3 of 4 Charges Against Terry Childs Dropped

phantomfive writes "Terry Childs, who was arrested nearly a year ago for refusing to turn over the passwords to San Francisco's FiberWAN network, has been cleared of three of the four charges against him. The dropped charges referred to the attachment of modems to the network; the remaining charge is for refusing to turn over the password. The prosecutor has vowed to appeal, to have the charges reinstated. We have the original story, and the story where Childs tells his side, for those who want a refresher."

Re:Great!

[pushf popf]

All he needs is written authorization from the city to turn over the passwords to whoever they say. Any other refusal just makes him a dick and he belongs in jail.

As an ex-employee, it's no longer his call as to "who gets the keys"

Excelent way to link to that interview.

[MartinSchou]

Link to an old Slashdot story that then links to an archive page that doesn't even have the word Childs on it.

You have to go to page three of the archive to find the bloody interview [infoworld.com]!

Why the hell is it so difficult to provide direct links to the actual articles?

Charges were not dropped...

[Anita Coney]

I don't have to read the article to know that. If the charges were dropped, the prosecutor would not be vowing to appeal. When a judge gets rid of charges, they're dismissed. When a prosecutor voluntarily gets rid of charges, then they're dropped.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Pathetic accusations

[walmass]

IIRC, he allegedly changed the Cisco configs but never saved them on NVRAM. You can power-cycle Cisco devices and have a 60-second window to get in without knowing the password [cisco.com] That was the big problem.. had he saved the configs to NVRAM, the City could have just power-cycled the devices during a maintenance window, gone in and reset the passwords. But the configs being only in volatile memory meant that if they tried that, the boxes would have lost the config, resulting in the "full system failure"--they City network would have gone down.

He did everything by the book

[dbIII]

Here's a chunk of the SF password policy, shamelessly taken from a post by Jeana Pieralde at http://www.burbed.com/2008/07/15/terry-childs-and-the-san-francisco-fiberwan-computer-network/ [burbed.com]

"Password Policy"
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.

All passwords are to be treated as sensitive, confidential County information.

Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your passwordwhile on vacation."

http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf

So announcing it at a meeting was right out.
The person that should have taken this all into hand and resulted in a normal dismissal instead of an arrest is Chris Vein. He was originally an accountant but many CIOs are and some manage to pick up management skills and familiarity with technology along the way.
Here is what http://blogs.zdnet.com/BTL/?p=4692 [zdnet.com] says about him:

San Francisco's CIO Chris Vein calls himself an "accidental CIO." His background includes working in and around the White House during Reagan, Bush and Clinton administrations. For the city of San Francisco, Vein's political background has turned out to be an important asset.

It's still possible he got there by merit, but it starting to look like a political appointment. On his linkedin page he describes himself as "Delivering strong and effective leadership", which often means someone that fires people for no good reason to show they are "strong" but maybe I've just seen too many bastards in action that like that word. These things may give an insight or maybe not, but the end result of getting the police involved in a workplace dispute demonstrates to me that he is not paticularly effective, let alone the situation where there was only one person that could do the job. BTW San Francisco, do you have your free WiFi from 2006 yet? If not you now know the name of the guy that was in charge of delivering it.

The lesson to be learned

[raybob]

for sys/net admins is to keep in the back of your mind that your actions can be scrutinized somewhere down the line, even if you are the most conscientious, morally upright employee.

If you work in an environment where you are the key technical resource, and others don't have the chops to safely manage the systems you designed/built, you still need to be sure that you put mechanisms in place to track access first, and then you need to provide equivalent access as agreed with management, to other administrators. Since you have the tracking mechanisms there, you can unravel who did what if there is an issue.

I know that it's hard to do this if you work in a hostile environment, or one where people are defensive about their jobs. This is especially true if you are the lead or only techie with the skillset to safely operate in the environment. But without being too paranoid about it, try to inform management as to what you're doing occassionally, track access of yourself & others (if you exclude yourself by using other means of authentication or access, you won't have a leg to stand on, since your actions weren't logged and you could have 'hidden' them).

Try to foster a trust environment with your peers, help them along in becoming competent while giving them access appropriate to their skillset (but make sure others know they are accountable for their actions), and you would improve your chances at exonerating yourself if the PHB's ever start pointing the accusing finger at you.

Re:Actual crime

[dbIII]

I withdraw my wild accusation. The security officer was promoted internally to the post and when she rang the CIO to complain about being caught doing what she was previously not authorised to do it doesn't mean she knew him personally. It's looking like office politics that has been mismanaged so badly that it has been allowed to escape into the legal system with some incredibly wild claims to stop it looking like an over-reaction, just triggered by an employee that wouldn't do what he was told without a reason. The secret promotion thing was just too weird, I would expect at least an email saying "your new computer security officer appointed today is X, please assist her in her work" instead of secret security audits by someone secretly assigned to the position. That shows a both a spectacular level of distrust of employees and poor management.
It really looks like he made someone angry and they decided to put him in jail in revenge.

Re:Witch hunt

[Anonymous Coward]

high bail does not mean witch hunt. Bails in US court systems are generally broken, with more minor crimes often having legally required higher bails than more major crimes.

Also, please look up the definition of "witch hunt", and of "scape goat". In a witch hunt, there would have been little to no chance of a finding fo innocence. With a scape goat, it doesn't matter whether innocence or guilt is found, only a temporary person on which to pin blame until the issue fades by the wayside and the true screw-ups can slide by without getting caught.

Re:1M bail and 1yr in jail...?

[Zombywuf]

He didn't say he'd forgotten it because he was simply doing what his job description told him to do. He was called into a room with a dozen people he didn't know, he refused to hand over the password to these people. When a single person (the mayor) who was authorized to know the password asked for it, he handed it over without hesitation.

Re:Why isn't he turning over the passwords?

[dbIII]

He gave them to the Mayor in person not long after imprisonment. That would be approximately a year ago.

Re:Great!

[Anonymous Coward]

You failed to realize that in fact he stated that he would give the passwords to the mayor, which he did.

Re:Why isn't he turning over the passwords?

[phantomfive]

According to another poster, it was against standard policy [slashdot.org] to give your password to your boss. Apparently he was only supposed to turn the passwords over to the mayor, and no one else. In any case, if someone requests your password, you should only give it after they request it in writing, then you have evidence of the event in case something happens.

It's been a year already?

[synthesizerpatel]

Really the classic bit of this story is how the prosecutors included a list of usernames and passwords in their court filing which couldn't have been a better home-run for the defense in terms of 'See what happens when you give the passwords out to these idiots?'.

A year of his life gone though.. This should be a cautionary tale for any IT person.. When things get so bad that you're angry and not making good decisions.. just quit. Find somewhere else, relax. A job at burger king is better than going to prison.

Re:Overzealous prosecutors

[Anonymous Coward]

It's a little known fact that prosecutors cannot be sued for anything they do in court [reason.com] to a defendant.

Thankfully, this is little known, because it is false. Prosecutors can be sued for malicious prosecution, which in most jurisdictions requires a final dismissal of the action and a showing that it was brought by the prosecutor knowing that the charge was groundless. The link you supplied says that they cannot be sued in 1983 actions (a civil rights action against a state actor in federal court), which may be true as far as it goes, but it hardly represents the sole theory of liability. Also, as a profession prosecutors can be disciplined by the ethics committee--for example Mike Nifong, the prosecutor who made the rape allegations against the Duke students, presumably for political ends, was disbarred.