Terry Childs, a former network administrator for the city of San Francisco, was convicted Tuesday of a single felony charge of denying computer services.
Childs had worked at the city's Department of Telecommunication Information Services (DTIS) and was the main engineer and administrator of the city's FiberWAN, which according to the San Francisco Chronicle "maintains about 60 percent of the city's law enforcement, payroll, and jail-booking records." In July 2008, Childs' was arrested after refusing to turn over FiberWAN passwords to city officials.
During the 6-month trial, prosecutors argued that Childs was worried about being let go from his job and wanted to make himself indispensible. The defense countered that Childs refused to turn over the passwords because the individuals requesting them lacked the appropriate authorization. In an IDG News Service article, Robert McMillan described a conference call with Cisco engineers where Childs was in a room with Richard Robinson (Chief Operating Officer of DTIS), an HR person, and a police detective. According to McMillan, Childs was asked to hand over the passwords during this meeting, but instead turned over "bogus" ones.
Even after his arrest, Childs refused to surrender the passwords to DTIS personnel. After 12 days, San Francisco Mayor Gavin Newsom visited Childs in jail and was able to get the passwords.
Understanding the verdict and a juror's description
In November 2008, I wrote about the case after a few TechRepublic members took me to task for describing Childs' actions as "hijacking" during the introduction for my TR Dojo video, "Five ways to keep your own IT staff from stealing company secrets." In my response I asserted that "Childs' act of holding the group names and passwords from their legitimate owners (senior DTIS officials) amounts to seizing the network by threat of force-one definition of the word "hijack"."
From what I've read of the case (including juror comments made after the trial), lack of adequate network administration policies and bad management by DTIS officials contributed to the situation. But, the fact remains that the jury, who weren't unsympathetic to Childs' situation, had to apply the law.
According to California Penal Code Section 502(c)(5) any person who "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network" is guilty of a public offense. There is an allowance in the law for acts committed within the scope of a person's "lawful employment."
In an interview with IDG, Jason Chilton, Juror #4 and a CCIE and senior network engineer for ADP, summed up the decision:
Essentially, one of his [Childs'] job duties was to allow the network to be maintained. So when he went into that meeting on July 9th, he was told he was being reassigned, therefore he was not going to be working on the FiberWAN any more. Somebody has to get access, and he refused to provide that. So he's leaving this very critical network in the city's hands, but saying that nobody can maintain it.
Also telling is Chilton's description of the meeting where Childs was asked to turn over the FiberWAN passwords:
I think he went into that meeting probably thinking he was being fired. ... And I think he left that meeting honestly thinking, "OK, they're going to try to get into this network and they're not going to be able to." He even sent an email the next day, saying, "I know you all are trying to figure out how I can get into this network." So he knew nobody else could get in, and I think he had the assumption that they would say, "We need you back to maintain this network." And that obviously did not happen.
More information about the case against Terry Childs and the verdict:
- Terry Childs Juror Explains Why He Voted to Convict (IDG News Service via PCWorld)
- Rough justice for Terry Childs (InfoWorld)
- Terry Childs Found Guilty (Slashdot)
- Ex-S.F. tech guilty of walling off city system (San Francisco Chronicle)
- Terry Childs Convicted of Locking San Fran out of Network (eWeek)
- Refusal to turn over passwords amounts to hijacking (TechRepublic)
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.