Slashdot Mirror


Juror Explains Guilty Vote In Terry Childs Case

alphadogg writes "Terry Childs, the San Francisco network administrator who refused to hand over passwords to his boss, was found guilty of one felony count of denying computer services, a jury found Tuesday. Now, one of those jurors (Jason Chilton, juror #4) is speaking out in an interview with IDG News Service's Bob McMillan: 'The questions were, first, did the defendant know he caused a disruption or a denial of computer service. It was rather easy for us to answer, "Yes there was a denial of service." And that service was the ability to administer the routers and switches of the FiberWAN. That was the first aspect of it. The second aspect was the denial to an authorized user. And for us that's what we really had to spend the most time on, defining who an authorized user was. Because that wasn't one of the definitions given to us.'"

28 of 537 comments (clear)

  1. Take some time and think by Concern · · Score: 5, Insightful

    As someone who saw through Terry Childs early on, I found myself in the minority here. I took one of my first big karma beatings just pointing out a few ways how this narrative of him being a idealistic professional locked up by his evil, stupid bosses was pretty obviously not possible, even just looking at the bare facts.

    What struck me was the way so many of us in the industry instinctively acted out our prejudices, made assumptions, hunted out any shred of fact that supported him (selective and misleading quotes from the CA rulebook, for instance), and even assiduously avoided rational counterarguments and conflicting evidence.

    And now here we are at the end of the trial. The evidence is utterly damning. Long before he was fired, he was asked by someone for access to these systems and refused. We know he knew the guy (his boss' boss) was authorized, because there's written evidence in Childs's own emails to that effect. There was no moral justification for what he did. He was just being a criminal, the same as if someone you trusted locked you out of your computer.

    Just read:

    Thanks for your comments, I hope I can address them all. First, he was not fired before asked for access to the FiberWAN. And there's a big distinction there -- not only was he asked for passwords, he was asked for "access". I can understand not giving up your personal username and password, but also not allowing anyone else there own access is entirely different. However, he did go into this meeting knowing that he was being "reassigned", so I'm of the frame of mind that he actually thought he was being fired. After a long period of different claims -- including that he didn't remember them, that he himself had been locked out of the system for three months (even though he was working on it that morning), providing incorrect passwords -- he was placed on administrative leave. He was even scheduled to have a meeting the next week with the CTO of the city to discuss the matter. However, he made one of the biggest mistakes then that he could have. While under police surveillance, he decided then to leave the state and make cash withdrawals of over $10,000. He was arrested, and that's where it became a criminal matter instead of simply an employment matter.

    I think this is a good moment for all of us to reflect on how rallying around this lying criminal stained our profession, and how we should practice the same objectivity with ourselves and those "in the downtrodden world of IT" that we expect in others.

    --
    Tired of Political Trolls? Opt Out!
    1. Re:Take some time and think by Anonymous Coward · · Score: 5, Insightful

      You were making assumptions like everyone else by assuming you had enough facts to declare him guilty. There were plenty of people claiming he was innocent, but a lot of the conversation was speculative, and there's nothing wrong with that. Now that the trial is done we have access to more facts, so just because you guessed right doesn't make you smarter.

      As far as "lying criminal," even the juror said it would have been better if it was just handled internally, but it wasn't. So yeah he lied and he was found guilty, but it went way too far as a direct result of bad decisions by both him AND the city. So I think you're being really harsh about it. You've said why you think other people were emotionally invested in finding him innocent, but from your multiple posts on it you seem to have been to be emotionally invested in finding him guilty.

    2. Re:Take some time and think by Omnifarious · · Score: 4, Insightful

      When a jury reaches a verdict, I usually give them the benefit of a doubt. They saw the trial, I didn't.

      But I will not hesitate to defend someone again when it seems like they might be wrongfully accused. Far too often people are thought of as guilty just because they are charged. The state should have to make its case against a vigorous and heated defense. Being convicted in the court of public opinion can be quite damaging to someone, and there is no recourse. I'm happy to have that conviction happen after the real one instead of before.

    3. Re:Take some time and think by MikeBabcock · · Score: 4, Insightful

      Notably the jurors weren't given a definition of authorized persons. I'd say that's pretty substantial to his own defence as I recall.

      If you don't feel that anyone is properly authorized to receive the information you possess or that it will cause harm, then "just do it, its your employer" isn't good enough.

      --
      - Michael T. Babcock (Yes, I blog)
    4. Re:Take some time and think by Coren22 · · Score: 4, Insightful

      I would have to agree to that. Authorized in this situation should have been defined from the beginning. Childs worked on his own definition of authorized as that was never given to him either. Did he fail to give the passwords to the person he felt was authorized? I thought the Mayor got the passwords in the end, so how did he not deliver them to an authorized person?

      Rhetorical questions, not directed at you, just stating that they haven't been properly answered yet.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    5. Re:Take some time and think by gnasher719 · · Score: 5, Insightful

      If you don't feel that anyone is properly authorized to receive the information you possess or that it will cause harm, then "just do it, its your employer" isn't good enough.

      He was told "you are not looking after our FiberWAN network anymore, someone else is. Hand over the keys so that your successor can do their job". He used to be properly authorised because it was his job to look after the network. If the company gives the job to someone else, that person is then authorised. If he doesn't feel that his successor is authorised then this feeling is completely irrational. This wasn't about authorisation, this was about one man deciding that he deserved the power to look after his network, and nobody else did.

      Unfortunately, he didn't just grumble and moan and complain, he actually took action. He actively prevented _anyone_ from accessing "his" network. On a personal level I can understand how this happened, and unsympathetic or clumsy employers probably didn't help, but the fact is that his actions were highly illegal.

    6. Re:Take some time and think by nedlohs · · Score: 4, Insightful

      Hans Reiser is just another inept murderer, the fact that happened to be good at something else is irrelevant.

      I really don't think murdering your spouse is a common trait in the computing professions.

      Sysadmins acting like they "own" the equipment, and programmers acting like they "own" the code is however, common enough. But I think that's much more universal than computing.

      I suspect other people who work with one thing closely have the same "attachment". Drivers and "their" truck/bus/etc (ignoring independent owner/drivers of course who do have that claim).

    7. Re:Take some time and think by jollyreaper · · Score: 5, Insightful

      Interestingly, that could describe Hans Reiser has well. I think it's the disease of our profession.

      Oh, please. It's called being human. We're naturally more inclined to distrust those different from us and trust those who are like us. Grifters will prey on their own ethnic groups because there's naturally less suspicion. A black man is going to scam other blacks more successfully than whites. A white woman is going to scam other whites easier. And if you share a religion, why, that makes you all the safer! Because no good Christian would ever scam another Christian. And it's always easier to find sympathy for a pretty person than for an ugly one. Human nature.

      As geeks, we're naturally willing to give Hans the benefit of the doubt because we identify with him. It takes time to read the case and realize just how screwed up the guy is. Bernie Madoff got away with what he did for so long because Jews weren't expecting to get fucked over by a pillar of their community. Christians have a lot more experience with that sort of thing. Likewise, other rich people weren't expecting a fraud from a guy of his pedigree. He was in all the right clubs, he was an outstanding member of the uppper class.

      Don't make us geeks out like we're the only stupid ones. There's plenty of stupid to go around here.

      --
      Kwisatz Haderach
      Sell the spice to CHOAM
      This Mahdi took Shaddam's Throne
    8. Re:Take some time and think by Angst+Badger · · Score: 5, Insightful

      I think this is a good moment for all of us to reflect on how rallying around this lying criminal stained our profession, and how we should practice the same objectivity with ourselves and those "in the downtrodden world of IT" that we expect in others.

      Childs' arguments reminded me of the kind of quasi-legal nitpicking one sees in Slashdot posts almost every day. It's the same kind of thing you see when you have two children in the back seat on a long road trip, and one or both of them are determined to pick a fight, so whatever rules you lay down, they interpret them as literally and selectively as possible in order to violate the spirit of the rule while keeping tenuously to the letter. Child A pokes child B, so you tell them not to touch each other, at which point A pokes B with some object, arguing that he didn't poke B, the object did. Similar rationales come up whenever copyright violations are discussed. It is, no pun intended, childish. Pirate all the mp3s you want, but show enough respect for other people's intelligence (and have enough balls) not to play word games about it.

      At the end of the day, Terry Childs threw a tantrum using an exceedingly narrow and selective interpretation of the rules and then didn't have the good sense or maturity to back down before he ran afoul of the law. Your boss asks you to do something? In most cases -- including this one -- you can either do what you're asked to do or quit. And if you quit, walking off with company property, passwords included, is something that you can reasonably expect to be prosecuted for.

      I don't think the sentence should be particularly harsh in light of the fact that the defendant is plainly emotionally immature and the level of actual harm done doesn't appear to have risen above the level of nuisance, but Childs is not some kind of innocent martyr in the name of principle, and his conviction does not bode particularly ill for any other IT worker with a modicum of maturity and common sense.

      --
      Proud member of the Weirdo-American community.
    9. Re:Take some time and think by RulerOf · · Score: 4, Insightful

      Sysadmins acting like they "own" the equipment, and programmers acting like they "own" the code is however, common enough. But I think that's much more universal than computing.

      As sysadmins, we're basically hired to be the ultimate authority on whether or not problem X can be solved with what hardware and manpower is currently under our (sometimes totalitarian) control. As the person employed to manage and/or oversee management of that hardware and software, you should act like you own it, and also inform those who you report to on whether or not the systems are adequate for the task at hand or the task upcoming. Further, if you're fired or replaced, you no longer technically have that authority, and it is most definitely your responsibility to transfer the power that it came with to whoever does at that point.

      As sysadmins, we care deeply about the architecture and health of the infrastructure we manage, and especially of those we design and implement. Giving up the keys, as it were, sucks, but unless you literally own the system, it's just the thing you inevitably have to do some day. I'm pretty sure that all of us understand that though. It seems that Childs may not have.

      --
      Boot Windows, Linux, and ESX over the network for free.
    10. Re:Take some time and think by pla · · Score: 4, Insightful

      He was told "you are not looking after our FiberWAN network anymore, someone else is. Hand over the keys so that your successor can do their job". He used to be properly authorised because it was his job to look after the network.

      "Mr Jones, you no longer fly this space shuttle. Hand the keys over to Bob the janitor. Bob, take 'er up!".

      Quite seriously, I would call a city-wide WAN (particularly on the scale of SF) considerably more complex than flying the space shuttle. Even a highly competent network engineer might take months to map the whole thing out starting with nothing but a handful of router passwords.

      Being told "give Bob access" and "GTFO" very much count as mutually exclusive instructions.


      In his shoes, I probably would have just turned over the passwords and walked out, laughing in the knowledge that I'd get a call in a week begging me to fix the smoking ruins of their network at any price. I can, however, appreciate the sense of misplaced possession in wanting to defend "his" network; I would say that most admins feel somewhat protective of the networks they maintain.

      Childs just took it too far. But, so did the city in pressing criminal charges against him.

    11. Re:Take some time and think by mikael_j · · Score: 4, Insightful

      hilds' arguments reminded me of the kind of quasi-legal nitpicking one sees in Slashdot posts almost every day. It's the same kind of thing you see when you have two children in the back seat on a long road trip, and one or both of them are determined to pick a fight, so whatever rules you lay down, they interpret them as literally and selectively as possible in order to violate the spirit of the rule while keeping tenuously to the letter. Child A pokes child B, so you tell them not to touch each other, at which point A pokes B with some object, arguing that he didn't poke B, the object did. Similar rationales come up whenever copyright violations are discussed. It is, no pun intended, childish. Pirate all the mp3s you want, but show enough respect for other people's intelligence (and have enough balls) not to play word games about it.

      Have you ever worked for a large company (let's say 2k+ employees)? I have, and in those environments the main reason IT and dev staff behave in the way you describe is because that's how management behaves and a lot of times it's actually safer to play along with their little power trip game than it is to use common sense. I'm not saying this is what Childs did but I've definitely seen it, PHB comes up with insanely literal interpretation of a corporate policy and everyone just reciprocates by also interpreting the rules to the letter (while ignoring the spirit), a few weeks or months later the first literal interpretation is quietly swept under the rug and everything is working properly again.

      An example of this would be a standard fine print clause in the contracts of almost all employees stating that it is their responsibility to see to that they can work for their entire workday which is interpreted by the PHB as a way to force the employees to come to work 10-15 minutes early to log on to their workstations. The employees return the favor by noting that some of them who have been working for the company for a long time don't have that clause in their contracts and the rest also note that there's another clause which states that overtime pay is to paid to employees for all non-scheduled work and that it is calculated in whole hours and rounded up so they all start coming to work ten minutes early and putting in one hour of overtime every day on their timesheets.

      --
      Greylisting is to SMTP as NAT is to IPv4
    12. Re:Take some time and think by eosp · · Score: 4, Insightful

      Or just the fact that he didn't make an I-got-hit-by-a-bus contingency plan.

    13. Re:Take some time and think by frank_adrian314159 · · Score: 4, Insightful

      Don't make us geeks out like we're the only stupid ones. There's plenty of stupid to go around here.

      Yes, but we (generally speaking) often hold ourselves up as paragons of intelligence and rationality. Just as we laugh at preachers who fall short of their own moral teachings, stupidity that would be cleared if one were being truly rational, is quite heinous when rationality is one of the key attributes we profess. In reality, you are correct - we are all only human. But when we paragons of intelligence and rationality are hoist on our own petard, failing to point out how stupid and irrational we are smacks of hypocrisy. And when we don't point it out, it blinds us not only to our frailties, but to our own hypocrisy.

      --
      That is all.
    14. Re:Take some time and think by FlightTest · · Score: 4, Insightful

      He was told "you are not looking after our FiberWAN network anymore, someone else is. Hand over the keys so that your successor can do their job". He used to be properly authorised because it was his job to look after the network.

      "Mr Jones, you no longer fly this space shuttle. Hand the keys over to Bob the janitor. Bob, take 'er up!".

      The correct and legal thing to do in that situation is hand over the keys to the shuttle and make sure you aren't anywhere near it when Bob tries to launch. You don't own the shuttle, NASA does. It's up to THEM, not you, to decide who flies it.

      You may want to go to the press and try to get them interested in NASA allowing a janitor to fly it, but refusing to hand the keys to the janitor is insubordination at least, and if those are the ONLY keys, then it's a form of theft.

      Quite seriously, I would call a city-wide WAN (particularly on the scale of SF) considerably more complex than
      flying the space shuttle. Even a highly competent network engineer might take months to map the whole thing out starting
      with nothing but a handful of router passwords.

      This statement is laughable. You either have a vastly over-inflated opinion of network management, or absolutely no clue in life what's involved in flying something like the shuttle. Shuttle commanders aren't just pulled off the street you know. They are all highly accomplished military pilots, most if not all with flight test backgrounds, for a reason.

      Being told "give Bob access" and "GTFO" very much count as mutually exclusive instructions.

      Not at all. People get fired all the time, and that is exactly what happens when anyone in any profession, gets canned. I'd say being told "give Bob the keys" and "strap yourself in" are far more mutually exclusive.

      --
      Merde, il pleut encore!
    15. Re:Take some time and think by Jah-Wren+Ryel · · Score: 4, Insightful

      You don't go on the lam over a misunderstanding.

      And he didn't. He withdrew a bunch of cash. I'd probably try to do the same thing if I thought the government was going to arrest me - which he had been threatened with. Maybe you haven't noticed, but a common enough tactic is for the government to freeze the assets of people it tries to prosecute. No cash means the best you can get is an overworked public defender. Sure they don't do it to everyone, they don't even do it in the majority of cases, but man it sure would suck for them to do it to you wouldn't it?

      --
      When information is power, privacy is freedom.
    16. Re:Take some time and think by Achromatic1978 · · Score: 5, Insightful

      Quite seriously, I would call a city-wide WAN (particularly on the scale of SF) considerably more complex than flying the space shuttle. Even a highly competent network engineer might take months to map the whole thing out starting with nothing but a handful of router passwords.

      Actually, it was even worse than that, since he'd actively set the system up so that in order to reset passwords, you had to trash the entire configuration. A configuration that only he had. So you wouldn't be re-mapping the network, you'd be rebuilding it from scratch, all the ACLs, routing tables, access, etc.

      On the devices he couldn't do that on, he'd set them up so they didn't store any config, that they lost config on power loss, and that you had to dial back in by modem to reload config, and you could only do that from his personal laptop.

      This doesn't even begin to factor in the system log server, stored in a black metal box with two holes drilled in it, for ethernet and power, and padlocked, twice. Padlocks purchased by Childs personally, and which no-one else in the city had a key for.

      This guy was out of control, and saw things as his. He thought he could get away with it because of this. The whole "only the mayor" was blown up by many on Slashdot, as an offer made by him, AFTER arrest.

      Here's a question, when he started on the job, did the mayor personally give him the admin passwords? No, well, either the person who did was unauthorized, or guess what, that whole line was specious and facile.

    17. Re:Take some time and think by Skyshadow · · Score: 4, Insightful

      It's not just his 'Holier than Thou' attitude that'd worry me as a potential employer, it's that he pretty clearly was also a terrible admin.

      Who the heck sets up a mission-critical system (in this case, quite literally given the city services it fed) and then proceeds to set themselves up as a single point of failure? That's not just being slightly paranoid, that's being either grossly incompetent (not thinking of the downside) or wildly unethical (using it to ensure lifetime employment).

      --
      Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  2. Interesting, a competent jury by Omnifarious · · Score: 4, Insightful

    They clearly understood the issues and had a very fine judgement call to make. I don't necessarily agree with it, but I no longer feel they were idiots who made a clearly bad call.

    I hope they recommended the lightest possible sentence when giving their verdict. They can't determine the sentence, but I think they can give the judge advice.

    1. Re:Interesting, a competent jury by Omnifarious · · Score: 5, Insightful

      You have to do it objectively and I think knowing that you're personally responsible for sending some guy to jail for 20 years might make some people "iffy" on returning a guilty verdict.

      I disagree. I think a big part of the jury's job is justice, not necessarily just determining guilt or innocence. There needs to be a better brake on politicians for requiring ever increasing and ridiculous punishments for a crime, and one big brake would be a jury refusing to convict because the sentence is too severe.

  3. Don't even try that. by khasim · · Score: 4, Insightful

    I think this is a good moment for all of us to reflect on how rallying around this lying criminal stained our profession, and how we should practice the same objectivity with ourselves and those "in the downtrodden world of IT" that we expect in others.

    How many charges were initially filed against him? How many charges was he found guilty of?

    Note the discrepancy in those numbers.

    At least now the facts are out and we can determine for ourselves whether the law was applied correctly (and if so, whether the law itself is at fault).

  4. Here is the key, I think by phantomfive · · Score: 5, Insightful
    Two points brought up in the interview really stand out to me, first this one:

    If he had not decided to leave and go to Nevada a few days later and withdraw US$10,000 in cash, [Childs did this the day before his arrest, while under police surveillance] I think the police may have let it continue on as an employment issue and not a criminal matter.

    I can understand the police thinking, "wow, he's locked down the network, and now trying to run away. What is going to do to the network once he gets to Mexico?" Secondly, this:

    Eventually we looked at it and we saw that in late June his manager had requested certain accounts to be created that would have access to certain routers and switches. And he did create those accounts, and he sent that back in an email with the user IDs and passwords, to which Richard Robinson was also copied. If his big concern was that Richard Robinson was not authorized to be a user, why -- just a week before -- did he copy him on an email that has user IDs and passwords?

    So there is evidence to say it was about control of the network, and not about security policy (there's more if you read the article).

    Still, it's really hard for me to say anything he did deserves jail time. Getting fired, yes, he should have been, but jail time? That seems a bit much. Someone once said, "If you skate close to the edge of the ice, you're likely to fall in," and I guess that's what Terry did here, and he got burned.

    --
    Qxe4
  5. Habeas Corpus by Locke2005 · · Score: 4, Insightful

    The real question should be "Who, if anyone, was harmed by Terry Childs's actions?" The next question should be "Does that harm really justify taking away several years of his life?" Look, I'm the first to admit that Childs was being a dick. But so were his managers, and the punishment is way out of proportion to the crime. $5 million bail?!? WTF!

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  6. Passive Denial of Service is a Bad Precedent by Jah-Wren+Ryel · · Score: 5, Insightful

    From this guy's discussion it sure sounds like the jury convicted Childs for literally doing nothing - as in not revealing the password when asked.
    That seems completely out of line with the reason for "denial of service" laws in the first place - unauthorized access leading to various sorts of downtime.

    Childs clearly had authorized access up until the point in which they decided to "transfer" him and it doesn't sound like he tried to access the systems afterwards.
    He may have been an ego-maniacal dick about how he managed the systems when he was authorized, but being a dick is not a criminal offense.

    I think a doctrine of calling inaction after authorized actions denial of service is the kind of thing that is so overbroad it could lead to all kinds of unfairness - a maintenance guy sees a leaky roof in a server room, gets transferred to another building and doesn't tell anyone about it and a week later the computers in that room get flooded, is he now criminally responsible for that denial of service?

    --
    When information is power, privacy is freedom.
  7. Re:Took some time to think. by Anonymous Coward · · Score: 5, Insightful

    Because it's common practice in IT for this to happen. The underling needs the information to do his job, his boss doesn't. You don't spread sensitive information around simply because you can. Especially since his boss, as chiefly a manager, may not have the training to properly handle all the information.

  8. Re:So have that juror explain to us by evan1l38 · · Score: 4, Insightful

    I think it's more like you're the commanding officer of a silo who gets replaced, locks everything down and refuses to let your successor into the silo. Your successor would like to come in, perform maintenance, and prevent the thing from degrading and exploding, and you refuse to let them in.

    As for competence ... well, Childs gave different passwords to these same managers the week before when he wasn't getting fired, so he clearly didn't have THAT many reservations about handing them over. The juror actually referred to that quite specifically if you read the article, saying that was what convinced him that Childs was not really worried about password security but about causing problems (my words there, not the jurors.)

    And honestly ... if I worked for you, and locked you out of your own network, locked down all the machines and walked out saying you weren't competent enough to have the passwords ... would you really defend me and be pleased no one could access your network hardware? If you hired a replacement for me that you liked, and I refused to give HIM the passwords saying he wasn't competent either, how happy would you be that I was protecting you by preventing you from accessing your own hardware? And when I started withdrawing money and getting ready to flee to Mexico ... you'd still be defending me?

    --

    Evan Reynolds evanthx@hotmail.com
    Two peanuts crossed the street. One was assaulted.

  9. Re:Took some time to think. by fluffy99 · · Score: 4, Insightful

    To take that analogy a step further. If the boss fires the forklift guy, he expects to get the keys to the forklift back.

  10. Re:Who's egotistical? by SuiteSisterMary · · Score: 4, Insightful

    He's not being egotistical, he's pointing out that he's got the chops to be talking about this from several different angles. Or do you think that a doctor, called in to provide testimony about a medical matter, is egotistical to list his various suffixes?

    When I was reading his initial accounts, my thinking went something like 'Who is this guy to be...oh, he's a CCIE. At least he's not talking out of his ass.'

    --
    Vintage computer games and RPG books available. Email me if you're interested.