3 of 4 Charges Against Terry Childs Dropped

phantomfive writes "Terry Childs, who was arrested nearly a year ago for refusing to turn over the passwords to San Francisco's FiberWAN network, has been cleared of three of the four charges against him. The dropped charges referred to the attachment of modems to the network; the remaining charge is for refusing to turn over the password. The prosecutor has vowed to appeal, to have the charges reinstated. We have the original story, and the story where Childs tells his side, for those who want a refresher."

Witch hunt

[joaommp]

Always seemed to me this was not much more than a witch hunt. Why else would them set a bail higher than for killers and rapists?

Re:Witch hunt

politics 101. pissing of the ones in power is the worst crime you can commit.

1M bail and 1yr in jail...?

[Manip]

I'm sorry but this guy has already had time served. Even if they do find him guilty one year in jail for what he did is far more than enough. Plus 1M bail? Is he a violent criminal? ...

This sounds like a classic story if ignorant people making decisions about technical crime and getting scared. I aim that both at the city and at the judge who set the original bail.

We need special technical trials for things like this within which both the defence and prosecution are allowed to bring in technical witnesses to put the case into perspective for non-technical people (as opposed to "HACKER! Get the pitch forks!").

Re:1M bail and 1yr in jail...?

[Seumas]

Ignorant people are afraid of the technologically savvy the same way they are afraid of science. They don't understand it, so rather than bettering their knowledge and informing themselves, they'd rather fear the worst and attack those who represent a threat (that is, those who know something they don't).

Also, why didn't the guy just say "dude, it was a complex random password and I've completely forgotten it"? They can't force you to give them a password that you've forgotten, surely? Also, is a partial "moral victory" really worth an entire year of your short life span?

Re:1M bail and 1yr in jail...?

[LordKronos]

We need special technical trials for things like this within which both the defence and prosecution are allowed to bring in technical witnesses to put the case into perspective for non-technical people

Huh? Special technical trials? Why? The current system already allows lawyers to bring in expert witnesses to explain stuff. And lawyers are allowed to do a bit of story telling during their opening and closing arguments, and they can use that opportunity to explain thing in other terms (including car analogies, if they choose).

A lot of us around here always complain about legislature creating special laws to make illegal things that are already illegal under an existing law. Let's not turn it around and start asking for special trials when the cases can already be accommodated by the existing court system.

Re:1M bail and 1yr in jail...?

[MrKaos]

This sounds like a classic story if ignorant people making decisions about technical crime and getting scared. I aim that both at the city and at the judge who set the original bail.

There is a saying, There is no such thing as a bad student only a bad teacher. If the legal system is ignorant about how 'technical crime' should be addressed it's because we, as technology professionals, have failed to lobby for the appropriate changes to be made to law to handle these cases properly.

We need special technical trials for things like this within which both the defence and prosecution are allowed to bring in technical witnesses to put the case into perspective for non-technical people (as opposed to "HACKER! Get the pitch forks!").

Why? The framework for all of these things already exist in the legal system. All this world changing technology has been unleashed over the last decade or two and Information Technology is maturing as a profession. It's a bit unrealistic to expect the legal system to make quality decisions about how the law should be adapted to handle those changes while the people responsible for delivering the technology do not get involved in educating those who can codify the law to behave reasonably.

It ridicules us to point the finger and say 'look at how ignorant they are' when in reality we should be more self critical and understand that this is the treatment we should expect if we are too apathetic to influence the legal system appropriately.

Re:1M bail and 1yr in jail...?

[Jah-Wren+Ryel]

Huh? Special technical trials? Why? The current system already allows lawyers to bring in expert witnesses to explain stuff. And lawyers are allowed to do a bit of story telling during their opening and closing arguments, and they can use that opportunity to explain thing in other terms (including car analogies, if they choose).

Once upon a time a "jury of your peers" really meant peers, and not just the most easily swayed people in the jury pool. I'm not saying every single person on the jury needs to be a network engineer, but you can pretty much count on the prosecutor objecting to anyone in the pool with any technical expertise relevant to the case.

So, not special trials per se, but a process that rules out anyone with domain knowledge relevant to the trial is fundamentally broken. The number of really bad car analogies that get made here everyday among the relatively technically astute should be proof enough that requiring the issues to be dumbed down for an uneducated jury is not a very good way to run the system.

Re:1M bail and 1yr in jail...?

[Hurricane78]

Well, they should be afraid. Because I'm going to kick their asses for their ignorance!

(*blend to underwater lair under a volcano*)
Release the sha... what?... OK, the sea bass...

MUHAHAHAAAA

Re:1M bail and 1yr in jail...?

[Yetihehe]

There is a saying, There is no such thing as a bad student only a bad teacher.

You haven't seen some people who don't want and/or are incapable of learning the most basic scientific facts. Yes, you could spend with them 5x the normal time for normal student, but is it really worth it? We need someone to clean the streets, and really intelligent ambitious people don't really want to do it. Typical street cleaner doesn't need to know what an Ohm's law is.

Re:1M bail and 1yr in jail...?

[Zombywuf]

He didn't say he'd forgotten it because he was simply doing what his job description told him to do. He was called into a room with a dozen people he didn't know, he refused to hand over the password to these people. When a single person (the mayor) who was authorized to know the password asked for it, he handed it over without hesitation.

Re:1M bail and 1yr in jail...?

[ScrewMaster]

With respect, none of this is as complex as DNA and other forensic evidence which is handled quite well in criminal trials every day.

With equal respect, have you ever been through jury selection? I have (a number of times unfortunately: every time I move they waste a day of my time not selecting me) and the GP is correct. The system selects for the most ignorant of any issues relevant to the proceedings, and anyone who could be presumed to have knowledge of mathematics or statistics suffer the first peremptory challenges issued. Don't want someone who can see through the numbers the trial lawyers and their expert witnesses pull out of their nether regions. I'm just a software engineer, and every god damn time I was asked what I do for a living I was promptly removed from the jury. The people that were left were often very nice people (you get to know some of your potential fellow jurors in the jury pool beforehand) but not people that I would want on my jury, if I were accused of a computer crime ... especially if I were innocent. The naked fear so many individuals have of computers, and especially those who are accused of computer crimes is unnerving. Fear of the unknown is not intrinsically irrational: but fear of gaining understanding is.

All the juries I've (almost) been on are filled with people to whom a trial about computer systems is, in fact, just as unfamiliar and frightening as a trial involving DNA or other complex evidence, and might just as well be about DNA so far as their level of understanding is concerned. The idea of a technical court is not a bad one at all, particularly given the importance of sophisticated science and technology to all of us, not just those with technical backgrounds. Imagine judges with engineering or science degrees running the show in such trials. Honestly, if we had such courts the patent system probably wouldn't be broken and the RIAA would have been laughed out of court from day one. I can just see a judge who just incidentally happened to have a degree in computer science asking an RIAA attorney: "So, you're claiming that a logged IP address infallibly identifies an individual copyright infringer? Hm. Not on this planet, bucko."

Truly, in these times ignorance is not bliss, and we as a society are paying the price for allowing our adversarial system to dumb down those who judge us. Remember, our justice system was developed in much simpler times. The pace of change being what it is, it's too much to expect the law itself to always be on top of things, but it shouldn't be too much to expect our juries to really be composed of our peers.

Re:1M bail and 1yr in jail...?

[sumdumass]

Speaking of incompetent but well meaning people on the jury, I used to work with a girl who sat on a jury trial over a murder where two boys (14 and 16) shot and killed some girl who was obsessed with one of them, enlisted the help of his mom and another friend (a 19 year old woman) who took the body to a barn across the county and caught it on fire.

This girl on the jury came into work after the first day of trial and told us they were going to fry if she had anything to do with it. I wrote a letter to the judge and defense attorney about this. She was left on the jury and the death penalty was taken off the table. I was also arrested and brought before the judge and told that if I threaten a juror it was a felony and so on before being release 5 miles away from my car with no way to get home but walking with no charges ever being filed. I was totally flabbergasted and had no idea what was going on. The jury was then sequestered.

Years later, someone else that used to work there told me she had told the judge that she only said those things because I kept telling her to convict the people. I never spoke to her directly, I was just there when she was bragging about how much power the jury had (and hence, how much power she had because of it) I guess I had the same last name (no relation) as one of the defendants and throwing me under the bus was her way of making sure they paid while she stayed out of trouble.

Re:1M bail and 1yr in jail...?

I have to disagree with your entire statement. Lawyers are busy people, a lot the local ones are my clients.

They don't have time to learn more about anything other than law.
There is no way to educate someone who doesn't have a desire to learn, or who has themselves convinced that they don't have time to learn.

Some of my clients ask for my opinion on cases, and I've been an expert witness on 2.

One good example is this one. A local kid "cracked" into his schools (completely unprotected) "teacher only" network share and looked at his grades, then told the "network administrator" (read:80year old librarian) about the security issue.

A month later, some grades were changed in this system (still unprotected to this day btw) and they threw the book at this kid.

I can access this system from the parking lot, with my cell phone.

After explaining this to the court, the prosecutor still insisted that the kid must have hacked into the system because of half of an answer to a single question,

Lawyer : "Are you suggesting that any one member of the jury could have done this easily?"
Me: "Probably not, but" >> "Thank you, no further questions."

When the expert witnesses get cut off in the middle of their explanations, how in the hell are we supposed to educate anyone?

Fyi, the kid was released because someone else went in and deleted the entire network share while he was still in jail.

Excelent way to link to that interview.

[MartinSchou]

Link to an old Slashdot story that then links to an archive page that doesn't even have the word Childs on it.

You have to go to page three of the archive to find the bloody interview!

Why the hell is it so difficult to provide direct links to the actual articles?

Re:Excelent way to link to that interview.

[Zak3056]

I dont see that happening on NPR or other reputable new sources.

NPR doesn't show video clips at all. :)

All kidding aside, I think you have your blinders on. I listen to NPR for, on average, an hour a day (most of my morning and evening commutes) and while I find them to be superior to most other news outlets other than the BBC, there have been plenty of times that I've noticed them talking about something at length, before playing the source material (and sometimes they don't play the source material at all), which is the exact behavior that the GP described. I also listen to right wing talk radio, and while the entire reason that they seem to exist is to program responses into people, their methods of doing so are a bit different. Someone like Limbaugh or Hannity absolutely loves playing soundbites (original source material in this case) over, and over, and over, but they're often taken out of context or referencing a slightly (in some cases completely) different subject.

Re:Actual crime

[GaryOlson]

...sufficient to keep him from being hired...

After this thorough exposure and experience with the legal profession, law firms should be recruiting him. Not to mention his arrogance and narrow focus on a crucial point of fact indicates he would fit well in with lawyers of the same personality traits.

Charges were not dropped...

[Anita+Coney]

I don't have to read the article to know that. If the charges were dropped, the prosecutor would not be vowing to appeal. When a judge gets rid of charges, they're dismissed. When a prosecutor voluntarily gets rid of charges, then they're dropped.

Overzealous prosecutors

[MikeRT]

It's a little known fact that prosecutors cannot be sued for anything they do in court to a defendant. Prosecutors are truly the worst part of the system since they are unaccountable to the public and are rewarded for getting convictions, not enforcing the law wisely. As a profession, they are so corrupt that they make civil lawyers look sympathetic since civil lawyers are at least limiting themselves to cases where you can kinda sorta see how their client was genuinely harmed.

Re:Overzealous prosecutors

[Attila+Dimedici]

It's a little known fact that prosecutors cannot be sued for anything they do in court to a defendant. Prosecutors are truly the worst part of the system since they are unaccountable to the public and are rewarded for getting convictions, not enforcing the law wisely. As a profession, they are so corrupt that they make civil lawyers look sympathetic since civil lawyers are at least limiting themselves to cases where you can kinda sorta see how their client was genuinely harmed.

Most prosecutors answer to the District Attorney, and can be fired by the DA almost at will. The District Attorney is an elected official. In those cases where the prosecutor doesn't answer to the elected District Attorney (or essentially the same office with a different title), they answer to the elected head of the of the executive branch of whatever level of government they represent (Mayor, Governor, President, etc). If your local prosecutors are loose cannons, campaign against their boss.
The only reason that prosecutors appear to be unaccountable to the public is because the public doesn't pay enough attention to local politics/civics

Re:Great!

[drinkypoo]

As an ex-employee, it's no longer his call as to "who gets the keys"

Wrong! The SOP was that he was only to turn the passwords over to the Mayor. This has been covered extensively. This requirement DOES go away if you're fired... you don't [by default] have to turn over ANY passwords! Just say "I don't work here any more, and I don't have your passwords." Meanwhile, if you do still work there, then you're still bound by the agreement you already made to follow the policies and procedures, which means he was bound to turn the passwords only over to the mayor.

In other words, the only charge not dismissed by the judge is the only one which he ever should have been accused of (if any) and he has a solid defense against it. We shall see how it plays out, but it is not nearly as cut and dried as you imagine or pretend.

Re:Pathetic accusations

[walmass]

IIRC, he allegedly changed the Cisco configs but never saved them on NVRAM. You can power-cycle Cisco devices and have a 60-second window to get in without knowing the password That was the big problem.. had he saved the configs to NVRAM, the City could have just power-cycled the devices during a maintenance window, gone in and reset the passwords. But the configs being only in volatile memory meant that if they tried that, the boxes would have lost the config, resulting in the "full system failure"--they City network would have gone down.

He did everything by the book

[dbIII]

Here's a chunk of the SF password policy, shamelessly taken from a post by Jeana Pieralde at http://www.burbed.com/2008/07/15/terry-childs-and-the-san-francisco-fiberwan-computer-network/

"Password Policy"
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.

All passwords are to be treated as sensitive, confidential County information.

Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your passwordwhile on vacation."

http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf

So announcing it at a meeting was right out.
The person that should have taken this all into hand and resulted in a normal dismissal instead of an arrest is Chris Vein. He was originally an accountant but many CIOs are and some manage to pick up management skills and familiarity with technology along the way.
Here is what http://blogs.zdnet.com/BTL/?p=4692 says about him:

San Francisco's CIO Chris Vein calls himself an "accidental CIO." His background includes working in and around the White House during Reagan, Bush and Clinton administrations. For the city of San Francisco, Vein's political background has turned out to be an important asset.

It's still possible he got there by merit, but it starting to look like a political appointment. On his linkedin page he describes himself as "Delivering strong and effective leadership", which often means someone that fires people for no good reason to show they are "strong" but maybe I've just seen too many bastards in action that like that word. These things may give an insight or maybe not, but the end result of getting the police involved in a workplace dispute demonstrates to me that he is not paticularly effective, let alone the situation where there was only one person that could do the job. BTW San Francisco, do you have your free WiFi from 2006 yet? If not you now know the name of the guy that was in charge of delivering it.

One more bit

[dbIII]

From http://www.linkedin.com/pub/chris-vein/7/110/71b you can see that Chris Vein was a senior advisor at the White House after only three years in the workforce! I do not think such a rise is possible by merit or desirable in an honest government.
I hope this case looks deeply at the motivations behind getting the police involved. I'm also extremely curious as to what the $1million that has to be spent to repair the "damage" is required for and hope the defence and judge push hard for an explanation of this unusual claim

Plea? What plea?

[Bacon+Bits]

The defense made a motion challenging the evidence and the judge agreed that there was not sufficient evidence to support 3 of the 4 charges. There was no plea here. The court threw out the state's allegations for lack of evidence. There was no evidence because what he did was probably not sufficient as a matter of law (a matter of fact would probably have been decided by a jury). The charges were merely trumped up. Fabricated. Lies.

And yet they still kept this man in jail for a year awaiting trial for a ridiculous amount of bail money for a non-violent crime.

Re:Actual crime

[dbIII]

I withdraw my wild accusation. The security officer was promoted internally to the post and when she rang the CIO to complain about being caught doing what she was previously not authorised to do it doesn't mean she knew him personally. It's looking like office politics that has been mismanaged so badly that it has been allowed to escape into the legal system with some incredibly wild claims to stop it looking like an over-reaction, just triggered by an employee that wouldn't do what he was told without a reason. The secret promotion thing was just too weird, I would expect at least an email saying "your new computer security officer appointed today is X, please assist her in her work" instead of secret security audits by someone secretly assigned to the position. That shows a both a spectacular level of distrust of employees and poor management.
It really looks like he made someone angry and they decided to put him in jail in revenge.

Re:Actual crime

[Sun.Jedi]

First, switch CISSP with DBA.

Lets not forget...

1. 1. The network he was unable to attend to (because of being jailed inappropriately) ran FINE in his absence. He has skills, and previous descriptions indicate this is not a simple network.
2. 2. He stuck to his beliefs. I think this is a good quality, especially considering it cost him his freedom for a period of time.
3. 3. In spite of the negative connotations of imprisonment, I'm sure there is educational value from his situation.
4. 4. In my personal opinion, from whats been published, management screwed the pooch on this one, he did the right thing, in several situations.

I would hire him.