Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ex-SF Admin Terry Childs Gets 4-Year Sentence

timothy posted more than 4 years ago | from the if-only-he-knew-the-password-to-jail dept.

Security 432

Robert McMillan writes "You remember Terry Childs, right? He was finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."

Sorry! There are no comments related to the filter you selected.

strike it up (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33172672)

yet another reason why america has become a country of insanity.

So... (2, Interesting)

valeo.de (1853046) | more than 4 years ago | (#33172678)

Now that he's been sentenced, does this mean that more accirate details about the case will finally come to light? A lot of what I've read seemed to be mostly hearsay with hard facts hard to come by...

Re:So... (4, Insightful)

Kuroji (990107) | more than 4 years ago | (#33172692)

What I'm going to be more interested in is the appeal. There's no way that he isn't going to try and appeal, and if as much of it has been glossed over or ignored as it seems to be at this time, he may get the conviction and any financial penalties overturned. As it stands now the city wants to bill him $900k for it.

Re:So... (1)

Anonymous Coward | more than 4 years ago | (#33172744)

try and appeal. try to appeal. i don't see a difference. do you?

Re:So... (1)

calzakk (1455889) | more than 4 years ago | (#33173410)

You either appeal, or you don't. The appeal is either successful, or it isn't.

There is no try.

Re:So... (2, Insightful)

commodore64_love (1445365) | more than 4 years ago | (#33173342)

Why should he be left-off? According to the article, "Childs repeatedly refused to hand over administrative passwords to his managers because he was concerned that the passwords would be indiscriminately shared with management and third-party contractors, thereby jeopardizing the security of the network"

That's basically theft of somebody else's property. For example I can't work at a diamond store, lock-up the diamonds in a safe, and then throw away the key so that the store own can't get to his own property. Neither should a sysadmin be able to lock-up computers and deny access to the owner.

And even if Child was correct, that the passwords would be leaked to others and compromise security, so what? It's the city's computers and if they want to screw it up, then so be it. It's their property to use or abuse as they see fit.

Re:So... (5, Informative)

Sycraft-fu (314770) | more than 4 years ago | (#33172732)

Well Slashdot themselves had a good article they linked to (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html) some time back. Also, the case is most likely public record. So if you are interested in all the details you should be able to request copies of just about everything.

Re:So... (1)

valeo.de (1853046) | more than 4 years ago | (#33172748)

Thanks! I somehow managed to miss this one at the time.

Justice is Served (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33172694)

This is pretty much an open and shut case here. He may have had his noble reasons for withholding the passwords, but in the end, he did the crime, now he must do the time.

I hope he watches his backdoor when he goes into the clink, there are going to be guys looking to root him! Oh!

Re:Justice is Served (4, Insightful)

valeo.de (1853046) | more than 4 years ago | (#33172718)

I know I just just skip past this comment, but I do wonder why so many people on here seem to think being raped is funny. You might think the guy did wrong; you might also think that justice has really been served, and hey that's your right, we're all allowed an opinion. But he's not some big-in-the-game criminal that destoryed people's lives, so I really fail to see why joking that he should keep his arse to the wall is at all funnny.

Re:Justice is Served (4, Insightful)

Stargoat (658863) | more than 4 years ago | (#33172736)

Agreed. America is supposed to be a civilized country. Why would anyone believe that it is appropriate to allow prisoners to be raped by other prisoners?

People joke about this and even seem to hope that it happens. This is disgusting and wrong. We have Enlightened articles about cruel and unusual punishments. Prison is supposed to be a loss of freedom, not a loss of basic human rights.

Re:Justice is Served (5, Insightful)

mopower70 (250015) | more than 4 years ago | (#33173088)

America may be civilized in the broadest sense of the term, but it is anything but civil. When you have a "civilization" where keeping people imprisoned is a $40 billion a year industry, and prison wardens allowing criminal activity inside their institutions as a cost-effective means of self-policing, you're going to have people getting raped and your going to have people coming out of prison much worse off than when they went in.

"Turned Out" is an interesting and disturbing documentary about the dynamic of prison sex and rape http://www.youtube.com/watch?v=M4_uvvcaDqw [youtube.com]

Re:Justice is Served (0, Troll)

shentino (1139071) | more than 4 years ago | (#33173144)

Not to mention letting the big guys get free sex whenever they want.

Re:Justice is Served (5, Insightful)

Joce640k (829181) | more than 4 years ago | (#33173260)

This.

The people who really ought to be having a miserable time in prison get a free pass to carry on tormenting and hurting other people for their own amusement. Other people who have nowhere to escape and nobody to turn to for help.

Re:Justice is Served (1)

Jamu (852752) | more than 4 years ago | (#33173314)

Prison is supposed to be a loss of freedom, not a loss of basic human rights.

Liberty is a basic human right.

Re:Justice is Served (-1, Flamebait)

Kilrah_il (1692978) | more than 4 years ago | (#33172752)

Because it's funny! That's what makes it a joke. Not every joke has to be totally PC.
I agree, it's not fine to wish someone to be raped, but as a joke that does not affect what will happen to him in jail... I don't see the problem. I somehow don't think his cell mates will read /. and get the idea "Hey, maybe we should rape him!"*

* And if they will, that will give a new meaning to "being slashdotted" :)

How is it a joke or funny? (1)

warrax_666 (144623) | more than 4 years ago | (#33172766)

I really don't get it. What's supposed to be funny about it?

Most (all?) jokes are based on setting up a premise and then surprising the reader/listener by somehow violating that premise. What the premise and the surprise supposed to be with the "PMITA prison" and rape "jokes"?

Re:How is it a joke or funny? (4, Insightful)

Cwix (1671282) | more than 4 years ago | (#33172822)

People joke about what they are scared of.

Re:Justice is Served (5, Insightful)

Jedi Alec (258881) | more than 4 years ago | (#33172866)

Making jokes the way Americans do about "pound me in the ass prison" indirectly condones the fact that such a prison system exists. Heck, how many tv shows have a cop quickly whispering into the ear of the just arrested (and hence not convicted eg innocent) perp about what's going to happen to him in jail?

Re:Justice is Served (4, Insightful)

Hognoxious (631665) | more than 4 years ago | (#33173064)

On the other hand, I rather doubt that refraining from making the jokes would lead to imminent abolition or reform of those institutions.

Re:Justice is Served (2, Insightful)

Joce640k (829181) | more than 4 years ago | (#33173270)

The problem isn't the joke, the joke is fine. The problem is that it's really going to happen, that we all know it and that we do nothing about it

Re:Justice is Served (1)

bertoelcon (1557907) | more than 4 years ago | (#33173040)

Look at my sig.

Re:Justice is Served (2, Informative)

Anonymous Coward | more than 4 years ago | (#33173318)

Is assault & battery funny? Of course not, but it is when the Three Stooges did it. Is gun violence funny? No, but we laugh when Yosemite Sam does it. Bad things are funny. Really bad things not so much, and there's no real objective way to draw that line, but something like a male criminal getting it in the pooper...well, pretty overdone, not too funny, and in the end you would hope it doesn't happen as the punishment would be nowhere near close to fitting the crime (I would certainty hope they're not holding him with violent criminals who would do that sort of thing), but I don't get all the righteous indignation over merely mentioning it in some sort of attempt at humor.

Re:Justice is Served (1)

Schlacht (18295) | more than 4 years ago | (#33173348)

Probably because for so many prison turns into a free ride, easy time, then get back out and go back to the same effed up lifestyle of disrespecting the society they live in. It's different for everyone, but it seems that going to prison is not such a big deal, and the fear of being arsch-raped is. But this is missing the point.

Why he was sentenced, found guilty, or even on trail is the question. What did he do wrong? I think his supervisors are at fault for not keeping tighter guidelines for him to follow, and that is that. SyCraft-Fu puts it well, "Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours."

White collar criminal (1)

Mathinker (909784) | more than 4 years ago | (#33172782)

My impression is that there are separate facilities for white-collar criminals, so he probably won't have to interact with rapists and murderers. Am I being optimistic?

Re:White collar criminal (1)

drinkypoo (153816) | more than 4 years ago | (#33172996)

My impression is that there are separate facilities for white-collar criminals, so he probably won't have to interact with rapists and murderers. Am I being optimistic?

There are separate facilities for embezzlers and the like who are very rich and who cut a deal with someone. You don't get sent to a country club prison unless you're part of the gang.

Re:White collar criminal (1)

RabbitWho (1805112) | more than 4 years ago | (#33173276)

Exactly! I was reading an article recently about a 60 year old gardener who went to prison for not filling out some forms and technically "smuggling" orchids. He was put in with violent offenders.
Non violent criminals should not be put in prison at all. There has to be some other more effective, less expensive, and safer way to punish people.

This is the exact same thing. 4 years for taking your job too seriously!?

Re:White collar criminal (1)

Joce640k (829181) | more than 4 years ago | (#33173278)

Sure ... unless the white collar prison happens to be full that day, or the psychologist gets it wrong, or he's left in a holding cell for a few days before transportation, or any of the other ways the system can fail...

Overlords (0, Troll)

jcookeman (843136) | more than 4 years ago | (#33172704)

Screw with your gov't overlords.....then prepare to be punished.

Sounds pretty fair (5, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#33172708)

Especially when you read the story of one of the jurors who has a CCIE (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html). This wasn't a case of some PHB demanding access to something he shouldn't have. This was a case of an egomaniac sysadmin trying to make himself irreplaceable by locking everyone else out. When called on this he refused, bluffed, and finally lied.

For me, the lying part is where it clearly went to criminal levels. I suppose some of the other things he did (like store the WAN config only in memory, not saved to flash and keep the only backup on his laptop) could possibly be justified as just being paranoid and poorly educated in actual security practice. However when he gave his supervisors false passwords, lied to them, to me that showed clearly that he knew he was in the wrong. He knew he was supposed to give up the passwords but wouldn't.

Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours. They don't belong to you. They belong to the organization you work for. Part of that means the origination gets to decide who has access. You can (and should) have input in to that, and should make sure it is all documented, but ultimately the systems belong to them and you need to do as they say.

As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.

Re:Sounds pretty fair (1, Informative)

Anonymous Coward | more than 4 years ago | (#33172764)

"When called on this he refused, bluffed, and finally lied."

And he also tried to flee, at which point he was arrested.

Re:Sounds pretty fair (3, Insightful)

Stargoat (658863) | more than 4 years ago | (#33172792)

And then once you've been fired, you must always be available to your company to provide that service?

As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.

My responsibilities and duties as an IT worker end the moment I quit or someone fires me. I do not like the precedence this trial sets. Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords. What about basic services that I created? Must I be available to provide those? What about not so basic services? "You are the one who designed the widget software and we do not think your documentation is complete. Come show us how this works or we will throw you in jail."

No, this Childs trial has created a dangerous precedence. The IT worker is held to a standard above that of officers, managers, and other employees. I am very not comfortable with that, and you should not be either.

No but you have to give them access before you go (5, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#33172830)

Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.

You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.

Re:No but you have to give them access before you (3, Insightful)

Stargoat (658863) | more than 4 years ago | (#33172862)

Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.

You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.

You and I may see the difference, but can your luddite boss and his luddite lawyer? You might think that laws and court rulings are based on responsible understandings of the facts, but then you would be wrong.

Re:No but you have to give them access before you (4, Interesting)

Sycraft-fu (314770) | more than 4 years ago | (#33172906)

Well I'm just not sure how to respond to such obstinance. There is plenty of information out there as to why the jury voted as they did and what law was broken and so on. If you are unwilling to read and understand that, I can't help you. Some people just want to be paranoid, I guess.

Also this "Luddite boss" thing really reeks of ego mania. Far too many sysadmins think they are the Smartest Motherfuckers in the Universe and that there is no way their boss could possibly understand any of this because he's not as good at tech. Turns out that's often not the case, a manager may understand technology and more important the limits of their own knowledge about technology just fine. They may well be an intelligent individual, just with some different skills than yourself.

I'm not saying some aren't dumbassess, but then so are some sysadmins. I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

Re:No but you have to give them access before you (4, Interesting)

Dwonis (52652) | more than 4 years ago | (#33173234)

I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

It's also bad engineering. If the system is so fragile that you're the only one who can work on it, then you're doing a bad job. What if you get hit by a bus? What if you decide to quit so you can accept your dream job? Whatever you build should be (at least mostly) maintainable by any other average practitioner with similar credentials.

Re:No but you have to give them access before you (1)

bev_tech_rob (313485) | more than 4 years ago | (#33173284)

Once you leave a company, you don't have to support shit as long as you haven't signed some stupid contract forcing you to do so. If they have the passwords and can access THEIR systems, they can do what they want. Of course if they call you back, you can always charge them out the ass in consulting fees, but you don't HAVE to come back and work for them. They can always hire someone else if you don't wish to work for them. This isn't indentured servitude.

Re:No but you have to give them access before you (1)

cervo (626632) | more than 4 years ago | (#33172978)

In my company the precedent is that when you are fired, you are no longer allowed to log onto your computer. Basically security comes/watches you pack from your desk and then you must leave, it's standard practice. They don't want to hear about passwords, etc.. they want you to get your stuff and leave. I would consider my obligations done if that happened to me. Because most passwords are in a textfile on my hard disk and many I don't remember.

But also my passwords are mostly for personal accounts so they can just go and create other accounts. But anyway when the escort you out like an animal I would end my obligations right there. Anything else, "sorry I don't remember, I'd need to poke around my computer to find it..oh wait I wasn't permitted back on...well good luck".

he was not fired they moved him and gang rushed hi (1)

Joe The Dragon (967727) | more than 4 years ago | (#33173158)

he was not fired they moved him and gang rushed him for the passwords.

Re:Sounds pretty fair (0)

Anonymous Coward | more than 4 years ago | (#33172838)

My responsibilities and duties as an IT worker end the moment I quit or someone fires me. I do not like the precedence this trial sets. Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords. What about basic services that I created? Must I be available to provide those? What about not so basic services? "You are the one who designed the widget software and we do not think your documentation is complete. Come show us how this works or we will throw you in jail."

No, this Childs trial has created a dangerous precedence. The IT worker is held to a standard above that of officers, managers, and other employees. I am very not comfortable with that, and you should not be either.

Well, so far as it goes, an IT worker who doesn't prepare their systems for them up and leaving, or even for them being hit by a bus, may well be failing to do their job properly. The degree to which they should prepare for that would depend heavily on their responsibilities, so I'm not going to pretend there is some bright line standard to follow, but the idea that one can fail to be responsible for leaving?

It's not inconceivable.

Re:Sounds pretty fair (2, Insightful)

Anonymous Coward | more than 4 years ago | (#33172850)

If you are fired or quit, you must hand over the keys to the office, don't you? Even after you are fired. If you refuse to do this, you may well be liable for that.

Re:Sounds pretty fair (1)

TheSunborn (68004) | more than 4 years ago | (#33172858)

I don't think he is hold to higher standards. If a paranoid office manager for example had changed all locks in the office*, and he was the only one with the new keys, he would have faced the same sense if he refused to give the keys when to his boss.

My responsibilities and duties as an IT worker end the moment I quit or someone fires me

They do with the exception that you have to deliver anything you have which belong to the company back to the company. So if you are fired you still have to hand back that company laptop, even if you currently store it at home. Passwords are not that different.

But as a competent sysadmin, I hope you don't admin any systems where you are the only one with the passwords. And I really hope there are systems where you store the config in a way where you are the only one with access. Remember: If you were paid to make it by the company it belong to the company and must be returned upon termination. This goes for both hardware, configuration files and other data you store which belong to the company.

*You may laugh, but something close to this did happen. But the guy did hand over the keys when the police came to get them and that was the end of that case.

but you don't give them over the speaker phone and (1)

Joe The Dragon (967727) | more than 4 years ago | (#33173132)

but you don't give them over the speaker phone and in a big group you make so if some messes up you are not at fault.

Re:Sounds pretty fair (2, Informative)

dtbw (716889) | more than 4 years ago | (#33172864)

"Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords." No, but if your management or your customer directs you to grant access while you are still employed you are required to do so regardless of your opinion of their technical expertise. You might take pride in your network but guess what. It's not YOUR network. You're just paid to maintain it. Just document the access request to cover your rear and do what you're told. If they screw up the system, you are not obligated to restore it if you wish to resign or have already been fired. You already gave the them access they need to fix it themselves or hire someone else.

Re:Sounds pretty fair (1)

petes_PoV (912422) | more than 4 years ago | (#33172886)

What about basic services that I created?

So far as software or processes you may create are concerned, any true sysadmin would have documented them as part of the original project. If you didn't, well that just speaks to your level of professionalism - whether you were explicitly asked to write stuff down or not.

While you could take a position that it's "the management's" duty to make sure all the supporting information they require is present, if they fail in this, that doesn't absolve you from not doing it. It just means that you work for idiots and should know better, yourself.

Re:Sounds pretty fair (1)

The_Wilschon (782534) | more than 4 years ago | (#33172968)

Ok, sure. If you fail to document stuff adequately, you're doing poorly at your job. Possibly grounds for being fired. But you want to throw someone in jail for being bad at their job? That's ludicrous!

Re:Sounds pretty fair (4, Insightful)

tsotha (720379) | more than 4 years ago | (#33172888)

When you quit or get fired you have to return the keys to your office, don't you? Why should the electronic stuff be any different?

Re:Sounds pretty fair (0)

drinkypoo (153816) | more than 4 years ago | (#33172970)

When you quit or get fired you have to return the keys to your office, don't you? Why should the electronic stuff be any different?

Yes, you are completely correct: If you quit or are fired you will need to return any RSA keyfobs or similar. Password's just a piece of information. Do you believe copyright infringement is theft?

People are missing the point (5, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#33173016)

It isn't about PASSWORDS it is about ACCESS. He had sole access to some systems, including some very critical ones. He wouldn't turn over access. In some cases, this would have meant creating accounts for other people. In other cases, this would have meant handing over the password. Remember that some things like root or enable have only one password.

So the issue wasn't that he wouldn't give up his own personal password, the issue was that he was denying the rightful owners of the systems (the city) access to those systems.

Also please note this all started way before he got canned.

Re:Sounds pretty fair (3, Informative)

Anonymous Coward | more than 4 years ago | (#33172900)

He wasn't fired. He was apparently going to be reassigned to a new job, but not fired. While still employed and in preparation for his new assignment (obviously someone else was going to have to have access to the system he was no longer going to be running) he sat in a room with an authorized person (who he had e-mailed passwords to certain of the routers the previous week), an HR person, and a police officer, and didn't turn over the passwords to the rest of the system when asked.

Child's situation has nothing to do with the scenario you describe because he was *employed* at the time and talking to his *current* boss.

Re:Sounds pretty fair (0)

Anonymous Coward | more than 4 years ago | (#33173174)

Boy, are they gonna have problems getting the Company Car back if you're ever fired!

Re:Sounds pretty fair (0)

Anonymous Coward | more than 4 years ago | (#33173264)

The IT worker is held to a standard above that of officers, managers, and other employees. I am very not comfortable with that, and you should not be either.

They should pay us more, then. And maybe treat us with some respect in the office.

That is because you are wrong (5, Insightful)

aepervius (535155) | more than 4 years ago | (#33173294)

The process of "being fired" does not end your responsabilities with you stopping to work and going out of the building. It ends only when you :
1) gave back all physical object the firm loaned to you within the execution of your work (laptop, cars, etc...)
2) gave back all access key in your possession (be it physical, RSA keys, or electronics)
3) gave back all financial access you had to (firm credit card for example), and I may pass a few others.

If you do not think so, you are a "terry child in waiting", as in, risk prison if you think you can skimp on your responsability. being fired don't mean you can keep stuff from the firm, be it unique key knowledge (like passwords), or physical items.


It actually pretty dumb to think so. About as dumb as somebody keeping a laptop at home after being fired.

Re:Sounds pretty fair (1)

VenomPhallus (904463) | more than 4 years ago | (#33173296)

"My responsibilities and duties as an IT worker end the moment I quit or someone fires me"

This is repeated every time the Childs case comes up, and it's wrong. An employment contract does not just cover day of first employment to day of last employment; there can be (and very frequently are) contractual duties that go beyond that. You'd still expect to be paid your final paycheck come the payday after leaving, presumably. And a company can hold you to non-compete or non-solicitation clauses. They can also require you to return company property, be that requirement explicitly in your contact or not.

Re:Sounds pretty fair (0)

Anonymous Coward | more than 4 years ago | (#33172828)

And that is worth a 4 year prison sentence?!

Re:Sounds pretty fair (2, Insightful)

erroneus (253617) | more than 4 years ago | (#33172834)

In short, it is good he is out of the profession that many of us dutifully carry out. Four years is a bit much, but he will do less. A year would be good if that's the amount of time he serves. I think it doesn't matter how stupid or unreasonable his bosses may have been. Once they ask for keys/passwords/information, it becomes their responsibility. They wanted to fire him. He only made things worse for himself by making the firing high profile. Can't stop getting fired if that's their intention. He should have been thinking of how all of this might look on his resume. This just proves how short-sighted he is.

It's good for all of us that he's out of the game.

Re:Sounds pretty fair (1)

etymxris (121288) | more than 4 years ago | (#33173044)

A year would be good if that's the amount of time he serves.

He's already served over 2 years.

Re:Sounds pretty fair (1)

metallurge (693631) | more than 4 years ago | (#33173282)

[...] at work, the computers are not yours. They don't belong to you. They belong to the organization you work for. Part of that means the origination gets to decide who has access. You can (and should) have input in to that, and should make sure it is all documented, but ultimately the systems belong to them and you need to do as they say.

While the organization clearly owns the computers, you the sysadmin are entrusted with stewardship of them, for as long as you are in that role.

Which brings in the matter of chain-of-command and authority. If the organization has a policy regarding access control, and your boss is asking for access beyond his designated authority, then you are kindof in a no-win scenario. Sometimes, being a good steward of resources, and acting in the best interest of the organization, may mean making people mad. I guess it sometimes comes down to the difference between doing the right thing and following orders.

I personally am willing to forgive someone who is trying to be a good steward and trying to do the right thing, even if they are wrong in hindsight or incompetent.

It really bites to be a steward in a dysfunctional management system. I have a great deal of empathy for anyone in such a situation. It bites even worse to be removed as steward, to care about handing over things properly, to have the dysfunctional management system prevent that from happening, and to see how your departure is going to be used as an excuse to cover all sorts of management incompetence as you take the fall. Not that I am claiming those are the facts of this case. But that was my first reaction, which has surely been colored by my own experiences.

Car crash (0)

Anonymous Coward | more than 4 years ago | (#33172720)

What if he had died in a car crash? Think of the pile up of work then!

Silly!

what if he forgot? (1)

StripedCow (776465) | more than 4 years ago | (#33172734)

what if he just forgot the passwords?

Re:what if he forgot? (0)

Anonymous Coward | more than 4 years ago | (#33173100)

What if you just read about the case before blurting out what-ifs?

Easy Time, Future Jobs (4, Funny)

Sponge Bath (413667) | more than 4 years ago | (#33172740)

He will likely do only 6 months of actual jail time and he can declare bankruptcy to avoid the $900K claimed by the city. By this time next year, he can exercise his control freakery at KFC protecting the Colonel's secret recipe.

Re:Easy Time, Future Jobs (1)

bsDaemon (87307) | more than 4 years ago | (#33172756)

I thought that bankruptcy didn't get you out of debt with the government? It's possible that I'm mistaken, or that laws are just different in CA, since I've never had to declare bankruptcy. But, yeah, he'll probably not do the full 4 years.

Re:Easy Time, Future Jobs (1)

Delwin (599872) | more than 4 years ago | (#33172914)

student loans and court ordered penalties are the two things bankruptcy cannot eliminate.

Re:Easy Time, Future Jobs (0)

Anonymous Coward | more than 4 years ago | (#33173050)

student loans and court ordered penalties are the two things bankruptcy cannot eliminate.

That's why, when times are tough, you should always keep paying your student loans, even double up on payments if you can, and take out every credit card you can get your paws on. The credit card debt you can get out of, the student debt, not so much.

Of course, I was stupid in college, kept telling myself I didn't need to take out those big loans, and then had to decide whether to put more money on my credit card or eat Ramen for the 28th day in a row once the living expenses of a being in a big college town started hitting me hard.

Re:Easy Time, Future Jobs (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33172934)

They still ruined a mans life.. over a password.

did he steal or destroy anything of value? was anyones life put in danger? did he HARM anything at all but the ego of some of his asshole bosses?

Way to go americia. Just as bad as any 3rd world shithole dictatorship. But with a better PR department and a mcdonalds on every corner. And we don't kill you directly.
We just ruin your life and put you with people who will kill you.

Makes me glad, Yet again. I got the fuck out of IT. When things work right you get no rewards. When things go wrong you get all the blame.

Re:Easy Time, Future Jobs (3, Insightful)

virg_mattes (230616) | more than 4 years ago | (#33173024)

They still ruined a mans life.. over a password.

No, they ruined his life over criminal interference. Read the court records.

did he steal or destroy anything of value? was anyones life put in danger? did he HARM anything at all but the ego of some of his asshole bosses?

His action directly resulted in over $200,000 in lost money. That money was spent cleaning up the problems he caused through purposeful effort on his part. Do you think that money has no value? If he'd done $200,000 dollars of damage by attacking the server room with a crowbar, would that have made it different? It doesn't matter that he didn't endanger anyone's life. Someone who forges a check and steals your bank account doesn't threaten your health.

Way to go americia. Just as bad as any 3rd world shithole dictatorship. But with a better PR department and a mcdonalds on every corner. And we don't kill you directly. We just ruin your life and put you with people who will kill you.

Oh, boo hoo. Maybe if he'd avoided breaking the law and doing nearly a quarter million dollars in damage he'd have avoided going to jail. The court records plainly show that he did this in an effort to keep everyone else, including his bosses, out of the systems, and that's not his place any more than he had the right to install locks on the doors and not let anyone into the building. If he didn't do it on purpose to make himself irreplaceable, then he'd have to be astonishingly bad at his job.

Makes me glad, Yet again. I got the fuck out of IT. When things work right you get no rewards. When things go wrong you get all the blame.

I have to say, based on this comment, that I'm glad you got out of IT as well.

Virg

Re:Easy Time, Future Jobs (0)

Anonymous Coward | more than 4 years ago | (#33173128)

They still ruined a mans life.. over a password.

No, they ruined his life over criminal interference. Read the court records.

"They" didn't ruin Terry Childs' life.

This end result is entirely the fault of Mr. Childs due to his unrelenting unreasonableness.

Re:Easy Time, Future Jobs (5, Interesting)

JakiChan (141719) | more than 4 years ago | (#33173216)

So when they had had to shut down the city VPN for days because of the morons that put all the passwords in court documents...that was a "denial of service" as well. Why haven't those people been arrested?

$200,000 to get some real IT guys in there as they (1)

Joe The Dragon (967727) | more than 4 years ago | (#33173224)

$200,000 to get some real IT guys in there as they locked 1 of ones who where left there after lay offs.

Re:Easy Time, Future Jobs (4, Funny)

Pharmboy (216950) | more than 4 years ago | (#33172774)

By this time next year, he can exercise his control freakery at KFC protecting the Colonel's secret recipe.

Oh great, then I will have to stand in line for 10 days just to get freaking chicken because he won't let the cooks know which 11 herbs and spices to use in the crust, or worse, he will lie about the herbs and it will taste just like Bojangles chicken instead.

Re:Easy Time, Future Jobs (1)

monstermagnet (101235) | more than 4 years ago | (#33173322)

He will likely do only 6 months of actual jail time

Nope. Conviction of a Federal crime in a U.S. (not state) court means he will do 85% of the time sentenced (with a few outs that are not relevant here, like executive clemency).

Another reason why you generally don't want to mess with the Feds.

Technology / Hacking Laws (5, Interesting)

Manip (656104) | more than 4 years ago | (#33172778)

This just goes to show how asinine most "anti-hacking" laws are. Most were written in the 1980s during a big moral panic about "hackers" bringing down the telephone network, corporate networks, and western civilisation as we know it. You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.

It is interesting that in this case Terry Childs did very little actual damage but got 4 years. In fact more damage was done when the prosecutor decided to publish a list of working passwords for the cities computer network. Just goes to show the kind of technophobic old people working in the city offices and in law.

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.

Re:Technology / Hacking Laws (0)

Anonymous Coward | more than 4 years ago | (#33172852)

I believe it was mentioned that one of the jurors had a CCIE or something like that.

Re:Technology / Hacking Laws (2, Funny)

Anonymous Coward | more than 4 years ago | (#33172860)

Rapists by rapists? Brokers by brokers? GPL v3 by GPL v3? No thx, I prefer people by people.

Re:Technology / Hacking Laws (2, Funny)

happy (7659) | more than 4 years ago | (#33172874)

I like the idea of being judged by your peers.

Rapers should be judged by rapers, at least they'll get how far this person has stepped out of line. Oh wait...

Re:Technology / Hacking Laws (0, Redundant)

Manip (656104) | more than 4 years ago | (#33172890)

I was talking about professional or highly skilled work areas. Since all of my examples were jobs, rather than crimes. I somehow thought that your average /.'er wouldn't need it spelt out to them - clearly I overestimated some of you.

Re:Technology / Hacking Laws (1)

karnal (22275) | more than 4 years ago | (#33173192)

And I thought slashdotters would have a sense of humor. I LOLd.

we needs tech jurys for cases like this or some ki (1)

Joe The Dragon (967727) | more than 4 years ago | (#33173250)

we needs tech jury's for cases like this or some kind 3rd party IT resource that can tell the jury about how stuff in the case works and give out real world setups are setup and work not book cases based on what you see in the M$ tests.

Well as it happens (5, Informative)

Sycraft-fu (314770) | more than 4 years ago | (#33172876)

Mr. Childs DID have a peer (or more realistically a better) on his jury. One of the jurors has a CCIE and works in network. See http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] for the details. Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.

The problem is that he flat out broke the law, and it was pretty obvious he knew he was doing wrong, he just thought they couldn't touch him. He had become infected with the sysadmin diesase of thinking that he owned the systems and could do as he pleased, and that he could make himself indispensable.

So sorry, but don't try and pass this off as "stupid jurors." The man had someone with the peak of network training sitting on his jury.

Re:Well as it happens (1)

noidentity (188756) | more than 4 years ago | (#33173026)

Mr. Childs DID have a peer (or more realistically a better) on his jury. [...] Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.

But was he a fully-informed [fija.org] juror?

Re:Well as it happens (1, Insightful)

Anonymous Cowpat (788193) | more than 4 years ago | (#33173054)

he was a stupid juror. He failed to use his experience to consider whether it was the right, or appropriate, or professional thing to do. He followed the judge's instruction that they were only to consider the law as written (which is not the case, and defeats the whole object of juries), and voted 'guilty'. Says it in the rather self-important spiel he wrote a few days later.

You can shout 'he wasn't stupid, he had a CCIE', but the fact is that he didn't think like a responsible juror and ignore the judge's instruction to not think like a responsible sysadmin. (I make no comment on what a responsible sysadmin ought to conclude about the situation, merely that the juror in question specifically didn't consider the situation in that light, despite being qualified to do so.)

Re:Well as it happens (4, Insightful)

Sarten-X (1102295) | more than 4 years ago | (#33173366)

The point of a jury isn't to selectively apply laws. It is to determine whether the evidence indicates that the law was broken, with intent, and without any mitigating circumstances.

Childs locked down systems without documenting the changes. He did not take any steps to ensure continuous service in his absence. He put extra effort towards implementing systems that others couldn't access. He broke the law.

He refused to turn over passwords when leaving. When asked, he lied. That strongly indicates intent.

There has been no mention of blackmail or extortion. Nothing has indicated a legally-relevant level of insanity. He was not tragically injured just moments before handing over the passwords. There were no mitigating circumstances.

Childs is pretty clearly guilty. The fact that he's in IT is irrelevant.

Re:Well as it happens (0)

Anonymous Coward | more than 4 years ago | (#33173418)

Actually, with jury nullification, it is their job to selectively apply laws if the laws are outrageous.

Re:Technology / Hacking Laws (0)

Anonymous Coward | more than 4 years ago | (#33172966)

Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail.

You are naive to think he is sentenced to jail for doing something wrong. No. He got a jail sentence for pissing off someone in power.

With laws made to be so complex and overreaching, the prosecutor has a lot of leeway in pursuing a light or heavy sentence. Even if the judge are jury are complete impartial and knowledgeable (which I doubt, especially "knowledgeable" on technical matters), they can only rule/give verdict based on the charges brought forth. This means that if you pissed off someone in power, the prosecutor can make it so your charges are disproportional to the actual crime (if any) you commit, and would ruin your life no matter how the court rules.

In this case, even if the jury had given a not guilty verdict, Childs' career is basically over, and he had already been sitting in jail for the whole process.

Re:Technology / Hacking Laws (3, Insightful)

Mike1024 (184871) | more than 4 years ago | (#33172980)

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

Wouldn't that create the situation where professional communities could just decide for themselves what the law was?

BP's CEO has broken pollution laws? Not according to a jury of oil company CEOs!

Re:Technology / Hacking Laws (2, Insightful)

noidentity (188756) | more than 4 years ago | (#33173046)

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

You haven't thought this idea through very far. Politicians judged by fellow politicians, gang members judged by fellow gang members, need I go on?

Re:Technology / Hacking Laws (4, Insightful)

virg_mattes (230616) | more than 4 years ago | (#33173094)

You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.

His actions ended up costing his employer a big pile of money. This wasn't a prank, it was a purposeful lockout to make himself indispensable.

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such.

There was a network admin with a CCIE on the jury. He got exactly what you wanted for him.

Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.

It makes for a nice conspiracy, but the reason stated for holding him in jail (well, for applying for a very high bail so he'd have to stay in jail) is because he was a flight risk. He had already tried to flee the jurisdiction and at the time, he was suspected of having backdoor access points into the network. They were afraid that if he got out, he'd split and then attack the system remotely. Based on the case information (and the first attempt to flee) I'd say they were reasonably justified in holding him.

Virg

Re:Technology / Hacking Laws (1)

Corbets (169101) | more than 4 years ago | (#33173350)

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

And CEOs by CEOs? I see that going down really well in these parts. :)

Properly documented policies... (2, Insightful)

cwills (200262) | more than 4 years ago | (#33172814)

Properly documented policies could have helped in this situation.

A policy should have been in place that defined who the business owner (management) of the resource was (network in this case). It is the responsibility of management to ensure that they define who has a business need for access (and have it documented), and it's the responsibility of the tech grunt to run the system (or network) for the business owner.

The key point is that as a non-manager type person, if management says jump, get it in writing and jump. Management is ultimately responsible for the system and network to the business. If management has made bad choices or decisions, it's their fault and if the request or actions leading up to the failure are documented, that admin can refer to that.

All organizations should at least have a documented policy of who can have access to resources and that the business owner of the resource can be easily determined. The business owner needs to be someone who is legally responsible to the organization (i.e. an executive, or someone high enough in management).

As a system administrator, you should insist on having this documented just to protect yourself. If you suspect that there is some management decisions that could jeopardize the operation of the system, document it, report it to the business owner and let them make the final decision (with documentation).

In the case of Terry Childs, had this been documented, he would have been able to either say that the person who was requesting the passwords did not have a business need (and would be able to back that statement with documentation), -or- if the person did have authority to have access, he could have simply have documented why it was a bad decision, hand the passwords over and walk away from it.

Yes there is a pride element. You've spent years building up a system and making it shine, but unless you are running your own business, you are not the legal owner of that system.

Correct (2, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#33172894)

If things aren't well documented at your work, push to get them documented. This is better for everyone involved. Have it clearly spelled out who can have access to what and under what circumstances.

For example where I work, the policy is that all shared passwords have to be kept in a safe that my boss has. Under normal circumstances, he is the only one with access. I don't know the circumstances that someone higher up can get access, since that really isn't my problem. However it is all well laid out. So long as my boss keeps the passwords there, he's in the clear.

So if you are in a situation where you are one of the few, or the only person, with access to something critical, make sure it is done right. Check and see if there is a policy and if so follow it. If not, work to have one created. It'll keep you in the clear and make everything much easier. You then don't have to ponder "Should this person get access," you have a policy that states it.

Re:Properly documented policies... EXACTLY (1)

cjacobs001 (644842) | more than 4 years ago | (#33172994)

I was thinking the scenario was as follows: 1. He was employed as the sys admin and as such had obtained the focus to be the top person responsible for protection of the network. 2. His reluctance to give up the passwords was caused by his position that those people wanting the passwords were unskilled and had proposed not-safe activities on\to the network and so he deemed it the safest move he could have done to save himself from being responsible for any resulting damages, as well as to protect the network, not to cough them up. 3. His employer then searched for the passwords, which should have been accessible by someone else in the chain of responsibility, and received none because said employer had not already had in place the safeguards necessary to avoid this very situation (which, ultimately, is what created the situation in the first place). 4. He then continued to refuse based upon the reasoning stated in #2, above, after speaking to (people) claiming, mostly, "principals" as reason-enough, but also that the use of the network was not being 'denied', -so how could they charge him with denial of service, AND based upon the fact that he was doing, in every aspect of consideration, EXACTLY as he had always done regarding his position and protection of the network, based upon the processes and procedures and safeguards in place during his entire time of employment. 5. Employer found itself in awkward, perhaps embarrassing predicament and could not, based upon the man's 'principals' (which were cause for him to be hired into the position to begin with) force him to allow the not-safe-for-the-network access, and decided to go with what the State wanted to do, prosecute the man as an example. 6. He was arrested and charged under CA's new laws. 7. He lost. No mention of improprieties in the actions of the court have been heard, so what is there to 'appeal'? "All" should now be 'noticed' of this possibly happening to them. All should now be prepared to 'give-up' your principals when\if it comes out that your employer is\has been slacking in its responsibilities regarding this type of situation. (which may also mean disqualifying yourself for REAL responsible jobs in the future.) All should take note to make sure that the job you are in, and all future positions, is one where the employer IS already taking the safeguards.

Re:Properly documented policies... EXACTLY (1)

cjacobs001 (644842) | more than 4 years ago | (#33173112)

of course, after posting I read http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] [networkworld.com] for the details, and maybe my thinking has changed somewhat, BUT, not as to the employer being ultimately prepared with proper polices and procedures. more coffee!

Re:Properly documented policies... (0)

Anonymous Coward | more than 4 years ago | (#33173146)

Are you seriously claiming that none of the following : the COO, your boss, or a properly authorized police officer, have a right to hear the passwords of the systems you're administering ?

The guy knew he was getting fired and was trying to extort his employer.

Well (3, Insightful)

vgbndkng (1806628) | more than 4 years ago | (#33172896)

From a purely ethical standpoint, he wasn't very. As for a four year sentence given the nature of the crime, personally I think that's incredibly absurd and yet equally indicative of the judicial system in the US.

The cost of bad policy (2, Insightful)

GaryOlson (737642) | more than 4 years ago | (#33172920)

The network for the city of San Francisco will now be managed forever by an outsourced company with a phalanx of lawyers. No single individual will ever accept the liability of the clusterf@&! which is San Francisco bureaucracy. The cost of this trial is minuscule to the ongoing costs which will be incurred paying for outsourced network overhead.

Quoting Carlos Mencia (0, Flamebait)

broknstrngz (1616893) | more than 4 years ago | (#33173020)

"How the fuck is this news?". Really. Slashdot readers are vastly outnumbered by the dumbasses out there, who luckily we don't keep track of. Why should this one be any different? Seems he's a slow news day's go-to story.

No right to be silent (1)

dbIII (701233) | more than 4 years ago | (#33173380)

It's news because it worries us now that instead of being one office politics clusterfuck away from being fired we are one office politics clusterfuck away from being jailed if we can't keep our temper.
If reasonable people were involved it would either never have got to trial or been a simple one day case if he was clearly in the wrong. Instead it was untrustworthy weasels out to make an example of him that never giving him a chance to hand things over even if he wanted to until the Mayor could get time in front of the camera.

Lessons: (1)

John Hasler (414242) | more than 4 years ago | (#33173332)

1) Never take a government job.
2) Stay out of California.

Rotten Court (1)

b4upoo (166390) | more than 4 years ago | (#33173414)

From my point of view his obligations to the employer ceased the instant he was fired. I don't feel that any justice at all took place in this affair. Our courts and laws have gone over the edge. What is more serious? A drunk driving incident in which no serious injuries took place or failure to hand over a password? Justice may supposed to be blind and level but nobody ever suggested that justice should be as stupid as a stone.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?