Terry Childs Guilty Verdict Sends Mixed Message to IT Workers

 
 
By Donald Sears  |  Posted 2010-04-28
 
 
 

If there is anything to be learned by the Terry Childs guilty verdict in San Francisco it is that managerial incompetence--real or perceived--is not a defense for ignoring management requests and orders, especially when you work for a government agency.

Refusing to do what management wants could be construed as unlawful and criminal--as does trying to lock yourself in to a job with an administrative-control loophole.

Bad idea, Terry. But that is only part of the problem.

The other, more destructive part, is the Pandora's box this case opens up for right-minded technology workers of all kinds who are asked to make decisions in protecting of company assets, data and intellectual property. Childs defense that he did not want to hand over the authentication because it would have opened up the system to attacks sounds hollow given the details about his knowledge of his job being reassigned. He changed the passwords after learning his job was in jeopardy. Again, really bad idea.

The challenge is for those cases when a tech employee whose job is entrusted to administer a network is told to open up authentication to someone or some entity that will pose an actual threat. The message is: Do it or you might face criminal charges. Maybe this is an anomaly and will not be the case that sets precedent over administrative disputes, but the potential for that happening is the issue.

The problem is that Childs pissed a ton of people off by not playing ball and came off as a disgruntled, rebellious employee. One co-worker quoted Childs as saying he had "the keys to the kingdom" so they should not "screw with him." Not the right thing to say.

Was he insubordinate? Yes. A bit of a control freak? Probably. Did he deserve a $5 million bail reserved for the most dangerous of criminals in society for not giving over passwords for 12 days? Probably not. The man has been sitting in jail for two years and could now get another three... That is a very loud message in a technology-centric city that employs a ton of technology workers in the Bay Area.

One reason it appears he received such a high bail amount was that he was considered a flight risk. During the first part of this ordeal, Childs went to Nevada and withdrew $10,000 in cash, according to juror number 4 on the case, Jason Chilton (who happens to be a Cisco network engineer). Chilton told InfoWorld's Paul Venezia--who has been covering this case very closely--the following about how Childs might have been able to avoid the criminal charges:

If he would have simply said, "I will create you an account and you can go in and you can remove my access if you want." If he had created access for someone else, I think that would have resolved it. If he had not decided to leave and go to Nevada a few days later and withdraw US $10,000 in cash, [Childs did this the day before his arrest, while under police surveillance] I think the police may have let it continue on as an employment issue and not a criminal matter.

Childs was not a criminal hacker or a major threat to society. He was a self-righteous dude who was scared of losing his job and went too far with the control he had been given. After being told he was being reassigned in his duties, he freaked and played aggressive defense. He absolutely took it too far, but a criminal worthy of five years in jail?

The case is weak, but it's also a good career lesson. If you are facing unwanted changes to your job, do not lock out your management, replacement employees or peers. Focus on what you can do to change your individual situation (find a new job, consult career counselors, work with human resources, etc.), not deter others from doing their jobs.

Reblog this post [with Zemanta]

Rocket Fuel