Slashdot Mirror
Fate of Terry Childs Now In Jury's Hands
snydeq writes "Closing arguments concluded Monday in the city of San Francisco's case against Terry Childs, the network administrator charged with violating California hacking laws by refusing to hand over network passwords for the city's FiberWAN during a 12-day period in 2008. Childs was charged in July 2008 and has been held on $5 million bail ever since. The highly technical trial, which featured testimony from San Francisco Mayor Gavin Newsom and Cisco Chief Security Officer John Stewart, has dragged on for nearly six months. By Monday, five of the 18 jurors and alternates selected for the trial had dropped out, and the remaining jurors seemed relieved to see the arguments wrap up as they left the courtroom Monday afternoon. They will return Tuesday to start their deliberations. Childs faces five years in prison if he is convicted for disrupting service to the city's computer system by withholding administrative passwords — a verdict that, if rendered, puts all IT admins in danger."
They didn't "allow this person to get complete control of essentially EVERYTHING", they paid him to do it and not tell anyone the password except the mayor.
Technically, he should get a bonus instead of boned
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
> No, I haven't read the links or anything else. But it needs to be said.
Yes, ignorance always leads to well-reason opinions.
No he didn't.
--- "When you gotta do something wrong. You gotta do it right. (Fighter)"
Has the decision come down yet?
If the answer is "no" then you are wrong.
...before posting. The frenzy's already started. People - there's a long story here. Do not rely on this summary to tell you the details. Don't litter the thread with inane "he broke the law and should pay" comments. Your fellow non-readers in-spirit have done so on a minimum of twenty prior threads on this issue.
Please, please learn the backstory before commenting. Think of the children. Plus, some readers are getting on in years (35+). They can't handle the spiking blood pressure.
The fact that the case has dragged on this long and that some of the charges have already been dropped seem to highlight the fact that there is some doubt as to whether or not he actually broke the law.
The written policy was that he only gave the passwords to the mayor in a secure setting.
People besides the mayor tried to get the passwords.
The mayor tried to get the passwords in a non-secure setting.
They grossly over-reacted and were probably trying to violate their own written policies.
If they can force you to violate policies or go to jail for up to 5 years, then you don't want to be in that job since the penalty for violating written policies may be just as draconian.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
The city of San Fran was luck to get someone that has a backbone and some moral fiber. He was protecting the citizens of the city against complete IT ignoramuses who happened to hold positions of authority and leadership. If they were even a quarter as competent as him, his actions would have posed no threats what so ever.
The situation is kind of like you closing the front door of your apartment and the landlord can't figure out how to turn the door knob. Why did you close the front door? Cause the landlord wants to store your neighbors' valuables with the door open for all to see. So now the landlord sues you for holding the house and its contents hostage! Oh and btw, if anything gets stolen, its your fault! _You_ should have closed and locked the door!
YES, the case is really that stupid!
Mod parent down. His job was to keep the network secure, and the people demanding the passwords didn't have a right to know them. He told the mayor instead.
This is, of course, after they fired him without demanding the passwords first.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
It's true! Hence why flat earth theory, a geocentric universe, phlogiston theory, and about 90% of the stuff Aristotle wrote about medicine have all retained their relevancy and veracity after all of these years.
What 12 guys in a room decide they collectively think happened has no bearing whatsoever on what actually happened.
Go green: turn off your refrigerator.
Pity he doesn't have a jury of his peers, so he's basically gonna get crucified by joe & jane blow citizen (good citizens who convict evil hackers like the prosecution wants).
"He was an employee and this was the city's property and he refused to give up the passwords. Sweet Zombie Jesus"
The city's property? Who the hell is "The city"? Did "The city" appeared and he refused to give the passwords to him (or is it her?)? Or are you implying that since it was "the city's property" he should give the passwords to any citizen that would happen to ask for? Because as soon as he was asked for the passwords by the proper person (the major) at the proper environment (face to face with him without unknown people at sight) he indeed promptly passed them out.
"then IT Managers will be able to hold sway with the passwords."
You can bet no IT Manager would tell the passwords to the janitor no matter how much "the company's janitor" it is.
Are any actual facts in dispute? This seems to be purely a matter of law. Are 12 undereducated laymen really the right venue for this?
A Pirate and a Puritan look the same on a balance sheet.
He essentially served a 2 year sentence regardless of whether or not he is found guilty? Awesome. I knew justice is blind, but I didn't realize that it was stupid too. What there wasn't a tracking anklet available? Really 2 years waiting in jail for a non-violent "crime"?
You are not a real, proper IT geek until you've either been fired or quit over this sort of nonsense.
Securing systems from morons is just part of the job.
A Pirate and a Puritan look the same on a balance sheet.
No, that would be "flamebait".
Flamebait is a subset of troll. Trolls, according to the original interpretation (by my reckoning) are people who make disingenuously ignorant or incorrect posts in order to elicit corrective responses. Really, trolling is just making posts to get responses out of other people.
Good trolls make posts that seem like sincere opinions or sincere misunderstandings, but the entire point of the post is to get people to take you seriously. Hence it's sometimes very hard to determine if someone is trolling or not. This works best when the person doing the trolling is a known expert, so that people who are "in the know" can catch the joke.
People who post flamebait are trying to incite a flamewar, which is slightly different, and usually more obvious.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Demand a waiver from all employers..Maybe it takes things like this to get you all to organize. Otherwise live with the verdict if it goes badly.
For justice, we must go to Don Corleone
The city should be smacked upside the head for sure over this case, but not for the "reason" you mentioned - and while your smacking hand is still warm, smack yourself one for not reading "the links or anything else" and then commenting that "it needs to be said," and clearly not understanding Child's job (or seemingly much else about this case).
With your aptly demonstrated lightning fast reasoning and judgment skills, I think you'll go far in life my friend...
Have you ever considered politics?
But that isn't true. If the written security policy states that that person, even if it is -your boss- isn't to have the password. Then that person doesn't get the password, no matter how many times they ask. Written policies exist to lay down the foundation and rules.
I've been in similar situations back when I was working as a admin. We once had a executive VP demanding we give the password to a machine to someone not authorized to have it (And no, the VP did NOT have authorization or power to change that policy, he was NOT in charge of security). He threatened to fire us. We told him to go ahead, but that the only people who got the password were our replacements or other authorized individuals. He DID have the power to fire us. But that STILL didn't give him the power to demand that password, or that the security policy be changed.
Companies, and I'd imagine city governments too, have policies and chains of commands on all sorts of things. These things are usually written down somewhere so as to be enforceable. And THOSE are the things that matter. I don't remember ever working as a admin where my immediate supervisor had a root password to anything or his boss. But the good ones all knew that it wasn't their job to know those things, they paid me to keep those secure from people who asked. Even if that meant some pip-squeak with a highly placed friend.
It is real simple: Whoever owns the systems, and their designated agents, have a right to have access.
Yeah, say that with a straight face to the guy demanding the root password because he read "it was important", and you got a call last week from him asking you to change his desktop wallpaper because "it got stuck". IT admins not going in for that kind of non-sense is a compelling reason why large sections of the internet don't slide off the side of the planet in a dribble-like fashion.
This guy was responsible for critical public infrastructure -- infrastructure that kept working for months after they fired him. They broke it repeatedly after gaining access, and it took hundreds, if not thousands, of billable hours to repair the damage that happened when those owners and their "designated agents" got their hands around the gooey core of the network.
Justice is about harmony, not law and order.
#fuckbeta #iamslashdot #dicemustdie
It is real simple: Whoever owns the systems, and their designated agents, have a right to have access. If they ask you for access, give it to them. It's that simple.
It so simple, it sounds like that's exactly what Terry Childs did. He may have withheld access from a "designated agent" for a while, but he had no way of verifying exactly who the designated agents were. Would you suggest he just take their word for it?
Give me Classic Slashdot or give me death!
It's not as clear cut as that. From what I understand, we was operating under a specific protocol for release of the passwords, that excluded the possibility of him handing them over to his bosses at their request.
So what's more important -- following the established rules, or doing as your boss says? In a perfect world (not that we operate in one), the rules are more important than the individual. If the boss wanted the passwords directly handed over, then the boss should have gotten the rules changed to allow that.
Just because someone is your boss doesn't make you their slave. And if you believe your boss is doing something wrong, it is morally incorrect to do as you are told, even if you document your protests.
Although, it does seem likely the guy was being a jerkwad... that doesn't mean he was an incorrect jerkwad, or a jerkwad acting illegally.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Welcome to America. My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area, the asshole federal building superintendent called up his asshole brother cop and he wrote it up. She did no damage to the door, they have no evidence, the cop was not even there. (Illinois it's a level 4 felony for doing damage under $500.00 to a federal building. $0.00 is under $500.00)
I'm paying $400.00 an hour to get this dropped because of raging Police and Court stupidity. The DA in that district is a idiot that thinks he needs to be "tough on crime". This should have been thrown away the second the officer turned it in, but new laws require them to pursue everything a cop turns in.
I personally have nothing but contempt for the joke that is our judicial and legal system.
Do not look at laser with remaining good eye.
His supervisors wanted the passwords.
The Mayor wanted the passwords - secure or not if the Mayor of the city you work for wants a password, you give it to them. I work in the public sector and while the head of the agency isn't my supervisor, if she asked for a password that she didn't need, I'd write it down for her.
http://www.cio.com.au/index.php?q=article/255165/sorting_facts_terry_childs_case&fp=&fpid=
"First, despite the many news reports claiming that Childs had shut down all or part of the city and county of San Francisco's network, what actually happened was that Childs refused to provide his superiors the passwords to the city's core FiberWAN network, effectively preventing them from administering the network."
"Following the completion of the FiberWAN, Childs looked upon his creation as art -- so much so that he applied and was granted a copyright for the network design as technical artistry. Skeptical of his colleagues' abilities, Childs became the sole administrator of the FiberWAN, and the only person with the passwords to the routers and switches that comprised the network. This state of affairs was widely known throughout DTIS, and Childs was the only point of contact for changes, troubleshooting, and overall management of this network."
I've looked around and around and see no references to this written policy, just that he'd only agree to give them to the Mayor in person.
Did he do half of what the City of San Francisco said he might do? Nope, but should he have given up the passwords to his damned supervisors? Yes.
This is what the City of San Francisco gets for letting a felon run their network.
"The possession of ammunition may have raised flags with the police, because 25 years ago, at the age of 17, Childs was arrested and convicted of aggravated burglary, and spent four years in a Kansas prison. In 1995, prosecutors said, Childs was again arrested in Kansas and charged with aggravated assault and carrying a concealed weapon. The case was reduced to misdemeanor weapons possession"
I think, what most lay people don't understand is that the rule: 'Don't give out passwords indiscriminately' is equivalent to the Hippocratic oath for some IT admins, particularly those in charge of large networks. If he just handed out passwords insecurely, that would cause more damage than Childs locking down the network for a brief duration. I'm inclined to believe that he was acting in the good faith of his job, particularly because he was willing to be arrested over being fired/becoming redundant. I seriously hope he's cleared, because he performed his job to the letter.
The people who demanded the passwords were Terry Child's supervisors.
I have worked for small companies in the past where I was the sole administrator. My solution to this was to store a PGP encoded file on a shared drive with the passwords in it, locked with my asymmetric key and one with a random password. Either one would open it. I put the plaintext password in an envelope, sealed it, signed the envelope and had my boss sign it. The envelope got stored in the company safe and I could inspect it at will. If the seal was intact I knew I was the only one with the passwords and was still responsible for the system. If the seal was broken, it was agreed I did not have any responsibility for damage that might have been caused.
This gave my employers the confidence that they could recover from a disaster (hit by a bus, win the lottery, etc) and gave me the confidence that I didn't have to rule out assistance from well meaning but unskilled bosses when something broke.
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
they are a far better choice than 12 college graduate lawyers that think they are educated but really know nothing about technology.
Honestly, I have met a lot of lawyers and they firmly believe they know everything because they went to a lot of college.
Do not look at laser with remaining good eye.
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
They ceased being his superiors they second they fired him, which was before they asked for the password, if I recall the other stories about this correctly
Who owns those systems? Not his boss -- the City does. And the City did not give his boss authority to get the passwords directly from him. The City established a set of rules for transferring the passwords, and his boss tried to circumvent those rules.
This guy's boss was not acting within the rules established for him to act as a proxy for the City (if we're going to follow your ownership logic). So who's acting responsibly... the guy who chose to follow the rules despite the risk of adverse personal impact? Or the guy who wanted to ride roughshod over the rules in the interest of expediency?
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
The City. Townsville. Where the Powerpuff girls live. You know.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So, if your boss said give me access to erase all the fraud I been doing, you are ok with that, cause the policy said so? Wait till shareholders get a bead on that and you end up in the same boat as this guy. That's pretty much what Fastow did in the Enron case.
Which thing? Google was able to quickly verify what he said about giving the passwords to the mayor.
Well, sort of - for various reasons, he refused to give up the passwords to his bosses because he decided (correctly or not, of course, is for the jury to decide) that the only person authorized to receive the passwords was Mayor Newsom. Now, I'll note that, if his interpretation was that the "city" owned the passwords, you could make the argument that, if that's the case, he could also interpret that as broadly as humanly possible and give everyone in San Francisco the passwords; after all, if the network is owned by the city, that means its *public* property, not just the private property of Mayor Newsom or select city employees. Realistically, he adopted a particularly narrow and self-serving interpretation of city policies to suit his own agenda, a point which the city is trying to make in court.
Ultimately, Childs is, at best, technically correct. It doesn't change the fact that he rules lawyered himself a rather convenient bit of job security, even if it proved to be temporary. This case won't put "all IT admins in danger" unless "all IT admins" work in places where there are no sane, documented policies regarding password handling and sharing and where ownership of IT equipment is rhetorically ambiguous.
The GP has a valid point though. What if the admin got hit by a bus and died? The city would be in the exact same position. In my opinion that's just straight up bad management.
I don't believe in karma, I just call it like I see it.
Apparently you've never worked anywhere with a serious security policy. I've had a few jobs where I could only give my passwords to the security officer(in a sealed envelope, every time I changed them) or my replacement. Giving them to my immediate superior or his immediate superior would've gotten me canned or jailed, even if told I would be fired.
Indeed, not doing so once got me promoted to my boss's position after I reported it:)
The "city" is the City of San San Francisco, his employer.
The city's representatives, who wanted the passwords, are Jeana Pieralde, the head of security for San Francisco DTIS and the DTIS CIO, not the janitor or anyone off the street.
> his guy was responsible for critical public infrastructure -- infrastructure that kept working for months after they fired him.
But he wasn't responsible for it after he was terminated.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
He did his job. He followed the letter of the law, and has already spent quite a bit of time in jail for doing his job properly. This is (once again) mental instability run wild. Just a week ago I heard of a terrible plane crash in which case nearly 100 senior government officials died when the leader of the country (who shall remain anonymous) perhaps (and we can only guess) ordered the pilot to land in dangerous situations. The now deceased leader had ordered pilots to do dangerous things before, and they refused before, only to lose their job and reputation and face the wrath of the state. This one obeyed and nearly 100 died (including the pilot). Getting back to this case, the mayor clearly overstepped his bounds, and did not follow his own rules. If it were an airplane instead of a computer network, many could have died. There are rules in place to protect all parties. Its when ass-hat administrators over step their bounds of authority and common sense, that disasters occur. Its one thing to be voted in, but being voted in doesn't mean that they are suddenly experts in everything. There are technical things in this world that require technical expertise. Ignoring that fact can cause royal disasters like this. Why this guy has spent so much time in jail is absurd. My wish is that the city lose its entire IT staff, and that they get HaXored till there is little left to protect (and then all the elected officials lose their jobs and face equal jail time).
From what I am reading --
Article only states he refused to hand out the network admin passwords to a room and speakerphone full of people he felt were unqualified. There was no mention of who exactly wanted the passwords -- or if a follow-up attempt by 'a superior' was made while not on speakerphone. If he is in trouble for JUST the refusal to give the password out on speakerphone and in a room with a dozen people, I'd give him a pat on the back and a bonus for proper IT security.
When I was an IT assistant at a high school, I'd pull the same stunt if my boss (or the principle) asked me on speakerphone to give out the local admin passwords on the computers to a dozen people (Staff, teachers)...
Just like Terry (If i read correctly)... I'd be protecting the computers and the network security by withholding the admin passwords from people unqualified to have admin access without admin intelligence in the field (i.e. not sticky-noting the local computer password to the monitor on the computer for kids to see)
Already was hard enough keeping kids from installing kazaa and other security hazards without admin rights... give out the admin password to a dozen non-IT security-unaware people? yeah right....
One of terry's listeners probably would have put the admin password on a stickynote to his work and home computers..
No I'm not.
--- "When you gotta do something wrong. You gotta do it right. (Fighter)"
Being judged by twelve random people is as close to 'objective' as possible. I can only imagine the systemic biases that would arise from 'professional' juries, or 'expert technical' juries. Would you want a FOSS defendant judged by a jury from MS or Apple? Vice versa? Or as you seem to allude to, a world of bench rulings like the dark ages? Or a world where lawyers bid for the good opinion of a jury comprised of other lawyers? Disgusting. I'm immensely glad to have the right to be judged by average people, not because I harbor any romantic notion of them (they tend to be dolts), but because the alternatives are far worse.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
In case you haven't noticed, the principle of "innocent until proven guilty" is still in force. That means that until and unless the jury finds him guilty he is to be considered innocent.
Good, inexpensive web hosting
If you know your boss is doing fraud, but didn't say anything about it.. either you're IN on it, or you should have already called the Feds.
PS: That's what backups are for.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
No, you have it wrong... He was not a jerkwad that refused to give his poss the password......
HE HAD NO BOSS.
They already fired him! This is such a big point.
Then they realized that they were idiots who had only one person working on the entire network... And no one else knew the first thing about it.
That was the superiors fault, not his.
THEN they asked this guy, who worked his butt off on the network only to be fired by a 'superior' who doesn't know a network from a CPU, who already tried to get him fired without cause 'because he is a quite type who does not fit in'.
"Um, hey, yea, you don't work for us anymore, and even though I don't actually know what your job was I decided you don't know how to do it...
And even though it would actually be breaking our own rules and possibly the law.... Um yea' will you give a room full of unauthorized people and a open conference call your admin passwords to the entire city wide network?"...
THEN they arrest you? Then they say that because he could VPN from home when he got calls in the middle of the night he was 'hacking'.. Etc.
Read up on the case.
If I get fired I won't screw anything up, but I sure as shit am not giving my 'superior' one more second of my time. I have no legal responsibility to do or say anything my 'superior' wants... Even if he is the butt buddy of some cops and DA's.
Just that simple, huh? So let's say the Dean for Admissions demands you give him the organization-wide root or domain admin password. Will you? What if it's the dean for admissions, two members of the board of trustees, the chief of campus police, and a computer lab tech from the biology department, and all want you to give the password to the lab tech?
If the policy states you shall not give the password to anybody but the CIO, and all of these "designated agents" come to you and demand the password... are you going to give it to them?
Let's say you quit your job, and three days afterward they call you asking for the passwords. How do you know if the policy changed? Maybe the CIO was fired. How do you know these are still the "designated agents"?
These are the types of problems that arrise from this prosecution. The law gives organizational policy the force of law, without realizing its limitations. So before you tell us to "shut up", you might want to think about the ramifications of that first.
Except that the contract of Childs said that he was not allowed to tell anyone but the mayor. They were asking him over a teleconference, where he didn't know who was on the other side (except that the mayor was not). He was thinking that he would be liable if he did give over the password.
At least, not anymore. And he refused to hand the passwords over to those who were. Consider what a finding in favour of Childs would mean; any admin upset about termination could hold on to their passwords out of spite.
The city does have some culpability. They should have ensured at least one other person had the passwords, in case Childs was hit by a bus.
The No True Scotsman would like a word with you and your "real, proper IT geek". I'll warn you in advance - it involves kilts, commando-style, and bagpipes.
A vote for me is a vote for...hey, who the hell are you, you suspicious looking person? Security, I don't like the looks of this guy. Get his information and prepare him for deportation. ;-P
Sent from your iPad.
It's funny that you think you're safe because of policy. As another has already said better, so did he.
Oh, but that won't happen to anybody else, right?
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
The people who demanded the passwords were Terry Child's supervisors.
Not if he had already been fired.
I think people are arguing over whether this was an actual written policy, or just a policy he made up. (I don't claim to know).
I have seen the future, and it is inconvenient.
In a pure legal sense yes... but you are still free to your own opinions.
OJ Simpson was found not guilty of double homicide... a sizeable number of people out there firmly believe that he did in fact commit the acts he was accused to. Should we be punished because we do not agree with the jury?
Help Brendan pay off his student loans
What I don't quite understand is how Childs was hired by The City to begin with given his criminal past.
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case?pp=2&fp=&fpid=
Sure, he was convicted of burglary when he was only 17, so I'm not sure if he was classified as a juvenile under Kansas law. He was then charged with misdemeanor weapons possession years later.
The guy did his time, so I'm not holding anything against him peronsally....I just find it surprising that a government agency would hire someone with that kind of record.
If you post as Anonymous Coward, don't expect a reply.
Just for him, or for every disgruntled former employee who's petulantly holding on to city property?
It's a half-right half-wrong situation. What happens if he gets hit by a car, and no one has the passwords? Bad news, lots of wasted time and money. But giving the passwords up to an idiot supervisor just because they asked? Bad idea as well. This isn't the military, just having someone be your superior does not necessarily give them the right to your keys.
given that he was already fired, I would say the rules are more important that the boss. The rules are usually binding even after you are fired.
It does sound like he went about it the wrong way and that probably had a lot to do with him having a chip on his shoulder. If his boss had asked and he had said "Im sorry, but your own policy dictates that I give these passwords only to the mayor under these circumstances" then this probably would have been cleared up that day. I'm sure he was more of an ass about it... probably because he was pissed about loosing his job. But if he followed the policy to the letter it really doesn't matter if he is a total dick.
God knows some real sociopaths have gone free because they didn't violate the letter of the law.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
The dumber the jurors, the more it comes down to who can afford the best lawyer.
Go green: turn off your refrigerator.
Actually your landlord argument varies by area and contract.
In my experience, with apartments, the management is generally allowed to come inspect as needed. They frequently are checking smoke detectors, leaks from other units, etc. They run into, for example, situations where a leaking pipe in an upper unit causes water damage in a lower unit.
With homes, it's less common for the open access verbage to exist. The more you spend on a rental home, the better (generally) the verbage is for your privacy.
To extend this, the police interviewed my ex-mother-in-law regarding someone who was renting a room. They *wanted* to go into his space, but were legally obliged not to because he had leased that space. She couldn't even legally enter it. Even with her permission, they couldn't go into the room. A little later (like a couple hours), they did secure the proper warrants, and returned. They politely asked to gain access to the room because they did have the proper paperwork.
Serious? Seriousness is well above my pay grade.
Anything can happen in a jury trial, but it's hard to believe that Child's will lose this thing. The district attorney needs to prove two things (at least):
That Child's acted maliciously, that he was trying to cause harm to the network. I have seen no real evidence that supports this idea. The city tried to say that he did it to keep them from firing him.
They also have to prove that his actions actually caused damage. This is problematic because the network never actually went down, his actions didn't cause damage. The city uses the twisted argument that the fact that they were unable to prevent Childs from accessing the network was damage enough, that Childs was the one they needed to defend against.
I did not sit through the trial, but it's hard for me to believe that many juries would find this to be true beyond reasonable doubt.
Qxe4
You do not have a real, proper God Complex until you've either been fired or quit over this sort of nonsense.
Securing systems from anyone who's not you and therefore considered an inferior being is just part of the job.
FTFY.
The organization's policies are no longer any of your business once you leave their employ. They're not law. If they want to violate them, that's their concern, not yours.
I thought policy was just to cover the asses of the people who make requests like this, and set aside whenever they want something counter to it?
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
A written policy can't fire you and won't be there to help you get your job back. When in doubt, do your job (though it helps if you can get the request in writing to CYA later).
God invented whiskey so the Irish would not rule the world.
Woo! Big miss! The landlord (by default) CANNOT just come in without proper notice, at least by PA Landlord-Tenant Law.
Either way, the analogy doesn't apply at all. Childs wasn't leasing anything here. It would be as if the landlord here had a maintenance man who changed all the locks, and then wouldn't hand over the master keys to another maintenance man because the landlord wasn't there to say it was OK.
And that is still simplifying it WAY too much.
I cant say for sure what the policy was in this case, but there are plenty of places that have a policy that would preclude you telling your direct supervisor your password. In a federal, top secret environment doing so could easily land you in prison.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Wait, you mean his fate is in the hands of 12 clueless "average" citizens?
He is truly fucked.
Apparently you've not participated in Voir Dire...
In theory, you're right. In practice, however, it's not quite the same thing.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
FTFY.
But ya, a few years of school doesn't mean you know everything on all topics. That's why competent employers like experience. ... and staying with the topic, a jury of your "peers" doesn't mean that they are actually educated in the topic being discussed. I would be a competent peer on a whole variety of topics, but if I was on a jury for medical malpractice I would understand part of it, but definitely wouldn't understand standard operating procedure. That would be spelled out by both sides and their "expert" paid witnesses, so SOP would be skewed towards their side of the case and I would be at the mercy of dumb luck to guess which one was more reliable.
Serious? Seriousness is well above my pay grade.
Yes, because its hard to point out a few mistakes inside millions of correct assumptions.
Perhaps you should learn to read. He said:
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Who on earth modded this interesting??
For the record, people mod posts interesting because they find them "interesting" not because they are correct. And complaining about modding is childish.
This has been discussed many [slashdot.org] times [slashdot.org], and I regret to inform you that your argument does not hold water. While it's a nice story to imagine this 'geek hero' standing up against the system, it's an airbrushed, romanticized version of the truth. This dude was out of line, end of story. He decided to try to flex his muscles, and he got taught a very valuable lesson that many could learn from. It was not his place to determine who was "competent" enough for the information.
The important point is that he was asked to give up that information after he was fired. In a sane world, Childs would have been able to tell them to fuck off because he as no obligation what so ever to work for free for his former employer. Btw, this is one of the many reasons IT workers should be unionized. Unions could have layed down the ground rules to abusive workplaces like this and fined them for millions for their transgressions. Companies don't own you for life.
Football Odds
A number of facts are in dispute, or at least the interpretation of a number of facts, and that's why this case potentially "...puts all IT admins in danger..."
The city claims that Terry took a number of nefarious actions that endangered the network. They claim that he installed multiple modems connected to the network to allow him to access it without logging or auditing. Connecting a modem to the console port of a router or switch is a common back-up access method. It's the only way you can remotely get to a network device if the network is down. When you connect, you still need the username and/or password to get into the device and that access can be logged. It's no different from connecting your laptop directly to the console port.
They claimed that he disabled password recovery on network devices to prevent the city from accessing them. But all of the devices where password recovery was disabled appear to be devices that could not be physically secured. Disabling password recovery is, again, a common practice for devices that are physically accessible.
They claim he had sniffers installed on his computers in order to snoop on the network. How many network admins out there DON'T have a sniffer program installed for troubleshooting the network?
After he was arrested, his pager was taken and it went off with an alert from one of the routers. The city claims this was unauthorized access to the network. Again, it's extremely common for network admins to have monitor programs that send out an email or pager alert in the event of a failure.
I agree that Terry handled the situation poorly and was probably a bit of a jerk. But the city's attempts to pile on the charges in an attempt to get back at him do threaten to set dangerous precedents that could come back to bite any system or network admin.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Childs essentially held the City IT hostage.
Please explain your statement.
The mayor had a policy to not give anyone else the passwords but him.
Childs did NOT give the passwords to others.
Childs DID give it to the mayor, as the mayors policy stated to do.
Where from those facts to you jump all the way to holding anything hostage?
Is your wife holding your house hostage because she won't give a copy of your keys to a random kid down the street that asked?
> If the COO of your organization can't get the passwords who can?
Well that would depend on the policy that is in place.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Expert for the part where he did not keep system-level admin passwords in the database held by security, as explicitly required. Which would have prevented the entire face-to-face confrontation.
Yes all suspicious looking persons will be shot on site, given a fair trial, and then promptly hung.
"He is so stupid. And now back to the wall!" Moe Szyslak
technically correct; The best kind of correct.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Pity he doesn't have a jury of his peers, so he's basically gonna get crucified by joe & jane blow citizen ...
The downside to treating everybody as equal before the law is that everybody is everybody else's "peer" for the purposes of jury selection.
"Jury of his peers" is from British law - where the Magna Carta established the right of Lords to be tried by a jury of other Lords in disputes brought by the King, to keep the King from arbitrarily convicting them of made-up crimes and seizing their estates. Later it was extended to the other classes of "Englishmen".
When it comes to the US, while many of the legal principles came across, the explicit legal distinctions among classes of citizens, based on heritage, occupation, government position, etc. were explicitly banished from US law. We were left with free, slave/involuntary servant (a class later eliminated except for those convicted of crimes), non-citizen, and "untaxed Indian" (effectively citizen of an independent country called a tribe who hasn't opted for full US citizen status).
About the closest we have to "peer" in jury selection is the requirement that the trial take place in the community where the crime occurred unless the DEFENDANT requests it be moved elsewhere and the judge agrees he can't get a fair trial in the original location.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
He was just being a dick. He used the policy as an excuse but 'the mayor tried to get the passwords in a non-secure setting' is just fucking bullshit.
They aren't nuclear launch codes and it was the highest man on the totem pole.
Smack his ass back to reality for it and remind him how unacceptable it is to do what he did.
You can argue that he was right ALL day long, but I dare you to make that argument at a job interview. There will be VERY few places that will side with you on that one.
He effectively held hostage ... for 12 days ... the keys to a large chunk of infrastructure. You know what, you're right, we should let admins do whatever they want cause they know best. Admins should just run the country rather than doing their jobs as their told.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I get the same thing here at my company in IT security - lower-level store managers across the country who (supposedly) decide that one of their employees is loafing off too much and want their Web history for the past week or so. Or maybe they just want to know, how can I tell?
Of course, we don't use proxy authentication so it's insanely hard and time-consuming to even find that data with a degree of certainty, but even if I can, no way am I giving that up to somebody who I don't even know is definitely that person's manager.
We finally decided enough was enough, and now we categorically refuse to provide any information whatsoever unless an actual investigation incident is created with Human Resources, and only Human Resources can make the request. Problem solved on that one!
Another great one: a few years ago I helped on a worldwide Active Directory deployment for a company made up of many sub-companies. Anyway, this bunch of Battlin' Business Units distrusted one another so much that they actually paid our consulting company to be the only entity with Enterprise Admin credentials - of THEIR own AD forest! So I've somewhat been in this situation, and believe me, we also specified very carefully how that credential would be turned over and to who. Luckily this company didn't press the issue at all.
But he wasn't responsible for it after he was terminated.
Neither did he, upon being fired, have any remaining obligation to the company, which is rather the point of the case: Is it unlawful to withold passwords from the employer after termination? I mean, it's one thing to change the password to what they ask, it's another to give up your password, which might be usable on other things that don't belong to them (like your personal data). It's bad practice, sure, but a real one.
#fuckbeta #iamslashdot #dicemustdie
In which case he is effectively breaking several state and federal anti-hacking laws that Kevin Mitnick was happy to get created for us.
You really don't want to take that route as a defense against any lawyer with some knowledge of the history.
Just holding the keys to a computer system you are not authorized to hold is a felony offense.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Wow... Just wow.
In times like this, I think the media is your best friend. Surely, there has to be some local investigative TV reporter who likes going after government excesses. If I were involved, I'd play it to the max and do everything humanly possible to get this retarded governmental behavior plastered all over the the 6:00 news, and use the investigator to go after the state reps and senators to put pressure on these buffoons.
You and your daughter deserve public apologies and reparation from everyone involved (who in return each deserve a firm kick in the ass) The only way it's going to happen is to make it visible. Just sayin'
Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
Would you suggest he just take their word for it?
Clearly, Childs knew who those people were. Whether they had "access" or not should have been cleared up the first day that they were able to make him sit in jail.
I don't know about you, but the people who are allowed to put me in jail are welcome to the passwords to a system that I don't even manage any more. If he wanted to make sure that he was held blameless, he could have made a request to have it entered into the record that he was giving the password up under protest, but that he was respecting the order of the court that he divulge the information. What worse could the city do to him than throw him in jail for a longer period than some felons get?
Most employment agreements do have clauses that require you to provide information and assistance to your previous employer even after termination (they are supposed to pay you for your time, but giving out a password really wouldnt qualify).
What is at issue here is the security policy and the question of whether or not Childs was required to give out the password to his supervisor or, as he claims, only to the mayor. It seems like this should be pretty cut and dry if there is a written policy, but apparently its more complicated than that.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Yes, The City did appear, or at least its duly elected representative, 'The Mayor of The City', who told him to give up the keys, to which he refused sighting some more bullshit about it being an unsecured facility ....
There are also several other people that represent the city and most likely are legally allowed to assume responsibility of infrastruction in the case of emergancies, the City Manager is the first that comes to mind.
This really isn't that hard to comprehend if you're older than 8 years.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
No reference? Right in the middle of the "don't" list in the City's policy is "Do NOT disclose passwords to your boss".
Here, I'll quote it for you:
"...If the COO of your organization can't get the passwords who can?"
If the policy states clearly, *in print* that the passwords should only be given to the mayor, fuck the COO and anyone else (except the damn mayor) who asks for them. *that" is what he was paid to do and that is what he did.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
If he left the job (willingly or otherwise) and then divulged the root password to someone who wasn't supposed to have it, he'd definitely be walking on thin ice.
"The use-mention distinction" is not "enforced here."
Does anybody actually have a copy of that contract? I keep hearing this, and I'm wondering whether it's true, or a distortion by his lawyer, or just some oft-repeated bullshit by those that want him to be a hero.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I've been following the story off and on, and the one thing I get hung up on is the crime charged. IANAL but if the crime he is accused of is "disrupting service" - shouldn't this have been thrown out a long time ago? Disrupting service = outage. If no outage was incurred, what service was disrupted? Yes they could not make changes, but the system continued to run. If I abstract this to my personal network... forgetting my network password does not create a disruption of service. Certainly an inconvenience, but I remain connected to the interwebs.
Can you tell me that password again?
These are the types of problems that arrise from this prosecution. The law gives organizational policy the force of law, without realizing its limitations.
This is the real problem. Without that, the concerned admin wouldn't have to care about policy - certainly not after they've left their job.
Nonsense. Your BOFH specifically added something to the system explicitly to cause damage if he was terminated.
Unlike the BOFH you got rid of (who actually WAS out of bounds) Childs secured the network and then followed the broken security policy as well as he could. At most, he was a pain in the ass. His managers were demanding information that according to security policy they were not entitled to. They wanted him to reveal it to a great many people all at once on a conference call no less. Guess who would have been on the hook if one of those managers (in typical manager fashion) said to himself, this IT stuff isn't so hard, I'll just make this little change and BOOM! net is dead.
The network never did go down until after the password was handed over. That is, they managed to screw it all up exactly as Childs predicted. The only reason he's not on the hook for that is that he was in jail at the time.
A proper written policy would have specified more than one person to hold the key passwords and/or a vault to store it in in written form (preferably with a tamper evident seal). Personally, I prefer people log in under their own credentials and then sudo as needed, but a lot of network equipment only supports the one true password model.
To those who repair computers, your two best friends are a guy at work and a friend from church
Being a spelling & grammar Nazi is a sign you do not poses the intelligence to contribute to the conversation
He is a living being. Part of the role of humans (rather than computers) is to deal with situations where you can't just Follow the rules. If all it was was 'following the rules' it would be computerized.
I have never worked somewhere that my supervisors did not have access to system passwords.
I regularly supply them with updates to the passwords for our systems that have them.
Its called being a good admin. NO ONE PERSON EVER holds the ONLY SET OF KEYS to the system. That is fucking retarded administration and anyone doing it needs to be fired.
If you allowed the situation to exist where no one had the passwords then you failed in your job. You should have known the policy was retarded and worked to get it changed.
You can make all the arguments about policy and chain of command you want, but the reality of it is policy is regularly broken when it doesn't actually fit the situation.
Whats more interesting is why we aren't talking about the fact that thier policy required THESE PASSWORDS TO BE RECORDED IN A SAFE MANNER THAT HE DIDN'T ACTUALLY DO.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
This has been discussed many times, and I regret to inform you that your argument does not hold water.
And yet it might pass water. Or at least pass water on the argument.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Ah - thanks for adding to the list of incorrect assumptions for me by appending one of your own; namely, the assumption that I am either illiterate or failed to take note of the weasel-word "often" in the commenter's statement and, upon perceiving it, would immediately share the commenter's ambiguous interpretation of the word. Bravo, sir!
With respect to the "alternatives are far worse", you might want to read up a bit on how the legal system is implemented in The Netherlands and the rest of Europe or any other western civilizations around the globe for that matter.
The best case against your "juries" or dolts as you call them is to ask yourself how any higher courts work in the US. Do they have juries? I didn't think so.
His boss was Information Security.
This wasn't "sharing" which is what the policy discusses, this was demanding it because he was an administrator with the only password.
By this policy he shouldn't have given the password to the mayor of San Francisco, hell he still should have it and that part of the City's network should be unmanaged.
It is real simple: Whoever owns the systems, and their designated agents, have a right to have access. If they ask you for access, give it to them. It's that simple. You don't have to give them your password, you do have to give them a password that gives them access.
Let me provide you with a real world example:
Edward Diego should have never been given access to Shodan. Sure, a hacker gave him access, not one of the station admins, but that's quibbling. The main point is that stupid people shouldn't mess with AIs controlling space mining lasers and robots.
Not unless you act on your opinion or express it in a way which can be interpreted as either slander or libel.
Good, inexpensive web hosting
Good lord, I had no idea I was going to get modded into oblivion for this comment....ROLLBACK!!!ROLLBACK!!!
If you post as Anonymous Coward, don't expect a reply.
I think you're missing the point. The original policy is to give the passwords to no one except for the mayor in a secure setting. If it was me, I don't care if the President of the United States, or the Pope was asking for those passwords. It isn't happening. I will give those passwords to the mayor, in a secure setting. Only. Ever. Period. I work in a larger governmental institution than a city. If I were to simply pass the keys to my entire department to the head of Security and the CIO, I would be jailed for knowingly/willingly compromising the security of the organization. I'm sure this is a similar situation, damned if he did, damned if he didn't. It looks to me like the CIO and head of Security just got pissy that they were not considered competant enough to run the system in the minds of its designer.
Although, to humor you, the landlord has a right to inspect his premises at any time, even if you're living in the apartment. Remember, the landlord owns the place, you're just paying him/her to borrow it.
I don't know of any state in the US where this is true. Certainly not in mine (TX).
I have found there are just two ways to go.
It all comes down to livin' fast or dyin' slow. -REK, Jr.
It is perfectly rational when that is exactly what his contract told him to do.
So you're saying that Childs had a duty to withold the passwords from Richard Robinson, the chief operations officer for the city's Department of Technology and Information Services.
Childs had ideas above his station, like other bad admins. When the IT COO asked with HR and cops in the room it should have been forthcoming. Even if it led to problems it was no longer his responsibility.
Ten bucks says if he gets off the case he'll have a job as an iPhone hardware tester at Apple.
APPLE EXEC: "Where's the 5G prototype?!"
CHILDS: "I will personally hand it to Mr. Jobs and only Mr. Jobs only, as I can't trust the rest of you with such sensitive technology!"
Random Thoughts From A Diseased Mind (Not For Dummies)
Though hosted on a San Francisco government site, that document self-identifies as being the product of a trade organization composed of County sysadmins (and it does not list the "City and County of San Francisco" as one of the Counties whose members contributed.) Indeed, "San Francisco" doesn't appear in the document at all.
Can you also post a link to a place on the site where the city says they adopted this document as their policy?
(Also the quoted text doesn't support the allegation that the password was only to be "disclosed to the mayor in a secure setting". "Mayor" doesn't appear in the document, and "chief" only appears as part of "chief information security officer", not "chief executive".)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Most jobs I've had made me sign a nondisclosure agreement for which the protected information included passwords.
"The use-mention distinction" is not "enforced here."
In cases where security is sensitive (such as a city-wide WAN) and the manager is not actually qualified to work on the hardware (common enough with MBAs), they are not entitled to the password and if they had an ounce of sense wouldn't want to know it. They may be entitled to order an admin to share the password with a new admin. In such a situation, telling a manager the password may be (and should be) grounds for termination.
Forgetting all of that, this was an employment issue. It is not against the law to disobey an employer. Their recourse is to fire you. The only exception is military service.
Um, so your "real world" example is from a video game? A damn good video game, I'll grant you, but still...
He refused to hand over passwords when ordered to do so by his superior and his superior's superiors.
It was illegal to do so - he could easily have imagined going to jail for doing exactly that.
Little did he realize that following the law, could also lead to jail...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Disobeying your manager is not a crime.
That's not the point... a FELONY for kicking a door? What's next, going to jail for littering? /me thinks it's a little excessive
(oh, and I'm posting with my ID, not as AC)
I've got better things to do tonight than die.
In my state (Ohio) it's a law that you must be given 48 hours notice before the owner or someone on behalf of your apartment building can enter your apartment. There are exceptions for certain situations, like fire, and possibly your leaking pipes scenario if it was bad enough.
my UID occurs in pi starting at the 384,199 digit after the decimal point.
Because as soon as he was asked for the passwords by the proper person (the major) at the proper environment (face to face with him without unknown people at sight) he indeed promptly passed them out.
I would have insisted on the dome of silence before handing the paswword over to a mere mayor...
Being judged by twelve random people is as close to 'objective' as possible.
No, it's as close to random as possible, and as far from biased as possible, but it's purely and utterly subjective.
And what happens if (as is the case for Childs), some middle manager with no actual ownership or rights demands the passwords? Throw in that telling them violates policy. Suddenly giving your manager the finger is a crime? Too many managers have a god complex as it is without declaring that their word is actually law!
The important point is that he was asked to give up that information after he was fired.
Incorrect. Please read the case history before repeating misinformation.
I think, what most lay people don't understand is that the rule: 'Don't give out passwords indiscriminately' is equivalent to the Hippocratic oath for some IT admins
No kidding; every time I get a user who starts saying "do you need may passsword? It's Fluf-", I start plugging my ears and loudly saying "NO NO NO NO NO". Once they stop, I explain: 1) never share your password 2) when it is absolutely truly necessary, like life or death, never say it out loud unless you're in a cone of silence, watch the person you shared it with, and change your password immediately after they're done. 3) I don't ever want to know your passwords, ever.
Your view of this is rather strange.
Just that simple, huh? So let's say the Dean for Admissions demands you give him the organization-wide root or domain admin password. Will you? What if it's the dean for admissions, two members of the board of trustees, the chief of campus police, and a computer lab tech from the biology department, and all want you to give the password to the lab tech?
When either a direct-line supervisor or someone as high up the food chain as you are supposing here asks for something you pretty much give it to them. Or get fired on the spot with good cause. So of course you give it to them and let them take the heat for the consequences. Network down for a week? So what? It isn't the admin's problem to explain this to everyone.
If the policy states you shall not give the password to anybody but the CIO, and all of these "designated agents" come to you and demand the password... are you going to give it to them?
If the "designated agent" is really authorized, heck yes. About the only way out of this that I can see would be if all you had was someone claiming to be "designated" and the CIO was completely unavailable to verify. Again, doing your job means following directions, even if those directions seem utterly stupid. Covering your ass is a well-known tactic, but refusing to cooperate because of some inflated sense of self-importance is stupid and gets you fired.
Let's say you quit your job, and three days afterward they call you asking for the passwords. How do you know if the policy changed? Maybe the CIO was fired. How do you know these are still the "designated agents"?
And if you have quit, why do you care? If the passwords were not changed the moment you left, it is pure and simple negligence. So all you have is obsolete information that is about as secret as yesterday's newspaper.
These are the types of problems that arrise from this prosecution. The law gives organizational policy the force of law, without realizing its limitations. So before you tell us to "shut up", you might want to think about the ramifications of that first
First off, you do what you are told to do through the organization structure. If you aren't doing that, you get fired for cause. Period. Insubordination is never a good idea and it is a lousy career move. If you have to, you get a real nice CYA document from some higher-up so that you can always say you were just doing what you were told to do, no matter how stupid it sounds. In this case, Terry's job wasn't to protect the city from the Mayor and the Mayor's questionable directions. And openly defying in the manner that was done has consequences that Terry is just finding out about.
My guess is that no matter what he is charged with, the jury looks at it and says he is an self-important idiot that was insubordinate. In 10 minutes they will have a "Guilty" verdict.
So give the password to a PHB and he blows the network up and you take the blame that is ok?
He *was* authorized to hold them. It was a large part of his job description.
When he was fired, they never asked him for the passwords. What was he supposed to do, whack himself over the head until he forgot them?
When the cops came looking for him for what was effectively their mistake, he clammed up (as he should've), since they nor the low-level guys gunning for them had any right to know the information. He said from the start that he'd tell the mayor, and he told the mayor when they let him.
Had he forgotten the passwords the moment he was fired, he wouldn't be in this mess. This is their fault.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
The moment Childs was threatened with jail by a credible governmental threat, then he should have surrendered the passwords.
Dude is a hardhead.
Sure about that?
Whoever owns the systems .... have a right to have access.
Who can and cannot have access is specified in policy.
I was under the (possibly mistaken) impression that your two quotes neatly summarized his trial. Written policy and contract ordered him not to give out passwords to any random elected official, and an elected official ordered him to break the written policy and contract. Remove all the technology and its an ancient story.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
My a priori experience with Voir Dire is that it eliminates people who have any opinions of anything at all. Consequently juries tend to consist of wishy-washy, apolitical, shallow twits.
And I am still thankful for them vs. the alternatives.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Of course the facts are in dispute. That's the only thing a jury is there to determine. When a jury says "We find so and so guilty of such and such", what has actually happened is the judge has told them "These are the points of law - if A, B, and C are true, the defendant is guilty. If any one of them is not true, the defendant is not guilty." The jury decides the facts beyond a reasonable doubt (it is impossible to decide beyond all doubt), and if all the facts meet the definition of guilty, they find the defendant guilty. If not, they find him not guilty.
The only reason there is a trial is because the facts are in dispute. That's why someone says "Not Guilty" when charged with a crime - they are disputing the facts the prosecution has presented.
The wiggle room for getting off on a case is completely different from what people seem to think it is. It's not the law that gives the wiggle room, it's the facts. If the jurors are not 95% sure a fact is true, then they assume it is false.
Because of this, I would much rather have a group of people who have common sense than any sort of technical experts judging the case. Generally, whether or not something happened is only a portion of the case, and often times whether a person intended to do any harm is just as important as actually doing any harm. In that situation, highly technical people are often horrible judges of character and motivation, and they could really fuck you over because they are stuck on some stupid detail that doesn't matter.
I sat on a jury for a felony theft case, and I was pleasantly surprised at the quality of the jurors, considering the pool they were selected from. All the shitheads and dumbasses were weeded out by one party or the other, and the jury was pretty solid.
It's also worth noting that whether or not the guy stole the thing he stole was not in question - the defense didn't even bother trying to deny it. They basically argued that it wasn't worth $500, and not a felony, and therefore could not be held guilty for felony theft. Double jeopardy being what it is, the state would not have been able to come back and charge the guy with a misdemeanor, so it's a good thing he was found guilty. ;)
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
This guy took over this system because he felt entitled and a sense of ownership. He created a little fiefdom which grew in power as the department was gutted due to budge cuts.
http://www.cio.com.au/index.php?q=article/255165/sorting_facts_terry_childs_case
Then he got all uppity because someone else was auditing the network, oh someone of higher rank than he was. And then he threatened that supervisor into running away from him and hiding in their office.
It sounds like he was full of himself, the hard work he had done and felt like he should have all the power over it.
http://www.cio.com.au/article/253823/why_san_francisco_network_admin_went_rogue
I wish I were on the jury so I could vote guilty.
Running for office on a "get tougher on crime" platform has been going on for as long as I can remember. Every new candidate takes this on as a campaign slogan - being tougher on crime that the incumbent.
My point being, is it any wonder after so many iterations this tactic, that the classification of anything short of belching in public has become a felony?
I'd like to think that one day the trend will reverse itself and at some point, some rational sense of "punishment fitting the crime" to prevail.
Unfortunately, the older I get and the more I see the way that many voters are simply ill-informed, mindless pawns to be manipulated by the parties they subscribe to, the less optimistic I become.
Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
In my experience, dumb jurors rarely make it onto the jury box. If it's good for the prosecutor to have an idiot on the jury, then it's bad for the defendant and the guy gets tossed. The opposite is also true. So, what you end up with is a reasonably sound jury - unless of course the entire jury pool is dumb as shit, in which case the defendant and prosecutor and judge are all probably dumb as shit too, so it doesn't really matter.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Horseshit. Refusing to comply with an order when that order is illegal or against the rules that both parties operate under is definitely justified.
So it's all about CYA? That's weak, man. What if Terry was truly interested in maintaining security over the systems? What if Terry suspected his boss would plant evidence to condemn him?
I don't want to invoke Godwin's law, so I won't directly. But you do understand the implications of what you're saying, right? That as long as you're following orders and documenting that you believe it's against the rules, then you're OK, because it's the easiest way out for yourself?
Screw that. Principles are more important than CYA, and I've put my money where my mouth is on that issue on more than one occasion.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I would support jailtime for littering. Very SHORT jailtime, but nonetheless. It disgusts me to see some asswipe toss a fast food beverage cup out his car window into what little green area we have left.
Poor means hoping the toothache goes away.
None of those are examples of ignorance. Each of those was a best fit to the available data. A flat earth fit well if you only had very local data. The geocentric model of the solar system provided very good data for practical purposes. And phlogiston did a decent job at predicting most qualitative and effects of combustion and some quantitative effects as well. To call people ignorant for doing the best they could with data is not at all fair. If someone today is a geocentrist or a young earth creationist they probably are ignorant. We can call them ignorant because the data is available and they have not learned about it. But using the same labels for people who knew everything that was known at the time is a different category.
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
And Firefly.
Jailtime would cost money. I would go for a fine, a *big* expensive fine. Actually, most places have laws against littering, they're just not enforced enough.
I've got better things to do tonight than die.
Those courts don't determine facts of law, they determine process and constitutionality. They can say a procedure was followed incorrectly by a lower court, or they can determine that law is unconstitutional, and therefore overturn the ruling or nullify the case, but they cannot overturn the facts determined by a jury.
The only body permitted to determine fact of law in the US is the jury. Technically congress can too, with their hearings, but those amount to fuck all and are completely irrelevant with regard to the rest of the law.
That's also why the higher courts never, ever hear an original case. It absolutely must come through a lower court first.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
A written policy can't fire you and won't be there to help you get your job back
One would hope that the courts would be there to get you a metric butt-ton of lost earnings when it becomes apparent that you were fired for insubbordination which didn't happen. (In the same way that Lt Foo isn't supposed to follow Capt. Bar's orders when they countermand those of Maj. Baz)
FGD 135
The higher courts don't have juries because they are not being asked to decide guilt or innocence. That's what a jury does. Higher courts only decide whether the application of the law as written was correct or incorrect (or if the trial itself was flawed, or if the law itself is unconstitutional, etc. but never guilt or innocence).
Considering that the Supreme Court of the Netherlands can't even decide the constitutionality of laws I wouldn't look to them as much of a model for anything.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
The jury's job isn't to decide whether they think he's guilty or not, but to decide whether there is doubt of his guilt. It is entirely possible that the entire jury believed he was guilty but was not sure enough of it to convict him.
Well, having followed this story since it first broke out, I do believe that Terry Childs correctly followed the written policy of the city, which was that he should not give his password to anyone, including his supervisors, and that the only person that he was allowed to divulge them to was the Mayor, which is exactly what he did while he was in jail.
If you take your job seriously, then it means going against your superiors when they try to break written policy. You're not always going to be shielded by the "but I was following orders" defense. Your supervisor is also supposed to follow written policy. So if your supervisor breaks that policy and asks you to do the same, then you are just as liable.
Here are a couple of comments that describe the city of San Francisco's password policy and how in this interpretation, he did his job and is being unfairly punished.
The people who demanded the passwords were Terry Child's supervisors.
This point is moot, since the people who demanded the passwords were no longer Terry Child's supervisors. They had already fired him before they asked for the passwords. And any password request has to be in writing, which they did not do either. They asked him over a conference call, with unidentified people in the room.
Best "String" Ever!
Agreed. Isn't there another element to prove? That the askers had a right to the passwds? There is more than reasonable doubt they did not.
This looks much more like a case of false arrest and malicious prosecution. Childs got under someone powerful's skin (congrats&condolensces!) He has suffered serious damages 500k$ (bailbond) + lawyers (500k$?) plus lost earnings . I foresee a multi 10M$ lawsuit once Childs is acquitted. And given the venom of the City's persuit, they will not settle but get hammered by a verdict they will appeal ad nauseam.
Which media?
There was a time when reporters really cared about getting stories to the public. They even attempted to elucidate some measure of "truth", using certain ethics and journalistic principles which they held dear.
Today, thanks to the concentration of media ownership in the hand of a very few corporations, and the subsequent gutting of news departments and purging of investigative journalists, the news has become little more than a collection of press releases and political hit pieces. Syndicated columnists make up a larger part daily newspapers than ever before and local television news has become five minutes of fires and arrests wrapped around 10 minutes of network stories wrapped around 15 minutes of commercials.
Everyone is chasing the 24 hour news-free news cycle. There is no one left to report stories like this one.
You are welcome on my lawn.
My a priori experience with Voir Dire is that it eliminates people who have any opinions of anything at all.
I was summoned for jury duty a few weeks ago, and made it a point to express opinions during the selection process (a coworker of mine had the same theory that you are expressing, and I was interested in testing it). I wasn't trying to get out of serving, so the opinions were reasonable. I was still selected.
I think in at least most cases, the point is not to eliminate anyone with any sort of opinion, just people who either have extreme opinions related to the case or who seem to have little room in their minds for doubt that their existing opinions are correct.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
My own family members have had different experiences with the process, but it's all anecdotal and of course entirely subject to the nature of the jurisdiction and of course the very personalities of the selectors/selectees. No point in playing the 'who's got the better anecdote' game.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
I wonder if there is an achievement for getting both "0" and "5" posts in the same topic? :-)
I can see your point on flamebaiting but still don't think the parent post was a troll.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Littering hurts everybody who lives in the environment (in other words, just everybody).
Kicking a stuck door to open it and getting charged with a felony for it helps taxpayers by showing that their tax dollars are going to waste on administration and personal grudges rather than maintaining infrastructure - in this case failing to maintain the door, and wasting the time of the police officer who took the complaint, the court clerks who have to process it and finally the magistrate's or judge's time.
I hope the young woman turns around and sues based on defamation of character, harassment, hostile workplace, not to mention heavy punitive damages well into seven figures for undue stress and suffering, and that the town council takes those fines out of the asshole administrator's budget rather than assraping the taxpayers. Why? Town officials need to be taught a lesson and learn that simply being on the doll is not carte blanche for harassing citizens.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
It was a written policy. You can find the base document here: http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Besides, if you wish, you can just have them indemnify you in writing.
Put everything in writing to cover your ass if you like, but you don't get to hold on to things until someone n levels above you gives you a personal audience.
I have been fired for this by a COO coincidentally. Only the owners of the company had the right to ask me for the access to the system they put me in charge of and he convinced them I wasn't doing my job. So after I was released from employment by 12 days, they contacted me to figure out how to get back in. (Not that the paperwork wasn't already filed per the policies I had written) After getting the shaft I wasn't so keene on doing consulting work for free. Rumor has it their business is suffering due to that COO and he got fired. Might even get my job back, all things considered.
Yes, yes he did, if the COO is supposed to get those passwords the password policy should be changed to allow it. Even if the COO were supposed to get those passwords, they should be given out in person and in private, not over the phone with HR and cops listening.
He was just being a dick. He used the policy as an excuse but 'the mayor tried to get the passwords in a non-secure setting' is just fucking bullshit.
Following policy is not an excuse, it's the right thing to do. If the mayor tried to get the passwords with 15 unauthorized personnel within earshot, it's a non-secure setting and he should not have given it up.
The city policy expressly states that you should not give your passwords out to your boss. The only people who were to receive the passwords were those who required the passwords to fulfill their daily job duties. Childs was the only person on staff who fit that description, and as such, it was against policy to give out the passwords to anybody else (except the mayor in a secure setting).
He may well have been a dick, and he probably could have diffused the whole situation, but that doesn't mean he isn't right, and it doesn't mean his bosses should be allowed to throw him in jail for following policies that could very well have landed him in jail for not following.
They aren't nuclear launch codes and it was the highest man on the totem pole.
There very well could have been legal ramifications for handing out those passwords to unauthorized personnel. That includes his bosses.
I've got a news flash for you - in 12 days, management that doesn't know shit about networks can really fuck things up bad if they are allowed to mess with it. They were the last people he should have been giving access to, and anybody who actually works with this equipment knows that.
Imagine what would have happened if he had immediately turned over the passwords, management started mucking about, and they accidentally shut down half the network? You know what would happen then? This guy would have been fired for violating City policy, and possibly held legally responsible for the costs incurred. God forbid anybody should die in the process, then he's really fucked.
The fact is, from what I can tell anyway, Childs did the responsible thing but his bosses went on a fricking power trip and had him thrown in jail without ever following the proper procedure for any of this. The assholes here are the management, even if the guy is a dick.
Admins should just run the country rather than doing their jobs as their told.
Just want to point out that this guy is on trial precisely because he was doing his job as he was told.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Uh, it's 57 pages and I don't see the word "mayor" anywhere in it.
You know, just about anyone has the power to put you in jail for a day, just takes a bit of work and some creative story telling.
And city policy was to not give out passwords to anyone who did need them to perform their daily job duties. It even explicitly states as a bullet point to not tell your boss your password.
Just because they were his supervisor does not mean they were authorized to know the password, and it does not mean he was permitted to share it with them.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf
Now you can, and you're absolutely right.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
I found this article helpful:
http://www.infoworld.com/d/data-management/sorting-out-fact-fiction-in-terry-childs-case-310
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Beyond a reasonable doubt is only the theoretical requirement, people are unlikely to vote not guilty if they think the defendant is guilty.
Strangely, although what you says is logical, I don't think they actually have to prove that to convict under the law. As long as he fulfills the requirements that the law prescribes, he can be convicted. Thus whether he was authorized or not plays no part in the case, other than as evidence to whether he was acting maliciously or not.
Qxe4
Um, so your "real world" example is from a video game? A damn good video game, I'll grant you, but still...
"Funny" is often more memorable than "informative".
Except that the half dozen other people who were on that teleconference were definitely not authorized to know the password.
They didn't ask him again until after they'd had him arrested.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
They were in the same city.
Is there a particular reason the mayor couldn't get to him in less than one day?
I'm in a huge city-- 150 miles across-- and I could get to any part of it in under 2 hours. I regularly travel across it for situations a lot less important than this.
If you are liable for security, you don't want to be told, "That person who told you on the phone that they were the mayor? Well, they actually were not the mayor."
I'm very suspicious and I've not been defrauded or phished or whatever.
If the network was so important that they can imprison this guy on charges (no proven crime- no lives at stake) for over a year, then it's reasonable that the network admin would want to give the password to the appropriate person (in this case, the Mayor) directly and securely.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
The problem is, he did only give the password to the only designated agent according the the policies of the owner of the equipment. His supervisor, the security person we not designated agents according to the only document that mattered. the cities policies. He followed policy and yet is still on trial, after being in jail on $5,000,000 bond for more than a year. He followed the rules and because that pissed some people off he has lost more than a year of his life and is facing more time lost. Maybe you would give your passwords out to anyone, if so I hope I never work with you or with any company you work for, but I am very careful with the passwords I have been entrusted with and only people that would get those passwords are designated in written company policy.
Well, when someone at a C-level asks the IT admin person for some password there are really three choices:
Those are pretty much the choices. There is no #4 where you get to "do the right thing" and walk away a free man. The fact that he had already left the organization meant his real responsibility was over. Trying to "save the organization from itself" almost never gets you anywhere and carries huge risks. Terry is about to experience the result of these huge risks.
My guess is the jury takes about 10 minutes to return a guilty verdict.
Put everything in writing to cover your ass if you like, but you don't get to hold on to things until someone n levels above you gives you a personal audience.
If "n" and "personal audience" are defined in policy, then yes, I do. In fact, even if I don't want to, I'm required to. Childs wasn't some Mayor groupie looking for his "Ohmygawd! I just talked in private with the Mayor!" moment. Maybe by the time he finally talked with the Mayor he was a little grumpy from being held in jail, and he was less cordial so it might seem like he was telling the Mayor to kiss his feet, but the impression I get is that he was concerned that his prior boss was *bad news* and that he (Terry) should follow the rules and only let the Mayor have the password.
I have never worked somewhere that my supervisors did not have access to system passwords.
I regularly supply them with updates to the passwords for our systems that have them.
Its called being a good admin. NO ONE PERSON EVER holds the ONLY SET OF KEYS to the system. That is fucking retarded administration and anyone doing it needs to be fired.
What about the situation another poster in this thread described, wherein he was ordered by some pompous "Executive VP" to give the passwords to some other unauthorized person?
Sure, in some 10-person company, your logic makes sense, but in a larger organization, just because you're some VP or whatever doesn't mean you can make up rules as you go along, especially for employees that aren't under your org tree and don't report to you. Of course the IT Director (or VP of IT, or CIO, or whatever that company calls him) will have access to the passwords in any decent organization. He's the boss of IT, so the buck stops with him, and he should have access to all IT-related resources. But that doesn't mean the VP of Marketing gets access to them too, or that he can order some random IT admin to give the passwords to his personal secretary.
Trying to kick open a door in a federal office building.
What's next, going to jail for littering?
If by "littering" you meant "spreading 1000 pounds of tickertape around the hallways of a federal office", probably. If you mean "dropping a cigarette butt on the street corner", no.
You can't consider just the act and ignore the context.
You probably haven't sat on a jury yet. Most people on the jury are not Mr. Childs' intellectual peers, they are his citizen peers. A person is suppose to be innocent until proven guilty, but too many folks from the general population tend to believe "if there's smoke there's fire; he must be guilty if he's charged for something." Sure it is the job of the defending lawyer to try to filter as many of those as possible out of the pool, but the DA's job is to fill the pool with as many of those as possible. Then we've got jury members who don't know jack about the technical details or the law, so they just go with their gut instinct on the people on the stand and the lawyers. Which lawyer did a better job of saying stuff? Hell, some members even go by what the lawyers wore.
No, sadly, our American justice system claims to be a fair system, and perhaps it is compared to others, but it is really a tyranny of ignorance and money. Mr. Childs likely doesn't have the money to really fight this (since he couldn't afford the $5M bail), so it boils down to his luck of a jury pool. Considering what I've read of his luck, that isn't much luck at all. Guilty or not, he could be serving time. Many other folks are rotting in jail without ever having committed the crime they are "guilty of" because the person's "peers" believed they were.
I hope that Childs will be found innocent of all charges, and he can fight back against the city. I just don't believe that facts are enough.
You can tell who around here works as a technical admin and who doesn't. You can also tell who works in information security and who doesn't.
Hoist Number One and Number Six.
So.. he's already served over 20 months for something he may or may not be guilty of. If they just manage to drag out the case another three and a bit years it won't matter if he's found guilty or not!
And people wonder why we complain about the legal system.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Each side only gets to toss so many though, right?
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Isn't this why countries such as France have completely abolished juries, and judgments are rendered solely by Judges (who, under French Civil Code, are inquisitors rather than arbiters, and are professional judges, not promoted lawyers like in our system)?
Of course, that has its own problems, like the fact that one crappy judge will make a lot of bad verdicts, but it does seem better than your fate resting on the opinions of the stupidest people the court could find.
He insisted on meeting the mayor in person to hand over the password. That's not rational or defensible.
Actually that is the only way that he could transfer the passwords. Policy for password transfer stated that no passwords were allowed to be transferred over the phone or by email. Thus, the ONLY way to transfer the password was in person. Which is exactly what he did when he spoke with the Mayor in person.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
That's not the point... a FELONY for kicking a door?
Trying to kick open a door in a federal office building.
You can't consider just the act and ignore the context.
Are you trolling with that line?
Because you just did EXACTLY that.
When information is power, privacy is freedom.
In times like this, I think the media is your best friend. Surely, there has to be some local investigative TV reporter who likes going after government excesses.
Sorry, but Walter Kronkite is dead, and there is no such thing now as an "investigative TV reporter". The only place you'll ever find an "investigative reporter" in the USA is on some small, independent website, and as their resources are very limited (as it's mostly hobbyist or extremely low-budget), there's only so much they can do, and most people will never hear about them.
Most "reporters" these days don't even know the W's: who, what, when, where, how. Critical and obvious details are constantly omitted from "news" reports that I read from major news sources like AP. It's utterly pathetic.
If you want serious reporting, you'll have to invent a time machine.
You might have a point if they were not allowed to discuss the case among themselves, since they are, any randomness will have a hard time against peer pressure.
Analogies don't equal equalities, they are merely somewhat analogous.
So a Colonel, two spooks, a Major and a Private walk in, and the Colonel demands you hand the Private the launch codes to your missile station. Your orders are that the codes shall only be handed over to no less than a three-star General. Do you (a) hand over the password, because well heck they must have a pretty good reason, or (b) tell them to go find a three-star General?
And yes, I realise Childs was not military, let alone a missile station operator. He did however have the keys to city infrastructure, and he believed (rightly or wrongly) that the people asking for the passwords were unauthorised. At what point should some CYA document (even if worth the paper it's printed on) be more important than refusing an unlawful order? When should principles be tossed in favor of convenience? What shade was the grey in Childs' situation?
Once he was terminated, his only obligation was to return anything of theirs. If they want to violate their own policies, that's none of his business.
The most he could reasonably do would be to insist his former boss put the request for passwords in writing, and to notify the mayor of this. If the mayor ignores the notice, he has no cause to withhold the passwords.
Ya' know a fast food cup doesn't bother me nearly as much as a cigarette butt. If I had a dollar for every single time I saw an asswipe toss one of THOSE out the window I'd be rich. Pull up to most any intersection, open a door, and look at the curb - it's disgusting! Hundreds upon hundreds of butts at some intersections like little snow drifts. These things are smoldering when tossed too, lovely. I can count on one hand the number of times I've seen something like a cup tossed out however I see butts thrown probably every other day. I think jail time is a bit much but maybe some steep fines that are actually enforced? I'd support that over bogus speed traps to increase revenue that's for sure!
P.S. I think Terry will and should be let off. Everything I've read about this that wasn't sensationalized aka not mainstream media has led me to believe the guy was really just trying hard to do his job and protect the network. I think he took it a little too far but I hope the jury comes forth and blasts his crap management before letting him go....
Build it, Drive it, Improve it! Hybridz.org
Even if the facts are not in dispute, different juries can reach widely varying conclusions. Law is not equations.
Intellectual property, despite common claims to the opposite, isn't real property. For one you can't forget physical property out of existence...
Analogies don't equal equalities, they are merely somewhat analogous.
And another - where is this cited? Who reported this? Nothing I've seen has said this and I read most of the Inforworld and Computerworld reporting. If you saw that crap on CNN I wouldn't give you a dime for it...
Build it, Drive it, Improve it! Hybridz.org
Sure the policy can get you fired. You broke the rules and can face the consequences of that. Your job was to follow the written policy and you clearly failed to do it.
It can also perfectly well keep you from getting fired. You alert those who made the policy of the situation and then it's up to them to review the case.
Juries are in no way considered objective by competent legal scholars. While I'm not a lawyer, I did just attend a day long symposium on one common legal phrase that is widely subjective, "a reasonable person". (http://www.lclark.edu/law/law_reviews/lewis_and_clark_law_review/spring_symposium/2010_Schedule.php).
It was very fascinating listening to different professors/scholars describe how varied jury results can be depending on background. A completely balanced jury, some conservative, some liberal, some religious, etc.. an "average slice" of America, for instance, does not approach objectivity, but rather only approaches consistency in ruling. State by state, a case with fact set A, will always result in conclusion B by the jury. It doesn't mean that the ruling was "correct". To an all conservative jury, the ruling of the "balanced jury" would seem very wrong.
Objectivity is very hard for the legal system to build into a jury trial. Especially when you ask jury member A to answer a question like, "Was what Person A did reasonable?". It is mainly the responsibility of each juror to try to be objective, and that requires someone to be intelligent enough to know what is personal bias, what is objective fact, what the law is asking you to decide, etc..
Now, a good judge can explain very carefully what things, and what things only, matter to the decision at hand, but studies present in the symposium above showed that more detailed/explanatory jury instructions had ZERO effect on jury outcome. Personal bias based on self declared values was the primary factor.
What I took from the symposium, is that you better have a lawyer that knows how to pick a jury favorable to you.
I have never worked somewhere that my supervisors did not have access to system passwords.
I regularly supply them with updates to the passwords for our systems that have them.
That is policy at my work. No one gets the root passwords without filling out the proper paperwork, including getting supervisor signatures, and approval from the IT lead of the systems which the password is to. The IT lead approval entails having demonstrated the technical knowledge for that specific system(s). You could be someone who has 20 years of IT experience, but if you can't show that you know how that particular system is setup, including knowing what major services it runs and the systems and processes that rely on the server, you won't get root.
NO ONE PERSON EVER holds the ONLY SET OF KEYS to the system. That is fucking retarded administration and anyone doing it needs to be fired.
We have a process in place where root passwords are stored on a secured system. Access to the system heavily restricted. Once you login to the system, a custom shell is run which prints out the list of passwords that you have been approved to have access. The actual full list is not available to everyone. The full list is encrypted and maintained by programs developed in house which give the ability to add new systems and their corresponding passwords, update passwords to existing systems, and add/revoke the users from viewing that particular system. A history of old passwords is also maintained (and is part of what is printed out on the screen to the people who connect). The list is maintained by our Accounts group who are in charge of keeping track of all accounts on all systems and maintain the paperwork/databases showing who has access to what, and are in charge of creating and removing the accounts on all systems (i.e. if someone is fired, the Accounts group disables the person's accounts on all systems that they may have one).
You can make all the arguments about policy and chain of command you want, but the reality of it is policy is regularly broken when it doesn't actually fit the situation.
But that is just it, policy did fit the situation. The policy said he could not give the password to his boss. Due to a single-point of failure, he was willing to give the password(s) to the person allowed by policy to have them, which was the Mayor, but only under the proper way, which meant in person. We don't allow passwords to be transferred in any other manor either. If you need your password reset, the only way to get what we reset the password to is to physically go to a designated password coordinator in your area. They have strict policy for giving you the new password which is done in closed door office and the password is shown to you on a computer screen, and/or where you then have the ability to change the password (in accordance to password complexity policy).
Is this all overkill, not really. Especially for any location which deals with as much money as a large city does, or with protected information, or any of a number of other reasons (maybe it is a secured government network which handles classified information, etc.). A GOOD IT admin knows that protecting the data from idiots is their number one job priority.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Not commenting on the case - but I can attest to having been in situations where I had passwords that neither my boss nor his boss were permitted access to - the only other person with access was the owner.... and that policy came from the owner.
It's not common, it's not normal - but it happens, and has to do with domain expertise and risk mitigation.
Always have a procedure in place to deal with the possibility of an "irreplaceable" employee getting hit by a bus. (I once took over a position at Intel where the former employee had died suddenly of a heart attack, leaving a CVS file locked. We decided to leave it locked in memoriam.) In this case, establishing a procedure for hand-off of the passwords long BEFORE firing the only employee that knows them would have been a no-brainer to any competent IT manager. In my book, if you fire me without notice for no reason, I'm not obligated to do ANYTHING after I walk out the door -- should have gotten those passwords in the exit interview if you needed them. Granted, Childs was a paranoid dick, but the managers created this situation themselves -- they should have known better.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Out of curiosity, what would you do if the CIO asked for access with several grad students present? Cause that's pretty much what happened in the case of Childs. In my company this would lead to a separate conversation between just the COO in my case since I report directly to him. At that point I would make him/her aware of the risk involved in exposing passwords with 3rd parties present at which point they could voice that they still want me to give them access. Management makes lots of boneheaded moves and it is up to us to limit the damage they can cause. Yes, the owner has access to all files but that doesn't mean I give him full access. He once deleted 200gigs worth of contracts because his VPN had momentarily lagged and clicked the wrong buttons. Of course I have systems in place to recover from this but the bottom line is that you have to protect them from themselves. If that data goes missing they aren't going to take the blame afterall.
Well... if a voice on the end of a speakerphone claims he's the COO and there's a half dozen other halfwits standing around when the question is asked umm NO!
Or if someone who says he is the COO is standing in front of me with an open speakerphone to some halfwit with another dozen halfwits standing around eagerly awaiting my password then NO!
If I'm asked to provide my password after having been fired and am no longer employed then NO!
If instead the written policy states that I can give my password to the COO and I meet with this person 1v1 with perhaps a single witness and I'm employed at the time then yeah I will give the password in exchange for a written document that's witnessed stating that I am no longer responsible for the account I've just handed over a password for.
Now which of these scenarios do you think occurred in this case?
Build it, Drive it, Improve it! Hybridz.org
This keep cropping up in this thread, and I don't know why. The policy is online, and does not contain the word "Mayor", or the phrase "designated agent", or any of the many other things that are supposedly in it. So he did not follow policy in this respect.
What is in the policy is the actual policy for system level passwords, and the enable password for network kit is definitely a system level password. It states:
"All production system-level passwords must be part of the security administered global password management database."
Simple, clear, and Childs was definitely in breach of it: only he has these enable passwords, and did not put them in the database.
For him to argue that the rules for personal passwords applied to system-level passwords and take it to ridiculous extremes - well, this was always bound to end in tears.
In the case of OJ I wouldn't worry about being sued for either.
Please don't pass judgement on our judicial and legal system until AFTER the verdict has been passed on your daughter. I have a tough time believing a jury or judge would be swayed by the testimony of the police officer, if the events happened the way you say they did. Regardless of the actions of the police and prosecutor, she'll get a fair crack in court.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
Well said! I'm sick of all this CYA stuff. I see it everywhere and people seem to think it allows them to do whatever bullshit they want. Course I guess I grew up in an environment where I take responsibility for my actions or lack there of. If I screw up at work I'm the first to mention it to the owner. At that point I discuss mitigation to prevent it from happening again and that's worked out pretty well so far.
We seem to live in an age where mistakes can't happen or someone gets fired and I think that's a terrible place to be. This is why I mitigation systems to handle accidental deletes and automatic rollback for database commands made in error. As a Sysadmin I plan for mistakes of others as well as myself and as a result, things work pretty well.
Charge the defendant with everything you can think of even if you don't believe he's guilty of all of it and then negotiate down to the only charges you had any chance proving in the first place.
It's like raising prices just before a sale marks them down.
The portrayal of the VPN information suggested that Childs should not have had this documentation, even though he was the city's lead network admin and apparently had to maintain these lists as part of his job. But entering the VPN information into the court records made them public -- the San Francisco district attorney's office committed a significant security breach, opening up VPN access to anyone who cared to look at the document. Although the passwords alone were not enough to provide complete access to the city networks, they did constitute one part of the VPN's two-phase authentication configuration.
(link) I wonder if the someone from the DA's office will stand trial for whatever laws cover such a broad and incompetent breach of security. Seems fair, after all, considering what they're doing to him. And before anyone says "Hey, they're lawyers, not IT guys, you can't expect them to have the same level of password security sensitivity that IT folks do, yada yada yada", I'd say that any lawyer that ignorant of IT security has no business involved with this case to begin with.
I have some doubts about Child's story, but stupid stuff like this on the part of the city certainly lends support to his alleged fear of turning over passwords to incompetent city employees.
I prefer rogues to imbeciles because they sometimes take a rest.
at least you get a trail unlike some other places
Under the very same anti-hacker law that Childs is being tried for breaking, had he given the passwords to the wrong people after his termination he could be held criminally responsible.
In other words, you don't give the keys over to the janitor when you are terminated, you give the keys over to the authorized representative. If he is in a situation where he doesn't know exactly who is authorized, then the right thing to do is to hang on to them until he knows that the person he is giving access to really is supposed to have access. You can get yourself in an assload of trouble for not doing this. To get in an assload of trouble even if you do it puts IT administrators between a rock and a hard place.
Once an authorized representative requested the passwords, he gave them to him. The mayor was almost certainly higher than necessary to get this done, but he may have been the only person Childs knew for a fact was authorized and could and whom he could also verify the identity.
These were passwords to Cisco routers and switches. He didn't lock anybody out, nobody else was ever authorized access in the first place! The first article to come out about this case said Childs changed everyone else's password and only granted himself access. That's patently absurd - the Cisco equipment they were using only takes two passwords - one to get into the router/switch, and one to make configuration changes. That's it. There are no other passwords to change, and he kept them the same accross the entire network. Because there are no other passwords to change, it is absolutely critical that only those who need to know the password know the password. According to company policy, nobody else needed to know the passwords, since he was the only one who worked on the equipment, and therefore nobody else was authorized to know the passwords. The city policy expressly forbids giving the passwords to your boss if your boss is not already authorized to know them.
The way it sounds to me like it happened was something like this: Childs's bosses wanted the passwords because they did not trust him having sole possesion of the passwords. He refused to give them the passwords because they were not authorized to know the passwords. At this point, instead of calling up someone who was authorized to receive the passwords (the CISO, according to city policy) and having Childs give them the passwords, they held a big meeting - including a teleconference - and demanded he give up the passwords or they would fire him. They may have done this because Childs was being a dick about the whole situation, but the fact is even if there was an authorized individual he could give the passwords to at this meeting, he couldn't share because there were unauthorized people present. At this point, they fired him, and when he refused to give the passwords up (because the people asking were still not authorized) they had him arrested under California's anti-hacking laws. They drummed up all sorts of nonsense charges, but the only thing that had any chance of sticking was the password issue, and even then it took a year and a half to build the case. In any case, as soon as he was able to give the passwords to an authorized individual - and only an authorized individual - he readily gave them up.
It's worth noting that things were running smoothly until the guy's bosses were finally able to access the system, at which point things started to break because they didn't know what the hell they were doing.
Kinda makes you think the policy was there for a reason, huh?
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
All he'd have to do is have the requester warrant, in writing, that they are acting as an agent of the organization.
Besides, I really, really doubt the mayor signed off on any policy requiring him to take direct action in low level network administration. That's just some nonsense Child's wrote up.
technically correct; The best kind of correct.
Best quote ever. And in the world of law, it's so true that it's not even questioned.
"When either a direct-line supervisor or someone as high up the food chain as you are supposing here asks for something you pretty much give it to them. Or get fired on the spot with good cause"
I've been at jobs where I have several master passwords which I am not allowed to give to *anyone* - the only other person who has them is the owner of the company. There is a manager or two in between us in the organization, but those particular passwords and policies were very clear.
Line-managers of various sorts in between me and said owner did ask for access to things on occasion, as well as directors and whatnot from completely other departments - and in such situations, rather than be combative, I would explain the situation delicately and respectfully, and then we would handle the situation however we saw fit - whether that meant we both went to see the decision maker, whether that mean they would raise it on their own, or whether they wanted me to raise it for them....
I'm a sysadmin. I am a facilitator, and a protector of someone else's assets - not a power-hungry dictator.
Even if the owner of the company walks in and asks for access to "everything", to which of course he is entirely entitled, I will try to find out what's up and what he really needs. I might explain why, while of course it's his stuff and I will give it to him on his insistence without question, there are some risks he's exposing his organization to by doing this. This has, so far, universally led to a "Huh, those are great points, I hadn't thought of that, nevermind.... all I really need is X.
Straw man arguments are lies.
You handle it gracefully and politely, while covering your ass. You point out that the current policy says you'll get fired for just giving out the passwords - so you ask your boss for some guidance on how to resolve the situation properly - their need for access and your concern about policy (or whatever). You work together... not against each other with policy as a hammer.
There is only one rule, The Golden one (He that has the Gold makes the rules; not the do unto others one), and after more than 20 years as a lawyer I think he holds the system in contempt as well, after being a True Believer, ultra straight edged, right wing, NRA/RNC boyscout for most of his life.
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
And it would still be spelled "Sci Fi". Marketing drones... the hosers.
"They will return Tuesday to start their deliberations. Childs faces five years in prison if he is convicted for disrupting service to the city's computer system by withholding administrative passwords — a verdict that, if rendered, puts all IT admins in danger."
This is true, this puts all IT admins who exit their job angrily, hijack the system and lock everyone else out in danger.
I mean, who hasn't been there, right? I mean, one could just leave the job gracefully but something something something freedom.
Perhaps... but you know what? This shit happens in the sysadmin world. All those corporate policies about passwords and stuff? Relatively new in the grand scheme of things. A good sysadmin doesn't go batshit nuts and do anything to even make it LOOK like you are holding a resource hostage. A good sysadmin goes out of his way to ensure that he's not seen as a threat, even though he could be - remember, most people have absolutely no idea the unprecedented level of access their sysadmins really have.
Sysadmins can be quirky and weird - but the one thing you don't want your references saying is that you were ever dishonest, thieving, or held a resource hostage. If you're going to defy a higher up's request for something, you document very clearly what and why you are doing it, and you include that higher-up in those communications. That tends to earn you respect from all sides.
He acted wrongly in several ways, it seems to me, even if technically correct on paper.
That said - his *manager* should have had the skills to assess and diffuse the situation and set things back in order. They could have retained a possibly valuable asset rather than ended up in this expensive godawful mess. They let the guy get that deep into the "it's mine" hole..... that's a natural direction to head. you have to help him dig out, too.
Actually the Dutch system isn't all that bad. One good thing is that judgments are not made up by people in a locked room, who flipped a coin to decide for all we know. The judge's decision comes with argument that explains how he arrived at his verdict. If his reasoning or application of the law is flawed, or his weighing of the evidence is biased, this will be reflected in the court ruling. An appeals court will not only examine process, the admissibility of evidence, or the credibility of witnessesin any particular case; it will also examine the reasoning behind the final verdict. And just like plaintiffs and defendants in the US can toss jurors, in the Netherlands they can toss judges if either side thinks they are biased.
It's not all good though: you pointed out the strange position of our constitution and the fact that it is perfectly legal to make unconstitutional laws in our country (we do have a few of those). But the most insane (and recently hotly disputed) rule is that lawyers of any stripe can (after due selection and screening) be asked to sit as a judge in case real judges are in short supply.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Nope, he need merely say "evil hacker", blow a lot of smoke, and the jury will convict.
I agree. I never said Childs was at all diplomatic about it or even that his approach was the most constructive.
However, being abrasive or politically inept are not crimes either.
Then, as you probably know, there's the case where the manager is an ass and had a bad morning so that even the most polite request for clarification or orders in writing is seen as intolerable insubordination. That will be when you are really glad he can't have you tossed in jail over a job dispute.
FTFY.
Probably my first off-topic post after years reading slashdot, but I must say that FTFY stuff is getting a bit tiring. It doesn't sit well with me to quote somebody's words and alter them. Better to quote honestly and explain how you think your opinion differs, which it would seem you don't disagree anyway. FTFY seems very arrogant to me--there was really nothing to fix in his post because what he said was actually true in his experience, and most reasonable people would agree with him. There's probably not one post ever submitted that couldn't be "fixed" by someone in some fashion, and then what kind of forum would it be? Just a bunch of FTFY's, over and over and over... blah! Am I being picky? hmmm
(which btw, people further up the food chain, including the highest ranking person there, told him to ignore in this case)
The highest ranking person there doesn't mean shit if the highest ranking person there isn't authorized by the city to make such a decision.
What happens if you give the passwords to someone who, according to the IT Security policy which you had to sign a binding legal agreement to uphold, is not authorized to have the password and it leaks out, putting the entire infrastructure at risk?
What then? That's pretty much exactly what happened here. The people who were telling him to ignore the policy did not have the authority to tell them to ignore policy - it was binding on them too!
I'll tell you what happens if he gives the passwords to people he shouldn't. In the case of a private entity, not only can you be fired (and rightly so), but if your actions led to the leaking of information that must be kept secret by federal privacy guidelines then you can be held criminally and civilly liable as well. In the case of a government entity, it's almost a certainty that you can be held criminally liable. This system absolutely had sensitive data on it, and it was part of his job to make sure it did not get out.
So what the hell are you supposed to do? Give up the passwords in spite of security policy and go to jail when stuff breaks or private data leaks, or refuse to give up the passwords and go to jail anyway? What the fuck man? I'll admit, it sounds like Childs was being a dick about the whole situation, and had he been more diplomatic he could have diffused the whole thing early on, but what if it's your bosses being dicks, and nothing you do to try to do things the right way works. I've seen office politics, and some people know how to stir up a shit storm in a hurry to get rid of someone they don't like.
In any case, nobody should lose two years of their life for no better reason than they were being a bit of a dick at work.
There are REALLY simple ways to handle these solutions.
You're right, and they were laid down in policy format, and his bosses didn't follow them.
When are admins going to realize they are nothing more than computer janitors?
That's funny, they get paid a hell of a lot more than janitors do.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Woo! Big miss! The landlord (by default) CANNOT just come in without proper notice, at least by PA Landlord-Tenant Law.
First of all, I didn't say anything regarding whether or not the landlord must give notice, merely that the landlord does indeed have the right to enter (yes, even according to your PA Tenant-Landlord Laws). Pretty much all state laws provide for landlord inspection, granted many have qualifications (i.e. must give 24 hour's notice, broken pipe, etc). However, having worked in the multi-family Real Estate business for 10 years in my past, I can tell you that there is a lot of fluidity with regard to interpretation on this law. I can't count how many people have tried (and failed....all of them) to drum up some right-to-privacy lawsuit because they felt that they could keep the landlord out of their place at any cost. It just flatly isn't true. Also, if you really want to get down and dirty, there are those types who might go in and "create" a broken pipe which would give them the "emergency" they need to go it. Not saying it's ethical, but I've seen it happen.
You are right that the landlord analogy doesn't really apply, and neither does your anecdote. In fact, the Terry Childs case would be like if the maintenance man changed all the locks but refused to give the master key to the landlord (not another maintenance person). If you'd read the facts of the case, you'd know that it wasn't some "unauthorized" person who was asking for the passwords:
I find the European legal systems, including the Dutch one, to be inferior to the US legal system. What makes you think they are better?
Justice is about harmony, not law and order.
Have you ever actually interacted with our "justice" system?
Friend of mine drew his sidearm to prevent a VIP from entering a nuclear reactor, on a destroyer, as I recall, because the VIP lacked credentials. My friend was a CPO. VIP was a 2 star. And quite livid. A week later, the 2 star's boss (a three star) sent a commendation.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
The judge provides all the explanation, reasoning, and application of the law that's needed. The jury can only render a verdict within those boundaries.
Think of the jury something that's there in addition to the judge, not something that replaces him.
No, I did not. The poster said "for kicking a door". That leaves out a considerable amount of context. She wasn't kicking just ANY door, it was a door into a federal office building.
It's a sham debate tactic to leave out the critical bit of information to make the situation look ridiculous. It's common on /.. "She was arrested for PUTTING ON LIPSTICK!" Yeah, ok, that sounds silly. "She beat up the salesperson at the cosmetic counter, stole the lipstick, shoved a few people out of the way as she ran out the door, and then put on the lipstick". Not so ridiculous to be arrested, huh?
How about this one. "Boston coed held at gunpoint for wearing a sweatshirt." Oops, did we forget, this was a sweatshirt with blinking lights sewed in, she was asked by an airport employee about it (and the clay object in her hand) and she ignored the questions, was approached by security people who she tried to ignore, and was finally stopped only after they held their weapons at the ready (not pointing at her.)
Yeah, it was also the door into her place of work, but does that matter? Why should an employee get to kick in the door to a federal office building? The proper course of action is to call the maintenance people and report the door, not blast through it yourself. So, when someone tries to shorten the story a bit too far, I think it's fair to remind everyone of the missing bit.
And the fact that something so absurd has to go so far, with no legal safeguards against such abuses is not contemptible?
Well, that's the thing: in my locale at least there's a couple journalists who would take this on. Your point is well made, though. It's going downhill fast.
Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
Somehow, I think we're missing a part of this story. Was there a fight just before she happen to kick the door in? Was there an history between the superintendent and her? What Federal Prison was this in???
Imagine that you're a general contractor, doing home improvement work for Bob and you hire a locksmith to install locks. Whey they finish the job, they refuse to give the keys to you, and only to Bob, because they're worried that you might make your own copies before you give them to Bob? Do you have them arrested and thrown into jail, or do you just have Bob get the key from them?
How about the same situation, but now you're Bob. You come home, your general contractor is out to lunch, and the locksmith has just finished up, but he doesn't actually know you, just the general contractor and so he won't give you the keys? Once again, do you treat this as a criminal situation, or do you just call your contractor and have him sort it out with the locksmith?
Once again, same situation, but now you're the locksmith. You've just finished up. Neither the contractor, nor Bob is around, but Bobs ex-wife arrives. You've met her before, so you know who she is. She seems to be free to come and go when she comes by shuttling their child back and forth. She even was even in charge of the renovation project, even picking out the new doors and doorhandles you've just installed locks in. However you've never actually seen her there when Bob wasn't home and you don't know if she's actually supposed to have her own key. She insists that you give her the key. Company policy says that you're only supposed to give the key to the homeowner, and she doesn't seem to quite fit that definition. So, you insist that you'll give the key to Bob and he can make her a copy. So, she calls the police and has you arrested and thrown in jail. Then Bob comes to your cell and you give him the key as you said you would. Then you get held over for trial with bail set ridiculously high even though you're not a flight risk, on the justification that you could break into Bob's house even though the locks have been changed again. Let's face it, of course you could break in, you're a locksmith, but what have you done that makes anyone think you'd be likely to?
What's next, going to jail for littering?
Yes. It's only a matter of time until some green-nazi tries to characterize throwing a cigarette butt out the window as eco-genocide and they try to lock you up for it.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I see you're going for the Aspergers defense.
Well, if you read further, I said more. It wasn't just a FTFY. It's not just lawyers who believe they are smarter than the average citizen because they've gone through college, plenty of folks believe the same thing. Then again, some people are just humble, and you don't know that they are college educated. They have learned a lot, and behave at my level, so they are truly a peer. I knew one person who wanted to be called "Master ..." because he had a masters degree. Of course, he was working a lowly support job (like, low in the whole scheme. I'm not berating support folks.) Spending years and thousands of dollars for an education doesn't make a person any better, it only bought them a certificate to hang on the wall to imply that they are better.
I met a good friend of mine at a job we worked at together. He was senior management, and I worked my way through the ranks for a while. From his actions, I knew he was very good at what he did. It wasn't until years later that I found out about his education. He doesn't hang it on the wall to say "respect me", he proves through his behavior that he knows what he's doing, and he has earned my respect. Through my actions I have earned his respect also.
Serious? Seriousness is well above my pay grade.
A completely balanced jury, some conservative, some liberal, some religious, etc.. an "average slice" of America, for instance, does not approach objectivity, but rather only approaches consistency in ruling. State by state, a case with fact set A, will always result in conclusion B by the jury. It doesn't mean that the ruling was "correct".
Well, fuck me, I always suspects brilliant legal minds didn't understand the concept of "consent of the governed", now you've confirmed it. There is no 'correct' ruling EXCEPT that which a jury reaches.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I wish I were on the jury so I could vote guilty.
Is this the kind of justice you have down under? All it takes is just one guy writing a story based on one long email that he received from an anonymous source, and you're ready to hang the defendant despite the fact that you haven't heard anything from his side yet. Wow!
No, I did not. The poster said "for kicking a door". That leaves out a considerable amount of context. She wasn't kicking just ANY door, it was a door into a federal office building.
Wow, you are amazing. What the poster wrote was, "My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area,"
As in she kicked a jammed door that she had every right to pass through.
Sham debate tactic indeed, in your self-confident arrogance you couldn't have done a better job of demonstrating your point if you had tried.
Why should an employee get to kick in the door to a federal office building? The proper course of action is to call the maintenance people and report the door, not blast through it yourself.
Nobody is permitted to think or act for themselves. Exactly the kind of people we want working for the government. As the man also wrote, and which you also left out of your version of the 'context' was that absolutely no damage was done. Even more context you left out - the law is about damaging federal property not simply applying a bit of percussive maintenance.
When information is power, privacy is freedom.
Somebody mod this up.
I'm not a lawyer, but I play one on the Internet. Blog
I'm a smoker, and I put my butts back in the cig pack when I don't have an ashtray at my disposal.
So yeah, cig butts should be considered as littering, same as candy wrappers
I've got better things to do tonight than die.
Justice is about harmony, not law and order.
Mod me down for off topic, but there is something so true about that statement that I can't get it out of my head.
So yeah, cig butts should be considered as littering, same as candy wrappers
More specifically - butts are made of plastic very much like candy wrappers and thus are not bio-degradable.
When information is power, privacy is freedom.
When either a direct-line supervisor or someone as high up the food chain as you are supposing here asks for something you pretty much give it to them. Or get fired on the spot with good cause.
But not arrested. If your boss asks you to do something against the "code" (company policy, personal ethics, whatever), you can always tell your boss to fuck off and get fired. But he did that and got arrested.
Insubordination is never a good idea and it is a lousy career move.
But, unless you are in the military, insubordination is also not illegal. I'm confused on this point, as you are defending throwing someone in jail for two years for damaging a network that worked just fine until he did give the passwords to someone else, at which time they (or their agents) broke it.
He was in jail for almost two years for doing what he thought was his only legal/contractually-allowed action. It isn't about whether they can just fire you for being an ass. That's irrelevant. It's whether they can throw you in jail for following written policies you boss finds inconvenient.
Learn to love Alaska
"Your honor, The jury finds the defendant innocent, due to the fact that his password really was, 'It's actually a passphrase'. He responded to every request for the password by telling it to them - it's not his fault that they thought he was being arrogant. In reality, he was being completely cooperative.
Furthermore, we request that the city be ordered to pay a large amount of money, say the $5 million that they required he come up with, to Mr. Childs. Because they are such fucktards."
When you're dead, you don't know you're dead. It only affects the people around you. Same thing when you're stupid.
What if you commit a felony, because your other choice is also a felony. Which course of action do you pick then, then?
Can you be Even More Awesome?!
Being judged by twelve random people is as close to 'objective' as possible.
Except it's not "random." Attorneys from both sides generally get to throw out people for all sorts of reasons, usually including some peremptory challenges where they don't have to give a reason at all for throwing someone out. If you were doing a poll on public opinion initially with a random sample, but you let Republican and Democratic representatives choose to throw out a significant number of those sampled for any reason they wanted, would you still consider the sample to be "random"? Would you still trust the result of the poll?
I'm immensely glad to have the right to be judged by average people, not because I harbor any romantic notion of them (they tend to be dolts), but because the alternatives are far worse.
First off, they aren't necessarily "average people." In any high profile jury, they are people generally selected by jury consultants to either be likely to agree with a particular side or else be open to suggestion in particular ways. Generally, people who think for themselves, whether smart or stupid, aren't considered. The "average" person has nothing to do with it. These are the people most likely to be swayed by lawyers.
Second, what "alternatives" have you considered? You cite a few examples which obviously have their drawbacks. Does that mean that there couldn't possibly be a theoretical alternative that you haven't considered? For example, what about a hybrid system that incorporated some of the desired characteristics together -- perhaps (for instance) combining some people trained in law with those "average people," even just as advisors. We give appellate courts the power to overturn rulings for all sorts of technical reasons (sometimes they just need an excuse to make a larger political point), but the actual juries of "dolts" (as you put it) have to make their way through the complex legal arguments that are often put before them with little guidance. Judges have to be careful if they are even asked a question of law, since an improper instruction to a jury could be cause for a mistrial. So, without any guidance, and if the juries actually are "dolts," then they likely will vote for whichever side put on a better show, or the side that confused them the least, or something like that. Is that really the best justice?
I don't claim to have a complete answer. But I'm certainly not going to claim that the system we have is better than all possible alternatives.
Welcome to America. My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area, the asshole federal building superintendent called up his asshole brother cop and he wrote it up. She did no damage to the door, they have no evidence, the cop was not even there.
Is this the same asshole federal building superintendent who repeatedly made sexually suggestive remarks and advances to your eighteen year old daughter and who threatened her with legal problems if she didn't accede with his lascivious demands?
*hint* *hint*
That appeared in an earlier article.
Says the man complaining about context.
When information is power, privacy is freedom.
The overall policy is.... 'They wrote the policy not him'
They can void the policy with a new policy and I don't think there is a policy in place that says a policy has to be written to void a older policy.
What if he were to die in an accident or something else also before he was ever able to give out the passwords.
The city's policy probably predates all this and I am sure the cities legal team knows the rules better than this guy, it's San Fucking Francisco. Not some little town we are talking about here.
The whole thing seems to be revolving around this 'non-secure settings'; I dunno what that means but what the hell does this admin want to hand over the passwords in the Fort Knox gold vault.
I remember being stuck at a light where the red light wouldn't change late at night forever, a police officer pulled up and said "go ahead and go, it does this sometimes".
And gee look! It says CLEARLY not to give a password over the phone or to discuss it in front of others! It goes on to say that if you do not follow those guidelines you could be in for both civil and criminal charges.
It doesn't say anything about to whom you CAN give passwords to either but it does say you cannot share them with someone covering for you on vacation. IMO the policy is pretty clear and if that is the one he was operating from coughing up the password to a room full of people and an open speakerphone would have been a VERY bad idea.
Build it, Drive it, Improve it! Hybridz.org
The Govt's policy specifically mentions not giving passwords to your boss. It also mentions not discussing them over the phone and not discussing them in front of a group of people. http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf
Build it, Drive it, Improve it! Hybridz.org
Isn't that also the same woman he claimed he caught sneaking around office spaces and he claims removed a HDD from an employees computer without having notified anyone she was going to be doing so? If so then yeah I'm not sure I'd be coughing up passwords to her either. Especially since policy specifically mentions not giving passwords to your boss, over the phone, or in front of groups of people.
Build it, Drive it, Improve it! Hybridz.org
They didn't "allow this person to get complete control of essentially EVERYTHING", they paid him to do it and not tell anyone the password except the mayor.
I have to disagree. If you read more about the circumstances, it seems Terry Childs is a egomanic trusting no one to have anything to do with the network but himself. This is an extremely dangerous situation and a liability for the city. They have every right to get access to their own equipment, and to not do so would be irresponsible.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Put your friggin butt in the car ashtray - thats what its there for.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Think of it this way. You've got a major city to run and one guy - ONLY ONE GUY knows the passwords and he refuses to let ANYONE else know what it is, or even disclose how the network is configured. This is a massive liability and yes he should be forced to share control or be charged.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
What's next, going to jail for littering? /me thinks it's a little excessive
That depends. Was the littering documented with 8x10, color, glossy pictures?
Can you be Even More Awesome?!
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
Pfft. I'd rather watch a sequel to "Rock Monster" than 90% of the drivel that makes its way across the pond under that title. If that's what Britons (and their associated peoples) think is good quality writing.....
Can you be Even More Awesome?!
Policy says don't give passwords to your boss, don't give password over the phone, don't give password in front of others. they asked him for the password in a room full of people and an open speakerphone and he refused. Somewhere in there either before or after this he was fired. Once they fired him he was under no obligation anyway IMO but in any case he was following the written policy! The policy also stated that you could be in for both civil or criminal proceedings for not following the policy...
You should also note that one of the folks asking was a woman he'd caught sneaking around office spaces she had no business being in and he claims he caught her removing a HDD from a computer, that's part of what started all of this. For all he knew they were attempting to hack passwords or plant evidence. After having been caught she claimed it was part of an investigation but no one was notified about the investigation ahead of time. considering the sorts of data that network protected wouldn't you be a bit suspicious and paranoid?
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf
Build it, Drive it, Improve it! Hybridz.org
those were left in a laser copier in a police department (sex crimes)
I've got better things to do tonight than die.
Umm he caught someone in their office spaces snooping and claims she removed a HDD from a machine. AFTER she was caught she claimed it was part of an investigation that no one else apparently knew about. Afterwords they demanded the password in clear violation of written policy which threatened civil and criminal charges if it was violated and he refused. Somewhere along the line he was fired and at that point no longer obligated to turn over anything in his head IMO. If they had no proper failsafes for the passwords due to their poor planning then tough shit.
He might very well have been full of himself but that's hardly illegal and refusing to turn over passwords entrusted to you shouldn't be either particularly if it's in a setting that violated at LEAST two if not three of the written policies rules. The rules say do not give to your boss, do not discuss on the phone, do not give out in front of multiple people - how clear does it need to be?
He made a show of giving them to the Mayor, smart move. If he had given it to someone else without making a big deal out of it they might have hosed the system and then blamed him! He had already caught one person sneaking around office spaces doing who knows what, I wouldn't have trusted any of them either and going to the Mayor with a flourish made sure EVERYONE knew where the buck stopped. Hell after he turned the passwords over they apparently still managed to make a mess out of things - was that his fault too?
Build it, Drive it, Improve it! Hybridz.org
One problem there is that person was both not in his chain of command and had also been caught in the act of removing the hard drive of Mr Childs actual supervisor without permission or authority.
In such a situation a superior of both of them has to resolve the situation, but instead in this case it degraded into stupid office politics then escalated into involving the police.
Wow, he summed that up perfectly and did it as an AC. I'd mod that to the Moon if I could - well done AC!
Build it, Drive it, Improve it! Hybridz.org
The actual county policy document
In section 4.1 (page 32) we see...
"All production system-level passwords must be part of the security administered global password management database."
Where I come from people have started bushfires by throwing butts out the window of a vehicle. It's a fine if you get caught doing it even if a fire isn't started. If you didn't get caught in the act and your smouldering butt happened to start a fire then you'll be going to jail for at least 10 years when you do get caught. It has happened before and probably will again.
Send the passwords in writing to the mayors office. Have it notarized and sent by registered mail if you really think something is up.
What they then do with them is none of your concern.
You are obligated to return any of their property in your possession, and that could include passwords.
If he had a work laptop, they could require him to make reasonable effort to return it. Comparing sending an email to "slavery" is absurd.
I'm a smoker and outside the main city areas of Australia most people would consider throwing a butt out of the window tantamount to arson. In other places it may not be as serious but IMHO the selfish pigs that keep their own car clean by littering public highways should be put to work cleaning it up. I think 1km of highway per butt seems fair.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
It can be hard to foresee how people will take certain opinions. I suspect there are too many people here who self-identify with a sys-admin protecting passwords. I mean, founded or not, why not ask the hard questions? you even provided a source.
For a far more extreme example, you see the same kind of behavior throughout the country with citizens rooting on wanted criminals. They somehow feel that they are closer to the criminal than to the cops, even in cases where nothing could be further than the truth. They find it easy to fall into the us-versus-them mentality. Reality is just not that simple.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
That's a very good question, actually. After all, they didn't have the presence of mind to have a contingency plan for their passwords. Did they even think about their passwords at all?
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Two wrongs don't make a right.
He may well have been a dick, and he probably could have diffused the whole situation, but that doesn't mean he isn't right, and it doesn't mean his bosses should be allowed to throw him in jail for following policies that could very well have landed him in jail for not following.
True. But it does mean that I and many others like me aren't going to get all up in arms about it, because most people don't feel sorry for dicks.
Mod parent down. His job was to keep the network secure, and the people demanding the passwords didn't have a right to know them. He told the mayor instead.
This is, of course, after they fired him without demanding the passwords first.
Help me understand - is there a reason why the city should have to ask him first? I'm not sure it's germane to the case, but the fact that you're fired doesn't relieve you of responsibilities, such as NDAs, following city security policy (his own defense), or distributing necessary information to your employer.
Actually, I think you're just not reading it. She kicked at a stuck door in an attempt to get back to work. I've certainly kicked the frame of more than one jammed door - especially since you can't hipcheck a glass door.
From the parent:
God bless America.
In the UK, employees have rights. Firing an employee improperly is a sure fire way to get yourself sued.
Terry Childs would be the one taking the district to court, if this happened over here.
Finally had enough. Come see us over at https://soylentnews.org/
"Chairperson Robinson announced that DTIS internally hired the new Security Manager, Jeana Pieralde. He stated that a memo went out asking departments who their IT security contact person with the plan to implement a security IT work group within the City"
Why are there no reports about others involved in this case?
"The office from which Pieralde removed the hard drive belonged to DTIS Security Officer Nancy Hastings (who naturally was not present in the office because the "security audit" was being conducted after hours.)
Terry Childs had returned late to the offices (which do include his office and do not include Jeana Pieralde's office) at about 5:15 P.M. to find Jeana Pieralde (who does not work in those offices) taking a hard drive from one of Terry's co-workers offices. Terry photographed this act with the camera in his cellphone.
Jeana Pieralde then involved DTIS Deputy Director Rich Robinson. Rich called Terry and told him to stop taking pictures.
Three days later (Monday) both Rich Robinson and Jeana Pieralde filed complaints of threats with the San Francisco police department and Police Inspector James Ramsey was assigned to the case. No charges have ever been filed against Terry Childs for the alleged threats (which included the statement "I'm ready for you Rich. Or I can come up to your office.")"
"5. Mr. Childs clashed with the new Security Manager on the subject of authentication and control, which led to poor formal review"
In early June, Terry Childs sent repeated complaints of incompetency regarding a supervisor (Herb Tong) to that supervisor's superiors. When nothing was done about the informal complaints, Terry Childs filed a formal complaint regarding the supervisor (Herb Tong.) It was several weeks later, on the 20th of June that the reported clash with the new (position created and filled just this year) Security Manager (Jeana Pieralde) occurred.
The Security Manager position was new. Jeana Pieralde was promoted from a prior position within DTIS to the Security Manager position. Jeana Pieralde no longer worked in the same offices with Terry Childs. He returned to those offices on the evening of June 20th, 2008 after normal office hours (which end at 5 P.M.) to find Jeana Pieralde removing a hard drive from someone else's office. She claimed to be performing an unannounced audit.
Jeana Pieralde is the author of a proposed security policy for the city which is still waiting for committee review. That security policy, if accepted, may one day give Jeana Pieralde specific authority to perform audits and perhaps even to have administrative control over city communications networks.
Please dig deeper into this story"
Really depends on the responsibility.
They are written to persist after termination so it's not surprising that you're obligations persist.
To be honest, don't think you have to follow policy after you're not employed anymore. Legally, he probably could have given the password to the secretary on the way out by shouting it to her from the door. Of course, he probably would have been held responsible for any issues that happened afterwards. It's a good idea to CYA because the last guy who left is always the one at fault.
It's nice, but I'm not certain there's any legal mandate to tell a former employer anything. As of the moment they stop paying you, the employer has no legal right to compel you to provide them with any information. If they want you as a consultant, great. If they want you to be nice & walk them through the system - sorry, it's a pay-to-play world folks.
I believe they can toss as many as they can justify. They only get a few that they can throw out without offering an explanation.
This is, of course, after they fired him without demanding the passwords first.
People keep repeating this, but the news articles (and the arrest warrant affidavit) say he was asked for the passwords before he was fired.
Actually, he was less in harmony with his bosses, than he did everything according to law (written policy).
Patents Drive Free Software as Hurricanes Drive Construction Industry
As far as I can tell, those are just the recommended policies that counties are advised to put into place. It would seem that Mr Child's employers failed to do so (they were also lacking a business continuity plan as I recall).
Yes, because anyone convicted of anything should never be employed ever again. That'll teach everyone not to break the law!
*sigh*. What is it with Americans and this kind of attitude?
I'm in agreement with you here buddy. Like I said, the guy did his time, move on....but given the way things are today, I'm surprised that the city hired him given his record.
If you post as Anonymous Coward, don't expect a reply.
That link doesn't say anything either way about whether he was asked before or after he was fired, only that "events are unclear" for that time period.
I fucking hope they will, it can't be too soon. I want to beat the crap out of every asshole who thinks he has the right to litter public places.
Is that also the document that says do not reveal passwords over the phone, in front of groups of people, or to your boss? Note that they demanded his password in a group with an open speakerphone on the table and it was his bosses asking for it. Also note that he had caught one of those folks sneaking around office spaces unannounced and claims she was removing a HDD from a computer - she fled when confronted. Not the sorts of people I'd be handing over credentials attributed to ME and he thought so too. Since when does not turning over passwords land you in jail? If he was supposed to have those passwords in that database and didn't the result is jail? Why wasn't that policy enforced prior to this confrontation? He may have been an ass but the charges against him are crap.
Build it, Drive it, Improve it! Hybridz.org
When I was a kid, still a minor, I punched a sign once. The sign is in a park in Lakeport, California (within shootin' distance from here, with a big enough gun) and it's made of wood and at least two inches thick. The sign had a big split in it from weather, so it was covered with acrylic plastic or perhaps lexan (but the scratching looked more like acrylic) and I didn't damage that. A cop named McGraw saw me do it and pursued me around the park and into a parking lot to apprehend me for vandalism. My father actually repaired the sign to avoid having me run through the system. This cop was later busted engaging in a little recreational statutory rape, and busted down a rank or two, I think he was a Sergeant when he cuffed me tight and put me in the front seat of his shitbox cop car, such that in order for there to be room in the vehicle for me I had to lean over and almost put my face on the dashboard.
She did no damage to the door, they have no evidence, the cop was not even there.
Cops can arrest you for even a misdemeanor without witnessing it, if they have reason to believe the crime was committed. In California, the only state in which I am familiar with citizen's arrest laws, any citizen may arrest you for a misdemeanor which they have witnessed, or a felony which they have reason to believe you have committed, even if they did not witness it. I'm not saying you shouldn't be pissed off at this bad arrest, but arresting a citizen for committing a felony on the basis of another trustworthy citizen's assertion is not necessarily an unreasonable thing to do.
I hope very much that you can recoup your court costs, and that your daughter gains a valuable lesson from this (the one I'm talking about is the government is not your friend — it's one thing to know intellectually, and another to have proven) without an inconvenient blemish on her record.
I personally have nothing but contempt for the joke that is our judicial and legal system.
Amen to that.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
More specifically - butts are made of plastic very much like candy wrappers and thus are not bio-degradable.
Ugh, what? Do you smoke True? Butts are made out of fiberglass and paper, and thus are totally bio-degradable. Unfortunately, they contain enough tar, nicotine, and other toxic compounds to present a hazard to wildlife! Drop them in a stream, you can kill a fish. Drop it on the ground, a bird may eat it (they're not very bright, most of 'em... though some birds are fairly well brilliant for what they are) and die of nicotine poisoning. Nobody will miss one bird, but how many smokers are out there tossing their butts? When I smoked (it's been a bit now) I smoked American Spirits, which have a cotton filter as do some other brands, and I still didn't drop my butts... well, OK, a few times, but never out the window. And I didn't even use my ashtray, I'd just keep my last beverage bottle as a butt repository until my next in-car beverage came along.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Help me understand - is there a reason why the city should have to ask him first?
Because California is an at-will employment state, and either you or the employer can terminate your employment at any time.
I'm not sure it's germane to the case, but the fact that you're fired doesn't relieve you of responsibilities, such as NDAs,
Requiring someone to work (disclosing a password is work, however trivial) after they have been fired is slavery. An NDA limits what you can do, it does not require you to do anything. The two are not even slightly comparable. Also, the NDA is not a part of the contract of employment, which is terminated when employment is terminated, although the signing of an NDA may well be a prerequisite for employment.
following city security policy (his own defense),
Actually, it does. He's only still required to follow the law. The only reason he can reasonably be seen to be legally required to turn over the password to anyone is precisely the same reason as the only reason he still needed to follow the security policies; he could be seen as criminally negligent by giving the password to someone else, just as he could be seen to be some sort of criminal by not providing the password to a responsible party in case it is needed to administer the network. If someone was harmed because he gave the password to the wrong party, or failed to give the password to the correct party, that would be actual wrongdoing.
or distributing necessary information to your employer.
If you've been fired, they're not your employer. I'm not sure how much clearer that can be. Remember, California is an at-will employment state. You can be fired at the drop of a hat. You can also quit at any time. Childs' boss, or whoever was responsible for constructing the security policy, should be considered to be criminally negligent for creating a process that does not enable them to recover or change the passwords. Childs should get his court costs paid, repaid for the harassment he has been paid, and thanked for following the security policy. Good luck, man.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Being judged by twelve random people is as close to 'objective' as possible.
The original idea was that you would be judged by a jury of your peers, twelve people of similar standing in the community. Of course, that didn't work out so well, it's basically racist protectionism written into law. So then what we got was twelve people selected by the lawyers for malleability. In either case, the selection has never been "random".
I can only imagine the systemic biases that would arise from 'professional' juries, or 'expert technical' juries.
Yeah, we have this bias already with expert witnesses advising courts which have no fucking idea what they're talking about. Expert witnesses should always come in dissenting pairs.
Or a world where lawyers bid for the good opinion of a jury comprised of other lawyers?
Right now they bid for the good opinion of a jury comprised of people they and their opponent have chosen for the purpose of being influenced by their arguments.
I'm immensely glad to have the right to be judged by average people, not because I harbor any romantic notion of them (they tend to be dolts), but because the alternatives are far worse.
You are not judged by average people. You are being judged by people hand-selected for being suckers. Sometimes an average or even intelligent person slips through the cracks, but don't count on them.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
There was a fugitive named Bucky Phillips who escaped from a New York State prison and was roaming around Western New York. People got a big kick out of it, saw him as a folk hero, printed up "Run Bucky Run" t-shirts, the whole thing.
Then he started shooting at cops, and killed a trooper.
Funny how he stopped being so relatable after that.
--saint
A written policy can't fire you and won't be there to help you get your job back. When in doubt, do your job
His job was to follow the written policy. How now, brown cow?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's tool time.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Regardless of the actions of the police and prosecutor, she'll get a fair crack in court.
Vandalism requires damage. If there's no damage, then there's no vandalism. The fact that she had to go to court over it in the first place is what isn't fair.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Agreed. When people at my office type their passwords around me, I even make a point out of turning my back and looking the other way. I can access everything they can without their password, I don't need them thinking I can do it as them too.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
True. But it does mean that I and many others like me aren't going to get all up in arms about it, because most people don't feel sorry for dicks.
First they came for the dicks, and I said nothing, because I was not a prick.
Then they came for the assholes, and I said nothing, because I was not an ass.
I think you can see where this is going.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The problem is, Childs was asked for the passwords in a room with law enforcement officers and other people who didn't need to know, by people on the other end of a speakerphone who were unidentified. Would you give the keys to the kingdom in this circumstance? I know I wouldn't. If the person authorized to receive the passwords asks me in a closed room with no one else in it, sure, I'll give them up. Nothing less. You should absolutely not give your passwords in front of people who aren't supposed to know the passwords. This is basic security and he is being treated like a witch in Salem for it.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Great hint, there's nothing like wasting police time and conspiracy to blackmail to help your case in the future.
To have a right to do a thing is not at all the same as to be right in doing it
Even if he were fired for violating the written policy, the policy itself, because it is only a notion, could not do the firing. A human being would. Dur.
God invented whiskey so the Irish would not rule the world.
As someone who only an hour ago took a big swig out of a soda can with cigarette butts in it, I implore those of you doing this to promptly dispose of said containers and not leave them laying about so that they might be mistaken for someones fresh beverage.
This is my sig. There are many like it but this one is mine.
Generally, defendants can waive their right to a jury trial and have the case go before a judge, they think that is to their benefit.
It seems that government would certainly like to abolish trial by jury, as it has this annoying tendency to slightly slow the growth of the prison-industrial complex. In blatant contradiction to the Constitutional requirement, SCOTUS has somehow become illiterate regarding the phrase "all criminal prosecutions" and ruled that you don't have a right to a jury trial if the sentence is less than six months -- even if you're facing multiple counts and could spend years in jail. And the state continually tries to keep juries ignorant of their right to judge questions of law as well as of fact.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
To have a right to do a thing is not at all the same as to be right in doing it
The Voir Dire system normalizes juries. When you select people in a purely random way with no intervention, you could easily end up with a jury that is stacked one way or the other by complete coincidence. Of course this intervention creates the possibility of using it to unbalance juries that otherwise would have been balanced, but I think that occurs less often than the aforementioned condition it is designed to prevent. However this is a subjective matter of opinion that would be almost impossible to test.
That juries are composed of people who are likely to be swayed by lawyers is immaterial. That's why both sides have lawyers. Of course people are going to whine about how 'whichever side gives the jury a better show' wins, but that's a jaded and cynical view. Lawyers are there to provide the most convincing perspective that favors their client that they can, but I don't think that it happens very often that their individual talents are so imbalanced that a criminal goes free or an innocent man is sentenced. It still happens occasionally, but anybody who says that the system should be thrown out because it fails a small percentage of the time is a fool. Justice can't be suspended simply because occasionally some people make mistakes. That's the cost of the human condition.
I will say that your 'hybrid' suggestion is a good one, except that I worry that it would in most cases cause the lay jurors to crystalize around the professional jurors through direct or implied appeals to authority, and this would probably frequently negate the utility of lay jurors as a balance.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
IMHO the selfish pigs that keep their own car clean by littering public highways should be put to work cleaning it up. I think 1km of highway per butt seems fair.
We can get more creative than that. First you find out when they started smoking. Then you find out if they've been put to work cleaning up butts before, or not. Then you invent some statistic for how many butts they have probably thrown out of the window. Now put them on the side of the highway until they find that many butts. If they do it again, they only have to pick up a number of butts based on how many they've thrown out the window since the last time they had to pick them up, but now the number goes up exponentially based on how many prior visits they've had to the court for the same issue, plus one (for the initial visit.)
Sometimes some piece of trash floats out from underneath a seat and flies out the window, and that's one thing, but willfully ejecting burning garbage from your conveyance should be punishable by foot in ass. Personally I'd like to see most trash just eliminated; there's biodegradable replacements for nearly everything.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Even if he were fired for violating the written policy, the policy itself, because it is only a notion, could not do the firing. A human being would. Dur.
Congratulations, you managed to say several true things without at all addressing my statement. Dissemble much?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
"Racist protectionism" indeed. In the first place, when jury trials were first codified in medieval English law, there weren't really any 'race' issues round about Runnymede in the 13th century. You're anachronistically applying an American-centered standard. And where that is concerned, there was nothing inherently racist about the jury system in the US, it was merely a reflection and extrapolation of the racism of the broader society and the nature of enfranchisement/suffrage in America at those times.
However I do agree that expert witnesses should be presented in dissenting pairs wherever possible.
Even if jurors are chosen for their persuadability, which I don't disagree that they are, that is immaterial to the fact that there are two sides equally attempting to persuade. I think that the instances where personality overcomes evidence are rare enough to be within tolerable limits, especially lacking a better model with which to replace it.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Way to spectacularly miss the point.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Ugh, what? Do you smoke True? Butts are made out of fiberglass and paper, and thus are totally bio-degradable.
No, I looked it up before posting because I thought they were biodegradeable and I was going to say that until I checked my facts.
They are composed primarily of cellulose acetate a type of plastic that can take up to 15 years to degrade.
When information is power, privacy is freedom.
This sounds like a clear example of the arrogant 'small god' ego that most sysadmins develop. The system belongs to the city. Its not his personal property.
He has no liability for the security of any system at work after he's been fired. If he really was worried about it, he could/should have just asked them to sign a disclaimer of his liability before he handed the password over.
To be honest, if this does endanger all those mini-hitlers that make developers lives hell, then I'm all for it.
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case?pp=1&fp=&fpid=
Oh...they fired him first, did they?
I missed that part.
Point of Order:
-Get what you want from your employees while they are still your employees.
I still think he was being a jerkwad about the thing. I wonder how his resume will look now?
-JJS
That two weeks severance they give you? They can actually insist you sit at your desk for it if they wanted.
No, the correct ruling is the just and logical one. Just because twelve people think you did something bad and you should be somehow punished, it doesn't make it right 'correct'.
You're right. I fear for Mr. Childs. I believe he's done no wrong (I'm a systems admin of 7 years myself) but unless his attorney can turn technical stuff into laymens terms really, Really well, then Mr. Childs will be spending three and a half more years in jail (assuming they do a time already served kind of thing). Of course, they may slap him with different sentenced terms for each count they find him guilty of and give him a hefty twenty or so years in prison. This is sadly how it usually ends up for the innocent in our justice system. But, once again, it all boils down to how good his attorney is at turning technical information into information that the dummies in the jury can understand, which will be a very difficult job indeed. I can picture some grannies and hair dressers and other similar people on the jury and already know that he'll be convicted.
If he gets found not guilty on all charges (which I just don't see happening because of my above comments) then I hope he sues the city for millions and millions of dollars. He should also be able to have others criminally charged for false imprisonment but stupid things like immunity for cops and judges and prosecutors will keep such justice from happening.
I really do wish we could remove all immunity for all members of government (local, state and federal). Even the president should be able to be imprisoned for crimes committed.
Holy crap! You can bet your ass I'll NEVER set foot in that state! That's really, really bad. Once again, we should be able to rapidly remove prosecutors who abuse the laws. There should be a federal law stating that prosecutors (at every level) are forbidden fro using laws for which they were not originally intended.
http://www.google.com/search?client=safari&rls=en&q=alice's+restaurant&ie=UTF-8&oe=UTF-8
Can you be Even More Awesome?!
They are composed primarily of cellulose acetate a type of plastic that can take up to 15 years to degrade.
15 years is a stretch, but it's not that long. Up to 15 years is pretty great, actually, if it doesn't require heavy UV exposure to break down at all, because under heavy UV it takes a whole lot less. Sure, way over at one extreme you've got fruit peels and these corn-plastic bags with angstrom-thick aluminum layers for UV resistance, but there's items produced in nature which will hang around longer than that. The biggest problem with cigarette butts is that they filter out things you don't want in your body, and then drop them into the environment in concentrated form. The other biggest problem is when they are dropped someplace that leads to a waterway, but dropping a cotton one which is guaranteed to biodegrade will cause just as much trouble if this happens.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'll call your 10 years multifamily experience. =) Won't raise tho.
And you're certainly correct - didn't mean to call you out, except that, well this is /. and real estate isn't really the forte around here!
But you mistook my anecdote: Childs may have had to give up the passwords to the group he met during his original confrontation with HR, etc. (the "other maintenance guy"), but that was not clear, hence the trial. Should he have waited for the mayor the property manager?
That's how I take it from my understanding. He may have not understood that he was authorized and required to give up the passwords to his supervisors, and not just the mayor. Kinda like my prop mgr would find it a little odd if I rekeyed an apartment and would only give the master to the corporate office!
and I'm guessing at first glance you thought Hitler was a good leader for the German people - Moron get the facts before making statements
no matter how good it is, it is human nature always wants to make things better
Oh, you're right. You could save us all a lot of trouble and effort by determining the merits of all the pending criminal cases based on the inadmissable statements made by the defendants fathers. It would save a lot of money.
by Mike Buddha -- Someday the mountain might get him, but the law never will.