Childs' attempt to protect the network password gone awry?
Would you give root-level passwords to a room full of people you didn't know? That may have been San Francisco's untenable choice to its notorious network admin.
Follow @pveneziaI read the latest defense filing in the Terry Childs case over the weekend, and was struck by some new information presented there, specifically related to the circumstances under which Childs was asked for the FiberWAN passwords. It sheds light on why Childs may have withheld the password to the city's WAN.
[ Get the full scoop on the Terry Childs case. | Read InfoWorld's jailhouse interview with Childs. ]
An excerpt from the filing by Childs' defense attorney:
On July 9, 2008 and at all relevant times, Richard Robinson was the Chief Operations Officer of DTIS [the San Francisco Technology Information Services Department]. Defendant unwittingly found himself at a meeting with Robinson in a room at the police station at the Hall of Justice. Present at that meeting were Lt. Greg Yee and Vitus Leung from the City's Human Resources Dept. Waiting outside the room but joining the meeting midway was Inspector Ramsey. The meeting was unorthodox and short on civilities. Defendant was told that he was being reassigned and was asked to disclose the FiberWAN passwords in addition to other passwords. There was no advance notice to defendant of this request. The surrounding circumstances of this request were unnerving and troubling to defendant at best. He resisted this surprise request to disclose the passwords to the FiberWAN, telling Robinson that no one was qualified to have the passwords. Under the pressure of the situation, defendant gave password information that could not be validated. During this exchange wherein defendant was questioned regarding the passwords, a speakerphone was on the desk in meeting room and people were listening in on the other end of the phone connection in a different part of the City.
In this statement, the defense asserts that those present during the questioning were simply not qualified to hear the passwords. This impromptu meeting took place at the police station in the Hall of Justice, not in the DTIS offices, and Childs was brought there while in the building doing work on the FiberWAN. Those present included various members of the San Francisco Police Department, representatives from HR, and an unknown group of people on the other end of a speakerphone.
If this is true, then his refusal to divulge the passwords becomes a lot less problematic from an ethics and security standpoint. You don't give up the master keys to a seemingly random group of people, including those that don't work in the department and some unknown others on the phone.
