I have almost finished a post that I referred to a few days ago, discussing the fact that the entire City of San Francisco network has apparently become a crime scene. Given that the city has demonstrated an almost complete lack of knowledge of its own network, maintaining the integrity of that crime scene would seem to be a significant challenge. I haven't finished the post yet, but I'll probably do so tomorrow.
It occurred to me yesterday, however, that the city may have actually already undermined its own case against Terry Childs. I'm not a lawyer, but this seems very basic.
[ Follow the Terry Childs saga with InfoWorld's special report: Terry Childs: Admin gone rogue. ]
In filing its opposition to Childs' motion for reduced bail, the city states that Childs had:
"installed 3 modems that were connected to the FiberWAN networks, two in the locked room he maintained and a third in a locked cabinet near his cubicle. Cisco engineers have indicated that the types of modems the Defendant installed bypasses logging, auditing, and security measures of a secured network. Further, anyone can gain access to the network by dialing into these unsecured modems, risking the security of the network."
These are very important statements and they raise two very significant questions:
1) If "anyone can gain access to the network by dialing into these unsecured modems," then why didn't the city do that, and gain access to its network prior to Childs releasing the passwords to the mayor?
2) If "anyone can gain access to the network by dialing into these unsecured modems," then the entirety of the "virtual" evidence the city has against Childs should be thrown out of court -- they have admitted that the "crime scene" has never been secured and that "anyone can gain access." In other words, anyone could have dialed into the network and deleted startup configurations or done any number of things -- and the city cannot prove that it was Childs, since it has already stated that "anyone can gain access", and that this apparently "bypasses logging, auditing, and security measures". Thus, there are no logs or records available. At the very least, this could be considered reasonable doubt.
In a "normal" criminal case, the crime scene would be secured and no evidence could or would be accessible by "anyone." Failure to secure the crime scene would taint any evidence gathered there. Picture a homicide crime scene where "anyone" could be walking around, touching, altering, or removing evidence. That's apparently what we have here.
Obviously, this doesn't even take into account the fact that the city has already proved to be more of a security risk to its own network than Childs -- until the city released functional VPN group names and passwords into the public record, the city's network had been performing normally. After this event, the city has apparently shut down VPN access -- the first time since Childs' arrest that some portion of the network has gone down -- and the city did it to itself.
In any event, I'd love to hear opinions on this from those who might be able to shed some legal light on my thinking.