Accused Rogue Admin Terry Childs Back in Court
We're fast approaching the one-year anniversary of Terry Childs' arrest for refusing to hand over the admin passwords to San Francisco's FiberWAN, and not much has changed. Last week, Childs was back in court for a hearing on a motion to reduce the $5 million bail that's holding him in jail and to argue a motion for dismissal.
Unlike the last few court appearances that have lasted only long enough for a postponement, this hearing actually had some staying power. For three hours, the prosecution and defense argued their cases, with apparently active participation from the judge. The end result was another continuation until June 17 for more arguments.
[ Follow the Terry Childs saga in InfoWorld's special report: Terry Childs: Admin gone rogue | Cut straight to the key news for technology development and IT management with our once-a-day summary of the top tech news. Subscribe to the InfoWorld Daily newsletter. ]
It seems that this case is going to ride along the interpretation of several rather vague California statues concerning computer crime. For instance, Penal Code section 502 states: "'Computer services' includes, but is not limited to, computer time, data processing, or storage functions, or other uses of a computer, computer system, or computer network." This doesn't explicitly define administrative access as a service, which is the crux of this particular issue, and that section seems to be specifically discussing non-administrative action, as in someone who illegally accesses computing resources, not the person who was employed to do so as part of his or her daily responsibilities.
And that calls into play another definition in the statutes: "Subdivision (c) does not apply to punish any acts which are committed by a person within the scope of his or her lawful employment. For purposes of this section, a person acts within the scope of his or her employment when he or she performs acts which are reasonably necessary to the performance of his or her work assignment."
The only sticky wicket there would seem to be whether or not Childs' withholding of the passwords was reasonably necessary. There are arguments on both sides of that, but it's very subjective. It's absolutely true that divulging those passwords to persons who don't know what they're doing would be highly detrimental to the network, and thus meet that definition. It's been proven that Childs had no technical peers within the IT department; thus, essentially everyone he worked with could pose a threat to the network from his perspective.
But this all goes back to trust. Trust in admins of this level is an imperative. Lack of that trust quickly leads to problems from either side, which would seem to be a mutual issue with the Childs case. Let's not mince words -- there's a reason that ThinkGeek sells T-shirts with "I read your email" emblazoned on the front. IT admins can read your e-mail. They can also sniff packets on the network and watch what you're doing on your computer. This access is not only normal, it's generally required for troubleshooting and normal network monitoring tasks. Of course, most admins are far too busy and far too uninterested to take advantage of this access, and they're trusted to not abuse those powers.
The same is true for other positions, such as police officers. A police officer can obtain driving records and court documents on just about anyone. Doctors and nurses can call up anyone's medical records. There may or may not be an audit trail for those actions, but the access is there. This is also the case for network and system admins. It's simply a necessity -- no more, no less.
However, Terry Childs didn't have that level of access. It's possible that he could have been sniffing packets on the network, but I would have expected that a sniffer would be in place somewhere for monitoring purposes, possibly more than one. He didn't have access to e-mail, storage, or any higher-level services on the network, however, and I'm not aware of any evidence that he ever tried to gain that level of access.
So after nearly 11 months the case remains open, Childs remains in jail, and I still believe that this is a case of internal politics gone horribly wrong.