Terry Childs Guilty Verdict Sends Mixed Message to IT Workers
|
If there is anything to be learned by the Terry Childs guilty verdict in San Francisco it is that managerial incompetence--real or perceived--is not a defense for ignoring management requests and orders, especially when you work for a government agency. Refusing to do what management wants could be construed as unlawful and criminal--as does trying to lock yourself in to a job with an administrative-control loophole. Bad idea, Terry. But that is only part of the problem. The other, more destructive part, is the Pandora's box this case opens up for right-minded technology workers of all kinds who are asked to make decisions in protecting of company assets, data and intellectual property. Childs defense that he did not want to hand over the authentication because it would have opened up the system to attacks sounds hollow given the details about his knowledge of his job being reassigned. He changed the passwords after learning his job was in jeopardy. Again, really bad idea. The challenge is for those cases when a tech employee whose job is entrusted to administer a network is told to open up authentication to someone or some entity that will pose an actual threat. The message is: Do it or you might face criminal charges. Maybe this is an anomaly and will not be the case that sets precedent over administrative disputes, but the potential for that happening is the issue. The problem is that Childs pissed a ton of people off by not playing ball and came off as a disgruntled, rebellious employee. One co-worker quoted Childs as saying he had "the keys to the kingdom" so they should not "screw with him." Not the right thing to say. Was he insubordinate? Yes. A bit of a control freak? Probably. Did he deserve a $5 million bail reserved for the most dangerous of criminals in society for not giving over passwords for 12 days? Probably not. The man has been sitting in jail for two years and could now get another three... That is a very loud message in a technology-centric city that employs a ton of technology workers in the Bay Area. One reason it appears he received such a high bail amount was that he was considered a flight risk. During the first part of this ordeal, Childs went to Nevada and withdrew $10,000 in cash, according to juror number 4 on the case, Jason Chilton (who happens to be a Cisco network engineer). Chilton told InfoWorld's Paul Venezia--who has been covering this case very closely--the following about how Childs might have been able to avoid the criminal charges: If he would have simply said, "I will create you an account and you can go in and you can remove my access if you want." If he had created access for someone else, I think that would have resolved it. If he had not decided to leave and go to Nevada a few days later and withdraw US $10,000 in cash, [Childs did this the day before his arrest, while under police surveillance] I think the police may have let it continue on as an employment issue and not a criminal matter. Childs was not a criminal hacker or a major threat to society. He was a self-righteous dude who was scared of losing his job and went too far with the control he had been given. After being told he was being reassigned in his duties, he freaked and played aggressive defense. He absolutely took it too far, but a criminal worthy of five years in jail? The case is weak, but it's also a good career lesson. If you are facing unwanted changes to your job, do not lock out your management, replacement employees or peers. Focus on what you can do to change your individual situation (find a new job, consult career counselors, work with human resources, etc.), not deter others from doing their jobs.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=dcab5d5c-3380-41b8-90e6-7d8d4bed725f) |
For more IT Careers and Workplace News, check out eWeek Careers
Comments (7)
I have worked with people like Terry Childs before and have no sympathy for him or his kind. They play Lord God of the network and act like temple priests who are the only ones with the ability or the right to have access to the system. They refuse to share system procedures with colleagues in order to make themselves indispensable ("Only Joe knows how to fix *that* server problem - get Joe!")
When Childs refused to hand over passwords, he brought this all on himself. He cost the city of San Francisco tens of thousands of dollars (if not more) to re-mediate the situation.
Management is also very guilty of letting it get to this point. It absolutely should never have gotten to this point. Each password should be known by at least two people at all times.
A veteran sysadmin
Posted by Mr. X | April 29, 2010 1:05 PM
I absolutely agree with Mr. X. Everyone in IT has dealt with the guy that builds a kingdom and is sadistic to all peers who are supposed to shadow them for redundancy. It's a horrible breed that costs IT and organizations millions of dollars to deal with. I've seen entire staffs spend half their day just trying to avoid these guys on any issue.
Jerks exist and you have to find ways to get rid of them if you plan to stay. The problem is the people who have this retarded sense of sympathy for these guys. Oh, he just has social issues... No, sometimes they're just a jerk so man up and do something about them. The people that defend TC's actions give weight to the existence of useless CIO offices and bureacrats. "Obviously, techies are weirdos so need supervision by someone who wears a tie to work and makes $200k and couldn't spell Sisco." Peer review people...be professional and insist on it among peers. Our trade depends on this.
I applaud the city of SF and the SFPD for showing the backbone to actually hold the line when push came to shove. Criminal prosecution could have been avoided at many turns and that was brought on by TC himself.
Posted by Bee | May 1, 2010 5:41 PM
This is a classic worst-case scenario, from both an employer AND employee perspective. Neither side handled things correctly. Terry could have handled things better, but I do support his denial to discuss the network passwords over an open conference call. His mistake was in trying to obstruct the entire transfer process rather than going back to the policies and procedures and saying "You know, the policy of the company says not to divulge passwords except to proper authorities. I will write them down and give them to my manager and from that point he/she can choose to share them with whomever else."
Management was in control-freak mode. They should have taken him aside and addressed his completely legitimate concern about giving out super-sensitive passwords on a conference call. I think the thing we can learn best from this is that both sides overreacted in the extreme.
Posted by not myself | May 4, 2010 2:01 PM
Here is my take on the whole matter: The whole City of SF IT Managment should have been fired, period. They had no clue about their Fiber WAN and how it worked. It seems to me by looking more closely at the matter, Mr. Childs was the only person who knew the system and how to operate it. I am not justifying what he did...but think of it this way, was he actually obligated to turn over passwords? Did he actually go in and change the passwords or was it that no one else knew them except him? Lets say he quit or was fired, is he actually obligated to give them the passwords even though he is no longer an employee? Couldnt he just give the finger and say "Uh, I forgot". Better yet, what if he was hit by a bus crossing the street, than what? They would have been in the same situation but with no one to blame.
What TC did was wrong, he should have turned over the passwords, but I think there is more here than meets the eye. I think that behind all of this is managment that had no clue and was out of touch, I think no one else even knew the system nearly as well as Mr. Childs and City of SF Managment panicked when confronted with knowing that no one else knew how to get in or administer the Fiber WAN. Mr. Newsome should consider firing the all the clueless highly paid CTO's, Managers etc.
Posted by A Mirza | May 4, 2010 2:20 PM
Terry acted like a child alright. Five years isn't enough to set the tone for this type of abuse of IT. His childish behavior went on way too long, he had plenty of time to get it right, but no way, not this jerk.
A twenty five year sentence would be appropriate. Anyone that believes there was any shred of reason for this jerk to act in this manner should take a long hard look at their morals.
I would consider parole after ten years but only if he would volunteer to allow a slap session from all of those people affected by his actions. Each person could choose to either slap his face or spank his inner child's butt.
Posted by Don't Like Jerks | May 4, 2010 5:26 PM
It doesnt matter if he was a jerk or not. Managment is responsible for knowing what is going on and having a number of key people who actually know the systems, especially such critical systems that they rely on. Apparently Mr. Childs was the only Sysadmin who knew these systems well enough to the point where others relied on him for access during the best of times.
Posted by A Mirza | May 4, 2010 5:56 PM
It's the same old message as always: Write that memo, CYA, and let the bloody thing crash
http://edition.cnn.com/2003/TECH/space/02/03/sprj.colu.shuttle.investigation/index.html
Posted by mataj | May 11, 2010 7:35 AM