Forgot your password?
typodupeerror
Security The Courts Government

Ex-SF Admin Terry Childs Gets 4-Year Sentence 432

Posted by timothy
from the if-only-he-knew-the-password-to-jail dept.
Robert McMillan writes "You remember Terry Childs, right? He was finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."
This discussion has been archived. No new comments can be posted.

Ex-SF Admin Terry Childs Gets 4-Year Sentence

Comments Filter:
  • Re:So... (Score:5, Informative)

    by Sycraft-fu (314770) on Saturday August 07, 2010 @07:29AM (#33172732)

    Well Slashdot themselves had a good article they linked to (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html) some time back. Also, the case is most likely public record. So if you are interested in all the details you should be able to request copies of just about everything.

  • by Anonymous Coward on Saturday August 07, 2010 @07:37AM (#33172764)

    "When called on this he refused, bluffed, and finally lied."

    And he also tried to flee, at which point he was arrested.

  • by dtbw (716889) on Saturday August 07, 2010 @08:00AM (#33172864)
    "Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords." No, but if your management or your customer directs you to grant access while you are still employed you are required to do so regardless of your opinion of their technical expertise. You might take pride in your network but guess what. It's not YOUR network. You're just paid to maintain it. Just document the access request to cover your rear and do what you're told. If they screw up the system, you are not obligated to restore it if you wish to resign or have already been fired. You already gave the them access they need to fix it themselves or hire someone else.
  • Well as it happens (Score:5, Informative)

    by Sycraft-fu (314770) on Saturday August 07, 2010 @08:04AM (#33172876)

    Mr. Childs DID have a peer (or more realistically a better) on his jury. One of the jurors has a CCIE and works in network. See http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] for the details. Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.

    The problem is that he flat out broke the law, and it was pretty obvious he knew he was doing wrong, he just thought they couldn't touch him. He had become infected with the sysadmin diesase of thinking that he owned the systems and could do as he pleased, and that he could make himself indispensable.

    So sorry, but don't try and pass this off as "stupid jurors." The man had someone with the peak of network training sitting on his jury.

  • by Anonymous Coward on Saturday August 07, 2010 @08:12AM (#33172900)

    He wasn't fired. He was apparently going to be reassigned to a new job, but not fired. While still employed and in preparation for his new assignment (obviously someone else was going to have to have access to the system he was no longer going to be running) he sat in a room with an authorized person (who he had e-mailed passwords to certain of the routers the previous week), an HR person, and a police officer, and didn't turn over the passwords to the rest of the system when asked.

    Child's situation has nothing to do with the scenario you describe because he was *employed* at the time and talking to his *current* boss.

  • Re:Justice is Served (Score:2, Informative)

    by Anonymous Coward on Saturday August 07, 2010 @09:25AM (#33173318)

    Is assault & battery funny? Of course not, but it is when the Three Stooges did it. Is gun violence funny? No, but we laugh when Yosemite Sam does it. Bad things are funny. Really bad things not so much, and there's no real objective way to draw that line, but something like a male criminal getting it in the pooper...well, pretty overdone, not too funny, and in the end you would hope it doesn't happen as the punishment would be nowhere near close to fitting the crime (I would certainty hope they're not holding him with violent criminals who would do that sort of thing), but I don't get all the righteous indignation over merely mentioning it in some sort of attempt at humor.

  • by miaDWZ (820679) * <{ua.di.doowrehsinala} {ta} {nala}> on Saturday August 07, 2010 @10:08AM (#33173590) Homepage

    I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line. .

    You're not the first to think of such an idea, it actually has a name. I learnt about it way back when I was doing Legal Studies as a subject during my VCE (Victoria, Australia's version of your typical high school certificate).

    So anyway, we did a unit on Juries and the different types and how we ended up with the one we have today in our legal system. One of the jury types that were turned down was exactly how you described and I recall thinking "that actually sounds like a good idea". The reason that it's not used (at least, according to my text book) was that juries who were in the same line of work as the defendant tended to be unfairly harsher then your stock standard jury.

    For example, say that in this case, all the jury members were IT networking professionals (yes, I realize in this case one of them did have a CCIE). There's the tendency that all the jury members would think "Well, this guy just brought down our entire industry and did something I would never do -- let's give him [insert harsher verdict/sentence than a standard person would give]"

    I know, for example, if I were put on a jury for some guy who allegedly made a botnet and was hiring it out for the highest bidder, I would certainly be giving a very harsh verdict/sentence.

    That all said, I can't for the life of me recall what this jury type was called, and my 30 seconds on Google didn't find a result, so please take this post as [citation needed].

  • by camperdave (969942) on Saturday August 07, 2010 @10:40AM (#33173772) Journal
    Except there are denial of service laws that are being violated here.
  • Re:So... (Score:5, Informative)

    by buddyglass (925859) on Saturday August 07, 2010 @11:39AM (#33174218)

    Sorry, that is not the definition of theft. Here is California's definition [ca.gov] of theft. The item taken need only be "property", not an object, and includes services. There is no stipulation that the taker have no intent to return the item. In Child's case, if his withholding passwords were indeed thought to be theft, the value of the property would make it grand theft. Interestingly, since he didn't use a firearm, the maximum sentence would be one year. Though, I suppose the state could file a civil suite against him to recoup their losses. Not sure how that works.

  • by kwbauer (1677400) on Saturday August 07, 2010 @11:43AM (#33174244)

    Not exactly true.

    If you happen to have keys to company doors on your keyring, you are required to return them. If you happen to have been given a company car, you are required to return it.

    Just because you have been fired does not mean that you are free to keep whatever company property you may have in your possession. The question then becomes whether passwords are considered company property.

    Also, as pointed out elsewhere... An administrator that had so little common sense as to not plan for his untimely demise (as in others already have those passwords should he suddenly die), should really be considered as nothing more than a bumbling fool by real professionals.

    And yes, I believe most people would consider any code or other work-product on your computer but not yet committed to source control as company property (they already paid you for providing it) so you must help them access it. Yes, most company network admins can do this with their accounts and that can be considered good enough.

  • Re:So... (Score:5, Informative)

    by westlake (615356) on Saturday August 07, 2010 @11:51AM (#33174288)

    What I'm going to be more interested in is the appeal. There's no way that he isn't going to try and appeal, and if as much of it has been glossed over or ignored as it seems to be at this time, he may get the conviction and any financial penalties overturned.

    Factual disputes are for the trial courts.

    You must raise the issue there and you must do it clearly and competently.

    You won't be given a second chance on appeal.

    The court of appeals is only interested in whether the judge or jury made a fundamental legal mistake in their handling of the case.

       

  • Re:So... (Score:4, Informative)

    by commodore64_love (1445365) on Saturday August 07, 2010 @01:54PM (#33174966) Journal

    >>>Theft is when you take away something [an object] that belongs to someone else, with the intention to never return it.

    Precisely. Childs denied the owner his property (the passwords) or use of other property (the computers). He deserves every year of that 4 year punishment for being an asshole. There is absolutely no justification for his actions except in the minds of *other* assholes.

    Like my ex-boss.

  • by Americano (920576) on Saturday August 07, 2010 @02:31PM (#33175186)

    And you're leaving out the fact that Childs had CC'ed the person asking for passwords a week earlier, on an email containing a list of usernames and passwords that he had set up. What changed in the intervening week, where the guy who you claim "wasn't authorized to have them, by city policy" was deemed an authorized user by Mr. Childs, and the day he was fired, when suddenly Mr. Childs decided he wasn't authorized?

    For all the people claiming that giving out passwords constitutes "working for free after you've been fired," stop and consider this: what constitutes more work - saying (or writing) down one sentence - "The password is XXXXXXXXX", or enforcing your version of an employers' security policy for them after you've been let go ? Less than 10 seconds of writing or speaking, versus a 4 year jail term, and years spent in courts over a ridiculous semantic issue?

  • Re:So... (Score:4, Informative)

    by TechForensics (944258) on Saturday August 07, 2010 @11:54PM (#33178188) Homepage Journal

    Factual disputes are for the trial courts.

    You must raise the issue there and you must do it clearly and competently.

    You won't be given a second chance on appeal.

    The court of appeals is only interested in whether the judge or jury made a fundamental legal mistake in their handling of the case.

     

    "Fundamental legal mistake" includes interpreting a statute with an overly-literal eye. The Appeals Court will get to reverse if it finds the legislature did not include Childs' conduct when using the statutory language. IAAL

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...