Slashdot Mirror
Terry Childs Denied Motion For Retrial
snydeq writes "The former San Francisco network administrator who refused to hand over passwords for one of the city's networks has been denied a new trial and is expected to be sentenced Aug. 6. Terry Childs had been due for sentencing Friday but the court instead heard two defense motions, one requesting a new trial and the other for arrested judgment — essentially to have his original conviction overturned. The motions were both denied but the court then ran out of time before the sentencing phase could be conducted."
Given the byzantine nature of the case, I have little doubt it will be appealed until his lawyers realize he's run out of money.
Withhold a password, go to jail.
Not really sure that justice was served here but the guy really was a first-rate dickhead.
This ain't rocket surgery.
When you've got more pressing legal matters to preside over other than some self-righteous dickhead with a God-complex locking a whole city out of their own network, you will quickly find that you're running out of time.
The legal system is overloaded enough as-is. Just because His Holiness the Network Administrator doesn't want to go to federal PMITA prison is no good reason to cram more stupid shit into our crowded legal system.
Schedules in some courts can be pretty inflexible when transport of a prisoner is involved.
The judge isn't the only person in a courtroom, and the other people are generally hourly workers, yes.
"self-righteous dickhead with a God-complex "
please explain why the mayor of the city was the [one of the] only person he was willing to password/key to?
"He does his job AFTER he's fired?" HUH?!?!
When you're fired, your job is OVER. Your right to exercise control over the City's stuff is DONE.
Terry Childs is a stupid, neurotic fool. But there's no indication that he's a thief or a scumbag. He's been punished way more than enough by now. I hope the judge gives him credit for time served and ends this.
What does the mayor have to do with Childs and his God complex? Your question makes no sense.
"He does his job AFTER he's fired?" HUH?!?!
When you're fired, your job is OVER.
... then you are no longer under any obligation to provide passwords or anything else related to your previous job whatsoever.
You can't have it both ways. Was his job OVER or not?
Said passwords were company property he was holding on to.
His job wasn't over at first. He was told that he was being reassigned and should hand over the password. After he refused to do that he was told to create new administrator accounts for the people taking over. It was only after refusing to do that and trying to leave the state that he was arrested and lost his job.
Stupid and neurotic... Well there you go.. diminished capacity... Worked for Dan White. He got away with murder
For justice, we must go to Don Corleone
A new kind of security threat? Needs a shrink to solve?
I hate being bipolar; it's awesome!
that is the high security mode that is used some times and they did not use this he just turned off the password recovery forcing you to do a full reset to get back in.
A couple summations:
Let's see:
Terry Childs:
City of San Fran
So I recommend that Terry Childs be put to death just for being a jerk and to make sure non of us ever have to work with him again/interact with him again. Then we fire the City of San Fran CIO and forbid him from ever working in IT again.
(bangs gavel)
Advice: on VPS providers
Sorry, but that's retarded. It's like saying you don't have to return a company laptop when you're fired if they forget to take it from your office before they throw you out of the building.
Just because your job is over doesn't mean you are allowed to hold on to things that do not belong to you. These aren't his passwords and it's not his network. It never was, despite what he obviously thinks in his little mind, but it certainly isn't anymore.
Dangerous ground indeed. And I suppose you have a MiB flashy thing to erase his knowledge of the network too? After all that is company property...?
The city (or more specifically, the department he served in) should have had a plan to prevent this from occurring. We was terminated for insubordination (for not turning over the passwords or creating the new accounts), at that point, he was essentially "dead" to his employers and it should have been handled as if he had died while still employed. Would they have brought criminal charges against a dead man if no one knew the passwords? Of course not.
Terry Childs may be an asshole, but last time I checked, that wasn't a crime.
Was sentencing delayed because Friday was System Administrator Appreciation Day?
August 6, 2010 will be exactly 65 years after the first Atom Bomb was used in war.
Are you trying to imply that Terry Childs kept the SF wifi network root password to prevent Gavin Newsom from nuking Japan again? And only on the day of his sentencing will Darth Gavin have the power to destroy the world?
It seems plausible enough. Gavin seems very unlikely to have plans for world domination, which of course means that they are no longer mere plans.
In a black and white world maybe.
But both you and OP are being silly.
When your job is over that does not mean that legal obligations end.
I suppose my boss could invite me out for lunch, fire me, and then keep my car, which is parked on company property and accessible via a locked gate with a keycard. My keycard would no longer work, and he'd be under no obligation to do anything for me, a non-employee. Heck, my iPod in my desk drawer. Gone.
The law is rarely black and white and this case is no exception.
Child's went to lenghts to ensure that no one else had the passwords and to ensure that only HE could access the networks. Read some of the juror comments from the trial. This was not a black and white case.
Even salaried workers like to leave at 5:00 PM. I mean, let's say you aren't paid hourly, would you like to pull an all-nighter for something that can wait until next week?
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
>Terry Childs is a stupid, neurotic fool. But there's no indication that he's a thief or a scumbag. He's been punished way more than enough by now. I hope the judge gives him credit for time served and ends this.
He probably could have cut a deal for time served, if he wanted to at any time. However, he has now seriously pissed off the judge, the prosecutors, and probably the folks writing the pre-sentencing probation report. Not a good percentage play.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Happens all the time. There are very fixed time allowances on appeals. For example, if you plead or are found guilty in federal court, you have ten days to file an appeal, or at least preserve your right to appeal. If you do not file within that ten days (even if you tell your lawyer to do so and he does not) you effectively waive your right to appeal. You may collaterally attack but collateral attacks are civil actions and you are no longer entitled to counsel.
Think that's unfair? There are cases that would blow your minds. How about a death row inmate who filed his pro se appeal late, and was denied appeal of his death sentence. He finally got heard in the US Supreme Court but Scalia and Thomas dissented, saying "too late, too bad, so sad.."
Time limit injustice is way too common, (and tolling is not often granted) but this injustice is not often discussed, because as I often say, citizens in the US know NOTHING about the system that can suck them in at a moment's notice.
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
No, it's like saying you don't have to spend your own time documenting everything you did while there. They asked him to work after they fired him, then arrested him for not working for free after being fired. Writing down information is work. Returning a laptop to someone that shows up and asks for it isn't work.
Learn to love Alaska
>Guy does his job even AFTER he's fired and he goes to prison for it? Ugh.
If I fire my network administrator, and he tries to do anything to or with my network after that, he is a criminal, and hell yes he deserves to go to jail. I want his keys, his ID badge, his company laptop, cell phone, etc., and every password to everything; all of which will be changed immediately. If that isn't SOP where you work, you have problems.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
We don't know what state each device was in. He did have some systems setup with no, or minimal, boot config. Others had recovery disabled. Rebooting them is asking for trouble.
When you're fired, your job is OVER. Your right to exercise control over the City's stuff is DONE.
And so is your obligation to do any work.
Writing down or telling people lists of passwords is work.
you effectively waive your right to appeal.
If you can't re-assert it at any time, it's not a right. (The conclusion, from the information that you give, is that you therefore don't really have a right to appeal.)
FGD 135
The passwords MIGHT be company property.
But someone who doesn't work for you has no obligation to do recovery work for you to get you back into possession of property, on your behalf.
I suppose you would think if he used biometric access controls, that his fingerprints and possibly his fingers became company property.
They also want workers that will give access to authorised personnel. Terry didn't do that. Withholding his password is fine, but he also refused to give admin access to people he _knew_ were authorised for it.
I once had a co-worker that disabled admin rights for me (and some others) to the network switches and routers at work. He wanted to lock it down just to people that maintained it (his justification), although I learnt that he had given access to his clique, which included people that were certainly not responsible for network maintenance. Anyway, this prevented me from debugging issues that were handed to me to solve. I tried dealing with him directly, but he was frustratingly obstinate, dismissing out of hand any argument that I gave for my access. I eventually had to ask management to talk with him. Access was grudgingly given back to me.
Thankfully, the guy has now left the company. He caused me enough grief. If he had been like Terry Childs though, it would have been worse.
These kinds of (defense) motions are pretty much rote - and for that reason rarely granted. Don't make too much of the fact that they weren't granted.
Sorry, but that's retarded. It's like saying you don't have to return a company laptop when you're fired if they forget to take it from your office before they throw you out of the building.
Well, you can't keep the laptop, but that's because it is actually a possession that belongs to the person who purchased it, and it's not part of your body like your brain and facts in your brain are.
You won't be legally required to come to their office, and scan your thumb with the laptop to unlock it, or allow your finger to be removed for their use, if you had a biometric lock on the laptop.
If the laptop was passworded and protected with TrueCrypt, you don't have to go through the extra effort of informing the former employer of all the passwords and providing all decryption keys when you return it, unless you signed an agreement that you would do so.
You don't have an obligation to take the laptop and transport it back to your employer's office, if they had authorized you to leave it at home when you were employed; you can call and tell them to come and pick it up, and you can turn it over to law enforcement as abandoned property if they fail to come pick up their property after notification.
If the laptop was broken, even if you accidentally broke it or mistreated it when you were employed, repair will be their responsibility, unless there is an agreement to the contrary
Nope. Wasn't his job anymore. Before he was fired he was reassigned to a different job. He was still employed by his job responsibilities no longer included maintaining that equipment. He was introduced to the new person that had that job and asked to give over the passwords. He didn't. It turned out he had booby trapped all the equipment so that only he could make any changes or repair the equipment if it lost power. Still, they were working with him to turn over the passwords to the new guy which he refused to do. The city was setting up another meeting to discuss this even when he decided to withdraw lots of cash and make signals that he was fleeing the country. That's when fed agents decided to arrest him. That's when he was fired. Only then did he say he would turn over the passwords to the mayor when he previously refused to turn them over to anybody because he was playing the "You can't fire me because I have all the passwords." routine a little to hardball. This was not a case of a worried system admin, it was a case of extortion. Perhaps a case of extortion because he is a paranoid nutcase rather than money, but still extortion.
Still, all of that is IIRC. Go back and look at the replies by one of the jurors here on /. who answered everybody's questions about the case and their decision and decide for yourself.
They asked him to work after they fired him, then arrested him for not working for free after being fired.
No, they didn't. He was arrested because:
1) He refused to either provide passwords or create new accounts for the people taking over after he had been told he was being reassigned.
2) He hadn't submitted his passwords to a central repository, as required by the policies.
3) Had set up the equipment in such a way that recovery wouldn't be easy, like configuration files only being kept in RAM.
4) Tried to leave the state.
At that point he hadn't been fired yet. He had been told that he was being reassigned and had been put on leave after he refused to cooperate.
Childs had plenty of opportunity to get out of this. While it's certainly debatable whether or not he had malicious intent, I can't see how after the trial ended and all that information came out people still believe he was completely right or was put into a Catch-22 like situation that got him arrested, like you seem to believe.
I suppose my boss could invite me out for lunch, fire me, and then keep my car, which is parked on company property and accessible via a locked gate with a keycard. My keycard would no longer work, and he'd be under no obligation to do anything for me, a non-employee. Heck, my iPod in my desk drawer. Gone.
He absolutely could do all these things, and none of them would be criminal.
You could have to go write legal demand letters, and possibly to court to take civil action for getting an order to compel the employer to release your property to you.
In reality he will probably come back in a few hours with police officers who will order your security folks to let them in, to allow him to confiscate his own property, and direct you to take it up as a civil matter if you object to him retrieving his iPod from the desk.
You mean the list of VPN passwords?
Network admins are supposed to have and keep those. If they forget them, or can't find them, that means they cannot set the VPN concentrator back up if it should die an untimely death.
VPN group passwords are quite important. And having to change them causes a big mess for all the VPN users of the network, since every single vpn client using lost credentials will have to be manually reconfigured..
When terminated, he has to rescind said property.
Biometric systems would simply need to be reconfigured on the last day of employment.
Refusal to do so is criminal.
It's no different than being told to "clean our your desk by Tuesday", and then locking the keys to your desk inside the desk.
He is criminally at fault and he is liable to pay to fix it. The fact that he was given the option to fix it himself (relinquish the passwords) has no legal bearing. He was actually given a break by his employees (as he would have been financially broken if he had been forced to cover the costs of having it "fixed" by a third party).
Let's try a car analogy.
You take your car into the dealer to have it serviced.
You don't like the work they do because it's taking to long, they're increasing the estimate, etc. and you decide to take the car somewhere else.
You go to pick up your car and the dealership thinks you're a jerk.
They lock the keys in the car and tell you to fuck off.
Nope. He was arrested for failing to return City property -- namely the password(s), but in searching his house, he still had other City property. (the facts are far more complicated than we'll ever know.) Had he simply turned over the password(s) (in person, in writing) upon termination, there'd be no story. Instead, he was an ass and refused to give the password(s) to any of his "idiot" (former) coworkers/bosses. To be fair, his boss(es) do share some of the blame for letting things get like this to begin with.
you effectively waive your right to appeal.
If you can't re-assert it at any time, it's not a right. (The conclusion, from the information that you give, is that you therefore don't really have a right to appeal.)
You raise a very interesting point, with which I heartily agree. The US justice system is neither fair nor equitable. Here is Scalia's dissent in Holland where he quites statutes and time limits, and as the final arbiter of the law, gets to decide what "rights" we have or not.
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
Because the Mayor decided to turn up at the prison with his publicity advisor instead of anyone else employed by the city. The bullshit floating around here insists that Terry Childs had the power to choose who he would see instead of the reality of him being locked in a cell until somebody came to visit.
A petty press event designed to make the Mayor look like a "peacemaker" was yet another nail in his coffin.
The only lesson we get from this case is that it's better to quietly resign like one of Terry Child's co-workers did instead of arguing with weasels.
My integrity is worth breaking the rules, but I know that if I rebel against the system in power, it's not likely that they'll publicly appreciate it.
Fight for civil rights or stand up against what you believe to be a corrupt and incompetent system that will only put public information in danger-- either way, you're going to get hurt.
A good person knows this, does it anyway, and just hopes that history can tell the difference between criminal and person with a good cause.
snydeq, tell your puppetmasters at InfoWorld to just give this a rest, won't you? Childs was the kind of uber-dickhead SysAdmin that even normal, run-of-the-mill garden-variety dickhead SysAdmins are afraid to associate with lest they appear as parodies of the type.
He didn't have a higher calling. He's not Batman. This ain't no Ayn Rand novel. He was fired and refused to release property that belonged to his former employer. Period, end of story.
And it *would* be the end of the story if the friggin' Drama Club at InfoWorld would stop flogging it on slashdot..
Your job may be over but you are still bound by the NDA you signed and if said NDA states "Tho shall not give out the password to those not authorized to have it." and your contract said only the Mayor is authorized to ask for the password your kind of stuck.
That, or something like it, was what I heard was the case with Childs. Whether it is accurate I don't know, and I don't care. I lost any real interest in this case long ago.
Wow, how did the above poster manage to get so many things wrong?
There were many articles on this case, I suggest reading one of them and ignore the extra "spin" (eg. "He was introduced to the new person that had that job" WTF did that come from?) put on by the above poster for some unknown reason. Painandgreed - why are you going on about things being "booby trapped" when the reality was just settings in memory, why lie about such things? Is there some sysadmin you hate and you want to project an idealised monster based on Terry Childs on them?
This was a case full of many WTF from start to finish - for example the Mayor didn't turn up becuase he was the only one that could solve the problem, he turned up because it made him look like some kind of diplomatic hero. Nobody can find the quote "I'll only give it to the Mayor" becuase I'll bet he never said it, but we all fell for such bullshit becuase we grew up watching Batman on TV.
I'm hoping some decent journalist shovels through all this bullshit and writes a decent book on the case, it's likely to be interesting.
If I remembered it right, he left the routers with the config just in memory (like running-config on a Cisco). I'd guess the startup config was enough to bring it online, but not enough for it to do it's job. Sounds like a pain in the ass though, if someone were to accidentally unplug a cable at the datacenter. Not only do they have to wait for it to boot back up, but they also have to wait for him to send up the working configuration.
Ya, it'd be a job of getting into machines and cleaning up, but it's not like it's an impossible job. It wouldn't be a job I'd want, but I'm sure there was someone there who knew enough about the network to make educated guesses at the correct configuration.
Serious? Seriousness is well above my pay grade.
He was a front-lines IT grunt. His job was to do whatever his superiors told him to do, barring any requests to do something illegal. If his superiors order him to open the admin interface to the outside world, and change the password to "password"... other than requesting that the demand be put in e-mail to protect his name, he is supposed to do so.
Exactly what criminal law would not allow him to turn passwords over to his management on request, no matter how unqualified they are? None.
Holding your employer's equipment hostage pending an audience with the mayor? Yeah, that was, and is, criminal. It's called extortion.
SirWired
Some were, some weren't. He learned about "no service password-recovery" and thought that was sufficient to keep people from messing with the device and so saved the config. But not all devices support that. And we don't know which are setup like that and which aren't. I'm not rolling those dice.
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case/?fp=&fpid=&pf=1
The hit by the bus scenario or wants job security comes to my mind in all of this foolishness...
You are completely, 100%, WRONG. Passwords are not simply "knowledge"; they are virtual keys. And since he heald the only key, it is not unreasonable for him to provide it. Writing down a password is not work. By that definition, the paperwork one signs in the process of termination is "work"; cleaning out your desk is "work"; pushing an elevator button is "work".
I strongly advise you talk to your lawyer before clinging to such nonsense and ending up in prison along side Childs.
... then you are no longer under any obligation to provide passwords or anything else related to your previous job whatsoever.
You can't have it both ways. Was his job OVER or not?
Your assessment is incorrect. You're implying a second option where none exists. Unless the terms of hiring Terry Childs consisted of a complete transfer of ownership of the entire network from the City of San Francisco to Terry Childs himself, he had zero right to withhold any account credentials, both during his employment tenure and after his job was terminated. He also had no right to go through their network and booby trap the systems so only he could gain administrative access to them, rendering the entire system useless to anyone who might be filling his position in the future.
I work in IT for a mid-sized business involved in healthcare. Security is my top priority as it relates to our network and infrastructure and I stringently control who has access to what. However, if the person who signs my paycheck comes to me and informs me of a shift in my responsibilities away from the network or is terminating my position and demands that I hand over security credentials so the person coming in after me can do the job, I'll hand it over. I'll ask politely to be given a written request to cover my own ass before turning any information over, a reasonable request that any employer would probably willingly fulfill, be they government or not. But I don't have the right to go out of my way to sabotage the infrastructure to prevent future IT administrators from doing their job, even if I'm being terminated.
He's been punished way more than enough by now. I hope the judge gives him credit for time served and ends this.
It's not that simple:
Jackson ruled Friday that under a new California law that went into effect this year, Childs would receive fewer jail credits because he has prior felony convictions for robbery and burglary. Judge Delays Sentencing For SF City Tech Worker
No matter how old it is, a felony conviction tends to stick like glue. It surprises me a little that Childs is being cut any slack at all.
Withholding his password is fine, but he also refused to give admin access to people he _knew_ were authorised for it.
Cite? The way I heard it, he was asked on a phone call [strike 1: "Giving your password over the phone to ANYONE."] by his superior [strike two: "Telling your boss your password"] to hand over the passwords. Did I mention this was a conference call with god knows who else listening? [strike 3: "Talking about a password in front of others".]
Those 'strikes' are from here: http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf , "California Counties “Best Policies” for the Countywide Information Security Program".
Yep. He had the passwords to the network and his job duties said that in the event of termination he was only to turn it over to his boss (which was the City of San Francisco, and in a person the Mayor, even though he is completely illiterate too from what I heard). Since he refused to turn it over to people who were in fact not nearly as qualified as him (but apparently played politics very well), this is how the whole fiasco started. I read about it on some news site but don't have a link handy at the moment, sorry. Google is your friend though.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
No he didn't. While he still had the passwords, the network never went down and was completely usable.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
Yes, but not the side you think. I do not think Childs deserves to go to prison. But the law is the law. Just because you or I don't like it doesn't make them disappear. As I've said repeatedly, this situation should never have existed in the first place, but due to weak and ineffective management, Childs' ego was allowed to run free. (if he goes to jail, then management deserves to go with him. except that he's the only one who's broken any actual laws.)
What you are unable to get through your thick skull is that the passwords are company property; he refused to return this property (and apparently other documents and data), and in so doing, held the network hostage. Your payroll status does not matter when it comes to returning what is not yours to keep. Ownership applies to information as much as it does physical property. A company asset is still a company asset, even if it's copied to your hard drive in your laptop, carried into your home, and printed to your printer using your ink, your paper, and your electricity. When you are no longer employed by that company, you are required to return their assets -- in this case, delete the file from your hard drive (and make no attempts to recover it), and either return or destroy the printout.
Prior to being fired, he was ordered to hand over the password(s). He refused. He was ordered to setup accounts for others to access the systems. Again, he didn't. So they fired him -- "insubordination". He continued refusing to hand over the password(s) -- failing to return any and all company property, effectively holding the network for ransom. Any sane person could see where this was headed. Childs obviously wasn't one of them.
He was trying to extort his job back. He wasn't being malicious. He genuinely thought he was protecting the network, and that he'd get his job back when they came to their senses.
This is not a precedent for locking up sysadmins. It's a cautionary tale to remind everyone to not let this BS happen in the first place.
I don't usually reply to ACs, but...
I know Holland went for the defendant, and said as much, but two justices supported him being executed because he filed his paperwork late. Charming.
And I didn't suggest that statutory limits were the reason the justice system is broken...I KNOW it's broken because I just came through it. We have the largest prison population in the world and the highest per capita incarcerated population. So, what...we're a nation of criminals?
Lastly, there is no "massive opposition" to RvW. Only the fringe loonies want to criminalize abortion. Google away but here's one example:
http://www.pollingnumbers.com/poll-of-polls/roe-versus-wade.html
or
http://www.fivethirtyeight.com/2009/05/cnn-poll-record-support-for-roe-v-wade.html
The issue is dead, stare decisis after almost 40 years is a no brainer.
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
Technically, unless specifically stated in the contract, the company can't sue you for "locking the keys to your desk inside your desk".
The company would then spend several hundreds of dollars on a locksmith to force open and re-key the desk, but in no case is that grounds for a trial.
He didn't take the devices with him, he simply left them in a state that was otherwise unuseable. If the city wasn't smart enough to hire someone who could force their way into the devices to re-image them with a configuration of their choosing, that should have no impact on Terry Childs. He did not steal company (or in fact, government) property. He never did. He simply left devices in a secure state, arguing against reason that nobody knew well enough to handle the systems. A bit paranoid, and overly concerned with his job to be sure, but hardly a case to bring him before court. If his manager had been the slightest bit resourceful, he'd have found someone who could re-image those devices, wiping all previous data on them.
I'm assuming it's not that hard to do when you own the damn things and have full vendor support behind you!
---- I am certain of only one thing : I know nothing else.
And this is the sort of rigid, inflexible thinking that got him into trouble.
They have a right to access their network. He does not. Thus both have an obligation to take reasonable steps to ensure that they can access the network and that he cannot. Providing the passwords is reasonable. Providing fingers is not.
They got upset with me for doing my job after I was fired as well.
Now, I was an executioner for the State of Texas, but I don't see how that makes a difference.
That's far too simplistic. Contracts of employment aren't just active from the first->last day of employment. There are plenty of responsibilities and contractually enforceable duties that survive the end of a job. NDAs would be an obvious one. Non-compete or solicitation clauses would be two more.
I suspect you'd take a different view if your previous employer withheld your final pay cheque saying that all obligations between you had ceased the moment you walked out the door.
I fancy though that if he DID turn the passwords over to an unauthorized person they'd have turned around and nailed him for that anyway.
What Terry Childs should have done was *mailed* the password to the mayor.
Everyone knows Scalia and Thomas are both lunatics who almost always vote against the fair and just outcome.
*whoosh*
It surprises me more that they even hired the guy in the first place if he had a felony rap sheet.
His idea of "authorized" was a bit screwy at best. I seriously doubt the City would've cared one bit about him once they had control of there network -- after all, any sane organization would change that password as soon as possible. (and audit everything to make sure he doesn't have any backdoors.) Granted, a sane org would never have gotten into this mess to begin with.
I seriously suspect you are trolling, sexconker, but let's analyse your statement just for the fun of it.
Knowledge is not property. There is no no law in the world which claims that the knowledge of something belongs to someone. Even the most draconian "intellectual property" laws in the world do not claim that it is illegal to, for example, tell the ending of a novel to your friend. "Copyright" is just what it sounds like: the exclusive right to manufacture copies of something. That right is the only thing you own when you own the copyright. You don't own the novel in itself. You don't own the information in it.
There are instances in which it is illegal to spread knowledge, for example, exposing military secrets, but that is not because the military "owns" the information. It is illegal because the information is classified and disseminating it would damage the country, regardless of who could be said to "own" it.
They lock the keys in the car and tell you to fuck off.
In my jurisdiction, this is not theft, because the car dealer does not appropriate the car for himself. However, it could still be illegal, on the grounds that the car dealer handles your property without your consent in a way which interferes with your own use of it.
However, information is not property, and having a secret password in your head doesn't mean you have your employer's property in your possession. Refusing to tell your employer the password is not legally equivalent to refusing to return the employer's property. It could be illegal to not tell the password, if the employer is legally obligated to be loyal to his employer or to follow its orders. It could also be breach of contract if he signed an employment agreement.
I agree that any person with some sense in their heads would try to cooperate with their employer. I'm not sure there is any legal obligation to turn over passwords, though. It depends on how the law is written in your country or state.
The flaw in that thinking lies in equating knowledge with property. There is an obligation to return property which has been placed in your care, because property normally has a specific owner, but there is in general no legal obligation to "return" secrets which has been entrusted upon you.
Of course, any sensible person would take reasonable steps to aid his employer in regaining control of the network, regardless of any legal obligation.
I suppose my boss could invite me out for lunch, fire me, and then keep my car, which is parked on company property and accessible via a locked gate with a keycard. My keycard would no longer work, and he'd be under no obligation to do anything for me, a non-employee. Heck, my iPod in my desk drawer. Gone.
No, your car and your iPod is physical property, and he would have to give you access to them in some way. However, if you stored personal information in your work computer with your employer's permission (like personal correspondence), I'm not sure the employer would be obligated to extract the information for you.
He also had no right to go through their network and booby trap the systems so only he could gain administrative access to them, rendering the entire system useless to anyone who might be filling his position in the future.
Eh, it IS a sysadmin's job to make sure nobody can take over the network without the proper passwords. It is conceivable that he was overly paranoid when configuring the network, or that he was planning to blackmail the city of New York all along, but so far I've seen no evidence of this.
However, if the person who signs my paycheck comes to me and informs me of a shift in my responsibilities away from the network or is terminating my position and demands that I hand over security credentials so the person coming in after me can do the job, I'll hand it over.
You seem to have missed that Childs' had been instructed, in writing, to only hand over the passwords to authorised staff. If he had revealed the passwords to his closest superior (who was unauthorised), and the employer had been a dickhead, they could have charged Childs' with negligence.
On the other hand, it is quite possible that Childs' was being a dickhead himself and that the whole problem could have been avoided if he had been more flexible. But if we're going to condemn him, let's do it for the right reasons.
Keeping someone in prison is expensive, so giving someone a longer sentence just because they're a dickhead and offend the judge or jurors is irresponsible against the taxpayers.
Then they should sue him for renumeration for the value of the lost work or the piece of lost work they thought they were owed. Not that he shouldn't have done it, but it isn't a crime to goof off at work. And to regain the work that should have been done isn't a criminal matter.
Learn to love Alaska
the city of san francisco could have decided to hand out the passwords to homeless people and plaster them on freeway billboards. and? who cares. the point is, the passwords were the property of the city of san francisco's, not terry child's. the story begins and ends there
that san franciso would poorly manage network security is almost a fact. i would wager good money on their network being compromised. again, who cares: completely besides the point. terry childs had no right to assert himself as an authority, regardless of how right or wrong he was. therefore, he deserves to be punished for believing he had authority that anyone with a normal ego would understand they do not
i wish people would stop defending this guy. we have enough egomaniacs in this world ruining it. why some slashdotters can't see that terry childs is the exact same kind of egomaniac is beyond me
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
accord to terry childs
self-appointed dictator, following his self-appointed duty, of policing san francisco's network policy
he was an egomaniac who overstepped his bounds, and for that, he was jailed, and rightly so
why do people continue defending this asshole?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
or more exactly, the security system for THEIR network, which the password was the key to
terry childs is like the auto mechanic in that seinfeld episode from the nineties, who doesn't think jerry is treating his car well enough, that he slaved so many hours repairing, so he steals his car. funny on tv, not funny in real life
yes, terry childs and the auto mechanic put a lot of hours and love into their technical efforts. but this in absolutely no way gives them any right to assert any authority
why the hell can't some slashdotters understand this simple concept?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Are you really trying to argue that root passwords and typical user passwords are treated the same? When there's only 1 admin account?
Look, Childs could have easily said "Call me direct afterwards, and I'll tell them to you" to avoid the evil conference call.
Or, even better, he could have created new admin accounts for the new administrators when his boss told him to, long before this conference call. Thus not requiring the disclosure of his passwords. But Childs didn't like that 'his baby' was being taken away from him and he refused to do his job, resulting in the effective theft of millions of dollars of SF's equipment.
But there's no indication that he's a thief or a scumbag.
This is actually not quite true. Check out Terry Childs juror explains why he voted to convict:
IDG News: Going back, what was the one step he could have done to avoid prison?
Chilton: If he would have simply said, "I will create you an account and you can go in and you can remove my access if you want." If he had created access for someone else, I think that would have resolved it. If he had not decided to leave and go to Nevada a few days later and withdraw US$10,000 in cash, [Childs did this the day before his arrest, while under police surveillance] I think the police may have let it continue on as an employment issue and not a criminal matter.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
The city did have a plan. Childs violated policy, and made sure nobody could administer the city network except him. That includes his lawful replacement.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The passwords are property.
The passwords are not his property.
He was in possession of them beyond his employment.
That is theft.
Theft is a crime.
He is criminal.
He stood trial as a criminal.
Information can indeed be property.
Especially when you're the sole physical holder of said information and said information is owned by someone else.
Dude is a criminal.
You are a retard.
NDAs would be an obvious one. Non-compete or solicitation clauses would be two more.
OK, but if it's not in the contract, it's not there.
I don't recall any contracts that said I had to provide assistance with their networks after I was no longer employed.
it's somewhat terrifying that one person can rule in a manner so blatantly contrary to the interests of justice, and it be the final word on the subject (though, thankfully, he was dissenting here).
Actually, it's equally worrying that Appeals can be denied (especially in capital cases) on any basis other than lack of merit, or that a court will refuse to accept submissions from someone being represented by an attorney when the submission is a request to get rid of said attorney.
FGD 135
interestingly, it has been repeatedly explained, on the other side, that information is not property in the tradional sense. Neither side seems to be able to back up their assertions that a password is company property that must be 'returned' (or not).
In any case, returning company property is not as clear cut as you think. If you have a company laptop at home when you're fired, and after you've gone home your former employer wants it back, they have to get a posession order from a court. It's only in defying such an order, or actually attempting to claim the laptop for your own that you're stolen it.
In any case, this was not a question of giving back pseudo-property to the city. This was a case of whether refusing to give the password(s) to someone from the city who wanted them represented a denial of service for the purposes of a statute that was never enacted to deal with situations like this.
Personally, I think the best outcome is for him to get substantially less than time served, and leave the city holding the bag.
FGD 135
for the world. you can't carry your weight, and the weight of incompetents
understand your boundaries. speak your concerns to the people in charge, and let it go
you don't solve problems by assigning yourself authority you don't have
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Page not found from that link - how terribly convenient.
I've learnt another little nasty weasel trick to beware of and it's suprised me as to how low people go here just to win an argument. Just say anything you like put in a link to nowhere under a domain that looks like it is credible.
Another examples of RW denial and lunacy at Slashdot are denial of Windows' success in past
It depends on what you define as success. I personally haven't heard anyone here deny Window's financial and marketing success in the past. If you read carefully, you might notice that most criticism of Windows is of a technical nature. Things like BSOD and swiss cheese secutity, which most Windows users simply accept as normal, are for technically advanced "geeks" not exactly signs of success.
Prison will hardly make him less of a dickhead. Most likely, he'll be even more bitter and convinced he's been unfairly treated when he gets out.
Locking him away for life would stop him from causing trouble, but would be unjust and expensive.
Psychological counseling might help, but there's no guarantee.
In any case, giving him a harsher sentence just because he's a dickhead won't help anyone. Sometimes you have to accept that there is no solution, and doing nothing causes the least damage.
I can't think of any legal situation where that holds true. There are situations where an employee is legally obligated to assist their (former) employer, but that has nothing to do with "owning information".
Also, in such situations.. the recourse is civil, and the employee can't be arrested for "refusing to assist", at least not until a court order has been made, the employee is aware of the court order, and chooses to disobey the order.
But in that case the employee is criminally liable for contempt of court, not "theft".
This has nothing to do with being required to assist the employer. It's about returning the employer's property.
Passwords are no different than physical keys, a company laptop, or a company car.
There's a reason the dude is in jail.
And you can huff and puff all you want, but you're wrong.
W R O N G .
. Thus both have an obligation to take reasonable steps to ensure that they can access the network and that he cannot. Providing the passwords is reasonable. Providing fingers is not.
I agree that he has an obligation, but that it is a contractual obligation or fiduciary duty due to the employer-employee relationship.
There is no law on the books stating that an employee must divulge any password or security code to their employer immediately when asked, and listing a criminal penalty for failing.
That is, I am saying this is a civil obligation. The recourse against someone who fails to perform obligations or fulfill civil duties (such as doing what they agreed to do as part of an employment agreement policy or contract, OR... retaining information they agreed to retain), is a suit in civil court.
The employer can go to a judge and get an order issued for the employee to hand over the password.
But until the employee sees that order, there should be no criminal charge involved.
He gave the passwords to the mayor....
He should have negotiated a plea bargain. The passwords, for release, or a light sentence.
He threw away his only bargaining chip, and let a case go to trial, with odds against him.
You want a citation? Sure, no problem.
This is a comment from a juror presiding over his trial. The juror makes a number of very interesting comments in that slashdot article. It's worth a read.
Since when does the employment contract for a front-lines IT grunt include the specific password policy for the equipment the grunt will be maintaining?
Do you have a link to this contract?
There's nothing like that in the citation that I gave. I'm not saying that management were perfect; they were not. Neither was Terry.
According to what I've read, he was asked to give access to a user he knew was authorised. Terry did not do this. That, to me, is an arrogant action. I believe Terry felt like he owned the systems he managed, and he was loath to part with control over them. That was wrong of him. He is now paying the price for that, which I think is too harsh, but that's the law there.