Yes, I was on the jury (see my post further on down). An essential part of jury deliberations is keeping an open mind, explaining your thoughts and opinions, and listening to the opinions of others. This was not the case here. I really won't go into the details on the matter as to not reveal personal information or background on the juror, but not only did he not do those items above, he also refused to follow the jury instructions and the legal definitions as provided by the judge that we had to use in our determination of the facts.

While you are allowed to look at testimony differently and debate that, you can't decide that a legal definition as provided by the judge is something you don't agree with and therefore won't follow. Essentially, you're supposed to follow the facts and then come to a conclusion. The problem here was that one person had a conclusion beforehand, and wanted to change the facts to fit it. It just doesn't work that way.

Yes, I was on the jury. I have a much longer post (and responses) further down.

It didn't matter towards my decision in the case, but it mattered to me because it would have been so much better to be handled solely as an employment issue, and I really think that would have been the better outcome for Mr. Childs.

I think the police were ready to allow it to develop as solely an employment matter, while at the same time feeling that he could really be charged at any time. I think once he made those moves he tipped the police over their comfort line.

The law he violated was CA Penal Code 502. That code deals with denial of computer service. He was the only person with access to a large and critical computer network. He was being reassigned and would no longer be working on that network. Obviously, you cannot have a network with no administrator(s) to manage or maintain it. He refused to provide access to that network. Not just simply refusing to tell his passwords, but refusing to provide access at all, even configuration backups. Furthermore, he configured the network in a manner which prevented any attempts to access it or reset the passwords, and in a few scenarios those attempts would have even brought the network down.

There were no formally adopted policies for computer or network security. Even then, there are common sense guidelines in the IT industry about sharing your password. But what common sense guideline is there that if you are assigned off of a project, you should then lock out the ability of anybody else to administer it?

Thanks. Yes there were tons of other issues involved in this matter which the press simply doesn't cover in their reports. I myself feel that five years is a rather extreme sentence for what he did, which is why I have been glad to read in news reports that they expect the judge to let him go with time served or possibly sentence him to just a few more months. He doesn't need to be kept away from the public or punished any more for what he did.

No, it was:
1. Terry Childs was informed he was being reassigned.
2. He was asked to provide access to the network which he would no longer be working on and to which he was the only one with access.
3. He refused to provide that access.
4. He was told he could possibly be in violation of the law by refusing to provide access.
5. He refused to provide that access.
6. He was placed on paid administrative leave.
7. He was arrested.

That's the order, but it's definitely hugely summarized. There were lots of other events that led up to this and were intermingled.

We specifically spent hours on the question of intent and making sure we were beyond a reasonable doubt. As to the removal of the other juror, there's way more to that story than any paper knows, and I don't want to go much into it, but he was definitely dismissed "for cause", not because he was some type of lone holdout or something like that.

The law we used was CA Penal Code 502. We did not make up any laws or definitions in reaching our decision. Just take a look at the number of posts and opinions here which fall in both directions. Do you think they have more facts about the case available to them, who may have read some articles and blogs about it? Or do you think I may have more information upon which to base my opinion, after listening to five months of testimony, reading hundreds of emails, many sent by Mr. Childs himself, showing his state of mind and intent? There's way more to the story here than simply a good tech guy all of a sudden being requested to turn over some passwords.

It's not merely the act of not providing a password that was a denial service. It was the over-arching issue of refusing to provide access at all. Furthermore, there was no way to gain access without significant disruption to the network. He was told he was being reassigned. Therefore somebody else had to take over those administrative duties, but nobody could as he would not provide them. He denied the COO and the entire IT group the ability to administer their own devices.

As to leaving the state, that is not itself a criminal act. Actually, these are facts I learned from the inspector after we reached our verdict. During the trial itself we did not learn the exact reason he was arrested when he was, because that information was not provided to us. From what I understand, he was already suspected of violating the penal code that he was tried on, and when he made those moves (large cash withdrawals, leaving the state), the police were worried he was planning on possibly sabotaging the network or possibly leaving, and that's when they decided to go forward with the arrest and charges.

I'm glad you brought this up, because going through this trial I learned a lot about how -not- to lock down a network if you don't want to end up in this same scenario.

First, all of the edge devices of the FiberWAN were configured with "no service password-recovery". This is a relatively newer IOS command (I believe) that, in a way, disables the ability to do a standard password recovery. Actually, you can still follow the password recovery procedure, except now during the recovery procedure the router will now prompt you that password recovery is disabled, and if you wish to proceed the existing configuration will be erased. So, you can still gain access to an edge router of the FiberWAN, but it will now have no configuration in it, essentially making it useless.

The next problem was the core routers, which were 6500 series. The IOS running on these did not have the "no service password-recovery" feature, so what he did here was to erase the NVRAM and only keep the running configuration. Any attemt to do a password recovery would require a reboot, and the configuration would be gone. The core routers were not configured to load a new configuration from a remote server, but instead Terry Childs had modems connected to terminal servers so that in the event of any power outage he would be able to dial in and load the configurations back in.

As to these configuration backups, Mr. Childs kept these on a DVD he kept with him at all times. Furthermore, this DVD was encrypted and could only be decrypted using his laptop (as the encryption program required not only a password, but access to a specific file that existed on the laptop).

As for system logs, the city had no access to see what these might have said, as the routers were set up to log only to a server that Terry Childs controlled. He was the only one with passwords to that server. And not only that, he had placed that server inside a black metal cabinet with holes drilled in the side to allow cable runs, and the cabinet had two padlocks on it. Slight paranoia?

A few days before access was finally provided, Cisco discovered actually a very ingenious way to be able to get the edge configurations. (Either they did or did with help of those in the technical blogosphere). The edge devices were (if I remember correctly) 3650 series which allowed stacking. Apparently, if you are in enable mode on a new switch and then stack it to one of the FiberWAN edge devices, the configuration would sync over to the new device so essentially you have a copy of the old switch but have the ability to change the password. This was the path they were going to take with the edge when Mr. Childs provided access and it was no longer necessary. Also though, this procedure would not have helped for the more critical core devices.

We felt terrible because Terry Childs had really turned around a lot in his life and our decision would negate a lot of that. I didn't violate my conscience to satisfy the letter of the law. I believe in the law that we applied. Trust me, this wasn't a matter of somebody simply refusing to give up their individual userid and password. There were TONS of other issues that played into the matter, over a period of years. He locked down the network to a point that ensured he would be required for its management, even to the point that some attempts to gain access by other people would have brought the network down.

For me, true justice (not legal justice) would have been served if they would have simply left this matter as an employment issue and never brought it into the criminal arena at all. However, that only happened when Terry Childs, under surveillance after being placed on leave, decided to leave the state and make over $10,000 in cash withdrawals. He really shot himself in the foot on that one.

When he was brought into that meeting, he was being reassigned because he could not work on the FiberWAN any more. He had spent months making engineering decisions that made it impossible for anyone else to gain access to those routers without having correct passwords. He became very possessive, and paranoid, about this network he created, and when it came time for him to release it to others he refused to do so. There were so many choices he could have made that could have diffused the situation, but he didn't do that.

Thanks for your comments, I hope I can address them all. First, he was not fired before asked for access to the FiberWAN. And there's a big distinction there -- not only was he asked for passwords, he was asked for "access". I can understand not giving up your personal username and password, but also not allowing anyone else there own access is entirely different. However, he did go into this meeting knowing that he was being "reassigned", so I'm of the frame of mind that he actually thought he was being fired. After a long period of different claims -- including that he didn't remember them, that he himself had been locked out of the system for three months (even though he was working on it that morning), providing incorrect passwords -- he was placed on administrative leave. He was even scheduled to have a meeting the next week with the CTO of the city to discuss the matter. However, he made one of the biggest mistakes then that he could have. While under police surveillance, he decided then to leave the state and make cash withdrawals of over $10,000. He was arrested, and that's where it became a criminal matter instead of simply an employment matter.

His representation was very good and did a great job in presenting his defense. However, the prosecution was also very good and presented some pretty damning evidence. The law that he broke was a section CA Penal Code 502, specifically that he disrupted or denied computer service to an authorized user and he did so without permission. We had legal definitions provided for many terms, including "computer service" and from this we were able to determine that the ability to manage or configure the routers and switches of the FiberWAN is a "computer service". So, in a nutshell, he broke the law by denying to the COO and others within the IT group the ability to manage those routers when ordered to do so.

I too really wish the case had been dismissed, but I think the city let this story get too large and didn't want to lose face by dropping all the charges. However, as a juror I cannot allow myself to make decisions based on why I think the city did what it did or whether I think that was right or wrong. I really had to take all the facts before me and apply them to the law, and I would hope that if I were ever in court that twelve other people would do the same for me.

It was more difficult because there is no legal definition of "authorized user", and in that case we are left to use a common sense definition of the term. That may be easy to do, but the harder part is determining who those people are, because in different companies and organizations, policies in place many time determine who they are. So now we have another problem here in that there was no formal policy or procedure in place to determine who is an "authorized user", so we had to use the evidence available to us to determine who Terry Childs would reasonably believe an authorized user would be.

To do that, we had to look through a lot of testimony, in addition to pieces of evidence which showed who he had previously determined to be "authorized users". In the end it was our determination that he knew the person requesting access was authorized to have it. Like I said, this was really the hardest question for us to answer, but after examining job descriptions, job vacancy bulletins, performance appraisals, numerous emails, etc., we were able to reach the conclusion we did.

Terry Childs already had this knowledge (as evidenced in the emails). We had to spend the time to sift through all the information to make sure we were beyond a reasonable doubt about this conclusion.

Except for the fact that he had disabled password recovery. So now there was no way to access those devices or their configurations.