San Francisco Just As Guilty In Terry Childs Case

snydeq writes "Deep End's Paul Venezia follows up on the Terry Childs sentencing, stating that the City of San Francisco is as much at fault in this case as Childs is. 'The way that the San Francisco IT department has been run is nothing short of abysmal, and that has been pointed out time and again by anyone paying attention to this case,' Venezia writes. 'Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.' Worse, perhaps, is the disproportion of the sentence, when compared with recent convictions for intended malfeasance on the part of several notable rogue IT admins."

A better link

[mcgrew]

"Printable version". TFS's link is to a two page version with six paragraphs per page.

Worse offenders -- even murderers -- get less jail time than Childs
Consider then, the case of Steven Barnes, the former IT manager for Blue Falcon Networks in San Mateo, Calif. Barnes was convicted of sabotaging Blue Falcon's IT infrastructure in 2008 [4], receiving a sentence of one year and one day in prison and $54,000 in restitution to the company. While Childs' actions caused no disruptions, Barnes deleted all company email, caused the email servers to spew out spam, and intentionally crippled at least some servers, rendering them inoperable. He received a much lighter sentence than Childs -- and in the same court district.

Re:A better link

Well obviously the 'example' did not stop Childs from doing it, so time to make a new example.

I bet every IT manager knows of this case now and will most likely never happen.

That's a keeper...

[Anarki2004]

"rogue IT admins" - I find that phrase humorous for reasons I cannot explain.

Re:That's a keeper...

What level rogue was the admin, anyway?

Re:That's a keeper...

[GooberToo]

"rogue IT admins" are the only thing worse than, "mall ninjas." *Dunt, dunt, duuuuunt!*

Re:That's a keeper...

[Tumbleweed]

"rogue IT admins" - I find that phrase humorous for reasons I cannot explain.

That's a typo. This IS San Francisco we're talking about - they almost certainly meant to say "rouge IT admins".

Re:That's a keeper...

[phyrexianshaw.ca]

couldn't have been that high, though I guess the city of SF MIGHT be classed as a raid boss.

It's a question of policy

[koh]

Frisco's policy in this case is: "Punish what you can't understand".

Re:It's a question of policy

[Matt.Battey]

Didn't the guy offer to give the passwords to the Mayor but not to his boss, by his bosses (or department's) own policy?

Re:It's a question of policy

[Maxo-Texas]

The major (presumably a valid password agent) asked for the password over an open speakerphone while in the presence of a half dozen other people who were not valid password agents.

The boss did something similar (asking for the password to be given to him in an invalid manner).

Childs was screwed no matter what he did. Was he paranoid and did he overreact (probably).

Is the punishment legal? (sure), fair? (obviously not).

It's legal to give you a ticket for doing 66 in a 65. And to do so with cameras so you don't even know you got it. And to give you another ticket another mile down the road for the same crime-- every mile all the way home.

There are lots of things that are legal but not right.

Childs was made an example of.

The lesson learned is... you don't want to work for the government without a strong union and clear policies backing you.

Re:It's a question of policy

[jythie]

I am not even sure I would call the punishment legal. They really shoehorned a law designed for something else into this case. In many ways he is getting punished for following his employer's rules when politics said he should have broken them.

Re:It's a question of policy

[david_thornley]

By that time, he'd already committed what he was convicted of.

Childs refused to record passwords, in direct violation of policy. When being moved from his current job, he refused to hand over passwords etc. in any environment, again in direct violation of policy. He then prepared to leave town without handing them over.

No competent sysadmin sets things up so he's the only person with the passwords, so that the network is simply screwed if he's hit by a bus. Childs went one further: he had the password for a file on his personal laptop that had the passwords in it. Had his laptop been destroyed, or the file system corrupted, the passwords would be lost.

Re:It's a question of policy

[jgagnon]

The S&M capital of the world?

Re:It's a question of policy

[MightyMartian]

Precisely. Whatever else Childs is, he's a shitty administrator. Do you think the city's chief comptroller has the only set of keys to important confidential accounting files? Do you think the city's chief personnel/HR officer has the only set of keys to personnel files?

As much as all of us IT guys have our moments of self-delusional self-importance, we are, at the end of the day, simply another aspect of any given organization's total infrastructure, and are bound by the same rules, and by the same basic set of good practices. You keep copies of keys, passwords, pass codes, whatever in a secured place. You don't keep them on laptops. You don't keep them in your head. You make damned good and sure that if you were hit by lightning the next morning your employer can assure continuity of operations. That is the most fundamental job anyone in a position of any kind of managerial authority in any organization has.

Re:It's a question of policy

[Shimbo]

Didn't the guy offer to give the passwords to the Mayor but not to his boss, by his bosses (or department's) own policy?

I've not seen any evidence that the policy actually existed, outside of his imagination. If it was in writing, did the defence subpoena a copy and present it as exhibit?

Re:It's a question of policy

[Cro+Magnon]

What if your speed varied from 63 to 68? Does each creep past 65 count as a seperate violation?

Re:It's a question of policy

The lesson learned is... you don't want to work for the government without a strong union and clear policies backing you.

Right, because private companies have never screwed over employees. Where the fuck do you randroids come up with this shit?

Re:It's a question of policy

[arose]

If there is no official policy (some claim he didn't record passwords, as per policy. But the commonly linked juror interview is quite clear that his management fucked themselves over more then he could have), then you have to figure out what is proper. I can't blame any admin who doesn't think it's proper to give vital passwords to a roomful of people over speaker phone. In many ways it really was a no-win, for example, if one of the people in the room mucks around with the system, they probably would have gone after him for that instead.

Re:It's a question of policy

[jeff4747]

The major (presumably a valid password agent) asked for the password over an open speakerphone while in the presence of a half dozen other people who were not valid password agents.

The boss did something similar (asking for the password to be given to him in an invalid manner).

Childs was screwed no matter what he did. Was he paranoid and did he overreact (probably).

Childs's defenders keep bringing up this moronic argument, and I really don't understand why.

Here's how a competent human being handles that: "I can't give you the passwords over speakerphone, so after this meeting call me on a regular phone and I'll give them to you." Similar for all the other 'invalid' requests. You politely ask the boss to contact you in a more secure manner.

It's not like he was in some sinister Catch-22, and it's not like the 'speakerphone incident' was the only attempt his bosses made to get the passwords. The guy was an idiot who thought he was indispensable, so he massively overplayed his hand.

Re:It's a question of policy

[bsane]

Frisco's policy in this case is: "Punish what you can't understand".

Kind of funny for a bunch of progressives, don't you think?

Re:It's a question of policy

[Maxo-Texas]

Getting a ticket does not give you immunity from another ticket for the same offense for any period of time.
You can be ticketed as you drive away from the policeman who just gave you an incident.

Re:It's a question of policy

[Maxo-Texas]

Not sure about your local jurisdiction of course but...
http://www.theanswerbank.co.uk/Motoring/Road-rules/Question591380.html
Hi, I was recently caught by a mobile speed camera just before the junction of a 30 to 40mph zone at 38mph twice within the space of 30 minutes. Can these two instances be regarded as one offense?
No, it is two separate offences.

And it looks like in some cases, the officer can ticket you twice in the same stop for two different speeding violations. Cool, huh?

http://answers.yahoo.com/question/index?qid=20070716094658AA0fomT

Re:It's a question of policy

[Maxo-Texas]

I'm sure some parts of your argument are valid But - and I am only saying this because I care, there are a lot of decaffeinated brands on the market that are just as tasty as the real thing.

Re:It's a question of policy

[AK+Marc]

Is the punishment legal? (sure)

I disagree. The law requires actual damage be done. He did no damage. Not doing what someone wants when they want is apparently damage.

Re:It's a question of policy

[Maxo-Texas]

I do want to thank you and others who didn't fall on the atrocious typos in my posts today and instead focused on the arguments. I guess I'm pretty distracted right now.

Re:It's a question of policy

[nomadic]

Childs was screwed no matter what he did.

No, he wasn't. If he had given the password, he would not be in jail now, and he would probably still have his job.

Re:It's a question of policy

[BitZtream]

Following his employers rules?

Okay, so you obviously haven't actually read anything but slashdot summaries.

Before the police were involved, he was given several VALID ways to turn over the passwords.

He broke policy FIRST but not using the City supplied configuration and password management system which he was supposed to be using ... according to city policy.

Had he followed ALL the rules, he'd have just been fired and there would be no story.

He selectively picked policies that suited his agenda and ignored the rest, using the ones that suited him to try and hide.

Unfortunately for him, the cities only real choice was to go after him for as much as they could to make it clear this sort of shit isn't tolerated in the future.

He's getting punished for conspiring to and eventually holding the cities network hostage. It was very clear during the trial that he planned to do what he did. It wasn't just one of those days where everything went wrong and he is being made out to be the bad guy.

He went out of his way, broke multiple city policies over an extended period of time in order to put himself in the explicit position of holding all the cards.

The city responded by simply pointing out that while he currently held the cards, they were simply going to shoot him and take what they wanted anyway.

Re:It's a question of policy

[dgatwood]

Regarding the UK issue, it clearly was two separate offenses. The driver sped up too early in one spot and was caught by a camera. Twice. The same camera. Not two different cameras. Therefore, short of the road being circular, it cannot possibly have been a single offense.

Regarding two citations for speeding in the same stop, the officer can ticket you all he wants. That doesn't mean the judge won't throw out one of them, and did in this case, judging from the comments. Given that the decision to give multiple tickets was probably driven by quotas or other revenue reasons (which are illegal in most places), such an action by an officer might even get *both* tickets thrown out, depending on jurisdiction and on how well your lawyer argues the case.

Were it the case that you could charge someone twice for the same offense, localities would simply put up three speed trap cameras in a row, ten feet apart, and ticket people three times for every violation. Such abuse would never hold up in court---I don't care what jurisdiction you're talking about---unless we're talking about someplace with massive corruption where the sheriff is the judge's husband or something.

Re:It's a question of policy

[baegucb]

Almost always, I have mod points. And I use them as best I can. And I agree with your sentiments mostly. Problem is, your post leaves me wondering if I should mod it as insightful or flamebait. Tone down the rant a bit, and you'd get insightful, but imho this is flamebait. And stupid. Just an fyi.

Re:It's a question of policy

[Minwee]

He's getting punished for conspiring to and eventually holding the cities network hostage. It was very clear during the trial that he planned to do what he did. It wasn't just one of those days where everything went wrong and he is being made out to be the bad guy.

That's right. If he had been smart he would have just "deleted all company email, caused the email servers to spew out spam, and intentionally crippled at least some servers, rendering them inoperable" like Stephen Barnes did and been out of jail a year ago. Or perhaps he could have "deliberately and painstakingly attempted to sabotage the company he worked for, intentionally writing scripts to destroy valuable data" like Yung-Hsun Lin did and he would be out of jail in three more months.

But he got a much harsher sentence despite having not caused a single minute of outages on the network he was accused of conducting a denial of service attack on. Maybe someone ought to write (or read) an article comparing these widely disparate sentences.

Re:It's a question of policy

[Rhinobird]

I have a question. Do you ever about yourself standing in sort of sun-god robes on a pyramid with a thousand naked women screaming and throwing little pickles at you?

Re:It's a question of policy

[moronoxyd]

It is not porper procedure to set up a network so that you are the only one who has management access to it. Not with a network of this size. The good old "whap happens when you're hit by a bus tomorrow?"

Second: Yes, giving the passwords on a conference call would have been stupid. But telling the boss that you give it to him afterwards in private would have been possible. But no, Mr. Childs didn't want to give away the passwords at all.

Re:It's a question of policy

[mhelander]

To make themselves easily replaceable is "the most fundamental job anyone in a position of any kind of managerial authority in any organization has"?

I don't see that happening a lot in practice.

Re:It's a question of policy

[Maxo-Texas]

And two cameras a mile apart are clearly separate incidents-- it's likely that more than a minute separated your violations. You could even be on a different freeway after a mile.

It is only social convention that stops them from doing this.

That's why we have judges-- they are supposed to balance the law so justice results. It wouldn't be fair to give someone 17 speeding tickets in one day. It wouldn't happen if the police stop you because you would drive slower after getting a speeding ticket (at least if you are normal and even an idiot would be careful after a second ticket).

But speeding cameras don't have a human in the loop. The only reason this doesn't happen is that a human doesn't put out multiple speeding cameras in the same area.

However, currently getting multiple tickets in one day for different incidents is rare. Apparently multiple tickets can arrive on the same day (weekly batch?) but I was unable to find anything concrete in my states legal code on this. It may be specified in policy manuals not on the web.

I do know that on the main freeway I drive in on, there are often 5 to 7 police over an 8 mile stretch (one after each hump). If you were an idiot, you could probably manage to get ticketed by half of them in one drive.

In any case, getting a ticket doesn't make you immune to getting another ticket for any period. if you break the law again, you can be ticketed again.

I agree there is a gray area here between: a police officer pulls you over, tickets you, you speed away, the same officer or a new one stops you and gives you another speeding ticket very shortly after the prior one AND you speed by a speeding camera and then a short distance later you speed by another speeding camera. It's possible they would "wrap up" the two tickets into one ticket. I could not find a clear answer to that question.

Re:It's a question of policy

[Joe+Snipe]

If I recall he wasn't originally the only one responsible, but the Dept heads started systematically axing his peers (I believe 4 people over the course of ten months), which he fought every step of the way.

Re:It's a question of policy

[commodore64_love]

(1) Childs was wrong. You don't withhold passwords from your employer. It's his property, and he's allowed to be an idiot with his own property.

(2) But having been accused of the crime, I would have run away rather than stick around in California. There are a lot of decent IT jobs in the Northeast..... almost 3000 miles away from the SF Government's reach. No different than running from Spain to Poland to start a new life.

Re:It's a question of policy

[Rhinobird]

Yes I am missing that word.
That's what I get for posting half asleep.

Re:It's a question of policy

[arose]

It is not porper procedure to set up a network so that you are the only one who has management access to it. Not with a network of this size.

Yes, we know that his manager(s) fucked up badly... Admins shouldn't set policy, or be thrown under the wheels because there is no policy. Not with a network of this size.

put the city in jail!

Jail the city!

Re:put the city in jail!

[weav]

SF's jail is in another city, in another county. I don't they they'd appreciate the influx.

And people ask about my new sliver hat

[Haffner]

Every time I read something positive pertaining to the American justice system I seem to be two years older than the last time. How does he possibly deserve four years in prison for this?

Re:And people ask about my new sliver hat

I would guess it involves political influence and personal pride, both pushing up the sentence because someone's feelings and "good name" were hurt by his actions.'

AKA Childs made the Mayor upset and look bad, end of story. Politics is never "fair or balanced" and it sure doesn't follow rules.

Re:And people ask about my new sliver hat

[jythie]

I think the problem is, judges can read and understand the law just fine. Juries on the other hand generally have no idea what they are doing.

Re:And people ask about my new sliver hat

[Shakrai]

When, seemingly, most of our judges seem unable to read and comprehend, which is both the easiest to understand and the highest law of the land, the US Constitution, how can you expect any other result?

But the Constitution doesn't mean what it says. It's a living document that evolves over time. That's why we only allow people with law degrees to decide what it means. Following the plain text of the document? That's crazy talk.....

Re:And people ask about my new sliver hat

[Haffner]

In my opinion, the judges aren't the problem, it's the system in general. Prosecutors are pressured into going for maximums, and having a 100% conviction rate. In order to put together a successful defense, one must spend thousands of dollars. The laws themselves frequently do not take into account the severity of the crimes (see convicted song pirates).

This isn't even taking into account the police, who will also do everything they can to guarantee a conviction. It seems that we have moved from a legal system that would prefer letting a guilty man go free rather than imprisoning an innocent to one where we would gladly imprison 10 people, despite 9 of them being innocent to catch a single guilty.

Re:And people ask about my new sliver hat

[Haffner]

My problem is how one minute the government claims the Constitution as absolute, unchangeable law, and then the next says "Oh, but it didn't take this into consideration."

Re:And people ask about my new sliver hat

[GooberToo]

Judges are free to toss out jury findings at any time, when it is felt it is in conflict with justice, or if its felt the jury did not understand what it is they were to do. In a courtroom, where its obvious the prosecution is extremely biased, has reason to be biased, a judge has an obligation. That's exactly why he's there in the first place.

The fact the judge didn't do his job absolutely means he is part of the problem. As you rightly point out, other areas need to be addressed, but when a judge is actually doing his job, by in large, everything else tends to fall into place, or at a minimum, not fall so far astray.

Removing unfit judges would go a long, long, long way toward fixing the US' broken legal system.

Re:And people ask about my new sliver hat

[russotto]

It seems that we have moved from a legal system that would prefer letting a guilty man go free rather than imprisoning an innocent to one where we would gladly imprison 10 people, despite 9 of them being innocent to catch a single guilty.

No, we've moved to a legal system which would gladly imprison 10 innocents, despite no crime having been committed at all.

Re:And people ask about my new sliver hat

[PitaBred]

a legal system that would <...> gladly imprison 10 people, despite 9 of them being innocent to catch a single guilty.

But think of the children!

Re:And people ask about my new sliver hat

[dougmc]

Juries are *supposed* to have no idea of what they're doing.

At least with regard to the law, they are supposed to only know the bare minimum needed to rule on the case in front of them. If they obviously know more, either prosecutor, the defender will try to dismiss them, and who does it will depend on the exact knowledge. Or the judge may dismiss them.

The judge goes to great pains to make sure the jury only knows what they're supposed to know -- i.e. what came across in the trial. Nothing else is permitted, and if the jurors learn something that's critical to the issue that they weren't supposed to know, the judge may order a mistrial and start over with a new jury.

The judge gives the jury the part of the law that he thinks the jury needs -- but often these jury instructions are incomplete and miss crucial passages or similar things that may totally change the meaning of the law. And while the lawyers may be able to educate the jury otherwise, the judge may order them to not do so before the trial, and if they do, it's contempt of court and the lawyer goes to jail.

Jury nullification is probably the most common example of something that juries are not supposed to know about ...

Re:And people ask about my new sliver hat

[IICV]

"Who gives a shit if those nine people were innocent? Next year is an election year, and I'm running on a tough-on-crime platform! I need a 100% conviction rate, come hell or high water!

"By the time their appeals have wended their way through the courts and they've been found innocent (probably sometime next decade), I'll be a senator or a mayor or a governor and nobody will care that I wrongly convicted Joe Blow all those years ago."

Or at least that's how I imagine all those prosecutors think. After all, there are zero consequences to their political careers for prosecuting someone unjustly, and yet there are repercussions for going "soft" on criminals.

Re:And people ask about my new sliver hat

[PCM2]

Sentencing reform is a long time coming in America. The Economist recently did a briefing on the U.S. justice system and its failings. Among the observations is that politicians tend to favor tough sentencing laws so they look "tough on crime," but those laws then tend to take power away from judges and put it into the hands of prosecutors:

Even the smallest dealer often has enough to trigger a colossal sentence. Prosecutors may charge him with selling a smaller amount if he agrees to “reel some other poor slob in”, as Ms Dougan puts it. He is told to persuade another dealer to sell him just enough drugs to trigger a 15-year sentence, and perhaps to do the deal near a school, which adds another two years.

Re:And people ask about my new sliver hat

[BitZtream]

Because other citizens agreed that for what he did, this was a fair sentence.

How do you know what he deserved if you weren't there at the trial listening to the arguments and evidence.

Remember, there was a slashdotter on the jury ... who thought he deserved it.

Does he deserve four years? I don't know, I wasn't there. Whats better, I dont' really care. He might have had my sympathy if it wasn't so crystal clear that he was a arrogant jackass trying to extort the city. He was on a power trip, so ... if the punishment for him is a little over the top ... well then it seems fitting considering his actions were most certainly way over the top and out of line.

Personally, I would have been happier if he was never allowed to take advantage of any device containing a microprocessor in it. No cars, electronics, medical help, voting ... pretty much the only thing he could do would be to become a farmer on his own land with hand tools just to survive.

Re:And people ask about my new sliver hat

[Vancorps]

When I was a juror the judge explicitly said that jury nullification was not allowed. I'm still confused now as to why she lied to us but it didn't matter since there wasn't enough evidence in the case to convict despite the defendant being a grade A douchebag. Of course the plaintiff wasn't any better and in the end he was declared not guilty. Will never know if that was the right decision but I felt good about it because all of us jurors agreed once we went over the facts of the case and the words of the lawyers. Took all of 10 minutes so I got to go home early that day. Woot!

Re:And people ask about my new sliver hat

[Chibi+Merrow]

After all, there are zero consequences to their political careers for prosecuting someone unjustly, and yet there are repercussions for going "soft" on criminals.

Oh there's not always ZERO consequences to their political careers... At least, not when they prosecute rich white kids... Though, really, one day in jail isn't enough for such ridiculous prosecutor misconduct...

Re:And people ask about my new sliver hat

[IICV]

From the Wikipedia article:

That June, Nifong was disbarred for "dishonesty, fraud, deceit and misrepresentation", making Nifong the first prosecutor in North Carolina history to lose his law license based on actions in a case.

The first in North Carolina history to lose his law license based on actions in a case (which is far more damaging than spending a day in jail). That's pretty damn good odds!

Re:And people ask about my new sliver hat

[nomadic]

Huh? Plaintiff? In a criminal case? And juries have the power to nullify, but not necessarily the right. It's a question that has been argued for hundreds of years and it hasn't been resolved, so I wouldn't be so quick to accuse the judge of lying.

Re:And people ask about my new sliver hat

[dougmc]

> And juries have the power to nullify, but not necessarily the right.

Of course, in practice, the two are the same -- the defendant is acquitted, and the jurors don't have to explain their decision.

Call it a power, call it a right ... either way, they're the one with the gun, as long as they realize they have it.

Bad Headline... TFA not much better.

[Mongoose+Disciple]

You can skip reading TFA; all of it that's relevant to the headline is in the article summary.

Most of the article is pointing out other people who did worse things and got lighter sentences. Frankly, I think that's a useless argument; for any crime, you can just about always find someone who committed a greater crime and received a lesser sentence. So what?

I think there's a lot of an interesting dialogue to be had about the Terry Childs case, but this particular article doesn't add anything to that discussion.

Re:Bad Headline... TFA not much better.

[Haffner]

I think the best observation I have seen regarding this case was made in the last discussion thread: Link

Re:Bad Headline... TFA not much better.

[sjames]

Frankly, I think that's a useless argument; for any crime, you can just about always find someone who committed a greater crime and received a lesser sentence. So what?

So it starts to mean something when the prosecution has a vested interest and EVERYONE else who committed a greater crime of the same nature got a lesser sentence in the very same court.

Re:Bad Headline... TFA not much better.

[Bigjeff5]

The only thing I can really get behind in the article is the fact that Childs was in jail for two years before his trial began. That sounds very much like a violation of his right to a speedy trial to me.

The rest, though, is pointless rambling about the nature of the legal system (even though he doesn't frame it that way, that's the heart of his problem).

He mentions a murder case where the murderer received a 1 year sentence. However, nobody has ever been convicted of murder and gotten a 1 year sentence. The minimums vary by state, but they are generally in the 15-20 year range. What actually happened was a plea bargain for the lesser crime of manslaughter (basically, an unintentional killing), for which a 1 year sentence is not uncommon. Manslaughter has varying degrees, the least of which is essentially pure accident. Depending on the level, the sentence can and should be very light.

You may think that's ridiculous, and it very well may be, but perhaps the DA didn't think he could close the deal on a murder charge, and so was willing bargain it down to something. Is it better that he be considered guilty with a slap on the wrist, or that he be considered innocent? That, unfortunately (or fortunately, depending on your perspective) happens a lot.

It's easy to twist things so they fit your personal views, but the fact is people who go the full trial period and are convicted typically get the highest sentences. People who plea down typically get the lowest. It's just a fact of life in the system. Chances are Childs had the opportunity to plea down to a lesser crime and get out with time served, but he more than likely felt that the gains for such a bargain would be minimal, and he could still potentially win the whole thing if he saw the trial through to the end. That's how I would view things if I were him, anyway.

Re:Bad Headline... TFA not much better.

[Dumnezeu]

Yes, the headline is a bit long. It should have said "San Francisco Just As Guilty In Childs Case"

Re:Bad Headline... TFA not much better.

[nomadic]

The only thing I can really get behind in the article is the fact that Childs was in jail for two years before his trial began. That sounds very much like a violation of his right to a speedy trial to me.

Childs undoubtedly waived his right to a speedy trial, like many, many criminal defendants do (and like Kevin Mitnick did, on multiple occasions, all the while dishonestly claiming that he was being denied his right to a speedy trial).

Re:Bad Headline... TFA not much better.

[evilviper]

And he's not even honest about it. Nobody has ever gotten a 1 year sentence for murder... The person in question pleaded no-contest to MANSLAUGHTER.

Want the penalty for Manslaughter to be harsher? Then be prepared for your kids to spend the rest of their life in jail when they fall asleep at the wheel and someone gets killed.

Think he should have been allowed to plead down to manslaughter? They had one witness, who lied on the stand.

Honestly, the outrage should be for the HUNDREDS if not THOUSANDS of murderers who are AQUITTED and spend ZERO time in jail due to lack of evidence, are still allowed to vote, own a gun, get a job at a public school, etc., not the one in a billion guy who got a light sentence.

Re:Bad Headline... TFA not much better.

[russotto]

Childs undoubtedly waived his right to a speedy trial, like many, many criminal defendants do (and like Kevin Mitnick did, on multiple occasions, all the while dishonestly claiming that he was being denied his right to a speedy trial).

Game's rigged. If you don't waive your right to a speedy trial, the prosecution will ensure you don't get the information you need to defend yourself until it's too late.

Re:Bad Headline... TFA not much better.

[idontgno]

starts to mean something when the prosecution has a vested interest

The prosecution always has a vested interest. It's called an adversarial justice system for a reason: there's one winner and one loser. And the prosecution certainly doesn't want to be the loser. Neither does the defense. In both cases, selfish interests (career goals, politics, pride) serve to apply pressure to that adversarial standing. As long as no one "cheats", the victory goes to the side with the better facts and better persuasion.

Sounds to me like Childs couldn't get his facts across sufficiently persuasively.

As to the unevenness of sentencing: I haven't studied the cases cited in TFA, but one looks like it's in a different jurisdiction (New Jersey), so the law broken may have been different and may have had different prescribed penalties. Even the California statute has (to my non-lawyer eyes) confusing variability.

Again. the unevenness of the sentencing tells us nothing, except that sentencing is uneven.

Re:Bad Headline... TFA not much better.

[nomadic]

Game's rigged. If you don't waive your right to a speedy trial, the prosecution will ensure you don't get the information you need to defend yourself until it's too late.

The prosecution has to disclose everything before trial. If they do it late enough, you probably have a good argument for appealing. Actually long delays tend to help defendants, because the older the evidence and witnesses get, the weaker the prosecution's case is.

Re:Bad Headline... TFA not much better.

[drinkypoo]

And he's not even honest about it. Nobody has ever gotten a 1 year sentence for murder... The person in question pleaded no-contest to MANSLAUGHTER.

I don't care what you call it, Childs' actions did not result in any disruption of services, no one was hurt. To suggest that he should be punished more harshly than someone whose actions resulted in the death of another, whether intentionally or accidental, is fucking stupid.

Honestly, the outrage should be for the HUNDREDS if not THOUSANDS of murderers who are AQUITTED and spend ZERO time in jail due to lack of evidence, are still allowed to vote, own a gun, get a job at a public school, etc., not the one in a billion guy who got a light sentence.

Everyone living the Western lifestyle is a murderer and slaver by proxy, including me, and you, and literally every other user of this website, or indeed the internet. It seems there's no shortage of targets for outrage.

Re:Bad Headline... TFA not much better.

[sjames]

The very first other case in TFA was, in fact, in the same district. It was clearly a much more serious offense and got a much lower sentence.

Of course, that wasn't a case where the government itself would look incredibly stupid and irresponsible unless they could find a donkey to pin the tail on.

Way too much is made of "adversarial" these days. It doesn't mean the DA is absolved from seeking justice. It doesn't mean the DA should pursue anyone and everyone and let the court sort it out. It is treated like that sometimes, and that's how we end up with travesties like the Duke Lacrosse team or the McMartin preschool prosecution where the allegations may not even be physically possible.

Re:Bad Headline... TFA not much better.

[Archangel+Michael]

Actually, I have an alternative take on it. Delay gives prosecutors more time to gin up evidence and tweak their case before being heard in court. While it is true that evidence stales and witnesses tend to forget, much of that "evidence" is already recorded, and by the time it gets to trial, it has been practiced and rehearsed to death.

Re:Bad Headline... TFA not much better.

[nomadic]

And the person will come off less credible if it's too rehearsed. And "recorded" testimony is frequently not allowed because of the hearsay rules.

That May Be True But...

[BJ_Covert_Action]

Sure, the SF IT department may be getting managed into the ground. Sure, maybe the city is as much to blame for everything as Childs is. But none of that matters now, does it? Nobody is going to file a case against SF city. Nobody is going to punish the SF IT department. Nah, the city will get to walk away scott free, continuing to practice poor procedures. All the wild, Childs has to live with his sentence as a convenient scapegoat. This case just serves a little more proof the the justice system, on all levels in this country (at least if you live in California) is completely FUBAR.

Re:That May Be True But...

[phantomfive]

You might have a point, except for the fact that Childs actually did do things wrong. He was a convenient scapegoat, true, but he made himself that scapegoat. It looked like he was going to flee the country even.

Let it be a warning to you: if you notice your organization is in trouble, better make sure you're taking care of your business sharply, and according to regulation, so you aren't painting a big 'scapegoat' target on your back. This is a basic rule of dealing with bureaucracies. Ignore it at your own peril.

Re:That May Be True But...

[BitZtream]

All he would have had to do was what his boss and the policies in place asked him to do.

You aren't a 'scapegoat' when you can easily and legitimately end the entire situation before it starts.

You aren't the 'scapegoat' when the situation is one YOU started.

He could have simply told someone who cared, but instead he decided to take actions into his own hands. His actions were dangerous and illegal. He broke laws and policies that his community set.

He had several occasions to 'do the right thing' and get in no trouble as well as turn the passwords over to qualified people, but he didn't, he said no, he wasn't going to and tried to hold the systems hostage knowing that anything anyone could do to recover the passwords would result in the equipment losing its configuration, effectively making it worthless and potentially causing problems.

He set these machines up in this way, AGAINST CITY IT POLICY. He didn't put the configs in the city IT config management system. He didn't put the passwords in the city IT config management system. He broke policy in order to put himself in the situation he was in.

How the fuck can you call someone a scapegoat when they created the entire problem?

Oh, I know how ... you have never bothered to read what he did, just assumed the city of SF is 'The EvilZors!@%!'

Before you start saying 'Mr Childs was trying to show people poor procedures' then I suggest you take a GOOD look at the procedures that where in place as a matter of city policy ... AT LEAST 2 OF WHICH, had he ACTUALLY FOLLOWED PROCEDURE, would have resulted in the city having everything they needed without him.

The city did its job, Childs didn't. Get the facts next time, you won't look nearly as stupid as you do when you listen to the criminal as if he's not lying through his teeth.

Re:Not Surprising

[MightyMartian]

Did a good job? The guy was keeping passwords and router configs in his head. He may be the best IOS programmer around, but that isn't the mark of a good job, that's the mark of an incredible idiot.

History of the World

[fahrbot-bot]

Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.

It's good to be the king.

Re:History of the World

[CraftyJack]

You can't fight City Hall.

More than one person to blame -- that's unamerican

[whoever57]

Wow, a nuanced view of the problems.

Before this post gets modded as a troll or flamebait, it is my humble and sincere view as someone born and raised outside the USA, that Americans are often obsessed by finding a single cause for a problem and the idea that there might be multiple causes is rarely explored.

boycott SF

[dltaylor]

We may not be able to bring any sense of "justice" to this act, but there should never be another computer-related event in San Francisco, and anyone with any sense of what really happened to Childs (regardless of his own aggravation of the incident) should also boycott the city.

The slightly smaller number of tourist and convention dollars will take decades to balance the scales, but it's worth a try.

Re:boycott SF

[jewishbaconzombies]

Boycotts of one don't count - particularly since you can't afford to go - let alone stay - in San Francisco anyway.

But keep catching those rainbows and reaching for the stars. Perhaps you can boycott NYC next.

Re:boycott SF

[Odetta2012]

The city is 100 percent capable of torturing someone while maintaining its sunny image.
Realize that the sun rarely shines in San Francisco.
Unless you are very young, why would you want to actually pay to spend any time in a fog-and-mildew drenched, pee-smelling environment?
If you are not yet trapped here, just go.

Heavy sentence?

[Caerdwyn]

So here's a question. If people are concerned about the magnitude of the sentence, what's the REAL problem? Some people say "others got light sentences so he should too"... I would ask "is the real problem that others' sentences were too light and this is the first time the punishment fit the crime?"

Now, whether Childs is actually guilty of a crime is another matter. I wasn't in the jury; neither was anyone else here. We don't have all the facts, and the facts we ARE seeing are carefully picked by people with an (understandable) bias. A jury has convicted him of essentially holding a city's IT infrastructure hostage, and if he is in fact guilty of that, probation or "time served" is inadequate. If he's guilty, I believe the sentence is wholly appropriate, and may even be on the light side. If he was, in fact, concerned about IT security, he certainly bungled how he handled it and certainly forced a lot of spending, but would be lacking the "guilty mind" that the law requires for a conviction of this sort.

What it all comes down to is intention. If he intended something malicious, the sentence is entirely appropriate. If he did not, he should not serve any prison at all. There's really not a lot of room for gray areas here.

As for the City of San Francisco being "as guilty"... well, yeah. Maybe someone should be sharing a cell with Childs. That's a separate matter, though. If Childs was malicious, it doesn't let him off the hook. And if Childs wasn't malicious, it doesn't excuse how he handled it. The smart play would have been to immediately give the passwords (and the reason for holding them, as well as the modems) to the FBI and then let the city and feds slug it out. The fact that he did nothing of the sort is probably what convinced the jury that there was malice, and therefore the "guilty mind". Whatever else Childs may or may not be, he handled this whole thing like an idiot.

Re:Heavy sentence?

[RyuuzakiTetsuya]

That's actually not true.

http://slashdot.org/comments.pl?sid=1633482&cid=32008096

one of us actually was on that jury

Re:Heavy sentence?

[Haffner]

What it all comes down to is intention. If he intended something malicious, the sentence is entirely appropriate. If he did not, he should not serve any prison at all. There's really not a lot of room for gray areas here.

Incorrect. You are talking about two separate crimes here: a crime that occurred, and a crime that may or may not have been intended to occur, but did not. The former he should be tried for, and convicted of, and punished appropriately. The latter is conspiracy to commit a different crime - conspiracy is a criminal charge, which he could be tried and punished for. This is what keeps punishments appropriate for crimes; if I try to burn down your house but only succeed in breaking into your garage, I deserve to be punished for 1) damage to property, 2) breaking and entering, and 3) conspiracy to commit arson. NOT 1) 2) and 3) arson. You are implying the latter is what should take place, and that is incorrect.

Re:Heavy sentence?

[Bigjeff5]

A jury has convicted him of essentially holding a city's IT infrastructure hostage, and if he is in fact guilty of that, probation or "time served" is inadequate. If he's guilty, I believe the sentence is wholly appropriate, and may even be on the light side. If he was, in fact, concerned about IT security, he certainly bungled how he handled it and certainly forced a lot of spending, but would be lacking the "guilty mind" that the law requires for a conviction of this sort.

There isn't really any point in saying "if he's guilty" any more. The prosecution successfully proved beyond any reasonable doubt to a jury of his peers (at least one of whom was a well trained IT network professional) that he is guilty of violating California's denial of service attack law. There is still that slim chance that is impossible to completely rule out, but that's why we prove guilt beyond reasonable doubt - because proving guilt beyond all doubt is impossible.

No, he's definitely guilty.

Frankly, the article didn't give any evidence at all that the city of San Francisco was guilty of anything, let alone "as guilty" as Childs is. All the author did was make a nonsense argument that if it had been a private company the sentence would have been much lighter. He then lists several cases that were not prosecuted under California's denial of service attack laws. What the hell is that supposed prove? He's comparing apples and oranges, first, then apples and carrots (when he compares a trial that went to conviction to a plea bargained murder/manslaughter case).

The only thing I agree with the author on is the 2 years Childs spent in prison before the trial, that is absolutely ridiculous. Frankly, if Childs does any kind of appeal, I think it should be on the grounds that the state violated his right to a speedy trial. Two years in prison is unacceptable. They should have enough evidence in hand before making an arrest that it shouldn't be but a few months, max, for a trial to commence. His initial arrest was also essentially a coercion to get the passwords out of him. I'm not sure he had been charged with anything at that point (I may be wrong), but that sounds iffy to me as well.

No one should be in prison for years waiting for their trial. That's absurd.

The rest of the article was complete junk, though.

Re:Heavy sentence?

[jeff4747]

The only thing I agree with the author on is the 2 years Childs spent in prison before the trial, that is absolutely ridiculous. Frankly, if Childs does any kind of appeal, I think it should be on the grounds that the state violated his right to a speedy trial

Many defendants, including Childs, waive their right to a speedy trial. They do so for a variety of reasons, such as wanting more time to build a defense or hoping key witnesses become unavailable or forget key details. I do not know why Childs waived his right to a speedy trial.

Re:Heavy sentence?

[Bigjeff5]

Ah, well, I didn't know he waved it, that hadn't come up in anything I had read about the case.

So what you're really saying is that there was absolutely nothing of value in the article, at all.

Re:Heavy sentence?

[Anonymous+Cowpat]

Might be interesting if Mr-CCIE-Man finds himself blackballed now that his name has been publicised in relation to this case. There seem to be as many people against this verdict as for it. No doubt there will be plenty of nerdy types out there who will want nothing to do with the man.

It's an interesting peril that jury service brings with it, especially if you then go about publicising your role on the jury.

Re:Heavy sentence?

[jeff4747]

So what you're really saying is that there was absolutely nothing of value in the article, at all.

Yep! Just like all the other articles that try to defend Childs.

Why the sympathy??

[bhartman34]

Lots of people have to work under supervisors who are total idiots. That doesn't give anyone the right to sabotage their supervisor or their company. What he did was basically blackmail: "Let me talk ot the mayor or I'll keep you locked out of your network." You can't let the guy off easy just because he happened to be harmless. Next time, you might not be so lucky.

Re:Why the sympathy??

[fiannaFailMan]

Lots of people have to work under supervisors who are total idiots. That doesn't give anyone the right to sabotage their supervisor or their company. What he did was basically blackmail: "Let me talk ot the mayor or I'll keep you locked out of your network." You can't let the guy off easy just because he happened to be harmless. Next time, you might not be so lucky.

True, but at the same time there's no need to throw him jail now, is there?

Re:Why the sympathy??

[jewishbaconzombies]

I said the same thing - got modded flamebait.

Fuck Slashdot.

Re:Why the sympathy??

[Sycraft-fu]

Because we have more than a couple of Terry Childs like people on Slashdot. You may notice that there are a fair number of posters here who are quite anti-social, and anti-authority. You also many notice that they think their technical skill makes them much smarter than everyone else. This tends to lead to a mentality of "My boss is an idiot and I should be the only one who makes any decisions on the computers." Maybe they've even forced that in their work. So they are sympathetic because it is the kind of thing they either want to do or have done, and they are worried that they might get in trouble.

Basically they are like him, and thus that makes them feel that his actions were correct.

Re:Why the sympathy??

[evilviper]

What he did was basically blackmail: "Let me talk ot the mayor or I'll keep you locked out of your network."

Riiiight.... and when I go home for the day, I'm, implicitly blackmailing my boss... "Either pay me time-and-a-half or I won't fix your network!"

If anybody other than my Manager, or the CEO of the company requested I reveal my passwords, I'm going to tell them to get lost as well. I'm not blackmailing them because I feel like talking to the CEO...

You can't let the guy off easy just because he happened to be harmless. Next time, you might not be so lucky.

He didn't just happen to prove harmless. It's pretty clear his superiors were in fact just as incompetent as he mad them out to be, and caused downtime just as soon as they did finally get the password. And if he did hand over his password to just anybody, and the same down-time happened? I bet he'd be facing charges for violating the restrictions in his contract anyhow.

Re:Why the sympathy??

[bhartman34]

It wasn't a simple personal disagreement. He basically held the computer system hostage. It's a lot more serious than just posting funny pictures of your boss. I do agree with those who say that the city bears some responsibility for this. I don't think he should've ever been in the position to hold the city hostage. In that respect, it was a systemic problem. But you can't give the guy a pass just because he exploited a problem that shouldn't have been there in the first place.

Re:Why the sympathy??

[bhartman34]

What he did was basically blackmail: "Let me talk ot the mayor or I'll keep you locked out of your network."

Riiiight.... and when I go home for the day, I'm, implicitly blackmailing my boss... "Either pay me time-and-a-half or I won't fix your network!"

If anybody other than my Manager, or the CEO of the company requested I reveal my passwords, I'm going to tell them to get lost as well. I'm not blackmailing them because I feel like talking to the CEO...

If you have a prior agreement that you get paid time and a half for overtime, then you're within your rights to expect it. There are plenty of jobs that don't get overtime, and if you were in that situation, it would be blackmail.

The people over him were the ones asking for the passwords. He would only give the passwords to the mayor, who has as much to do with his job as the mayor has to do with the garbage men.

You can't let the guy off easy just because he happened to be harmless. Next time, you might not be so lucky.

He didn't just happen to prove harmless. It's pretty clear his superiors were in fact just as incompetent as he mad them out to be, and caused downtime just as soon as they did finally get the password. And if he did hand over his password to just anybody, and the same down-time happened? I bet he'd be facing charges for violating the restrictions in his contract anyhow.

As long as he handed over the passwords to someone who was authorized to have them, there'd be no issue. The issue here was that he wouldn't give the passwords to someone who was authorized to have them.

Re:Why the sympathy??

[bhartman34]

What other "bad guys" (legally) are there in this scenario? It's not illegal to be merely incompetent. That's the whole problem. I can understand his reluctance to give passwords to people he thought ware incompetent, but anyone over the age of 16 has had the experience of working under someone they thought was an idiot. You don't get the option of not obeying your supervisors.

Re:Why the sympathy??

[jeff4747]

If anybody other than my Manager, or the CEO of the company requested I reveal my passwords, I'm going to tell them to get lost as well.

In the Childs case, he did withhold them from his Manager, and the Mayor (CEO) at first.

It's pretty clear his superiors were in fact just as incompetent as he mad them out to be, and caused downtime just as soon as they did finally get the password.

Doesn't matter. It wasn't his network. Just like the network you manage is not your network. If your boss decides it's time for his incompetent son to manage the network, you say "Sure. I'll need you to send me the request in an email, and then I'll give him the passwords". Your CYA file is complete, and then you charge an enormous consulting fee to fix what the son breaks.

What you don't do, and what Childs did, is say "No, you are all incompetent! I am the only one who can properly administer this network!"

Re:Why the sympathy??

[91degrees]

Well, I have sympathy because while I believe what he did was wrong, a lot of it was due to a really badly managed department and a genuine belief that the people asking for passwords would cause harm to the network.

He was wrong. This was not his call to make and his response was highly inappropriate but I can't see it as being 4 years worth of wrong.

Re:Why the sympathy??

[bhartman34]

I can understand how someone would think the penalty was too harsh for what he did, but I still think it was appropriate, because he could've brought the network to its knees. You don't want to put yourself in the situation where the next time someone does something like that, you have to prove malicious intent.

Re:Why the sympathy??

[houghi]

I have people say that they knew more about the subject then I did. It was true as well. However even though I did not have their skills, they apparently also did not have mine. Otherwise they would be doing my job.

I have often seen people who became team leader or something of the like, because they were the best in their field. Most of them unfortunately did not have the needed skills to become a team leader and left the company after a shorter or longer period.
That does not mean you should not acknowledge that knowledge. That could even mean they earn the same amount or more then their N+1.

Re:Why the sympathy??

[dbIII]

Since you don't get it at all and appear to be applying both personal baggage and an "us and them" mentality, let's try a medical example.
Say if after a meeting with a hospital administrator with a business degree the chief of surgery says "My boss is an idiot and I should be the only one who makes any decisions on the operation on this patient".
It's just the difference between someone that has a clue on a subject and somebody that doesn't because they do different things. Back when I was an engineer I've had to over-rule management on safety issues and then explain why later (and no I was not fired for it and it's not an invitation for verbal abuse). Just about anyone in a technical position has to inform non-technical supervisors that they have been given an instruction that should not be carried out.

Re:Why the sympathy??

[dbIII]

The penalty is too harsh because remember he DID NOT bring "the network to its knees". Once we start going after what people could do things get ridiculous - I could get in my car, drive into a crowd and deliberately murder a lot of people that way but shouldn't so jail for that imaginary crime just because I have car keys in my pocket.
The entire situation is just ridiculous office politics that turned into bullying by the state. Four years for breaking a few workplace rules is extremely nasty.

Re:Why the sympathy??

[bhartman34]

The entire situation is just ridiculous office politics that turned into bullying by the state. Four years for breaking a few workplace rules is extremely nasty.

This isn't just a matter of workplace rules. The guy didn't break the dress code. He held the network hostage until he got what he wanted.

To use your car analogy, drunk driving is punished severely precisely because of what can happen when a person drinks and drives. Sure, if you actually hit (or god forbid, kill) someone, the penalty is worse, but it's no defense to say, "Well, yeah, I drank and drove, but I didn't hurt anyone, so all's well that ends well."

Re:Why the sympathy??

[moronoxyd]

If anybody other than my Manager, or the CEO of the company requested I reveal my passwords, I'm going to tell them to get lost as well. I'm not blackmailing them because I feel like talking to the CEO...

Childs wasn't asked for his passwords, but for the administrator passwords for a network that he didn't own.
His bosses had all the right to ask for these passwords.

Sure, they could have somebody send in to get into the system and set new passwords. But that would have lead to outages and additional costs.

If Childs would have followed procedure and saved the passwords in a password safe as he was supposed to, or if he set up the network in a way so that he wasn't the only one with passwords (failsafe? redundancy?) as was his job, he wouldn't have been in this situation.

Re:Why the sympathy??

[bhartman34]

You are getting it wrong. There is no such a law, that says explicitly that you MUST OBEY your supervisor.

The illegal part wasn't disobeying his supervisor. It was in not handing over the passwords. The fact that not doing so was disobeying his supervisor was incidental.

Again, anyone over the age of 16 knows that they're going to have to work, at some point, for people they consider to be incompetent. In this case, his disobedience led him to break the law by withholding passwords from people who were entitled to them. If the only issue he had was that there were other people in the room, there are about a hundred different ways he could've conveyed the passwords. There's no way an admin would be so stupid as to not have figured that out. He could've written them down on a piece of paper and handed them to his supervisor, if it came to that.

All he was doing was being a smartass. He thought he held all the cards, and that there was nothing his supervisor could do about it. He gambled and lost.

Let me remind you that regarding the law, you are allowed to break the law, if it is impossible for you to follow it, or if your intentions are just. Just as he did.

It's not permissible to break the law just because your intentions are just. We don't let individuals decide which laws they're going to obey. If you disobey the law, you get punished for it, unless there is a specific defense for your actions under the law (e.g., murder is illegal, but murder in self-defense isn't).

In the present case, he has no legitimate defense. Even if his supervisor had asked him for the passwords in front of 1,000,000 witnesses, that's not an excuse to refuse to give him the passwords at all. He was just on a power trip, and enjoyed seeing the people over him squirm.

One of the first lessons you learn in the corporate world is that no one is indispensable in his or her job. He was trying to get around that by withholding the passwords. He failed. His four years in jail will give him ample time to congratulate himself on what a big man he was.

Re:More than one person to blame -- that's unameri

[Yaa+101]

The problem lies in that most US people seem to equal justice with revenge.

Re:Run

[Shakrai]

(2) Having been convicted, I would have run away. There are a lot of decent IT jobs in the Northeast..... almost 3000 miles away from the SF Government's reach. No different than running from Spain to Poland to start a new life.

Minor problem with your idea:

A Person charged in any State with Treason, Felony, or other Crime, who shall flee from Justice, and be found in another State, shall on demand of the executive Authority of the State from which he fled, be delivered up, to be removed to the State having Jurisdiction of the Crime.

Run Away!

[jasenj1]

FTA: "When faced with dangerously incompetent management, it's best to just look for another job."

I found this a very telling statement. If your management are bozos, don't try to change them or point out their bozo-ness. Just pack up and move on. They hold all the cards. You will be punished for trying to fix anything that makes them look bad.

How very sad and defeatist.

- Jasen.

Re:Run Away!

[Mongoose+Disciple]

I found this a very telling statement. If your management are bozos, don't try to change them or point out their bozo-ness. Just pack up and move on. They hold all the cards. You will be punished for trying to fix anything that makes them look bad.

The question I'd put to you in response is: have you ever had a job where your managers were not only bozos, but the kind of bozos who would attempt to blame you when things inevitably went wrong?

I have, and you know? I can play that office-political game well enough. I know when my good advice won't be heeded, and I know to make sure I have my clear, polite, lucid warnings in writing along with management overriding them in writing such that I can clearly, unambiguously prove to my boss's boss what really happened when the decision goes south.

The thing is this, though: if you don't enjoy office politics (and I've yet to meet a truly technical person who did), having to work that way is draining. Instead of giving full focus to the technical challenges of your day, you're splitting half your attention to making sure your ass is covered. Even when I won (and I usually won), I still really lost because I hated my job. When something goes wrong, I don't want to be placing or deflecting blame, I want to be solving the damn problem.

Some companies work that way, and some don't. The only way to win some games is not to play, or in this case, to look for a new job.

Re:Run Away!

[BobMcD]

FTA: "When faced with dangerously incompetent management, it's best to just look for another job."

I found this a very telling statement. If your management are bozos, don't try to change them or point out their bozo-ness. Just pack up and move on. They hold all the cards. You will be punished for trying to fix anything that makes them look bad.

How very sad and defeatist.

- Jasen.

Very sad, very defeatist, and usually, very, very true.

Making the point, winning the battle, etc, will all cause you to lose the war. People in positions of power tend to enjoy appearing as though they deserve to be there. Demonstrate the opposite and watch your life become more difficult.

Back to Childs, well, unfortunately he chose the high road. Civil disobedience carries a punitive cost, and it seems he'll be paying a while longer. The rest of us elect instead self-preservation, whether that be to feed our kids or to simply make our lives more comfortable.

Time will tell which choice was 'best'. Meanwhile, God's speed to you, Mr Childs, and I hope your sentence flies by...

Re:Run Away!

[bhartman34]

I agree with you. It's a bad scene. Sometimes you can have a teachable moment where you can try to explain to your supervisors what you do and why, but in the case of dangerously incompetent people, it's usually best to just move on. You don't have the power to fix anything, and even if you do, you won't get the credit for it. Such organizations usually just crash and burn, and you don't want to be stuck in the wreckage.

Re:Run Away!

[nomadic]

I have, and you know? I can play that office-political game well enough. I know when my good advice won't be heeded, and I know to make sure I have my clear, polite, lucid warnings in writing along with management overriding them in writing such that I can clearly, unambiguously prove to my boss's boss what really happened when the decision goes south.

I think you hit on something very important that many slashdotters don't get. Most of you are grownup professionals now, and you have to start looking out for yourself. Do get stupid things in writing, and hold onto important CYA emails. You might not like doing it, but it's important.

Re:Run Away!

[hibiki_r]

I've seen many people fight and lose in that situation. It was never pretty, and it didn't work.

However, after the 5-10-15th person leaves a department and tell HR that disagreements with management was their reason to leave, Someone might do something about it. I just saw it happen a few months ago. People were even refusing headhunter calls alleging that their network claimed that the work environment was unacceptable.

If the next level of management fails to realize the problem after most positions becomes revolving doors, they'll go under anyway.

Re:Not Surprising

[dirk]

This is a "productive. talented person"? Whether or not the city was run poorly (it is a city government, so it probably was) the fact is that he was holding the router and password configs hostage. Forget him getting fired and everything that happened, what would have happened if he got hit by a bus? He can claim that the other people were idiots, but idiots with access is better than a single person with access who dies, because then no one has access. I can even sympathize with holding the passwords, but what the hell would the purpose of not committing the router configs to memory be? So every time there is a power outage or a router needs to be rebooted they need to call him? That isn;t a good admin, no matter how stupid he thinks everyone else is.

Re:More than one person to blame -- that's unameri

[eleuthero]

...that Americans are often obsessed by finding a single cause for a problem and the idea that there might be multiple causes is rarely explored.

I would suggest it isn't so much an "American" trait as it is a convenient news tactic in America. People naturally want answers to questions. The neater and tighter the answer, the more readily it is accepted by the masses, which, of course, means that the news makes more money because they are more trusted. Simplicity is a hallmark of human (not just American) thinking - this takes different forms in different cultures. The main Western logical process is distinct from Eastern varieties but simplicity within the given culture is the tendency. Looking at modern history books covering the Renaissance and comparing them with 19th century history books of the same, we have a much broader viewpoint than those writing in the 1800s had. This is in part due to different access to resources, but in part due to the development of thought over time away from the natural reaction: Simplicity.

Now, with all that said, this is only... one facet of the change in thought patterns over the past century.

Re:Not Surprising

[Sycraft-fu]

Worse it is the mark of a megalomaniac. He was convinced he has made himself indispensable, that by keeping knowledge to himself, and endangering the systems in doing so, made his job totally secure. He though he ruled the roost and nobody could fire him. He found out the very hard way he was wrong. As the saying goes "The graveyards are filled with indispensable men."

The most important think in an IT person is that they are trustworthy. They have amazing access, and this that comes amazing responsibility. They need to be trustworthy to not abuse that access. He did, badly so. As such he really should never work in IT again. He's shown that he can't set aside his ego and such a person has no business having system level passwords.

Re:More than one person to blame -- that's unameri

[Abstrackt]

Most Americans I've met are actually very rational people who are willing to consider others' viewpoints. It's not until you get into the court and political systems that things start to fall apart.

Re:More than one person to blame -- that's unameri

[Mongoose+Disciple]

I'm not against a nuanced view of a problem, but I don't think this article actually is that.

It's more like the equivalent of grounding your kid for two weeks for shoplifting and having to hear about how all his friends got punished less for stealing bigger things. It's more a misdirection than a thoughtful examination of the issue at hand.

That's not to say that I'm advocating for what happens to Childs as fair/appropriate, incidentally -- only that I think this article makes a very weak argument against it.

Yet another "There oughta be a law" rant

[idontgno]

Well, guess what. No matter how much you may think it, generalized poor management is not actually a criminal offense. Whereas, denial of service is.

Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"

Was the ordinance used to convict him fair and reasonably applied? The only opinion that matters is the jury's, and they thought it so.

IMHO, Childs may have started out with the best of intentions in his "stand", but it escalated into a pissing match. And you really can't out-piss senior municipal managers and politicians, so you can indict Childs for picking a losing fight.

Re:Yet another "There oughta be a law" rant

[Conspiracy_Of_Doves]

Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"

No. That isn't justice. Justice IS about fairness. Justice comes first, and laws are supposed to support justice.

If all you have is a set of laws and the stated punishment for breaking them, all you have is the worst kind of bureaucracy. Assuming that laws are always right is one of the worst things you can do.

Typically, laws are not based of facts or rational arguments. They are based on which direction the politics of the day is blowing.

Laws are written by lawyers and lobbyists for benefit the few and powerful, enacted by legislators who do not read them before voting, and enforced by prosecutors who only care about their conviction ratio.

Every good nerd knows that justice can never be as simple as a rulebook.

Re:Yet another "There oughta be a law" rant

[Tablizer]

generalized poor management is not actually a criminal offense.

I damned sure would like to try such laws, though.
     

Re:Yet another "There oughta be a law" rant

[Moridin42]

Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"

I see the problem here. First you think the law is about justice. Second, you think justice is about the law.

The law is about politics and legality. Justice is about ethics and fairness. It is quite rare for the two to meet.

Re:Yet another "There oughta be a law" rant

[idontgno]

Every good nerd knows that justice can never be as simple as a rulebook.

Ah, the "no true Scotsman" argument.

Justice has to start out with a rulebook. That's what the phrases "justice before the law" and "a nation of laws" are about.

If you want justice systems based on the alternative, here you go

Now, which instrument of justice is your personal favorite? The noose, the torch, or the bullet-hole-ridden brick wall?

Re:Yet another "There oughta be a law" rant

[bhartman34]

No. That isn't justice. Justice IS about fairness. Justice comes first, and laws are supposed to support justice.
If all you have is a set of laws and the stated punishment for breaking them, all you have is the worst kind of bureaucracy. Assuming that laws are always right is one of the worst things you can do.

That's not actually how things work, though. It's not just assumed that laws are always right. If laws are wrong, there's a system for replacing those laws. Nothing in this outcome (that I've heard so far, anyway) persuades me that the law should be changed here.

The author seems to think that, because murderers sometimes serve less time for their crimes, this defendant should get a lesser sentence. That's ass-backwards, though. A murderer getting two years in murder is insane. The last thing we should be doing, as a nation, is adjusting all of our sentences based on idiotic sentencing decisions.

Re:Yet another "There oughta be a law" rant

[Wowlapalooza]

Well, guess what. No matter how much you may think it, generalized poor management is not actually a criminal offense. Whereas, denial of service is.

Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"

Was the ordinance used to convict him fair and reasonably applied?

I don't think it was reasonably applied. The obvious intent of the statute was to criminalize actions by person A, interfering with a network or system of organization B, which ultimately delivers (or doesn't deliver, if it's interfered with) services and/or content to user community C. But in this case, person A was part of organization B. He was on the inside, not the outside, had no malice towards user community C, and simply had a disagreement with other members of the organization about how best to deliver services. AFAIK, no evidence was ever presented that the end-users were affected by any of this (except later, as a side-effect of the City's incompetent attempts to "fix" the "damage").

What I think sticks in the craws of most of us IT professionals, especially those in the network area, is the absence of evidence that Terry himself denied "service" to anyone for whom the FiberWAN was ultimately supposed to benefit. The only "service" that was denied was to those who disagreed with Terry's methods and ended up being his accusers. This smacks more of a petty reprisal against Terry than the legitimate complaint of someone who has been hacked. These are not innocent victims here -- they clearly had an axe to grind with Terry, and had the power of the whole city bureaucracy behind them to mete out punishment.

Normal workplace disagreements are not prosecutable as "hacking". Fire someone if you consider them to be secretive, distrustful, or that they don't work well with others. Sue them for monetary damages if you think they increased your operating costs by putting up unnecessary and/or unjustified obstacles to an orderly handoff of responsibility. But don't throw them into jail over it. Crimes are reserved for harm that people commit against the whole society, not just wrongs committed between individuals or by an individual against a particular department of a particular organization. Those don't warrant the stigma and loss of liberties than a criminal sentence entails.

Re:Yet another "There oughta be a law" rant

[Bigjeff5]

A murderer getting two years in murder is insane.

The case in the article was actually one year, but the guy was never convicted of murder. It was plea bargained down to manslaughter, and with only a one year sentence it is evident that the evidence against the guy was shaky, at best. You don't give a guy you think is a murderer a 1 year manslaughter deal if you have a slam-dunk case. No chance in hell.

If Childs' case had been a weak one, no doubt the prosecution would have let him bargain it down to time served, and likely would have done the bargaining at some point earlier in the process.

Unfortunately for Childs, it was a pretty slam-dunk case, and that's when you tend to get the bigger sentences.

Re:Yet another "There oughta be a law" rant

[deblau]

Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"

You seem to have confused justice with the rule of law. Justice is all about fairness and morality. Laws provide an imperfect, mechanistic approach to obtaining justice. There are plenty of unjust laws, and have been throughout history.

Re:Yet another "There oughta be a law" rant

[MartinSchou]

Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"

What an interesting idea.

So, if country kills women for having sex outside of marriage, but doesn't punish the male because of the lack of witnesses (and women do not count) - that is justice, simply because it is codified in their law?

Suppose another country has made it an offence punishable by death to sing a song, but you only get a stern warning if you violently assault someone? Is that also justice?

Re:Run

[commodore64_love]

That's true, but it's for the voters to decide if the boss is being an idiot (and fire him), not the cogs in the machine (i.e. the bureaucrats and admins). Their job is to obey and hand-over the keys to the leadership.

How well do you think it would go-over if my FAA boss said, "I need a copy of your audits so I can submit a report to Congress," and I said, "No." That's simply not my job to act in such a manner. My job is to obey the chain of command. Or quit. Those are my options.

Re:Not Surprising

[Haffner]

Agreed. But does he deserve four years in prison? In most other professions, this would lead to a civil lawsuit and a fine, not a prison term on par with that of a violent offender.

Re:Run

[Bill_the_Engineer]

It's not his boss's property. It's public property. His boss doesn't get to be an idiot with public property.

Well... San Francisco gave his boss the authority to ask and receive those passwords. What the boss does with those passwords are between his boss and San Francisco.

Custodial sentences for non violent crimes

[fiannaFailMan]

The Economist ripped the US a new one last week for locking up too many people, many of them non violent offences. It wasn't so long ago that people were hanged for stealing a loaf of bread, but we backed off from excess punishment (probably a little too far in some cases). But the United States the trend seems to be regressing thanks to grandstanding politicians and bloodthirsty voters who won't countenance even the slightest hint of being "soft on crime". With the way things are going, I truly think that the US will soon bring back public executions before long and will be indistinguishable from countries like Iran in how they deal with crime.

Re:Custodial sentences for non violent crimes

[stanlyb]

There are about 2.5 million prisoners. With this new blood-thirsty voters, i wonder what will happen when they become 25 millions? My guess is civil war, lol.

Re:Custodial sentences for non violent crimes

[PCM2]

But the United States the trend seems to be regressing thanks to grandstanding politicians and bloodthirsty voters who won't countenance even the slightest hint of being "soft on crime".

That's not even the end of the story. Don't forget that a growing number of prisons in the United States are being privatized. There have already been cases of judges who have been convicted for imposing harsh sentences without appropriate judicial review, because they were accepting kick-backs from the prison industrial complex.

Re:Custodial sentences for non violent crimes

[MarkvW]

Once, as a young prosecutor, I asked what the big deal was about child rape. I was so naive and ignorant. That naivete was extinguished (to my embarrassment) when I was told of infant rape victims.

We are all naive and ignorant about important things. You are no exception. So please don't take it too bad when I say the following:

You idiot! Don't you know that a HUGE proportion of the homeless are MENTALLY ILL? Their CHOICE is often between living on the street (cheaply) or living in an institution (at great cost)?

P.s. Ayn Rand was a hypocritical ASS!
 

Re:Custodial sentences for non violent crimes

Nah. We'll just have cities turned into massive prisons, and everyone who gets lucky enough to not get caught trying to live their lives will be stuck paying for them... At that point, I think I'd rather just have public executions anyway, though...

Re:Custodial sentences for non violent crimes

[fiannaFailMan]

Hanging people in America who steal a loaf of bread would cut down on a lot of problems.

Thanks for giving me an example. That's exactly the kind of idiocy I was talking about.

Re:Custodial sentences for non violent crimes

[BitZtream]

Don't forget that a growing number of prisons in the United States are being privatized.

Citation needed

Re:Custodial sentences for non violent crimes

[PCM2]

I'm going to assume you're not an American, because an American who needs a citation for this fact is woefully ignorant of what's going on in this country. According to the National Institute of Justice, a division of the U.S. Department of Justice:

Seven percent of the 1.5 million prisoners in the United States are held in privately operated prisons, according to the most recent survey of prisons published by the Bureau of Justice Statistics.[1] At midyear 2006, there were 84,867 State inmates and 27,108 Federal inmates in privately operated prisons—a 10-percent increase over the previous year.

The largest operator of private prisons is the Corrections Corporation of America. By its own assertion as of 2010:

The company is the fourth-largest corrections system in the nation, behind only the federal government and three states. CCA houses approximately 75,000 offenders and detainees in more than 60 facilities, 44 of which are company-owned, with a total bed capacity of more than 80,000.

The International Foundation for Protection Officers says:

...in spite of the many concerns associated with Prison Privatization, the trend toward increased privatization is likely to continue. In fact, recent initiatives like the Bush Administration's FAIR Act seek to ensure such an outcome by setting mandatory privatization quotas including the privatization of 7,200 federal corrections jobs.

If that's not good enough for you, pick up a newspaper once in a while.

Re:Custodial sentences for non violent crimes

[mjwx]

That's not even the end of the story. Don't forget that a growing number of prisons in the United States are being privatized. There have already been cases of judges who have been convicted for imposing harsh sentences without appropriate judicial review, because they were accepting kick-backs from the prison industrial complex.

My country started out as a penal colony which became free, your country started out in the name of freedom and is slowly becoming a penal colony. Oh the irony.

BTW, for the record. The majority of people "transported" were petty criminals and political subversives, from a time where just displaying an Irish flag could get you sent to a lovely new colony (thus Irish names are quite common for us). All the hardened criminals were kept in England because at the end of one's sentence, one was given a parcel of land and permitted to work it, not exactly something you do with a serial murderer.

Re:Custodial sentences for non violent crimes

[PCM2]

And for anyone who needs it, here's a citation about the crooked judges.

Re:Custodial sentences for non violent crimes

[neminem]

It's true, though... hanging everyone who steals a loaf of bread *would* cut down on a lot of problems. But long as we're doing that, why not go further: let's hang everyone who doesn't have a job. Let's hang everyone who isn't making enough to support their family. Heck, the world is getting overpopulated, let's just do like the Romans and decimate the population (kill a tenth, chosen at random).
Would solve a lot of problems (for those still alive), wouldn't it? (Granted, it would introduce new ones, but I'm sure we could work around them.)

Re:Run

[joeytmann]

Its City property. And yes, its their equipment to be an idiot with. While Childs was following the policy to the letter, he should have realized his boss was a power hungry idiot that wasn't about to let his minion make him look like an idiot, and just handed over the passwords, packed up his shit and said "See ya!"

Re:Run

[commodore64_love]

I'm betting Governor Schwarzenegger wouldn't care enough to issue that extradition order. In fact he might even side with Childs (hypothetically hiding in the northeast) and slap-down the SF Mayor for being a dick.

There's also the possibility that the Northeast State would protect the citizen from extradition. That is what happened during the slavery days when states refused to return escaped blacks and instead gave them asylum (i.e. they used nullification of the US Fugitive Slave Act).

Re:Not Surprising

[MightyMartian]

Whether he does or doesn't will be up to his lawyer to convince on appeal. The broader point here is that a whole lot IT guys seem to blindly be supporting him because he followed the letter of his contract to insane degrees. They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle.

If this was such a big concern for Childs, why didn't he have these key passwords and router configs in the Mayor's office. Surely the Mayor has a safe or some other secured storage whereby this critical data could be securely stored in the event that the Mayor had to appoint someone else responsible. Where I work we have a safety deposit box where the originals of all the purchased software is stored, as well as a CD and hardcopy of all the passwords are stored. While it would probably be a bit difficult to keep going without me around, the guy that comes in after me would have a reasonably decent head start.

However harsh the sentence may have been, the fact is that Childs was a shitty IT manager. Being an IT manager is about a helluva lot more than being a clever router hacker, it's about documentation, about appropriate systems, and just as importantly about assuring, for whatever reason, that a smooth transition of IT management from one person or another can be accomplished. Childs didn't set up that damned network to benefit his employer, he set it up so that he was the cornerstone, and while the city has to take a lot of blame for not keeping a better eye on him, he violated some very basic tenets of sound IT operations and management. AS I've said before, I wouldn't hire the guy to manage a popsicle stand, I don't give a crap how brilliant he is.

Re:Run

[Shakrai]

I'm betting the Governors involved would treat him as any other convicted criminal and Childs would add a few more years onto his sentence for escape/flight.....

Re:Run

[Itninja]

He was officially given total responsibility and authority, so it really doesn't matter who's property it was on paper. His boss was the de facto owner. The office bathrooms are the public's property too, but that but that doesn't mean the city offices have to allow any passerby to come the building and use it. For that matter, the offices themselves are public property, but try strolling into the Mayors office unannounced....

Re:More than one person to blame -- that's unameri

[SoupGuru]

QED

Re:Not Surprising

[Intron]

Did a good job? The guy was keeping passwords and router configs in his head. He may be the best IOS programmer around, but that isn't the mark of a good job, that's the mark of an incredible idiot.

You're right. He should have written the passwords on a sticky note on the side of his monitor, as all of the best books on security recommend.

Re:More than one person to blame -- that's unameri

[BcNexus]

The problem lies in that most US people seem to equal justice with revenge.

Oh great. Another example of us not understanding equals!

Re:Not Surprising

[Haffner]

Try translating your argument into a different context. What if he wasn't employed by the government - should the punishment carry the same weight? What if he worked in a different field? It seems to me that if either of those conditions were different, he would have just been fired. After all, if a major company gives one person the password to their corporate bank account, and they won't tell it, did they really just steal hundreds of millions of dollars?

Re:Run

[Wowlapalooza]

(1) Childs was wrong. You don't withhold passwords from your employer. It's his property, and he's allowed to be an idiot with his own property.

Please cite a legal authority for your assertion that passwords are "property". Since they are intangible, I can only think that Intellectual Property laws would have bearing on that assertion. But, since the passwords were neither patented nor trademarked nor copyrighted (copywritten?), I don't see how your assertion can hold up.

In any case, even if you could make a "property" argument, that's not the basis of his conviction. He wasn't convicted for stealing the city's "property". He was convicted under an "anti-hacking" statute. Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-users, only that his inaction (i.e. his initial refusal to disclose passwords after his employment was terminated) temporarily inconvenienced administrators, until they could complete their password-recovery procedures. That's clearly not the scenario that the statute was meant to cover, and this turned out to be an incredibly novel precedent for applying "anti-hacking" rules to a run-of-the-mill employer/employee confrontation.

I don't think it's an exaggeration to say that this precedent endangers all of us in the IT field -- taken to its extreme, it means employers can lay claim to anything that ex-employees know, if it helps them run their systems or their networks better. Passwords, code optimizations, little quirks in configurations of various systems/subsystems, the list goes on. All of these are now potentially fair game for employers to force ex-employees to divulge, if they can make a plausible claim that -- however indirectly -- they are necessary to deliver services to their end-users. If the ex-employee refuses to comply, they're in violation of an "anti-hacking" statute. Silence = hacking. Wonderful.

What is even more amazing is there was a (supposedly) tech-savvy member of the jury, who should have been able to explain what a crock this was, but was swayed by the tech-illiterate arguments of the prosecution and thus could not, or would not, prevent this travesty of justice. He's even posted here on /. trying to rationalize his actions, and his vote.

I suspect, however, that some peer pressure was involved here, as often happens on juries (I know this firsthand from one of the juries on which I've served).

Re:More than one person to blame -- that's unameri

I think idiots worldwide seem to equal justice with revenge. It's just that in the USA it is hard to avoid these people. They flaunt themselves in public and on TV. There is no stigma to being an idiot in the USA, outside of academic circles. It's encouraged.

Re:Not Surprising

[egamma]

What if he worked in a different field?

He works in IT. Specifically, as a sysadmin like myself. That is extremely relevant to the case, and the fact of the matter is, as sysadmin, the very first rule is to never be the only one with access. Maybe put the password in a sealed envelope in the CEO (or Mayor's) safe, but make sure that several people know about the envelope.

Re:Run

[Wowlapalooza]

Sorry to followup on my own post, but I neglected to mention the Free Speech aspect of this case. Free Speech means, in part, that (unless life or limb are in imminent danger, perhaps) one cannot be compelled to speak. But that's exactly what happened here. He was forced, by an "anti-hacking" statute, to utter something upon which he obviously preferred to stay silent.

Along Constitutional lines of thought, as a "what if" experiment, I wonder what would have happened if Terry had invoked his Fifth Amendment Right Against Self-incrimination. After all, there might have been something criminal in the passwords themselves (a terrorist plot, a threat against a head of state, an encoded fragment of a prohibited image). Could a mere California statute override the hallowed and vaunted federalRight Against Self-Incrimination? I guess we'll never know...

Re:Not Surprising

[MightyMartian]

I wasn't attempting to measure the justice, or lack of justice, in the sentencing. You do bad enough to go to the courts, well, be ready for whatever comes down. There's nothing in most legal traditions that require every sentence for a crime be identical. It will be up to Childs' lawyer to try get the sentence overturned, reduced, new trial, whatever.

What I'm commenting on is the way in which a lot of guys around here just endlessly defend Childs, at best only giving a brief nod towards the fact that he had inadequately secured key data for a rather large organization's IT infrastructure. Part of the fault must surely be that there wasn't enough oversight, that he had been given too much power with too few strings, but even so, in his position, even taking his extreme view of the chain of command, a sensible IT administrator would have taken steps to assure the integrity of the infrastructure.

Imagine if Childs had been killed in a car accident days before city officials made their demands? Would you be defending him? Would any of the IT guys who post here be defending him? He's the classic model of a prima dona, a self-important delusional nutcase who whether out of some megamaniacal urge, or out of simple self-interest, made sure that he was indispensable. If I take the latter view, then yes, he deserves some judicial censure, whether jail time, or whatever. If the former, then what he needs is psychological help. Whatever the case, he's a shitty IT guy, pure and simple. I don't know him personally, but I know his type, the too-clever-by-half hacker types. These guys are dangerous to put in charge of any critical infrastructure.

What if you worked at a nuke plan and your boss wa

[Joe+The+Dragon]

What if you worked at a nuke plan and your boss wanted the codes over the speakerphone and you did not know if people on the other end where able to run the system and you know that your boss was not able to run the systems.

Re:Run

[Intron]

I agree with your points about IP and what this decision means for future IT folk. I wouldn't blame the jury for the result, though.. Most of the problems that I had on a jury were that all of the interesting stuff happened before the trial. That's when the discovery took place and various motions occurred on what would be allowed and what wouldn't. By the time the trial happened, we were only allowed to see a small part of the testimony with some huge holes in it. We had to decide the outcome based on what they showed us, not on the complete facts of the case. If we could have asked our own questions, it would have been a lot different deliberations.

Manager's responsibility

[mangu]

that's the mark of an incredible idiot.

Who hired that idiot? I keep seeing people here state that Childs is a total egomaniac and deserves punishment for that. But who is responsible for Childs? His managers, of course.

Managers exist to manage people. Childs had the obligation to know how to manage routers, his managers had the obligation to know how to manage Childs.

Childs was one part in a big system, if he wasn't performing correctly someone else should have noticed this and replaced him, just like Childs should replace a router that wasn't performing correctly in the network he managed.

Re:Manager's responsibility

[MightyMartian]

Oh, I'm not saying SF isn't to blame to one degree or another, though they are hardly the first organization to have an IT department that might as well be Merlin's Cave. IT is, by its nature, technically complex, in large organizations involving knowledge of a considerable number of systems, protocols and so forth, and often involving some pretty peculiar chains of software, hardware and custom code to marry disparate systems together. Your average manager, or even higher level official (like a mayor or CEO) isn't going to be able to oversee the conduct of such departments as much as he or she would like. Still, that's no different than, say, the engineering department, and there are ways to mitigate that critical lack of knowledge. The City most certainly should have had been involved from the get-go in assuring IT infrastructure was protected from the extreme risks of basically being in the hands of one person.

They did try to rectify it in the end, and I'll concede the way they approached Childs was a little odd. But, as I've said repeatedly, if Childs had actually been doing what he was supposed to, it would have been moot. If, tomorrow, my employer decides I need to go or be moved to another position, he has in secured storage a copy of all the root and administrative passwords for every device on our network from the lowly WiFi access point right up to the AD Domain Controllers. In fact, it was my suggestion that we get a safety deposit box, because it is that element of trust, that I am working for the organization, that ethically binds me to assure that, for whatever reason, if I am unable, unwilling or deprived of work, that my employer can assure reasonable continuity.

Re:Manager's responsibility

[__aasqbs9791]

Playing Devil's advocate here, but isn't that what they did? If that's what you're trying to point out, then let me be the first to *Whoosh* me.

Mod parent up!

[Mongoose+Disciple]

The linked thread is really interesting -- I'd missed it the first time around and it adds a lot to this discussion.

Article 4 Section II Clause 2

[westlake]

2) Having been convicted, I would have run away. There are a lot of decent IT jobs in the Northeast..... almost 3000 miles away from the SF Government's reach. No different than running from Spain to Poland to start a new life.

US Constitution, Article 4, Section II, Clause 2:

"A Person charged in any State with Treason, Felony, or other Crime, who shall flee from Justice, and be found in another State, shall on demand of the executive Authority of the State from which he fled, be delivered up, to be removed to the State having Jurisdiction of the Crime."

You achieve nothing in your interstate flight but a quarantee of conviction on a new and stiffer felony charge.

You will be doing hard time even if your prior conviction is overturned.

Re:Article 4 Section II Clause 2

[BitZtream]

Ignoring the fact that as soon as anyone googled him he'd instantly be thrown out of any hiring process anywhere in the world.

No competent manager would hire him and its unlikely he'll make it past HR ever again anywhere, even McDonalds.

No one anywhere likes subordinates who don't follow direction, even if he was right (he wasn't) no one would want him.

When you make it obvious to the world that you're a selfish arrogant fuck, you find yourself very alone.

Re:Article 4 Section II Clause 2

[colinrichardday]

It is obvious that he should have fled to France or Switzerland. Hasn't Mr. Childs ever heard of Roman Polanski?

Re:More than one person to blame -- that's unameri

[Grygus]

You mean kind of like how a lot of non-Americans like to find the property of "being an American" as somehow intrinsically to blame in so many situations?

All people need to simplify. You will never understand everything, so you research carefully the things that interest you, and everything else needs to be ignored or fit into a bite-sized piece of intellectualism that you don't need to give any thought to. Nationality has nothing to do with it.

So What????

[mangu]

for any crime, you can just about always find someone who committed a greater crime and received a lesser sentence. So what?

What do you mean "so what"?

First there's the question of precedent.

Second there's the question of just punishment

Re:So What????

[Mongoose+Disciple]

Understand that to be good, a system of laws not only needs to strive for justice in assessing its sentences or lack thereof, but must also strive (to some degree) to be pragmatic. That's why our standard is "beyond a reasonable doubt" rather than "beyond any doubt", for example. That's also why we have the concept of a plea bargain, something which is about guaranteed to produce a disproportionate sentence to the actual crime.

We strive for justice in sentencing, but it is not and can never be an exact science. You have, in essense, rounding errors. Sometimes you steal a cheap car and get 3 years and a guy steals an expensive car and gets 2 years. That's just a limitation of the system. As long as you're not executing people for shoplifting and always trying to improve the system as much as is reasonable you're doing the best you can as a society.

I think geeks are confused

[Sycraft-fu]

While the city may have a shitty IT setup, is that illegal? Probably not. However what Childs did WAS illegal.

That is the difference. I know that some geek types seem to think the law should be whatever strikes them personally as fair but that isn't how it works. Childs broke the law, he was tried and convicted of it (and one of his jurors had a CCIE so none of this "stupid jury" bullshit).

If the city is being negligent then a lawsuit can, and should, be brought against them. None of that makes what Childs did right or legal.

Please, please would all Slashdot posters go and READ UP ON THE CASE before posting. The facts please, not the opinions form mother Slashdotters. So much uninformed kneejerk here. Slashdot itself had some good links, including one to an interview with aforementioned CCIE juror. How are you any better than the people you like to look down upon if you cannot be bothered to get your facts straight for something you have strong emotions about?

Re:I think geeks are confused

[BJ_Covert_Action]

While the city may have a shitty IT setup, is that illegal? Probably not. However what Childs did WAS illegal.

I'd like to make it clear that I am not advocating that Childs is somehow innocent. I know I used the term scapegoat, but that word has more connotation with it then I intended. Frankly, whether or not Childs got convicted doesn't really apply to me at all. I don't work in systems administration. My point in posting was to point out that our legal system consistently fumbles when presented with technical and/or scientific matters. What Childs does was illegal, I agree. However, as citizens of a free democracy we have to ask ourselves if what Childs did was wrong and, furthermore if what is determined to be illegal corresponds to what is determined to be wrong. Regarding this particular case, again, I don't have many feelings one way or another. I did follow the entire case out of interest, however, because I have had an increasingly curious streak for legal matters regarding technical industries. Recalling what I read in the various press releases regarding this case, it seemed, to me at least, that this case demonstrated very tritely how technological controversies fall on deaf ears in many courts today resulting in rulings that often pass judgments based, at least partially, on misunderstanding technology.

So, is the city's incompetence illegal?
Probably not.
Is the city's incompetence bad?
I'd say so.
Were Childs' actions inappropriate?
I'd say so.
Do we, as citizens, have as much power to correct the bad processes of the city as the city has to prosecute the inappropriate actions of Childs?
It doesn't seem so to me.
That's the point I was trying to make. I was not trying to sell Childs as some martyr.

With regards to this:

How are you any better than the people you like to look down upon if you cannot be bothered to get your facts straight for something you have strong emotions about?

I am not exactly sure what you are referring to, but I don't look down upon very many people that I know of. In fact, thinking about it I can't think of anyone that I know well that I look down upon. Furthermore, I don't have strong emotions about this case. I simply have observations about my society that I have been collecting as I grow older. Perhaps this jab was not intended for me personally and that's fine. However, I'd like to clarify that my post was neither without introspection nor forethought so please don't label it as uninformed kneejerk.

The city of San Fransisco, according to this guy at least, has poor IT procedures. Something should be done about that. I hope that Childs sentence is not sold as, "Look we fixed the problem."

Re:I think geeks are confused

[houghi]

While the city may have a shitty IT setup, is that illegal? Probably not. However what Childs did WAS illegal.

And even if what the city did was illegal, that does not make it ok for Child to do something illegal.

Car analogy: If I get caught with speeding in by bosses car, I get a fine. Saying that by boss stole the car would not take away with the speeding ticket by saying by boss stole the car, so he committed a bigger crime.

Re:I think geeks are confused

[_Sprocket_]

While the city may have a shitty IT setup, is that illegal? Probably not. However what Childs did WAS illegal.

It should be noted that Childs was convicted as much on intent as what he did. One of the more enlightening aspects of that aforementioned CCIE juror's comments was the background that lead them to believe that Childs' behavior was not based on being a dedicated admin, but rather out of an intention to retain control for personal gain. The environment lacked policy that would have greatly clarified the situation and given Childs much less leeway to act (or it might have saved his ass if he was following the letter of that policy). What Childs did wasn't illegal per se. Why he did it betrayed an illegal action that might have been accepted in different circumstances. It was also noted that the Jury found it rather distasteful that this went to court.

Re:Run

[Mongoose+Disciple]

I don't think it's an exaggeration to say that this precedent endangers all of us in the IT field -- taken to its extreme, it means employers can lay claim to anything that ex-employees know, if it helps them run their systems or their networks better.

I disagree. Childs was asked to provide access to the relevant networks while still an employee and refused.

You can't set yourself up as the only person with access to something and refuse to provide it to anyone else, including your superiors, so, yeah, I think it's an exaggeration to make the generalization you did.

In most cases you still wouldn't see criminal charges filed for doing even that, but this isn't most cases.

Re:More than one person to blame -- that's unameri

[couchslug]

"The problem lies in that most US people seem to equal justice with revenge."

There being insufficient order, turning up the pain until there is order is reasonable.

Re:Not Surprising

[turbidostato]

"They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle."

Which is a management issue, not a technical one, so the one to blame must be a manager. Was Childs in a manager-level position or in a "mere" technical one?

"However harsh the sentence may have been, the fact is that Childs was a shitty IT manager."

Truly so. But was he in a managerial position to start with? All I can find about him is that he was a "network administrator", a "network engineer" or an "IT administrator", never a manager, so he was not the one to say how the passwords should have to be managed nor the one to deal with policy violations. In fact, as per this reference (http://blogs.sfweekly.com/thesnitch/2010/08/terry_childs_sentenced_hacker.php) it seems clear that upper SF management agree this being a case of bad management: both Terry's direct manager and the security manager were displaced (they are not fired -yet, probably not to ashame that very SF upper management).

Re:Not Surprising

[Haffner]

My defense of him has nothing to do with whether or not I think he is innocent (I do not; I think he is fully guilty of a crime). My defense is that he was given a four year conviction for something that really should have gone to civil court.

Sooooooo sick of this drama

[bl8n8r]

The dude wouldn't turn over passwords when ordered by his Senior Associate. That's just insubordinate in any circumstance, regardless of the job, and will get your ass fired in most places. Terry could have handled things differently if he didn't trust his immediate supervisor, but he didn't. He chose to lie all the way up the food chain and took the for-the-good-of-the-network chip on his shoulder with him.

Re:Not Surprising

[MightyMartian]

Well, he wrote his own ending here with his crazy and obstinate attitude. But this could all have been avoided if he had been even a half-way competent sysadmin. Yes, it's possible he could have been demoted or even fired, or whatever, because it's pretty obvious his attitude sucked, but the mayor could have reached into the safe, pulled out the passwords, handed them to the replacement, and life would have gone on. Instead, he chose the path of most resistance. I don't feel the least bit sorry. He's guilty of severe malpractice.

Re:Run

[dougmc]

I'd mod you up if I had any points right now ...

Jail time is ridiculous

[gig]

What's he going to do, get another IT job and offend again? They should have given him community service. The guy's career has already been wrecked.

We are way too much about jail in California and the US. You shouldn't go to jail unless you are violent, or an incorrigible repeat offender. California is bankrupting itself putting taxpayers in jail for crimes like these and for smoking, it is fucking crazy.

Re:More than one person to blame -- that's unameri

[PitaBred]

You haven't talked to any religious people as an atheist, have you?

Re:More than one person to blame -- that's unameri

[whoever57]

I would suggest it isn't so much an "American" trait as it is a convenient news tactic in America. People naturally want answers to questions. The neater and tighter the answer, the more readily it is accepted

I would disagree with that assessment. I have had multiple conversations in which the topic is "THE cause of ..." while it seems perfectly obvious to me that there are multiple causes. So I don't think it is limited to the media.

Re:Run

[Haffner]

5th amendment doesn't hold here; everyone knew he was withholding the password, the password is not incriminating -> not protected under 5th amendment.

Re:More than one person to blame -- that's unameri

[ebuck]

I was told in jury selection that my case was one where only the guilt would be deliberated, the sentence was (due to legal reasons) not to be set by the jury. Basically if we found guilty the person was getting life imprisonment, and if we found not guilty the left the courtroom free.

Odds are the lawyers didn't like this, and the Judge may not have liked it; but, this is the state the courts are in after yet another round of overzealous legislation to "fight crime." In Jury selection questioning, I told the prosecuting attorney that I had reservations about the two extremes of the outcome. He asked me if I thought he was guilty but not deserving of a life sentence, would I be tempted to declare him not guilty, to which I replied "Yes, because the Jury shouldn't have the choice of sentencing stripped from it's duties." Naturally, I was excused from Jury duty.

So that man's trial was populated by people who were all right having the determination of degree of punishment stripped from them; in other words, they had people who selected with a bias to send him away for life before hearing the facts. Was he guilty? Who knows? But I guarantee you that nobody on that Jury was allowed to determine if extenuating circumstances meant he should only get 20 years instead of life.

Re:No sympathy here!

[bhartman34]

I could understand it if he wanted to be a whistleblower in this situation, but you don't do it by holding the system hostage. Like you said, you document everything, and then you go to a responsible party with your issues. You might lose your job over it, but that's a hell of a lot better than going to jail.

Re:More than one person to blame -- that's unameri

[Abstrackt]

You haven't talked to any religious people as an atheist, have you?

I'm agnostic, so not really. One of my good friends is a priest though, and we get into some good discussions. One thing we agree on is that anyone who tries to force or shame others into following their religion rather than leading by example is either very insecure in the veracity of their claims or simply a fool.

The Parent nailed it!

[bussdriver]

Furthermore, justice AND revenge both do not mandate prison and/or being subject to physical or sexual abuse. There are many things that can be done in BOTH cases besides the obvious one. Prisons cost too much money and have too much lobbying pressure to maintain or grow the punishment/revenge system we have today.

Having pedophile tattooed on your forehead should be enough...

Terry Childs is going to have career problems for life, no need to waste money holding him in a cage as if he was a wild animal threatening the peace - or even put an invisible fence around his house is not worth it.

Re:The Parent nailed it!

[mjwx]

Furthermore, justice AND revenge both do not mandate prison and/or being subject to physical or sexual abuse. There are many things that can be done in BOTH cases besides the obvious one. Prisons cost too much money and have too much lobbying pressure to maintain or grow the punishment/revenge system we have today. Having pedophile tattooed on your forehead should be enough...

That's even worse, you've removed any semblance of justice and just said, let the community take revenge. Revenge != Justice in case anyone has not figured that out. Revenge does not, nor should never factor into justice.

The difference between vigilante justice and mob rule is entirely cosmetic.

Now prisons are a good idea when done right. You've commuted a crime and now you are being removed from society until such a time where society deems you fit to re-enter. However the US has screwed this one up. Lock up the pot smokers whilst killers go free because the prisons are overcrowded. A lot of offences that are punished with jail time should not be, removing prisons will not fix this issue as the prisons are not the issue.

Re:The Parent nailed it!

[westlake]

Terry Childs is going to have career problems for life, no need to waste money holding him in a cage as if he was a wild animal threatening the peace - or even put an invisible fence around his house is not worth it.

The problem here is that the geek is always surprised when one of his own gets raked across the coals when the jury issues its verdict.

The prison sentence is an object lesson, an often necessary reminder that white collar crime is still crime.

     

Re:The Parent nailed it!

[bussdriver]

No I have not!!! WTF? I did in no way equate justice and revenge!

Let me help you understand what I wrote:

Justice does not mean giving prison sentences.
Revenge does not mean giving prison sentences.

Prison should not be associated with physical or sexual abuse (which is a veiled threat; a terrorist threat at that.)

Prison is costly and and wasteful.

The purpose of prison is not far from locking up a wild animal. It does not get let lose until it is tame; not at a set time period.

Punishment is a different issue and can in some cases involve a "time out" by caging a person but can involve a great deal more things.

It is especially foolish to equate punishment and prison by placing those being punished with the "wild animals." At least separation of pot heads means they free other pot heads to make room and not violent nutcases. BTW, since Reagan we've put nutcases in the prison system instead of nuthouses. As far as killers, some are nuts and others are just being punished. Sane killers differ greatly and one should consider what benefit to society there is to punishing MANY of them for life at great expense.

A rapist could be punished by an amputation...and then let to go free... The impact of their crime can easily last a lifetime - one could argue that is justice and not revenge. But locking them up for a few years then releasing without any effective preventative measures is not justice its a time out.

A pedophile is sick in the head. I would argue for a class of nuthouses for them where its likely most would never be cured; but I would make it productive and less prison like; they are sick pathetic creatures and may be functional members of society outside of the sickness.

In fact, technology may be such that someday they can be monitored 24/7 and just go to therapy. I'm not sure we should allow nutcases out today where if they forget to pop a pill they may kill somebody...more technology to assure they take their medication is required.

Re:Not Surprising

[Vancorps]

I like that rule, I wish it could always be the case too! I'll give you a real life example of my situation. I created said envelope with all the key passwords and sensitive documentation to allow another to step in should I be hit by a bus. It was placed in the safe in the CFOs office.

You may or may not have guessed it but the CFO was fired and his position was removed. Since this was an executive decision they of course waited until way too late to tell me. The COO and Controller emptied the safe and now I do not know where that paperwork wound up. I changed my critical passwords and VPN encryption keys. Then the time came where they wanted the list of passwords. I asked them where the old list was and I haven't heard anything since.

Now for my own sanity I still keep a copy of the records but it is no small feat to change all the sensitive passwords so I keep them in the safe of the owner who has already twice forgotten that he has it. He asks me for it personally sometimes. If the time came I don't believe he would know its in his safe.

This is why I can feel at least some sympathy for Terry Childs although he definitely didn't act in any way professionally. He deserves to be punished but his punishment doesn't fit the crime given what's been brought to light about his management.

My other question is why in a city the size of SF was there only one person responsible for critical city infrastructure? If two people had been working together the whole time then the project would never have been in jeopardy unless Childs managed to corrupt the second guy which I guess is possible if some the ineptitude of management was in fact true.

Re:Run

[Wowlapalooza]

5th amendment doesn't hold here; everyone knew he was withholding the password, the password is not incriminating -> not protected under 5th amendment.

We don't know for sure that the password was non-incriminating. Certain combinations of letters, numbers and/or symbols are criminal ipso facto (how soon we forget the "munition" crypto algorithm, expressible on a t-shirt or other relatively compact media?).

If some piece of information could be incriminating, generally speaking we give broad latitude for the holder of the information to invoke the Right Against Self-Incrimination, since to determine whether it's incriminating or not, one would have to divulge it, which is a Catch-22, since it might result in criminal penalties for the divulger. Of course, the way to cut through that Gordian Knot is for an agent with the power to do so to offer Limited Immunity, with respect to that particular piece of information. Free of any possibility of incrimination, the holder of the information can then be compelled to divulge it, in accordance with usual rules of testimony, production of evidence, etc.. As far as I know, no-one offered Terry any kind of Limited Immunity in this case.

Re:More than one person to blame -- that's unameri

[Haffner]

"equate" typo more like

Re:Not Surprising

[bsane]

So 4 years is just and appropriate because he was a shitty admin and had a bad attitude?

I may not personally feel sorry for him (haven't given that aspect much thought), but this is clearly a gross miscarriage of justice, and that outrages me regardless of the target.

Re:Not Surprising

[Kozar_The_Malignant]

>Try translating your argument into a different context. What if he wasn't employed by the government

With some other employers, we might still be looking for his body.

Re:What if you worked at a nuke plan and your boss

[jeff4747]

What if you worked at a nuke plan and your boss wanted the codes over the speakerphone and you did not know if people on the other end where able to run the system

"Boss, I can't give you those codes over speakerphone. Call me back on a regular phone and I'll give them to you.

you know that your boss was not able to run the systems.

Doesn't matter. It's his system. You hand over the codes. And if you truly believe he can't run it, you quickly drive out of the blast radius.

Re:Not Surprising

[MightyMartian]

I never said it was just. I'm trying to make the point that thumbing your nose all the way up the chain of command, whether to cover your own ass or because of delusions of grandeur, will guarantee that you have a less than sympathetic ear in court. He wrote the ending. Ask him why he did. The court is not bound in sentencing by the average that other IT administrators' malfeasance previously was set. Beyond that, as others have pointed out, none of these other situations are comparable; different jurisdictions, different criminal charges.

And all of it could have been avoided if Childs actually knew what being a system/network administrator actually meant.

Re:Not Surprising

[Vancorps]

I think a lot of people blindly support him because they can easily see themselves in a similar position and have no desire to be railroaded should they find themselves in the same position. While Childs did abuse his position and gave every sysadmin a bad name he doesn't hold all of the blame and if management had been more on top of the situation none of this unpleasantness would have happened.

Why on earth would a city the size of SF have only one sysadmin? This is the real root of the problem. If there had been a team, the project would have been properly built out as they check each others' work.

Also, let's note that Childs was NOT an IT manager, he was a sysadmin and found his IT manager to be really bad at his job which is pretty evident from the lack of enforcement of passwords entered into their password management system. He/she should have caught that early on and again would have avoided the whole mess. I wouldn't hire the guy either though. Anyone that plays such games with passwords and keys should not have any business being a part of it.

What if his laptop was dropped? Suddenly all those keys would be lost. It was an accident waiting to happen and brings into question his skills to begin with.

I've dealt with some pretty inept management in my day however. I've created the DR document should I be hit by a bus, I placed it in the safe of the CFO only to have the CFO position removed without any notification to myself. Six months later the COO and controller are emptying out his safe and they take no inventory of what was in it. They notified me at that time and I promptly changed VPN keys and passwords which was a huge pain in the ass. Six more months later they ask me for the same document again, I know it's outdated by then but I ask them where the old document was and they went looking for it. I still have no idea whether they found it as they don't answer my emails unless they need something. To cover my ass I made a new envelop and gave it to the owner to put in his safe at home. He routinely talks to me and even went so far as to ask for that information so I provided it. He and I both have peace of mind as I then won't have to worry about what happens when I separate myself from this company. Of course keeping that document up to date is also not an easy task.

One of my fellow admins, who, let's face it, should retire wanted to watch a video online. He was using IE6 no less and just clicked install when it asked him to. Naturally he got a lovely virus and I again had to go through the process of auditing and changing passwords as anything could have been leaked during that time.

It's at least easy for me to put myself in Childs situation. I wouldn't like to nailed to the wall like he was, of course I behave much more professionally than he did so I'm not really that worried about it. It does naturally make me want to side with him though. Despite the risks he was taking it does make sense that his management would have mishandled the information. Personally, I've gone through four bosses in the seven years I've worked here. Trust in authority is earned, not granted which is why when our new IT director came on board he didn't have full access until I deemed he was trustworthy per directions from a VP and the owner.

The chain of command isn't always easy to spell out.

Re:Run

[jeff4747]

Please cite a legal authority for your assertion that passwords are "property".

Go put a chain and padlock on your neighbor's gate and see if you get in any trouble. You haven't stolen his property, so everything should be a-ok, right? (Heck, you haven't even trespassed, since he has to warn you once before it's a crime)

Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-user

He denied access to the replacement administrators. They are authorized users of the system's configuration utilities.

I don't think it's an exaggeration to say that this precedent endangers all of us in the IT field -- taken to its extreme, it means employers can lay claim to anything that ex-employees know, if it helps them run their systems or their networks better.

Only because you're trying really, really hard to turn this into something it's not. Not turning over the passwords blocked the new adminsitrators from accessing the systems, just as if he DDoS'ed the management ports.

Re:More than one person to blame -- that's unameri

[VocationalZero]

Why do people attribute to one country's people things that obviously apply to all people? Why do people think this post is in any way insightful?

Do I just need to start my inane generalizations with "Before this post gets modded as a troll or flamebait, it is my humble and sincere view..." to substantiate my otherwise vaguely hypocritical flamebait post?

Re:What if you worked at a nuke plan and your boss

[Joe+The+Dragon]

But for plan B you can go to jail / be given the blame for doing it.

Re:Run

[cyber-dragon.net]

I completely agree.

I have been in a similar situation, asked to grant access I really did not feel comfortable with. I stated my objections in writing, offered an alternative but stated it was my boss' decision. In doing this I covered my ass and did my duty, but was not causing issues. Most of the time they accept my alternative, once I was told to do it anyway, and did.

Your job as an IT professional is to present risk analysis and ensure those making decisions understand the consequences of those decisions, not to be a brick wall preventing your higher ups from making them. If you really disagree, quit. I have done that as well when policy changed and I wasn't comfortable.

Re:More than one person to blame -- that's unameri

[BitZtream]

I think the problem is that people like yourself keep trying to pretend its not.

In every justice system the world over, 'justice' does equate to some form of revenge.

Its just the way nature works, you should probably accept it, it'll be a whole lot easier than trying to pretend that the instincts that have evolved into all life on Earth can be ignored.

People are animals. Animals will do as much as they can for themselves until something pushes back against them. Revenge or retribution is one of those things we do to self regulate our species ... its instinct, its natural, its not going away no matter how much you try to pretend you're 'better' than that.

When some serious crime is committed against you, you will want revenge and theres nothing you can say or do that will stop that.

Its always fun to pretend though.

Re:Not Surprising

[mat128]

If you don't "write mem" your configurations, you don't deserve to be an admin at all.

Re:More than one person to blame -- that's unameri

[nomadic]

Before this post gets modded as a troll or flamebait, it is my humble and sincere view as someone born and raised outside the USA, that Americans are often obsessed by finding a single cause for a problem and the idea that there might be multiple causes is rarely explored.

As opposed to what distinguished country, where every man is a philosopher king who never makes a snap decision?

Netcraft Confirms Infoworld Editors are Dying

Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.

Wow, that metaphor is more confused than an eel at a hovercraft convention. The word on the street is that Infoworld editors are sharper than tacks, but when the rubber hits the road it seems the prose flies like a banana.

Re:Netcraft Confirms Infoworld Editors are Dying

[Bigjeff5]

I know right? There's no way you'd perform an expensive drilling operation on a basketball court - and while airing out your dirty laundry to boot!

Re:Not Surprising

[plover]

OK, consider if he were to behave like that in a bank. In a bank, he could hold money hostage, and cost the bank a fortune. So most banks implement separation of duties policies to prevent stuff like this, and their procedures would prevent a megalomaniac from rising to this position in the first place.

So we know there are proven procedures to protect a company from malicious admins, and those procedures are not secret. They could have been implemented by his bosses in city hall. But they weren't. Yes, his boss should be held liable for not adequately ensuring safeguards existed, and he should have been fired as soon as they jailed Childs. (That he wasn't stinks of favoritism, but those kinds of shenanigans are pretty much how every corrupt city operates under the covers.)

I'm pretty sure the punishment wasn't levied for the refusal to cooperate while he was employed, or of how the system did or didn't work after he was gone. The reason he got four years was how he behaved after he was ordered to turn them over by the court. You can generally piss off your boss and risk only your job, but lesson 0 is don't mess with the courts. They are the exact set of people who have the authority and ability to get revenge, and they love to show it.

For that matter, I doubt that either the courts or the city wanted anything to rush in this case. I'm sure they figured he'd get off with time served, and they wanted to ensure that he got plenty of that to begin with. The longer he sat in a cell, the more punishment he'd receive, regardless of the eventual outcome. That part is a complete abuse of the justice system, but when it's perpetrated by the justice system itself, well, there's nothing an individual can do except run against the scumbags in the next election.

Re:Not Surprising

[bsane]

And all of it could have been avoided if Childs actually knew what being a system/network administrator actually meant.

More importantly the four year sentence could have been avoided if the courts actually upheld the constitution and laws of this country. Instead its much more common for the 'authorities' in any branch to react on a personal level, and really stick it to the people they don't like regardless of whether or not its appropriate. THAT is the real crime here. Personally I keep that in mind- and stay out of trouble. It bothers me a lot that people in power are allowed to act is such a petty and spiteful manner and are given a pass because 'the guy was a jerk'. Right, cause its only ok to be an asshole when you're in charge...

Re:What if you worked at a nuke plan and your boss

You protest, you make damn sure your protest is written down on paper so you have a copy and rejected, and then you hand them over. When the shit hits the fan, you're covered. As sad as that may sound, this case has proven exactly that.

Once said nuke codes have been turned over to the incompetent moron, all bets are off. My advice is to get as far the hell away from the potential fallout area as possible, as quickly as possible. When they question why, you explain "I was forced to give the passwords to the reactor to a guy I wouldn't trust with a potato gun, under protest. Once I was forced to comply, under law, I wanted the hell away."

Re:What if you worked at a nuke plan and your boss

[jeff4747]

Only if you don't know what you're doing.

You have the boss send the request in writing. Print it out before running to your car.

Only bad sysadmins do not have a CYA file where every moronic management decision is documented thoroughly.

Re:Run

[91degrees]

Please cite a legal authority for your assertion that passwords are "property". Since they are intangible, I can only think that Intellectual Property laws would have bearing on that assertion. But, since the passwords were neither patented nor trademarked nor copyrighted (copywritten?), I don't see how your assertion can hold up.

True. The servers were property and he was withholding access to that property.

Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-users, only that his inaction (i.e. his initial refusal to disclose passwords after his employment was terminated) temporarily inconvenienced administrators,

The administrators are authorised users as well. They are authorised at a higher level. Why does the anti-hacking statute not cover this?

But the law doesn't really work like that. Intent is quite important. It seems likely that Childs deliberately arranged things in such a way that it would be extremely difficult for his replacement to administer the servers he had a right to administer.

What is even more amazing is there was a (supposedly) tech-savvy member of the jury, who should have been able to explain what a crock this was, but was swayed by the tech-illiterate arguments of the prosecution and thus could not, or would not, prevent this travesty of justice. He's even posted here on /. trying to rationalize his actions, and his vote.

He had access to all the evidence, and had an explanation of how the law works rather than the interpretation of a computer user, expecting the law to work like a computer and have no flexibility in interpretation at all.

Pretty crappy article contradicting previous stuff

[Fallon]

"I can see how Childs might have been convicted by a largely nontechnical jury." That doesn't jive at all with one of their previous articles "Terry Childs juror explains why he voted to convict" http://www.infoworld.com/d/adventures-in-it/terry-childs-juror-explains-why-he-voted-convict-212 . I'd hardly say a jury containing a CCIE non-technical.

Ya Terry is getting screwed way more than he should be, but he is not innocent.

Re:Not Surprising

[BitZtream]

because he followed the letter of his contract to insane degrees

Followed select portions of the contract. Had he followed it all, he would have put the configs and passwords in the city IT config management system.

This means he pretty much wasn't following the contract to the letter, he was making up his own rules otherwise nothing would have happened. He would have got fired, the city would have pulled the passwords from the config system, changed them and moved on.

He violated basic common sense management practices and didn't follow city policies when they suited him, yet yelled that he was only following policy on other parts.

I REALLY WISH people would get it into their heads that THE CITY HAS A PASSWORD AND CONFIGURATION MANAGEMENT SYSTEM IN PLACE THAT HE DID NOT USE which makes what he did clearly nothing more than extortion.

Re:Not Surprising

[rickb928]

" Then the time came where they wanted the list of passwords. I asked them where the old list was and I haven't heard anything since."

You realize that this is dangerously close to Childs' attitude.

When they asked you, you should have (as I would) informed tham that they had a list of the passwords from the CFO's safe. You have since changed them, knowing the safe was 'compromised', and you did not know the disposition of the contents. And then you should have delivered without hesitation, to the CEO, owner, or their authorized agent, the new passwords. And perhaps a written admonition to notify you whenever a critical exeuctive or manager is dismissed, so that you can take appropriate action.

When I was installing small-business systems, it was expected, mandatory, that I leave the business owner with those passwords and access details. When we provided access for our clients, the router configs were delivered on floppy (this is a while ago), and passwords again made delivered as well. Where they had a trustworthy or critical telecom or cable provider, they also got a copy of passwords. All of these also got a disclaimer, that if the passwords were compromised or given to unauthorized agents, or changed without notifying us, our responsibility for the functionality of the system, and SLAs, terminated as of the action, not on date of notification. I had two or three incidents where the passwords, etc., were misused or compromised, and we did not have any real difficulty with the client. Once they changed providers and the new provider ran roughshod through the network with predictable results. We explained the policy, and they clammed up. The owner blamed us, but in a year we were 'back in'... In anothe case, the owner changed consultants and ditched us, and made the changes in the middle of the night without notice. Hey, it's a 'Haitian divorce'. When he did notify us, we of course offered all asssistance, and saved the new player a lot of time figuring things out. That old boss saw no value in further annoying disgruntled customers or competitors. But if a client ever asked me for passwords, they got them. It's their system. If they really wanted to mess it up, they paid for it.

Oh well, my $.02

Hard to take this seriously

[taustin]

When the writer refers to the "plaintiff" in a criminal case. If he's that clueless (the plaintiff is part of a civil case; there is no plaintff in a criminal case) one such a simple point, what else is he using words he doesn't know the meaning of about.

Yeah, Childs' manager was, apparently, an asshole and an idiot. What he was not, however, was in criminal violation of the law. He was, in fact, specifically entititled to demand the passwords from Childs, and Childs was specifically required to fork them over.

The sentence might have been a little harsh, but IIRC, the network in question was configured in such a way that if it lost power longer than the UPS's could handle, it couldn't boot back up without Childs' help, and didn't this network handle the 911 system for the city?

Re:Hard to take this seriously

[Bigjeff5]

Heh, you know I totally missed that.

It became pretty clear he was just ranting right away though.

The article is supposed to be about how the SF government is just as guilty as Childs is, but they don't give a single shred of evidence to support that. All they offer is a confused analogy about laundry, basketball, and drilling at the beginning. And really, how could the city be guilty of a denial of service attack against itself? The idea is silly, at best. The rest is basically about how the sentence was unfair because other court cases where defendants were convicted of / pleaded guilty to completely different crimes received lighter punishments.

It's just a jumbled mess of nonsense, really.

Re:What if you worked at a nuke plan and your boss

[BitZtream]

If thats what happened we might consider thinking about it that way, but thats not what happened.

What happened is the nuke plants policy is to put all those codes in a known secured location so that authorized personal can get to them. Instead he didn't do that, then when they wanted to move him over to being a janitor since he clearly wasn't a good admin he continued to refuse to follow policy and then refused to do anything else citing policy as his excuse.

You don't get to not follow policy then use it as your excuse.

You either follow it or you don't, he was picking and choosing to suit his agenda at the time.

He also would never have been hired to work at such a location because they have better screening policies to prevent megalomaniacs from being that close to such potentially dangerous equipment.

This situation wouldn't arise at a nuclear plant ... they would have shot him much earlier on for all the shit he was doing against policy.

You might want to get some facts about the case ... like what he actually did and what policies he was/wasnt' following.

Re:Chinese punishment

[BitZtream]

He doesn't get a life sentence cause I shouldn't have to pay for supporting him.

I will however be happy to pay for the gun and the bullet. Anything to ensure he never has any chance of contributing to the gene pool and saving the rest of the world from having to deal with him.

Re:Not Surprising

[MightyMartian]

Childs wasn't just a jerk. He was an incompetent. The big mistake was ever letting the guy have even the smallest amount of meaningful responsibility.

Re:Not Surprising

[Vancorps]

The point that I haven't heard anything since is pointing out that they screwed up and didn't want to admit it but couldn't point the finger anywhere else. I suggested to the COO and the CEO/Owner that we just keep it in a safe at his house. I regularly work up there too so it makes keeping the thing up to date relatively simple. Make no mistake, I am never the only person that has a production password.

I definitely hold the people responsible accountable and the chain of command is jacked here as I've been through four bosses in seven years. When the new IT director came aboard per the owner's instructions I did not give him full access. I slowly increased his access as I felt comfortable with his abilities and now he has the same level of access I have which coincidentally means I can finally take a vacation. This I very much enjoy!

there are plenty of crimes the usa has committed

[circletimessquare]

but when you busy yourself holding the usa responsible for crimes which are essentially human failures, not uniquely american failures, as if americans somehow had a monopoly on hubris or ego or arrogance in this world, then you reveal yourself to have some sort of chip on your shoulder and complex about americans and americanness

but don't worry about it. in your life time, china will be the new bully on the block. and then you can busy yourself blaming every neurosis you can identify about the human condition as something that is uniquely a chinese crime. what blazing insight (rolls eyes)

Re:Not Surprising

[Sulphur]

Marley wore a Chain of Command because he had no idea how to remove it.

--

Ths sg n vwls.

As for the speedy trial thing

[Sycraft-fu]

I would presume either he or his lawyer didn't want one. I can find no speedy trial motion from his lawyer. Generally speaking, the defense wants to time to prepare and such a motion is not filed. However if they feel things are taking too long or as a certain kind of tactic, they can file one. At that point the judge tells the state "Ok get your shit ready we are going to trial soon," and sets a date. I can't find the California law on the matter (though I know they are a state that has one) but 6 months is pretty typical for a felony. If the state is not ready to present by that time, the court will give them no choice, they can go to trial unprepared or drop the charges.

However this only applies when the defense files for it. The court doesn't force a speedy trial if both sides are happy with a later date. Nor normally in that event it is either because the defendant is out on bail or because the defense has a really weak case, but regardless. Unless his lawyer filed a motion and it was ignored, which isn't likely because the appeals courts hear those things as a priority, then it is not an issue.

It is one of those rights you have to assert. If you want a speedy trial, you have to ask for it. Same deal as a right to council during questioning. You have to tell them you are not answering questions and want a lawyer. I mean you can just not answer questions, but if you don't ask for a lawyer they don't have to get you one.

Re:Not Surprising

[mysidia]

If this was such a big concern for Childs, why didn't he have these key passwords and router configs in the Mayor's office

He was going to get around to doing it, but he had so much junk assigned to him to be done that he couldn't get basic essentials like documentation finished?

shrugs

Following the letter of your contract is what individuals are supposed to do, when doing work for the government. The contract is written for a reason, contracts are meant to protect both parties.

With Regards to the Use of Scapegoat

[BJ_Covert_Action]

I want to clarify that I didn't use the term "scapegoat" to imply that Childs was a completely innocent victim being raped and pillaged by the big evil city. What I was trying to say is that it would be a pity of the city's IT department used Childs as a scapegoat for fixing their own incompetence. As in, "Well, now that he is gone, things will be working out fine and dandy around here from now on."

In other words, my point was that the problems with the SF city procedures are not fixed yet and I hope the Childs ruling does not keep them from getting fixed (in other words, being used as a scapegoat to avoid an overhaul of the city procedures). Perhaps that explanation will quell some of you respondents that are insisting that I neither know the facts or that I am making an uninformed assertion.;)

Was it really a denial of service?

[Ichijo]

No matter how much you may think it, generalized poor management is not actually a criminal offense. Whereas, denial of service is.

But was it denial of service if physical access was never denied? If you have physical access to a machine, you can get the root password, or at least reset it. This is why they lock these things up.

Re:Run

[Wowlapalooza]

Please cite a legal authority for your assertion that passwords are "property".

Go put a chain and padlock on your neighbor's gate and see if you get in any trouble.

Well, in criminal terms, that's "vandalism", as a Tort, might be considered "trespass to chattels" (warning: IANAL). Withholding a password is not "vandalism", and I think that would be even more of a stretch than the "anti-hacking" statute under which he was convicted.

Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-user

He denied access to the replacement administrators.

But they are the providers of the "service", not the intended beneficiaries of it. I think that's an important legal distinction to make -- there's no evidence that Terry ever targeted the users of the network with any kind of malicious intent. It was merely a scuffle amongst the providers of the service, something that happens all the time in workplaces. Even if he had remained in the employ of the City of San Francisco, he could have -- and reportedly did -- keep information about the particulars of the network, its architecture and its configuration, from other administrators and his management. This happens every day in workplaces all across the U.S. and in fact the world. No-one is compelled to disclose everything they know about their work, at the request of anyone and everyone who works in the same place. While a secretive, distrusting and/or insular employee may be grounds for disciplinary action, up to potentially -- actually, as it turns out in Terry's case -- termination, having "special" knowledge about the network, and not sharing it, is not "hacking" and not criminal.

I think the main disconnect here is that people view passwords as disconnected facilitators of "access" (however that is defined), more analogous to a physical key than to a piece of information. But I see those passwords as being at the end of a continuum of "special knowledge" that one may have about a network, or some other IT system, whether it be Operating System, application, or network infrastructure. What use would it be to give someone a password to a network infrastructure device, but they have no clue how to configure it, how to troubleshoot problems, how to even understand the role that the device plays in the overall infrastructure? Having the password to a router, a switch, a fiber concentrator, or whatever, doesn't mean you can do anything useful with it. So the threshold isn't just "password", in practical terms it's "password + other special knowledge necessary to do something useful with that access". Certainly Terry had "special knowledge" about FiberWAN that he wasn't willing to share with his co-workers or management. Passwords were only the tip of the iceberg. But to criminalize this behavior threatens to drill deep into the iceberg to other forms of "special knowledge" that workers withhold from each other and from their management on a regular basis. That's why it's such a dangerous ruling, and why it has vastly overextended the concept of "hacking", which is about protecting the society at large from the malicious actions of individuals against electronic systems.

I don't think it's an exaggeration to say that this precedent endangers all of us in the IT field -- taken to its extreme, it means employers can lay claim to anything that ex-employees know, if it helps them run their systems or their networks better.

Only because you're trying really, really hard to turn this into something it's not. Not turning over the passwords blocked the new adminsitrators from accessing the systems, just as if he DDoS'ed the management ports.

It didn't block

Re:Not Surprising

[DarkKnightRadick]

You're comparing murder to this? Wow. Talk about having no sense of scale.

Re:Not Surprising

[Nyder]

.... He's shown that he can't set aside his ego and such a person has no business having system level passwords.

but he'd make good management!

what about the policies that left him as the only

[Joe+The+Dragon]

what about the policies that left him as the only admin for the network or that woman who has snooping around the IT office / his desk and takeing disks and no one told him the she was the new IT person.

Re:Not Surprising

[_Sprocket_]

Did a good job? The guy was keeping passwords and router configs in his head. He may be the best IOS programmer around, but that isn't the mark of a good job, that's the mark of an incredible idiot.

No - he was keeping them on media that he carried on his person.

Re:Pretty crappy article contradicting previous st

[Anonymous+Cowpat]

1/12 is still largely non technical. In fact it's the smallest proportion of technical that you can have on a jury which isn't entirely non-technical. And as he says, he didn't make any technical considerations anyway. All the knowledge & experience in the world is worthless if you choose not to use it.

Re:Not Surprising

[DarkofPeace]

Childs is to IT as Hustler is to free speech. If it applies to the "worst"of us it applies to the rest of us.

Re:Not Surprising

[mrchaotica]

What I'm commenting on is the way in which a lot of guys around here just endlessly defend Childs, at best only giving a brief nod towards the fact that he had inadequately secured key data for a rather large organization's IT infrastructure.

So he was bad at his job. But here's the question you're only giving a brief nod to: is being bad at your job a crime worse than murder?!

doing the limit when others are do 70+ is not safe

[Joe+The+Dragon]

doing the limit when others are doing 70+ is not safe.

Try doing 55 on I-294, I-355, I-88, Tri-State Tollway, Jane Addams Memorial Tollway and other roads.

Most cars + trucks are doing 70+ in a 55 and cops let you get away with at least 60-65 and likely 69-70. and on I-94 after the state line you can get away with 70 in a 65.

Re:And people ask about my new silver hat

[Eternal+Vigilance]

"Moved to a legal system"? I think it's better said "finally recognized the fundamental character of our (and all) government."

We are the people the Constitution was written both to protect, and to protect against.

Re:Not Surprising

[mabhatter654]

really, it's only two more... that's why they had to make it so long. Had they followed normal sentencing he would have been convicted and still walked out the door for time served while he was waiting to be tried, they had to have the judge extend the sentencing to prove a point.

Re:Not Surprising

[mabhatter654]

exactly! He DID give the passwords to the network's "owner" that was the Mayor within "reasonable" time, less than a week after being locked in jail. And he did so without any kind of civil court order to turn over the "property" so the city never actually established in court that they OWNED the property they accused him of "stealing". The PROPER procedure to follow would have been to get a judge to issue an order for Childs to turn over the "property", then they would have easily had him for contempt of court and could have sweated him in jail for as long as it took. As the DA and IT manager never LEGALLY ASKED for the passwords in any kind of binding manner his prosecution was literally under false pretexts, a waste of money, and abuse of official power.

Re:Not Surprising

[bsane]

Childs wasn't just a jerk. He was an incompetent.

Are still on that?

If being incompetent in IT is a felony, we need a hell of a lot more prisons.

He certainly sounds incompetent, but he's in jail because hes a jerk- and thats _wrong_.

Re:Not Surprising

[rickb928]

Well, this is what I read:

"The COO and Controller emptied the safe and now I do not know where that paperwork wound up. I changed my critical passwords and VPN encryption keys. Then the time came where they wanted the list of passwords. I asked them where the old list was and I haven't heard anything since."

So far, he seems to have left the COO and Controller either cowed that they didn't know htey had the passwords they were looking for, or confused that their net admin just answered a question with a question. Note he hadn't given them what they asked for, and didn't indicate at the time that they didn't have the authority to get them. So my concern was that he was close to using Childs' excuse - incompetence of superiors.

Then I read this:

"Now for my own sanity I still keep a copy of the records but it is no small feat to change all the sensitive passwords so I keep them in the safe of the owner who has already twice forgotten that he has it. He asks me for it personally sometimes. If the time came I don't believe he would know its in his safe."

I'm a little lost - is the 'owner' the COO? Probably not, so I'm fairly certain that either the COO and Controller did get their passwords (either by finding them or asking again with different results, good for them) or they did not (which would reinforce my point).

It's not nearly as clear to me as you claim it is to you. Either way, Vancorps seems to still have the job, so he (?) has a much better assessment of the situation than I do. No surprise there.

Re:Not Surprising

[bsane]

I'll add -since I apparently don't know when to leave it alone (surprisingly _i"m not in prison!):

The big mistake was ever letting the guy have even the smallest amount of meaningful responsibility.

Then why isn't the person responsible, manager/department head/whoever, rotting in jail next to him?

Re:Run

[mabhatter654]

they FIRED somebody with special knowledge and CRIMINALLY charged HIM for not helping them out. That is the big problem here. What is the "statute of limitations" on turning over passwords? I know one of my former employers kept a password I set in place at least a year after I was "escorted to the door", and I expressly told my boss all my work was documented in my computer and office paperwork. In less than 3 months they were asking for help and they had not even reviewed the material I left them. Would I be "liable" for not disclosing in that case? Once they announce I'm terminated, that's it, they stop paying, I don't owe them anything.

All the city really needed to do was to schedule some downtime and plan a router reset once they knew what was configured. Like other posters have said, they would have had the same "damages" if he would have quit and left the state, or if he had been "hit by a bus". The manager's lack of planning for firing this person (and it was planned for months) is at fault, not the employee's cooperation. It's a "cost of doing business" that you have to rework your security.... after this case, your boss can claim that cost is "hacking" on your part and a criminal act.. very, very scary considering they can "police escort" you in on criminal charges for an employment dispute.

Re:More than one person to blame -- that's unameri

[mjwx]

I would suggest it isn't so much an "American" trait as it is a convenient news tactic in America. People naturally want answers to questions. The neater and tighter the answer, the more readily it is accepted by the masses, which, of course, means that the news makes more money because they are more trusted.

So, what you're saying is that people will more easily believe a big lie then a small one.

Simplicity is a hallmark of human (not just American) thinking - this takes different forms in different cultures. The main Western logical process is distinct from Eastern varieties but simplicity within the given culture is the tendency.

I disagree, in many western cultures there is an attitude against just "accepting" the "truth" (smiles and nods). Hence the saying "truth is stranger then fiction". This is why we have such insane laws around misrepresenting the truth in media. As for eastern culture, well define simple. A Thai girl seems to operate on simple things, if she's hungry, she eats, if she's tired, she sleeps but this all goes out the window when you try to understand the social dynamic, who is higher, lower, indebted, honoured, distrusted, and try doing this without speaking Thai (oh the joys of tonal language). It may look simple on the outside, until a Thai girl spends three hours explaining what happened in a 10 minute conversation with one of her friends. Even in the west we have quite complex social systems (games people play in the office, sociopaths, even just finding a girl friend)

The thinking that humans crave simplicity is flawed as we tend to fill our lives with complexity be it a complex social systems, complex technologies, complex learning or many other complex systems. If we had a primal drive for simplicity, we'd have never left the trees.

Don't get me wrong, this is not a yank bash, I think American society is as nuanced as most societies, maybe a bit more open then say Thai or Japanese but just as complex. But your news channels tend to be full of crap and not indicative of your society as a whole, more a product of a bad subset of Americans.

Re:Not Surprising

[MightyMartian]

Because that guy may be an incompetent, but he's not a criminal.

Re:Not Surprising

[dbIII]

Worse it is the mark of a megalomaniac

It what way is he worse than the person that started it all off - the woman the was caught by Terry Childs in an office she shouldn't have been in and removing the hard drive of the person responsible for network security? Certainly authority was given later after the person responsible for network security resigned, but it looks like Terry Childs is a very minor case of overstepping authority in his own department. The entire thing is petty office politics in a disfunctional workplace escalated to the point where they put someone that did not roll over instantly to an unusual instruction into jail.
Think about that stupid ambush meeting tactic and you'll see there was no way there could be a good outcome - hand over the passwords to unauthorised people and he's in deep trouble, and it turned out waiting until the unauthorised people were out of earshot was deeper trouble and a media circus (met by the Mayor and a publicity agent instead of his boss, technical consultant, or anybody else interested in doing the job instead of camera time).
While a notebook full of passwords in a safe would have answered this problem, consider that the entire password issue is mainly a beat up because he handed them over anyway, and that anyone competant enough to work on the devices that had physical access to them could change the passwords anyway. Configuration information gets lost, but nobody gets locked out forever and THEY HAD THE PASSWORDS IN LESS TIME THAN IT TOOK TO GET A REPLACEMENT FOR HIM ANYWAY.
So that's it - jail for not handing over passwords to the wrong people and sitting and waiting for somebody else to turn up. I think you need to reconsider whether overblown emotive words like "megalomaniac" actually fit the situation. I suspect you are bringing in a pile of your own baggage from IT restrictions you suffer from and demonising this man as a Bastard Operator from Hell.

Re:Not Surprising

[dbIII]

They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle.

Would they really? It happens more than you think and results in less downtime than you think, and until now nobody went to jail over it. I've personally been in a situation where I had to take over a pile of systems blind - no passwords, no labels on the machines revealing their role. What the hysterical people posting to these articles do not understand is that once you have physical access to a device it really doesn't take very long to get control of it.
The only crime I see here is workplace bullying taken to the extreme of putting the guy in jail - sloppy work practices that cannot physically hurt somebody are not a crime.

city IT config management was not in place when he

[Joe+The+Dragon]

city IT config management was not in place when he started the job and over the time from when he stared to him going to jail lots of staff where going though layoffs and he was doing big time over time at the same time.

Re:Not Surprising

[dbIII]

He was going to get around to doing it, but he had so much junk assigned to him to be done that he couldn't get basic essentials like documentation finished?

For some people documentation is job number one - for others maintaining network uptime is job number one.

I don't think he ever said that

[dbIII]

Remember that after he was asked in a room full of people not authorised to know the passwords he was stuck in prison and had to wait for somebody to come to him. Just because it was the Mayor, a PR guy and TV cameras doesn't mean he asked for that.
Where is the evidence that he actually would not agree to turn it over to anyone else? It's been asserted a lot, but remember some of the early claims that tunred out to be utter bullshit.

Re:I don't think he ever said that

[bhartman34]

His supervisor asked him for the password. The record shows that the only person he would give the passwords to was the mayor, even though the mayor wasn't the person over Childs who was entitled to the passwords.

People're trying to make this guy out to be some kind of uberadmin because of withholding the passwords, but the way I see it, he was just trying to make himself indispensable for his own job security (which, it turns out, didn't work out so well).

Put another way: Does anyone here really believe that Childs' only alternative was to go to jail, and that he couldn't figure out an alternate way for the proper people in the organization to get the passwords? I don't buy that. I think the guy was on a pure ego trip because he thought holding the passwords made him bulletproof.

Re:I don't think he ever said that

[dbIII]

His supervisor asked him for the password

In a room full of unauthorised people as every bit of press on the subject will tell you.
Quote me the portion of the record that says it then. Remember that the opinion of a commentator on the subject is not "the record".

Re:I don't think he ever said that

[moronoxyd]

Untrue.

After he was asked in a room full of people not authorised to know the passwords some time went by, and it wasn't until he withdrew a lot of money and was going to leave the state that he was arrested and imprisoned.

He had all the time in the world to give the passwords to his boss in private. He obviously didn't try to.

Re:I don't think he ever said that

[bhartman34]

Again, do you seriously believe that his [i]only[/i] alternative was to tell his supervisor the passwords [i]orally, immediately[/i]?

He either was intentionally trying to be a dick, or he has the problem-solving ability of a 6-year old.

Re:I don't think he ever said that

[dbIII]

OK, I'll try again - where is it on the record? I've asked a couple of others over the last year with no luck.
I still seriously doubt he ever asked for the Mayor and the accompanying media circus that was to the Mayors advantage.
Remove that doubt with something better than mere opinion.

Re:I don't think he ever said that

[bhartman34]

Well, since you ask, here's an account of the events, as Child's defense would have you believe them. Here's another article stating that Childs specifically said in court that his supervisor was not "qualified" to have the passwords. Also, every possible source I can find says specifically that Childs would only give the passwords to the mayor.

This whole thing was a big ego trip for him. There's really no way around it.

Re:I don't think he ever said that

[dbIII]

I think you put the wrong links there by mistake because they don't say that at all. "Childs eventually handed over the passwords to San Francisco Mayor Gavin Newsom" is very different from the claim that he refused to give them to anyone else. As far as I can tell he was asked in the ambush meeting and then not asked again until the Mayor turned up to save the day in front of the cameras.
Come on now, you said it was "on the record" that he said he would only give the passwords to the Mayor - I'm sure you were being honest so just show me were it came from. I'm cynical enough that I suspect it came from the Mayors PR guy especially since it sounds more like a line out of a movie than reality.
If you can't find it hopefully the process of looking for it will show you a bit about media manipulation and how rumour can escalate to an impression that it is a fact "on the record". If you can then I've learnt something more about this interesting real life melodrama about a city run like a black comedy.

Re:I don't think he ever said that

[bhartman34]

"Childs eventually handed over the passwords to San Francisco Mayor Gavin Newsom" is very different from the claim that he refused to give them to anyone else.

Are you serious? Seriously? What, exactly, do you think the holdup was? Do you think he was waiting on pins and needles for someone to wander by his cell, and Newsom just happened to be the first person he found?

Well, how's this article work for you? (It summarizes Newsom's testimony.) How's this article? It features this passage:

On Monday afternoon, he handed the passwords over to Mayor Newsom, who was "the only person he felt he could trust," according to a declaration filed in court by his attorney, Erin Crane.

Childs isn't a hero. He was a putz who was drunk on power and his own (inflated) sense of self-importance.

Re:More than one person to blame -- that's unameri

[ShakaUVM]

Before this post gets modded as a troll or flamebait, it is my humble and sincere view as someone born and raised outside the USA, that Americans are often obsessed by finding a single cause for a problem and the idea that there might be multiple causes is rarely explored.

"The great strength of political Conservatives at this time (and for a generation) is that they are open to the thought that matters are Complex. Liberals got into a reflexive pattern of denying this. I had hoped twelve years in the wilderness might have changed this; it may be it has only reinforced it. If this is so, the current revival of liberalism will be brief and inconsequential." -Senator Patrick Moynihan, 1996.

Take that for what you will.

Re:Not Surprising

[randyleepublic]

Doing a shitty job doesn't sposed to land you in stir for 4 years. You get fired. That's it. And your boss gets fired for not firing you a long time ago.

The US has gone well and truly insane. Really. People here are all bat-shit bonkers. Before my life is over, it's going to get world class ugly. Smile and have a nice day!

Re:More than one person to blame -- that's unameri

[mvdwege]

It's not equivalent. The state has an obligation to treat similar cases similarly. Equal Protection and Due Process and all that, you know. Therefore pointing out that Childs' sentence is way out of line with sentences handed out in similar cases is a a compelling argument that his punishment was, in fact, unfair.

Mart

Re:More than one person to blame -- that's unameri

[Jedi+Alec]

When some serious crime is committed against you, you will want revenge and theres nothing you can say or do that will stop that.

There are lots of thing that I want on an instinctual level. When I see a very attractive woman walking on the street I'd really like to have sex with her. When I hear someone spouting ignorant nonsense I'd very much like to bring my fist into sharp contact with their nose.

We're not animals. We have the ability to think rationally and make a conscious decision to not give in the reptile riding on the back of a monkey. Well, most of us anyway. Whether we actually do so is mostly a matter of choice.

Re:Run

[jeff4747]

they FIRED somebody with special knowledge and CRIMINALLY charged HIM for not helping them out

No, they charged him for actively blocking access to the old systems.

Would I be "liable" for not disclosing in that case?

No, because 'Exhibit A' for the defense at any trial would be your documentation, proving that you _were not_ blocking access.

Re:Run

[jeff4747]

Withholding a password is not "vandalism"

The fact that we call it "hacking" instead of "vandalism" isn't terribly relevant. Language changes. In both cases, you are denying someone access to their property.

But I see those passwords as being at the end of a continuum of "special knowledge" that one may have about a network, or some other IT system, whether it be Operating System, application, or network infrastructure.

Ah, I see. You wrote a thousand words to pretend that this is about something completely irrelevant.

It's really simple. It wasn't Childs's network. They said "return control to us". Childs said "No".

Even if we wander off into your fantasy land where passwords are knowledge instead of means of access, then Childs should have created new admin accounts for the new administrators. He explicitly refused to create those new accounts, which is when he got fired. At that point, it became an attempt to recover his passwords instead.

What use would it be to give someone a password to a network infrastructure device, but they have no clue how to configure it, how to troubleshoot problems, how to even understand the role that the device plays in the overall infrastructure?

Not your, or Childs's, decision. The boss says "give them access". The correct response (after getting the request in writing) is to say "Yes, sir/ma'am". The incorrect response is to say "No! They aren't good enough!".

he was convicted of "hacking" it, framed in terms of "denying service to authorized users". That -- like DDoS'ing the management ports -- implies an affirmative malicious act, not merely a "failure to assist".

Oh come on. This argument is absurd.

He was not passively sitting in his office until the police showed up and arrested him. He refused to create new admin accounts. He was told his insubordination would get him fired. He continued to tell his bosses "No". That's when he got fired and his bosses asked for his passwords. At which point he still said "No".

To claim that Childs was absolutely passive in this entire adventure is insane.

Re:More than one person to blame -- that's unameri

[Mongoose+Disciple]

Therefore pointing out that Childs' sentence is way out of line with sentences handed out in similar cases is a a compelling argument that his punishment was, in fact, unfair.

That's just it -- the author didn't manage that. All of those sentences were pretty well on the same order of magnitude.

Re:Not Surprising

[obijuanvaldez]

He certainly sounds incompetent, but he's in jail because hes a jerk- and thats _wrong_.

It sure would be wrong if he was in jail because he is a jerk. But he isn't. He is in jail because he was found guilty of felony network tampering.

Re:More than one person to blame -- that's unameri

[Dread_ed]

Did he just say "Fuck Occam and his rusty ass razor?" Sounded just like it...

Re:More than one person to blame -- that's unameri

[Joe+Snipe]

+1 irony

Just being a jerk doesn't deserve five years

[dbIII]

That's more like it. However read it, consider the Mayor's showmanship in court and you'll see that good or bad Terry Childs was a toy in a nasty little profile boosting game in a disfunctional city government. He deserved to lose his job, but not prison time. I still stand by it being a ridiculous beatup over office politics gone wrong which we would never have seen in an organisation that didn't have cops on the payroll or somebody that wanted to look like a hero in front of the cameras.
His employer wanted to hurt him and went law shopping until they found something they could make fit, after a few tries and some truly outragous claims. That is not justice, it's Chinese Communist style "might is right".

Re:Just being a jerk doesn't deserve five years

[bhartman34]

I still stand by it being a ridiculous beatup over office politics gone wrong which we would never have seen in an organisation that didn't have cops on the payroll or somebody that wanted to look like a hero in front of the cameras.

I don't understand how you reach that conclusion with the facts at hand. Childs is the one who dragged the mayor into it in the first place. He's the one who was being the drama queen.

Speeding is a crime too

[bussdriver]

Should you get jail time for speeding?
You get a fine.

Why can't he get a fine? or be barred from IT work for X years? What is the point of locking him in a cage like a rabid animal? punishment can take many forms.

Re:Run

[mabhatter654]

again, you miss the point... he was fired for not documenting, so be it. Once he was fired, there was no other duty to the boss. They FIRED HIM!

In the US we have "innocent until proven guilty" in our legal system... as this is a CRIMINAL trial, not a CIVIL trial the burden of proof is that he COMMITTED a criminal act, not omitted something that denied them access. He did not deprive them of their property in ANY way. There was no evidence AFTER being fired he DID ANY damage to their systems, none. He didn't give them the passwords, so what? They had PHYSICAL access, they COULD have gotten control back.. that is the COST of firing an employee that knows more than you.

If you don't see what happened here, essentially they had no backup plan, and couldn't even hire smart enough people to reset the passwords without wrecking their network! It would not have been easy to redo the network, but it was running stable until they had the time to reconfigure it. Sure that is extra cost, but given the terms of letting him go, they should have spent the money on a network rebuild anyway. (again, not the EMPLOYEE's fault THEY don't trust him anymore) Any additional cost was the MANAGEMENT'S fault, not the employee's. This sets a DANGEROUS precedent that an employer can use CRIMINAL charges if you don't give them what they THINK they need, when they think they need it AFTER they let you go.

Re:Run

[jeff4747]

he was fired for not documenting, so be it

Absolutely wrong.

His boss told him he was being reassigned, and told him to give access to his replacement. Childs refused. His boss gave him lots of chances to change his mind, and Childs continued to refuse. Then he was fired. When fired, he was required to return control to his boss, which he refused to do.

He did not deprive them of their property in ANY way.

Again, absolutely wrong. The city couldn't use the administrative features of their network, because Childs first refused to create an admin account for his replacement, and then refused to turn over his passwords when fired.

This isn't about "backup plan", or competence of the city. That's a red herring thrown about by Childs's supporters in an attempt to turn this into some sort of evil government plot.

This is very, very simple: Childs blocked access to the new administrators of the network. After WAY too many chances, he continued to block access. That's a DoS attack.

and couldn't even hire smart enough people to reset the passwords without wrecking their network

So...didn't pay attention to the case at all? Just leaping in at the end with what the case 'means' without any knowledge? Password recovery is a major security hole, so it's routine to disable password recovery mechanisms. Which Childs did. That means the only way in without Childs's passwords was to factory reset the equipment, thus wrecking the network.

This sets a DANGEROUS precedent that an employer can use CRIMINAL charges if you don't give them what they THINK they need

And still absolutely wrong.

This became a criminal matter because Childs made it a criminal matter with insane levels of stupidity and ego. He had many chances to do it the right way (create that new admin account), and many chances to do it the wrong way (you're fired, now turn over your passwords). Childs chose to elevate this situation into a criminal matter....oh wait, I'm sorry. I didn't capitalize that word in an attempt to make it seem more important. Childs chose to elevate this situation into a CRIMINAL matter.

This case doesn't set some sort of DANGEROUS precedent, because only a trivial number of people are so STUPID. This is not a "one little guy trying to do the right thing and the MAN locking him up". This is a MORON who's EGO was so enormous that he 1) Got himself fired, despite many second chances, and 2) Got himself arrested.

Personally, I'm HARD pressed to come up with a reason to BE so obstinate, unless Childs was hiding something really bad IN the flash memory of those routers. (That's a capital period, btw)