By now, you've probably heard that Terry Childs was sentenced to four years in prison, as a jury determined that he violated a California statute regarding denial-of-service attacks. Childs has already spent more than two years in jail at this point, so it's likely that he will serve four to eight more months before being released, but there's no guarantee of that.
No matter how you feel about this matter, it should be clear that this sentence is unduly harsh, and the amount of time Childs spent in jail before the conviction is appalling. The wheels of justice turn slowly indeed.
There were several factors in this case that led jurors to convict Childs, but the most significant issue to me is that the San Francisco FiberWAN network that he administered suffered no outages or problems during the course of this bizarre case, with the exception of the VPN outage that occurred when the San Francisco DA's office inexplicably placed a list of active usernames and passwords into the public record, resulting in downtime to change all those passwords. Yes, Childs withheld the network's passwords in an apparent dispute with his boss, but no actual damage was done.
Worse offenders -- even murderers -- get less jail time than Childs
Consider then, the case of Steven Barnes, the former IT manager for Blue Falcon Networks in San Mateo, Calif. Barnes was convicted of sabotaging Blue Falcon's IT infrastructure in 2008, receiving a sentence of one year and one day in prison and $54,000 in restitution to the company. While Childs' actions caused no disruptions, Barnes deleted all company email, caused the email servers to spew out spam, and intentionally crippled at least some servers, rendering them inoperable. He received a much lighter sentence than Childs -- and in the same court district.