Forgot your password?
typodupeerror
Security The Courts Government

Ex-SF Admin Terry Childs Gets 4-Year Sentence 432

Posted by timothy
from the if-only-he-knew-the-password-to-jail dept.
Robert McMillan writes "You remember Terry Childs, right? He was finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."
This discussion has been archived. No new comments can be posted.

Ex-SF Admin Terry Childs Gets 4-Year Sentence

Comments Filter:
  • So... (Score:2, Interesting)

    by valeo.de (1853046)
    Now that he's been sentenced, does this mean that more accirate details about the case will finally come to light? A lot of what I've read seemed to be mostly hearsay with hard facts hard to come by...
    • Re:So... (Score:5, Insightful)

      by Kuroji (990107) <kuroji@gmail.com> on Saturday August 07, 2010 @08:20AM (#33172692)

      What I'm going to be more interested in is the appeal. There's no way that he isn't going to try and appeal, and if as much of it has been glossed over or ignored as it seems to be at this time, he may get the conviction and any financial penalties overturned. As it stands now the city wants to bill him $900k for it.

      • Re: (Score:2, Insightful)

        Why should he be left-off? According to the article, "Childs repeatedly refused to hand over administrative passwords to his managers because he was concerned that the passwords would be indiscriminately shared with management and third-party contractors, thereby jeopardizing the security of the network"

        That's basically theft of somebody else's property. For example I can't work at a diamond store, lock-up the diamonds in a safe, and then throw away the key so that the store own can't get to his own prope

      • Re:So... (Score:5, Informative)

        by westlake (615356) on Saturday August 07, 2010 @12:51PM (#33174288)

        What I'm going to be more interested in is the appeal. There's no way that he isn't going to try and appeal, and if as much of it has been glossed over or ignored as it seems to be at this time, he may get the conviction and any financial penalties overturned.

        Factual disputes are for the trial courts.

        You must raise the issue there and you must do it clearly and competently.

        You won't be given a second chance on appeal.

        The court of appeals is only interested in whether the judge or jury made a fundamental legal mistake in their handling of the case.

           

        • Re:So... (Score:4, Informative)

          by TechForensics (944258) on Sunday August 08, 2010 @12:54AM (#33178188) Homepage Journal

          Factual disputes are for the trial courts.

          You must raise the issue there and you must do it clearly and competently.

          You won't be given a second chance on appeal.

          The court of appeals is only interested in whether the judge or jury made a fundamental legal mistake in their handling of the case.

           

          "Fundamental legal mistake" includes interpreting a statute with an overly-literal eye. The Appeals Court will get to reverse if it finds the legislature did not include Childs' conduct when using the statutory language. IAAL

    • Re:So... (Score:5, Informative)

      by Sycraft-fu (314770) on Saturday August 07, 2010 @08:29AM (#33172732)

      Well Slashdot themselves had a good article they linked to (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html) some time back. Also, the case is most likely public record. So if you are interested in all the details you should be able to request copies of just about everything.

  • Sounds pretty fair (Score:5, Insightful)

    by Sycraft-fu (314770) on Saturday August 07, 2010 @08:23AM (#33172708)

    Especially when you read the story of one of the jurors who has a CCIE (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html). This wasn't a case of some PHB demanding access to something he shouldn't have. This was a case of an egomaniac sysadmin trying to make himself irreplaceable by locking everyone else out. When called on this he refused, bluffed, and finally lied.

    For me, the lying part is where it clearly went to criminal levels. I suppose some of the other things he did (like store the WAN config only in memory, not saved to flash and keep the only backup on his laptop) could possibly be justified as just being paranoid and poorly educated in actual security practice. However when he gave his supervisors false passwords, lied to them, to me that showed clearly that he knew he was in the wrong. He knew he was supposed to give up the passwords but wouldn't.

    Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours. They don't belong to you. They belong to the organization you work for. Part of that means the origination gets to decide who has access. You can (and should) have input in to that, and should make sure it is all documented, but ultimately the systems belong to them and you need to do as they say.

    As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.

    • Re: (Score:3, Insightful)

      by Stargoat (658863)

      And then once you've been fired, you must always be available to your company to provide that service?

      As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.

      My responsibilities and duties as an IT worker end the moment I quit or someone fires me. I do not like the precedence this trial sets. Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords. What about basic services that I created? Must I be available to provide those? What about not so basic services? "You are the one who designed the wi

      • by Sycraft-fu (314770) on Saturday August 07, 2010 @08:52AM (#33172830)

        Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.

        You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.

        • by Stargoat (658863) <stargoat@gmail.com> on Saturday August 07, 2010 @09:00AM (#33172862) Journal

          Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.

          You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.

          You and I may see the difference, but can your luddite boss and his luddite lawyer? You might think that laws and court rulings are based on responsible understandings of the facts, but then you would be wrong.

          • by Sycraft-fu (314770) on Saturday August 07, 2010 @09:15AM (#33172906)

            Well I'm just not sure how to respond to such obstinance. There is plenty of information out there as to why the jury voted as they did and what law was broken and so on. If you are unwilling to read and understand that, I can't help you. Some people just want to be paranoid, I guess.

            Also this "Luddite boss" thing really reeks of ego mania. Far too many sysadmins think they are the Smartest Motherfuckers in the Universe and that there is no way their boss could possibly understand any of this because he's not as good at tech. Turns out that's often not the case, a manager may understand technology and more important the limits of their own knowledge about technology just fine. They may well be an intelligent individual, just with some different skills than yourself.

            I'm not saying some aren't dumbassess, but then so are some sysadmins. I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

            • by Dwonis (52652) * on Saturday August 07, 2010 @10:10AM (#33173234)

              I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

              It's also bad engineering. If the system is so fragile that you're the only one who can work on it, then you're doing a bad job. What if you get hit by a bus? What if you decide to quit so you can accept your dream job? Whatever you build should be (at least mostly) maintainable by any other average practitioner with similar credentials.

            • Re: (Score:3, Interesting)

              by hairyfeet (841228)

              Have you had to deal with many PHBs? Corporations are full of them, and most I wouldn't trust to install XP without fucking it up. True story- I used to have lunch and do hired gun work for an old Linux sysadmin named Glenn. Classic gruff sysadmin that really knew his foo. He told me about how he had to miss our lunches the week before because he had to deal with the PHB put in charge, ended up being drug all the way to regional headquarters and threatened with firing, and for what? And I quote "You have NO

          • Once you leave a company, you don't have to support shit as long as you haven't signed some stupid contract forcing you to do so. If they have the passwords and can access THEIR systems, they can do what they want. Of course if they call you back, you can always charge them out the ass in consulting fees, but you don't HAVE to come back and work for them. They can always hire someone else if you don't wish to work for them. This isn't indentured servitude.
            • Check the facts.

              When he was first asked for the passwords he was still an employee. He was just supposed to do a different job.

              But I forgot: If you would refer to the facts, you would have to admit that Terry Childs is a stupid, paranoid egomaniac, and we can't have that, right?

              • by dbIII (701233)

                you would have to admit that Terry Childs is a stupid, paranoid egomaniac

                That's not worth four years. Many first time rapists don't even get that.

        • by cervo (626632)
          In my company the precedent is that when you are fired, you are no longer allowed to log onto your computer. Basically security comes/watches you pack from your desk and then you must leave, it's standard practice. They don't want to hear about passwords, etc.. they want you to get your stuff and leave. I would consider my obligations done if that happened to me. Because most passwords are in a textfile on my hard disk and many I don't remember.

          But also my passwords are mostly for personal accounts so
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        If you are fired or quit, you must hand over the keys to the office, don't you? Even after you are fired. If you refuse to do this, you may well be liable for that.

      • by TheSunborn (68004)

        I don't think he is hold to higher standards. If a paranoid office manager for example had changed all locks in the office*, and he was the only one with the new keys, he would have faced the same sense if he refused to give the keys when to his boss.

        My responsibilities and duties as an IT worker end the moment I quit or someone fires me

        They do with the exception that you have to deliver anything you have which belong to the company back to the company. So if you are fired you still have to hand back that company laptop, even if you currently store it at home. Passwords are not that different.

        • but you don't give them over the speaker phone and in a big group you make so if some messes up you are not at fault.

        • Re: (Score:3, Insightful)

          by DavidTC (10147)

          All you people are insane.

          It's one thing to argue what he should or shouldn't do.

          But you do realize that if you had the key to a building, and were fired, and refused to hand those keys over, you wouldn't be going to prison, right?

          Hell, you wouldn't be going to prison if failed to turn over actual valuable stuff. If the company says 'You must return our laptop', and you say 'No, I mustn't, our agreement says otherwise.', you don't end up in prison, you end up in court where you can debate it.

          You'll get

          • by camperdave (969942) on Saturday August 07, 2010 @11:40AM (#33173772) Journal
            Except there are denial of service laws that are being violated here.
            • Re: (Score:3, Insightful)

              by Jah-Wren Ryel (80510)

              Except there are denial of service laws that are being violated here.

              Which the jury found, but if you read what some members of the jury have written about the process of making that finding they themselves felt that it was a stretch. A stretch they were prepared to make, apparently, but not one I would have been comfortable with myself given the text of the laws and the context in which they were written.

          • Re: (Score:3, Insightful)

            by westlake (615356)

            You'll get sued, and you might even spend a day or two in jail for contempt of court after a court ordered you to turn something over and you refused to do so.

            No.

            You'll remain in the county lock-up until you turn over the keys or until hell freezes over.

            Whichever comes first.

            [For H. Beatty Chadwick, it was fourteen years]

            But you do realize that if you had the key to a building, and were fired, and refused to hand those keys over, you wouldn't be going to prison, right?

            Wrong.

            Consider how "Obstruction of Ju

      • Re: (Score:2, Informative)

        by dtbw (716889)
        "Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords." No, but if your management or your customer directs you to grant access while you are still employed you are required to do so regardless of your opinion of their technical expertise. You might take pride in your network but guess what. It's not YOUR network. You're just paid to maintain it. Just document the access request to cover your rear and do what you're told. If they screw up
      • by petes_PoV (912422)

        What about basic services that I created?

        So far as software or processes you may create are concerned, any true sysadmin would have documented them as part of the original project. If you didn't, well that just speaks to your level of professionalism - whether you were explicitly asked to write stuff down or not.

        While you could take a position that it's "the management's" duty to make sure all the supporting information they require is present, if they fail in this, that doesn't absolve you from not doing it. It just means that you work for idi

        • Ok, sure. If you fail to document stuff adequately, you're doing poorly at your job. Possibly grounds for being fired. But you want to throw someone in jail for being bad at their job? That's ludicrous!
      • by tsotha (720379) on Saturday August 07, 2010 @09:07AM (#33172888)
        When you quit or get fired you have to return the keys to your office, don't you? Why should the electronic stuff be any different?
      • Re: (Score:3, Informative)

        by Anonymous Coward

        He wasn't fired. He was apparently going to be reassigned to a new job, but not fired. While still employed and in preparation for his new assignment (obviously someone else was going to have to have access to the system he was no longer going to be running) he sat in a room with an authorized person (who he had e-mailed passwords to certain of the routers the previous week), an HR person, and a police officer, and didn't turn over the passwords to the rest of the system when asked.

        Child's situation has n

        • Re: (Score:3, Insightful)

          by arose (644256)
          Where the HR person and police officer authorized? Did the authorized person have power to extend authorization?
      • by aepervius (535155) on Saturday August 07, 2010 @10:22AM (#33173294)
        The process of "being fired" does not end your responsabilities with you stopping to work and going out of the building. It ends only when you :
        1) gave back all physical object the firm loaned to you within the execution of your work (laptop, cars, etc...)
        2) gave back all access key in your possession (be it physical, RSA keys, or electronics)
        3) gave back all financial access you had to (firm credit card for example), and I may pass a few others.

        If you do not think so, you are a "terry child in waiting", as in, risk prison if you think you can skimp on your responsability. being fired don't mean you can keep stuff from the firm, be it unique key knowledge (like passwords), or physical items.


        It actually pretty dumb to think so. About as dumb as somebody keeping a laptop at home after being fired.
      • "The IT worker is held to a standard above that of officers, managers, and other employees."

        Rubbish, if a bank manager did the same thing with the combination to the safe I think it's very likely he would get the same treatment.

        "Come show us how this works or we will throw you in jail."

        That's just hystercial hyperbole. Childs has no one to blame but himself for his prediciment. The principle is simple, don't make a dick of yourself by deliberately sabotaging your employer's business.
      • by Minwee (522556)

        My responsibilities and duties as an IT worker end the moment I quit or someone fires me. I do not like the precedence [sic] this trial sets.

        Most sane contracts require you to return any company materials or information upon termination of employment or make arrangements to do so within a reasonable time frame. While you are no longer required to show up at the office early Sunday morning to clean all the pr0n off of your manager's notebook, you are still responsible for giving back anything that isn't you

      • by westlake (615356) on Saturday August 07, 2010 @12:16PM (#33174074)

        My responsibilities and duties as an IT worker end the moment I quit or someone fires me. Because I am in IT, for some reason I must make myself available weeks or months after the fact to provide passwords.

        Some here may remember the old Jerry Lewis comedy Don't Give Up the Ship. [imdb.com] (1959)

        Lewis was the last to command a destroyer-escort on its way to join the mothball fleet - and mislaid it somewhere along the way.

        Now the Navy wants it back - or restitution, paid in full.

        The gag was familiar to any veteran of that era and it carries more than a grain of truth.

        You aren't being paid the big bucks because you work harder than the kid on the loading dock. You are being paid the big bucks because someone believed you were both technically competent and responsible.

        You do not build a puzzle box for your employers to decipher after you are gone.

        Passwords are accessible in emergencies. They are surrendered before you exit the main gate. These things are basic.

        The IT worker is held to a standard above that of officers, managers, and other employees.

        It's not a different standard at all.

    • Re: (Score:3, Insightful)

      by erroneus (253617)

      In short, it is good he is out of the profession that many of us dutifully carry out. Four years is a bit much, but he will do less. A year would be good if that's the amount of time he serves. I think it doesn't matter how stupid or unreasonable his bosses may have been. Once they ask for keys/passwords/information, it becomes their responsibility. They wanted to fire him. He only made things worse for himself by making the firing high profile. Can't stop getting fired if that's their intention. He

    • by Foofoobar (318279)
      Unfortunately I have to agree. I have gladly handed over passwords when I knew the person that was taking over was incompetent and they frequently called me back to restore services they lost, destroyed or overwrote accidentally without backing up first. But the issue comes when you do not hand them over when they ask; you can be fired or in a worst case scenario like this, sent to jail. On the other hand, in a worst case scenario the other way, if you hand over the passwords to people who don't know what t
  • what if he just forgot the passwords?

  • by Sponge Bath (413667) on Saturday August 07, 2010 @08:30AM (#33172740)

    He will likely do only 6 months of actual jail time and he can declare bankruptcy to avoid the $900K claimed by the city. By this time next year, he can exercise his control freakery at KFC protecting the Colonel's secret recipe.

    • by bsDaemon (87307)

      I thought that bankruptcy didn't get you out of debt with the government? It's possible that I'm mistaken, or that laws are just different in CA, since I've never had to declare bankruptcy. But, yeah, he'll probably not do the full 4 years.

      • by Delwin (599872) *
        student loans and court ordered penalties are the two things bankruptcy cannot eliminate.
    • by Pharmboy (216950) on Saturday August 07, 2010 @08:38AM (#33172774) Journal

      By this time next year, he can exercise his control freakery at KFC protecting the Colonel's secret recipe.

      Oh great, then I will have to stand in line for 10 days just to get freaking chicken because he won't let the cooks know which 11 herbs and spices to use in the crust, or worse, he will lie about the herbs and it will taste just like Bojangles chicken instead.

  • by Manip (656104) on Saturday August 07, 2010 @08:39AM (#33172778)
    This just goes to show how asinine most "anti-hacking" laws are. Most were written in the 1980s during a big moral panic about "hackers" bringing down the telephone network, corporate networks, and western civilisation as we know it. You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.

    It is interesting that in this case Terry Childs did very little actual damage but got 4 years. In fact more damage was done when the prosecutor decided to publish a list of working passwords for the cities computer network. Just goes to show the kind of technophobic old people working in the city offices and in law.

    I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

    Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Rapists by rapists? Brokers by brokers? GPL v3 by GPL v3? No thx, I prefer people by people.
    • Re: (Score:2, Funny)

      by happy (7659)

      I like the idea of being judged by your peers.

      Rapers should be judged by rapers, at least they'll get how far this person has stepped out of line. Oh wait...

    • Well as it happens (Score:5, Informative)

      by Sycraft-fu (314770) on Saturday August 07, 2010 @09:04AM (#33172876)

      Mr. Childs DID have a peer (or more realistically a better) on his jury. One of the jurors has a CCIE and works in network. See http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] for the details. Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.

      The problem is that he flat out broke the law, and it was pretty obvious he knew he was doing wrong, he just thought they couldn't touch him. He had become infected with the sysadmin diesase of thinking that he owned the systems and could do as he pleased, and that he could make himself indispensable.

      So sorry, but don't try and pass this off as "stupid jurors." The man had someone with the peak of network training sitting on his jury.

      • Mr. Childs DID have a peer (or more realistically a better) on his jury. [...] Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.

        But was he a fully-informed [fija.org] juror?

    • by Mike1024 (184871) * on Saturday August 07, 2010 @09:29AM (#33172980)

      I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

      Wouldn't that create the situation where professional communities could just decide for themselves what the law was?

      BP's CEO has broken pollution laws? Not according to a jury of oil company CEOs!

    • Re: (Score:2, Insightful)

      by noidentity (188756)

      I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

      You haven't thought this idea through very far. Politicians judged by fellow politicians, gang members judged by fellow gang members, need I go on?

    • by virg_mattes (230616) on Saturday August 07, 2010 @09:48AM (#33173094)

      You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.

      His actions ended up costing his employer a big pile of money. This wasn't a prank, it was a purposeful lockout to make himself indispensable.

      I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such.

      There was a network admin with a CCIE on the jury. He got exactly what you wanted for him.

      Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.

      It makes for a nice conspiracy, but the reason stated for holding him in jail (well, for applying for a very high bail so he'd have to stay in jail) is because he was a flight risk. He had already tried to flee the jurisdiction and at the time, he was suspected of having backdoor access points into the network. They were afraid that if he got out, he'd split and then attack the system remotely. Based on the case information (and the first attempt to flee) I'd say they were reasonably justified in holding him.

      Virg

    • by Corbets (169101)

      I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

      And CEOs by CEOs? I see that going down really well in these parts. :)

    • by miaDWZ (820679) * <`ua.di.doowrehsinala' `ta' `nala'> on Saturday August 07, 2010 @11:08AM (#33173590) Homepage

      I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line. .

      You're not the first to think of such an idea, it actually has a name. I learnt about it way back when I was doing Legal Studies as a subject during my VCE (Victoria, Australia's version of your typical high school certificate).

      So anyway, we did a unit on Juries and the different types and how we ended up with the one we have today in our legal system. One of the jury types that were turned down was exactly how you described and I recall thinking "that actually sounds like a good idea". The reason that it's not used (at least, according to my text book) was that juries who were in the same line of work as the defendant tended to be unfairly harsher then your stock standard jury.

      For example, say that in this case, all the jury members were IT networking professionals (yes, I realize in this case one of them did have a CCIE). There's the tendency that all the jury members would think "Well, this guy just brought down our entire industry and did something I would never do -- let's give him [insert harsher verdict/sentence than a standard person would give]"

      I know, for example, if I were put on a jury for some guy who allegedly made a botnet and was hiring it out for the highest bidder, I would certainly be giving a very harsh verdict/sentence.

      That all said, I can't for the life of me recall what this jury type was called, and my 30 seconds on Google didn't find a result, so please take this post as [citation needed].

  • by cwills (200262) on Saturday August 07, 2010 @08:45AM (#33172814)
    Properly documented policies could have helped in this situation.

    A policy should have been in place that defined who the business owner (management) of the resource was (network in this case). It is the responsibility of management to ensure that they define who has a business need for access (and have it documented), and it's the responsibility of the tech grunt to run the system (or network) for the business owner.

    The key point is that as a non-manager type person, if management says jump, get it in writing and jump. Management is ultimately responsible for the system and network to the business. If management has made bad choices or decisions, it's their fault and if the request or actions leading up to the failure are documented, that admin can refer to that.

    All organizations should at least have a documented policy of who can have access to resources and that the business owner of the resource can be easily determined. The business owner needs to be someone who is legally responsible to the organization (i.e. an executive, or someone high enough in management).

    As a system administrator, you should insist on having this documented just to protect yourself. If you suspect that there is some management decisions that could jeopardize the operation of the system, document it, report it to the business owner and let them make the final decision (with documentation).

    In the case of Terry Childs, had this been documented, he would have been able to either say that the person who was requesting the passwords did not have a business need (and would be able to back that statement with documentation), -or- if the person did have authority to have access, he could have simply have documented why it was a bad decision, hand the passwords over and walk away from it.

    Yes there is a pride element. You've spent years building up a system and making it shine, but unless you are running your own business, you are not the legal owner of that system.

    • Correct (Score:3, Insightful)

      by Sycraft-fu (314770)

      If things aren't well documented at your work, push to get them documented. This is better for everyone involved. Have it clearly spelled out who can have access to what and under what circumstances.

      For example where I work, the policy is that all shared passwords have to be kept in a safe that my boss has. Under normal circumstances, he is the only one with access. I don't know the circumstances that someone higher up can get access, since that really isn't my problem. However it is all well laid out. So l

      • by dbIII (701233)
        I thought the entire point was that his first chance was in a room full of people that should never get access and his second chance was in prison with the Mayor and the Mayor's public relations guy.
        If that's the case it's just Chinese style "might is right" and making an example of the guy that didn't instantly lick the shoes instead of anything resembling justice.
        For some reason people have the fantasy that Terry Childs should have busted out of prison and gone to his old workplace to hand over the passwo
  • Well (Score:2, Insightful)

    by vgbndkng (1806628)
    From a purely ethical standpoint, he wasn't very. As for a four year sentence given the nature of the crime, personally I think that's incredibly absurd and yet equally indicative of the judicial system in the US.
  • by GaryOlson (737642) <slashdot AT garyolson DOT org> on Saturday August 07, 2010 @09:19AM (#33172920) Journal
    The network for the city of San Francisco will now be managed forever by an outsourced company with a phalanx of lawyers. No single individual will ever accept the liability of the clusterf@&! which is San Francisco bureaucracy. The cost of this trial is minuscule to the ongoing costs which will be incurred paying for outsourced network overhead.
  • 1) Never take a government job.
    2) Stay out of California.

  • From my point of view his obligations to the employer ceased the instant he was fired. I don't feel that any justice at all took place in this affair. Our courts and laws have gone over the edge. What is more serious? A drunk driving incident in which no serious injuries took place or failure to hand over a password? Justice may supposed to be blind and level but nobody ever suggested that justice should be as stupid as a stone.

  • I don't get it...

    Were the people asking for the passwords *NOT* the lawful owners of the system or something? If not, why didn't they ask the owners instead of going through the sysadmin?

    When you are being a sysadmin on company equipment, the company still gets to know what the root passwords are. It's THEIR computer, for chrissake... not his, so what on earth would made him think that shouldn't be the case here?

    Or am I missing something about this that makes it easier to sympathize with the guy?

  • 4 years in prison for not giving out a password for 12 days? Insane.

    Frankly, I'm not sure I agree what he did constitutes a crime. The city not knowing a password is hardly a "denial of service". Aren't the people who came up with this crazy scheme where ONE person knows the passwords equally at fault? Perhaps they should be charged with a DOS crime.

    Assuming for the moment this constitutes a crime, a reasonable sentence for something like this would be 90 days in jail. To put this into perspective, in

  • Par for the course in 2010 America.

    He may not have used the best judgment politically in dealing with this, and yes - people have pointed out the need for proper documentation, which I completely agree with, but ultimately he was just doing his job too well...based on what he's said, it looks like he's wishing he had "gotten out sooner," but I wonder if that means he wishes he had compromised his principles. I could understand if he lost his job, people do lose their jobs over bullshit political workplace w

  • Justice? (Score:4, Insightful)

    by mseeger (40923) on Saturday August 07, 2010 @11:47AM (#33173820)

    I am very critical of Terry Childs actions and think, that those can at least be interpreted as criminal act. But 4 years for such a bagatelle case? What do you do with a real criminal? There was a lot of incompetence on the city side walking around which enabled such a situation. I think he was afraid of loosing his job and overstepped his legal options. But what do you do who does this to steal money or with the intent to cause damage? Shoot him?

    People who drive under the influence of alcohol and kill someone get away with less.

    I think the punishment is out of proportion.

    CU, Martin

Your fault -- core dumped

Working...