Beta

# Slashdot: News for Nerds

×

### Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

# Ex-SF Admin Terry Childs Gets 4-Year Sentence

#### timothy posted more than 3 years ago | from the if-only-he-knew-the-password-to-jail dept.

432

Robert McMillan writes "You remember Terry Childs, right? He was finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."

cancel ×

### strike it up (-1, Troll)

#### Anonymous Coward | more than 3 years ago | (#33172672)

yet another reason why america has become a country of insanity.

### So... (2, Interesting)

#### valeo.de (1853046) | more than 3 years ago | (#33172678)

Now that he's been sentenced, does this mean that more accirate details about the case will finally come to light? A lot of what I've read seemed to be mostly hearsay with hard facts hard to come by...

### Re:Justice is Served (0, Troll)

#### shentino (1139071) | more than 3 years ago | (#33173144)

Not to mention letting the big guys get free sex whenever they want.

### Re:Justice is Served (5, Insightful)

#### Joce640k (829181) | more than 3 years ago | (#33173260)

This.

The people who really ought to be having a miserable time in prison get a free pass to carry on tormenting and hurting other people for their own amusement. Other people who have nowhere to escape and nobody to turn to for help.

### Re:Justice is Served (1)

#### Jamu (852752) | more than 3 years ago | (#33173314)

Prison is supposed to be a loss of freedom, not a loss of basic human rights.

Liberty is a basic human right.

### Re:Justice is Served (-1, Flamebait)

#### Kilrah_il (1692978) | more than 3 years ago | (#33172752)

Because it's funny! That's what makes it a joke. Not every joke has to be totally PC.
I agree, it's not fine to wish someone to be raped, but as a joke that does not affect what will happen to him in jail... I don't see the problem. I somehow don't think his cell mates will read /. and get the idea "Hey, maybe we should rape him!"*

* And if they will, that will give a new meaning to "being slashdotted" :)

### How is it a joke or funny? (1)

#### warrax_666 (144623) | more than 3 years ago | (#33172766)

I really don't get it. What's supposed to be funny about it?

Most (all?) jokes are based on setting up a premise and then surprising the reader/listener by somehow violating that premise. What the premise and the surprise supposed to be with the "PMITA prison" and rape "jokes"?

### Re:How is it a joke or funny? (4, Insightful)

#### Cwix (1671282) | more than 3 years ago | (#33172822)

People joke about what they are scared of.

### Re:Justice is Served (5, Insightful)

#### Jedi Alec (258881) | more than 3 years ago | (#33172866)

Making jokes the way Americans do about "pound me in the ass prison" indirectly condones the fact that such a prison system exists. Heck, how many tv shows have a cop quickly whispering into the ear of the just arrested (and hence not convicted eg innocent) perp about what's going to happen to him in jail?

### Re:Justice is Served (4, Insightful)

#### Hognoxious (631665) | more than 3 years ago | (#33173064)

On the other hand, I rather doubt that refraining from making the jokes would lead to imminent abolition or reform of those institutions.

### Re:Justice is Served (2, Insightful)

#### Joce640k (829181) | more than 3 years ago | (#33173270)

The problem isn't the joke, the joke is fine. The problem is that it's really going to happen, that we all know it and that we do nothing about it

Look at my sig.

### Re:Justice is Served (2, Informative)

#### Anonymous Coward | more than 3 years ago | (#33173318)

Is assault & battery funny? Of course not, but it is when the Three Stooges did it. Is gun violence funny? No, but we laugh when Yosemite Sam does it. Bad things are funny. Really bad things not so much, and there's no real objective way to draw that line, but something like a male criminal getting it in the pooper...well, pretty overdone, not too funny, and in the end you would hope it doesn't happen as the punishment would be nowhere near close to fitting the crime (I would certainty hope they're not holding him with violent criminals who would do that sort of thing), but I don't get all the righteous indignation over merely mentioning it in some sort of attempt at humor.

### Re:Justice is Served (1)

#### Schlacht (18295) | more than 3 years ago | (#33173348)

Probably because for so many prison turns into a free ride, easy time, then get back out and go back to the same effed up lifestyle of disrespecting the society they live in. It's different for everyone, but it seems that going to prison is not such a big deal, and the fear of being arsch-raped is. But this is missing the point.

Why he was sentenced, found guilty, or even on trail is the question. What did he do wrong? I think his supervisors are at fault for not keeping tighter guidelines for him to follow, and that is that. SyCraft-Fu puts it well, "Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours."

### White collar criminal (1)

#### Mathinker (909784) | more than 3 years ago | (#33172782)

My impression is that there are separate facilities for white-collar criminals, so he probably won't have to interact with rapists and murderers. Am I being optimistic?

### Re:White collar criminal (1)

#### drinkypoo (153816) | more than 3 years ago | (#33172996)

My impression is that there are separate facilities for white-collar criminals, so he probably won't have to interact with rapists and murderers. Am I being optimistic?

There are separate facilities for embezzlers and the like who are very rich and who cut a deal with someone. You don't get sent to a country club prison unless you're part of the gang.

### Re:White collar criminal (1)

#### RabbitWho (1805112) | more than 3 years ago | (#33173276)

Exactly! I was reading an article recently about a 60 year old gardener who went to prison for not filling out some forms and technically "smuggling" orchids. He was put in with violent offenders.
Non violent criminals should not be put in prison at all. There has to be some other more effective, less expensive, and safer way to punish people.

This is the exact same thing. 4 years for taking your job too seriously!?

### Re:White collar criminal (1)

#### Joce640k (829181) | more than 3 years ago | (#33173278)

Sure ... unless the white collar prison happens to be full that day, or the psychologist gets it wrong, or he's left in a holding cell for a few days before transportation, or any of the other ways the system can fail...

### Overlords (0, Troll)

#### jcookeman (843136) | more than 3 years ago | (#33172704)

Screw with your gov't overlords.....then prepare to be punished.

### Sounds pretty fair (5, Insightful)

#### Sycraft-fu (314770) | more than 3 years ago | (#33172708)

Especially when you read the story of one of the jurors who has a CCIE (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html). This wasn't a case of some PHB demanding access to something he shouldn't have. This was a case of an egomaniac sysadmin trying to make himself irreplaceable by locking everyone else out. When called on this he refused, bluffed, and finally lied.

For me, the lying part is where it clearly went to criminal levels. I suppose some of the other things he did (like store the WAN config only in memory, not saved to flash and keep the only backup on his laptop) could possibly be justified as just being paranoid and poorly educated in actual security practice. However when he gave his supervisors false passwords, lied to them, to me that showed clearly that he knew he was in the wrong. He knew he was supposed to give up the passwords but wouldn't.

Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours. They don't belong to you. They belong to the organization you work for. Part of that means the origination gets to decide who has access. You can (and should) have input in to that, and should make sure it is all documented, but ultimately the systems belong to them and you need to do as they say.

As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.

### Re:Sounds pretty fair (1, Informative)

#### Anonymous Coward | more than 3 years ago | (#33172764)

"When called on this he refused, bluffed, and finally lied."

And he also tried to flee, at which point he was arrested.

### Re:Sounds pretty fair (3, Insightful)

#### Stargoat (658863) | more than 3 years ago | (#33172792)

And then once you've been fired, you must always be available to your company to provide that service?

As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.

My responsibilities and duties as an IT worker end the moment I quit or someone fires me. I do not like the precedence this trial sets. Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords. What about basic services that I created? Must I be available to provide those? What about not so basic services? "You are the one who designed the widget software and we do not think your documentation is complete. Come show us how this works or we will throw you in jail."

No, this Childs trial has created a dangerous precedence. The IT worker is held to a standard above that of officers, managers, and other employees. I am very not comfortable with that, and you should not be either.

### No but you have to give them access before you go (5, Insightful)

#### Sycraft-fu (314770) | more than 3 years ago | (#33172830)

Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.

You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.

### Re:No but you have to give them access before you (3, Insightful)

#### Stargoat (658863) | more than 3 years ago | (#33172862)

Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.

You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.

You and I may see the difference, but can your luddite boss and his luddite lawyer? You might think that laws and court rulings are based on responsible understandings of the facts, but then you would be wrong.

### Re:No but you have to give them access before you (4, Interesting)

#### Sycraft-fu (314770) | more than 3 years ago | (#33172906)

Well I'm just not sure how to respond to such obstinance. There is plenty of information out there as to why the jury voted as they did and what law was broken and so on. If you are unwilling to read and understand that, I can't help you. Some people just want to be paranoid, I guess.

Also this "Luddite boss" thing really reeks of ego mania. Far too many sysadmins think they are the Smartest Motherfuckers in the Universe and that there is no way their boss could possibly understand any of this because he's not as good at tech. Turns out that's often not the case, a manager may understand technology and more important the limits of their own knowledge about technology just fine. They may well be an intelligent individual, just with some different skills than yourself.

I'm not saying some aren't dumbassess, but then so are some sysadmins. I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

### Re:No but you have to give them access before you (4, Interesting)

#### Dwonis (52652) | more than 3 years ago | (#33173234)

I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

It's also bad engineering. If the system is so fragile that you're the only one who can work on it, then you're doing a bad job. What if you get hit by a bus? What if you decide to quit so you can accept your dream job? Whatever you build should be (at least mostly) maintainable by any other average practitioner with similar credentials.

### Re:No but you have to give them access before you (1)

#### bev_tech_rob (313485) | more than 3 years ago | (#33173284)

Once you leave a company, you don't have to support shit as long as you haven't signed some stupid contract forcing you to do so. If they have the passwords and can access THEIR systems, they can do what they want. Of course if they call you back, you can always charge them out the ass in consulting fees, but you don't HAVE to come back and work for them. They can always hire someone else if you don't wish to work for them. This isn't indentured servitude.

### Re:No but you have to give them access before you (1)

#### cervo (626632) | more than 3 years ago | (#33172978)

In my company the precedent is that when you are fired, you are no longer allowed to log onto your computer. Basically security comes/watches you pack from your desk and then you must leave, it's standard practice. They don't want to hear about passwords, etc.. they want you to get your stuff and leave. I would consider my obligations done if that happened to me. Because most passwords are in a textfile on my hard disk and many I don't remember.

But also my passwords are mostly for personal accounts so they can just go and create other accounts. But anyway when the escort you out like an animal I would end my obligations right there. Anything else, "sorry I don't remember, I'd need to poke around my computer to find it..oh wait I wasn't permitted back on...well good luck".

### he was not fired they moved him and gang rushed hi (1)

#### Joe The Dragon (967727) | more than 3 years ago | (#33173158)

he was not fired they moved him and gang rushed him for the passwords.

### Re:Sounds pretty fair (0)

#### Anonymous Coward | more than 3 years ago | (#33172838)

My responsibilities and duties as an IT worker end the moment I quit or someone fires me. I do not like the precedence this trial sets. Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords. What about basic services that I created? Must I be available to provide those? What about not so basic services? "You are the one who designed the widget software and we do not think your documentation is complete. Come show us how this works or we will throw you in jail."

No, this Childs trial has created a dangerous precedence. The IT worker is held to a standard above that of officers, managers, and other employees. I am very not comfortable with that, and you should not be either.

Well, so far as it goes, an IT worker who doesn't prepare their systems for them up and leaving, or even for them being hit by a bus, may well be failing to do their job properly. The degree to which they should prepare for that would depend heavily on their responsibilities, so I'm not going to pretend there is some bright line standard to follow, but the idea that one can fail to be responsible for leaving?

It's not inconceivable.

### Re:Sounds pretty fair (2, Insightful)

#### Anonymous Coward | more than 3 years ago | (#33172850)

If you are fired or quit, you must hand over the keys to the office, don't you? Even after you are fired. If you refuse to do this, you may well be liable for that.

### Re:Sounds pretty fair (1)

#### TheSunborn (68004) | more than 3 years ago | (#33172858)

I don't think he is hold to higher standards. If a paranoid office manager for example had changed all locks in the office*, and he was the only one with the new keys, he would have faced the same sense if he refused to give the keys when to his boss.

My responsibilities and duties as an IT worker end the moment I quit or someone fires me

They do with the exception that you have to deliver anything you have which belong to the company back to the company. So if you are fired you still have to hand back that company laptop, even if you currently store it at home. Passwords are not that different.

But as a competent sysadmin, I hope you don't admin any systems where you are the only one with the passwords. And I really hope there are systems where you store the config in a way where you are the only one with access. Remember: If you were paid to make it by the company it belong to the company and must be returned upon termination. This goes for both hardware, configuration files and other data you store which belong to the company.

*You may laugh, but something close to this did happen. But the guy did hand over the keys when the police came to get them and that was the end of that case.

### but you don't give them over the speaker phone and (1)

#### Joe The Dragon (967727) | more than 3 years ago | (#33173132)

but you don't give them over the speaker phone and in a big group you make so if some messes up you are not at fault.

### Re:Sounds pretty fair (2, Informative)

#### dtbw (716889) | more than 3 years ago | (#33172864)

"Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords." No, but if your management or your customer directs you to grant access while you are still employed you are required to do so regardless of your opinion of their technical expertise. You might take pride in your network but guess what. It's not YOUR network. You're just paid to maintain it. Just document the access request to cover your rear and do what you're told. If they screw up the system, you are not obligated to restore it if you wish to resign or have already been fired. You already gave the them access they need to fix it themselves or hire someone else.

### Re:Sounds pretty fair (1)

#### petes_PoV (912422) | more than 3 years ago | (#33172886)

What about basic services that I created?

So far as software or processes you may create are concerned, any true sysadmin would have documented them as part of the original project. If you didn't, well that just speaks to your level of professionalism - whether you were explicitly asked to write stuff down or not.

While you could take a position that it's "the management's" duty to make sure all the supporting information they require is present, if they fail in this, that doesn't absolve you from not doing it. It just means that you work for idiots and should know better, yourself.

### Re:Sounds pretty fair (1)

#### The_Wilschon (782534) | more than 3 years ago | (#33172968)

Ok, sure. If you fail to document stuff adequately, you're doing poorly at your job. Possibly grounds for being fired. But you want to throw someone in jail for being bad at their job? That's ludicrous!

### Re:Sounds pretty fair (4, Insightful)

#### tsotha (720379) | more than 3 years ago | (#33172888)

When you quit or get fired you have to return the keys to your office, don't you? Why should the electronic stuff be any different?

### Re:Sounds pretty fair (0)

#### drinkypoo (153816) | more than 3 years ago | (#33172970)

When you quit or get fired you have to return the keys to your office, don't you? Why should the electronic stuff be any different?

Yes, you are completely correct: If you quit or are fired you will need to return any RSA keyfobs or similar. Password's just a piece of information. Do you believe copyright infringement is theft?

### People are missing the point (5, Insightful)

#### Sycraft-fu (314770) | more than 3 years ago | (#33173016)

It isn't about PASSWORDS it is about ACCESS. He had sole access to some systems, including some very critical ones. He wouldn't turn over access. In some cases, this would have meant creating accounts for other people. In other cases, this would have meant handing over the password. Remember that some things like root or enable have only one password.

So the issue wasn't that he wouldn't give up his own personal password, the issue was that he was denying the rightful owners of the systems (the city) access to those systems.

Also please note this all started way before he got canned.

### Re:Sounds pretty fair (3, Informative)

#### Anonymous Coward | more than 3 years ago | (#33172900)

He wasn't fired. He was apparently going to be reassigned to a new job, but not fired. While still employed and in preparation for his new assignment (obviously someone else was going to have to have access to the system he was no longer going to be running) he sat in a room with an authorized person (who he had e-mailed passwords to certain of the routers the previous week), an HR person, and a police officer, and didn't turn over the passwords to the rest of the system when asked.

Child's situation has nothing to do with the scenario you describe because he was *employed* at the time and talking to his *current* boss.

### Re:Sounds pretty fair (0)

#### Anonymous Coward | more than 3 years ago | (#33173174)

Boy, are they gonna have problems getting the Company Car back if you're ever fired!

### Re:Sounds pretty fair (0)

#### Anonymous Coward | more than 3 years ago | (#33173264)

The IT worker is held to a standard above that of officers, managers, and other employees. I am very not comfortable with that, and you should not be either.

They should pay us more, then. And maybe treat us with some respect in the office.

### That is because you are wrong (5, Insightful)

#### aepervius (535155) | more than 3 years ago | (#33173294)

The process of "being fired" does not end your responsabilities with you stopping to work and going out of the building. It ends only when you :
1) gave back all physical object the firm loaned to you within the execution of your work (laptop, cars, etc...)
2) gave back all access key in your possession (be it physical, RSA keys, or electronics)
3) gave back all financial access you had to (firm credit card for example), and I may pass a few others.

If you do not think so, you are a "terry child in waiting", as in, risk prison if you think you can skimp on your responsability. being fired don't mean you can keep stuff from the firm, be it unique key knowledge (like passwords), or physical items.

It actually pretty dumb to think so. About as dumb as somebody keeping a laptop at home after being fired.

### Re:Sounds pretty fair (1)

#### VenomPhallus (904463) | more than 3 years ago | (#33173296)

"My responsibilities and duties as an IT worker end the moment I quit or someone fires me"

This is repeated every time the Childs case comes up, and it's wrong. An employment contract does not just cover day of first employment to day of last employment; there can be (and very frequently are) contractual duties that go beyond that. You'd still expect to be paid your final paycheck come the payday after leaving, presumably. And a company can hold you to non-compete or non-solicitation clauses. They can also require you to return company property, be that requirement explicitly in your contact or not.

### Re:Sounds pretty fair (0)

#### Anonymous Coward | more than 3 years ago | (#33172828)

And that is worth a 4 year prison sentence?!

### Re:Sounds pretty fair (2, Insightful)

#### erroneus (253617) | more than 3 years ago | (#33172834)

In short, it is good he is out of the profession that many of us dutifully carry out. Four years is a bit much, but he will do less. A year would be good if that's the amount of time he serves. I think it doesn't matter how stupid or unreasonable his bosses may have been. Once they ask for keys/passwords/information, it becomes their responsibility. They wanted to fire him. He only made things worse for himself by making the firing high profile. Can't stop getting fired if that's their intention. He should have been thinking of how all of this might look on his resume. This just proves how short-sighted he is.

It's good for all of us that he's out of the game.

### Re:Sounds pretty fair (1)

#### etymxris (121288) | more than 3 years ago | (#33173044)

A year would be good if that's the amount of time he serves.

He's already served over 2 years.

### Re:Sounds pretty fair (1)

#### metallurge (693631) | more than 3 years ago | (#33173282)

[...] at work, the computers are not yours. They don't belong to you. They belong to the organization you work for. Part of that means the origination gets to decide who has access. You can (and should) have input in to that, and should make sure it is all documented, but ultimately the systems belong to them and you need to do as they say.

While the organization clearly owns the computers, you the sysadmin are entrusted with stewardship of them, for as long as you are in that role.

Which brings in the matter of chain-of-command and authority. If the organization has a policy regarding access control, and your boss is asking for access beyond his designated authority, then you are kindof in a no-win scenario. Sometimes, being a good steward of resources, and acting in the best interest of the organization, may mean making people mad. I guess it sometimes comes down to the difference between doing the right thing and following orders.

I personally am willing to forgive someone who is trying to be a good steward and trying to do the right thing, even if they are wrong in hindsight or incompetent.

It really bites to be a steward in a dysfunctional management system. I have a great deal of empathy for anyone in such a situation. It bites even worse to be removed as steward, to care about handing over things properly, to have the dysfunctional management system prevent that from happening, and to see how your departure is going to be used as an excuse to cover all sorts of management incompetence as you take the fall. Not that I am claiming those are the facts of this case. But that was my first reaction, which has surely been colored by my own experiences.

### Car crash (0)

#### Anonymous Coward | more than 3 years ago | (#33172720)

What if he had died in a car crash? Think of the pile up of work then!

Silly!

### what if he forgot? (1)

#### StripedCow (776465) | more than 3 years ago | (#33172734)

what if he just forgot the passwords?

### Re:what if he forgot? (0)

#### Anonymous Coward | more than 3 years ago | (#33173100)

What if you just read about the case before blurting out what-ifs?

### Well as it happens (5, Informative)

#### Sycraft-fu (314770) | more than 3 years ago | (#33172876)

Mr. Childs DID have a peer (or more realistically a better) on his jury. One of the jurors has a CCIE and works in network. See http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] for the details. Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.

The problem is that he flat out broke the law, and it was pretty obvious he knew he was doing wrong, he just thought they couldn't touch him. He had become infected with the sysadmin diesase of thinking that he owned the systems and could do as he pleased, and that he could make himself indispensable.

So sorry, but don't try and pass this off as "stupid jurors." The man had someone with the peak of network training sitting on his jury.

### Re:Well as it happens (1)

#### noidentity (188756) | more than 3 years ago | (#33173026)

Mr. Childs DID have a peer (or more realistically a better) on his jury. [...] Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.

But was he a fully-informed [fija.org] juror?

### Re:Well as it happens (1, Insightful)

#### Anonymous Cowpat (788193) | more than 3 years ago | (#33173054)

he was a stupid juror. He failed to use his experience to consider whether it was the right, or appropriate, or professional thing to do. He followed the judge's instruction that they were only to consider the law as written (which is not the case, and defeats the whole object of juries), and voted 'guilty'. Says it in the rather self-important spiel he wrote a few days later.

You can shout 'he wasn't stupid, he had a CCIE', but the fact is that he didn't think like a responsible juror and ignore the judge's instruction to not think like a responsible sysadmin. (I make no comment on what a responsible sysadmin ought to conclude about the situation, merely that the juror in question specifically didn't consider the situation in that light, despite being qualified to do so.)

### Re:Well as it happens (4, Insightful)

#### Sarten-X (1102295) | more than 3 years ago | (#33173366)

The point of a jury isn't to selectively apply laws. It is to determine whether the evidence indicates that the law was broken, with intent, and without any mitigating circumstances.

Childs locked down systems without documenting the changes. He did not take any steps to ensure continuous service in his absence. He put extra effort towards implementing systems that others couldn't access. He broke the law.

He refused to turn over passwords when leaving. When asked, he lied. That strongly indicates intent.

There has been no mention of blackmail or extortion. Nothing has indicated a legally-relevant level of insanity. He was not tragically injured just moments before handing over the passwords. There were no mitigating circumstances.

Childs is pretty clearly guilty. The fact that he's in IT is irrelevant.

### Re:Well as it happens (0)

#### Anonymous Coward | more than 3 years ago | (#33173418)

Actually, with jury nullification, it is their job to selectively apply laws if the laws are outrageous.

### Re:Technology / Hacking Laws (0)

#### Anonymous Coward | more than 3 years ago | (#33172966)

Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail.

You are naive to think he is sentenced to jail for doing something wrong. No. He got a jail sentence for pissing off someone in power.

With laws made to be so complex and overreaching, the prosecutor has a lot of leeway in pursuing a light or heavy sentence. Even if the judge are jury are complete impartial and knowledgeable (which I doubt, especially "knowledgeable" on technical matters), they can only rule/give verdict based on the charges brought forth. This means that if you pissed off someone in power, the prosecutor can make it so your charges are disproportional to the actual crime (if any) you commit, and would ruin your life no matter how the court rules.

In this case, even if the jury had given a not guilty verdict, Childs' career is basically over, and he had already been sitting in jail for the whole process.

### Re:Technology / Hacking Laws (3, Insightful)

#### Mike1024 (184871) | more than 3 years ago | (#33172980)

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

Wouldn't that create the situation where professional communities could just decide for themselves what the law was?

BP's CEO has broken pollution laws? Not according to a jury of oil company CEOs!

### Re:Technology / Hacking Laws (2, Insightful)

#### noidentity (188756) | more than 3 years ago | (#33173046)

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

You haven't thought this idea through very far. Politicians judged by fellow politicians, gang members judged by fellow gang members, need I go on?

### Re:Technology / Hacking Laws (4, Insightful)

#### virg_mattes (230616) | more than 3 years ago | (#33173094)

You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.

His actions ended up costing his employer a big pile of money. This wasn't a prank, it was a purposeful lockout to make himself indispensable.

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such.

There was a network admin with a CCIE on the jury. He got exactly what you wanted for him.

Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.

It makes for a nice conspiracy, but the reason stated for holding him in jail (well, for applying for a very high bail so he'd have to stay in jail) is because he was a flight risk. He had already tried to flee the jurisdiction and at the time, he was suspected of having backdoor access points into the network. They were afraid that if he got out, he'd split and then attack the system remotely. Based on the case information (and the first attempt to flee) I'd say they were reasonably justified in holding him.

Virg

### Re:Technology / Hacking Laws (1)

#### Corbets (169101) | more than 3 years ago | (#33173350)

I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

And CEOs by CEOs? I see that going down really well in these parts. :)

### Properly documented policies... (2, Insightful)

#### cwills (200262) | more than 3 years ago | (#33172814)

Properly documented policies could have helped in this situation.

A policy should have been in place that defined who the business owner (management) of the resource was (network in this case). It is the responsibility of management to ensure that they define who has a business need for access (and have it documented), and it's the responsibility of the tech grunt to run the system (or network) for the business owner.

The key point is that as a non-manager type person, if management says jump, get it in writing and jump. Management is ultimately responsible for the system and network to the business. If management has made bad choices or decisions, it's their fault and if the request or actions leading up to the failure are documented, that admin can refer to that.

All organizations should at least have a documented policy of who can have access to resources and that the business owner of the resource can be easily determined. The business owner needs to be someone who is legally responsible to the organization (i.e. an executive, or someone high enough in management).

As a system administrator, you should insist on having this documented just to protect yourself. If you suspect that there is some management decisions that could jeopardize the operation of the system, document it, report it to the business owner and let them make the final decision (with documentation).

In the case of Terry Childs, had this been documented, he would have been able to either say that the person who was requesting the passwords did not have a business need (and would be able to back that statement with documentation), -or- if the person did have authority to have access, he could have simply have documented why it was a bad decision, hand the passwords over and walk away from it.

Yes there is a pride element. You've spent years building up a system and making it shine, but unless you are running your own business, you are not the legal owner of that system.

### Correct (2, Insightful)

#### Sycraft-fu (314770) | more than 3 years ago | (#33172894)

If things aren't well documented at your work, push to get them documented. This is better for everyone involved. Have it clearly spelled out who can have access to what and under what circumstances.

For example where I work, the policy is that all shared passwords have to be kept in a safe that my boss has. Under normal circumstances, he is the only one with access. I don't know the circumstances that someone higher up can get access, since that really isn't my problem. However it is all well laid out. So long as my boss keeps the passwords there, he's in the clear.

So if you are in a situation where you are one of the few, or the only person, with access to something critical, make sure it is done right. Check and see if there is a policy and if so follow it. If not, work to have one created. It'll keep you in the clear and make everything much easier. You then don't have to ponder "Should this person get access," you have a policy that states it.

### Re:Properly documented policies... EXACTLY (1)

#### cjacobs001 (644842) | more than 3 years ago | (#33173112)

of course, after posting I read http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] [networkworld.com] for the details, and maybe my thinking has changed somewhat, BUT, not as to the employer being ultimately prepared with proper polices and procedures. more coffee!

### Re:Properly documented policies... (0)

#### Anonymous Coward | more than 3 years ago | (#33173146)

Are you seriously claiming that none of the following : the COO, your boss, or a properly authorized police officer, have a right to hear the passwords of the systems you're administering ?

The guy knew he was getting fired and was trying to extort his employer.

### Well (3, Insightful)

#### vgbndkng (1806628) | more than 3 years ago | (#33172896)

From a purely ethical standpoint, he wasn't very. As for a four year sentence given the nature of the crime, personally I think that's incredibly absurd and yet equally indicative of the judicial system in the US.

### The cost of bad policy (2, Insightful)

#### GaryOlson (737642) | more than 3 years ago | (#33172920)

The network for the city of San Francisco will now be managed forever by an outsourced company with a phalanx of lawyers. No single individual will ever accept the liability of the clusterf@&! which is San Francisco bureaucracy. The cost of this trial is minuscule to the ongoing costs which will be incurred paying for outsourced network overhead.

### Quoting Carlos Mencia (0, Flamebait)

#### broknstrngz (1616893) | more than 3 years ago | (#33173020)

"How the fuck is this news?". Really. Slashdot readers are vastly outnumbered by the dumbasses out there, who luckily we don't keep track of. Why should this one be any different? Seems he's a slow news day's go-to story.

### No right to be silent (1)

#### dbIII (701233) | more than 3 years ago | (#33173380)

It's news because it worries us now that instead of being one office politics clusterfuck away from being fired we are one office politics clusterfuck away from being jailed if we can't keep our temper.
If reasonable people were involved it would either never have got to trial or been a simple one day case if he was clearly in the wrong. Instead it was untrustworthy weasels out to make an example of him that never giving him a chance to hand things over even if he wanted to until the Mayor could get time in front of the camera.

### Lessons: (1)

#### John Hasler (414242) | more than 3 years ago | (#33173332)

1) Never take a government job.
2) Stay out of California.

### Rotten Court (1)

#### b4upoo (166390) | more than 3 years ago | (#33173414)

From my point of view his obligations to the employer ceased the instant he was fired. I don't feel that any justice at all took place in this affair. Our courts and laws have gone over the edge. What is more serious? A drunk driving incident in which no serious injuries took place or failure to hand over a password? Justice may supposed to be blind and level but nobody ever suggested that justice should be as stupid as a stone.

Slashdot Account

Need an Account?

Don't worry, we never post anything without your permission.

# Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

• b
• i
• p
• br
• a
• ol
• ul
• li
• dl
• dt
• dd
• em
• strong
• tt
• blockquote
• div
• quote
• ecode

### "ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account