Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fate of Terry Childs Now In Jury's Hands

kdawson posted more than 4 years ago | from the not-funny-mcgee dept.

The Courts 530

snydeq writes "Closing arguments concluded Monday in the city of San Francisco's case against Terry Childs, the network administrator charged with violating California hacking laws by refusing to hand over network passwords for the city's FiberWAN during a 12-day period in 2008. Childs was charged in July 2008 and has been held on $5 million bail ever since. The highly technical trial, which featured testimony from San Francisco Mayor Gavin Newsom and Cisco Chief Security Officer John Stewart, has dragged on for nearly six months. By Monday, five of the 18 jurors and alternates selected for the trial had dropped out, and the remaining jurors seemed relieved to see the arguments wrap up as they left the courtroom Monday afternoon. They will return Tuesday to start their deliberations. Childs faces five years in prison if he is convicted for disrupting service to the city's computer system by withholding administrative passwords — a verdict that, if rendered, puts all IT admins in danger."

Sorry! There are no comments related to the filter you selected.

honestly... (-1, Flamebait)

Em Emalb (452530) | more than 4 years ago | (#31914480)

the City of San Francisco should also get smacked upside the head for allowing this person to get complete control of essentially EVERYTHING in their network. No, I haven't read the links or anything else. But it needs to be said.

Re:honestly... (5, Insightful)

mandark1967 (630856) | more than 4 years ago | (#31914504)

They didn't "allow this person to get complete control of essentially EVERYTHING", they paid him to do it and not tell anyone the password except the mayor.

Technically, he should get a bonus instead of boned

Re:honestly... (4, Interesting)

Lumpy (12016) | more than 4 years ago | (#31914756)

Welcome to America. My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area, the asshole federal building superintendent called up his asshole brother cop and he wrote it up. She did no damage to the door, they have no evidence, the cop was not even there. (Illinois it's a level 4 felony for doing damage under $500.00 to a federal building. $0.00 is under $500.00)

I'm paying $400.00 an hour to get this dropped because of raging Police and Court stupidity. The DA in that district is a idiot that thinks he needs to be "tough on crime". This should have been thrown away the second the officer turned it in, but new laws require them to pursue everything a cop turns in.

I personally have nothing but contempt for the joke that is our judicial and legal system.

Re:honestly... (5, Insightful)

DeadDecoy (877617) | more than 4 years ago | (#31914774)

I think, what most lay people don't understand is that the rule: 'Don't give out passwords indiscriminately' is equivalent to the Hippocratic oath for some IT admins, particularly those in charge of large networks. If he just handed out passwords insecurely, that would cause more damage than Childs locking down the network for a brief duration. I'm inclined to believe that he was acting in the good faith of his job, particularly because he was willing to be arrested over being fired/becoming redundant. I seriously hope he's cleared, because he performed his job to the letter.

Re:honestly... (0, Redundant)

u-235-sentinel (594077) | more than 4 years ago | (#31914926)

I think, what most lay people don't understand is that the rule: 'Don't give out passwords indiscriminately' is equivalent to the Hippocratic oath for some IT admins, particularly those in charge of large networks. If he just handed out passwords insecurely, that would cause more damage than Childs locking down the network for a brief duration. I'm inclined to believe that he was acting in the good faith of his job, particularly because he was willing to be arrested over being fired/becoming redundant. I seriously hope he's cleared, because he performed his job to the letter.

You could always give those passwords to me and I'll be happy to hand them out to the proper people ;-)

But he wasn't in charge of the network (1)

Rix (54095) | more than 4 years ago | (#31914950)

At least, not anymore. And he refused to hand the passwords over to those who were. Consider what a finding in favour of Childs would mean; any admin upset about termination could hold on to their passwords out of spite.

The city does have some culpability. They should have ensured at least one other person had the passwords, in case Childs was hit by a bus.

Re:But he wasn't in charge of the network (1)

Svartalf (2997) | more than 4 years ago | (#31915044)

Actually, the rules stated that he could only hand it over to the Mayor- which is what he did. Violating the rules could have had him facing similar charges they're trying to level on him.

Screwed if you don't, screwed if you do, I suppose. I know I wouldn't want to work for SF's city gov't now over this stuff.

Re:honestly... (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31914520)

> No, I haven't read the links or anything else. But it needs to be said.

Yes, ignorance always leads to well-reason opinions.

Re:honestly... (-1, Troll)

Em Emalb (452530) | more than 4 years ago | (#31914536)

Yes, it usually does. The first reaction is often the correct one.

Re:honestly... (5, Funny)

oatworm (969674) | more than 4 years ago | (#31914588)

It's true! Hence why flat earth theory, a geocentric universe, phlogiston theory, and about 90% of the stuff Aristotle wrote about medicine have all retained their relevancy and veracity after all of these years.

Re:honestly... (1)

moxley (895517) | more than 4 years ago | (#31914720)

With your aptly demonstrated lightning fast reasoning and judgment skills, I think you'll go far in life my friend...

Have you ever considered politics?

Re:honestly... (1)

Em Emalb (452530) | more than 4 years ago | (#31914956)

A vote for me is a vote for...hey, who the hell are you, you suspicious looking person? Security, I don't like the looks of this guy. Get his information and prepare him for deportation. ;-P

Re:honestly... (1)

jd (1658) | more than 4 years ago | (#31914810)

If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.

Re:honestly... (0)

Anonymous Coward | more than 4 years ago | (#31914936)

Yes, ignorance always leads to well-reason opinions.

This is /., so your sarcastic comment would be correct.

Re:honestly... (0)

Anonymous Coward | more than 4 years ago | (#31915040)

> No, I haven't read the links or anything else. But it needs to be said.

Yes, ignorance always leads to well-reason opinions.

But at least they will be completely unbiased! :)

Re:honestly... (2, Interesting)

orlanz (882574) | more than 4 years ago | (#31914578)

The city of San Fran was luck to get someone that has a backbone and some moral fiber. He was protecting the citizens of the city against complete IT ignoramuses who happened to hold positions of authority and leadership. If they were even a quarter as competent as him, his actions would have posed no threats what so ever.

The situation is kind of like you closing the front door of your apartment and the landlord can't figure out how to turn the door knob. Why did you close the front door? Cause the landlord wants to store your neighbors' valuables with the door open for all to see. So now the landlord sues you for holding the house and its contents hostage! Oh and btw, if anything gets stolen, its your fault! _You_ should have closed and locked the door!

YES, the case is really that stupid!

Re:honestly... (0)

Critical Facilities (850111) | more than 4 years ago | (#31914800)

Who on earth modded this interesting??

The city of San Fran was luck to get someone that has a backbone and some moral fiber. He was protecting the citizens of the city against complete IT ignoramuses who happened to hold positions of authority and leadership. If they were even a quarter as competent as him, his actions would have posed no threats what so ever.

This has been discussed many [slashdot.org] times [slashdot.org] , and I regret to inform you that your argument does not hold water. While it's a nice story to imagine this 'geek hero' standing up against the system, it's an airbrushed, romanticized version of the truth. This dude was out of line, end of story. He decided to try to flex his muscles, and he got taught a very valuable lesson that many could learn from. It was not his place to determine who was "competent" enough for the information.

The situation is kind of like you closing the front door of your apartment and the landlord can't figure out how to turn the door knob. Why did you close the front door? Cause the landlord wants to store your neighbors' valuables with the door open for all to see. So now the landlord sues you for holding the house and its contents hostage! Oh and btw, if anything gets stolen, its your fault! _You_ should have closed and locked the door!

Worst (and most confusing) analogy EVER! That's really saying something on Slashdot. Although, to humor you, the landlord has a right to inspect his premises at any time, even if you're living in the apartment. Remember, the landlord owns the place, you're just paying him/her to borrow it. You've totally lost me when you go off about him "not being able to open the door" and "storing neighbors' valuables" though.

Re:honestly... (0)

Anonymous Coward | more than 4 years ago | (#31915014)

while the analogy sucked massively, you didn't do all that much better. a landlord does not have the right to inspect the premises at any time, renters have a right to privacy just like homeowners. Specifics vary from state to state, but I don't know of a single state in the US that allows a landlord to indiscriminately enter a rented apartment without notice.

http://real-estate-law.freeadvice.com/landlord_tenant/security_deposit_privacy.htm [freeadvice.com]

Re:honestly... (2, Informative)

JWSmythe (446288) | more than 4 years ago | (#31915024)

    Actually your landlord argument varies by area and contract.

    In my experience, with apartments, the management is generally allowed to come inspect as needed. They frequently are checking smoke detectors, leaks from other units, etc. They run into, for example, situations where a leaking pipe in an upper unit causes water damage in a lower unit.

    With homes, it's less common for the open access verbage to exist. The more you spend on a rental home, the better (generally) the verbage is for your privacy.

    To extend this, the police interviewed my ex-mother-in-law regarding someone who was renting a room. They *wanted* to go into his space, but were legally obliged not to because he had leased that space. She couldn't even legally enter it. Even with her permission, they couldn't go into the room. A little later (like a couple hours), they did secure the proper warrants, and returned. They politely asked to gain access to the room because they did have the proper paperwork.

Re:honestly... (2, Interesting)

Major Blud (789630) | more than 4 years ago | (#31914994)

What I don't quite understand is how Childs was hired by The City to begin with given his criminal past.

http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case?pp=2&fp=&fpid= [cio.com.au]

Sure, he was convicted of burglary when he was only 17, so I'm not sure if he was classified as a juvenile under Kansas law. He was then charged with misdemeanor weapons possession years later.

The guy did his time, so I'm not holding anything against him peronsally....I just find it surprising that a government agency would hire someone with that kind of record.

Re:honestly... (0, Offtopic)

Maxo-Texas (864189) | more than 4 years ago | (#31914606)

Troll? Seriously? Has to be the worse troll.. mod... ever!

Troll would be for some purposely offensive post designed to provoke a flame war, not a straight-forward opinion like this.

Seriously, I've seen several of these weird "troll" mods lately on slashdot. They usually get undone within a few hours too.

Re:honestly... (1)

Red Flayer (890720) | more than 4 years ago | (#31914688)

Troll would be for some purposely offensive post designed to provoke a flame war, not a straight-forward opinion like this.

No, that would be "flamebait".

Flamebait is a subset of troll. Trolls, according to the original interpretation (by my reckoning) are people who make disingenuously ignorant or incorrect posts in order to elicit corrective responses. Really, trolling is just making posts to get responses out of other people.

Good trolls make posts that seem like sincere opinions or sincere misunderstandings, but the entire point of the post is to get people to take you seriously. Hence it's sometimes very hard to determine if someone is trolling or not. This works best when the person doing the trolling is a known expert, so that people who are "in the know" can catch the joke.

People who post flamebait are trying to incite a flamewar, which is slightly different, and usually more obvious.

Re:honestly... (2, Insightful)

sheph (955019) | more than 4 years ago | (#31914844)

The GP has a valid point though. What if the admin got hit by a bus and died? The city would be in the exact same position. In my opinion that's just straight up bad management.

Re:honestly... (0)

bughunter (10093) | more than 4 years ago | (#31914648)

While I agree with you that the City was irresponsible in not taking precautions against this crime, it doesn't justify the act.

Childs essentially held the City IT hostage. I have little patience for this kind of crap, after firing a little BOFH for being a BOFH, and discovered that the little prick had set up a chron job that regularly checked for the presence of his account in the userid list, and if missing, wiped the entire boot volume.

Fortunately I had the presence of mind to backup the entire volume before allowing the new IT guy to touch anything. The poor guy was only on the job for about half a day before the entire system went down, and for a while there he was sure that would be his only day on the job.

Re:honestly... (0)

Anonymous Coward | more than 4 years ago | (#31914788)

Big man saves the day!

Re:honestly... (1)

eosp (885380) | more than 4 years ago | (#31914940)

Except that the contract of Childs said that he was not allowed to tell anyone but the mayor. They were asking him over a teleconference, where he didn't know who was on the other side (except that the mayor was not). He was thinking that he would be liable if he did give over the password.

Re:honestly... (1)

moxley (895517) | more than 4 years ago | (#31914708)

The city should be smacked upside the head for sure over this case, but not for the "reason" you mentioned - and while your smacking hand is still warm, smack yourself one for not reading "the links or anything else" and then commenting that "it needs to be said," and clearly not understanding Child's job (or seemingly much else about this case).

I don't think so... (-1, Troll)

Anonymous Crowbar (692255) | more than 4 years ago | (#31914514)

ANd just how does this put all IT Admins in danger? The man broke the law

Re:I don't think so... (1, Informative)

Leafheart (1120885) | more than 4 years ago | (#31914524)

No he didn't.

Re:I don't think so... (1)

Wyatt Earp (1029) | more than 4 years ago | (#31914550)

Has the decision come down yet?

If the answer is "no" then you are wrong.

Re:I don't think so... (2, Insightful)

characterZer0 (138196) | more than 4 years ago | (#31914598)

What 12 guys in a room decide they collectively think happened has no bearing whatsoever on what actually happened.

Re:I don't think so... (1)

jedidiah (1196) | more than 4 years ago | (#31914640)

Are any actual facts in dispute? This seems to be purely a matter of law. Are 12 undereducated laymen really the right venue for this?

Re:I don't think so... (1)

Lumpy (12016) | more than 4 years ago | (#31914804)

they are a far better choice than 12 college graduate lawyers that think they are educated but really know nothing about technology.

Honestly, I have met a lot of lawyers and they firmly believe they know everything because they went to a lot of college.

Re:I don't think so... (5, Insightful)

ElectricTurtle (1171201) | more than 4 years ago | (#31914882)

Being judged by twelve random people is as close to 'objective' as possible. I can only imagine the systemic biases that would arise from 'professional' juries, or 'expert technical' juries. Would you want a FOSS defendant judged by a jury from MS or Apple? Vice versa? Or as you seem to allude to, a world of bench rulings like the dark ages? Or a world where lawyers bid for the good opinion of a jury comprised of other lawyers? Disgusting. I'm immensely glad to have the right to be judged by average people, not because I harbor any romantic notion of them (they tend to be dolts), but because the alternatives are far worse.

Re:I don't think so... (1)

characterZer0 (138196) | more than 4 years ago | (#31915016)

The dumber the jurors, the more it comes down to who can afford the best lawyer.

Re:I don't think so... (1)

Leafheart (1120885) | more than 4 years ago | (#31914872)

No I'm not.

Re:I don't think so... (1)

techno-vampire (666512) | more than 4 years ago | (#31914894)

In case you haven't noticed, the principle of "innocent until proven guilty" is still in force. That means that until and unless the jury finds him guilty he is to be considered innocent.

Re:I don't think so... (1)

DaHat (247651) | more than 4 years ago | (#31914990)

In a pure legal sense yes... but you are still free to your own opinions.

OJ Simpson was found not guilty of double homicide... a sizeable number of people out there firmly believe that he did in fact commit the acts he was accused to. Should we be punished because we do not agree with the jury?

Re:I don't think so... (0)

Anonymous Coward | more than 4 years ago | (#31914558)

Actually, he didn't. At least, until the jury decides otherwise...

Did he really? (5, Insightful)

Chirs (87576) | more than 4 years ago | (#31914568)

The fact that the case has dragged on this long and that some of the charges have already been dropped seem to highlight the fact that there is some doubt as to whether or not he actually broke the law.

Re:I don't think so... (-1, Flamebait)

JeffSpudrinski (1310127) | more than 4 years ago | (#31914584)

Personally, I agree, but it's more up to the jury to decide that.

He refused to hand over passwords when ordered to do so by his superior and his superior's superiors.

He was, at best, a total jerkwad about the thing. He let his admin position go to his head. Even if his boss was a total buttwipe, he (or she) was still his boss. He simply should have completely documented his protest and handed over the passwords.

He was the one that tried to turn it into a "federal case" and he got his wish. Good luck with that. If he's found guilty, that was the chance he took trying to take on The Man in this way.

-JJS

Re:I don't think so... (3, Insightful)

Red Flayer (890720) | more than 4 years ago | (#31914754)

He refused to hand over passwords when ordered to do so by his superior and his superior's superiors.

He was, at best, a total jerkwad about the thing. He let his admin position go to his head. Even if his boss was a total buttwipe, he (or she) was still his boss. He simply should have completely documented his protest and handed over the passwords.

It's not as clear cut as that. From what I understand, we was operating under a specific protocol for release of the passwords, that excluded the possibility of him handing them over to his bosses at their request.

So what's more important -- following the established rules, or doing as your boss says? In a perfect world (not that we operate in one), the rules are more important than the individual. If the boss wanted the passwords directly handed over, then the boss should have gotten the rules changed to allow that.

Just because someone is your boss doesn't make you their slave. And if you believe your boss is doing something wrong, it is morally incorrect to do as you are told, even if you document your protests.

Although, it does seem likely the guy was being a jerkwad... that doesn't mean he was an incorrect jerkwad, or a jerkwad acting illegally.

Re:I don't think so... (1)

Altus (1034) | more than 4 years ago | (#31915010)

given that he was already fired, I would say the rules are more important that the boss. The rules are usually binding even after you are fired.

It does sound like he went about it the wrong way and that probably had a lot to do with him having a chip on his shoulder. If his boss had asked and he had said "Im sorry, but your own policy dictates that I give these passwords only to the mayor under these circumstances" then this probably would have been cleared up that day. I'm sure he was more of an ass about it... probably because he was pissed about loosing his job. But if he followed the policy to the letter it really doesn't matter if he is a total dick.

God knows some real sociopaths have gone free because they didn't violate the letter of the law.

Re:I don't think so... (1, Informative)

Anonymous Coward | more than 4 years ago | (#31914814)

They ceased being his superiors they second they fired him, which was before they asked for the password, if I recall the other stories about this correctly

Re:I don't think so... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31914846)

He refused to hand over passwords when ordered to do so by his superior and his superior's superiors.

He was, at best, a total jerkwad about the thing. He let his admin position go to his head. Even if his boss was a total buttwipe, he (or she) was still his boss. He simply should have completely documented his protest and handed over the passwords.

Apparently you've never worked anywhere with a serious security policy. I've had a few jobs where I could only give my passwords to the security officer(in a sealed envelope, every time I changed them) or my replacement. Giving them to my immediate superior or his immediate superior would've gotten me canned or jailed, even if told I would be fired.

Indeed, not doing so once got me promoted to my boss's position after I reported it:)

Re:I don't think so... (1)

Mitsoid (837831) | more than 4 years ago | (#31914862)

From what I am reading --

Article only states he refused to hand out the network admin passwords to a room and speakerphone full of people he felt were unqualified. There was no mention of who exactly wanted the passwords -- or if a follow-up attempt by 'a superior' was made while not on speakerphone. If he is in trouble for JUST the refusal to give the password out on speakerphone and in a room with a dozen people, I'd give him a pat on the back and a bonus for proper IT security.

When I was an IT assistant at a high school, I'd pull the same stunt if my boss (or the principle) asked me on speakerphone to give out the local admin passwords on the computers to a dozen people (Staff, teachers)...

Just like Terry (If i read correctly)... I'd be protecting the computers and the network security by withholding the admin passwords from people unqualified to have admin access without admin intelligence in the field (i.e. not sticky-noting the local computer password to the monitor on the computer for kids to see)

Already was hard enough keeping kids from installing kazaa and other security hazards without admin rights... give out the admin password to a dozen non-IT security-unaware people? yeah right....

One of terry's listeners probably would have put the admin password on a stickynote to his work and home computers..

Re:I don't think so... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31914918)

No, you have it wrong... He was not a jerkwad that refused to give his poss the password......
HE HAD NO BOSS.
They already fired him! This is such a big point.
Then they realized that they were idiots who had only one person working on the entire network... And no one else knew the first thing about it.
That was the superiors fault, not his.
THEN they asked this guy, who worked his butt off on the network only to be fired by a 'superior' who doesn't know a network from a CPU, who already tried to get him fired without cause 'because he is a quite type who does not fit in'.
  "Um, hey, yea, you don't work for us anymore, and even though I don't actually know what your job was I decided you don't know how to do it...
And even though it would actually be breaking our own rules and possibly the law.... Um yea' will you give a room full of unauthorized people and a open conference call your admin passwords to the entire city wide network?"...
THEN they arrest you? Then they say that because he could VPN from home when he got calls in the middle of the night he was 'hacking'.. Etc.

Read up on the case.
If I get fired I won't screw anything up, but I sure as shit am not giving my 'superior' one more second of my time. I have no legal responsibility to do or say anything my 'superior' wants... Even if he is the butt buddy of some cops and DA's.

Really? (-1, Troll)

Wyatt Earp (1029) | more than 4 years ago | (#31914522)

"A verdict that, if rendered, puts all IT admins in danger."

He was an employee and this was the city's property and he refused to give up the passwords. Sweet Zombie Jesus, if anything a not-guilty verdict will do more damage because then IT Managers will be able to hold sway with the passwords.

Re:Really? (5, Informative)

Maxo-Texas (864189) | more than 4 years ago | (#31914576)

The written policy was that he only gave the passwords to the mayor in a secure setting.

People besides the mayor tried to get the passwords.
The mayor tried to get the passwords in a non-secure setting.

They grossly over-reacted and were probably trying to violate their own written policies.

If they can force you to violate policies or go to jail for up to 5 years, then you don't want to be in that job since the penalty for violating written policies may be just as draconian.

Ref (0)

Anonymous Coward | more than 4 years ago | (#31914680)

Please give a reference for that.

Re:Ref (1)

MobyDisk (75490) | more than 4 years ago | (#31914836)

Which thing? Google was able to quickly verify what he said about giving the passwords to the mayor.

Re:Ref (1)

timster (32400) | more than 4 years ago | (#31914988)

I think people are arguing over whether this was an actual written policy, or just a policy he made up. (I don't claim to know).

Re:Really? (2, Informative)

Wyatt Earp (1029) | more than 4 years ago | (#31914764)

His supervisors wanted the passwords.
The Mayor wanted the passwords - secure or not if the Mayor of the city you work for wants a password, you give it to them. I work in the public sector and while the head of the agency isn't my supervisor, if she asked for a password that she didn't need, I'd write it down for her.

http://www.cio.com.au/index.php?q=article/255165/sorting_facts_terry_childs_case&fp=&fpid= [cio.com.au]

"First, despite the many news reports claiming that Childs had shut down all or part of the city and county of San Francisco's network, what actually happened was that Childs refused to provide his superiors the passwords to the city's core FiberWAN network, effectively preventing them from administering the network."

"Following the completion of the FiberWAN, Childs looked upon his creation as art -- so much so that he applied and was granted a copyright for the network design as technical artistry. Skeptical of his colleagues' abilities, Childs became the sole administrator of the FiberWAN, and the only person with the passwords to the routers and switches that comprised the network. This state of affairs was widely known throughout DTIS, and Childs was the only point of contact for changes, troubleshooting, and overall management of this network."

I've looked around and around and see no references to this written policy, just that he'd only agree to give them to the Mayor in person.

Did he do half of what the City of San Francisco said he might do? Nope, but should he have given up the passwords to his damned supervisors? Yes.

This is what the City of San Francisco gets for letting a felon run their network.

"The possession of ammunition may have raised flags with the police, because 25 years ago, at the age of 17, Childs was arrested and convicted of aggravated burglary, and spent four years in a Kansas prison. In 1995, prosecutors said, Childs was again arrested in Kansas and charged with aggravated assault and carrying a concealed weapon. The case was reduced to misdemeanor weapons possession"

Re:Really? (1)

Darinbob (1142669) | more than 4 years ago | (#31915004)

It's a half-right half-wrong situation. What happens if he gets hit by a car, and no one has the passwords? Bad news, lots of wasted time and money. But giving the passwords up to an idiot supervisor just because they asked? Bad idea as well. This isn't the military, just having someone be your superior does not necessarily give them the right to your keys.

Re:Really? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31914860)

He did his job. He followed the letter of the law, and has already spent quite a bit of time in jail for doing his job properly. This is (once again) mental instability run wild. Just a week ago I heard of a terrible plane crash in which case nearly 100 senior government officials died when the leader of the country (who shall remain anonymous) perhaps (and we can only guess) ordered the pilot to land in dangerous situations. The now deceased leader had ordered pilots to do dangerous things before, and they refused before, only to lose their job and reputation and face the wrath of the state. This one obeyed and nearly 100 died (including the pilot). Getting back to this case, the mayor clearly overstepped his bounds, and did not follow his own rules. If it were an airplane instead of a computer network, many could have died. There are rules in place to protect all parties. Its when ass-hat administrators over step their bounds of authority and common sense, that disasters occur. Its one thing to be voted in, but being voted in doesn't mean that they are suddenly experts in everything. There are technical things in this world that require technical expertise. Ignoring that fact can cause royal disasters like this. Why this guy has spent so much time in jail is absurd. My wish is that the city lose its entire IT staff, and that they get HaXored till there is little left to protect (and then all the elected officials lose their jobs and face equal jail time).

Re:Really? (3, Informative)

slimjim8094 (941042) | more than 4 years ago | (#31914582)

Mod parent down. His job was to keep the network secure, and the people demanding the passwords didn't have a right to know them. He told the mayor instead.

This is, of course, after they fired him without demanding the passwords first.

Re:Really? (1)

Wyatt Earp (1029) | more than 4 years ago | (#31914782)

The people who demanded the passwords were Terry Child's supervisors.

Re:Really? (1)

bsane (148894) | more than 4 years ago | (#31914986)

The people who demanded the passwords were Terry Child's supervisors.

Not if he had already been fired.

Re:Really? (5, Insightful)

turbidostato (878842) | more than 4 years ago | (#31914628)

"He was an employee and this was the city's property and he refused to give up the passwords. Sweet Zombie Jesus"

The city's property? Who the hell is "The city"? Did "The city" appeared and he refused to give the passwords to him (or is it her?)? Or are you implying that since it was "the city's property" he should give the passwords to any citizen that would happen to ask for? Because as soon as he was asked for the passwords by the proper person (the major) at the proper environment (face to face with him without unknown people at sight) he indeed promptly passed them out.

"then IT Managers will be able to hold sway with the passwords."

You can bet no IT Manager would tell the passwords to the janitor no matter how much "the company's janitor" it is.

Re:Really? (1)

jd (1658) | more than 4 years ago | (#31914832)

The City. Townsville. Where the Powerpuff girls live. You know.

Re:Really? (1)

Wyatt Earp (1029) | more than 4 years ago | (#31914852)

The "city" is the City of San San Francisco, his employer.

The city's representatives, who wanted the passwords, are Jeana Pieralde, the head of security for San Francisco DTIS and the DTIS CIO, not the janitor or anyone off the street.

You really think the mayor should step? (1)

Rix (54095) | more than 4 years ago | (#31914996)

Just for him, or for every disgruntled former employee who's petulantly holding on to city property?

Re:Really? (2, Interesting)

oatworm (969674) | more than 4 years ago | (#31914838)

Well, sort of - for various reasons, he refused to give up the passwords to his bosses because he decided (correctly or not, of course, is for the jury to decide) that the only person authorized to receive the passwords was Mayor Newsom. Now, I'll note that, if his interpretation was that the "city" owned the passwords, you could make the argument that, if that's the case, he could also interpret that as broadly as humanly possible and give everyone in San Francisco the passwords; after all, if the network is owned by the city, that means its *public* property, not just the private property of Mayor Newsom or select city employees. Realistically, he adopted a particularly narrow and self-serving interpretation of city policies to suit his own agenda, a point which the city is trying to make in court.

Ultimately, Childs is, at best, technically correct. It doesn't change the fact that he rules lawyered himself a rather convenient bit of job security, even if it proved to be temporary. This case won't put "all IT admins in danger" unless "all IT admins" work in places where there are no sane, documented policies regarding password handling and sharing and where ownership of IT equipment is rhetorically ambiguous.

Wow.. (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31914526)

Is this like Slashdot in "Rights Violation Mode"? (Kind of like Weatherscan's severe weather mode). I am seeing these red curly things next to the articles throughout the entire front page

Please Read the History... (5, Insightful)

trurl7 (663880) | more than 4 years ago | (#31914566)

...before posting. The frenzy's already started. People - there's a long story here. Do not rely on this summary to tell you the details. Don't litter the thread with inane "he broke the law and should pay" comments. Your fellow non-readers in-spirit have done so on a minimum of twenty prior threads on this issue.

Please, please learn the backstory before commenting. Think of the children. Plus, some readers are getting on in years (35+). They can't handle the spiking blood pressure.

Re:Please Read the History... (0)

customizedmischief (692916) | more than 4 years ago | (#31914602)

Please, please learn the backstory before commenting.

I want to, and that's why I visited the forums. Perhaps you or some other helpful Slashdotter can provide a few helpful links? :)

Re:Please Read the History... (2, Insightful)

trurl7 (663880) | more than 4 years ago | (#31914618)

Ok... I gotta know. Why troll? Whoever modded this - I don't mind a genuine disagreement of opinion. But seriously - I entreated the readers to actually know the story. Yes, I'm new here. But why troll? Post anonymously if you have to, but please explain - why did you think I was trolling?

Re:Please Read the History... (-1)

Anonymous Coward | more than 4 years ago | (#31914802)

Because you care enough to whine about it. Now that I (well, we, heh heh heh) know how flustered you get about this kind of thing, well, lets say you've made a little list. See you in -1 land!

Re:Please Read the History... (0, Troll)

mcgrew (92797) | more than 4 years ago | (#31914884)

Even though I'm 58 I wouldn't have modded it "troll" (it's "informative" now, as it should be), but I would guess your "Plus, some readers are getting on in years (35+). They can't handle the spiking blood pressure" is the reason. Not everybody at slashdot still has milk dripping from their chins. Insult people and you risk "troll" and "flamebait" mods, no matter how insightful or informative it is.

Plus, some readers are getting on in years (35+) (0)

Anonymous Coward | more than 4 years ago | (#31914842)

And some of us are 55 +, with GOOD blood pressure, and we don't like the noobs comments who don't bother to get the full story either.

Re:Please Read the History... (1)

rdtreefrog (1092265) | more than 4 years ago | (#31914920)

HEY! Don't poke fun at 35+'s. 35 is still a VERY young and angry age.

Pity ... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31914604)

Pity he doesn't have a jury of his peers, so he's basically gonna get crucified by joe & jane blow citizen (good citizens who convict evil hackers like the prosecution wants).

Oh shut up (-1, Troll)

Sycraft-fu (314770) | more than 4 years ago | (#31914610)

I am tired of this "Oh no if he gets convicted all IT admins are in danger!" No, they aren't, not if they do their jobs. It is real simple: Whoever owns the systems, and their designated agents, have a right to have access. If they ask you for access, give it to them. It's that simple. You don't have to give them your password, you do have to give them a password that gives them access. In the cases of routers, this is often a shared password like an enable password.

I don't see this as affecting IT admins at all. Certainly doesn't affect me. Here all the passwords are kept in a safe by my boss, as is required by university policy. Who can and cannot have access is specified in policy. I am not at all worried. If a random grad student demands access, I'll say no. If the CIO demands access, I'll give it. Simple as that.

tags: kdawsonsucks, kdawsonfud (-1, Offtopic)

Nimey (114278) | more than 4 years ago | (#31914636)

ohnoitsinfoworld

Re:Oh shut up (3, Insightful)

jedidiah (1196) | more than 4 years ago | (#31914666)

You are not a real, proper IT geek until you've either been fired or quit over this sort of nonsense.

Securing systems from morons is just part of the job.

Re:Oh shut up (1)

oatworm (969674) | more than 4 years ago | (#31914952)

The No True Scotsman [wikipedia.org] would like a word with you and your "real, proper IT geek". I'll warn you in advance - it involves kilts, commando-style, and bagpipes.

Re:Oh shut up (1, Funny)

Anonymous Coward | more than 4 years ago | (#31915038)

You do not have a real, proper God Complex until you've either been fired or quit over this sort of nonsense.

Securing systems from anyone who's not you and therefore considered an inferior being is just part of the job.

FTFY.

Re:Oh shut up (4, Interesting)

Roogna (9643) | more than 4 years ago | (#31914738)

But that isn't true. If the written security policy states that that person, even if it is -your boss- isn't to have the password. Then that person doesn't get the password, no matter how many times they ask. Written policies exist to lay down the foundation and rules.

I've been in similar situations back when I was working as a admin. We once had a executive VP demanding we give the password to a machine to someone not authorized to have it (And no, the VP did NOT have authorization or power to change that policy, he was NOT in charge of security). He threatened to fire us. We told him to go ahead, but that the only people who got the password were our replacements or other authorized individuals. He DID have the power to fire us. But that STILL didn't give him the power to demand that password, or that the security policy be changed.

Companies, and I'd imagine city governments too, have policies and chains of commands on all sorts of things. These things are usually written down somewhere so as to be enforceable. And THOSE are the things that matter. I don't remember ever working as a admin where my immediate supervisor had a root password to anything or his boss. But the good ones all knew that it wasn't their job to know those things, they paid me to keep those secure from people who asked. Even if that meant some pip-squeak with a highly placed friend.

And are irrelevant on termination (2, Insightful)

Rix (54095) | more than 4 years ago | (#31915042)

The organization's policies are no longer any of your business once you leave their employ. They're not law. If they want to violate them, that's their concern, not yours.

Re:Oh shut up (1)

NeoSkandranon (515696) | more than 4 years ago | (#31915048)

I thought policy was just to cover the asses of the people who make requests like this, and set aside whenever they want something counter to it?

Re:Oh shut up (4, Insightful)

girlintraining (1395911) | more than 4 years ago | (#31914740)

It is real simple: Whoever owns the systems, and their designated agents, have a right to have access.

Yeah, say that with a straight face to the guy demanding the root password because he read "it was important", and you got a call last week from him asking you to change his desktop wallpaper because "it got stuck". IT admins not going in for that kind of non-sense is a compelling reason why large sections of the internet don't slide off the side of the planet in a dribble-like fashion.

This guy was responsible for critical public infrastructure -- infrastructure that kept working for months after they fired him. They broke it repeatedly after gaining access, and it took hundreds, if not thousands, of billable hours to repair the damage that happened when those owners and their "designated agents" got their hands around the gooey core of the network.

Justice is about harmony, not law and order.

Re:Oh shut up (1)

uncledrax (112438) | more than 4 years ago | (#31914854)

> his guy was responsible for critical public infrastructure -- infrastructure that kept working for months after they fired him.

But he wasn't responsible for it after he was terminated.

Re:Oh shut up (3, Insightful)

Hatta (162192) | more than 4 years ago | (#31914750)

It is real simple: Whoever owns the systems, and their designated agents, have a right to have access. If they ask you for access, give it to them. It's that simple.

It so simple, it sounds like that's exactly what Terry Childs did. He may have withheld access from a "designated agent" for a while, but he had no way of verifying exactly who the designated agents were. Would you suggest he just take their word for it?

Re:Oh shut up (5, Interesting)

Red Flayer (890720) | more than 4 years ago | (#31914826)

Whoever owns the systems, and their designated agents, have a right to have access. If they ask you for access, give it to them. It's that simple. You don't have to give them your password, you do have to give them a password that gives them access. In the cases of routers, this is often a shared password like an enable password.

Who owns those systems? Not his boss -- the City does. And the City did not give his boss authority to get the passwords directly from him. The City established a set of rules for transferring the passwords, and his boss tried to circumvent those rules.

This guy's boss was not acting within the rules established for him to act as a proxy for the City (if we're going to follow your ownership logic). So who's acting responsibly... the guy who chose to follow the rules despite the risk of adverse personal impact? Or the guy who wanted to ride roughshod over the rules in the interest of expediency?

Re:Oh shut up (1)

orlanz (882574) | more than 4 years ago | (#31914834)

So, if your boss said give me access to erase all the fraud I been doing, you are ok with that, cause the policy said so? Wait till shareholders get a bead on that and you end up in the same boat as this guy. That's pretty much what Fastow did in the Enron case.

Re:Oh shut up (1)

uncledrax (112438) | more than 4 years ago | (#31914914)

If you know your boss is doing fraud, but didn't say anything about it.. either you're IN on it, or you should have already called the Feds.

PS: That's what backups are for.

Re:Oh shut up (5, Insightful)

nharmon (97591) | more than 4 years ago | (#31914934)

Just that simple, huh? So let's say the Dean for Admissions demands you give him the organization-wide root or domain admin password. Will you? What if it's the dean for admissions, two members of the board of trustees, the chief of campus police, and a computer lab tech from the biology department, and all want you to give the password to the lab tech?

If the policy states you shall not give the password to anybody but the CIO, and all of these "designated agents" come to you and demand the password... are you going to give it to them?

Let's say you quit your job, and three days afterward they call you asking for the passwords. How do you know if the policy changed? Maybe the CIO was fired. How do you know these are still the "designated agents"?

These are the types of problems that arrise from this prosecution. The law gives organizational policy the force of law, without realizing its limitations. So before you tell us to "shut up", you might want to think about the ramifications of that first.

Re:Oh shut up (3, Informative)

ElectricTurtle (1171201) | more than 4 years ago | (#31914968)

It's funny that you think you're safe because of policy. As another has already said better, so did he [slashdot.org] .

Oh, but that won't happen to anybody else, right?

Not Guilty (0)

Anonymous Coward | more than 4 years ago | (#31914630)

That's this non-jurors verdict.

Regards,
Jason C. Wells

so (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31914644)

He essentially served a 2 year sentence regardless of whether or not he is found guilty? Awesome. I knew justice is blind, but I didn't realize that it was stupid too. What there wasn't a tracking anklet available? Really 2 years waiting in jail for a non-violent "crime"?

To all IT admins (1)

countertrolling (1585477) | more than 4 years ago | (#31914694)

Demand a waiver from all employers..Maybe it takes things like this to get you all to organize. Otherwise live with the verdict if it goes badly.

Re:To all IT admins (1)

Firemouth (1360899) | more than 4 years ago | (#31914724)

In other news, 8 million system administrators were fired today as a result of demanding a waiver for their services...

Re:To all IT admins (1)

countertrolling (1585477) | more than 4 years ago | (#31914906)

And 20 million computer suddenly went up in smoke.. Let 'em try to keep the machinery running by themselves.

Re:To all IT admins (0, Troll)

0racle (667029) | more than 4 years ago | (#31914776)

Organize against what? Doing your job correctly? Handing passwords over when you're canned?

The hacking charge is ridiculous but in no universe was this guy in the right.

Re:To all IT admins (1)

countertrolling (1585477) | more than 4 years ago | (#31914944)

Doesn't matter. You don't lock him up. Time for people to stand up..

Re:To all IT admins (1)

sheph (955019) | more than 4 years ago | (#31915036)

It is getting to the point where that might be necessary. Employers require you to sign things to protect themselves. I don't think it would be unreasonable to do the same. Especially when people sit in jail for two years and get dragged into court for essentially doing their job.

My solution in the past (5, Interesting)

Minupla (62455) | more than 4 years ago | (#31914792)

I have worked for small companies in the past where I was the sole administrator. My solution to this was to store a PGP encoded file on a shared drive with the passwords in it, locked with my asymmetric key and one with a random password. Either one would open it. I put the plaintext password in an envelope, sealed it, signed the envelope and had my boss sign it. The envelope got stored in the company safe and I could inspect it at will. If the seal was intact I knew I was the only one with the passwords and was still responsible for the system. If the seal was broken, it was agreed I did not have any responsibility for damage that might have been caused.

This gave my employers the confidence that they could recover from a disaster (hit by a bus, win the lottery, etc) and gave me the confidence that I didn't have to rule out assistance from well meaning but unskilled bosses when something broke.

Min

fate of billions of children now in your hands (0)

Anonymous Coward | more than 4 years ago | (#31914902)

we know what we must do, right?

never a better time....

It's hard to believe Child's will lose this thing (2, Insightful)

phantomfive (622387) | more than 4 years ago | (#31915030)

Anything can happen in a jury trial, but it's hard to believe that Child's will lose this thing. The district attorney needs to prove two things (at least):

That Child's acted maliciously, that he was trying to cause harm to the network. I have seen no real evidence that supports this idea. The city tried to say that he did it to keep them from firing him.

They also have to prove that his actions actually caused damage. This is problematic because the network never actually went down, his actions didn't cause damage. The city uses the twisted argument that the fact that they were unable to prevent Childs from accessing the network was damage enough, that Childs was the one they needed to defend against.

I did not sit through the trial, but it's hard for me to believe that many juries would find this to be true beyond reasonable doubt.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?