Terry Childs has been sentenced to four years in prison, and now has been ordered to pay $1.5 million restitution to the City of San Francisco for not relinquishing the passwords to the city's FiberWAN network for a period of 12 days.
Just to be clear here, there was no outage, no loss of service, and no problems with the network during this time period. No user lost access to applications, data, or services, and no city activities were impeded. There was no actual damage directly stemming from his actions. In fact, as he has argued, he was following policies laid out by the city itself by not providing the passwords. If you recall, he was asked for the passwords in a room full of people who had no reason to know them and another group of people listening in on speakerphone. He was subsequently jailed and held for 18 months before the trial even began.
[ Paul Venezia was first to discover the real story behind the bizarre Terry Childs case. | Read Paul's in-depth advice on planning and deploying a network to handle virtualization. ]
Now a judge has ordered him to pay the equivalent of $75,000 a year for 20 years. What's next? Will they also kick him in the ribs a dozen times for good measure?
The City claims that the $1.5 million figure comes from the amount spent trying to break into its own network in lieu of having the passwords, and to test the network for vulnerabilities after he divulged that information. Not only does that seem like an extremely large figure for this work, I have a hard time placing the financial burden on Childs for the vulnerability testing -- the kind that every IT shop should do regularly.
I can understand the desire to vulnerability test the network following this debacle, but that should have been done anyway. And what if Childs had been hit by that proverbial bus? Would the City have come after his estate for the same costs? It feels like the government used this as an opportunity to turn the consulting dial up to 11 because it knew it'd be going after Childs for any costs incurred, legitimate or not. After all, $1.5 million is an awful lot of money. There would be no capital expenses since no hardware was damaged, so it must be all labor -- that works out to 7,500 hours billed by consultants charging $200 per hour. That's 937 8-hour days. You could have rebuilt the entire network from scratch at least twice over for that amount.
At the heart of all this is a baseline of fear and uncertainty. That's what kept Childs's bail so ridiculously high and kept him behind bars for two years from the time of his arrest to the time of his sentencing. Nobody involved with this case has any clue regarding the technical elements, and the prosecution painted Childs as a constant threat and danger to the network, possibly even from prison. They turned him into a boogeyman or supervillain who would wreak havoc on all mankind if he ever saw the light of day. Playing on these fears worked exceedingly well.
The precedent of this case is extremely damaging to IT admins. If you have a suitably advanced skill set and get into a political tussle within your department, you can be held in jail due to the possibility you might use those skills in a damaging way. That train of thought classifies high-level IT administration and architecture skills as weapons.
It brings to mind a medieval warrior who is held in a dungeon unless he's needed to fight in a war; otherwise, he's chained to a wall because he might start hurting the wrong people. Not only has San Francisco chained Terry Childs to that wall, it's setting him up for debtors prison for the rest of his life.
At the start of this whole circus, I asked how much will it cost for the city of San Francisco to get rid of its most competent admin. The answer is apparently $1.5 million -- and the politicians are sending him the bill. How does that punishment even come close to fitting the crime?
This story, "Insult to injury: San Francisco wins $1.5M from Terry Childs," was originally published at InfoWorld.com. Read more of Paul Venezia's The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.