I believe the charge they finally went with, and the one that stuck, was that he criminally denied people access to their own computing equipment. Seems pretty straightforward to me. Nothing like the Lori Drew/bullying issues, which I agree are a terribly murky legal issue, where you really must struggle to justify prosecuting versus free speech rights.
He left them with their only option being security resets on a large and geographically spread out set of equipment. This would have cost the city $200,000 by the estimate I saw.
I've thought about it. I've expressed my thoughts.
I understand it's tough to man up and admit that, even though we imagined he symbolized our struggle with obnoxious and ignorant management, the guy really did turn out to be a crazy, egotistical kook. But I would suggest taking the medicine. There are plenty of worthy causes to get behind. Plenty. His attempt to justify locking ones' bosses out of the company/government equipment when aggrieved just didn't turn out to be one of them.
Why not? He is guilty. He has stained our profession, and these unseemly and ridiculous attempts to defend and justify criminal behavior by resorting to the kinds of pathetic errors of logic that we normally scoff at others for making do even worse.
By your own logic, we can never call anyone a criminal, since merely being convicted is not enough. Hardly anyone is beyond an appeal or reversal in judgement.
You're also leaving aside how damning the evidence really is against him. Which is really astounding to me. I highly doubt he will be getting out of this.
That's what I would call "false balance" or the desire to create equality or parity where none exists.
His story didn't make sense. I didn't need to rely on any assumptions to point out how. You only need to actually read the rules that everyone loved to reference without reading themselves to see how unlikely his story was to be true.
If you look back at my posts - please do - you'll see that all I did was point out the ways the story obviously didn't make sense. I have no emotional investment in Terry Childs - other than wishing he really wasn't guilty, because when one person in our profession behaves as badly as I feared he did, it affects all of us.
As often happens when you use your common sense instead of your emotions, you are more likely to be right. That's all that happened here. And if you're denying that, be my guest. But I'm going to point out that you're missing an opportunity to learn something valuable about yourself.
He's a criminal. What happened between the time he was arrested and conviction isn't that unusual as the DA refined the case, let alone in a case with some technical complexity. He deserves to be where he is, in jail.
As someone who saw through Terry Childs early on, I found myself in the minority here. I took one of my first big karma beatings just pointing out a few ways how this narrative of him being a idealistic professional locked up by his evil, stupid bosses was pretty obviously not possible, even just looking at the bare facts.
What struck me was the way so many of us in the industry instinctively acted out our prejudices, made assumptions, hunted out any shred of fact that supported him (selective and misleading quotes from the CA rulebook, for instance), and even assiduously avoided rational counterarguments and conflicting evidence.
And now here we are at the end of the trial. The evidence is utterly damning. Long before he was fired, he was asked by someone for access to these systems and refused. We know he knew the guy (his boss' boss) was authorized, because there's written evidence in Childs's own emails to that effect. There was no moral justification for what he did. He was just being a criminal, the same as if someone you trusted locked you out of your computer.
Thanks for your comments, I hope I can address them all. First, he was not fired before asked for access to the FiberWAN. And there's a big distinction there -- not only was he asked for passwords, he was asked for "access". I can understand not giving up your personal username and password, but also not allowing anyone else there own access is entirely different. However, he did go into this meeting knowing that he was being "reassigned", so I'm of the frame of mind that he actually thought he was being fired. After a long period of different claims -- including that he didn't remember them, that he himself had been locked out of the system for three months (even though he was working on it that morning), providing incorrect passwords -- he was placed on administrative leave. He was even scheduled to have a meeting the next week with the CTO of the city to discuss the matter. However, he made one of the biggest mistakes then that he could have. While under police surveillance, he decided then to leave the state and make cash withdrawals of over $10,000. He was arrested, and that's where it became a criminal matter instead of simply an employment matter.
I think this is a good moment for all of us to reflect on how rallying around this lying criminal stained our profession, and how we should practice the same objectivity with ourselves and those "in the downtrodden world of IT" that we expect in others.
It was more difficult because there is no legal definition of "authorized user", and in that case we are left to use a common sense definition of the term. That may be easy to do, but the harder part is determining who those people are, because in different companies and organizations, policies in place many time determine who they are. So now we have another problem here in that there was no formal policy or procedure in place to determine who is an "authorized user", so we had to use the evidence available to us to determine who Terry Childs would reasonably believe an authorized user would be.
To do that, we had to look through a lot of testimony, in addition to pieces of evidence which showed who he had previously determined to be "authorized users".[emphasis added] In the end it was our determination that he knew the person requesting access was authorized to have it. Like I said, this was really the hardest question for us to answer, but after examining job descriptions, job vacancy bulletins, performance appraisals, numerous emails, etc., we were able to reach the conclusion we did.
Terry Childs already had this knowledge (as evidenced in the emails).[emphasis added] We had to spend the time to sift through all the information to make sure we were beyond a reasonable doubt about this conclusion.
Jury nullification? Are you on crack? He hated his bosses, they hated him, and when he caught wind of the predictable result (he was going to be canned), he snapped.
The prosecution clearly proved beyond a shadow of a doubt that his whole rules canard was a lie and a scam. He knew his boss's boss was authorized to have the PW's, and worse, he was on record knowing that. He just refused to give him the passwords anyway, even before that final meeting, and kept right on refusing until he was fired, given an ultimatum by the cops, and then locked up. He kept demanding to see the mayor - which is not policy in any way shape or form. Why? I'm guessing in his paranoid fantasy he thought if he could badmouth his bosses to the mayor he might be vindicated.
He belongs in prison. People do longer terms than 5 years for crimes of lower dollar value than $200k.
I think that's what his bosses tried to do. They were not required to be polite while doing it, either. I'm betting he wasn't fired until after he'd already crossed way over the line.
From the information coming out now, it is utterly and totally clear that Childs deserved to go to jail.
"This jury was not made up of incompetent people.... I myself am a network engineer with a CCIE and thirteen years experience.... No matter what you think... you do not have... even 10% of... the full story. I am confident that we reached the correct verdict.
...
One of the most difficult questions for us to answer... [was] who is an "authorized user"?... We did ultimately determine... beyond any reasonable doubt... his boss' boss was an authorized user."
... ...we had to use the evidence available to us to determine who Terry Childs would reasonably believe an authorized user would be.
To do that, we had to look through a lot of testimony, in addition to pieces of evidence which showed who he had previously determined to be "authorized users".[emphasis added] In the end it was our determination that he knew the person requesting access was authorized to have it. Like I said, this was really the hardest question for us to answer, but after examining job descriptions, job vacancy bulletins, performance appraisals, numerous emails, etc., we were able to reach the conclusion we did.
More info here, in the words of a/. poster, and network engineer, and juror on the case.
This leaves no room for any argument or misinterpretation. It also throws all the wilfully misinformed ego-drama here into stark relief. You really cannot lock your employers out of their equipment and expect to skate with some doubletalk and lies about the rules, no matter how much your momma spoiled you.
Wow, almost nothing you said was true or made sense. It would have cost $200k resetting hardware all over the city's plant. They didn't kidnap the guy or deny him his rights, and no one suggested otherwise. And when you are management you can have whatever ego you want - it doesn't mean your employees can lock you out of your systems.
You think he was acting professionally and following policy? Look, I'm aware that his defense spread some story about the rules. You haven't read them, but I have. Here's from their rulebook:
"In accordance with these strategies the following policy statements apply to the key areas and functions of the Security Perimeter. In all statements where the “County Authority” (CA) is mentioned, depending on the County reporting structure, this can be the CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)."
"If someone demands a password, refer him or her to this document or have him or her call someone in Information Security."
Obviously he hated having to do what his boss told him enough to go to prison. But something tells me that if we go through the records of all the people who asked him for the passwords (and by the end it was certainly more than just his boss), we would find that among them were at least one person "in Information Security," or who was "CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)." [emphasis added]
You can see for yourself his actions don't match policy. He was just crazy enough to think he could still use password-blackmail to torch his boss to the mayor - from jail.
And that's even without looking at the detailed information that emerged from the trial:
"This jury was not made up of incompetent people.... I myself am a network engineer with a CCIE and thirteen years experience.... No matter what you think... you do not have... even 10% of... the full story. I am confident that we reached the correct verdict.... One of the most difficult questions for us to answer... [was] who is an "authorized user"?... We did ultimately determine... beyond any reasonable doubt... his boss' boss was an authorized user."
More here - this juror is a/. user and these are from his posts.
Funny how the truth gets buried and ego is always at the wheel.
"In accordance with these strategies the following policy statements apply to the key areas and functions of the Security Perimeter. In all statements where the “County Authority” (CA) is mentioned, depending on the County reporting structure, this can be the CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)."
"If someone demands a password, refer him or her to this document or have him or her call someone in Information Security."
Obviously he hated having to do what his boss told him enough to go to prison. But something tells me that if we go through the records of all the people who asked him for the passwords, we would find that among them were at least one person "in Information Security," or who was "CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)."
And as I've pointed out over and over - if he was telling the truth about this legal issue being his real concern, he would have acted like most any of us would and gotten a lawyer in there. He would have just asked for them to sign a one-pager releasing him from liability in exchange for handing over the passwords, instead of acting like a dick and giving a fake password back, which is what I'm given to believe he did?
So? If you buy that nonsense that no one in the room was really empowered to ask for the passwords - which is likely a load of crap, by the way - just get a lawyer. If you're really so scared, negotiate like an adult, with proper representation. Get a release from liability in exchange for the passwords.
That's as opposed to not doing that. Plus handing over a fake password just to fuck with them, I believe?
There is just no way around it, no matter how big a douche your employer is, or how wrong or unfair you think it is, or how big a mistake they are making... withholding your employers' passwords will land you in jail.
Some may work up some emotion over this, but I don't think this will really be a surprise to many people.
Here's a hint; when you end up in a room with the cops and a lot of your management, fine, ask for your lawyer, but don't plan on using that same management's written policy against them. They are management - they wrote the policy. They're telling you their new policy. Verbally. In no uncertain terms. With the cops present.
You cannot lock your customers out of their equipment. This is not a legal theory our society will ever adopt, nor should it. Imagine if the courts agreed that IT staff has discretion to withhold their customers' own passwords. "They weren't smart enough to have it." "They asked for it the wrong way." "They once had a written policy that I shouldn't tell them."
OK, so no one can ever fire you. When can't you come up with an excuse to lock the equipment and walk off? Imagine if the courts blessed it! You could pull that burn off and coast, untouchable. Yeah, that philosophy really has legs.
You: "Give me the password." Your employee: "No." You: "You're violating my policy - I need the password." Your employee: "I disagree. I have my own interpretation of your policy." You: "You're fired." Your former employee: "Great, now I definitely won't give you the password." You: "Obviously I'm not paying you to refuse to do what I'm asking. But you still have my passwords." Your former employee: "Fine, but since you're not paying me, I'm not your slave. You can't force me to perform."
Hear that sound? It's the eyes of every slave who ever lived rolling back in their heads.
Think about it. Childs could, if he truly was motivated by fear of violating a policy, have called his lawyer into the room, to say: "no problem, we'll give you the passwords, we just need you to release us from liability for disclosing those passwords, one pager, sign here..." He didn't, because this was about ego, not policy. He just didn't want to have to cave and do what they said. He's not the first - many an outsized ego has landed its owner in prison.
Then one could make the point that our tarriffs on Chinese slave-labor goods could be rapidly decreasing.:) Although I don't think trade protectionism works. So personally I would look at it differently. Perhaps a policy where you can trade freely with any nation that you also have an open door immigration policy with. Seems reasonable enough, no?
Slashdot Mirror
And who is "Omnifarious" either? It's a joke, dude.
I believe the charge they finally went with, and the one that stuck, was that he criminally denied people access to their own computing equipment. Seems pretty straightforward to me. Nothing like the Lori Drew/bullying issues, which I agree are a terribly murky legal issue, where you really must struggle to justify prosecuting versus free speech rights.
Utter nonsense.
He left them with their only option being security resets on a large and geographically spread out set of equipment. This would have cost the city $200,000 by the estimate I saw.
I've thought about it. I've expressed my thoughts.
I understand it's tough to man up and admit that, even though we imagined he symbolized our struggle with obnoxious and ignorant management, the guy really did turn out to be a crazy, egotistical kook. But I would suggest taking the medicine. There are plenty of worthy causes to get behind. Plenty. His attempt to justify locking ones' bosses out of the company/government equipment when aggrieved just didn't turn out to be one of them.
Why not? He is guilty. He has stained our profession, and these unseemly and ridiculous attempts to defend and justify criminal behavior by resorting to the kinds of pathetic errors of logic that we normally scoff at others for making do even worse.
By your own logic, we can never call anyone a criminal, since merely being convicted is not enough. Hardly anyone is beyond an appeal or reversal in judgement.
You're also leaving aside how damning the evidence really is against him. Which is really astounding to me. I highly doubt he will be getting out of this.
I would be willing to hire him,
Let me put it this way.
I would not be willing to hire you.
I would call that a lame attempt to change the subject.
We do not require that every law be perfect, or a legal regime to have no flaws, for us to have any notion of right and wrong, or criminal and victim.
Leaving a company locked out of their equipment is not leaving them in working order, nor does it constitute a "lack of damage."
If you can be that wrong, there's not much point in addressing the other ways your "interpretation" of the facts is wrong.
That's what I would call "false balance" or the desire to create equality or parity where none exists.
His story didn't make sense. I didn't need to rely on any assumptions to point out how. You only need to actually read the rules that everyone loved to reference without reading themselves to see how unlikely his story was to be true.
If you look back at my posts - please do - you'll see that all I did was point out the ways the story obviously didn't make sense. I have no emotional investment in Terry Childs - other than wishing he really wasn't guilty, because when one person in our profession behaves as badly as I feared he did, it affects all of us.
As often happens when you use your common sense instead of your emotions, you are more likely to be right. That's all that happened here. And if you're denying that, be my guest. But I'm going to point out that you're missing an opportunity to learn something valuable about yourself.
He's a criminal. What happened between the time he was arrested and conviction isn't that unusual as the DA refined the case, let alone in a case with some technical complexity. He deserves to be where he is, in jail.
As someone who saw through Terry Childs early on, I found myself in the minority here. I took one of my first big karma beatings just pointing out a few ways how this narrative of him being a idealistic professional locked up by his evil, stupid bosses was pretty obviously not possible, even just looking at the bare facts.
What struck me was the way so many of us in the industry instinctively acted out our prejudices, made assumptions, hunted out any shred of fact that supported him (selective and misleading quotes from the CA rulebook, for instance), and even assiduously avoided rational counterarguments and conflicting evidence.
And now here we are at the end of the trial. The evidence is utterly damning. Long before he was fired, he was asked by someone for access to these systems and refused. We know he knew the guy (his boss' boss) was authorized, because there's written evidence in Childs's own emails to that effect. There was no moral justification for what he did. He was just being a criminal, the same as if someone you trusted locked you out of your computer.
Just read:
Thanks for your comments, I hope I can address them all. First, he was not fired before asked for access to the FiberWAN. And there's a big distinction there -- not only was he asked for passwords, he was asked for "access". I can understand not giving up your personal username and password, but also not allowing anyone else there own access is entirely different. However, he did go into this meeting knowing that he was being "reassigned", so I'm of the frame of mind that he actually thought he was being fired. After a long period of different claims -- including that he didn't remember them, that he himself had been locked out of the system for three months (even though he was working on it that morning), providing incorrect passwords -- he was placed on administrative leave. He was even scheduled to have a meeting the next week with the CTO of the city to discuss the matter. However, he made one of the biggest mistakes then that he could have. While under police surveillance, he decided then to leave the state and make cash withdrawals of over $10,000. He was arrested, and that's where it became a criminal matter instead of simply an employment matter.
I think this is a good moment for all of us to reflect on how rallying around this lying criminal stained our profession, and how we should practice the same objectivity with ourselves and those "in the downtrodden world of IT" that we expect in others.
Give me a break dude.
Here, just read, from the same juror:
It was more difficult because there is no legal definition of "authorized user", and in that case we are left to use a common sense definition of the term. That may be easy to do, but the harder part is determining who those people are, because in different companies and organizations, policies in place many time determine who they are. So now we have another problem here in that there was no formal policy or procedure in place to determine who is an "authorized user", so we had to use the evidence available to us to determine who Terry Childs would reasonably believe an authorized user would be.
To do that, we had to look through a lot of testimony, in addition to pieces of evidence which showed who he had previously determined to be "authorized users". [emphasis added] In the end it was our determination that he knew the person requesting access was authorized to have it. Like I said, this was really the hardest question for us to answer, but after examining job descriptions, job vacancy bulletins, performance appraisals, numerous emails, etc., we were able to reach the conclusion we did.
Terry Childs already had this knowledge (as evidenced in the emails). [emphasis added] We had to spend the time to sift through all the information to make sure we were beyond a reasonable doubt about this conclusion.
Jury nullification? Are you on crack? He hated his bosses, they hated him, and when he caught wind of the predictable result (he was going to be canned), he snapped.
The prosecution clearly proved beyond a shadow of a doubt that his whole rules canard was a lie and a scam. He knew his boss's boss was authorized to have the PW's, and worse, he was on record knowing that. He just refused to give him the passwords anyway, even before that final meeting, and kept right on refusing until he was fired, given an ultimatum by the cops, and then locked up. He kept demanding to see the mayor - which is not policy in any way shape or form. Why? I'm guessing in his paranoid fantasy he thought if he could badmouth his bosses to the mayor he might be vindicated.
He belongs in prison. People do longer terms than 5 years for crimes of lower dollar value than $200k.
I think that's what his bosses tried to do. They were not required to be polite while doing it, either. I'm betting he wasn't fired until after he'd already crossed way over the line.
From the information coming out now, it is utterly and totally clear that Childs deserved to go to jail.
"This jury was not made up of incompetent people. ... I myself am a network engineer with a CCIE and thirteen years experience. ... No matter what you think ... you do not have ... even 10% of ... the full story. I am confident that we reached the correct verdict.
...
One of the most difficult questions for us to answer ... [was] who is an "authorized user"? ... We did ultimately determine ... beyond any reasonable doubt ... his boss' boss was an authorized user."
...
...we had to use the evidence available to us to determine who Terry Childs would reasonably believe an authorized user would be.
To do that, we had to look through a lot of testimony, in addition to pieces of evidence which showed who he had previously determined to be "authorized users". [emphasis added] In the end it was our determination that he knew the person requesting access was authorized to have it. Like I said, this was really the hardest question for us to answer, but after examining job descriptions, job vacancy bulletins, performance appraisals, numerous emails, etc., we were able to reach the conclusion we did.
More info here, in the words of a /. poster, and network engineer, and juror on the case.
This leaves no room for any argument or misinterpretation. It also throws all the wilfully misinformed ego-drama here into stark relief. You really cannot lock your employers out of their equipment and expect to skate with some doubletalk and lies about the rules, no matter how much your momma spoiled you.
Wow, almost nothing you said was true or made sense. It would have cost $200k resetting hardware all over the city's plant. They didn't kidnap the guy or deny him his rights, and no one suggested otherwise. And when you are management you can have whatever ego you want - it doesn't mean your employees can lock you out of your systems.
I would start with some background and then come back. We can try again.
TL;DR. Educate yourself and then come back. We can try again.
Give it a break, dude.
Educate yourself and then come back. I'll accept your apology then.
You think he was acting professionally and following policy? Look, I'm aware that his defense spread some story about the rules. You haven't read them, but I have. Here's from their rulebook:
"In accordance with these strategies the following policy statements apply to the key areas and functions of the Security Perimeter. In all statements where the “County Authority” (CA) is mentioned, depending on the County reporting structure, this can be the CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)."
"If someone demands a password, refer him or her to this document or have him or her call someone in Information Security."
Obviously he hated having to do what his boss told him enough to go to prison. But something tells me that if we go through the records of all the people who asked him for the passwords (and by the end it was certainly more than just his boss), we would find that among them were at least one person "in Information Security," or who was "CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)." [emphasis added]
You can see for yourself his actions don't match policy. He was just crazy enough to think he could still use password-blackmail to torch his boss to the mayor - from jail.
And that's even without looking at the detailed information that emerged from the trial:
"This jury was not made up of incompetent people. ... I myself am a network engineer with a CCIE and thirteen years experience. ... No matter what you think ... you do not have ... even 10% of ... the full story. I am confident that we reached the correct verdict. ... ... [was] who is an "authorized user"? ... We did ultimately determine ... beyond any reasonable doubt ... his boss' boss was an authorized user."
One of the most difficult questions for us to answer
More here - this juror is a /. user and these are from his posts.
Funny how the truth gets buried and ego is always at the wheel.
I'm aware that's the story his lawyer's spread.
Here's from their rulebook:
"In accordance with these strategies the following policy statements apply to the key areas and functions of the Security Perimeter. In all statements where the “County Authority” (CA) is mentioned, depending on the County reporting structure, this can be the CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)."
"If someone demands a password, refer him or her to this document or have him or her call someone in Information Security."
Obviously he hated having to do what his boss told him enough to go to prison. But something tells me that if we go through the records of all the people who asked him for the passwords, we would find that among them were at least one person "in Information Security," or who was "CIO, CISO, CTO, CEO or COO and implies the CA or their designee(s)."
And as I've pointed out over and over - if he was telling the truth about this legal issue being his real concern, he would have acted like most any of us would and gotten a lawyer in there. He would have just asked for them to sign a one-pager releasing him from liability in exchange for handing over the passwords, instead of acting like a dick and giving a fake password back, which is what I'm given to believe he did?
So? If you buy that nonsense that no one in the room was really empowered to ask for the passwords - which is likely a load of crap, by the way - just get a lawyer. If you're really so scared, negotiate like an adult, with proper representation. Get a release from liability in exchange for the passwords.
That's as opposed to not doing that. Plus handing over a fake password just to fuck with them, I believe?
You know what the moral of this story is? Don't work for anyone.
Just be honest about your novel opinions on password ownership and liability in your job interviews, and that won't be a problem.
This is not as common or as comparable as you imply, and to the degree it is at all, it is every bit as fucked.
There is just no way around it, no matter how big a douche your employer is, or how wrong or unfair you think it is, or how big a mistake they are making... withholding your employers' passwords will land you in jail.
Some may work up some emotion over this, but I don't think this will really be a surprise to many people.
Here's a hint; when you end up in a room with the cops and a lot of your management, fine, ask for your lawyer, but don't plan on using that same management's written policy against them. They are management - they wrote the policy. They're telling you their new policy. Verbally. In no uncertain terms. With the cops present.
You cannot lock your customers out of their equipment. This is not a legal theory our society will ever adopt, nor should it. Imagine if the courts agreed that IT staff has discretion to withhold their customers' own passwords. "They weren't smart enough to have it." "They asked for it the wrong way." "They once had a written policy that I shouldn't tell them."
OK, so no one can ever fire you. When can't you come up with an excuse to lock the equipment and walk off? Imagine if the courts blessed it! You could pull that burn off and coast, untouchable. Yeah, that philosophy really has legs.
You: "Give me the password."
Your employee: "No."
You: "You're violating my policy - I need the password."
Your employee: "I disagree. I have my own interpretation of your policy."
You: "You're fired."
Your former employee: "Great, now I definitely won't give you the password."
You: "Obviously I'm not paying you to refuse to do what I'm asking. But you still have my passwords."
Your former employee: "Fine, but since you're not paying me, I'm not your slave. You can't force me to perform."
Hear that sound? It's the eyes of every slave who ever lived rolling back in their heads.
Think about it. Childs could, if he truly was motivated by fear of violating a policy, have called his lawyer into the room, to say: "no problem, we'll give you the passwords, we just need you to release us from liability for disclosing those passwords, one pager, sign here..." He didn't, because this was about ego, not policy. He just didn't want to have to cave and do what they said. He's not the first - many an outsized ego has landed its owner in prison.
And pretty soon you have no rights left to give away.
The dream of cops, reactionaries, xenophobes, and fascist thugs everywhere...
What are the odds those cops got one of the few people left in their city who know their rights and have the means to defend them.
Then one could make the point that our tarriffs on Chinese slave-labor goods could be rapidly decreasing. :) Although I don't think trade protectionism works. So personally I would look at it differently. Perhaps a policy where you can trade freely with any nation that you also have an open door immigration policy with. Seems reasonable enough, no?