So after I wrote about the San Francisco network hostage situation yesterday, I started thinking a bit more about this situation. Based on all the data I've found in the press, it certainly appears that Terry Childs changed the passwords on some number of network devices within the city's network. If there's more to this story (such as the rumors that he was a DBA and this was an Oracle sabotage job), then we move into a completely different ballpark. As it stands now, using the information publicly available, what Childs has done could be considered a juvenile prank, not an attempt to sabotage the network and cause real damage.
Again, we're assuming here, but even if we remove the specifics and make this a hypothetical case, there are many, many miles between changing the passwords on the core and edge switches and, say, dropping a dozen databases.
Unfortunately, to the public at large, there isn't much of a difference. To a normal computer user, the phrases "he maliciously altered the AAA mechanisms in the city's network to prevent access" and "he issued queries damaging to city data repositories" are basically the same thing. Of course, they're miles apart in damage done, but to folks who struggle with spyware and anti-virus tools (and sit on juries) they might as well be the same thing.
In a comment on my previous post on this issue, a user name 'der golem' summed it up nicely:
"Okay, I won't pretend I understand everything you wrote here, but there is something really alluring and provocative about tech speak."
"Alluring" might not have been the word I would have chosen, but the point is that the law deals with common crimes like theft with offense levels. There's petty larceny and grand larceny, for instance. What Childs did may actually violate any number of other laws, possibly even anti-terrorism laws since it involves a city government. If all he did was change those passwords, then it's likely that he'll be charged with crimes that don't match the events, simply because the case centers around a computer network.
Sten, another commenter on that post, had another point of view (and one that's quite common):
"Entelleghent [sic] mangers always love exaggerating the actual proportions - it's a management trick they call "risk management" - you pretend to have a huge problem; if the problem is small and solved fast - you're a genius hero; if the problem turned out to be complex - you can say 'I told you so'"
This is definitely true -- underpromising and over-delivering aren't bad things, necessarily, but for city government officials to do so publicly, while the man accused of the crimes is in jail isn't really appropriate.