My main concern on the Childs matter is that the case against Childs may be built around a profound lack of understanding of the technology involved. To those outside of IT, a statement in court that the defendant "was watching everything on the network, including information regarding city government, the police, and private emails between government officials" sounds extremely sinister. However, the reality of that statement is far more likely to be that the defendant operated an IDS on the network for security purposes. Nobody in IT would think twice about it, but a jury packed with people that have no real concept of how computers and networks function, much less how large networks are built and maintained might have a different view, regardless of reality.
Recently, I received a very well written email regarding the Childs' case. The author wishes to remain anonymous and his words are his own, though they do channel the vast majority of the emails I've received on this subject. I thought it quite well put.
I have been working on computers since before the P.C. was invented. I have also been engineering networks since the thick net days. I'm not saying I agree with what he did, but a lot of it looks like a dedicated (slightly paranoid) admin who did not want anybody to screw up what he considered to be his baby.
1. The only access to the core devices was from a terminal at the Hall of Justice. - Hmmmm…. I need to have an access point to get the core of a city-wide network that is being de-centralized. Where can I put it that is safe. Maybe at the police department? It would take some big brass ones to break in there and try to access the core….
2. He photographed the individual that was removing devices from desks in an unannounced, after-hours audit. - If I am rubbing people the wrong way at work, I am going to want evidence of what was happening if I get drug in front of a review board.
3. He had the routers set to self-destruct on a reboot. - No, he was just overly paranoid. You and I both know you cant remember the configs for the routers in our heads. He has them somewhere so that he can reload them. I am pretty sure that in the past few months he has had to reload at least one device and I can bet he didn’t do it by hand. Not sure why he wont tell them where he keeps them though.
4. All of his data was stored on encrypted devices. - So is mine. Not because I'm hiding anything, but because it is a requirement from central IT. The drives are encrypted. Big whoop. Generate the override key on the servers and get the data (He wasn't a server admin so I am assuming some other admin has the ability to override the keys)