software was the same as before. The service was the same as before.

So how did he steal anything?

Re:How so "stolen"? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30443144)

If you hire the man to take care of your house, and when you ask for the keys back he refuses to give them (or even a copy of them, in this case) to you... well the house is still in the same place. The furnishings are still the same as before.

But you don't have access to your property. Someone denying you access to property that is lawfully yours by denying you the means to entry which you lawfully own... That may not be theft, but it's pretty damn close.

Re:How so "stolen"? (1)

JustOK (667959) | more than 4 years ago | (#30443522)

It's more like the owner asking for the keys to the cold-fusion warop/bagel generator that powers his home systems. You know as soon as he goes into the room, bad things are going to happen. You're saving lives by not giving him access.

So you're dumb (2, Insightful)

Mathinker (909784) | more than 4 years ago | (#30443656)

You forgot to keep a copy of the keys yourself? I call that stupid. And in the case of this guy's manager, criminally stupid.

Most people are smart enough to give their caretakers copies of their keys. Your analogy stinks.

And even if it didn't stink in that way, it stinks in another way. You could just shell out to have a professional locksmith break into your house and change the locks. Which is what you would have to have done anyway if the caretaker was kidnapped by the mafia or otherwise disappeared (the analogous situation to Childs dying in his sleep).

Actually, I just reviewed the facts as put out in this article by Venezia [pcworld.com] and most of the negative stuff has to do with mismanagement on the part of the city, in my eyes. A good manager would have understood that Childs was too attached to his creation, and would have already started to bring in another professional who might have had a chance of giving Childs the impression that he was handing his brainchild over into good hands. OTOH, I'm not sure Childs was psychologically capable of doing that. I wonder what will really happen in this trial.

Re:How so "stolen"? (0)

Anonymous Coward | more than 4 years ago | (#30443146)

He stole company resources, time isn't free, consultants aren't free, vendor recovery isn't free. His actions have cost the tax payer a bloody fortune.

Don't believe his lame excuse, he believed his was indispensable and was on a power trip. Had he had a recovering plan in place for something happening to him, maybe he'd be believable, but he didn't. Just another littler person thinking they're above everyone else. But because his job has some "admin", dweebs rally round him like he's their god.

Re:How so "stolen"? (0)

Anonymous Coward | more than 4 years ago | (#30443158)

He prevented others from accessing their property.

Re:How so "stolen"? (1)

daid303 (843777) | more than 4 years ago | (#30443188)

I have a copy of the keys to your home.
None of your keys are gone. All your stuff is still in your home. All your food is in your fridge. And your bed still smells the same. I only came in and watched a bit of TV. You didn't even know till I told you.
So I did nothing wrong?

Or how about this one:

I have your bank codes, which I changed so you cannot access your money.
Your money is still there. The amount of money is still the same. Your money is still serving the bank.
So I didn't steal anything?

Except nothing like that happened. (1)

khasim (1285) | more than 4 years ago | (#30443300)

I have a copy of the keys to your home.
None of your keys are gone. All your stuff is still in your home. All your food is in your fridge. And your bed still smells the same. I only came in and watched a bit of TV. You didn't even know till I told you.
So I did nothing wrong?

His job was to be in there so being in there is irrelevant. That's part of what he's supposed to be doing.

I have your bank codes, which I changed so you cannot access your money.
Your money is still there. The amount of money is still the same. Your money is still serving the bank.
So I didn't steal anything?

All of the services were available to all of the users. So there wasn't anyone who couldn't access any of the services (except the passwords).

This is a service issue. Your examples focus on physical items.

Re:How so "stolen"? (1)

mikael_j (106439) | more than 4 years ago | (#30443568)

How about you tell me "watch my house and make sure nothing gets stolen, here are the keys" and two days later you show up, so drunk you can barely stand and demand I give you the keys "'cosh ah wanna getsh the cousch an' star' a fire!", would you consider it to be the right thing for me to do to just give you the keys and say "sure, have fun, there's a bottle of lighter fluid under the sink"?

/Mikael

Re:How so "stolen"? (0, Redundant)

jcr (53032) | more than 4 years ago | (#30443232)

So how did he steal anything?

If I lock up your house and prevent you from entering it, I've deprived you of the use of your property.

-jcr

Re:How so "stolen"? (1)

Tlosk (761023) | more than 4 years ago | (#30443374)

An even better analogy might be if I get drunk and I start looking like I'm going to drunk-dial my boss and my friend takes my phone away from me until I sober up, should my friend be charged with a crime? Should I be mad at him or grateful?

The 18 months it has taken just to get to this point and the 5 million bail is just ridiculous. It can certainly be argued on both sides which was the better judgment call for Terry to make, but this level of persecution for what he did is just piss and vinegar by people who have the power to do so and isn't justifiable in any rational way.

Especially when you consider that Terry didn't stand to benefit in any way personally from the decision he made, only the network stood to benefit by being shielded from harm.

Re:How so "stolen"? (2, Insightful)

WolfWalker545 (960367) | more than 4 years ago | (#30443340)

Denial of access to their property. As a system administrator, I don't own the hardware I administer. Heck, I do it on contract right now. If the client wants something stupid done, I put my concerns in writing, if they still insist on doing it their way, I do it. If I think they're idiots and I keep having additional grief trying to fix their frequent mistakes, I find someone else to work for.

Re:Why is this guy being treated as a Martyr to IT (4, Insightful)

Anonymous Coward | more than 4 years ago | (#30443116)

The owners of the network are the public. An employee should act in the best interests of the employer at all times -- even if doing so conflicts with the views of immediate superiors.

Re:Why is this guy being treated as a Martyr to IT (1)

RobotRunAmok (595286) | more than 4 years ago | (#30443362)

Oh, Please! IT infrastructure is the plumbing of the 21st century. This guy is a plumber. It is not his job to decide who should or should not have access to the network any more than it is the job of the master control technician at NBC to decide what to air at 8pm on Thursday nights.

Re:Why is this guy being treated as a Martyr to IT (1)

sheehaje (240093) | more than 4 years ago | (#30443132)

I agree. What he did is akin to theft of service. I am entrusted with not only network security, but also allowing reasonable access to network resources. The point of having a network isn't to keep people out of it, but to let the proper people use it.

With that said, I think the $5million bail is way off base. It's excessive to the point that it is used to keep the defended incarcerated. That is not the point of bail. Bail should be set as a deterrent to flee before a trial is finished, not to keep someone indefinitely in a cell.

My Guess is Childs is snydeq's Boyfriend (-1, Flamebait)

RobotRunAmok (595286) | more than 4 years ago | (#30443134)

Look at the submission history for all these Terry Childs stories, and note who they are submitted by. This is a case of someone trying to use Slashdot to sway popular opinion; kind of like a slashvertisement, except with the legal system instead of a book or piece of software.

The guy did something wrong and should be punished. It's insulting to think that someone believed people's perceptions could be altered so fundamentally by merely repeating the same new meme over and over again on slashdot.

Sounds like a *great* idea (1)

Mathinker (909784) | more than 4 years ago | (#30443722)

This is a case of someone trying to use Slashdot to sway popular opinion; kind of like a slashvertisement, except with the legal system instead of a book or piece of software.

Wow, it really worked well for Joel Tennenbaum and Jammie Thomas-Rasset, I'm sure this is going to be very, very effective for Childs!!!

Re:Why is this guy being treated as a Martyr to IT (5, Insightful)

NitroWolf (72977) | more than 4 years ago | (#30443190)

This guy denied access to the owners of that network. Just because there isn't a law to fit the crime doesn't mean he is innocent of wrong doing. Hell, it's not a stretch to say that for a time, before they recovered it, he had stolen the entire network from them.

Take your word smithing and semantics and stick 'em where the sun don't shine. What he did was wrong for it, and he needs to be punished.

What do you mean "Just because there isn't a law to fit the crime doesn't mean he is innocent of wrong doing." That's exactly what it means. If there's no law to fit his "crime," then by definition there is no crime committed. Perhaps he's guilty of being an asshat, but doesn't mean he's criminally liable according to your definition.

It's quite a stretch to say he had stolen the entire network. In fact, it's absolutely false. They could have done a hard admin reset on the routers and affected systems and been back in complete control of them. They chose not to, for various legitimate reasons, but the network remained in the possession of the legitimate owners.

You complain about word smithing and semantics yet that's exactly what you are doing. What he did may be wrong, but the question as to whether any laws were broken is far from a given. To punish him for breaking no laws would be absurd and your assertion that he should is equally absurd.

Re:Why is this guy being treated as a Martyr to IT (1)

charliebear (887653) | more than 4 years ago | (#30443666)

It's quite a stretch to say he had stolen the entire network. In fact, it's absolutely false. They could have done a hard admin reset on the routers and affected systems and been back in complete control of them. They chose not to, for various legitimate reasons, but the network remained in the possession of the legitimate owners.

Using the door analogy, what if he was a custodian, changed all the locks, kept all the keys, refused to give them to the owners? Sure they could hire a locksmith to change all the locks, but why should they?

Re:Why is this guy being treated as a Martyr to IT (2, Insightful)

adipocere (201135) | more than 4 years ago | (#30443730)

That's true. But if I changed your locks and kept the keys, charging me with "stealing your house" is not legitimate.

Since you like that door analogy.

Really, now (1)

Mathinker (909784) | more than 4 years ago | (#30443334)

> What he did was wrong

Don't know about that. It seems to me that it was a worse crime to let him be the sole repository of such valuable information (the password/s), without having a clue that there was a chance he'd suddenly drop dead. And it was his managers who were guilty of that crime.

Re:Why is this guy being treated as a Martyr to IT (1)

cenc (1310167) | more than 4 years ago | (#30443412)

How is there no law to fit the crime?

If I hire say a lock smith to work on my house, and then they do not provide the key to the house but instead say rob it or trash it, there is all kinds of laws to fit those crimes. This is not some sort of new thing.

  By the way I am being charitable here by assuming that you can have a "crime" without a "law" makes any sort of sense to talk about at all.

Re:Why is this guy being treated as a Martyr to IT (1)

mythar (1085839) | more than 4 years ago | (#30443552)

you're right. terry childs may not be batshit crazy [sfgate.com], but he has a cell phone camera and 1100 secret modems. that scares the crap out of me! i'm calling the police! again!

Frankenstein Offense? (4, Funny)

zmnatz (1502127) | more than 4 years ago | (#30443024)

Then will Mr. Childs employ the Chewbacca Defense?

Re:Frankenstein Offense? (1)

Gravitron 5000 (1621683) | more than 4 years ago | (#30443320)

I can see the rebuttal now...

Chewbacca is also different, ergo must also be killed. The Ewoks are especially different and extra attention must be paid to their destruction.

Arrogant administrators (0)

Anonymous Coward | more than 4 years ago | (#30443032)

I don't think that charges should have been filed... but system administrators have to understand that all of their access is subject to being reviewed by managment. Sadly, I have worked with a number of administrators who hide their own incompentance behind the need for security.

anyone here who defends this man (-1, Troll)

circletimessquare (444983) | more than 4 years ago | (#30443058)

suffers from the same delusions as this man:

only i alone can protect the world from itself

child's job description did not include the self-appointed position of deciding himself who should have access to the network configuration of a public utility. he is not bravely defending security from poor admins and petty politicians, he his protecting his own ego from the notion that other people have a rightful claim to power in what he has self-appointed as his private domain

i'm glad that he built the network and pored his knowledge into it and did a good job securing it: why does that somehow give him the right to assume final authority over it? i thought he was paid for doing a job? if i build you a door for your house, do i then get to decide when you use it? say i built into that door a good lock system, and you, out of laziness and stupidity, choose to fail to treat that lock system with the proper protocol to make it effective. ok... so the fuck what? its your fucking door, you paid me to build it. now my job is to fuck off. what childs built on the public dime is a publicly owned network

childs does not get to assume continuing final authority on that network no matter what he thinks of anyone else's capacity at running the network that the public owns. there is being attached to your creations, then there is a maniacal assumed sense of ownership of your handiwork forever more, even after you are paid for its creation

that childs does not submit to the simple truth that the network he built is not eternally his reveals that childs is a danger to security, not a protector of it

Re:anyone here who defends this man (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30443272)

It would be easier to take you seriously if you used capital letters where appropriate. Seriously man, it makes you look like an affected dickwad.

the affected dickwad says: (-1, Flamebait)

circletimessquare (444983) | more than 4 years ago | (#30443358)

i don't understand the point of a redundant set of 26 characters that does not convey any meaning besides convention. its also conventional in the usa, liberia, and myanmar to use the british imperial system rather than the obviously superior metric system. but just because a bunch of assholes do something that is obviously inferior does not mean i have to respect that. i do what is superior regardless, no matter the amount of laughter or hatred or derision

besides, i am not imposing anything on you. if i unilaterally decided to change your computer set up to only display lowercase letters, then you have every right to be angry at me. but back here in reality, the situation is simple: if you don't like my writing style, then it is perfectly ok by me that you don't read anything i write ever again

so fuck off

Re:the affected dickwad says: (0)

Anonymous Coward | more than 4 years ago | (#30443558)

wow. what a jerk you are.

still banging away at that dumb film that will never be produced?

Re:anyone here who defends this man (2, Informative)

BenEnglishAtHome (449670) | more than 4 years ago | (#30443650)

For God's sake, that's circletimessquare! If you don't know who that is, lurk more. Until then, DO NOT FEED THE TROLLS!

Re:anyone here who defends this man (4, Interesting)

LaminatorX (410794) | more than 4 years ago | (#30443290)

Childs deserves defense not because he appropriately handled a showdown with management he had no hope of navigating successfully, clearly he did not. Rather, he should be defended against having the prosecutorial powers of the city leveled against him and being deprived of his freedom for many months over a matter that should have gone no further than the termination of his employment.

he committed a crime (-1)

circletimessquare (444983) | more than 4 years ago | (#30443454)

therefore, he deserves punishment

what's so weird about that?

otherwise, i will make a note that when i am in your neighborhood, i will point to your computer, declare that i wrote part of the os it is running, and therefore it is mine to do as i please. and then i'll take your computer

after you reclaim your computer, i guess you will be happy that that is the end of the matter. and that i deserve no punishment after the fact, for having deprived you of your rightfully owned property

Re:he committed a crime (1)

LaminatorX (410794) | more than 4 years ago | (#30443700)

You metaphor is false.

The parallel would be if I hired you to set up and administer my computer, later demanded that you had over the admin credentials, and you refused because you didn't think I could handle it competently. I would be within my rights to fire you and perhaps even sue you, but not to have you thrown in jail.

Re:anyone here who defends this man (1)

Jaysyn (203771) | more than 4 years ago | (#30443634)

Wasn't he terminated before they even asked for the passwords? If it was me they'd have to hire me back as a very, very expensive consultant before I'd even speak with them.

Re:anyone here who defends this man (1)

Rogerborg (306625) | more than 4 years ago | (#30443474)

Remember that he was working in government, so of course he'd view everyone else like helpless retard-children incapable of doing anything for themselves.

Re:anyone here who defends this man (0)

Anonymous Coward | more than 4 years ago | (#30443540)

Is your shift key broken?

Of course we all know RMS's stance on this: (0)

Anonymous Coward | more than 4 years ago | (#30443066)

"Down with security!"

Has rule of law always been a farce? (0)

Anonymous Coward | more than 4 years ago | (#30443076)

'just how ridiculous the whole scenario is but is too far down the line to pull back the reins and is continuing with the prosecution just to save face,'

How common a scenario!

Everyone Just Settle Down (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30443092)

everyone just settle down and find a nice, hot, tight, wet vagina to have fun with tonight. Forget about Terry Childs and think about your own Childs to make.

this is why governments are outsourcing (2, Insightful)

alen (225700) | more than 4 years ago | (#30443114)

between this genius who thought everything belonged to him and people like I met in my 1 year of working as a consultant for a government agency it's not wonder government is outsourcing. i met this one admin years ago who refused to let his NT domain be part of the larger NT network and it caused all kinds of permissions issues. funny thing was that because of the union rules they couldn't make him do it. and the only reason he refused to let his NT domain work with the others in the organization is because he wanted his own private island to manage that the other admins above him couldn't touch.

so now i get daily emails about how LA and other local governments are going with Google Apps and Gmail. I bet a lot of it has to do with the fact that they can let their unionized admins rot in a hole doing nothing while progress happens

Use the backups (0)

ActiveMan (1129349) | more than 4 years ago | (#30443138)

Why they don't just restore the system from a backup in which the rest of passwords were not locked? Probably no too much information will be loosed in this case.

Re:Use the backups (1)

alen (225700) | more than 4 years ago | (#30443184)

he was a network admin and the passwords were for switches and routers. sure you can reinstall the Cisco IOS, but then you have to set up the VLAN's, BGP and other crap that will result in massive downtime for things like traffic lights and mass transit which is networked these days.

one time our network guys screwed up spanning tree and it took 30 minutes to rebuild it from scratch. meanwhile no one had any kind of network access

Re:Use the backups (1)

DarthBart (640519) | more than 4 years ago | (#30443240)

Reset the router, change the configuration register to ignore boot up config, go to enable mode, load the config from NVRAM, set a new enable password, "wr mem", change configuration register, reload. 10 minutes, tops. There's no "reloading" of IOS needed.

He had high security turned on that block password (3, Informative)

Joe The Dragon (967727) | more than 4 years ago | (#30443416)

He had high security turned on that blocked password recovery as some of the network stuff was out in open at some sites and not in a locked room. With the high security you have to do a full reset to get back in without a password.

Re:Use the backups (1)

ActiveMan (1129349) | more than 4 years ago | (#30443506)

Ok, this is also your (or Cisco) fault. Every system with important data must support backups and be in the organization's systems administration policy. Otherwise, what happens is something in this system go wrong?

Re:Use the backups (1)

vlm (69642) | more than 4 years ago | (#30443610)

he was a network admin and the passwords were for switches and routers. sure you can reinstall the Cisco IOS, but then you have to set up the VLAN's, BGP and other crap that will result in massive downtime for things like traffic lights and mass transit which is networked these days.

No problem, log into the web based change management system (probably RANCID) cut and paste the most recent config into a spare switch/router/whatever (inserting your own password of course), then forklift upgrade, downtime a minute tops. Then wipe the old device and swap it into the next unlocked device. No need to "break into" a device like this unless you actually need to change something, or an old device breaks and needs replacement.

What, you say they have no backups, no change management system?

Re:Use the backups (1)

PitaBred (632671) | more than 4 years ago | (#30443518)

"lost". Loosed is a word meaning letting something loose. Lost is the past-tense of lose.

Network Design? (4, Insightful)

DarthBart (640519) | more than 4 years ago | (#30443174)

Why was the network designed so that one single account (or password) held the keys the kingdom? That's just stupid.

"Administrator" groups for Windows machines
Multiple root SSH keys and/or Kerberos logins for Unix boxen
TACACS user-based authentication for routers.

If the dude just left and said "I'm done with you folks, no I'm not handing over my passwords", then fine...go into the user admin system, nuke his passwords and get on with your life.

If the dude deliberately went in and reset passwords and changed network access before walking and then tried to blackmail the city, then that's sabotage/blackmail/downright illegal and should be punished.

If the dude walked out without giving passwords to anyone and the system was poorly designed so that admin passwords had to be forcefully recovered via single user mode or the like, then the city should just eat crow, lick their wounds, and install a real network AAA system.

What would have happened if the dude had been run over by a beer truck on the way to work? Would the city have been screwed as well?

Dude.

Re:Network Design? (1)

IndustrialComplex (975015) | more than 4 years ago | (#30443346)

Why was the network designed so that one single account (or password) held the keys the kingdom? That's just stupid.

"Administrator" groups for Windows machines
Multiple root SSH keys and/or Kerberos logins for Unix boxen
TACACS user-based authentication for routers.

Probably because the guy they hired to avoid problems like this, created the problem. There is always a way that someone can ruin your day. You can't always avoid placing a lot of trust into the hands of a few or even one individual.

Ever fly on an airplane? That's an awful lot of trust that you just put into the pilot.

Re:Network Design? (0)

Anonymous Coward | more than 4 years ago | (#30443428)

The answer is much simpler: There was no other admin who could have been given equal control over the system. The only people who could have been given access were not involved with the design or maintenance of the system.

liars touts & shills, oh my (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30443176)

mynuts won; way out of line, trolling for spirits

the head in the sand approach to consideration for others/the future is definitely going to be costly/fatal for many.

water will be the next 'commodity' used to control our behaviours, as we suffocate ourselves. it's not hard to figure which will be the next 'hot commodity' after our water.

meanwhile, go jump into your CO factory & go for a spin. you may be right in that it may not matter anymore. we've heard though, that where there's life, there's hope.

the lights are coming up all over now. get ready to join the creators' wwwildly popular newclear powered planet/population rescue initiative/mandate. it's way user friendly (foolproof), & there's never any liesense fees.

there is absolutely nowhere left to hide.

this post was deleted from earlier storIEs.

He was in a catch 22 (5, Informative)

onyxruby (118189) | more than 4 years ago | (#30443192)

I was initially very skeptical of Childs until additional information came out about the case that changed the story notably.

Their policy prohibited Childs from simply handing passwords over to his boss, when asked by the mayor he handed them over as requested. I think the bigger issue is one of policy on security and a lack of industry best practices by the city. What holds the greater weight, policy or your bosses request? Depending on where you work, handing over your passwords to anyone can readily be a criminal infraction. At a minimum they could have asked Childs to create an additional account with full administrative access and that account could then have been used to disable Childs account.

I know at my employer I am not allowed to share my passwords with anyone, including my supervisor. I have an official backup with equivalent access to myself and my refusal to hand over passwords would not prevent anyone else from taking over for me. If my employer wanted they could simply reset my password and gain access to my account. The issue in San Francisco is there wasn't anyone else who had equivalent access to begin with. Their network was complex and the city had cut to the bone on staffing ahead of time.

Lessons can be learned from this from a management standpoint, the city took an antagonistic approach and did not update their policy and instead asked Childs to break it. Their security personal should have known industry best practices and instead asked Childs to violate them and hand over his password. Ultimately the case showed incompetence in city management and embarrassed them, and that's the only reason I can think of the city pressed the case.

Re:He was in a catch 22 (3, Informative)

eosp (885380) | more than 4 years ago | (#30443598)

And the original request was done over a teleconference. Bad idea. Of course, all of the passwords then found themselves in a public court document. Oops.

Wouldn't have waterboarding been better for all? (1)

tjstork (137384) | more than 4 years ago | (#30443202)

If they would have just threatened to waterboard the guy, and let him walk after he gave up the passwords, there would have been no harm, no foul, and no need to waste the taxpayers money putting a frazzled worker in jail.

We're all getting frazzled these days, and maybe we need to realize that, take a deep breath, and stop tossing everyone in jail and tearing people down left and right in all arenas, and try and claw our way back to being a civilized people.

Right now, I think we are all acting like animals.

Terry Childs and the female boss (5, Interesting)

viralMeme (1461143) | more than 4 years ago | (#30443238)

"On Friday, June 20, there was an altercation between Childs and Jeana Pieralde [slashdot.org], the new DTIS security manager at the 1 Market Street datacenter in San Francisco. Until her promotion, she had been a city network engineer who worked with Childs"

Sorting out fact from fiction [yahoo.com] in the Terry Childs case (InfoWorld)

.. the city had claimed it could not access the FiberWAN network's devices. But four days before that bail hearing, the city claimed it had scheduled a power outage at the 1 Market Street datacenter. That power outage would have affected routers and switches running the FiberWAN network.

In the court filing four days later, the city contended that Childs had "booby-trapped" the network to collapse during this power outage by not writing the device configurations to flash on some number of routers. A local news report stated that "experts caught the problem in time and transferred data to permanent files, [Assistant DA Conrad] del Rosario said."

This statement contradicts the city's stance that it had no access to these routers, as there is no way it could have written those configurations to flash, or save them anywhere, on July 19 if it could not access the devices ..

If he wins will he have to retest for certificatio (1)

Joe The Dragon (967727) | more than 4 years ago | (#30443242)

If he wins will he have to retest for certification or as he all reedy been put on a black list? but even if he is people will likely still look the other way and he can keen them on his CV.

dont overblow the outcome (1)

falcon5768 (629591) | more than 4 years ago | (#30443274)

The simple fact is this guy IS guilty of one major (though not legal) flaw. He didnt THINK about the situation, and instead of handing the passwords over, BUT documenting EVERYTHING, he decided to be an ass about it. He had a very valid reason to be an ass, but he should have washed his hands of it.

Incompetent Imbeciles (2, Insightful)

anomaly0617 (752182) | more than 4 years ago | (#30443400)

I thought someone said it best when they said

"Terry Childs nearly built the San Francisco computer network by himself, to the point of actually filing for copyright on his design of the network. Management in the San Francisco IT department apparently couldn't fathom half of what he was doing and Terry Childs himself called them incompetent on numerous occasions, which is pretty much what the sole standing charge is all about. Refusing to hand over the network to incompetent imbeciles."
http://blogs.computerworld.com/14592/good_news_for_jailed_sf_net_admin_terry_childs [computerworld.com]

I'm not defending Childs' decision to hand over the passwords when asked, but I can sure see his perspective on it. As a consulting network engineer, I've frequently been put in the position of having to decide whether giving someone the keys to the kingdom will put the kingdom at too great a risk.

The problem here is that there was not a documented policy on passwords. As a former government IT employee, we had a documented policy concerning passwords. They were all documented in a password-protected spreadsheet kept on a server that only admins had the access and technical skills to get to. They weren't withheld, per se, they were just in a place that was inconvenient to get to unless there was an emergency situation that required the inconvenience.

The impression I get is that San Francisco's IT department had old-timers waiting for their retirement date and their pensions to mature. They were stuck in the days of mainframes, modems, and 8088's. Here comes Terry Childs, who has not only a clue but a plan for getting them into the 90's, if not the 21st century. He intimidates his superiors because he knows what he's doing, and they don't. He builds a network for the city that his peers should be proud of. Instead they are intimidated. They ask for passwords, and he politely refuses to give over until they understand the enormity of what those passwords do. They get mad and accuse him of hacking.

The worst thing about this case is that Terry Childs did nothing wrong, other than withholding the passwords too long. He's intelligent. He intimidated people with his intelligence. They couldn't fire him without cause, so they created a cause by insisting that he was hacking, even though the evidence does not show this.

The insult to injury here is that by dragging this out, the San Francisco IT department is just putting more egg on their face. Anyone following the case can see that they were incompetent and Terry Childs was trying to protect them from their incompetence. His crime was not knowing when he'd lost the game at the key moment.

Were I living in San Francisco, I'd want an audit of the technical skills of the IT department. It sure sounds to me like there are some people that need some training. If they can't learn from the training, reassignment. If they can't be reassigned, early retirement. But for all that's good and holy, get the incompetence out of the IT departments!

There is no face to be saved (1, Insightful)

Dunbal (464142) | more than 4 years ago | (#30443450)

and is continuing with the prosecution just to save face,'

      So, what do taxpayers think about their public funds being thrown away just to "save face"? This charade will end soon. Maybe another generation or so.

tubgirNl (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30443576)

and other party tRut4, for all
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...