On Friday, more than a year after Terry Childs's arrest, the judge in the case threw out three of four charges against the former network admin for the City of San Francisco. The three dismissed charges were related to the modems that the prosecution claimed were clandestinely placed by Childs in order for him to control the network remotely. As I've been saying for the last year, these charges were simply ridiculous -- the modems used by Childs in this case were standard operating procedure for any network admin worth their salt. In fact, Childs would have been derelict in his duties if these modems weren't present. Finally, reason prevailed, and the charges pertaining to the modems were dismissed.
But one charge remains: the charge that Childs violated a California statute regarding illegal denial of service for the San Francisco FiberWAN. This is a sticky wicket. The statute was originally conceived and written to provide a legal platform to prosecute crackers who might bring down computing resources for the purposes of vandalism, profit, or other chicanery. The statute was meant to address a third party who knowingly disturbed and compromised the normal operating status of a computer system or network.
The statute could address a cracker who organized a DDoS attack against a Web site or one that surreptitiously and illegally gained access to a server and crashed it, altered it, or otherwise interfered with the normal operation of that network or system. But can that statute apply to someone who was hired and paid by the government to build, maintain, and repair that network, especially given that no damage was done, no resources were denied to any employee, and the network suffered no downtime?
One could say that yes, Childs' refusal to divulge the passwords to his superiors was tantamount to a denial of service, for a narrow interpretation of "service," but the same argument might be made that Childs actually prevented a denial of service -- an illegal act -- by refusing to hand over those passwords.