Ex-SF Admin Terry Childs Gets 4-Year Sentence 432
Robert McMillan writes "You remember Terry Childs, right? He was
finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."
Re:So... (Score:5, Informative)
Well Slashdot themselves had a good article they linked to (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html) some time back. Also, the case is most likely public record. So if you are interested in all the details you should be able to request copies of just about everything.
Re:Sounds pretty fair (Score:1, Informative)
"When called on this he refused, bluffed, and finally lied."
And he also tried to flee, at which point he was arrested.
Re:Sounds pretty fair (Score:2, Informative)
Well as it happens (Score:5, Informative)
Mr. Childs DID have a peer (or more realistically a better) on his jury. One of the jurors has a CCIE and works in network. See http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] for the details. Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.
The problem is that he flat out broke the law, and it was pretty obvious he knew he was doing wrong, he just thought they couldn't touch him. He had become infected with the sysadmin diesase of thinking that he owned the systems and could do as he pleased, and that he could make himself indispensable.
So sorry, but don't try and pass this off as "stupid jurors." The man had someone with the peak of network training sitting on his jury.
Re:Sounds pretty fair (Score:3, Informative)
He wasn't fired. He was apparently going to be reassigned to a new job, but not fired. While still employed and in preparation for his new assignment (obviously someone else was going to have to have access to the system he was no longer going to be running) he sat in a room with an authorized person (who he had e-mailed passwords to certain of the routers the previous week), an HR person, and a police officer, and didn't turn over the passwords to the rest of the system when asked.
Child's situation has nothing to do with the scenario you describe because he was *employed* at the time and talking to his *current* boss.
Re:Justice is Served (Score:2, Informative)
Is assault & battery funny? Of course not, but it is when the Three Stooges did it. Is gun violence funny? No, but we laugh when Yosemite Sam does it. Bad things are funny. Really bad things not so much, and there's no real objective way to draw that line, but something like a male criminal getting it in the pooper...well, pretty overdone, not too funny, and in the end you would hope it doesn't happen as the punishment would be nowhere near close to fitting the crime (I would certainty hope they're not holding him with violent criminals who would do that sort of thing), but I don't get all the righteous indignation over merely mentioning it in some sort of attempt at humor.
Re:Technology / Hacking Laws (Score:5, Informative)
I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line. .
You're not the first to think of such an idea, it actually has a name. I learnt about it way back when I was doing Legal Studies as a subject during my VCE (Victoria, Australia's version of your typical high school certificate).
So anyway, we did a unit on Juries and the different types and how we ended up with the one we have today in our legal system. One of the jury types that were turned down was exactly how you described and I recall thinking "that actually sounds like a good idea". The reason that it's not used (at least, according to my text book) was that juries who were in the same line of work as the defendant tended to be unfairly harsher then your stock standard jury.
For example, say that in this case, all the jury members were IT networking professionals (yes, I realize in this case one of them did have a CCIE). There's the tendency that all the jury members would think "Well, this guy just brought down our entire industry and did something I would never do -- let's give him [insert harsher verdict/sentence than a standard person would give]"
I know, for example, if I were put on a jury for some guy who allegedly made a botnet and was hiring it out for the highest bidder, I would certainly be giving a very harsh verdict/sentence.
That all said, I can't for the life of me recall what this jury type was called, and my 30 seconds on Google didn't find a result, so please take this post as [citation needed].
Re:Sounds pretty fair (Score:5, Informative)
Re:So... (Score:5, Informative)
Sorry, that is not the definition of theft. Here is California's definition [ca.gov] of theft. The item taken need only be "property", not an object, and includes services. There is no stipulation that the taker have no intent to return the item. In Child's case, if his withholding passwords were indeed thought to be theft, the value of the property would make it grand theft. Interestingly, since he didn't use a firearm, the maximum sentence would be one year. Though, I suppose the state could file a civil suite against him to recoup their losses. Not sure how that works.
Re:No but you have to give them access before you (Score:2, Informative)
Not exactly true.
If you happen to have keys to company doors on your keyring, you are required to return them. If you happen to have been given a company car, you are required to return it.
Just because you have been fired does not mean that you are free to keep whatever company property you may have in your possession. The question then becomes whether passwords are considered company property.
Also, as pointed out elsewhere... An administrator that had so little common sense as to not plan for his untimely demise (as in others already have those passwords should he suddenly die), should really be considered as nothing more than a bumbling fool by real professionals.
And yes, I believe most people would consider any code or other work-product on your computer but not yet committed to source control as company property (they already paid you for providing it) so you must help them access it. Yes, most company network admins can do this with their accounts and that can be considered good enough.
Re:So... (Score:5, Informative)
What I'm going to be more interested in is the appeal. There's no way that he isn't going to try and appeal, and if as much of it has been glossed over or ignored as it seems to be at this time, he may get the conviction and any financial penalties overturned.
Factual disputes are for the trial courts.
You must raise the issue there and you must do it clearly and competently.
You won't be given a second chance on appeal.
The court of appeals is only interested in whether the judge or jury made a fundamental legal mistake in their handling of the case.
Re:So... (Score:4, Informative)
>>>Theft is when you take away something [an object] that belongs to someone else, with the intention to never return it.
Precisely. Childs denied the owner his property (the passwords) or use of other property (the computers). He deserves every year of that 4 year punishment for being an asshole. There is absolutely no justification for his actions except in the minds of *other* assholes.
Like my ex-boss.
Re:No but you have to give them access before you (Score:4, Informative)
And you're leaving out the fact that Childs had CC'ed the person asking for passwords a week earlier, on an email containing a list of usernames and passwords that he had set up. What changed in the intervening week, where the guy who you claim "wasn't authorized to have them, by city policy" was deemed an authorized user by Mr. Childs, and the day he was fired, when suddenly Mr. Childs decided he wasn't authorized?
For all the people claiming that giving out passwords constitutes "working for free after you've been fired," stop and consider this: what constitutes more work - saying (or writing) down one sentence - "The password is XXXXXXXXX", or enforcing your version of an employers' security policy for them after you've been let go ? Less than 10 seconds of writing or speaking, versus a 4 year jail term, and years spent in courts over a ridiculous semantic issue?
Re:So... (Score:4, Informative)
Factual disputes are for the trial courts.
You must raise the issue there and you must do it clearly and competently.
You won't be given a second chance on appeal.
The court of appeals is only interested in whether the judge or jury made a fundamental legal mistake in their handling of the case.
"Fundamental legal mistake" includes interpreting a statute with an overly-literal eye. The Appeals Court will get to reverse if it finds the legislature did not include Childs' conduct when using the statutory language. IAAL