A little over a week ago, Judge Kevin M. McCarthy dismissed three out of the four charges against Terry Childs. However, in the decision explaining why he retained one charge, for "denial of service," McCarthy may be redefining the term "user" as it applies to computer networks. In doing so, he could be opening up Pandora's Box that makes it impossible for IT to safeguard passwords.
The terms "user" and "administrator" have special significance in computing. A user-level account has significantly restricted access to all computing resources, and so can work only within the confines of their own set of files and documents and of those other documents to which they've been specifically granted access. They cannot alter or modify sensitive settings and configurations of any computing resource they encounter. An administrator-level account has full rights over some or all computing resources, and can view and alter files, settings, configurations, and such of any system to which those rights have been applied. This is a fundamental rule of computing in general, one that has existed essentially since the dawn of computing itself.
But portions of McCarthy's decision turn this fundament on its head. It seems that because there is no clear statute to apply to the Childs situation, the prosecution and the judge are trying to shoehorn Childs' actions into a related statute that was designed to cover a denial of service of a computing resource to users, not administrators. It may be a fine line, but it's a line nevertheless.
The troubling line the Childs judge has crossed
Childs is charged with violating California statute 502(c) (5), specifically "[when a person] knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network."