I read the latest defense filing in the Terry Childs case over the weekend, and was struck by some new information presented there, specifically related to the circumstances under which Childs was asked for the FiberWAN passwords. It sheds light on why Childs may have withheld the password to the city's WAN.
An excerpt from the filing by Childs' defense attorney:
On July 9, 2008 and at all relevant times, Richard Robinson was the Chief Operations Officer of DTIS [the San Francisco Technology Information Services Department]. Defendant unwittingly found himself at a meeting with Robinson in a room at the police station at the Hall of Justice. Present at that meeting were Lt. Greg Yee and Vitus Leung from the City's Human Resources Dept. Waiting outside the room but joining the meeting midway was Inspector Ramsey. The meeting was unorthodox and short on civilities. Defendant was told that he was being reassigned and was asked to disclose the FiberWAN passwords in addition to other passwords. There was no advance notice to defendant of this request. The surrounding circumstances of this request were unnerving and troubling to defendant at best. He resisted this surprise request to disclose the passwords to the FiberWAN, telling Robinson that no one was qualified to have the passwords. Under the pressure of the situation, defendant gave password information that could not be validated. During this exchange wherein defendant was questioned regarding the passwords, a speakerphone was on the desk in meeting room and people were listening in on the other end of the phone connection in a different part of the City.
In this statement, the defense asserts that those present during the questioning were simply not qualified to hear the passwords. This impromptu meeting took place at the police station in the Hall of Justice, not in the DTIS offices, and Childs was brought there while in the building doing work on the FiberWAN. Those present included various members of the San Francisco Police Department, representatives from HR, and an unknown group of people on the other end of a speakerphone.
If this is true, then his refusal to divulge the passwords becomes a lot less problematic from an ethics and security standpoint. You don't give up the master keys to a seemingly random group of people, including those that don't work in the department and some unknown others on the phone.
To think of this another way, you might not have a problem giving up your Social Security number and debit card PIN number to a bank employee while you're in their office conducting business, but if there were a half-dozen other people in the office too, listening to the conversation, you would certainly think differently.
Up until now, I'd been under the impression that Childs' refusal to divulge the passwords occurred during a private discussion or meeting with his boss -- not in a situation like this.
An apt analogy for this situation might be nautical in nature. While a ship is at sea, the ship's captain is the boss -- no matter that he may be outranked by others on board, he alone controls the ship. The captain doesn't own the ship, but to protect the ship, crew, and passengers, he accepts all responsibility, and in accordance, his word is law.
If you picture Childs as the captain and San Francisco's FiberWAN as the ship, Childs was acting in accordance to that idea. It's not a bad comparison. Childs didn't own the FiberWAN, but he was paid to build, maintain, and operate it. He alone was responsible for the proper operation of the network, and accepted all responsibility for it. It's likely then that he felt that divulging the passwords in that scenario could significantly undermine the proper operation of the FiberWAN, and thus refused to do so. To complete the analogy, you might say that he was on the receiving end of a mutiny, and made to walk the plank. You can't say he went down with the ship, however, since the FiberWAN was fully operational throughout.
Also, who would have received the blame if someone in that room had used that information and caused problems on the network, either inadvertently or by design? Given the technical naïveté displayed by the SFPD and the district attorney's office in this case, it's highly likely that they would have gone after Childs. After all, this is the group that believed he was tampering with the network when his DTIS-assigned pager went off with a notification from "What's Up Gold."
As any network administrator will tell you, the leading cause of network problems is human error. If you limit the number of humans that have access, you necessarily limit the problems. It's not just best practices, it's common sense.