San Francisco Just As Guilty In Terry Childs Case 330
snydeq writes "Deep End's Paul Venezia follows up on the Terry Childs sentencing, stating that the City of San Francisco is as much at fault in this case as Childs is. 'The way that the San Francisco IT department has been run is nothing short of abysmal, and that has been pointed out time and again by anyone paying attention to this case,' Venezia writes. 'Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.' Worse, perhaps, is the disproportion of the sentence, when compared with recent convictions for intended malfeasance on the part of several notable rogue IT admins."
A better link (Score:5, Interesting)
"Printable version". [infoworld.com] TFS's link is to a two page version with six paragraphs per page.
That's a keeper... (Score:2)
Re:That's a keeper... (Score:4, Funny)
Re: (Score:3, Funny)
Re:That's a keeper... (Score:5, Funny)
"rogue IT admins" are the only thing worse than, "mall ninjas." [lonelymachines.org] *Dunt, dunt, duuuuunt!*
Re:That's a keeper... (Score:5, Funny)
"rogue IT admins" - I find that phrase humorous for reasons I cannot explain.
That's a typo. This IS San Francisco we're talking about - they almost certainly meant to say "rouge IT admins".
It's a question of policy (Score:3, Insightful)
Frisco's policy in this case is: "Punish what you can't understand".
Re: (Score:2)
The S&M capital of the world?
Re: (Score:2, Insightful)
The major (presumably a valid password agent) asked for the password over an open speakerphone while in the presence of a half dozen other people who were not valid password agents.
The boss did something similar (asking for the password to be given to him in an invalid manner).
Childs was screwed no matter what he did. Was he paranoid and did he overreact (probably).
Is the punishment legal? (sure), fair? (obviously not).
It's legal to give you a ticket for doing 66 in a 65. And to do so with cameras so you
Re:It's a question of policy (Score:5, Insightful)
Re: (Score:3, Informative)
Following his employers rules?
Okay, so you obviously haven't actually read anything but slashdot summaries.
Before the police were involved, he was given several VALID ways to turn over the passwords.
He broke policy FIRST but not using the City supplied configuration and password management system which he was supposed to be using ... according to city policy.
Had he followed ALL the rules, he'd have just been fired and there would be no story.
He selectively picked policies that suited his agenda and ignored
Re:It's a question of policy (Score:5, Insightful)
That's right. If he had been smart he would have just "deleted all company email, caused the email servers to spew out spam, and intentionally crippled at least some servers, rendering them inoperable [infoworld.com]" like Stephen Barnes did and been out of jail a year ago. Or perhaps he could have "deliberately and painstakingly attempted to sabotage the company he worked for, intentionally writing scripts to destroy valuable data [infoworld.com]" like Yung-Hsun Lin did and he would be out of jail in three more months.
But he got a much harsher sentence despite having not caused a single minute of outages on the network he was accused of conducting a denial of service attack on. Maybe someone ought to write (or read) an article comparing these widely disparate sentences.
Re: (Score:3, Insightful)
Childs's defenders keep bringing up this moronic argument, and I really don't understand why.
Here's how a competent human being handles that:
Re: (Score:3, Informative)
Almost always, I have mod points. And I use them as best I can. And I agree with your sentiments mostly. Problem is, your post leaves me wondering if I should mod it as insightful or flamebait. Tone down the rant a bit, and you'd get insightful, but imho this is flamebait. And stupid. Just an fyi.
Re:It's a question of policy (Score:5, Informative)
By that time, he'd already committed what he was convicted of.
Childs refused to record passwords, in direct violation of policy. When being moved from his current job, he refused to hand over passwords etc. in any environment, again in direct violation of policy. He then prepared to leave town without handing them over.
No competent sysadmin sets things up so he's the only person with the passwords, so that the network is simply screwed if he's hit by a bus. Childs went one further: he had the password for a file on his personal laptop that had the passwords in it. Had his laptop been destroyed, or the file system corrupted, the passwords would be lost.
Re:It's a question of policy (Score:5, Insightful)
Precisely. Whatever else Childs is, he's a shitty administrator. Do you think the city's chief comptroller has the only set of keys to important confidential accounting files? Do you think the city's chief personnel/HR officer has the only set of keys to personnel files?
As much as all of us IT guys have our moments of self-delusional self-importance, we are, at the end of the day, simply another aspect of any given organization's total infrastructure, and are bound by the same rules, and by the same basic set of good practices. You keep copies of keys, passwords, pass codes, whatever in a secured place. You don't keep them on laptops. You don't keep them in your head. You make damned good and sure that if you were hit by lightning the next morning your employer can assure continuity of operations. That is the most fundamental job anyone in a position of any kind of managerial authority in any organization has.
Re: (Score:3, Insightful)
Didn't the guy offer to give the passwords to the Mayor but not to his boss, by his bosses (or department's) own policy?
I've not seen any evidence that the policy actually existed, outside of his imagination. If it was in writing, did the defence subpoena a copy and present it as exhibit?
And people ask about my new sliver hat (Score:4, Insightful)
Re: (Score:2, Interesting)
I would guess it involves political influence and personal pride, both pushing up the sentence because someone's feelings and "good name" were hurt by his actions.'
AKA Childs made the Mayor upset and look bad, end of story. Politics is never "fair or balanced" and it sure doesn't follow rules.
Re: (Score:2)
Re: (Score:2)
Judges are free to toss out jury findings at any time, when it is felt it is in conflict with justice, or if its felt the jury did not understand what it is they were to do. In a courtroom, where its obvious the prosecution is extremely biased, has reason to be biased, a judge has an obligation. That's exactly why he's there in the first place.
The fact the judge didn't do his job absolutely means he is part of the problem. As you rightly point out, other areas need to be addressed, but when a judge is actua
Comment removed (Score:4, Funny)
Re: (Score:2)
Re: (Score:3)
In my opinion, the judges aren't the problem, it's the system in general. Prosecutors are pressured into going for maximums, and having a 100% conviction rate. In order to put together a successful defense, one must spend thousands of dollars. The laws themselves frequently do not take into account the severity of the crimes (see convicted song pirates).
This isn't even taking into account the police, who will also do everything they can to guarantee a conviction. It seems that we have moved from a legal sys
Bad Headline... TFA not much better. (Score:5, Insightful)
You can skip reading TFA; all of it that's relevant to the headline is in the article summary.
Most of the article is pointing out other people who did worse things and got lighter sentences. Frankly, I think that's a useless argument; for any crime, you can just about always find someone who committed a greater crime and received a lesser sentence. So what?
I think there's a lot of an interesting dialogue to be had about the Terry Childs case, but this particular article doesn't add anything to that discussion.
Re: (Score:2)
Re: (Score:2)
Frankly, I think that's a useless argument; for any crime, you can just about always find someone who committed a greater crime and received a lesser sentence. So what?
So it starts to mean something when the prosecution has a vested interest and EVERYONE else who committed a greater crime of the same nature got a lesser sentence in the very same court.
Re: (Score:3, Insightful)
The only thing I can really get behind in the article is the fact that Childs was in jail for two years before his trial began. That sounds very much like a violation of his right to a speedy trial to me.
The rest, though, is pointless rambling about the nature of the legal system (even though he doesn't frame it that way, that's the heart of his problem).
He mentions a murder case where the murderer received a 1 year sentence. However, nobody has ever been convicted of murder and gotten a 1 year sentence.
Re: (Score:2)
Childs undoubtedly waived his right to a speedy trial, like many, many criminal defendants do (and like Kevin Mitnick did, on multiple occasions, all the while dishonestly claiming that he was being denied his right to a speedy trial).
Re: (Score:3, Interesting)
Game's rigged. If you don't waive your right to a speedy trial, the prosecution will ensure you don't get the information you need to defend yourself until it's too late.
Re:Bad Headline... TFA not much better. (Score:4, Interesting)
The prosecution has to disclose everything before trial. If they do it late enough, you probably have a good argument for appealing. Actually long delays tend to help defendants, because the older the evidence and witnesses get, the weaker the prosecution's case is.
So What???? (Score:4, Insightful)
What do you mean "so what"?
First there's the question of precedent [wikipedia.org].
Second there's the question of just punishment [usconstitution.net]
That May Be True But... (Score:5, Insightful)
I think geeks are confused (Score:5, Insightful)
While the city may have a shitty IT setup, is that illegal? Probably not. However what Childs did WAS illegal.
That is the difference. I know that some geek types seem to think the law should be whatever strikes them personally as fair but that isn't how it works. Childs broke the law, he was tried and convicted of it (and one of his jurors had a CCIE so none of this "stupid jury" bullshit).
If the city is being negligent then a lawsuit can, and should, be brought against them. None of that makes what Childs did right or legal.
Please, please would all Slashdot posters go and READ UP ON THE CASE before posting. The facts please, not the opinions form mother Slashdotters. So much uninformed kneejerk here. Slashdot itself had some good links, including one to an interview with aforementioned CCIE juror. How are you any better than the people you like to look down upon if you cannot be bothered to get your facts straight for something you have strong emotions about?
History of the World (Score:5, Insightful)
It's good to be the king.
Re: (Score:2)
More than one person to blame -- that's unamerican (Score:5, Insightful)
Wow, a nuanced view of the problems.
Before this post gets modded as a troll or flamebait, it is my humble and sincere view as someone born and raised outside the USA, that Americans are often obsessed by finding a single cause for a problem and the idea that there might be multiple causes is rarely explored.
Re:More than one person to blame -- that's unameri (Score:5, Insightful)
The problem lies in that most US people seem to equal justice with revenge.
Re: (Score:2)
Re: (Score:2)
The problem lies in that most US people seem to equal justice with revenge.
Oh great. Another example of us not understanding equals! [slashdot.org]
The Parent nailed it! (Score:5, Insightful)
Furthermore, justice AND revenge both do not mandate prison and/or being subject to physical or sexual abuse. There are many things that can be done in BOTH cases besides the obvious one. Prisons cost too much money and have too much lobbying pressure to maintain or grow the punishment/revenge system we have today.
Having pedophile tattooed on your forehead should be enough...
Terry Childs is going to have career problems for life, no need to waste money holding him in a cage as if he was a wild animal threatening the peace - or even put an invisible fence around his house is not worth it.
Re:More than one person to blame -- that's unameri (Score:5, Interesting)
I would suggest it isn't so much an "American" trait as it is a convenient news tactic in America. People naturally want answers to questions. The neater and tighter the answer, the more readily it is accepted by the masses, which, of course, means that the news makes more money because they are more trusted. Simplicity is a hallmark of human (not just American) thinking - this takes different forms in different cultures. The main Western logical process is distinct from Eastern varieties but simplicity within the given culture is the tendency. Looking at modern history books covering the Renaissance and comparing them with 19th century history books of the same, we have a much broader viewpoint than those writing in the 1800s had. This is in part due to different access to resources, but in part due to the development of thought over time away from the natural reaction: Simplicity.
Now, with all that said, this is only... one facet of the change in thought patterns over the past century.
Re: (Score:3, Insightful)
Re: (Score:2)
I'm not against a nuanced view of a problem, but I don't think this article actually is that.
It's more like the equivalent of grounding your kid for two weeks for shoplifting and having to hear about how all his friends got punished less for stealing bigger things. It's more a misdirection than a thoughtful examination of the issue at hand.
That's not to say that I'm advocating for what happens to Childs as fair/appropriate, incidentally -- only that I think this article makes a very weak argument against i
Re:More than one person to blame -- that's unameri (Score:5, Insightful)
You mean kind of like how a lot of non-Americans like to find the property of "being an American" as somehow intrinsically to blame in so many situations?
All people need to simplify. You will never understand everything, so you research carefully the things that interest you, and everything else needs to be ignored or fit into a bite-sized piece of intellectualism that you don't need to give any thought to. Nationality has nothing to do with it.
boycott SF (Score:2)
We may not be able to bring any sense of "justice" to this act, but there should never be another computer-related event in San Francisco, and anyone with any sense of what really happened to Childs (regardless of his own aggravation of the incident) should also boycott the city.
The slightly smaller number of tourist and convention dollars will take decades to balance the scales, but it's worth a try.
Heavy sentence? (Score:2)
So here's a question. If people are concerned about the magnitude of the sentence, what's the REAL problem? Some people say "others got light sentences so he should too"... I would ask "is the real problem that others' sentences were too light and this is the first time the punishment fit the crime?"
Now, whether Childs is actually guilty of a crime is another matter. I wasn't in the jury; neither was anyone else here. We don't have all the facts, and the facts we ARE seeing are carefully picked by people
Re:Heavy sentence? (Score:4, Informative)
That's actually not true.
http://slashdot.org/comments.pl?sid=1633482&cid=32008096 [slashdot.org]
one of us actually was on that jury
Re: (Score:2)
What it all comes down to is intention. If he intended something malicious, the sentence is entirely appropriate. If he did not, he should not serve any prison at all. There's really not a lot of room for gray areas here.
Incorrect. You are talking about two separate crimes here: a crime that occurred, and a crime that may or may not have been intended to occur, but did not. The former he should be tried for, and convicted of, and punished appropriately. The latter is conspiracy to commit a different crime - conspiracy is a criminal charge, which he could be tried and punished for. This is what keeps punishments appropriate for crimes; if I try to burn down your house but only succeed in breaking into your garage, I deserve
Why the sympathy?? (Score:2, Insightful)
Re: (Score:2)
Lots of people have to work under supervisors who are total idiots. That doesn't give anyone the right to sabotage their supervisor or their company. What he did was basically blackmail: "Let me talk ot the mayor or I'll keep you locked out of your network." You can't let the guy off easy just because he happened to be harmless. Next time, you might not be so lucky.
True, but at the same time there's no need to throw him jail now, is there?
Re:Why the sympathy?? (Score:4, Insightful)
Because we have more than a couple of Terry Childs like people on Slashdot. You may notice that there are a fair number of posters here who are quite anti-social, and anti-authority. You also many notice that they think their technical skill makes them much smarter than everyone else. This tends to lead to a mentality of "My boss is an idiot and I should be the only one who makes any decisions on the computers." Maybe they've even forced that in their work. So they are sympathetic because it is the kind of thing they either want to do or have done, and they are worried that they might get in trouble.
Basically they are like him, and thus that makes them feel that his actions were correct.
Re: (Score:3, Insightful)
In the Childs case, he did withhold them from his Manager, and the Mayor (CEO) at first.
Doesn't matter. It wasn't his network. Just like the network you manage is not your network. If your boss decides it's time
Run Away! (Score:4, Informative)
FTA: "When faced with dangerously incompetent management, it's best to just look for another job."
I found this a very telling statement. If your management are bozos, don't try to change them or point out their bozo-ness. Just pack up and move on. They hold all the cards. You will be punished for trying to fix anything that makes them look bad.
How very sad and defeatist.
- Jasen.
Re: (Score:2)
I found this a very telling statement. If your management are bozos, don't try to change them or point out their bozo-ness. Just pack up and move on. They hold all the cards. You will be punished for trying to fix anything that makes them look bad.
The question I'd put to you in response is: have you ever had a job where your managers were not only bozos, but the kind of bozos who would attempt to blame you when things inevitably went wrong?
I have, and you know? I can play that office-political game well e
Re: (Score:2)
FTA: "When faced with dangerously incompetent management, it's best to just look for another job."
I found this a very telling statement. If your management are bozos, don't try to change them or point out their bozo-ness. Just pack up and move on. They hold all the cards. You will be punished for trying to fix anything that makes them look bad.
How very sad and defeatist.
- Jasen.
Very sad, very defeatist, and usually, very, very true.
Making the point, winning the battle, etc, will all cause you to lose the war. People in positions of power tend to enjoy appearing as though they deserve to be there. Demonstrate the opposite and watch your life become more difficult.
Back to Childs, well, unfortunately he chose the high road. Civil disobedience carries a punitive cost, and it seems he'll be paying a while longer. The rest of us elect instead self-preservation, whether that be to fe
Re:Run Away! (Score:5, Interesting)
I've seen many people fight and lose in that situation. It was never pretty, and it didn't work.
However, after the 5-10-15th person leaves a department and tell HR that disagreements with management was their reason to leave, Someone might do something about it. I just saw it happen a few months ago. People were even refusing headhunter calls alleging that their network claimed that the work environment was unacceptable.
If the next level of management fails to realize the problem after most positions becomes revolving doors, they'll go under anyway.
Yet another "There oughta be a law" rant (Score:4, Interesting)
Well, guess what. No matter how much you may think it, generalized poor management is not actually a criminal offense. Whereas, denial of service is.
Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"
Was the ordinance used to convict him fair and reasonably applied? The only opinion that matters is the jury's, and they thought it so.
IMHO, Childs may have started out with the best of intentions in his "stand", but it escalated into a pissing match. And you really can't out-piss senior municipal managers and politicians, so you can indict Childs for picking a losing fight.
Re: (Score:3, Insightful)
Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"
No. That isn't justice. Justice IS about fairness. Justice comes first, and laws are supposed to support justice.
If all you have is a set of laws and the stated punishment for breaking them, all you have is the worst kind of bureaucracy. Assuming that laws are always right is one of the worst things you can do.
Typically, laws are not based of facts or rational arguments. They are based on which direction the politics of the day is blowing.
Laws are written by lawyers and lobbyists for benefit the few and pow
Custodial sentences for non violent crimes (Score:5, Interesting)
The Economist ripped the US a new one [economist.com] last week for locking up too many people, many of them non violent offences. It wasn't so long ago that people were hanged for stealing a loaf of bread, but we backed off from excess punishment (probably a little too far in some cases). But the United States the trend seems to be regressing thanks to grandstanding politicians and bloodthirsty voters who won't countenance even the slightest hint of being "soft on crime". With the way things are going, I truly think that the US will soon bring back public executions before long and will be indistinguishable from countries like Iran in how they deal with crime.
Re:Custodial sentences for non violent crimes (Score:5, Informative)
But the United States the trend seems to be regressing thanks to grandstanding politicians and bloodthirsty voters who won't countenance even the slightest hint of being "soft on crime".
That's not even the end of the story. Don't forget that a growing number of prisons in the United States are being privatized. There have already been cases of judges who have been convicted for imposing harsh sentences without appropriate judicial review, because they were accepting kick-backs from the prison industrial complex.
Re:Custodial sentences for non violent crimes (Score:5, Insightful)
Once, as a young prosecutor, I asked what the big deal was about child rape. I was so naive and ignorant. That naivete was extinguished (to my embarrassment) when I was told of infant rape victims.
We are all naive and ignorant about important things. You are no exception. So please don't take it too bad when I say the following:
You idiot! Don't you know that a HUGE proportion of the homeless are MENTALLY ILL? Their CHOICE is often between living on the street (cheaply) or living in an institution (at great cost)?
P.s. Ayn Rand was a hypocritical ASS!
Sooooooo sick of this drama (Score:4, Interesting)
The dude wouldn't turn over passwords when ordered by his Senior Associate. That's just insubordinate in any circumstance, regardless of the job, and will get your ass fired in most places. Terry could have handled things differently if he didn't trust his immediate supervisor, but he didn't. He chose to lie all the way up the food chain and took the for-the-good-of-the-network chip on his shoulder with him.
Jail time is ridiculous (Score:3, Insightful)
What's he going to do, get another IT job and offend again? They should have given him community service. The guy's career has already been wrecked.
We are way too much about jail in California and the US. You shouldn't go to jail unless you are violent, or an incorrigible repeat offender. California is bankrupting itself putting taxpayers in jail for crimes like these and for smoking, it is fucking crazy.
Netcraft Confirms Infoworld Editors are Dying (Score:3, Funny)
Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.
Wow, that metaphor is more confused than an eel at a hovercraft convention. The word on the street is that Infoworld editors are sharper than tacks, but when the rubber hits the road it seems the prose flies like a banana.
Re:Not Surprising (Score:5, Insightful)
Did a good job? The guy was keeping passwords and router configs in his head. He may be the best IOS programmer around, but that isn't the mark of a good job, that's the mark of an incredible idiot.
Re:Not Surprising (Score:5, Insightful)
Worse it is the mark of a megalomaniac. He was convinced he has made himself indispensable, that by keeping knowledge to himself, and endangering the systems in doing so, made his job totally secure. He though he ruled the roost and nobody could fire him. He found out the very hard way he was wrong. As the saying goes "The graveyards are filled with indispensable men."
The most important think in an IT person is that they are trustworthy. They have amazing access, and this that comes amazing responsibility. They need to be trustworthy to not abuse that access. He did, badly so. As such he really should never work in IT again. He's shown that he can't set aside his ego and such a person has no business having system level passwords.
Re:Not Surprising (Score:5, Insightful)
Re:Not Surprising (Score:5, Insightful)
Whether he does or doesn't will be up to his lawyer to convince on appeal. The broader point here is that a whole lot IT guys seem to blindly be supporting him because he followed the letter of his contract to insane degrees. They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle.
If this was such a big concern for Childs, why didn't he have these key passwords and router configs in the Mayor's office. Surely the Mayor has a safe or some other secured storage whereby this critical data could be securely stored in the event that the Mayor had to appoint someone else responsible. Where I work we have a safety deposit box where the originals of all the purchased software is stored, as well as a CD and hardcopy of all the passwords are stored. While it would probably be a bit difficult to keep going without me around, the guy that comes in after me would have a reasonably decent head start.
However harsh the sentence may have been, the fact is that Childs was a shitty IT manager. Being an IT manager is about a helluva lot more than being a clever router hacker, it's about documentation, about appropriate systems, and just as importantly about assuring, for whatever reason, that a smooth transition of IT management from one person or another can be accomplished. Childs didn't set up that damned network to benefit his employer, he set it up so that he was the cornerstone, and while the city has to take a lot of blame for not keeping a better eye on him, he violated some very basic tenets of sound IT operations and management. AS I've said before, I wouldn't hire the guy to manage a popsicle stand, I don't give a crap how brilliant he is.
Re: (Score:3, Informative)
Re: (Score:2, Insightful)
What if he worked in a different field?
He works in IT. Specifically, as a sysadmin like myself. That is extremely relevant to the case, and the fact of the matter is, as sysadmin, the very first rule is to never be the only one with access. Maybe put the password in a sealed envelope in the CEO (or Mayor's) safe, but make sure that several people know about the envelope.
Re:Not Surprising (Score:4, Insightful)
I like that rule, I wish it could always be the case too! I'll give you a real life example of my situation. I created said envelope with all the key passwords and sensitive documentation to allow another to step in should I be hit by a bus. It was placed in the safe in the CFOs office.
You may or may not have guessed it but the CFO was fired and his position was removed. Since this was an executive decision they of course waited until way too late to tell me. The COO and Controller emptied the safe and now I do not know where that paperwork wound up. I changed my critical passwords and VPN encryption keys. Then the time came where they wanted the list of passwords. I asked them where the old list was and I haven't heard anything since.
Now for my own sanity I still keep a copy of the records but it is no small feat to change all the sensitive passwords so I keep them in the safe of the owner who has already twice forgotten that he has it. He asks me for it personally sometimes. If the time came I don't believe he would know its in his safe.
This is why I can feel at least some sympathy for Terry Childs although he definitely didn't act in any way professionally. He deserves to be punished but his punishment doesn't fit the crime given what's been brought to light about his management.
My other question is why in a city the size of SF was there only one person responsible for critical city infrastructure? If two people had been working together the whole time then the project would never have been in jeopardy unless Childs managed to corrupt the second guy which I guess is possible if some the ineptitude of management was in fact true.
Re:Not Surprising (Score:4, Informative)
" Then the time came where they wanted the list of passwords. I asked them where the old list was and I haven't heard anything since."
You realize that this is dangerously close to Childs' attitude.
When they asked you, you should have (as I would) informed tham that they had a list of the passwords from the CFO's safe. You have since changed them, knowing the safe was 'compromised', and you did not know the disposition of the contents. And then you should have delivered without hesitation, to the CEO, owner, or their authorized agent, the new passwords. And perhaps a written admonition to notify you whenever a critical exeuctive or manager is dismissed, so that you can take appropriate action.
When I was installing small-business systems, it was expected, mandatory, that I leave the business owner with those passwords and access details. When we provided access for our clients, the router configs were delivered on floppy (this is a while ago), and passwords again made delivered as well. Where they had a trustworthy or critical telecom or cable provider, they also got a copy of passwords. All of these also got a disclaimer, that if the passwords were compromised or given to unauthorized agents, or changed without notifying us, our responsibility for the functionality of the system, and SLAs, terminated as of the action, not on date of notification. I had two or three incidents where the passwords, etc., were misused or compromised, and we did not have any real difficulty with the client. Once they changed providers and the new provider ran roughshod through the network with predictable results. We explained the policy, and they clammed up. The owner blamed us, but in a year we were 'back in'... In anothe case, the owner changed consultants and ditched us, and made the changes in the middle of the night without notice. Hey, it's a 'Haitian divorce'. When he did notify us, we of course offered all asssistance, and saved the new player a lot of time figuring things out. That old boss saw no value in further annoying disgruntled customers or competitors. But if a client ever asked me for passwords, they got them. It's their system. If they really wanted to mess it up, they paid for it.
Oh well, my $.02
Re: (Score:3, Informative)
The point that I haven't heard anything since is pointing out that they screwed up and didn't want to admit it but couldn't point the finger anywhere else. I suggested to the COO and the CEO/Owner that we just keep it in a safe at his house. I regularly work up there too so it makes keeping the thing up to date relatively simple. Make no mistake, I am never the only person that has a production password.
I definitely hold the people responsible accountable and the chain of command is jacked here as I've bee
Re: (Score:3, Informative)
I wasn't attempting to measure the justice, or lack of justice, in the sentencing. You do bad enough to go to the courts, well, be ready for whatever comes down. There's nothing in most legal traditions that require every sentence for a crime be identical. It will be up to Childs' lawyer to try get the sentence overturned, reduced, new trial, whatever.
What I'm commenting on is the way in which a lot of guys around here just endlessly defend Childs, at best only giving a brief nod towards the fact that he
Re: (Score:3, Insightful)
So he was bad at his job. But here's the question you're only giving a brief nod to: is being bad at your job a crime worse than murder?!
Re: (Score:3, Insightful)
exactly! He DID give the passwords to the network's "owner" that was the Mayor within "reasonable" time, less than a week after being locked in jail. And he did so without any kind of civil court order to turn over the "property" so the city never actually established in court that they OWNED the property they accused him of "stealing". The PROPER procedure to follow would have been to get a judge to issue an order for Childs to turn over the "property", then they would have easily had him for contempt of
Re: (Score:3, Insightful)
So 4 years is just and appropriate because he was a shitty admin and had a bad attitude?
I may not personally feel sorry for him (haven't given that aspect much thought), but this is clearly a gross miscarriage of justice, and that outrages me regardless of the target.
Re: (Score:3, Insightful)
And all of it could have been avoided if Childs actually knew what being a system/network administrator actually meant.
More importantly the four year sentence could have been avoided if the courts actually upheld the constitution and laws of this country. Instead its much more common for the 'authorities' in any branch to react on a personal level, and really stick it to the people they don't like regardless of whether or not its appropriate. THAT is the real crime here. Personally I keep that in mind- and
Re: (Score:3, Insightful)
Childs wasn't just a jerk. He was an incompetent. The big mistake was ever letting the guy have even the smallest amount of meaningful responsibility.
Re: (Score:3, Insightful)
Childs wasn't just a jerk. He was an incompetent.
Are still on that?
If being incompetent in IT is a felony, we need a hell of a lot more prisons.
He certainly sounds incompetent, but he's in jail because hes a jerk- and thats _wrong_.
Re: (Score:3, Insightful)
OK, consider if he were to behave like that in a bank. In a bank, he could hold money hostage, and cost the bank a fortune. So most banks implement separation of duties policies to prevent stuff like this, and their procedures would prevent a megalomaniac from rising to this position in the first place.
So we know there are proven procedures to protect a company from malicious admins, and those procedures are not secret. They could have been implemented by his bosses in city hall. But they weren't. Yes,
Re:Not Surprising (Score:4, Informative)
"They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle."
Which is a management issue, not a technical one, so the one to blame must be a manager. Was Childs in a manager-level position or in a "mere" technical one?
"However harsh the sentence may have been, the fact is that Childs was a shitty IT manager."
Truly so. But was he in a managerial position to start with? All I can find about him is that he was a "network administrator", a "network engineer" or an "IT administrator", never a manager, so he was not the one to say how the passwords should have to be managed nor the one to deal with policy violations. In fact, as per this reference (http://blogs.sfweekly.com/thesnitch/2010/08/terry_childs_sentenced_hacker.php) it seems clear that upper SF management agree this being a case of bad management: both Terry's direct manager and the security manager were displaced (they are not fired -yet, probably not to ashame that very SF upper management).
Re: (Score:3, Insightful)
It what way is he worse than the person that started it all off - the woman the was caught by Terry Childs in an office she shouldn't have been in and removing the hard drive of the person responsible for network security? Certainly authority was given later after the person responsible for network security resigned, but it looks like Terry Childs is a very minor case of overstepping authority in his own department. The entire thing is petty office politics in a disfu
Re: (Score:2)
Did a good job? The guy was keeping passwords and router configs in his head. He may be the best IOS programmer around, but that isn't the mark of a good job, that's the mark of an incredible idiot.
You're right. He should have written the passwords on a sticky note on the side of his monitor, as all of the best books on security recommend.
Manager's responsibility (Score:2)
Who hired that idiot? I keep seeing people here state that Childs is a total egomaniac and deserves punishment for that. But who is responsible for Childs? His managers, of course.
Managers exist to manage people. Childs had the obligation to know how to manage routers, his managers had the obligation to know how to manage Childs.
Childs was one part in a big system, if he wasn't performing correctly someone else should have noticed this and replaced him, just like Child
Re: (Score:3, Informative)
This is a "productive. talented person"? Whether or not the city was run poorly (it is a city government, so it probably was) the fact is that he was holding the router and password configs hostage. Forget him getting fired and everything that happened, what would have happened if he got hit by a bus? He can claim that the other people were idiots, but idiots with access is better than a single person with access who dies, because then no one has access. I can even sympathize with holding the passwords,
Re: (Score:3, Interesting)
(1) Childs was wrong. You don't withhold passwords from your employer. It's his property, and he's allowed to be an idiot with his own property.
Please cite a legal authority for your assertion that passwords are "property". Since they are intangible, I can only think that Intellectual Property laws would have bearing on that assertion. But, since the passwords were neither patented nor trademarked nor copyrighted (copywritten?), I don't see how your assertion can hold up.
In any case, even if you could make a "property" argument, that's not the basis of his conviction. He wasn't convicted for stealing the city's "property". He was convicted under an
Re: (Score:2)
Sorry to followup on my own post, but I neglected to mention the Free Speech aspect of this case. Free Speech means, in part, that (unless life or limb are in imminent danger, perhaps) one cannot be compelled to speak. But that's exactly what happened here. He was forced, by an "anti-hacking" statute, to utter something upon which he obviously preferred to stay silent.
Along Constitutional lines of thought, as a "what if" experiment, I wonder what would have happened if Terry had invoked his Fifth Amendment
Re: (Score:2)
I agree with your points about IP and what this decision means for future IT folk. I wouldn't blame the jury for the result, though.. Most of the problems that I had on a jury were that all of the interesting stuff happened before the trial. That's when the discovery took place and various motions occurred on what would be allowed and what wouldn't. By the time the trial happened, we were only allowed to see a small part of the testimony with some huge holes in it. We had to decide the outcome based on
Re:Run (Score:4, Interesting)
Go put a chain and padlock on your neighbor's gate and see if you get in any trouble. You haven't stolen his property, so everything should be a-ok, right? (Heck, you haven't even trespassed, since he has to warn you once before it's a crime)
He denied access to the replacement administrators. They are authorized users of the system's configuration utilities.
Only because you're trying really, really hard to turn this into something it's not. Not turning over the passwords blocked the new adminsitrators from accessing the systems, just as if he DDoS'ed the management ports.
Re:Run (Score:4, Insightful)
True. The servers were property and he was withholding access to that property.
Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-users, only that his inaction (i.e. his initial refusal to disclose passwords after his employment was terminated) temporarily inconvenienced administrators,
The administrators are authorised users as well. They are authorised at a higher level. Why does the anti-hacking statute not cover this?
But the law doesn't really work like that. Intent is quite important. It seems likely that Childs deliberately arranged things in such a way that it would be extremely difficult for his replacement to administer the servers he had a right to administer.
What is even more amazing is there was a (supposedly) tech-savvy member of the jury, who should have been able to explain what a crock this was, but was swayed by the tech-illiterate arguments of the prosecution and thus could not, or would not, prevent this travesty of justice. He's even posted here on
He had access to all the evidence, and had an explanation of how the law works rather than the interpretation of a computer user, expecting the law to work like a computer and have no flexibility in interpretation at all.
Article 4 Section II Clause 2 (Score:4, Informative)
2) Having been convicted, I would have run away. There are a lot of decent IT jobs in the Northeast..... almost 3000 miles away from the SF Government's reach. No different than running from Spain to Poland to start a new life.
US Constitution, Article 4, Section II, Clause 2:
"A Person charged in any State with Treason, Felony, or other Crime, who shall flee from Justice, and be found in another State, shall on demand of the executive Authority of the State from which he fled, be delivered up, to be removed to the State having Jurisdiction of the Crime."
You achieve nothing in your interstate flight but a quarantee of conviction on a new and stiffer felony charge.
You will be doing hard time even if your prior conviction is overturned.
Re: (Score:3)
Well... San Francisco gave his boss the authority to ask and receive those passwords. What the boss does with those passwords are between his boss and San Francisco.
Re: (Score:3)
Re: (Score:2)
What if you worked at a nuke plan and your boss wa (Score:4, Insightful)
What if you worked at a nuke plan and your boss wanted the codes over the speakerphone and you did not know if people on the other end where able to run the system and you know that your boss was not able to run the systems.
Re: (Score:3, Insightful)
"Boss, I can't give you those codes over speakerphone. Call me back on a regular phone and I'll give them to you.
Doesn't matter. It's his system. You hand over the codes. And if you truly believe he can't run it, you quickly drive out of the blast radius.
Re: (Score:3, Interesting)
Re: (Score:2)
SF's jail is in another city, in another county. I don't they they'd appreciate the influx.