The guilty verdict against former San Francisco network administrator Terry Childs has sparked some heated discussion in the blogosphere over IT management and security practices. Many see the case, in which Childs has already served nearly two years in prison, as one that could--and should--have been avoided.

To recap: Childs, who worked in the San Francisco Department of Telecommunications and Information Services, refused to give his supervisor passwords for the city's FiberWAN system, which he had helped build, after he heard about looming layoffs in the summer of 2008. He was arrested and charged with disruption or denying of computer services. The ensuing power struggle left the city without administrative control of the network for 12 days until Childs offered to give the password to the mayor. Childs expressed concerns about the network being hacked into or destroyed.

A federal jury found Childs guilty of tampering with the computer network April 27. He faces a sentence of up to five years in prison, but he has already served approximately 21 months.

Paul Venezia at InfoWorld is among those who consider the verdict to be "rough justice" and fear it may have repercussions for network administrators across the country. Venezia's sympathetic position reflects that of one of the jurors, Jason Chilton, who was quoted as saying: Childs "was put in a position he should not have been put in. Management did everything they possibly could wrong. There was ineffective management, ineffective communication. I think that if they put the city on trial, they would be guilty, too."

Venezia says that Childs' actions didn't affect users, and such a disruption or denial of service could occur for a wide variety of reasons, potentially putting network administrators everywhere at risk: "[T]here are suddenly thousands of IT workers all over the country that are now guilty of this crime in a vast number of ways," he writes.

Others are expressing much less sympathy. Numerous posts on Slashdot since the verdict blame Childs for letting the situation get out of control. "If your boss demands the password, give it to them. Send them a letter along with the passwords saying that you are doing it under protest if you want, warn them of the dangers, whatever, but don't be idiotic," reads a typical sentiment, this one posted by someone going by the moniker "nomadic."

For more:
- read the SFGate article
- read Paul Venezia's post at InfoWorld
- check out the discussion thread at Slashdot

Related Articles:
Sabotage can come from the inside
Protect your network from rogue employees