We're fast approaching the one-year anniversary of Terry Childs' arrest for refusing to hand over the admin passwords to San Francisco's FiberWAN, and not much has changed. Last week, Childs was back in court for a hearing on a motion to reduce the $5 million bail that's holding him in jail and to argue a motion for dismissal.
Unlike the last few court appearances that have lasted only long enough for a postponement, this hearing actually had some staying power. For three hours, the prosecution and defense argued their cases, with apparently active participation from the judge. The end result was another continuation until June 17 for more arguments.
[ Follow the Terry Childs saga in InfoWorld's special report: Terry Childs: Admin gone rogue | Cut straight to the key news for technology development and IT management with our once-a-day summary of the top tech news. Subscribe to the InfoWorld Daily newsletter. ]
It seems that this case is going to ride along the interpretation of several rather vague California statues concerning computer crime. For instance, Penal Code section 502 states: "'Computer services' includes, but is not limited to, computer time, data processing, or storage functions, or other uses of a computer, computer system, or computer network." This doesn't explicitly define administrative access as a service, which is the crux of this particular issue, and that section seems to be specifically discussing non-administrative action, as in someone who illegally accesses computing resources, not the person who was employed to do so as part of his or her daily responsibilities.
And that calls into play another definition in the statutes: "Subdivision (c) does not apply to punish any acts which are committed by a person within the scope of his or her lawful employment. For purposes of this section, a person acts within the scope of his or her employment when he or she performs acts which are reasonably necessary to the performance of his or her work assignment."
The only sticky wicket there would seem to be whether or not Childs' withholding of the passwords was reasonably necessary. There are arguments on both sides of that, but it's very subjective. It's absolutely true that divulging those passwords to persons who don't know what they're doing would be highly detrimental to the network, and thus meet that definition. It's been proven that Childs had no technical peers within the IT department; thus, essentially everyone he worked with could pose a threat to the network from his perspective.