Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government The Courts IT Your Rights Online

Terry Childs's Slow Road To Justice 253

snydeq writes "Deep End's Paul Venezia provides an update on the City of San Francisco's trial against IT admin Terry Childs, which — at eight weeks and counting — hasn't even seen the defense begin to present its case. The main spotlight thus far has been on the testimony of San Francisco Mayor Gavin Newsom. 'Many articles about this case have pounced on the fact that after Childs gave the passwords to the mayor, they couldn't immediately be used. Most of these pieces chalk this up to some kind of secondary infraction on Childs's part,' Venezia writes. 'Just because you give someone a password doesn't mean that person knows how to use it. Childs's security measures would have included access lists that blocked attempted logins from non-specified IP addresses or subnets. In short, it was nothing out of the ordinary if you know anything about network security.' But while the lack of technical expertise in the case is troubling, encouraging is the fact that the San Francisco Chronicle's 'breathless piece reporting on the mayor's testimony' drew comments 10-to-1 in Childs's favor, which may indicate that 'public opinion of this case has tilted in favor of the defense,' Venezia writes. Of course, 'if [the trial] drags into summer, Childs will have the dubious honor of being held in jail for two full years.' This for a man who 'ultimately protected the [City's] network until the bitter end.'"
This discussion has been archived. No new comments can be posted.

Terry Childs's Slow Road To Justice

Comments Filter:
  • by jdpars ( 1480913 ) on Tuesday March 02, 2010 @11:28PM (#31340432)
    Men like these are all that stand between us and the terrorists who would destroy our internet-based communications.
    • by jdpars ( 1480913 ) on Wednesday March 03, 2010 @12:08AM (#31340674)
      Something tells me that at the very heart of this entire matter is someone's porn stash hidden on a city computer. Probably the mayor's.
  • by Anonymous Coward on Tuesday March 02, 2010 @11:31PM (#31340452)

    I'd log in to post a comment, but Terry Childs won't tell me my password...

  • Will ciso before to let take the reup test with out having to do full lab test and is he able to get IT books / tests in jail?

  • by mysidia ( 191772 ) on Tuesday March 02, 2010 @11:33PM (#31340464)

    'Just because you give someone a password doesn't mean that person knows how to use it. Childs's security measures would have included access lists that blocked attempted logins from non-specified IP addresses or subnets. I

    Don't use a non-specified IP address.

    Or more specifically: graph a console cable, plug it into the device, and do what you need to do.

    That an unskilled individual would not necessarily be able to easily use them does not mean Childs did anything wrong.

    In fact, this is exactly how things should be -- in case the password is compromised, there should be additional layers of defense (IP access lists), to prevent convert abuse of accidentally leaked passwords.

    No one password should ever give anyone free reign over a critical network, without at least also having physical access or passing through a designated management point.

    • by phantomfive ( 622387 ) on Tuesday March 02, 2010 @11:47PM (#31340560) Journal
      When he gave the passwords to the mayor, the mayor came with no one but his press secretary. There was no technical person to ask questions, so it is not completely surprising that they didn't get it figured out the first try (even if a reasonably competent person could have figured it out, apparently there were not many of them left in the department). The important thing is when they came back with followup questions, Childs did help them out.

      Here is my question: is the entire city run this badly, or is it just the IT department?
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Incompetent? No, you misunderstand. They're very competent. At keeping their jobs and getting reelected that is, of course. You seem to assume that they want the truth or justice or something else. That's silly talk.

        Had he gone in wanting to get the passwords then the city may have come out as idiots for putting Childs in jail in the first place. The goal is to make Childs look as bad as possible, innocent or guilty doesn't matter as long as the politicians don't look bad for being idiots for starting this

      • by 0WaitState ( 231806 ) on Wednesday March 03, 2010 @12:06AM (#31340664)
        Most of the city is run worse. We kind of like it that way, except when the insider dealing takes out a treasured park or restaurant.

        But, the prosecutor who slapped five million dollars bail on Terry Childs needs to be taken down, have his political career ended over this. The judge who approved the bail (different from the judge presiding over the trial) also has some explaining to do. ITS COMPUTERZ AND SCARY AND DIFFERENT AND I DONT UNDERSTAAAAAND is not sufficient reason to take away 2 years of a man's life, no matter how big an aspie asshole he might be.

        Not to mention the 14-odd jurors who have to show up 8:30AM at the courthouse for 12-16 weeks while this idiocy unfolds. Part of their lives is being stolen away too.
        • by Fluffeh ( 1273756 ) on Wednesday March 03, 2010 @12:28AM (#31340792)

          Not to mention the 14-odd jurors who have to show up 8:30AM at the courthouse for 12-16 weeks while this idiocy unfolds. Part of their lives is being stolen away too.

          The thing that worries me the most is that if you are the defense, and you see a juror who is clearly totally non technical and "ITS COMPUTERZ AND SCARY", you kick them from the jury list. While if a juror is tech savvy, the prosecutor will kick them as you will no doubt side with the technical guy who was doing his sysadmin job.

          I really wonder who that leaves to be on the jury for this. What is the jury comprised of? To really be a good juror on this, you should have at least some understanding of things technical, yet be impartial enough to be able to make the correct call on the legality of it.

          Just who fits into that bucket? I can't think of anyone I know. Either all techies to the bone, or so nontechnical that I could not fathom how on earth they could hold this man's freedom in their hands without buckling.

        • by tsm_sf ( 545316 ) on Wednesday March 03, 2010 @01:01AM (#31341020) Journal
          Most of the city is run worse. We kind of like it that way, except when the insider dealing takes out a treasured park or restaurant.

          The openness of the corruption in San Francisco is breathtaking. It's like you're in a noir movie. The mayors are all stock characters from central casting, the police department is on the take, the department of public transportation has a running scam going with the largest towing company, and there's a water scandal (google Raker Act) right out of Chinatown. All that's missing is a shifty little midget trying to slit your nose.

          Hang on, someone's at the door.
      • Not sure how it works in SF but I worked in public places and often here in Europe it is like that that the entire departement is understuffed entirely and they try to get away as cheap as possible, due to the fact that they see IT as an afterthought. So they hire the cheapest guys and only as few of them as possible. The only ones getting a good pay usually are the ones above the departements (middle management, most of the times with some law degrees, because public service is a career option for them int

    • Re: (Score:3, Insightful)

      by sjames ( 1099 )

      In the case of a sweet target like a government network, it would be negligent to let anyone anywhere connect to try a few passwords. Sometimes it's best to restrict enable mode to serial console.

    • This just goes to show how incompetent the other (were there other?) network managers were. If I encounter an unknown Cisco device, it takes maybe 20 minutes to recover to a full working state with MY passwords in-place. Most places run some sort of ACS. How hard would it be to break into the AAA and add a user/pass?

      And anyone with even basic Cisco knowledge understands management VLANs.

      The major problem is that the Mayor did not ask the right question in the right way. He probably asked, "what are the

      • Of course, there was some shadiness in that Childs decided to only tell them what they asked for vice what they needed to know...

        Yeah, he was being totally an asshat about it, but that's no reason to put a man into jail for two years if you ask me. How about put him in jail until control of the system is restored?

        I am not totally sure how the American legal system works, but if he is found not guilty, which I sort of assume he will, won't that effectively give him carte blanche to sue for the time he spent in prison?

      • Re: (Score:3, Insightful)

        by mysidia ( 191772 )

        He might have foregone AAA on some critical devices, since he was not distributing access to many people but keeping it solely to himself... or (rather) since he [was] the only person who had all the keys. The prosecution's theory would kind of fall apart, if he was using AAA on the network, and admins' could add additional router admins at any time...

        Reportedly an initial issue was childs' use of no service password-recovery. As a security compromise to his preference of leaving startup config blan

    • graph a console cable

      What is its function?

  • by zippthorne ( 748122 ) on Tuesday March 02, 2010 @11:34PM (#31340470) Journal

    I'm glad to see the mayor can be so jocular and jovial and downright chummy, cracking wise and generally campaigning when a man's freedom is at stake here.

    • Re: (Score:3, Insightful)

      by l0ungeb0y ( 442022 )

      Newsom represents the best of breed in SF liberalism. They are only for protecting rights and freedoms when it's THEIR rights and freedoms.
      Since this guy is a nobody who's being showed who his daddy in by the SF government workers, it's not Gavin's concern at all.
      To him, this guy deserves to rot in jail at the behest of some ticked off department head.

      The sad thing is, this guy's life has been irreparably harmed by this incident, an acquittal will do nothing but put him out on the streets.
      By now I'm sure he

    • by 0WaitState ( 231806 ) on Wednesday March 03, 2010 @12:29AM (#31340796)
      Realistically, Newsom wasn't involved in the debacle until they realized that the only way they were going to get the authentication credentials was to do it by the book, as Terry Childs was insisting, which meant the mayor, in person, receiving the credentials. Not over a freaking speakerphone as Childs' supervisor attempted. It's possible that Gavin Newsom appointed some of the idiot IT managers that let a single contractor have undivided ownership of the network...

      And no, da mayor does not get to tell the prosecutor to drop a case. Maybe in Chicago, but not in most cities. The real question is why the prosecutor went balls-out for 5 million dollars bail. BTW, the trial judge already tossed 4 of the 5 indictments. Just arresting the guy for a few days was enough to send the message "don't be a prick".
  • Childs doesn't deserve two years in jail, and further penalties heaped upon him. There is a lot of incompetence mixed with hurt pride among the city staff, which is to be expected from any government body.

    But Childs himself behaved terribly as well. None of those passwords were his. None of those systems were his. It doesn't matter if his employers were competent or not; he should have let them have access to their own property. If he thought they were going to ruin things, speak out.
    • by FooAtWFU ( 699187 ) on Tuesday March 02, 2010 @11:42PM (#31340520) Homepage

      It doesn't matter if his employers were competent or not; he should have let them have access to their own property.

      His employer was the city. His job was to keep the passwords safe from everyone except the Mayor. When the mayor finally asked for them, I understand he gave them to him. Was there something in there that I missed?

    • When it comes to security, it doesn't really matter--people's data, money, and potentially livelihoods may be at stake.

    • by Anonymous Coward on Tuesday March 02, 2010 @11:44PM (#31340540)

      His employer was the City, which, being a government, is not a private institution but a public service. In protecting the systems from incompetent individuals, Childs is fulfilling his duty to his fellow citizens.

      Such a sense of Duty is rare these days.

      • Re: (Score:3, Interesting)

        by tnk1 ( 899206 )

        If you applied the same reason to people cleaning up after poor police work, the word is vigilantism.

        If you put the decisions about how things operate in the hands of government employees who become unaccountable to their bosses, ultimately that breaks the chain of responsibility back to the elected leaders. Mr. Childs may well have the best interests of the city in mind, but we've elected representatives to do that. If a legally constituted authority wants access to the city's servers, he should at the v

    • Re: (Score:3, Informative)

      by Nikker ( 749551 )
      He would have been liable if he gave it to anyone else so in this world of lawsuits he said the right answer, no. He gave them to the mayor so why didn't the proper owners come by and pick them up? Was the mayor involved in a conspiracy of some kind? You have to realize there are many contracts and legalities involved with a job like this so if he couldn't find someone that could be liable as per his contract and the mayor couldn't find anyone then who is legally responsible for them? The mayor is sayin
      • Seriously. Any large organization has lawyers, and a city government certainly does. So you have someone who is higher up than you on the chain saying "Give me these passwords or else." You don't know if they should be allowed to have them legally. Say "I can't give them to you until I've consulted with the lawyers." Ask them what to do, who can have access, etc. If you are real nervous, get it in writing. At that point, you are in the clear more or less. I mean I suppose they can fire you, you can basicall

    • by sjames ( 1099 ) on Wednesday March 03, 2010 @12:13AM (#31340704) Homepage Journal

      He did. There was a written policy from his employer that he was not to disclose those passwords under any circumstances and he followed that policy to the letter.

      If that's not what was wanted, I guess it shouldn't have been the policy. Note that the incident where he was finally jailed was when he refused to disclose them on a conference call where he couldn't possibly know who might be listening.

    • I'm going to come at this from both angles since I don't know both sides and am reading up on it now. It seems that both sides are at fault here; I think they are FAR too hard on Childs (two years in prison? He didn't do anything to warrant that. Go arrest a child diddler instead and stop wasting tax money criminalizing this guy. It's obviously a civil matter). I think they should pursue it as a civil matter though, because of how he configured some items to be totally reliant on him (see below on flashing)

    • Re: (Score:3, Insightful)

      by denobug ( 753200 )

      But Childs himself behaved terribly as well. None of those passwords were his. None of those systems were his. It doesn't matter if his employers were competent or not; he should have let them have access to their own property. If he thought they were going to ruin things, speak out.

      I beg to disagree. As an engineer public safety is top of our concerns and it is part of the ethics I abide by everyday. A safety concern overrides everything else, until the concerns has been addressed. I still remember I had a discussion with my boss basically he went "I won't stop you from doing anything unless it is unsafe or you are about to make a major mistake", and my reply was simply "I won't follow your order if I know in full will that it will creat an unsafe environment." He agreed with me t

  • $5 million bail (Score:4, Insightful)

    by Anonymous Coward on Tuesday March 02, 2010 @11:37PM (#31340500)

    How many children would you have to rape to get bail set that high? How many people would you have to kill? How many computer offenses would you have to commit?

    • by Anonymous Coward on Tuesday March 02, 2010 @11:45PM (#31340546)

      How many children would you have to rape to get bail set that high? How many people would you have to kill? How many computer offenses would you have to commit?

      that would be about 2 illegal song uploads or 23 killings.

    • How many children would you have to rape to get bail set that high? How many people would you have to kill?

      Not even one.

      "Out on Bail" is a conditional - supervised - pre-trial release.

      You will probably - almost certainly - be denied bail on serial rape or murder charge.

      How many computer offenses would you have to commit?

      You could be charged with only one.

      Your eligibility for bail depends on the seriousness of the charge, the risk of flight, the danger you present to the community - and - not least - your w

  • by Joe The Dragon ( 967727 ) on Tuesday March 02, 2010 @11:40PM (#31340510)

    If he found not guilty is he still a city worker? as I think union just don't let city fire some one like that and was he even fired?

    Anyways he should get city payed health care (Full with no pre existing at the full cost that this) 2 years in jail = any pre existing that some one can think of.

    His job back if he wants it or his full pay for 2 years in jail + 500K per year in jail.

    Full unemployment if he can't get his job back.

  • by Joe The Dragon ( 967727 ) on Tuesday March 02, 2010 @11:42PM (#31340518)

    As many HR people not look pass the 2 years in jail even if he is not guilty and even then they may not want to pay the health care costs for some like that.

  • The auto browser detection and print destination URL aside... It's an absolute mess and was a chore even finding the correct story from a mobile browser. Have they ever used it? That's what I get for trying to RTFA.
  • Bitter End (Score:3, Funny)

    by pgn674 ( 995941 ) on Tuesday March 02, 2010 @11:47PM (#31340562) Homepage

    This for a man who 'ultimately protected the [City's] network until the bitter end.'

    Obligatory: xkcd: Devotion to Duty [xkcd.com]

  • Linktacular (Score:5, Funny)

    by pipingguy ( 566974 ) * on Tuesday March 02, 2010 @11:57PM (#31340610)
    Summary needs more links that won't be read.
    • This is the first I have heard of this case, so the extra links helped me cover more of the backstory. That said, I may be the only one who found them helpful.
  • It's been 8 weeks since Terry Childs' trial has started. Tonight on Dateline we will talk extensively about the trial and everyone even remotely connected to it, but true to our format, at the end of the hour you won't know if he's innocent or guilty because the trial isn't over.

    We will only learn the truth over the course of future Dateline episodes and when we are finally done with the story you'll still wonder if he's guilty or innocent.

  • by phantomfive ( 622387 ) on Wednesday March 03, 2010 @12:05AM (#31340660) Journal

    encouraging is the fact that the San Francisco Chronicle's 'breathless piece reporting on the mayor's testimony' drew comments 10-to-1 in Childs's favor, which may indicate that 'public opinion of this case has tilted in favor of the defense,' Venezia writes.

    Actually reading through the comments on the article, it seems most of the emotion is coming from people upset at the mayor Gavin Newsom, more than they are based in any actual sympathy towards the defendant. Like this example comment FTA,

    The computer hacker would have been treated with more dignity and respect if he were an undocumented alien with a murder wrap on his head. Kamala Harris would have backed him up.

    It is nominally suggesting that Childs was treated badly, but in reality the commenter is more upset with the mayors immigration policies. The comments that look at Childs disfavorably also seem to be the ones that favor the mayor. In the court of public opinion, Newsom was on trial here, not Childs.

    • Very good assessment, as a resident of SF and frequenter of SFGate, I am well aware of Newsom's plummeting popularity.
      And while I didn't read this particular article, anytime names such as Gavin Newsom, Chris Daly or Kamala Harris show up, it's a total bashfest.

  • by Zaphod-AVA ( 471116 ) on Wednesday March 03, 2010 @12:09AM (#31340686)

    "Amendment 6 - Right to Speedy Trial, Confrontation of Witnesses.
    In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defence."

    Sitting in jail waiting 2 years for a trial is not something that should happen in our country. The system is broken and needs to be fixed.

    • Hopefully some hot shot lawyer will hit the city with a lawsuit.
      • Ya, good luck with that. The sad fact is, even in cases where the government would seem to have harmed someone unduly, there is little if any recourse. Also, I believe Childs waived his right to a speedy trail, more than likely at the urging of his lawyer, such a move is not uncommon.

    • In California, most defendants have a right to trial within 60 days. (Cal. Penal Code section 1382 [ca.gov].) I'm not familiar with the details of this case, but he almost certainly waived his right to a speedy trial so that he could prepare. That's typical for defendants in high stakes cases, especially in highly technical cases or when you have an overworked public defender. You'd rather make sure you can get it right than push for trial and end up spending a lot longer behind bars.
    • You have to excessive your right to speedy trial. More or less your lawyer files a speedy trial motion and that sets things in motion. What sort of time limits there are depends on the jurisdiction (notice the Constitution doesn't specify a specific time) different states have different laws, and the judge in the case.

      Generally, this isn't done. The defense wants time to prepare for trial. They don't try and push the trial date. That seems to have been the case here.

      The Constitution says you have a right to

    • by sconeu ( 64226 ) on Wednesday March 03, 2010 @02:40AM (#31341684) Homepage Journal

      Don't forget the Eighth Amendment:

      Amendment 8 - Cruel and Unusual Punishment. Ratified 12/15/1791.

      Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.

  • Childs isn't going to be convicted. Not only that but the personal injury lawyers in California are going to be falling over themselves to represent him in a civil suit against the city, manager that caused all this and the DA that went along with it. He's worth several million dollars for what they did to him. His job specifically required that he not disclose his password to anyone other than city management. He was confronted with a situation he handled badly with a room full of people demanding the pass

  • I have said this before here, and will say it again now. I believe Childs is in the wrong and has behaved badly. He seems to have a martyr complex and doesn't seem to remember who actually owns the network. I would never hire this guy to manage my network; and yes, I do have a network I hire people to manage. His actions show me he cannot be trusted. He is not Horatio at the Bridge; he is a complete asshat. For the record, I do live and work in the Bay Area, and I also believe Gavin Newsom is a comple
    • While I agree about Child's behavior, the specifics of the case are interesting. If he was fired and THEN asked for the passwords, there were fuck ups all up and down the chain of command.

      Look at this way; it's obvious that he couldn't be trusted. I'm going to go ahead and guess that much was obvious to anyone working with him. Therefore, it was "management's" responsibility to check up on him and not leave him unsupervised ( or better; not put him in the position of power he was put in ). Properly supe

    • by eosp ( 885380 ) on Wednesday March 03, 2010 @01:07AM (#31341072) Homepage
      • He gave the password to the only person allowed by his contract, the mayor.
      • He did not give the password over the speakerphone to a room full of other people, including quite possibly some people to whom he was not allowed to give the password. This was the incident that got him arrested.
      • A supervisor should have had the password all along. If he was innocently hit by a bus, then the city's network would really be hurting. IT people need to learn that refusal to document does not make job security.
      • All people involved are asshats.
      • by Sycraft-fu ( 314770 ) on Wednesday March 03, 2010 @02:09AM (#31341464)

        Well two things here:

        1) You sure about his contract? I see that getting paraded around a lot but I've not seen what the actual contract says. You sure it said "Only the mayor,"? Perhaps it said "The mayor, or any of his authorized agents," meaning things like the director of IT and so on.

        2) The only reason it ever got to the point of the conference call and all that was his flat out refusal to hand over the passwords. He did the typical geek thing of "No, you can't have it," and they did the typical government thing of throwing a fit. If his concern was really his contract he could have simply said "Well according to my understanding of my contract, I'm not allowed to give the passwords to anyone but the mayor. So I either need to talk to the mayor and have him ask, or if you think that's wrong I need to talk to our lawyers and see what they say." Let people know your concern and what to do about it, they will probably be reasonable in working with you. Just say "No," without qualification, don't be surprised if they go overboard.

        In general geek types need to learn this. Don't tell people "No," don't say "I can't be done," because usually you are lying, even if you don't mean to. Most things are possible, there are just preconditions to be met. So tell people what those are. If they can't meet them, well then they can't have it. However it makes you not the bad guy. It really goes a long way with people's attitudes too. They don't feel like they are being shut down, they are being empowered. They are being told what THEY have to do to get something done.

        This goes for all kinds of requests. For example:

        --Self important asshat departmental manager comes and says "I need 50 terabytes of space on the central server to store files." Company policy is that everyone gets 100GB for no charge. Don't go "No, you can't have that much space." Instead say "Well the company only gives you 100GB for no charge. If you want more, we can certainly do that buy we'll have to add hardware. That is going to cost $X dollars, which you'll need to provide the budget for. You get me the money, I'll get you the space." Now most likely he goes away since he doesn't have the money to spend. However you aren't the bad guy, you offered to help, he couldn't get what he needed. Also you never know, maybe he say "No problem, I'll have the money transferred to your group today."

        --Mid-level manager demands administrative access to his PC. He doesn't have a reason, just says "I need it, you have to give it to me." Company policy is that nobody gets access. Again, don't say no. Instead say "Well company policy is that nobody has administrative access. If you'd like it, you'll need to get a policy exception. Here's a form you can take to the big boss to get one." You have him get permission, and sign something that says he takes responsibility for his actions. Again, you are throwing the ball in his court. He has to go ask for permission and if he gets it he has to be responsible. Maybe the big boss never gives permission, that's not your problem, you aren't the bad guy.

        In general, that's how you want to operate. Let people know what they need to do to get what they want, even if what they need to do is something you know they won't do. It will keep them much happier over all, and help insulate you against complaints. If someone goes to your boss or boss's boss and bitches that you said no, you can show that indeed you didn't, you told them what they needed to do. You didn't stop them from doing their job, you showed them what they needed to do to be able to do their job.

  • Competence (Score:4, Insightful)

    by not_hylas( ) ( 703994 ) on Wednesday March 03, 2010 @12:39AM (#31340846) Homepage Journal

    Criminalization of competence. non story.
    But seriously, see how things are taking shape?
    I don't get it - with a bullet. This guy behaves appropriately and ends up in jail?

    At some point you realize that it isn't incompetence. It's their goal.

    Communication is only possible between equals.

    You can't herd Cats ... but you can move their food.

  • by seeker_1us ( 1203072 ) on Wednesday March 03, 2010 @02:15AM (#31341502)
    It's all pretty much making sense to me. The arrest, the insane bail.

    It sounds to me that they screwed up badly.

    So they keep trying to intimidate this guy. Keep him in jail for years without a trial, make him plea bargain out.

    But he won't blink. And if he is found innocent, he has a hell of a lawsuit.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...