InfoWorld Home / Adventures in IT / The Deep End / Terry Childs: Another Christmas in jail
December 14, 2009

Terry Childs: Another Christmas in jail

As we head into the last few weeks of the decade, Terry Childs heads to trial -- and prepares to spend another Christmas behind bars

| Print | 20 comments|
225 Recommendations

I haven't written much about the Terry Childs case recently, mainly because there's not much to tell. Childs is still in jail, his bail is still set at a ridiculous $5 million, and he still hasn't had his day in court. It's been nearly 18 months since his arrest for refusing to hand over administrative passwords to San Francisco's city network.

In that time, three of the four charges against him were dismissed, yet numerous motions for bail reduction have been denied, presumably because the judges are terrified of what they don't understand, and the DA is playing that up. Regardless of what you might think of Childs' culpability in this whole saga, I don't think there's anyone who could think that spending 18 months in a city jail without a trial is in any way a reasonable situation. Anyone involved in this case within the San Francisco city government and prosecutor's office should be deeply ashamed at how this case has (or hasn't) played out.

[ InfoWorld contributing editor Paul Venezia has led the way in reporting the bizarre case of Terry Childs. Consult our InfoWorld special report for a complete index of that coverage. ]

So what's the holdup? I wish I knew. It's probable that the DA has done no homework on the technical issues in play here and is instead more than willing to use the Frankenstein offense: It's different, so it must be killed. On the other hand, maybe the city did figure out just how ridiculous the whole scenario is but was too far down the line to pull back the reins and is continuing with the prosecution just to save face.

But almost guaranteed is the fact that the DA wants this to fade into obscurity and then get it over with. In the meantime, Terry Childs will spend yet another Christmas in jail.

But this Christmas may be different from the last -- opening statements in the case are set to begin on Monday, and reportedly Gavin Newsom, the mayor of San Francisco, will be called as a witness. You may recall that Childs gave the passwords to Newsom shortly after being incarcerated. That will certainly be some interesting testimony.

If you've been following this case at all, you'll recall that in the summer of 2008, this blog was filled with speculation regarding public statements made by the city and the general lack of a technical foundation. It then proceeded to get worse, with some comments seemingly made up out of whole cloth, put forth by those who lacked even a basic level of understanding of the technical nature of the case. The "1,100 modems" comment certainly comes to mind. That's died down considerably, probably because they would've had to hire a fiction writer to keep up the initial pace.

Related Content...
additional resources
White Paper - How to Improve Delivery of Advanced Web Applications

White Paper

Virtual Workforce: The Key to Expanding The Business While Cutting Costs

Get the independent advice and expertise you need to support a virtual workforce.

Go inside:
The three-step approach to making a virtual workforce a reality.
The four flavors of client virtualization technologies.
The three key initiatives that solve IT challenges.
Download now »
White Paper: Successfully Secure Your Wireless LAN With Wi-Fi firewalls.

White Paper

Addressing Linux Threats Leveraging Fewer Resources

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now »
White Paper - The 2009 Handbook of Application Delivery

White Paper

The 2009 Handbook of Application Delivery

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.

Download now »
White Paper - Is Your Backup System Outdated?

White Paper

Mid-range Storage Considerations

A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »
20 of 20 comments
Sign In or Register to comment
markjbenson 14-Dec-09 5:17am
2 replies
Compelling and worrying reading. Thank you for continuing to cover this. As a sys admin who has been put in less than desirable situations at the request of those who don't understand what they are asking for, I hope the case is dismissed when it comes to light that (from what I understand) all Terry Childs is guilty of is a lack of documentation (i.e. system passwords in a safe somewhere) and perhaps being a bit overzealous in refusing to disclose the passwords when asked for them. That said if I was ever in a simmilar situation I would be reluctant to divluge system passwords as I would hate to think of what chaos might be caused and then later blamed on me. As for trial by a jury of ones peers - originally that meant ones betters, and in this case I think that is essential. The jury should be his technical peers.
thebiggere 14-Dec-09 1:59pm
LOL! Spoken like a true admin their Mark. Give me a break. Why would you be blamed for chaos that might ensue after you gave up the system password? Simple documentation of the request in email with a confirmation from the superior would more than suffice.
lightyears 14-Dec-09 4:11pm

Thinking from the technical point of view one might hope this case shines the light on how security is not taken seriously and commonly and routinely misunderstood by upper level positions all the way to the city hall office but just like politics and the military, the person on the bottom of the food chain always receives the trap of injustice. It will take more that Mr. Childs to change the powerful chains of command that exist not only in city employment but private and military chain of commands.

Mr. Childs desperately needs a private law firm deeply versed in the technical aspects of engineering. All engineers will closely watch this case because the reality is that this could happen to anyone working in this industry anywhere in the world.

Finally the only fairytale hope for Mr. Childs is that he is dismissed of all charges and vindicated when he sues the city of san Francisco for more that 10 million and wins.

Erich Schmidt 14-Dec-09 6:48am
I am very glad you keep this story alive. The city's position is unbelievably ridiculous. I find it very disturbing how little understanding of even the most basic technical issues there is out there.

I had a similar though comparatively minor thing happen to me; a former client of the consulting company I worked for wanted my password (associated with my name -- a Lotus Notes ID). We explained that we could not do that, but that we of course would verify that they had comparable access given to any ID of their own that they wished. Even with that done (it was actually done before the consulting job was complete) they threatened repeatedly to sue. The company I worked for had to deal with that BS for months.
Regaug 14-Dec-09 1:19pm
And some wonder why our young people have little interest in going into IT or Computer Science anymore. They are often painted as greedy or lazy, but in fact, they are just being smart. They want a job where they are appreciated, they want a job where they can have a family life. You won't get either in the world of IT, my children. I wonder how this will affect their hiring? Why would any self-respecting IT person ever want to work for the City of San Francisco with the threat of this kind of treatment hanging over them?
RobWhite 14-Dec-09 1:20pm
Paul, Thanks for keeping this story going.
MahatmaGandu 14-Dec-09 2:05pm

I do sincerely hope that Terry Childs becomes independently wealthy as a result of his mistreatment in San Francisco. What I am concerned about as this has unfolded is where is the State and Federal governments to protect Terry's rights? Where's the ACLU? The $5 million bail amount is grievously excessive and is in gross violation of Terry's 8th Amendment rights. Isn't someone out there concerned about this?

LongHaul 14-Dec-09 2:17pm
1 reply

I too, am glad that someone is keeping tabs on this travesty.

As for the comment by TheBiggere, don't be so quick to judge. I am an admin and I have had the privilege of being brought up to date on a problem my team was never involved with AND being blamed for it all in the same meeting. We all have reason to worry, my friends.

thebiggere 14-Dec-09 2:35pm

My point is that there are really two issues here. Everyone seems to be considering them as one.

1. Authorization
2. Change management

It would appear that the person asking for the creds in this case did have the authorization to do so.

Whether the admin and/or you have a working change management process is a different question. Anyone who works in any area of IT makes significant decisions on a daily basis. Simple professionalism tells us that we need to document those changes such that when things go wrong, we have our a$$es covered. i.e. when someone comes into the room and blames you for taking down the corporate network, you pull out the email that documents their approval to do something that you recommended that they don't do.

I can't say that I'm closely familiar with the case in the article, but again, it seems here that the real issue wasn't addressed. The problem appears to be one where someone does have the authority to ask for the creds, but is not deemed to be of sufficient skillset to handle the keys to the kingdom. If this is the case, Mr. Childs should (and may indeed have) been pursuing that issue, not pissing everyone off by simply refusing to provide the creds.

pjbeee 14-Dec-09 3:36pm
1 reply
I an an IT professional, and here's my opinion on the matter:
If a superior with proper authority asks you for root/admin passwords, you make sure you obtain signed documentation stating the "cost" of mis-using the passwords, absolving you of any responsibility for security breaches that occur down the line, and GIVE THEM THE PASSWORDS. Your job is not safe no matter what, and job security is a very bad reason to withhold this information in any event. So why risk going to jail, unless you have an ulterior motive? I'm not accusing Childs of this, but let's get real here.
Regarding a contrary argument that went something like this: Would you give the keys to a backhoe to your supervisor if asked, even though he didn't have a backhoe license? Of course you would, though in that case there are clear legal procedures to be followed if said supervisor took it out for a "spin" and got caught at it. Only if the supervisor were drunk at the time would you want to withhold those keys - just like in real life. Ha.
Nuff said. Happy Holidays, and try and stay out of jail.
Regaug 14-Dec-09 4:12pm
Hmmm, you talk about getting real: I am also an IT professional, since 1988, and none of the managers I've worked for would have EVER signed such a document as you describe. They would have thought I was joking: "Ha! I'll sign your termination papers, but I won't sign that." It would have been "give me the passwords or else."
mpenhor 14-Dec-09 4:02pm
Totally agree. 18 months incarceration without trial in this situation should give us all cause to worry. Oh, and one other thing, Paul, how many weeks do we have left in this decade? A 'few'? If you consider 55 weeks a few, then I guess so. (When did the 21st century begin? Think about it!)
lightyears 14-Dec-09 4:20pm
Think about this Bernie Madoff stole 50 billion dollars! Now how many days did he spend in jail before his trial? Do you still believe our judicial system is just?
BigRonG 14-Dec-09 10:04pm
1 reply
If Terry had given those passwords to the political appointee who asked for them and they had brought down the network, it is very likely that he would have ended up in the same jail on similar but different charges. Only in that case, thousands or tens of thousands of citizens would have been inconvenienced or injured. What we all like to ignore is that our system depends on responsible adults being in control. Because we allow (in many many cases) irresponsible people who act like children to be in charge of vital pieces of our infrastructure. 9-11 is perhaps the most visible result of this type of deliberate ignorance. thebiggere, we must ask 'how many more must die before responsibility is respected and demanded of our politicians as well as our IT staff?'. CYA and passing the buck just isn't enough IMHO.
gunner@gulftel.com 15-Dec-09 8:59am
First off: I am SICKENED and APPALLED that after 18 months he still hasn't had a "real" day in court!!! How is this "due process" under anyone's definition of the term?!

But to my point: just to play devil's advocate - it seems everyone's going under the assumption that the act of Terry giving up those passwords will subsequently lead to the network going down or some other equally world-ending event. It's been proven that the network wasn't going down whether they had the passwords or not. That being said, since there's obviously no foundation in technical facts related to this case, had ANYTHING untoward happened to the network after he had given over the passwords (we're assuming her he had given them) then it's obvious it would have been automatically assumed HE had caused the problem. But nothing happened to the network.... it stayed up...
Elstubert 15-Dec-09 6:03am
I am an IT not a lawyer (that would be my sister) But I am pretty sure there is something about reasonable doubt. That being the case a jury that is not technicaly savy be unable to convict him? If they are not able to understand the technical aspect of the case shouldn't that preclude them from being able to remove ALL doubt. If they can't differenciate between good security policy and malicious activity how can they have anything but doubt? Just a thought
Scottyboyee 15-Dec-09 2:48pm
I've followed this case all along. There are elements that are similar to lawyer/client privilege and medical information confidentiality. After an initial conflict with management, where security staff were searching through his workspace unannounced, he was interrogated in a police facility without counsel present, and followed best practices for his profession by not divulging passwords to unqualified people. There are federal civil rights problems here that are not being addressed. Child's should have had a civil rights attorney filing a lawsuit at the inception. He could have a habeas corpus hearing to address the bail issue and violations of due process. He could also have a parallel civil suit that would put the city on the defensive. The relevant statute is the Federal Civil Rights Act, which applies when government agents act under "color of law" and violate one's basic civil rights. This is a simple case of big bully against the little guy, where people in power are trying to cover their own negligence and lack of management training by heaping the blame on a conscientious fall guy. They have intentionally abused the legal system and the "right to a fair & speedy trial" to sandbag this guy where he can not defend himself and acquire effective legal counsel. Assuming he is represented by appointed counsel, they are often former D.A.'s, friends with the city and opposing attorneys, and along with the judge, probably all go to lunch together and make jokes behind the IT's back. Because these type of attorneys have such a huge caseload, they rarely go out of their way to research other options or take steps that require a huge workload. He should get a private law firm, and also file the civil suit as suggested. Just another example of how flawed the American legal system really is...
twessels 30-Dec-09 2:59pm
I've followed the Terry Childs matter almost as long as Paul has and it is curious that Mr. Childs has been held so long in jail without having had his day in court. His $5M bail does seem excessive and should have been reduced by the court a long time ago. Mr. Childs has been in prison before but not while working as a network administrator for the City of San Francisco. I think the whole affair has been exceedingly embarrassing to the City of San Francisco, which may have spent upwards of $1M to investigate and fix what Mr. Childs implemented in his "management" of the city's WAN routers. Mr. Childs was operating as a rogue network administrator, and it would not have been possible for him to do so if the city's IT managers were not derelict in their supervision of Mr. Childs. I have yet to hear of any IT managers being sacked by the city for their mismanagement in this affair. Seems to me that someone besides Mr. Childs needs to lose their job over this one.
Samuel_Clemens 24-Jan-10 2:44pm
Sleight of hand and all good cover-ups require misdirection. The subject of the misdirection doesn't necessarily need to make sense and in fact, the more perplexing the more likely it will distract. "Jeana Pieralde was recently appointed to the also recently created position of network security manager. Her job was to create a security policy, which would then be reviewed by the city's Committee on Information Technology (COIT) and perhaps eventually made official and then implemented. Its still in the review process. So why was Jeana Pieralde conducting an unannounced, after-hours security audit in DTIS offices in which she did not work on June 20th, 2008? There is still no official policy to implement, nor to determine compliance with or lack thereof, so what was the purpose of the secret security audit? And why did Jeana Pieralde remove a hard drive from the office of DTIS Security Officer Nancy Hastings on that evening? (Because of which she was photographed by Terry Childs as she was taking the hard drive.) And why was Nancy Hastings, who had been a DTIS Security Officer since at least 2002 (and thus clearly had seniority over Jeana Pieralde) subsequently laid off by DTIS management? It was during the secret "security audit" on June 20th, 2008 that Jeana Pieralde complained to DTIS Deputy Director Rich Robinson who then brought in the police, ostensibly because Terry Childs made "threatening statements" to Rich (purportedly "I'm ready for you, Rich, or I can come up to your office".) Terry has not been charged with any such crime nor any crime even remotely related to threatening anyone. The police inspector, James Ramsey, then proceeded to investigate from June 20th, 2008 through July 10th, 2008 and eventually determined that Terry Childs, who was being paid to administer and secure the network routers, was guilty of a violation of California Penal Code subsection 502 which covers "Unauthorized access to computers, computer systems and computer data"." From: http://discuss.itwire.com/viewtopic.php?f=18&t=6110&p=23164 Where is Jeana Pieralde now? http://www.spoke.com/info/pC6mY0S/JeanaPieralde
SFAdmin 28-Jan-10 3:35pm
I manage a medium-sized network for an organization here in the city. We have a formal protocol - everything is documented, we have a management triage process with full Administrator access, and stand-by outside vendors if needed. They trust me to engineer and administer the network, and I trust them to be professional and careful in the event of emergency. The assets we protect do not belong to us, and if someone comes along and mucks things up that's why we have tricks up our sleeves as contingencies. Child's biggest mistake in my eyes is he got caught up in playing a game of brinkmanship. With his resume, he had plenty of wiggle room if his city gig didn't pan out. As for $5 million bail - a recent case of murder for hire in Maryland was set at $750k. Something stinks in the SF D.A.'s office if "flight risk" is their justification for 18 months in the county jail without resolution.

Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

©1994-2010 Infoworld, Inc.