Terry Childs Denied Motion For Retrial 223
snydeq writes "The former San Francisco network administrator who refused to hand over passwords for one of the city's networks has been denied a new trial and is expected to be sentenced Aug. 6. Terry Childs had been due for sentencing Friday but the court instead heard two defense motions, one requesting a new trial and the other for arrested judgment — essentially to have his original conviction overturned. The motions were both denied but the court then ran out of time before the sentencing phase could be conducted."
Re:The Court "then ran out of time"? (Score:1, Informative)
The judge isn't the only person in a courtroom, and the other people are generally hourly workers, yes.
Re:Miscarriage of Justice (Score:5, Informative)
His job wasn't over at first. He was told that he was being reassigned and should hand over the password. After he refused to do that he was told to create new administrator accounts for the people taking over. It was only after refusing to do that and trying to leave the state that he was arrested and lost his job.
Re:It's The Law! (Score:5, Informative)
Except if you had done that in this particular case you would of been rebuilding the entire network from the ground up. Terry Childs deleted the startup-config on most of the network equipment so that the only copy was in running-config. He kept the configuration of every device in an encrypted drive on his laptop. If a network device was restarted or power cycled, he would log into the device and copy over the running-config.
Re:Miscarriage of Justice (Score:1, Informative)
The city (or more specifically, the department he served in) should have had a plan to prevent this from occurring. We was terminated for insubordination (for not turning over the passwords or creating the new accounts), at that point, he was essentially "dead" to his employers and it should have been handled as if he had died while still employed. Would they have brought criminal charges against a dead man if no one knew the passwords? Of course not.
Terry Childs may be an asshole, but last time I checked, that wasn't a crime.
Re:Miscarriage of Justice (Score:3, Informative)
>Terry Childs is a stupid, neurotic fool. But there's no indication that he's a thief or a scumbag. He's been punished way more than enough by now. I hope the judge gives him credit for time served and ends this.
He probably could have cut a deal for time served, if he wanted to at any time. However, he has now seriously pissed off the judge, the prosecutors, and probably the folks writing the pre-sentencing probation report. Not a good percentage play.
Not really news (Score:3, Informative)
These kinds of (defense) motions are pretty much rote - and for that reason rarely granted. Don't make too much of the fact that they weren't granted.
Re:Miscarriage of Justice (Score:5, Informative)
Nope. Wasn't his job anymore. Before he was fired he was reassigned to a different job. He was still employed by his job responsibilities no longer included maintaining that equipment. He was introduced to the new person that had that job and asked to give over the passwords. He didn't. It turned out he had booby trapped all the equipment so that only he could make any changes or repair the equipment if it lost power. Still, they were working with him to turn over the passwords to the new guy which he refused to do. The city was setting up another meeting to discuss this even when he decided to withdraw lots of cash and make signals that he was fleeing the country. That's when fed agents decided to arrest him. That's when he was fired. Only then did he say he would turn over the passwords to the mayor when he previously refused to turn them over to anybody because he was playing the "You can't fire me because I have all the passwords." routine a little to hardball. This was not a case of a worried system admin, it was a case of extortion. Perhaps a case of extortion because he is a paranoid nutcase rather than money, but still extortion.
Still, all of that is IIRC. Go back and look at the replies by one of the jurors here on /. who answered everybody's questions about the case and their decision and decide for yourself.
Re:Miscarriage of Justice (Score:1, Informative)
They asked him to work after they fired him, then arrested him for not working for free after being fired.
No, they didn't. He was arrested because:
1) He refused to either provide passwords or create new accounts for the people taking over after he had been told he was being reassigned.
2) He hadn't submitted his passwords to a central repository, as required by the policies.
3) Had set up the equipment in such a way that recovery wouldn't be easy, like configuration files only being kept in RAM.
4) Tried to leave the state.
At that point he hadn't been fired yet. He had been told that he was being reassigned and had been put on leave after he refused to cooperate.
Childs had plenty of opportunity to get out of this. While it's certainly debatable whether or not he had malicious intent, I can't see how after the trial ended and all that information came out people still believe he was completely right or was put into a Catch-22 like situation that got him arrested, like you seem to believe.
Other article (Score:1, Informative)
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case/?fp=&fpid=&pf=1 [cio.com.au]
The hit by the bus scenario or wants job security comes to my mind in all of this foolishness...
Re:Miscarriage of Justice (Score:2, Informative)
... then you are no longer under any obligation to provide passwords or anything else related to your previous job whatsoever.
You can't have it both ways. Was his job OVER or not?
Your assessment is incorrect. You're implying a second option where none exists. Unless the terms of hiring Terry Childs consisted of a complete transfer of ownership of the entire network from the City of San Francisco to Terry Childs himself, he had zero right to withhold any account credentials, both during his employment tenure and after his job was terminated. He also had no right to go through their network and booby trap the systems so only he could gain administrative access to them, rendering the entire system useless to anyone who might be filling his position in the future.
I work in IT for a mid-sized business involved in healthcare. Security is my top priority as it relates to our network and infrastructure and I stringently control who has access to what. However, if the person who signs my paycheck comes to me and informs me of a shift in my responsibilities away from the network or is terminating my position and demands that I hand over security credentials so the person coming in after me can do the job, I'll hand it over. I'll ask politely to be given a written request to cover my own ass before turning any information over, a reasonable request that any employer would probably willingly fulfill, be they government or not. But I don't have the right to go out of my way to sabotage the infrastructure to prevent future IT administrators from doing their job, even if I'm being terminated.
Re:Oh, Christ, Not This Tedious Tale Yet Again...! (Score:2, Informative)
He was fired and refused to release property that belonged to his former employer. Period, end of story.
The agreement he had with his (former) employer specifies who he was to release that information to, and under what circumstances. The request did not come from an authorized person, and the circumstances were suspect.
If you work helpdesk in a corporate environment, you might need to handle passwords. If the rules say you are only allowed to give out a an employees password to the employee, you don't give the passwords to anyone else. Not even the employees boss, or the employees boss's boss. Not even your boss, or the CEO. NO ONE, except the employee.
That's basically what happened here.
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case/?fp=&fpid=&pf=1 [cio.com.au]
"...what actually happened was that Childs refused to provide his superiors the passwords to the city's core FiberWAN network, effectively preventing them from administering the network. The network continued to function, and no city applications, data, or resources were lost or inaccessible."
Lets see what the "California Counties “Best Policies” for the Countywide Information Security Program" [ http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf [sfgov.org] ] has to say about that:
"Here is a list of things to avoid: ...
Giving your password over the phone to ANYONE.
Telling your boss your password"
So, the "Best practices" told him to NOT give his superiors the password, and certainly not over the phone (as they requested).
tl,dr: He followed the rules, and got screwed for it.
Re:Oh, Christ, Not This Tedious Tale Yet Again...! (Score:4, Informative)
If you're saying that he refused to release a password for a database, then either hire a consultant to forcefully reset the password, or contact the vendor of the software for a solution.
Despite being a jackass with no bus-factor plan, he appears to have sufficient technical capacity to build a system that could not readily be broken into using the methods you suggest. Doing so would have wiped the router configurations (they were not committed to flash, no backups were kept)
The crux of his conviction was based on the fact that he did not grant access to the system when requested by his employer. There are many ways to do that beyond giving up the passwords he used. He could have created new administrative accounts with new passwords. He could have given them access to a console logged in with his credentials.
He thought he could stonewall them. He now has plenty of time to examine the stone walls he built around himself.
Re:"His perspective" isn't a license for anything (Score:3, Informative)
> then once you're already dismissed to keep the passwords and configurations away from your former boss while he is explicitly telling you to give it up on the phone
Actually, yes, the contract does say that. The boss was not an authorized official for the passwords. If he had given up the passwords then he would have been in breach of his contract and could have been sued for that.