Thank you very much for your response. You're right that the version of password recovery on the edge routers is a new version of the procedure. Your post leads me to some still unresolved questions. First, did Childs admit to or otherwise confirm that he set up the network this way, with startup-config files erased from nvram on the core 6500 switches and with no configs loading from a server? I ask this because this seems like a very risky way for a skilled network engineer to set up such a system. If a power outage or any other event caused these core 6500 switches to be rebooted, then those switches would inevitably be down until Childs could remote in over the modem and paste the config files back into the devices. Since he was the only person with both access to the switches and access to backups of the config files, in a best case scenario there would be a delay in getting those switches back up after a reboot, even longer if Childs was not close by to a place where he could connect to the modems if and when such an event might occur. Given that the city made a number of claims that were questionable during this case (especially the whole claim about VPN passwords during the bail hearing), and given how risky, and seemingly foolish this setup would be for a lone, highly skilled network engineer who had no backup, did either Childs confirm he set up the system this way, or did the city offer concrete proof that he set it up this way?

Second, if Childs had been the only one with access to the FibeWAN routers and switches, so that no other person had the ability to log in to the routers and switches to see how they were configured, and no one but Childs had access to logging information for the FiberWAN devices, and no one but Childs had seen backup copies of the config files for the core 6500 switches, how was the city able to know that the 6500 switches had been set up as claimed with the startup-config files erased and password recovery disabled? Did Childs admit that to someone previously? If not, were they using psychics? Can you shed some light on how the city knew this?

I'm still not sure how this could be a valid way of applying the law. There was no existing written definition of "authorized user". Having to sift through mounds of evidence to determine who Childs believed was an "authorized user" further indicates there was no firm official definition of this, and now this definition is essentially based on Childs' own opinion. This seems far away from how the law normally works. Normally what is illegal must be explicitly spelled out. This also seems dangerously close to an ex post facto situation, where something is determined illegal after the act, when it was not clearly so before the act. The jury has no choice but to obey its instructions. But I'm wondering here if the jury instructions on this weren't problematic. This feels like a misapplication of law. This also feels like something that could go to appeal.

First, I would like to thank you for posting. I'm sure you have been through a lot on this case. I also can sympathize with being on a jury on a problematic case where very tight jury instructions box you in to coming to a verdict you don't like. I also was on a jury once in a similar situation, so I can sympathize. So I would like to thank you for being willing to post at all. Having said that, this case has bothered me a great deal from the start. So I would like to raise some of the questions that have been bothering me, and make a few comments. I will understand if you don't wish to rehash the whole thing, but any response will be appreciated. I should explain that I have completed Cisco training through CCNP, with the intent of eventually gaining my CCIE. While I have concerns about whether or not Childs should have been prosecuted for withholding the passwords to the FiberWAN, these are not the concerns I would like to raise here. From the beginning it has concerned me that representatives of San Francisco's IT department, and representatives of the prosecutor's office, have made statements about this case that seemed factually false from a technical perspective, both about the operation of Cisco routers and switches, and about networking procedures in general. It is opportune that you are an experienced CCIE, in that, if you are willing (and legally able, which is a question), perhaps you can shed some light on at least a few of the questions I would like to raise. I have a substantial question about whole initial claim that Childs "booby-trapped" the network to fail when and if the routers and switches were rebooted. To accomplish the booby-trapping that the city originally claimed, it would be necessary that Childs both disabled password recovery and erased the startup-config file on the routers and switches in the FiberWAN. Yet I saw no evidence at all ever presented by the city to prove the claim that he had done this. The city seemed to claim that they had no access to backup copies of these config files. If in fact they didn't have any access to backup copies of the config files, and they had no way to log into the routers and switches to examine the startup-config files on the devices, they would have no way to confirm that he had erased the startup-configs. Similarly, if they had no way to examine the config files, they would seem to have no way to know that he had disabled password recovery. So unless they had other evidence, such as logging info to confirm the configuration changes, how did they claim to know that he had booby-trapped the devices to fail on reboot? Also, as I'm sure you know, even if erased the startup-config files on the routers and switches, there is an option on Cisco devices that they may be configured to load their startup-config files from a server. If one were paranoid that physical security of the routers and switches were in doubt, loading your config files from a server is exactly what one might do. So for Childs to have booby-trapped the routers and switches as originally claimed, he would have had to erase the config files, disable password recovery, and not have configured the devices to load their configs from a server. The city made these claims over and over as to Childs rigging the routers and switches to fail on reboot, but I have never seen any evidence offered to prove these claims nor any explanation of how they could have proved that. I would like to know if any further evidence was ever offered that shed light on this. From what I have been able to read, it makes it appear that these were baseless claims with no proof ever offered to back them up. Directly related to this is the whole problem in this case surrounding Cisco password recovery itself. As you know, all Cisco routers and switches, (at least the ones running IOS) have a "password recovery" feature. It is somewhat of a misnomer, because it doesn't necessarily let you recover the passwords (unless they were stored unencrypted), but rather allows you to bypass the login process and then change the passwords from ones you don't know to ones you do know. It does require rebooting the router or switch, which is an important point. The procedure requires that you have physical access to the device, because you can only do the procedure while being attached to the console port. However, if you have physical access to the router or switch, and there isn't a problem rebooting the device, then you can easily gain access to the device, change the passwords, and regain control of the system. This is not an advanced procedure; it is taught early at the CCNA level. Anyone with even low level Cisco training should be able to do it. The city has had physical access to the routers and the switches of the FiberWAN this whole time. If Childs did not booby-trap the devices as described above, then there never was anything stopping the city from recovering control of the devices at anytime. So it is a very important point as to whether Childs did or did not boobytrap the routers and switches as described. If Childs did, and the city had no access to backups of the config files, then the city could not afford to reboot the devices to perform password recovery. However, if Childs did not booby-trap the routers and switches as described, the city would have had no reason for not immediately initiating password recovery procedures and regaining control of the FiberWAN immediately. If they had so little skill that they couldn't do this, then they truly shouldn't be touching the FiberWAN devices. However, even then Cisco could have easily sent someone over to do the password recovery procedure and regain control for them. To my mind, there is a major question as to whether the city ever offered any credible proof that Childs booby-trapped the network as described. If there wasn't any further evidence offered to prove this, then I have a major concern about the city's claim that they were actually ever really locked out of their network in the first place, since Cisco password recovery is a simple and well-known procedure that the city would have no reason not to be able to accomplish. So I would very much like to know if you can shed any light on these questions. Thank you for any response you might wish to make.