I'll try to answer all the questions you presented. Yes, the relevant part of the law we convicted on was 502(c)(5). We were not even presented with the other portions of the penal code listed above. Specifically, he denied computer service to an authorized user without permission. The specific act here was not providing access to the FiberWAN routers and switches upon the request of the city's COO. For the permission part, he did not have any permission from anyone to not provide that access. We looked through the evidence for anything that would indicate that he had permission to deny access to an authorized user, but there was no such evidence. There was evidence, however, that it was part of his job duties to provide that access to authorized users.
"Computer services" is one of several terms with which we were provided specific, legal definitions which we were to follow. The computer service in question which he denied access to was the management and maintenance of the FiberWAN routers and switches themselves. Authorized users was one of the harder points to distinguish in this matter because there really was no formalized process to authorize or deauthorize users. However, we came to the conclusion that he knew that the person asking for access was authorized to obtain that access. This was made evident by many of the emails we had in evidence. Further, at this point, he had not been fired, but did know that he was being reassigned. Also, if they had not been authorized users, but he had given the passwords, he would not be guilty of the other sections because his actions would then have been both permitted, and within the scope of his employment because he was following the directives of his superiors. The fact that he eventually did relinquish the passwords to the mayor, I think, shows a continuation of past behavior in which if he didn't get what he liked he would simply go to the next higher person in the chain.
His actions were definitely not within the scope of his employment. We examined his job description, performance review, and many other documents to determine this. In fact, we determined that one of the main aspects of his employment was to maintain the stability and resiliency of the network he supported, and his actions actually were doing the exact opposite. Configuring a network to have no console access, to have the core routers come back from a power failure with no configuration, hiding the backups in locations unknown and encrypted -- these are all things that seem to go against what he was supposed to be doing in his work assignment.
There was a central password database (TACACS) in this case, that could have definitely been used here, but that really didn't play a large role in the deliberations.
I think the law fits this situation. I don't think anyone had really thought ahead that this type of situation would come up when it was written, but it certainly does fit. We were beyond a reasonable doubt. We actually brought that up many times as we wanted to make sure of that, and we many times did search through evidence and found things that did reinforce that.
Terry Childs was treated far worse in this matter than he should have. Personally, I think once he gave up access to the mayor, they should have dropped the charges, and at worst charged him with some sort of misdemeanor. From what I understand after the case, the bail was set so high because they were afraid if he was not in jail, he would have some sort of hidden access to the FiberWAN and would do something to damage it. However, I don't see why that bail couldn't have been reduced after the access was provided and other engineers cleaned everything up and made sure it was safe. The money that the city spent was actually spent before access was given to the mayor. This money was spent on recovery efforts by Cisco and other in reasonable efforts to regain access to the devices.
I know it seems like a clear cut case of office politics, and that's what I thought too before I was a juror and had simply read the news reports on the issue. But I can tell you, it doesn't take a five month trial for people to testify that they sat in a room asking for passwords and didn't get them. There were a myriad of issues, projects, and conflicts going back over a span of five years which all fed into this.
By the way, your questions were very well-worded and salient to the legal points we had to examine. Are you sure you're not one of the attorneys trying to pick my brain?
Yes, I was on the jury (see my post further on down). An essential part of jury deliberations is keeping an open mind, explaining your thoughts and opinions, and listening to the opinions of others. This was not the case here. I really won't go into the details on the matter as to not reveal personal information or background on the juror, but not only did he not do those items above, he also refused to follow the jury instructions and the legal definitions as provided by the judge that we had to use in our determination of the facts.
While you are allowed to look at testimony differently and debate that, you can't decide that a legal definition as provided by the judge is something you don't agree with and therefore won't follow. Essentially, you're supposed to follow the facts and then come to a conclusion. The problem here was that one person had a conclusion beforehand, and wanted to change the facts to fit it. It just doesn't work that way.
Yes, I was on the jury. I have a much longer post (and responses) further down.
It didn't matter towards my decision in the case, but it mattered to me because it would have been so much better to be handled solely as an employment issue, and I really think that would have been the better outcome for Mr. Childs.
I think the police were ready to allow it to develop as solely an employment matter, while at the same time feeling that he could really be charged at any time. I think once he made those moves he tipped the police over their comfort line.
The law he violated was CA Penal Code 502. That code deals with denial of computer service. He was the only person with access to a large and critical computer network. He was being reassigned and would no longer be working on that network. Obviously, you cannot have a network with no administrator(s) to manage or maintain it. He refused to provide access to that network. Not just simply refusing to tell his passwords, but refusing to provide access at all, even configuration backups. Furthermore, he configured the network in a manner which prevented any attempts to access it or reset the passwords, and in a few scenarios those attempts would have even brought the network down.
There were no formally adopted policies for computer or network security. Even then, there are common sense guidelines in the IT industry about sharing your password. But what common sense guideline is there that if you are assigned off of a project, you should then lock out the ability of anybody else to administer it?
Thanks. Yes there were tons of other issues involved in this matter which the press simply doesn't cover in their reports. I myself feel that five years is a rather extreme sentence for what he did, which is why I have been glad to read in news reports that they expect the judge to let him go with time served or possibly sentence him to just a few more months. He doesn't need to be kept away from the public or punished any more for what he did.
No, it was:
1. Terry Childs was informed he was being reassigned.
2. He was asked to provide access to the network which he would no longer be working on and to which he was the only one with access.
3. He refused to provide that access.
4. He was told he could possibly be in violation of the law by refusing to provide access.
5. He refused to provide that access.
6. He was placed on paid administrative leave.
7. He was arrested.
That's the order, but it's definitely hugely summarized. There were lots of other events that led up to this and were intermingled.
We specifically spent hours on the question of intent and making sure we were beyond a reasonable doubt. As to the removal of the other juror, there's way more to that story than any paper knows, and I don't want to go much into it, but he was definitely dismissed "for cause", not because he was some type of lone holdout or something like that.
The law we used was CA Penal Code 502. We did not make up any laws or definitions in reaching our decision. Just take a look at the number of posts and opinions here which fall in both directions. Do you think they have more facts about the case available to them, who may have read some articles and blogs about it? Or do you think I may have more information upon which to base my opinion, after listening to five months of testimony, reading hundreds of emails, many sent by Mr. Childs himself, showing his state of mind and intent? There's way more to the story here than simply a good tech guy all of a sudden being requested to turn over some passwords.
It's not merely the act of not providing a password that was a denial service. It was the over-arching issue of refusing to provide access at all. Furthermore, there was no way to gain access without significant disruption to the network. He was told he was being reassigned. Therefore somebody else had to take over those administrative duties, but nobody could as he would not provide them. He denied the COO and the entire IT group the ability to administer their own devices.
As to leaving the state, that is not itself a criminal act. Actually, these are facts I learned from the inspector after we reached our verdict. During the trial itself we did not learn the exact reason he was arrested when he was, because that information was not provided to us. From what I understand, he was already suspected of violating the penal code that he was tried on, and when he made those moves (large cash withdrawals, leaving the state), the police were worried he was planning on possibly sabotaging the network or possibly leaving, and that's when they decided to go forward with the arrest and charges.
I'm glad you brought this up, because going through this trial I learned a lot about how -not- to lock down a network if you don't want to end up in this same scenario.
First, all of the edge devices of the FiberWAN were configured with "no service password-recovery". This is a relatively newer IOS command (I believe) that, in a way, disables the ability to do a standard password recovery. Actually, you can still follow the password recovery procedure, except now during the recovery procedure the router will now prompt you that password recovery is disabled, and if you wish to proceed the existing configuration will be erased. So, you can still gain access to an edge router of the FiberWAN, but it will now have no configuration in it, essentially making it useless.
The next problem was the core routers, which were 6500 series. The IOS running on these did not have the "no service password-recovery" feature, so what he did here was to erase the NVRAM and only keep the running configuration. Any attemt to do a password recovery would require a reboot, and the configuration would be gone. The core routers were not configured to load a new configuration from a remote server, but instead Terry Childs had modems connected to terminal servers so that in the event of any power outage he would be able to dial in and load the configurations back in.
As to these configuration backups, Mr. Childs kept these on a DVD he kept with him at all times. Furthermore, this DVD was encrypted and could only be decrypted using his laptop (as the encryption program required not only a password, but access to a specific file that existed on the laptop).
As for system logs, the city had no access to see what these might have said, as the routers were set up to log only to a server that Terry Childs controlled. He was the only one with passwords to that server. And not only that, he had placed that server inside a black metal cabinet with holes drilled in the side to allow cable runs, and the cabinet had two padlocks on it. Slight paranoia?
A few days before access was finally provided, Cisco discovered actually a very ingenious way to be able to get the edge configurations. (Either they did or did with help of those in the technical blogosphere). The edge devices were (if I remember correctly) 3650 series which allowed stacking. Apparently, if you are in enable mode on a new switch and then stack it to one of the FiberWAN edge devices, the configuration would sync over to the new device so essentially you have a copy of the old switch but have the ability to change the password. This was the path they were going to take with the edge when Mr. Childs provided access and it was no longer necessary. Also though, this procedure would not have helped for the more critical core devices.
We felt terrible because Terry Childs had really turned around a lot in his life and our decision would negate a lot of that. I didn't violate my conscience to satisfy the letter of the law. I believe in the law that we applied. Trust me, this wasn't a matter of somebody simply refusing to give up their individual userid and password. There were TONS of other issues that played into the matter, over a period of years. He locked down the network to a point that ensured he would be required for its management, even to the point that some attempts to gain access by other people would have brought the network down.
For me, true justice (not legal justice) would have been served if they would have simply left this matter as an employment issue and never brought it into the criminal arena at all. However, that only happened when Terry Childs, under surveillance after being placed on leave, decided to leave the state and make over $10,000 in cash withdrawals. He really shot himself in the foot on that one.
When he was brought into that meeting, he was being reassigned because he could not work on the FiberWAN any more. He had spent months making engineering decisions that made it impossible for anyone else to gain access to those routers without having correct passwords. He became very possessive, and paranoid, about this network he created, and when it came time for him to release it to others he refused to do so. There were so many choices he could have made that could have diffused the situation, but he didn't do that.
Adding features does not necessarily increase functionality -- it just makes the manuals thicker.