Slashdot Mirror
Juror Explains Guilty Vote In Terry Childs Case
alphadogg writes "Terry Childs, the San Francisco network administrator who refused to hand over passwords to his boss, was found guilty of one felony count of denying computer services, a jury found Tuesday. Now, one of those jurors (Jason Chilton, juror #4) is speaking out in an interview with IDG News Service's Bob McMillan: 'The questions were, first, did the defendant know he caused a disruption or a denial of computer service. It was rather easy for us to answer, "Yes there was a denial of service." And that service was the ability to administer the routers and switches of the FiberWAN. That was the first aspect of it. The second aspect was the denial to an authorized user. And for us that's what we really had to spend the most time on, defining who an authorized user was. Because that wasn't one of the definitions given to us.'"
As someone who saw through Terry Childs early on, I found myself in the minority here. I took one of my first big karma beatings just pointing out a few ways how this narrative of him being a idealistic professional locked up by his evil, stupid bosses was pretty obviously not possible, even just looking at the bare facts.
What struck me was the way so many of us in the industry instinctively acted out our prejudices, made assumptions, hunted out any shred of fact that supported him (selective and misleading quotes from the CA rulebook, for instance), and even assiduously avoided rational counterarguments and conflicting evidence.
And now here we are at the end of the trial. The evidence is utterly damning. Long before he was fired, he was asked by someone for access to these systems and refused. We know he knew the guy (his boss' boss) was authorized, because there's written evidence in Childs's own emails to that effect. There was no moral justification for what he did. He was just being a criminal, the same as if someone you trusted locked you out of your computer.
Just read:
Thanks for your comments, I hope I can address them all. First, he was not fired before asked for access to the FiberWAN. And there's a big distinction there -- not only was he asked for passwords, he was asked for "access". I can understand not giving up your personal username and password, but also not allowing anyone else there own access is entirely different. However, he did go into this meeting knowing that he was being "reassigned", so I'm of the frame of mind that he actually thought he was being fired. After a long period of different claims -- including that he didn't remember them, that he himself had been locked out of the system for three months (even though he was working on it that morning), providing incorrect passwords -- he was placed on administrative leave. He was even scheduled to have a meeting the next week with the CTO of the city to discuss the matter. However, he made one of the biggest mistakes then that he could have. While under police surveillance, he decided then to leave the state and make cash withdrawals of over $10,000. He was arrested, and that's where it became a criminal matter instead of simply an employment matter.
I think this is a good moment for all of us to reflect on how rallying around this lying criminal stained our profession, and how we should practice the same objectivity with ourselves and those "in the downtrodden world of IT" that we expect in others.
Tired of Political Trolls? Opt Out!
It boils down to that the definition of "was" was.
They clearly understood the issues and had a very fine judgement call to make. I don't necessarily agree with it, but I no longer feel they were idiots who made a clearly bad call.
I hope they recommended the lightest possible sentence when giving their verdict. They can't determine the sentence, but I think they can give the judge advice.
Need a Python, C++, Unix, Linux develop
How many charges were initially filed against him? How many charges was he found guilty of?
Note the discrepancy in those numbers.
At least now the facts are out and we can determine for ourselves whether the law was applied correctly (and if so, whether the law itself is at fault).
Seriously, I have, against my recommendations, incompetent managers telling me to stupid things all the time. All that can be done is voicing my opinion on why it's "stupid." Often those bad decisions come back to haunt, I like to call it, "feeling the pain." But I'd personally never risk getting in that sort of trouble for a silly job.
"That was the first aspect of it, the second aspect was the denial to an authorized user. And for us that's what we really had to spend the most time on, defining who an authorized user was. Because that wasn't one of the definitions given to us." ...and on that point alone, this conviction should be overturned, since it was the entire fracking point..
If he had not decided to leave and go to Nevada a few days later and withdraw US$10,000 in cash, [Childs did this the day before his arrest, while under police surveillance] I think the police may have let it continue on as an employment issue and not a criminal matter.
I can understand the police thinking, "wow, he's locked down the network, and now trying to run away. What is going to do to the network once he gets to Mexico?" Secondly, this:
Eventually we looked at it and we saw that in late June his manager had requested certain accounts to be created that would have access to certain routers and switches. And he did create those accounts, and he sent that back in an email with the user IDs and passwords, to which Richard Robinson was also copied. If his big concern was that Richard Robinson was not authorized to be a user, why -- just a week before -- did he copy him on an email that has user IDs and passwords?
So there is evidence to say it was about control of the network, and not about security policy (there's more if you read the article).
Still, it's really hard for me to say anything he did deserves jail time. Getting fired, yes, he should have been, but jail time? That seems a bit much. Someone once said, "If you skate close to the edge of the ice, you're likely to fall in," and I guess that's what Terry did here, and he got burned.
Qxe4
I stand by my original post.
I live ze unknown. I love ze unknown. I am ze unknown.
He's a criminal. What happened between the time he was arrested and conviction isn't that unusual as the DA refined the case, let alone in a case with some technical complexity. He deserves to be where he is, in jail.
Tired of Political Trolls? Opt Out!
The real question should be "Who, if anyone, was harmed by Terry Childs's actions?" The next question should be "Does that harm really justify taking away several years of his life?" Look, I'm the first to admit that Childs was being a dick. But so were his managers, and the punishment is way out of proportion to the crime. $5 million bail?!? WTF!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Computer guy felt like he owned the public's computer system. He claimed the power to dictate how public property was used.
Little petty tyrant wannabe.
What the punishment should be, for that VERY bosses who were authorized to have those passwords, after they have disclosed LIVE usernames and passwords to the system as evidence in a PUBLIC court, therefore causing a disruption of 2-3 days in the city services in the ensuing chaos, and potentially paving the way for an untold number of hacking incidents that may or may not have taken place ?
it is probable that terry childs knew his bosses were STUPID enough to be capable of doing things of this, well, stupidity.
so, he should have just willy nillily disclose the passwords to the stupid management, and just get the responsibility off him, whereas endangering the private information of city services and maybe millions of citizens in the process ?
a similar example comes to mind, maybe if a bit exaggerated :
you are the commanding officer of a nuclear silo. you get orders from your boss to initiate a launch, ending lives of hundreds of millions, and potentially ending the world. your boss is an idiot of the first order and screws up regularly. but, the order is compliant with the procedure.
what do you do ? do you kill the stupid jurors who would find you guilty in case you refused ? or would you save their lives ?
i would like the juror to explain.
Read radical news here
From this guy's discussion it sure sounds like the jury convicted Childs for literally doing nothing - as in not revealing the password when asked.
That seems completely out of line with the reason for "denial of service" laws in the first place - unauthorized access leading to various sorts of downtime.
Childs clearly had authorized access up until the point in which they decided to "transfer" him and it doesn't sound like he tried to access the systems afterwards.
He may have been an ego-maniacal dick about how he managed the systems when he was authorized, but being a dick is not a criminal offense.
I think a doctrine of calling inaction after authorized actions denial of service is the kind of thing that is so overbroad it could lead to all kinds of unfairness - a maintenance guy sees a leaky roof in a server room, gets transferred to another building and doesn't tell anyone about it and a week later the computers in that room get flooded, is he now criminally responsible for that denial of service?
When information is power, privacy is freedom.
No. He was found guilty. He can appeal and that appeal may reverse that finding.
In which case, your statements would be wrong.
I don't care if it is "unusual" or not. The fact is that the FACTS were not available PRIOR to the trial. So there is no basis for your statement about how any of us "stained our profession".
If, upon appeal, this case is reversed, does that then mean that you have then "stained our profession"?
No? Then do not claim that others have.
The Jury would have had a much easier time deciding against Childs if being a grade A asshole were a felony...
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
"Denial of service". Words that the average person believes s/he understands. So s/he must understand the implications of that phrase, right?
No.
Which makes it even worse that the CCIE didn't correct the jury about.
A DoS means that a service your system is offering is being denied. It is NOT about humans providing services.
They did not answer the question posed. They answered "Was there a denial of service?", not "Did the defendant knowingly cause a denial of service."
If the jury did not consider the issue of whether the denial of service was caused by the defendant or by the procedure (or lack thereof), that is a problem. TFA did not explicitly indicate the issue was covered or not, but it reads to me like it was not covered.
Go green: turn off your refrigerator.
There was once a story on /. about a blog post called "You are not a lawyer". That was a very good one about similarities and (more important) differences between IT and jurisprudence. The similarities are sometimes giving a perceiptive insight while the differences combined with half knowledge may lead to disastrous blunders (this works both ways: "a state attorney once argued about confiscating a router in the logical second a packets passing through and thereby doing an intercept (for which an order is difficult to obtain in germany) by confiscating something (much easier)").
Trying to second guess a jury based on press reports (written by reporters whon don't understand neither IT nor jurisprudence) is something, i try hard to stay safely away from.
CU, Martin
Since the service that was denied "was the ability to administer the routers and switches of the FiberWAN" I figure that anyone who keeps me from getting to work on time in the morning by driving stupidly, or even a police officer who stops me along the way I can have them brought up on "Denial of Service" charges and maybe even making a tidy profit. Also I think Jason Chilton is an idiot.
I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
I really don't understand this. If he had been hit by a bus, who would they have sued?
Routers presumably have reset switches. Why would it take a competent new admin more than a few minutes per router to reset and reconfigure it? Or maybe an hour for a few bigger devices that required a complete reinstall?
Given that you can't trust that the ex-employee to have left backdoors anyway, why would you even want the old passwords?
Let me put it this way.
Who are you and why do we care?
What struck me was the way so many of us in the industry instinctively acted out our prejudices, made assumptions, hunted out any shred of fact that supported him (selective and misleading quotes from the CA rulebook, for instance), and even assiduously avoided rational counterarguments and conflicting evidence.
After the Hans reiser story, I saw that coming 100 miles away and avoided the terry child discussion. Turns out I was right.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
This guy keeps making sure everyone knows he's a CCIE. I gotta wonder...is his ego any smaller than Childs? Unlikely. Extremely.
"Where quality is like a dead stinking rat - you just can't miss it."
And who is "Omnifarious" either? It's a joke, dude.
Tired of Political Trolls? Opt Out!
Wouldn't this be the same juror who has been thoughtful enough to give several in-depth answers to us /.ers? Is it suddenly news that someone picked up on a /. article and requested an interview where the juror repeated what has been discussed at great length here?
When your immediate supervisor asks for the credentials to manage some piece of equipment and you don't think she is properly trained, your first response to that should be - please put that in writing with your and the VP over operation signatures.
After that, you should give them the credentials and resign (if you weren't fired). Whether the person should manage the infrastructure isn't your problem any more. It is up to them to hire someone with the appropriate skills to do so, not yours.
We are all replaceable. You want to be replaceable so you can work on more interesting things instead of old crap that you've already done.
WHO *asked* him? And did that asking breach security if obeyed?
"Because that wasn't one of the definitions given to us."
This sentence would invalidate the trial in a fair legal system.
The whole point of a jury is to interpret definitions.
If you are ever a juror please realize judges regularly lead juries to conclusions with bullshit instructions. Unfortunately this is not illegal. Luckily neither is ignoring it.
BTW I not saying I think this guy innocent (I don't know much about the case).
And who is "a joke, dude"? That'd be you.
This guy is straight up dumb. The systems were no longer his responsibility so he should have relinquished all the access info when asked.
I would not hire him.
Terry Childs was naive. I am not horn blowing, as I am sure I am not as technically talented as others, but I am a battle hardened motherfucker in the work place. If you dont think others won't turn on a dime and stab you in the back, especially in a public service position, then you need to open your eyes or you learn the hard way.
As i have in the past, as as terry has now.
There is no need to be an asshole, just vigilant.
In post Patriot Act America, the library books scan you.
If you write unmaintainable code when you are going to be targeted for termination, does that also make you legal fodder?
You can reset to "NO PASSWORD". How do you think the kit is defined in case of the user forgetting the password? Throw the kit away and buy new???
What bothers me most about this isn't that childs was found guilty, but what he was found guilty of. Yeah he's guilty of not handing over passwords when asked. Yeah he's guilty of manuvering to avoid giving control of the network at every turn, when clearly he was being asked to do so.
I mean, really if his supervisors crashed the network, I would think that once he gives them passwords they become directly responsible for damages. Particularly since cisco routers and switches can be set up log log admin activity, in come cases command by command, to a remote syslog server, so if something did go wrong, the guilty userid can be determined with no question. So yeah, Childs is guilty. But of a DOS? By stretching the definition of what a DOS is, the instructions from the judge and the ruling here places anyone in charge of anything that could be thought of as a computer service of any kind at considerably more risk, and unnecessarily so. This outcome provides no useful legal precedent due to its stretch of definitions.
"We are all geniuses when we dream"
- E.M. Cioran
Point of fact: getting someone to the point where all they can do is go AC and throw insults == how you win slashdot.
From what I read of the jurors comments, Terry Childs was a paranoid freak. He was afraid of losing his job and tried to secure it in the worst way possible. He wanted to be entirely indispensable, the ONLY person in the whole department who had access to manage the network he was responsible for. What he did was stupid and so were the policies of his management that allowed it to happen. Perhaps he was paranoid to the point of needing actual psychiatric care rather than jail time, even. Given what the juror said (and I have no reason to believe he would lie) the guilty verdict was deserved.
It's hard to believe people actually thought it was true that there was some policy that he was only allowed to hand over network access to the Mayor. How ridiculous would it be to hand over technical details like that to an elected official? The rush to defend this guy and the paranoia in the community about what this means for other network admins is silly. If you read what he actually did, I think it's obvious that prosecuting Mr. Childs is an extreme case. This case cannot be applied generally because hardly anyone would actually do the things Terry did and the ones who do, should face the same fate.
You think like a ReThuglican Jew
Your entire long-winded post seems to boil down to "I told ya so". You picked the winning side in a court case before all the facts were known to the public. Good for you. Do you want a medal or will a pat on the back suffice? How you got +5 insightful for that post I don't know. Don't spend all your karma in place.
He concludes that because Childs provided some access information to a particular person, that made that person an "authorized user", and his subsequent refusal to provide more information evidence of his guilt in not providing access to an authorized user.
But, the question becomes, authorized to do what?
I have root access on a number of machines where I work, on a "need to have" basis. I certainly do not have root access to every machine. Neither do I want it, as a matter of potential liability if something goes wrong.
I think Juror #4 missed this point, based on TFA.
As to Child's odd behavior, I'd attribute it more to paranoia than malice: if I though I was getting fired for doing my job, and feared my bank accounts might be frozen (paranoia), I'd likely want to be a bit flush with cash too.
I maintain that his behavior is subject to "reasonable doubt" as to intent. If he acted in a manner to render difficult or impossible his providing of access credentials regardless of demonstration of authorization, I'd side with the prosecution. But, instead, he DID provide such credentials to someone he viewed as authorized who then had the means to provide them to others.
If this were a civil dispute, this "preponderance of the evidence" would be enough to result in a decision against him. but I don't think it meets the "beyond a reasonable doubt" requirement.
He was railroaded because he exposed incompetence.
In Liberty, Rene
He could have just said, "I erased them, like I erased all my old employment-related data, sorry". End of story.
Jury Nullification was the whole point of a jury of twelve common men. The entire idea was to take the ultimate power out of the hands of the Crown/State/Judge and give it to The People, as in "We, the People." One of the preludes to the Revolution was that King George was trying to direct verdicts using juries as political cover. George would order a guilty verdict, and then claim it wasn't his decision. He went so far as to jail some jurors who returned a "not guilty" verdict despite his instruction. The right of juries to follow their conscience was one of the issues addressed in all the discussion around the Revolution...
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
Again, no. The jury decided that he was guilty. You claimed that he belonged in jail.
Yet other people have been found guilty by juries for crimes they did not commit. Did they belong in jail for a crime they did not commit?
Which leads to my statement about his option to appeal. If he appeals and wins, then what you have posted is incorrect. And since one of your claims was about "staining" this profession, does that mean that you will be guilty of such "staining" if he wins on appeal?
Jason Chilton's explanation of being told that he needed to determine the verdict based on letter-of-the-law interpretation is false.
Jury nullification is the right of a juror to disagree with the constitutionality of the law, and apparently Chilton was deceived into thinking he did not have this right.
Therefore, I think this is a mistrial.
http://en.wikipedia.org/wiki/Jury_nullification
Mention the right of a jury to "veto." If actually selected to be on a jury, you are likely to be asked to swear to find a verdict solely on the basis of the facts presented in court. Decline to swear this on the grounds that the jury has a right to find a verdict as they see fit. This right is called "jury nullification." In short, it allows a jury to return a verdict of "innocent" when the accused is clearly guilty, because the jury disagrees with the law that was broken. You probably want to read up on this before your jury duty. This is a right held by the juror and affirmed by the Supreme Court, but one that both prosecutors and judges usually deeply loathe, if they even acknowledge its existence. You will almost certainly be excused from the jury for holding unacceptable views, but if not, you will be better prepared for the experience from your research.
* Judges who says to jurors that, "you will be required to follow and apply this law regardless of whether it seems just or not", might be asked if they would exercise this rule against Harriet Tubman (1820-1913), who violated the federal Fugitive Slave Laws by participating in the Underground Railroad for escaped slaves, or against Rosa Parks (b.1913), who was arrested in 1955 for violating the segregation laws in Montgomery, Alabama, by refusing to move to the back of the bus when the bus driver told her to give up her seat to a white passenger. If a judge bites the bullet and says that, yes, he would have to instruct juries to convict these women because the law is the law, he might be told that such blind obedience was not accepted as a defense during the War Crimes Tribunal at Nuremberg, when many Nazis claimed that they were just "following orders." A judge who participates in injustices because he is "following orders" might be similarly called to account.
* The late Justice William C. Goodloe (1919-1997) of the Washington State Supreme Court, an advocate of jury nullification, suggested that the following instruction be given by judges to all juries in criminal cases: "You are instructed that this being a criminal case you are the exclusive judges of the evidence, the credibility of the witnesses and the weight to be given to their testimony, and you have a right also to determine the law in the case. The court does not intend to express any opinion concerning the weight of the evidence, but it is the duty of the court to advise you as to the law, and it is your duty to consider the instructions of the court; yet in your decision upon the merits of the case you have a right to determine for yourselves the law as well as the facts by which your verdict shall be governed."
NO U.
So you believe that anyone found guilty in a court of law belongs in jail ... regardless of whether they have committed a crime or not.
http://en.wikipedia.org/wiki/Randall_Dale_Adams
Also available in movie format:
http://www.imdb.com/title/tt0096257/
So no, being convicted by a jury does NOT mean that you belong in jail.
The whole "taking out $10k and planning to leave the state" thing got Childs arrested, but that's not why he was tried. He was tried and convicted for refusing to provide access to the computer system to people whom he was legally required to do so. At the end of the day, it really doesn't matter what his "views" were about who deserved access, there was a management chain and he choose to ignore it. It wasn't his call to make.
I can't imagine how you get "railroaded" out of that. The jury clearly did their bit here, examining the law as written and finding that Childs violated it. That's exactly what juries are supposed to do.
Now, we can talk about the severity of the punishment, but that's hardly unique to this case.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Why would any jury 'nullify' this case?
Do you honestly believe that it's okay to build a system and then hold out access to it as some sort of guarantee of lifetime employment? If you'd bothered reading the details of the case, you'd see that Childs clearly broke the law and, on top of that, clearly acted unethically in regards to his duties as an administrator.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Jurors are allowed to speak to the media about how they came up with the verdict?! That sort of stuff (in Aus) will get you hauled up in front of a judge.
So there might have been a mistrial if the jurors had been told about nullification, but there certainly wouldn't be a mistrial if the jurors were not told about nullification.
Jury nullification is a power that juries have, but that doesn't mean they have to be told about it.
People never want to see their peers convicted.
Strange. You said exactly that in this statement:
Yet now you're saying that what you posted is not what you meant.
I'll stand by my statements:
Being found guilty in a court of law does NOT mean that you belong in jail.
And why it does LEGALLY classify you as a "criminal" it does NOT mean that you have committed any crime.
The problem with your position is that most of the original charges were dropped PRIOR to the trial.
The legal system seems specifically designed to punish the people who try to follow the laws.
You. Are. No. Better. Or. Worse. Than. Any. Other. Human. Being.
There.. You may THINK you know better than "healers", "mystics" or whoever, but you simply lack the experience of such people, just as much as they lack foundation in the scientific method.
Why would any jury 'nullify' this case?
Because the punishment isn't proportional to the 'crime'?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
We've had years and years of cases almost identical to your case. And still the legal system has not changed.
Let me change my statement, the legal system is set up for the ease of the legal system. And that ease results in people who try to follow the law facing more of a burden than those who do not.
It's not about justice and it hasn't been for many years (if it ever was).
Here's hypothetical:
I'm a lazy system admin. I do my monthly password changes (don't ask, corporate edict) and I intend on writing the new passwords down and putting them in the company safe later that day.
I am at the 7-11 for lunch (don't ask) and a gunman walks in and threatens to shoot everyone. I say "wait, if you kill me my company will be locked out of administering their computer networks" and he looks at my company gimme-cap and says "good, I hate your company" and shoots me.
Can he be charged with a denial of service attack?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
From this guy's discussion it sure sounds like the jury convicted Childs for literally doing nothing - as in not revealing the password when asked. That seems completely out of line with the reason for "denial of service" laws in the first place - unauthorized access leading to various sorts of downtime.
Childs clearly had authorized access up until the point in which they decided to "transfer" him and it doesn't sound like he tried to access the systems afterwards. He may have been an ego-maniacal dick about how he managed the systems when he was authorized, but being a dick is not a criminal offense.
I think a doctrine of calling inaction after authorized actions denial of service is the kind of thing that is so overbroad it could lead to all kinds of unfairness - a maintenance guy sees a leaky roof in a server room, gets transferred to another building and doesn't tell anyone about it and a week later the computers in that room get flooded, is he now criminally responsible for that denial of service?
Clearly after this guy was fired, he was not an authorized user and did not have the right to withhold the passwords.
He was denying service because by not surrendering the passwords he was denying the city the ability to log in and change them, or check for back doors.
Perhaps we can use this as a president to force Apple to hand over the root, or equivalent password to the iPad.
Actually is seems funny how some many people defending this asshole are the same people who demand open systems and bitch about Apple and M$ for being closed.
#1. Don't pay sprocket any mind, he is a bullshit artist. #2. http://slashdot.org/comments.pl?sid=1293667&cid=28621185 where sprocket was totally "perfectly" (the word he refused to define along with his evading all questions put to he) #3. Sprocket also likes to put words in others mouths they never even said and tries to state they "implied it". I bookmarked that for everyone's reference so this no mind Sprocket could see it again and regret his stupidity in being a wanna be computer expert (not). He certainly got his ass handed to him there. Read it yourselves, and decide how "expert" sprocket really is.
So, I after reading the full article, I noticed something that people had been posting volumes about previously was surprisingly non-existant.
When Terry Childs was asked to give up the passwords, was he or was he not in a room where there were unknown people on speakerphone?
I'm honestly curious as to whether or not this came up at the trial, because it would seem to me that the possibility of the passwords being intercepted via transmission would be a reasonable excuse for not handing the passwords over to "authorized users" under those circumstances.
From TFA and TFS: The questions were, first, did the defendant know he caused a disruption or a denial of computer service. It was rather easy for us to answer, "Yes there was a denial of service."
So, the question is "Did he know" and the answer is "Yes, there was". Did someone forget to bring their grasp of the language ?
Also, the second question was wether or not he denied access to an authorized user, but "authorized user" was never defined to the jury. How the hell can you justify deciding wether or not something fits a definition if that definition is not given to you ?
What a depressingly stupid machine.
Presumably then in the US, or just in California perhaps, jurors aren't in contempt of court if they discuss their deliberations after the trial.
In the same interview the juror makes clear that the employer had no coherent policies to speak of, I would add that if nobody questioned the technical and organizational competency of the employer (how did they manage to corner themselves to a situation in which they could be hostsage, to a sole individual?) then somebody (defense lawyer, jurors) were not doing their job.
To find somebody guily in such environment of organizational confusion is not justice (and read the last comments of the interview, in which your description of CHilds as a "lying criminal" is given a proper context.
Our profession is not stained in the slightiest, this particular employer is. As the juror interviewed says himself, proper management would have managed Childs properly and would not have allowed this sorry situation to happen.
The only thing Childs is guilty of is of being at the wrong place at the wrong time with the wrong employer. I wonder how many of you would have done much better without compromising your profesional ethics.
I did.
If you had all those questions would have been suitably answered by the same juror everybody is giving so much credibility now.
Go read it. This guy was working in a place where incompetence in handling technical issues seems to be par of the course (sending passwrod by email? Who wants to bet the messages were not encrypted?). Did anybody point this out during the trial of this guy ? But clearly the impression seems to be now that the guy was working under reasonable constraints, which as the juror recognized, he wasn't.
In a couple of occassions the interviewee points the finger clearly in the direction of the employer for not having coherent policies to speak of and for failing miserably to manage this gut properly. How so many of you are failing to point this out is a real mistery.
But does he have a grasp of how security is organized in an enterprise?
Password management policies and techniques?
Segregation of duties between different people with IT responsibilities?
I.T. is far too complex, this juror may grasp better than most some of the issues at hand, but in my opinion the most important issues under consideration in this case should be about IT policy and risk management, which may not necessarily be the field of expertise of a very well qualified and experienced techie.
I have seen many instances in which one person can authorize access to a system or resource and he himself is not authorized to use it, and even more often, is not authorized to administer it.
So your assumption about this point is utterly flawed.
Without a clear definition of who had authority to do what this guy was set up to fail at some point and I hope this point alone is enough ground for a succesful appeal in the future.
I suppose you din't RTFA. The juror interviewed explain very clearly that the employer lacked any proper policies to handle issues of security and authorization.
Which is why everything should be in writing in a coherent policy.
There are many instances in which a manager can authorize somebody to work with a system to which the manages himself is not authorized any kind of priviledged access.
We don't know if those accounts were authorized to view configurations only, to obtain reports, to do a subset of administration tasks or if they were for full administrative access.
In any case, in most serious companies, the fact that somebody had a certain kind of access before does not mean that such a person gets the same access automatically without some arbiting authority vouching for that.
If this all sounds pedantic and complicated it is because security and risk management is like that, which is why all should be in writting in a policy document known to all (it could be something as simple as "your manager is authorized to the same systems and applications as you are with the same level of clearance" or something of the sort.
The only thing that Slashdotters need to remember is the next time they pile on *any* other group for being self-serving and close minded (Republicans, Environmentalists, Christians, Vegans, Wall-Street-types, what have you), remember how Slashdot overwhelmingly supported Childs, regardless of the evidence of his hubris.
bun-fhuinneog agam!
It's not appropriate to assume every AC is someone that's already posted in the thread.
All of them?
Sorry, the employer claims are shaky, to say the least.
Because the punishment isn't proportional to the 'crime'?
How do you know? He hasn't been sentenced yet.
So he is guilty of denial of service for denying to provide the passwords that allowed someone else the "service" of administering the network?
If he shuts down every user from the network, that is denial of service but this is a stretch. Congrats to the lawyers that pulled that off, you need Johnnie Cochran's like talent to confuse the Jury with this chewbacca defense so much even a CCNA certified guy bought it.
I really hope the EFF looks into this case and helps with appeal. It is pretty scary that an IT admin can be criminally liable for lack of common sense.
HTML is obsolete. It's time for a new, simpler and richer markup language.
Jurors are allowed to speak to the media about how they came up with the verdict?! That sort of stuff (in Aus) will get you hauled up in front of a judge.
Australia is the only Western country with neither a constitutional nor legislative bill of rights, although there is ongoing debate in many of Australia's states.
Oh, c'mon. We counted black people as 3/5ths of a person. :-)
Seriously, though, it's a question of where you want ultimate judicial power to reside, with the State or the Populace. I understand the Bench thinks it makes all the right decisions, and no Judge, having spent nearly a decade in study of the Law, and then a career in it, will think any jury of twelve WalMart shoppers can come to a better decision than Bench can. I've heard more than one judge openly ridicule the entire idea that twelve random people can even understand the law, much less apply it.
Which is why it is now more crucial than ever that Juries seize the power that is rightfully theirs.
College has become prohibitively expensive. I worked my way through college. Looking at costs now, there's no way I could do today what I did back then. Law school admissions are obscene. Passing the bar, making the political connections to get an appointment to the bench, getting the political clout to make decisions that matter -- judges are overwhelmingly drawn from the wealthy and connected strata of society.
Even barring corruption, of which there is an unconscionable amount, being raised in wealth makes you tend to view the poor as contemptible. It's simple psychology. Children who are told a story about an unfortunate child begin to fabricate reasons why that happened in the story. The unfortunate child was bad, lazy, breaking the rules, etc. People want to create reasons for misfortune so they can feel secure that it won't happen to them.
Which means that most judges today are fundamentally ill-prepared to dispense justice, speak truth to power, and to be the sword and shield of the poor, which according to the mottos we carve into the stone of our court buildings, is the whole reason for a justice system.
Will juries in Alabama make lousy decisions? Sure. But the cure for Alabama isn't to clip the wings of juries. The cure for Alabama is to flood the state with education and light until those cousin-loving mouth-breathers begin to get the neurons in their skulls firing... :-)
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
http://news.slashdot.org/comments.pl?sid=1589664&cid=31552060
"I didn't want to vote guilty, but I felt like I was supposed to."
With my tongue in cheek, Nullification today, nullification tomorrow, nullification forever. :-)
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."