SF's rogue admin finally gets day in court Terry Childs finally went to court yesterday, as prosecutors accused him of being a rogue employee who locked the San Francisco city government out of its own computer network. Childs' lawyers disputed this picture, saying he was a man who'd zealously guarded the network's security, and only flipped out because city officials …
A trial by peers in this case should include tech people in the jury. It's pretty clear that anyone from the "general public" would not have any understanding -- or desire to understand -- even the simple IT issues that will be raised in this case. Most likely he will be judged based on the juror's previous experiences with IT people (which for most of them is probably some guy at Best Buy or phone support from a long way away), instead of on the merits of the case.
Jury trial the world over has shown that people can understand complex technical matters of which they have previously had no experience, when these matters are properly presented. Most fraud trials or trials involving complex forensic evidence would fall into this category - This is why we have expert witnesses, not people who know a bit about the subject in question sitting on the jury and steering it.
I’ve lost count of the times that I’ve fixed friends computers because “someone who knows about IT” attempted to change something or fix something for them, now consider the consequences of that person being on a jury? A juror must be steered by the defence and prosecution, not their own area of knowledge no matter how much they know. In this case knowledge of computing and networking should probably preclude a potential juror.
You hire a team to upgrade your network for improved speed and security and then you implement good logical security for your network then the people do not abide by these new rules?
A. Fire the people who had him aressested.
B. Give the man his job back with back pay.
C. Fire the people who were under him who also did not listen to him.
Wow for a people not to follow procedure are just a bunch of lemmings waiting to run off a cliff.
Good job!
Do the good fight you network admins!
If the jury are unable to comprehend the arguments or facts of the case, due to being ignorant, stupid or lazy, they ought to be replaced. Rolling your eyes up to the ceiling because you can't handle the details is not on - your duty is to sit and listen so that justice can be done.
If they can't make a convincing argument how the hell is a jury supposed to know who was right? Are you supposed to be able to make a totally unconvincing argument and still win?
Based purely on the information provided in this article, my assumption is that he is indeed guilty (sounds like his lawyers are clearly using a BS line), whereas others here seem to think the guy should be knighted. Odd that ... maybe one actually needs to leave one's prejudices at the door and hear all these arguments (i.e. be on the jury) to make a real decision.
City - idiots
Admin - idiot
they tied the knot and then realized they weren't even speaking the same language. How big a mess can that make. They'll probably find him guilty and sock him away for 10 years with no time off for the year already in jail. what? no bond posted. WTF's with that?
Could you get a few more facts in articles like this? You know, ones about IT people?
"... only giving up his master password after he'd been sat in jail for a week." When he was visited by a higher-up in the local gov and quite outside his immediate deluded management. Happy to be reasonable with reasonable people, yes?
"... and which held a treasure trove of info including police records and payroll." Oh dear, no dear, the network is them wire thingies which connect boxes together. Shake 'em all you want, nothing is going to spill out. It's the boxes that have important things in them. And the boxes remained talking to the people who needed access to the data, just not to the people who didn't need access, like his management. Sounds 'bout right, yes?
"Computer tampering charges were thrown out earlier this year." Along with other 'charges', yes? Now they're in it purely for the face-saving, and for not having to be blamed for the $100k's in contractor 'costs' to 'recover' from the 'outage'.
You want to talk about ""They can't screw with me. I've got the keys to the kingdom."? Think about his management, holding a whole city hostage to exact revenge. The city has to cooperate or else... Hey, who's not going to believe "oh that data was lost by accident"? After all, _they_ certainly couldn't be charged with a crime for being incompetent. Only the competent need fear...
"Childs allegedly swallowed the keys"
" only giving up his master password after he'd been sat in jail for a week."
Sjeez, no practical understanding of medicine these days.. Any strong laxative would have speeded this up no end, with the added benefit of helping against any persistent coughs(*).
Yes, yes, the one with the bottle of Norit in the pocket, ta.
(*) after a strong laxative you wouldn't *dare* cough..
There's not much to this trial. Two months? It should be over in a couple of hours. He built a network then set a password and then didn't disclose it in over an open phone line. that's understandable, but he could have written it down and put it somewhere accessible to a select few (in a safe in a sealed envelope). Yeah, he's probably guilty of not going the extra step to make sure that he wasn't the only one with the password. He might have been the only qualified person to handle the network, but that doesn't mean that the city couldn't hire a consultant if he (childs) got hit by a bus as soon as he walked out the door after setting the password. Its just common sense. If anything, Childs is guilty of being childish and stupid. I'll be the penalty is less than the time the guy has already served waiting for the trial to start.
I have over 10 years experience as a network and system admin. Never be the only one with the password. You might not be around 10 minutes from now and someone is going to have to takeover when you're gone.
I was recently the defendent in a not particularly pleasant and rather complex case. The Jury were as average a cross section of people as you could imagine but they used sense and found me Not Guilty.
I have absolutely no faith in the Police and CPS et all but the public in this instance were bang on.
An interesting double standard is illustrated here. This man used his specialised knowledge as a method of job security (and who in the IT biz hasn't seen someone doing the spaghetti-code pension plan in every job they've worked in?), a loathsome practice that should carry high penalties.
And yet.
Over at the larger financial houses we find the idiots who navigated the entire national economy, some would say the *world* economy, onto the rocks, and were not only *given* job security, they were allowed to take "justly deserved" hefty bonuses. The grounds for keeping these humal offal on the payroll was that they were the only ones who understood the complex book-keeping involved in the day-to-day running of the businesses concerned. That is, they had arranged spaghetti book-keeping as a way to ensure job security.
So, doing this in the computer world merits jail time, whereas doing it in the financial world merits a multi-million dollar bonus reward. Hmm.
I've no insight as to what would be an appropriate punishment for the "hero" who wanted only to "protect" San Fransisco's tax-payers. I do think it's interesting how differently the same issue can be viewed in different industries though.
End users are usually completely and utterly incompetent, and it seems SF's mayor and staff below him are just as bad, but thats how governments roll isn't it?
Every time I give a new staff member a password so they can log in I always get "Can you make it a bit easier, like 12345 or pppppp?" and as someone who praises strong security policy and, if given the power, enforce far stricter password policies, this sysadmin should be paid millions in compensation for the stuff he's had to deal with. And also, if you place a privileged password in a safe, anyone with a restricted account that has access to that safe only has to take the account name/password for the privileged account and log on as that user so they can change their wallpaper or install MSN. If they bugger something up bigstyle as a result, who's head does it fall on? They're not logged in as themselves, so it falls on the person who owns the account, the sysadmin.
IT Technical staff are the ones that should be first on your christmas lists as the ones who manage to keep data safe, network functional and implement cost saving or competition beating network upgrades. The reason you don't have problems is because of the IT team, and when you do it's the IT support guy that comes out to you. IT staff should be given more job perks and benefits. Sod the end users who don't care for data security and blame someone else when their data gets wiped or distributed because they walked out the room without locking their PC for a few minutes thinking it'll be fine.
Management or staff who have nothing to do with managing the IT provision should NEVER EVER have any privileged access to the network. Doing so allows those staff to create problems that can affect the entire organisation and blame them on others rather than their own incompetence. Share data like passwords to privileged accounts between your own team, (you're not ALL going to die simultaneously, so long as you don't all get in the same car and the driver is a chav) and nobody else. Those with IT experience know their job, what it entails, and what data they are privvy to.
I mean, I have access to all the payroll, finance, information management system and literally everything. I don't go looking through it because it's nothing to do with me, but I'll do what is neccessary to protect it from end lusers.
Did anyone read one of El Reg's previous articles on how SF published the passwords Childs disclosed to SF's mayor for public record? Management are just as incompetent as end lusers.
I appluad this sysadmins efforts, and hope his court case against SF is a success.
I demand that SF STOP this action against a sysadmin doing his job, and doing it well.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
