Slashdot Mirror
Terry Childs Case Puts All Admins In Danger
snydeq writes "Paul Venezia analyzes the four counts San Francisco has levied against Terry Childs, a case that curiously omits the charge of computer tampering, the very allegation that has kept Childs in jail for seven months and now appears too weak to present in court. Count 1 — 'disrupting or denying computer services' — is moot, according to Venezia, as the city's FiberWAN did not go down due to Childs' actions. Venezia writes, 'Childs' refusal to give up the passwords for several days in no way caused a disruption of the normal operation of the FiberWAN. In fact, it could be argued that his refusal actually prevented the disruption of normal network operation.' Counts 2 through 4 pertain to modems Childs had under his control, 'providing a means of accessing a computer, computer system, or computer network in violation of section 502,' according to case documents. As Venezia sees it, these counts too are spurious, as such devices are essential to the fulfillment of admin job requirements. 'If Childs is convicted on the modem charges, then just about every network administrator in the world could be charged with the same "crime,"' Venezia writes. All the authorities would have to do is 'point out that you have a modem or two, and suddenly you're wearing pinstripes of the jailhouse variety.'"
On second thought, I'd be in for a long stint.
Never mind.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Thankfully I'm stealing my neighbor's wifi, so I don't have to worry about being caught with a modem.
There's no -1 for "I don't get it."
'If Childs is convicted on the modem charges, then just about every network administrator in the world could be charged with the same "crime,"' Venezia writes. All the authorities would have to do is 'point out that you have a modem or two, and suddenly you're wearing pinstripes of the jailhouse variety.'"
It still beats having to wear a suit to work.
.....(refusal to give up the passwords) actually prevented the disruption of normal network operation. >>
The truth hurts.
First, this story sounds very one-sided and has quite a bit of sensationalism. Ok, a lot. I'm sure they can charge him with something to the effect of unauthorized access to a government computer system. Nobody's going to be pointing out modems as tools of a crime. That's like saying having a car means you're a bankrobber because bankrobbers use getaway cars.
If you don't like what someone does, but strictly speaking it's not really illegal, then find something else they did, (something that maybe a lot of people do and get left alone for) that has some silly, overly-broad definitions you can twist, and soak him for that instead. (ether as substitute punishment for the former that you can't make stick, or just plain in retaliation for doing something you didn't like)
As usual, the legal system that makes me sick to my stomach some days.
I work for the Department of Redundancy Department.
This is a classic
Karma: Non-Heinous
For some outspoken person in the courtroom to just ask the judge and prosecuters if they even have rudimentary knowledge of network administration and the tools common for such a profession.
So will I now be eligible for lawsuit since I have multiple means of accessing my businesses networks?
I haven't seen pinstripes on a prisoner since the Three Stooges.
What?
Of course they wouldn't do that.
They'd use that fact as leverage to extract whatever they want from you first.
Wow...7 months and the charge is dropped? That smacks of injustice, but IANAL.
I don't know what Venezia's background is...It would be interesting to hear from NewYorkCountryLawyer on this and the RAMBUS decision.
So not only did he withhold passwords.
And have modems attached to computers.
But it's going to take 250,000$ to fix.
Can the defense claim insanity on behalf of the prosecution, 'cause I think we've just hit bat country!
Section 502(c) states in part
OK, "knowingly" makes sense, but "without permission"? The man was the network administrator; he was authorized to make decisions about how the network is accessed, it goes along with the job. Who was he to get permission from, himself? If he made bad decisions, by all means dismiss him, but prosecuting him is unreasonable.
And since they dropped the most serious charge, can we admit his 8th amendment rights were stomped and pissed-upon by the 5 million dollar bail requirement?
I can't believe this megomaniacal prima dona is now somehow the posterboy of the IT people. There were ways for this nutbar to get out of the quandary while still saving his ass. Instead, he holds a network [b]that does not belong to him[/b] for ransom.
The world's burning. Moped Jesus spotted on I50. Details at 11.
FTFA:
those guys should have learned to use a computer then. I would hire that guy back and fire the rest,...
While I haven't been in this specific situation(ie. jail), I have been in a similar situation.
At a previous employer(this is one of the reasons I no longer work there) my supervisor demanded that I give him all my passwords. I asked him why he needed them I could give him any specific access he needed on demand.
When I was hired I was given a number of NDAs to sign one of them specifically covered the process I used to connect to various remote systems, and the passwords I used. My supervisor(with no IT or technical background of course) continued with his demands for all my passwords, for days. After repeatedly trying to explain that even if I was to give him my passwords, without understanding how you use various access levels to accomplish tasks, he could end up causing massive problems.
In an attempt to meet these demands, I asked for a signed release from the specific NDA that covered my passwords and process. He informed me that he did not have that authority, so I asked him how I could honour my NDA if I gave him information I was not permitted to give anyone. BTW my supervisor did have his own passwords, and had a process to have new ones created.
Long story short, I refused and then a few days later I arranged to transfer to a different department. With this case as a guide I would legally have been wrong no matter what I did, glad I'm out of IT right now.
(If anyone cares, I later found out the reason my supervisor wanted my passwords was that his id/passwords had been burned through lack of use and using the wrong passwords. And he did not want his supervisor to find out he had had no access for weeks. His supervisor would have been notified if anyone requested a password reset or new ID.)
Free Terry Childs!
Me lost me cookie at the disco.
First, I'll remind everyone that the code 502 in question is only applicable in California.
The phrasing of the law at the root of this discussion is, "Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section."
What I imagine the prosecution will argue is that Terry Childs had no right or explicit permission to configure remote access. The defense will likely counter with the fact that as their Systems Administrator he had implied permission as part of his job's duties. Depending on the outcome, this might trigger Systems Administrators to seek contracts shielding themselves from such risks, or seeking express, written permission for everything they do. Of course, considering how badly companies abuse their employees, and how many employees are naive enough to not protect themselves legally, it will likely just be ignored and we'll see more cases like this.
where the most pedestrian news is given the most ridiculous fear-driven spin, made front page in breathless write up, and a bunch of yammering legal ignorants wlll ape right along
and then these same people will ridicule stereotypes outside their domain who supposedly fall for propaganda and hysteria all the time
take a look in the mirror friend
no, slashdot, this case does not set the precedent you believe it does
CONTEXT. its a magical concept. consider it some time
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I posted this in response to the Groklaw Summarizes the Lori Drew Verdict article, but it's 100% valid here as well:
Look, the fact is, if The Man wants to get you, The Man will get you. It doesn't matter what the laws are, exactly - they'll find something to hit you with.
That was true before the Lori Drew trial (Terry Childs charges), and it's true now. The precedents set by this case in no way make being on the internet (owning a modem) one bit more "risky". If you don't do anything to bring down the wrath of The Man, you'll be fine. And if you do, you're screwed, online or off.
The citys also runs the jail system so that speeds that part up out side of a city things likely do not go that fast.
Then you will never truly achieve 'BOFH' status, Grasshopper.
Open your mind, and the lusers files! It can be beau coup fun!
Transcend your permissions, and make backups of your PHB's pR0n folder-blackmail can be sooo fun!
Become One with the database, there is more exploitable info there than you have time to exploit!
Achieve One-ness with the Network, and your C*O's password-the benefits can be multi-million$'s if played right
Go forth in the world, and achieve greatness! Be Bold!, Be Brutal!, Be Unforgiving(log everything), and Exploit it!....It is the American(USA) Way[tm].
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Paul Venezia is not a lawyer, but it sure looks like he stayed at Holiday Inn Express recently.
Every sysadmin is guilty of having modems? Is he high? Which sane sysadmin plugs in unauthorized modems into the production network and then actively tries to hide them?
It seems to me that he has no legal standing. IANAL, but if his supervisor tells him to give them the passwords, it is not his place to decide who it is 'safe' to give them to and who is not safe. That is his employers decision.
His colored past aside, he could be a very upstanding citizen and he would still be completely in the wrong for not releasing the information that his employer tells him to. He gained that information in the employee of the city and that information is the city's property.
In my opinion, he has some sort of conflict with his employer and he's using the passwords to leverage grief against them, not trying to protect the fiber network.
That said, the charges about the modems seem a bit far fetched as it sounds like they were there for perfectly legitimate reasons. Hopefully he has documentation to back his claims up that they were job related. I don't think they'll be to forgiving given his past record.
I've managed networks for regulated industries like Finance, Banking, and Medical industries. All of these industries have laws regarding access controls and information security.
SarbOx, GLBA, and HIPAA, all REQUIRE access controls on data and systems. As network admin, I can't know the CEO's password, and he can't know my password. This is essential for creating an audit trail and only allowing access to systems and data based on individual authority.
Laws that make it a crime to withhold passwords (or access) are in direct conflict with the above mentioned laws. If you leave your job and give your "admin" password to the CEO, you could be violating the above laws since you just gave the CEO a way to rob the company, and cover his/her tracks.
It's insanity to think that you could be committing a crime by doing your job.
-ted
"Initially Childs refused to hand over administrative passwords to the city's routers, which had been configured to wipe out all configuration information if they were reset. "
What point would there be to security if one could reset a router and only erase the password.
looking like insufferable, arrogant assholes.
Look, any way you slice this, Terry Childs held something at ransom or rendered useless that didn't belong to him.
Period. No fucking more arguments about that. The routers were not in his living room, and therefore NOT HIS.
The code, hardware, and configuration all belong to his employer. By withholding information about the configuration, he stole from his employer on the way out.
I don't care if he feels like he was mistreated or they might screw up the network after he left. Maybe if he spent more time not being a shit while he was there, leaving would have been easier. Or, I don't know, acting less like a typical waste of biomass bureaucrat doing nothing but protecting his little fiefdom and doing his job properly.... Making sure the job and one's successors succeed is critical to any IT role (if just for the "hit by a bus" factor) and this guy failed miserably at that.
Let his dumb ass rot in jail. He fucked himself and he deserves what he is getting. Take his car, computers, and 70th level Wizard away too because he represents the WORST qualities of the computer professional he could possibly be.
Count 1: disrupting or denying computer services is moot
Joey: It's a moo point ... like a cows opinion, doesn't matter ... it's moo.
Rachel: You mean a moot point ?
Joey: No...no, a moo point
Just because you are the administrator of something, doesn't mean you can do whatever you like with it, or that you have full decision making powers over it. Your employer, contractor, whatever ultimately gets to decide how things work. For example you might feel that SSH is the best way to access servers remotely. However your company might not like that, they want to monitor the traffic, so they insist on telnet over VPN only. You can argue with them, but if the ultimately say "This is the way it's going to be," you don't have the right to just go behind their backs.
You can look at it somewhat similarly to a bank's relationship to your money. When you deposit your money at the bank, you make them the custodian of it, the administrator of your account. However, you aren't giving it over to them to keep, it's still your money. They can do with it only what you allow. They couldn't for example, take your money out of an FDIC insured savings account and stick it in to an uninsured investment account. Even if they made you money doing so, it still wouldn't be ok if you didn't tell them that was what you wanted. They administer your accounts yes, but in the way you specify.
I'm not defending the city here, but just because he was the network administrator didn't give him the right to add access as he saw fit. Many companies (and government entities) have very strict rules on how access can be had to systems. The rules are often stupid, and often somewhat counterproductive, but it is their right to have those rules. You don't get to decide that you don't like them.
So if there was a "no modems" policy, or if the policy said "Any new access has to be approved by the board of whatever," then he wasn't doing what he was supposed to. Doesn't matter if they were to make his job easier, you don't get to skate policy just because of that.
So what if Childs is an asshole, it's his right as an American to be one.
Boo-hoo if the SF IT dept risk management plan couldn't handle a rogue employee refusing to give up the password.
It's a pretty dangerous precedent if people can be legally forced to disclose information against their will.
Isn't that what the 5th amendment was for?
Prosecutor: ...Yes
Does your mother have AIDS? YOU MUST ANSWER
Witness:
Prosecutor:
BURN HER AT THE STAKE!!!!
Yay Mcarthyism
and he's spending your money to try to get out of debt. he may as well be betting in vegas with tax payer cash.
Sounds kind of like the "possession of criminal tools" charges so many cases have added on, when said "tools" are ANYTHING used to commit the crime. Always seemed to me just a way for prosecutors to add an extra set of random charges for extending a sentence, or extra bargaining room for a plea.
--- It's not my fault this post looks redundant. I just type too slow.
Now that the convicted/condemned get cable, they don't want to leave. Notice the overcrowding (over?), that's not because more are coming in, but few are going out. They LOVE IT! FREE: Three square meals, medical and dental, sex out the ass *well, literally it would be sex in the ass*, so what more could a looser want? And all this is not only FREE as in BEER, it's FREE as in ... whatever that other FREE is -- freetards, help me out here.
We need a united labor union for IT. Somebody needs to start it. This union should provide legal assistance to its member, in return for its dues. Only that the serious, prolonged abuse of IT staff everywhere will be stopped.
New Economic Perspectives
This article is a total crock of shit. This case does not put all admins in danger unless the author believes all admins are arrogant assholes. But, that might be the case as the author certainly appears to be one himself.
The fact is that by withholding the password, he denied access to the systems. ANY admin with integrity would have turned the passwords over to his boss when he left the company.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
He has a right to speedy trial (as per the Constitution). This is a right that defendants can and do exercise some times. Basically your attorney tells the court that you want to exercise your right to speedy trial and the judge tells the prosecution "Ok, get your shit ready, this moves forward soon." In California, the speedy trial statue is 60 days. Judges can set a shorter date, if there's good reason to do so, ie prosecution isn't gathering new evidence, just stonewalling. So, if his attorney pushed that, he'd have already gone to trial. However, it is also often not done. The defense often wants time to prepare a case, in particular if the prosecution has a good case and the defense needs time to poke holes in it. After all, you don't want to push for speedy trial if it means you won't be ready and you are just going to lose.
So the reason this hasn't gone to trial is almost certainly the decisions of his lawyer. Had the government really had zero case, a speedy trial motion would have been filed and granted and they'd have already lost. You don't see this very often because those cases are usually dropped. A DA would much rather drop a weak case they are going to lose than go to trial and lose it.
Look, the fact is, if The Man wants to get you, The Man will get you. It doesn't matter what the laws are, exactly - they'll find something to hit you with.
Admins could always get some insurance, unionize or something similar. The whole 9 yards, set policy, set code of ethics, when to have a nationwide walkout, etc...
(Yeah, I know that won't happen anytime soon, heck, the whole thing will most likely fall apart with a Linux/Mac/Windows fight in about 15 mins, but it's a nice idea)
Thy haven't used striped uniforms for years, Today it's more like orange and chrome.
After skimming TFA and googling for more information on this, all I see is that Childs appears to have abused his technological powers as a network administrator.
No network administrator is going to be at risk for anything as long as they play nice and don't pull crap like bringing a city's network activity to a screeching halt just because they're pissed off or whatever.
Sure, you can be as paranoid as you want about security, but there is no reason why an entire city's network activity should be cut off, nor should there ever be any reason to refuse restore it. Well, okay, in recent years in the US, maybe there could be reason, but this is not the case with what Childs did.
The only problem I have that prevents me from being completely against Childs right now is that I don't know what "Section 502" is that charges 2-4 mention, so I don't know if he was actually in violation of that at all.
Unrelatedly, I'm new here and I have a question: How long before I make a habit of noticing fantastic-looking headlines and immediately checking for a kdawson story?
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
Knowingly and without permission
provides or assists in providing
a means of accessing a computer, computer system, or computer network
in violation of this section.
The section lists the rules, but he has to knowingly provide access, In other words, he has to do it intentionally.
More importantly, the rules are No Hacking data, phreaking, DOS, release virus, general black hattery... Or providing the tools to do it. No one would say a modem is a hacking tool would they? More so than a gigabit network?
http://law.onecle.com/california/penal/502.html
employment contracts are legal slavery, network use contracts doubly so.
You can get fired for just doing your job, it has happened to me two times. If you don't give them your passwords, they will use spyware to capture your keystrokes and steal your password and spy on your computer usage as well.
Even if when you use the Internet for research and development on programming web sites that are "fair use" they are used against you as surfing during work hours even if your manager told you to visit those web sites to learn new skills and find new technology to improve the programs you are responsible for. Meanwhile managers surf MSN, stock quotes, eBay, and so do coworkers and it is never counted against them.
When a manager is vague on what they want, and don't hand over meeting notes or descriptions of what they want the program to do, it is a "communication issue" with the programmer, not the manager, and the programmer is being a bad employee again.
The programmer does his best to make the program do what the managers want, even without the information needed. But it is not good enough, and sent back for a rewrite with a vague description to make it less like Outlook but more like a four windowed item list sorted by ID. When you ask which ID, they refuse to tell you if it is an employee ID, a matter ID, a client ID, a workgroup ID. Then you ask what you want in the data columns and rows, which they don't understand what a row and column are or what data means. So you say pieces of information on the up and down positions, and then they get mad at you for dumbing it down for them. The programmer is annoying the manager and project leader (who all have no programming or technical experience) and talking down to them. Another communication issue.
Since they know my passwords, they checked into the server to check my source code, and then scribbled all over it with gibberish and checked it back in. Forcing me to revert the changes and it looks like I was the one who did the wrecking of code because the managers used my password for various things that they got via spyware on my system.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
It's a computerized terror phone.
And this article? It's the libertarian wet-dream of someone who never went to law school. It's not like having ONE MORE silly interpretation of the law is going to make it any easier for the cops to arrest you. Not when a cop already has a thousand possibilities for that already.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Then you will never truly achieve 'BOFH' status, Grasshopper.
I do believe that whatever else happens with this case, Mr. Childs(, Sir!) has achieved Hall Of Fame BOFH status and I so nominate him.
I think he's right and SF is stupid, but I think all people in NC are stupid, including me for working here.
Split Northern California and Southern California in half, cede Northern California to Zimbabwe or anyone convenient and the budget problems in what's left of the real California will be mostly solved.
Tony: Hi Mike, how ya doin'? How was Joilet?
Mike: Oh, it was bad. Thursday night they'd serve a wicked pepper steak.
Tony: Can't be as bad as the cabbage roll at the Terra-Phelavo penn.
Steve: Or that oatmeal at the Cook County slammer.
Tony: Well, they're all pretty bad.
k thx bye
Have such a direct effect on the laws across the world?
I very much doubt that him being convicted would have any effect my me being charged with the same thing here in Australia.
Someone needs to tell those yanks that U.S. != World :-P
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
The civil judge can - and will - demand the keys. He will find you in comptenpt. He will put you in jail. For no set term. He just might be able to set the per diem for your stay in the Roach Motel.
The city has physical access, and the information is not encrypted. They don't need passwords. That they've somehow got themselves stuck needing passwords means they or Cisco messed up. They shouldn't blame former admins for that.
I really wonder about these devices that have "security" features that will in essence enable them to brick themselves. Hard enough keeping equipment running smoothly without having to deal with a self destruct feature in the finest traditions of Star Trek drama. I'm sure the things have a button to reset everything to factory defaults, but I suppose using that would wipe the configuration. Can't the configuration be read off the devices? Shouldn't it already be saved elsewhere? If it isn't possible to work with these devices when given physical access, then that's a problem. The devices shouldn't have such features, or if they are supposed to, then the city should have bought other devices.
So the system is set up with a huge, fixable flaw. So, fix it. But no, they'd rather lynch someone. Why aren't they also suing Cisco for having put such a nasty flawed feature in their products?
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
If modems are made illegal, could ssh be made so, too? Basically this is a case where a person who has discretionary authority to act in a responsible manner to complete his job duties, granted to him by his position, being charged with not relinquishing that authority when he was terminated on grounds that had nothing to do with the performance -or lack thereof- of his job. He should have been relieved -or re-assigned- when he engaged in the sexual harassment of a female employee. If that had happened, we wouldn't be talking about the failure of both the prosecutor or the court to understand complex technical issues for which they have no understanding.
Sig this!
Note the differences in how we dealt with Iraq and North Korea.
It's a simple fact on the ground.
Reconciling that with nuclear non-proliferation is a difficult proposition requiring Kissingeresq levels of weaseling and hair splitting.
Iran appears unconvinced. India and Pakistan remember hearing threats but things appear to be working out otherwise.
Libya on the other hand was apparently impressed enough by America's irritation after 9/11 to publicly give up all chemical and nuclear weapons programs and invite the UN in.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
In UK/NZ/Australia - poaching laws go way back.
Fisheries and Games inspectors have a lto of power - including search you appear to be fishing so we will check your catch.
If what you have done is illegal and goes before a magistrate they can take your fishing ear - including rods, tackle, boat & car (if you were using them when fishing).
And any bank robber dumb enough to use their own car on a job would probably find it first impounded as evidence and 2nd seized and sold when they were convicted.
The Singularity is closer than you think
Quant
Get them approved in writing by senior management. If you don't, it really does look suspicious.
And they seem very sympathetic to Childs. I'm not, and I'm not.
The servers, any batch files, init configuration, passwords, were all property of the city, either physically or as work done for hire. I don't see any problem with Childs being penalized for his (seemingly quite arrogant) withholding of that information. It doesn't matter if his employer would promptly crash the system permanently with that info; it's theirs, not his. His boss says to hand over the passwords, he needs to hand over the passwords.
If I hired a guy to work on my machine, and he locked something important down with a password and then wouldn't tell me, damn right he's getting sued.
That said, childs shouldn't be getting serious, long-term jailtime. I would think it should just be contempt of court: Sit in jail until you are willing to talk. He wasn't "hacking".
Like the Tron guy (you know the guy who made his own budget tron suit). http://www.tronguy.net/images/headshot.jpg I think I would be cool with Terry if he wasn't such a putz or a-hole and he had a tron suit on or something nutty when they brought him to jail. Overall, he gives people the sysadmin stereotype they all want - hostile, paranoid and a jerk, so it got a lot of play in the media. It is frustrating because many of us fight this stereotype constantly and make huge gains only to have a Terry Childs attitude reinforce the negative stereotype of a sysadmin who does not have a sense of who and what he is working for. Yet, even with all of that, I think if he could get in a Tron suit of some sort, I would give him another shot and it could twist the stereotype into a crazy geek rather than an asshole geek.
It will be like Slashdot. A bunch of IT "experts" arguing about proper network management.
Comment removed based on user account deletion
Seriously... why?
Oh but when a REAL crim of the century Madof steals billions, 1000s of lawyers say NOTHING and let him live life of luxury, yet steal a coke from a 711 and bang to jail , which yields the lawyers MORE FEES thru representation.
Why not throw every senator and politician in jail then for withholding contractual secrets and state secrets from the public which PAYS their salary.
Jails arent for knee jerk 'im here to piss you off' punishment because I have more power.
Its to protect the public mainly from more harm.
Liberty freedom are no1, not dicks in suits.
.. Its a hard life as a sysadmin
http://www.theregister.co.uk/2009/02/10/indymedia/
"a systems administrator, was arrested on Monday and questioned for about eight hours. He has been bailed without charge to appear at a police station in May. His home was searched and computer equipment and paperwork seized."
"The Register understands that the man arrested was not responsible for either of the comments and is not an Indymedia activist or administrator. Rather the server was hosted by UK Grid under a contract in his name, along with several others on behalf of unrelated clients. .. He was arrested under sections 44-46 of the Serious Crime Act 2007, which came into force on October 1 last year. The relevant sections criminalise "intentionally encouraging or assisting an offence", "encouraging or assisting an offence believing it will be committed" and "encouraging or assisting offences believing one or more will be committed".'
So if my laptop gets lost or broken, I cannot go to my insurance company and ask for $250,000. Its a crime.
Why is that not a crime for lawyers/prosecutors?
Its IS a real CRIME! in REAL peoples eyes.
Liberty freedom are no1, not dicks in suits.
unlike Zimbabwe, LA cannot print $$$, they can tho offer IOUs as tax returns, where in retaliation, companies/people can pay their due taxes with those IOUs.
By the time he gets out he wont get any money out of the state, but I hope he can sue individuals for money, just like OJ was.
Liberty freedom are no1, not dicks in suits.
>'If Childs is convicted on the modem charges, then just about every network administrator in the world could be charged with the same "crime,"' Venezia writes.
"In the world"? Excuse me ?
He probably means "in the USA". Your local law is not my law...
"then just about every network administrator in the world could be charged with the same "crime" "
Somebody want to tell Mr. Venezia that US law doesn't cover the whole world? Maybe he should get a passport and travel a bit, or at least read wikipedia and discover there are other countries out there beyond the US borders that have their own jurisdictions.
Heck even Bush occasionally admitted the USA couldn't just invade everywhere.
or facing counts of theft, retention of property, keeping a computer that isn't his and industrial espionage.
Mu.
Fact: Most mid-level, corporate IT manager-types abuse their perceived 'power' on a daily basis.
Fact: That's what happened here.
Fact: ROOT becomes an asshole when approached with a stupid question by user@localhost. No exceptions.
Fact: This is borderline malicious prosecution and the fucking idiot lawyers don't understand the underlying technology enough to realize it.
Fact: Neither does the moronic mid-level manager.
Corollary Fact: Corporate America acts like this constantly and therefore deserve whatever hell anyone can inflict on them - up to and including napalm server death.
Conclusion: If KingKong lives in the jungles of Cambodia, you must acquit.
No, seriously, in Soviet Russia, most people in the ghulags had been convicted on charges of doing black market.
Thing is, everybody was doing black market.
Since when have geographical boundaries *ever* been an obstacle to the US enforcing its laws wherever it pleases?
The society for a thought-free internet welcomes you.
What if your job responsibilities include developing security policy and protocols?
What happens if management wants you to violate those and provide open access to untrustworthy or unqualified people?
Would they have you arrested for following the policy and protocols they agreed to?
I can't help but wonder what impact this could have for all honest and qualified administrators.
They're using their grammar skills there.
The thing that is odd to me is that if someone locked any of us out of our own boxes and refused to give us access, we'd all be spitting tacks.
Childs locks an entire city out of their own boxes and I'm reading "Hey, the boxes didn't crash, so no harm done!" Do you guys really believe that? Would you defend someone who locked you out of your own system, even if they said it was for your own good? Would you say "Hey, the box is still up, so it's fine that I'm locked out!"? I really don't think you would.
I just can't defend the guy. He was an ass, he caused his own problems when he could EASILY have avoided them just by not being an ass, he admits that he caused his own problems and that it wasn't worth it (in the last Childs slashdot article linked) and frankly if he did this crap to ANY of the guys defending him here, they'd be the first ones demanding his head.
Yes, his managers could have handled this better and probably were asses as well. The boss being an ass-hat doesn't cancel out Child's ass-hattery.
Oh well. It's easier to grandstand and defend him when you aren't the one affected I suppose.
Personally I pity his coworkers who now have his huge undocumented mess to deal with. As far as I am concerned, you could take his entire admin style and write it up as a counter-example of what to never, ever do or allow to happen to your systems.
Evan Reynolds evanthx@hotmail.com
Two peanuts crossed the street. One was assaulted.
It seems to me that the amount/type of bonds is set based a variety of aspects, but high among those is the type of case and the arguments presented by the prosecutor as to whether the defendant is a risk or not...
I'm pretty sure that by now, a lot of managers, supervisors, CEOs and other various suits of the corporate genus are rubbing their hands together Monty Burns style, thinking they've finally found a way to control these pesky tech types and keep their sys admins under leash. But they should be very careful about sending them to jail for being protective of the passwords whose very security is paramount to getting the job done. They're already overworked, underpaid and given nowhere near the respect they deserve - if it should become a criminal offense to hold on to passwords with little to no defense or legal recourse against the corporate juggernauts, the suits will suddenly discover that the employee pool has suddenly dried up and no one wants to be their lapdo- I mean loyal employees anymore...
isn't the long and short of it really "why do you care who has the passwords to a place that just fired you?" if my place of employment fired me they can have any password they want. go for it, screw something up, i don't care, i don't work there anymore. his real problem was making the job more than a job. he's only the superhero of the network in his mind.
There is a lot of false information floating out there. Take this SFGate article for example:
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/14/BAOS11P1M5.DTL
"A disgruntled city computer engineer has virtually commandeered San Francisco's new multi million-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday."
How, exactly, did he alter the network from jail?
"Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said."
He was the network administrator, so he was entitled to access to the system. If the city's IT policy did not require him to document important passwords, then he has done nothing wrong. They threatened to arrest him, for what could only ever be a CIVIL infraction.
As others have discussed, the demand for the passwords came during an impromptu meeting where the people present had no business hearing the passwords. He has no responsibility to give out passwords to random people. After this ambush, he felt he could not trust the people around him and stated he would give the passwords only to the Mayor--basically the equivalent of the CEO. Again, he has done nothing wrong.
"One official with knowledge of the case said he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him. "They weren't able to do it - this was kind of his insurance policy," said the official, speaking on condition of anonymity because the attempted firing was a personnel matter."
A city official revealed confidential information to the press, knowing that it was illegal to do so (hence the anonymity) and insinuating that Mr. Childs had an ulterior motive. Smells fishy.
They knew that he had done nothing wrong, and that at best they had a CIVIL complaint. They went hunting and found three modems in his office. They used that to arrest him on CRIMINAL CHARGES. After that:
"Officials also said they feared that although Childs is in jail, he may have enabled a third party to access the system by telephone or other electronic device and order the destruction of hundreds of thousands of sensitive documents. Authorities have searched Childs' home and car for a device that could be used in such an attack, but so far no such evidence has been found."
WTF? They claimed he had setup three modems and used that to Justify searching his house. On this alone they are permitted to search his home and car? What we find out 7 months later:
"One was set up to dial out to Childs' pager any time a problem popped up on the city's network. The second was a DSL modem that had been set up even before Childs was hired at DTIS, used to connect to the Internet and test access to the city's network. The third was for emergency use only, designed to connect city computers to a disaster recovery site so that the city's network could be up and running in the event of an emergency."
This is a personal vendetta by Management at the City.
If this had happened at a large corporation, do you think the Police would have agreed and searched his house? Do you think the DA would have even charged him with anything? Would the judge have set a $5 million dollar bail??
I hope Mr. Childs wins and counter sues the city.
It's interesting how laws are written so broadly that they cover routine, legitimate acts. What makes activity criminal, apparently, is whether the government likes you this week.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
Judge: "Mr. Childs, why didn't you give the city the passwords they requested?"
Childs: "Uh... because I couldn't remember them!"
Judge: "Charges dismissed."
I've abandoned my search for truth; now I'm just looking for some useful delusions.
According to this affidavit by the investigator he could be charged with a Denial of Service (DoS) offense. He denied city officials access to their equipment by not giving them their passwords. I can see how he could be charged with this offense. Whether it can hold up in court is another story.
http://akamai.infoworld.com/weblog/venezia/childs/tcramsay_affidavit1.pdf
I'm posting this anonymously for what will soon be obvious reasons. Prosecutors routinely suggest excessive bails for any number of reasons, or argue "persuasively" for a high bail, and judges are only too happy to rubber-stamp those suggestions or arguments.
I was arrested for what should have been a simple domestic matter (and was even assured by the cops that it was no big deal and would blow over), but the county prosecutor charged me with aggravated assault with a deadly weapon. Long story, and in no way am I trying to minimize what I did, but when I finally got my hearing and was officially charged, the prosecutor actually lied through his teeth in jail court when making his argument. (I was later told by my attorney that this was common.) The judge accepted this argument and set my bail at $18,000. In the same court, a gang banger who had two charges of aggravated assault with a deadly weapon against him was given bail of less than $4,000.
Every attorney I spoke to after I got out told me that the bail was excessive. I could have fought for lower bail, but that would take time, and in the meantime I would have lost my job due to absence. And there was the little matter of effectively being denied legal representation because I could not contact my attorney, due to the way my county's jail systems are run and the restrictions they place on outside contact. Good luck getting a hearing.
I wound up having to post my own bail, which is very unusual, and maxed a credit card just to raise the 10% I needed for the bail bondsman, plus I had to put my house up as collateral. In the end, the county prosecutor dropped the charges against me, and the city filed misdemeanor charges instead.
People of every social stratum and economic means are getting their rights systematically abused, but you tend to not notice it until you're the one getting sucked into the system. Excessive bail is a powerful tool for punishment, and one that is used frequently despite Constitutional prohibitions.
I'm sorry, but this article is "the sky is falling" type reporting that AP, Reuters, and CNN do. These three orginizations reported that we had captured Osama Bin Laden.
The complaint is that he put these modems in a locked room with no authorization, and against municipal law. If I have a modem on my companies network to allow RAS, you better believe my boss approved it. He had violated many of his legal responsibilities. He set routers up with passwords only he knew, which would be nuked clear if normal console password recovery attempts were made, and locked some of these up behind doors only he had the key to.
What if he got hit by a bus? We had a guy die on us a few years back. Procedure had him put his passwords in a locked cabinet inside a locked and secured room. The city has it's own provisions for such possibilities. Laws. He admits to not following.
If you take any of these charges on the summary, they look innocent. But dig into the complain which was in another ./ post, then this guy really looks guilty.
What happened to the right to remain silent?
His papers, notes, and files are all property of the company, and IANAL, but I don't see how they can force him to talk without offering immunity.
While the cases are not exactly the same, the community response was. Most admins thought that he was right and that he did not do anything wrong and that he would eventually win in court. He didn't.
Thirteen years later his conviction for hacking into the company's systems expunged, but that is a big chunk of time to pay.
Anyhow ... his milage may differ, but I won't bet on it.
No offense mate but you dont know what you are talking about. Believe it or not most other countries dont care about your laws.
In fact, most other country admins sit back and laugh at the poor Americans and their endless litigation.
Seriously though.. get a grip of your judicial system its out of control. While this kind thing might hamstring American admins, those of us with a more reasonable law system will just feel sorry for you guys.
I love getting emails form American lawyers... I always respond to them TBP (thepiratebay.org) style.
Ok, 502 is referring to the California Penal Code, 502 which is all about computer hacking. I just read the entire thing. The law is pretty clear on how this guy can be charged and PROTECTS administrators that operate with in the scope. Just because an admin has a modem or some other device (it could be a satellite uplink/downlink, or DSL modem, or a direct Network-over-Radio connection) to connect to their employer network does not mean they are breaking the law, in fact, most of the time, it is protected under the law. Read the Penal Code! http://nsi.org/Library/Compsec/computerlaw/Californ.txt
If Childs is convicted on the modem charges, then just about every network administrator in the world could be charged with the same "crime,"' Venezia writes. All the authorities would have to do is 'point out that you have a modem or two, and suddenly you're wearing pinstripes of the jailhouse variety.'"
All this talk about modems. What is the city on dial up. 57K over a FiberWAN?
Yes I know everyone calls either a DSL or a cable box a modem BUT! modem is an acronimn for Modulation - Demodulation. Other words changing an analog signal to digital and back. Last I checked FiberWAN was straight digital so there is no "Modulation".
What people call modems these days are either routers or bridges.
Maybe im missing something here? Shouldn't all admins have signed an NDA specifically prohibiting him from releasing the passwords? He shouldn't even be talking about what servers they are. I had an NDA that ran on for 1 1/2 years after I left a certain Job. If he left the company/city tough luck its a management oversight.Its their job to go changing all the passwords even if its going rescue mode for each server. There are reasons why you dont have a top admin hold on to all the passwords. But the moment you fire him, your on your own.