Terry Childs Found Guilty 982
A jury in San Francisco found Terry Childs guilty of one felony count of computer tampering. The trial lasted four months. Childs now faces a maximum sentence of five years in prison.
This discussion has been archived.
No new comments can be posted.
Terry Childs Found Guilty
Related Links Top of the: day, week, month.
Force needed to accelerate 2.2lbs of cookies = 1 Fig-newton to 1 meter per second
Re:It should read 'stoopid people hath spoken' (Score:0, Informative)
bay area jurors, no less. ones that SHOULD know a little bit about technology.
I smell a rat. this does not make sense to me. was this happening in the deep south or some other backwoods place?
very sad.
Re:Please appeal, (Score:2, Informative)
Re:Jury of Peers (Score:2, Informative)
It is my understanding his employment was specific in that he would only disclose the password to the mayor alone. This never happened, thus he never disclosed the password.
He did.
source [wired.com]
WTF is he still doing in jail, let alone being found guilty.
Re:Jury of Peers (Score:1, Informative)
I've heard the disclosure statement of only to the mayor before. Is there an actual news story that can prove or disprove the statement? If it's true then the employment agreement should be enough to prove his innocence.
Re:It should read 'stoopid people hath spoken' (Score:5, Informative)
No, he refused to disclose the password to his supervisors when they asked him for them.
Glad they found him guilty.
Come again on that one? If you have access to the hardware you can set the password to anything you want. You don't need the old password. You can kill people and get less than five years in jail.
Re:It should read 'stoopid people hath spoken' (Score:3, Informative)
Disclosing your password to your boss is specifically prohibited [sfgov.org](PDF, page 34) by California's password policy.
Re:It should read 'stoopid people hath spoken' (Score:5, Informative)
Why Did He Refuse?
Terry Child built this network. It was his baby and he owned it. He was the only person with access and was on call 24/7/365 and the only person familiar enough with it to work on it. He loved it so much that he applied and was granted a copyright for the network design as technical artistry. His department was going through a series of downsizes and his supervisor began to audit his work, which previously he had free reign in. He got spooked and started snooping on his bosses, which spooked his bosses and it all lead to a stand off.
Re:Soooo (Score:2, Informative)
He also had a felony pled down to a misdemeanor in the 1990s
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case?pp=2&fp=&fpid= [cio.com.au]
"In 1995, prosecutors said, Childs was again arrested in Kansas and charged with aggravated assault and carrying a concealed weapon. The case was reduced to misdemeanor weapons possession."
And he had stuff he shouldn't have at home
"For example, the city's court filings claim that police found an ID badge and access card of one of Childs' colleagues in his house, and that Childs had lists of usernames and passwords of other city employees, including his direct supervisor, Herb Tong. Childs' having these materials is difficult to justify, if true."
The guy was a dick but... (Score:4, Informative)
he deserved to be fired, not go to jail. His refusal to hand-over passwords was certainly grounds for firing but it's not clear he broke the law. To a certain extent he is a victim of his own arrogance but also of the ignorance of everyone surrounding him. Maybe he was right? Maybe they all are idiots and he was better off not trusting them? In any case his obligation ended when he was fired.
He was wrong (Score:4, Informative)
I'm posting anonymously, but I remember some of the folks were really spooked that he'd deleted images off devices and wiped configs so that if they were rebooted, they would no longer pass ANY traffic. The city called us to see if there was a way to recover passwords without rebooting the boxes. A tampering conviction fits.
Re:Been there. The Feds hate geeks. (Score:2, Informative)
Sigh...read 18 USC 924(c). That's the statute for commiting a federal offense with a firearm, which indeed is what I was accused of doing. Five years mandatory for just posessing a pistol. Seven for brandishing it. Ten for discharging it, or using a short barreled shotgun or assault rifle. Twenty five for the second count. Life for any further counts.
They hit me with seven counts. No evidence to speak of, but would you go up against a jury of morons with that?
Re:Soooo (Score:2, Informative)
People with low UIDs are typically IT professionals, engineers or scientists with at least 10 years of experience in their respective fields. Back then, Slashdot was much geekier and the Internet was much smaller.
On average you're much better off getting a technical consult from people with low UIDs.
Re:It should read 'stoopid people hath spoken' (Score:5, Informative)
One of the jurors was a network engineer; I'm not quite sure how well you can say that they were collectively uninformed in the matter, although I wholeheartedly disagree with the results.
Re:He was an idiot (Score:1, Informative)
He was given the option to hand over the passwords and walk away or face jail time.
You misspelled some words.
I think you mean: He was given the option to commit a fellony carrying a manditory 20 year prison sentence, or to face jail time
He still made the right choice. Given no other options, 5 years in jail is more than 4x better than 20 years in federal prison.
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf [sfgov.org]
It specifically states the CIO are to report directly to the Operational Security Manager only in such matters.
Hi's boss and his bosses boss are NOT in that position.
Of course I'm sure YOU would have done the 'right' thing and be in federal prison right now laughing it up, right?
Re:Poor jerk. (Score:3, Informative)
Re:Am I missing something? (Score:3, Informative)
The only thing Childs could have accomplished was to force the city to do a little extra work, they were never at risk of not regaining control of the routers. He had to have known it, unless he was incompetent.
Re:It should read 'stoopid people hath spoken' (Score:5, Informative)
Re:Been there. The Feds hate geeks. (Score:4, Informative)
Jeez, where to start. Where, exactly did I say I was "tried?" a plea is specifically to avoid trial, n'est ce pas? And no one "pleads guilty at trial" because a trial is a process to determine guilt or non guilt.
So, listen carefully. When a normal person is faced with the likelihood of life when judged by people too stupid to get out of jury duty, or five years as a plea bargain, almost everyone picks the latter, even if not guilty.
As for mens rea, how could I have it if the event never took place?
I used to be as derisive and arrogant about the law till I learned what Fed law really is. I mean neither harm nor disrespect, just suggesting caution and awareness.
Re:Poor jerk. (Score:4, Informative)
Here's an earlier comment [slashdot.org] that discusses the city policy.
And here's a quote from the password policy of the city, which is in that link:
"Password Policy"
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.
All passwords are to be treated as sensitive, confidential County information.
Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your password while on vacation."
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf [sfgov.org]
As we can see from the city policy, telling your boss is already out, and talking about your password in front of others (the individuals on the other end of the phone line) is also a no-no. Terry Childs did the right thing by not giving out the passwords to anyone but the Mayor. Did Childs' boss ever get in trouble for breaching city policy? Probably not.
Re:It should read 'stoopid people hath spoken' (Score:2, Informative)
According to everything I have read he refused to hand over the password under any circumstance when his supervisors asked for them. There was no "only give to the mayor" rule. He was a regular employee working a regular job where he has the obligation to hand over information requested by his supervisor
I'll post this again, and bold the important part.
"Password Policy"
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.
All passwords are to be treated as sensitive, confidential County information.
Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your password while on vacation."
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf [sfgov.org]
The city password policy was to NOT give it to your boss. He followed the city policy, which his boss did not abide by, as he first tried to get the passwords, and also, attempted to get the password in front of others. But that's a moot point. He had been fired before his former boss asked him for the password. City protocol was to request a password in writing, again, which his former boss had not done. So your entire argument crumbles.
Re:Been there. The Feds hate geeks. (Score:3, Informative)
No...the life sentence would have come from seven counts of 924(c). Machine guns/silencers have a 30 year mandatory for only one count. I had seven counts on my indictment of 924(c).
Felon in possession is 922(g). 924(c) does not require a previous felony conviction.
And even the staff at the FCI had never seen a case like mine. Mail me if you really want to discuss. B)
Re:Soooo (Score:3, Informative)
Back in the day, Slashdot's readership was much nerdier than it is today. Rob Malda and Jeff Bates were undergrads, as were a lot of the visitors. I was in high school when Slashdot started. Linus Torvalds wasn't even 30 years old at the time, Linux was by no means mainstream, but everyone on Slashdot knew about it and was quite knowledgeable about operating systems and computer languages. These technology enthusiasts had 10 years to finish college, improve their skills and on average should now be working in IT, science or engineering.
Slashdot's readership is much more diverse now. When I'm not moderating, I threshold comments at +3 and hide everything with a Funny mod, because very often you find threads about science and technology that have nothing but offtopic rants and stupid jokes. For example, today's story about NASA's call for proposals [slashdot.org] was filled with garbage. This would not have happened 10 years ago.
The average reader's spelling skills is significantly better, though.
Re:It should read 'stoopid people hath spoken' (Score:5, Informative)
Have you not seen Twelve Angry Men?
It only takes one Not Guilty vote to prevent a conviction.
From the SF Gate article:
The jury deliberated for several days before a lone holdout against conviction was removed from the panel, for reasons that were not disclosed. After an alternate was put in that juror's place, the panel started over and reached a decision in a matter of hours.
Re:Been there. The Feds hate geeks. (Score:3, Informative)
I don't know parent, but I sure as hell can relate to what he is saying.
US federal law is a joke, there are so many obscure laws that even lawenforcement don't know them all. This is exactly for the reason GP stated, if the feds want you they can hit you with the strangest of interstate crimes. Don't believe me, well let me enlighten you:
http://www.youtube.com/watch?v=6wXkI4t7nuc [youtube.com]
Re:One question. (Score:5, Informative)
This was one of the most difficult questions for us to answer. Specifically, who is an "authorized user", and who determines who those people are? I won't go through the mounds of evidence we went through to get beyond any reasonable doubt on this issue, but we did ultimately determine that the person requesting the access (his boss' boss) was an authorized user and should have access upon requesting it.
One really important thing to note here is that it wasn't a concern that he did not provide "his" passwords. The real problem is that he did not provide access -- in any form, even in the form of creating new accounts for those requesting it.
Re:He was an idiot (Score:5, Informative)
I was a juror on this case (see post way far below). I am a network engineer with thirteen years experience and a CCIE certification. All of my fellow jurors were highly educated individuals. Although none of them were fellow network engineers, they were a far cry from "wishy washy room temp IQ dullards".
We were not swayed at all by emotional opinion, because if we were we probably would have acquitted because we all agreed that the situation Terry Childs was put in was not called for. However, the facts in the case bore out the verdict we reached.
Re:better yet (Score:4, Informative)
I am that network engineer that was on the jury (see long post further down).. His manager was an idiot, but I have worked for worse, including one that was put on medical leave for psychiatric issues after people learned he was bringing a gun to the office. I understand what it's like to work in a situation like that. However, if I am brought into an office with my manager's manager, an HR representative, and two police officers, and asked to provide access (important keyword -- access!, not my personal password), you can bet I would feel the situation unfair but I would provide that access.
Re:Am I missing something? (Score:4, Informative)
Except for the fact that he had disabled password recovery. So now there was no way to access those devices or their configurations.
Re:Poor jerk. (Score:3, Informative)
In the USA if the police knock on your door and ask to come in you can tell them to go away - And they have to.
Hahaha...
Oh wait, you are serious about believing that?
Having been a recipient of a corrupt cop lying in order to come up with a reason to arrest me so he could impound my car and perform a "custodial inventory" (re: search without a warrant), sitting in the back of his squad car for 3+ hours, and then having to pay the impound yard $280 per hour, plus $55 per night plus a $75 processing fee, totaling $970 to find absolutely nothing at all... please don't tell me the cops in america aren't corrupt.
The only difference is that the bribes (in this case kickbacks from the impound yard) have to go through 1 more layer of obfuscation before the cop gets his cut from the tow yard vs. paid directly.
For some reason my word alone isn't enough to counter the cops witness testimony, but the cops witness testimony is enough to convict.
All this because a racist white cop saw an asian in a sports car in an area that is predominantly hispanic and just had to find those drugs that didn't exist
The irony is that what the cop claims happened is not physically possible for any consumer car (let alone a sports car that costs less than $25k) yet in order to prove in court that the numbers don't add up it would require $25,000+ in expert witnesses to fight.
P.S. in America, the cops will knock down your door, steal loose cash, shoot you, then plant cocaine on your person and claim they just did a drug bust.
Re:It should read 'stoopid people hath spoken' (Score:3, Informative)
Sure, and you can do what Childs did and get less than 5 years in jail; except for homicides which aren't criminal in the first place, you probably won't find a homicide offense that has less than a 5 year maximum sentence, though, and comparing the maximum sentence available for the crime Childs was convicted of to the minimum sentence actually given out for a particular instance of a different crime is pretty meaningless.
Re:The new definition of "jury nullification" (Score:4, Informative)
He was dismissed for other reasons, including outright refusal to follow the jury instructions and the law as provided to us by the judge.
A citizen is not required to follow the law. It's called Jury Nullification. On the other hand, not explaining yourself isn't going to work. You pretty much have to know why you think what you think.
On the other hand, we just have to believe whatever you say, and I'm not willing to do that. This is why no court proceedings should ever be secret. We cannot judge the efficacy of our legal system in that manner. We need to know precisely what happened in the jury chamber to know if this juror should have been removed, or not. The only thing we in fact do not need to know is how each juror voted.
Re:Why was this "difficult"? (Score:5, Informative)
Thanks for your comments, I hope I can address them all. First, he was not fired before asked for access to the FiberWAN. And there's a big distinction there -- not only was he asked for passwords, he was asked for "access". I can understand not giving up your personal username and password, but also not allowing anyone else there own access is entirely different. However, he did go into this meeting knowing that he was being "reassigned", so I'm of the frame of mind that he actually thought he was being fired. After a long period of different claims -- including that he didn't remember them, that he himself had been locked out of the system for three months (even though he was working on it that morning), providing incorrect passwords -- he was placed on administrative leave. He was even scheduled to have a meeting the next week with the CTO of the city to discuss the matter. However, he made one of the biggest mistakes then that he could have. While under police surveillance, he decided then to leave the state and make cash withdrawals of over $10,000. He was arrested, and that's where it became a criminal matter instead of simply an employment matter.
His representation was very good and did a great job in presenting his defense. However, the prosecution was also very good and presented some pretty damning evidence. The law that he broke was a section CA Penal Code 502, specifically that he disrupted or denied computer service to an authorized user and he did so without permission. We had legal definitions provided for many terms, including "computer service" and from this we were able to determine that the ability to manage or configure the routers and switches of the FiberWAN is a "computer service". So, in a nutshell, he broke the law by denying to the COO and others within the IT group the ability to manage those routers when ordered to do so.
I too really wish the case had been dismissed, but I think the city let this story get too large and didn't want to lose face by dropping all the charges. However, as a juror I cannot allow myself to make decisions based on why I think the city did what it did or whether I think that was right or wrong. I really had to take all the facts before me and apply them to the law, and I would hope that if I were ever in court that twelve other people would do the same for me.
Re:Perspective from a Juror on this Case (Score:5, Informative)
For me, true justice (not legal justice) would have been served if they would have simply left this matter as an employment issue and never brought it into the criminal arena at all. However, that only happened when Terry Childs, under surveillance after being placed on leave, decided to leave the state and make over $10,000 in cash withdrawals. He really shot himself in the foot on that one.
When he was brought into that meeting, he was being reassigned because he could not work on the FiberWAN any more. He had spent months making engineering decisions that made it impossible for anyone else to gain access to those routers without having correct passwords. He became very possessive, and paranoid, about this network he created, and when it came time for him to release it to others he refused to do so. There were so many choices he could have made that could have diffused the situation, but he didn't do that.
Re:Perspective from a Juror on this Case (Score:5, Informative)
We felt terrible because Terry Childs had really turned around a lot in his life and our decision would negate a lot of that. I didn't violate my conscience to satisfy the letter of the law. I believe in the law that we applied. Trust me, this wasn't a matter of somebody simply refusing to give up their individual userid and password. There were TONS of other issues that played into the matter, over a period of years. He locked down the network to a point that ensured he would be required for its management, even to the point that some attempts to gain access by other people would have brought the network down.
Re:Perspective from a Juror on this Case (Score:5, Informative)
I'm glad you brought this up, because going through this trial I learned a lot about how -not- to lock down a network if you don't want to end up in this same scenario.
First, all of the edge devices of the FiberWAN were configured with "no service password-recovery". This is a relatively newer IOS command (I believe) that, in a way, disables the ability to do a standard password recovery. Actually, you can still follow the password recovery procedure, except now during the recovery procedure the router will now prompt you that password recovery is disabled, and if you wish to proceed the existing configuration will be erased. So, you can still gain access to an edge router of the FiberWAN, but it will now have no configuration in it, essentially making it useless.
The next problem was the core routers, which were 6500 series. The IOS running on these did not have the "no service password-recovery" feature, so what he did here was to erase the NVRAM and only keep the running configuration. Any attemt to do a password recovery would require a reboot, and the configuration would be gone. The core routers were not configured to load a new configuration from a remote server, but instead Terry Childs had modems connected to terminal servers so that in the event of any power outage he would be able to dial in and load the configurations back in.
As to these configuration backups, Mr. Childs kept these on a DVD he kept with him at all times. Furthermore, this DVD was encrypted and could only be decrypted using his laptop (as the encryption program required not only a password, but access to a specific file that existed on the laptop).
As for system logs, the city had no access to see what these might have said, as the routers were set up to log only to a server that Terry Childs controlled. He was the only one with passwords to that server. And not only that, he had placed that server inside a black metal cabinet with holes drilled in the side to allow cable runs, and the cabinet had two padlocks on it. Slight paranoia?
A few days before access was finally provided, Cisco discovered actually a very ingenious way to be able to get the edge configurations. (Either they did or did with help of those in the technical blogosphere). The edge devices were (if I remember correctly) 3650 series which allowed stacking. Apparently, if you are in enable mode on a new switch and then stack it to one of the FiberWAN edge devices, the configuration would sync over to the new device so essentially you have a copy of the old switch but have the ability to change the password. This was the path they were going to take with the edge when Mr. Childs provided access and it was no longer necessary. Also though, this procedure would not have helped for the more critical core devices.
Re:Physical access (Score:3, Informative)
The city didn't have the configurations stored anyplace else, and the routers were configured in such a way as to not allow password recovery. If you look at the list of city services that were being handled by this system, it's not exactly something for which you can simply declare "planned downtime" and go to work.
What folks here need to get their heads around is that (a) the managers responsible for this system are badly incompetent and handled this in the worst possible way*, and (b) at the end of the day that still doesn't matter for shit -- he still broke the law, he dug himself a hole and he paid (and likely will continue to pay) the price.
The jury found the guy guilty because he was guilty -- the mitigating factors here don't justify or excuse his actions. That's exactly what they're supposed to do, and I'm certain it's what I would have done in their place.
* One of the jurors was quoted saying this: "We had a lot of sympathy for him... He was put in a position he should not have been put in... Management did everything they possibly could wrong... There was ineffective management, ineffective communication. I think that if they put the city on trial, they would be guilty, too."
Re:Why was this "difficult"? (Score:5, Informative)
It's not merely the act of not providing a password that was a denial service. It was the over-arching issue of refusing to provide access at all. Furthermore, there was no way to gain access without significant disruption to the network. He was told he was being reassigned. Therefore somebody else had to take over those administrative duties, but nobody could as he would not provide them. He denied the COO and the entire IT group the ability to administer their own devices.
As to leaving the state, that is not itself a criminal act. Actually, these are facts I learned from the inspector after we reached our verdict. During the trial itself we did not learn the exact reason he was arrested when he was, because that information was not provided to us. From what I understand, he was already suspected of violating the penal code that he was tried on, and when he made those moves (large cash withdrawals, leaving the state), the police were worried he was planning on possibly sabotaging the network or possibly leaving, and that's when they decided to go forward with the arrest and charges.
Re:Perspective from a Juror on this Case (Score:5, Informative)
No, it was:
1. Terry Childs was informed he was being reassigned.
2. He was asked to provide access to the network which he would no longer be working on and to which he was the only one with access.
3. He refused to provide that access.
4. He was told he could possibly be in violation of the law by refusing to provide access.
5. He refused to provide that access.
6. He was placed on paid administrative leave.
7. He was arrested.
That's the order, but it's definitely hugely summarized. There were lots of other events that led up to this and were intermingled.
Re:better yet (Score:5, Informative)
The law he violated was CA Penal Code 502. That code deals with denial of computer service. He was the only person with access to a large and critical computer network. He was being reassigned and would no longer be working on that network. Obviously, you cannot have a network with no administrator(s) to manage or maintain it. He refused to provide access to that network. Not just simply refusing to tell his passwords, but refusing to provide access at all, even configuration backups. Furthermore, he configured the network in a manner which prevented any attempts to access it or reset the passwords, and in a few scenarios those attempts would have even brought the network down.
There were no formally adopted policies for computer or network security. Even then, there are common sense guidelines in the IT industry about sharing your password. But what common sense guideline is there that if you are assigned off of a project, you should then lock out the ability of anybody else to administer it?
Re:Perspective from a Juror on this Case (Score:4, Informative)
I think the police were ready to allow it to develop as solely an employment matter, while at the same time feeling that he could really be charged at any time. I think once he made those moves he tipped the police over their comfort line.
Re:better yet (Score:5, Informative)
I'll try to answer all the questions you presented. Yes, the relevant part of the law we convicted on was 502(c)(5). We were not even presented with the other portions of the penal code listed above. Specifically, he denied computer service to an authorized user without permission. The specific act here was not providing access to the FiberWAN routers and switches upon the request of the city's COO. For the permission part, he did not have any permission from anyone to not provide that access. We looked through the evidence for anything that would indicate that he had permission to deny access to an authorized user, but there was no such evidence. There was evidence, however, that it was part of his job duties to provide that access to authorized users.
"Computer services" is one of several terms with which we were provided specific, legal definitions which we were to follow. The computer service in question which he denied access to was the management and maintenance of the FiberWAN routers and switches themselves. Authorized users was one of the harder points to distinguish in this matter because there really was no formalized process to authorize or deauthorize users. However, we came to the conclusion that he knew that the person asking for access was authorized to obtain that access. This was made evident by many of the emails we had in evidence. Further, at this point, he had not been fired, but did know that he was being reassigned. Also, if they had not been authorized users, but he had given the passwords, he would not be guilty of the other sections because his actions would then have been both permitted, and within the scope of his employment because he was following the directives of his superiors. The fact that he eventually did relinquish the passwords to the mayor, I think, shows a continuation of past behavior in which if he didn't get what he liked he would simply go to the next higher person in the chain.
His actions were definitely not within the scope of his employment. We examined his job description, performance review, and many other documents to determine this. In fact, we determined that one of the main aspects of his employment was to maintain the stability and resiliency of the network he supported, and his actions actually were doing the exact opposite. Configuring a network to have no console access, to have the core routers come back from a power failure with no configuration, hiding the backups in locations unknown and encrypted -- these are all things that seem to go against what he was supposed to be doing in his work assignment.
There was a central password database (TACACS) in this case, that could have definitely been used here, but that really didn't play a large role in the deliberations.
I think the law fits this situation. I don't think anyone had really thought ahead that this type of situation would come up when it was written, but it certainly does fit. We were beyond a reasonable doubt. We actually brought that up many times as we wanted to make sure of that, and we many times did search through evidence and found things that did reinforce that.
Terry Childs was treated far worse in this matter than he should have. Personally, I think once he gave up access to the mayor, they should have dropped the charges, and at worst charged him with some sort of misdemeanor. From what I understand after the case, the bail was set so high because they were afraid if he was not in jail, he would have some sort of hidden access to the FiberWAN and would do something to damage it. However, I don't see why that bail couldn't have been reduced after the access was provided and other engineers cleaned everything up and made sure it was safe. The money that the city spent was actually spent before access was given to the mayor. This money was spent on recovery efforts by Cisco and other in reasonable efforts to regain access to the devices.
I know it seems like a clear cut case of office politics, and that's what I thought too before