Interview with Infoworld's Paul Venezia on the Terry Childs Case

By Timothy M. O'Brien
February 26, 2009 | Comments: 10

You may also download this file. Running time: 00:15:45

Subscribe to this podcast series via iTunes. Or, visit the O'Reilly Media area at iTunes to find other podcasts from O'Reilly.

Paul Venezia is a senior contributing editor with Infoworld. He's been covering the Terry Childs case since July. Terry Childs, who has been sitting in jail for approximately 7 months, is a network engineer for the city of San Francisco. What makes this case peculiar? Terry Childs never brought a single system down and is accused of running a series of modems and preventing the normal operation of a network.

For more of Paul Venezia's coverage, go to http://webblog.infoworld.com/venezia.

TRANSCRIPT

golden_gate.png

Paul Venezia: I'm Paul Venezia, senior contributing editor with Infoworld and Technologist.

Tim O'Brien: What sort of technology do you focus on?

PV: I'm that rarest of breed, I'm a generalist; I've built large, switched and routed network systems of networks for cities, hospitals and private corporations. I also am a lapsed RHCE and do a lot of work for Linux, Solaris coding and whatever happens to come my way.

TO: Your column about the Terry Childs case is interesting because it brings up a lot issues about how technology workers are perceived in the general media. What in this case attracted your initial attention?

PV: Initially, my editor sent me an email right after it happened with a link to the first story that I read which I believe was in the San Francisco Chronicle and asked what I thought and could I write a little bit about it. I read the reporting and none of it seemed to make sense from a technical perspective.

My investment in this case has nothing to do with Terry Childs, himself, I don't even know the man. I met him briefly for that interview that I posted, but before that, and that was only a week or two ago, before that I'd never met nor heard of him. However what I was reading from a technical perspective and being someone that works in high-end networking, a lot of what was being described by the District Attorney and those talking to the media did not make sense as it relates to normal network operation and procedures.

The more that came out, this was before he'd even given up the passwords and so forth, the stories I was reading and the information I was able to glean from, the court records, etc., was sending up red flags all over the place. They were claiming the now famous 1100 modems that they initially said Terry Childs may have planted around this city and a whole host of other things that just didn't jive.

There was something missing from the story and I wasn't sure what it was. As time has going on the statements I made earlier in the case back in July seemed to have been born out because a lot of the conjecture, charges, allegations I should say made against him seed to have disappeared. A lot is from the fact that there is not more technical evidence to support them.

As it moved forward I've just been going over the court records, public documents as I can. I'm 3,000 miles away; I live on the other side of the country. So whatever info is in public record that's what I've been looking at to try to figure out what has happened. That's been my only goal. If he did what they say he did, perhaps they have a legitimate complaint here.

If that's the case, he's going to be convicted in a court of law for criminal offenses, there had better be sound technical reasoning/evidence behind this and I have yet to see that.

TO: The thing that struck me in the news story, as it was being reported by CNN and other mainstream news outlets, I think they called him a terrorist within the first week. What is he being charged with?

PV: The allegations were all over at the place in the beginning, charged with sabotage, planned to take down the network and all of these other statements that were made to the press and so forth -- those have disappeared. The charges as they stand right now, there is one charge of basically a denial of service. They're charging him with a means of which to deny the service normal operation of a computer resource or network.

Its kind of a vague . . . relatively vague charge. As are most charges and technical charges like this, you can't get too specific because then it becomes useless. That's the main/first charge. There are 3 other charges each of which are tied to a modem that was found either in his work space or that he had control over.

The first is a modem, that he claims, and I believe its been backed up on this by others in the department, a modem hooked to a machine running goldmine that would send a message to his pager if any part of the network went down. That is a scenario that exists in one form or another, whether in analog modem, text, or gateway kind of thing. That exists in just about every network ever built.

The next modem they are charging him with operating and apparently for nefarious purposes was a DSL modem connected to an ISP that was used by the department to connect to the Internet to run external tests against the network tests, VPN connections, etc. Again something that is as common as crackers.

The third is yet another modem, another analog modem, he claims was used to connect to the San Francisco's Disaster Recovery Site, which I wrote about this week in my column. They have a disaster recovery site on the east coast that I believe this modem was used to communicate with that site assuming the data networks would be down, but the phone system may still be functioning. That is entirely the case, those 4 charges as of right now.

TO: Having an alternative means of getting into a system is pretty common. Are we getting to a world where if you're a system administrator, you have to call your lawyer first?

PV: Well I hope not. I would hope that most managers wouldn't be so short-sighted to not see the value in that. That's actually not what he's charged with. None of the modems listed that are listed on the complaint were actually used for remote access. I believe there were modems that were used for remote access that he had. Again, like any large network, if a network is down you need to get to an end point that is some number miles away, you use a modem to get into the router.

It may be a situation where you do have to think twice. If he is convicted of this, especially the denial of service thing, withholding passwords, etc., in this case denial of service is defined as the management of the network, not the network itself. In my mind, denial of service is a situation where somebody knowingly causes a resource to fail or go down, as in a denial against a website or something similar.

In this case, the network never went down, it was just the management side of things. As I wrote in that column, that could be stretched to encompass things like mis-configuration that locks people out of the management interface. That happens all the time, where human error, somebody fingers something and where people are locked out of a router, a switch or whatnot. Does that constitute denial of service or a mistake?

There seems to be a lot to worry about here. If he is convicted and the charges are in fact brought and succeed, its not just his case that I'm thinking of its more broad than that. It seems to me there is an awful lot of "he a witch! burn him!" kind of sentiment going on here because nobody from the city, none of the judges, nobody can be expected to understand this level of networking. Its not feasible, its not their job, its horrendously complex.

Having been there and done it for many years, that's the way it is. And this lack of understanding, you go and ask somebody on the street what is a modem, you will get several different answers. Some people will tell you its their cable box that connects me to the Internet, or a dsl modem, or an analog modem. Even the definition of modem is a kind of amorphous to the general public.

When you talk about something as detailed as this, its very difficult to actually relate. If he's convicted on these charges, that to me or anybody that has a history in networking is just common. This is not by any stretch an uncommon scenario, then where does that leave the thousands of networks that have modems on them, that have dsl connectivity to ISP for external testing, etc., where does that leave you?

TO: Its entirely possible he did have some sort of malicious intent. I think we share the same reading of the case. This sounds more like the case of a very bad, very corporate boss manipulating the facts to make someone look worse than he actually was.

PV: I'll put it to you this way, if he worked for a private company and not a city/government, almost no chance that he'd be in jail right now. For one thing private company would not want the negative publicity. Also, their primary complaint was he wouldn't give up the passwords. There are several procedures to follow to get to those passwords.

Say you want to evict someone from rental property, you have to file a civil complaint, get the sheriff behind it, and then do what needs to be done. That would have been the same procedure here, as I understand it; however that was not done. He was just thrown into jail, primarily because he worked for the city, and the police department in the city are obviously connected. There are an awful lot of hoops that didn't have to be jumped through. He's been there for 7 months on that. It's also interesting to me the reason he's in jail . . . . .

TO: He's been in jail for 7 months?

PV: Yes, since July 12, I think.

TO: Anytime you see someone on CNN calling someone a terrorist, I'm a bit skeptical. It seems that word is thrown around with abandon for all the wrong reasons. The one thing that struck me in this case was the depiction of someone who is a geek in the general media. I've worked with a lot of people and I'm sure you have too who you would consider to be weird, strange, strong-willed, stubborn, etc. Sometimes a stubborn network engineer is exactly the kind of person you want to have as your network engineer job.

PV: Again, going back to what I said earlier about the lack of knowledge of this type of people. Computer geek is this kind of introverted, sullen, its depicted as your IT guy is upset because you can't figure something out, so he gets frustrated and tells you to move, I'll fix it. That's the public perception.

At this level of networking engineer, these are the kinds of guys that sit in the back room and work their magic and nobody ever knows really who they are. From the company at large, they're more or less the umpires of the company or in this case the city, you're either invisible or in trouble. That's the way the public thinks about it.

That's generally fine; most people in that position actually would prefer that versus anything else. If they're doing their job nobody knows. That's essentially what happened here. Think of it this way -- you've mentioned terrorists and so forth. In my mind if a CCIE really wanted to wreck havoc on a network he built and knew intimately, there are a thousand ways that could be done without either a) ever being traced or b) causing a significant amount of damage, none of which happened here.

So we have a situation where the network never went down, there were never any problems with the network's normal operation and yet he is still in jail. That does not fit the definition of a terrorist by any stretch of the imagination.

TO: What did you think about the recent news story at Fannie Mae. Somebody wrote scripts about "delete all the data." What are your thoughts on that story?

PV that's a whole different scenario. That is somebody writing scripts denying specific, and only purpose of destroying data that was not prescribed by the job is a saboteur. This has happened in the past. I can't recall the name of the company off hand, but there is a company that went out of business when one of their main system administrators wrote scripts that basically placed a logic bomb in the servers and deleted all their data on a Saturday night with no backup.

So, those kinds of things are greatly removed from this situation. We're not talking about any data or anything being broken, anything being deleted are damaged in any way. So I don't think there's really a relation between the two at all.

TO: Because there's a script there seems to be more evidence of intent there?

PV: Absolutely. You sit down and write a script that has its sole purpose is to run at a specific time and destroy data, that right there is a weapon -- much the same way a hammer could be used as a weapon if it is wielded the right way. In that case it was wielded as a weapon.

In the case of Terry Childs there was no intent, there was no damage caused. From everything I've seen there is no example that he ever intended to cause damage.

TO: Do you know off hand if there is anything or any group that people that do what Terry Childs does can support maybe donate to to make sure that people like him receive due process in the courts?

PV: I don't believe there is anything of that kind. This case is different from anything I've ever seen or heard of.

TO: How can people stay up to date on this particular case? Are you planning to do more coverage?

PV: the wheels of justice turn slowly. We're seven months in. I don't believe he's even pled yet. Other than that, all I'm doing is taking the news reports and the events of the hearings/trials and trying to make them a little more widely known. You get news stories that occasionally come around and they're little bits of case history and the next hearing date or something like that. But the mainstream media hasn't really gotten into this at all. Primarily because I don't think it would draw readers. Its not a case that really resonates with your average person. It resonates with me, it should resonate with anybody that is involved in network design and construction and so forth. But beyond that, I would think that if we were able to find somebody who knew who Terry Childs was, like a lay person, they would say "oh yeah, is that the guy that destroyed the city of San Francisco's network."

TO: "Is that the crazy terrorist?"

PV: Yeah, that's the spin out because that's easily digested regardless to the facts of the case.

TO: That would get hits. If you're listening to this and you want to learn more on this case read Paul's column at infoworld.com. He seems to write every week.

Thanks for talking to us Paul.

PV: Any time.

For more of Paul Venezia's coverage, go to http://webblog.infoworld.com/venezia.


You might also be interested in:

10 Comments

Great! Thanks for this helpful information.

Thanks for the coverage here, as I hadn't heard about it. I bet Terry irritated someone with less ability.

I had a friend write a script that overwhelmed your machine if you used a login inappropriately. He was authorized by management. Yet, he irritated a lesser admin, who used the login ignorantly and took down several hundred servers.

The result? My friend got fired for writing a Trojan and nothing happened to the loser that took down the 400 machines in less than 5 minutes.

Be very careful out there! Curmudgeons are around every cube wall.

I wonder if this article could be any more vague?

The reason Terry went to jail was for the extent and blatant sabotage he caused the system. You say he didn't sabotage the system, but he did. He monkeyed with the system outside of normal boundaries and then locked his employer out of the system causing significant harm and material damages both during and after the initial events.

There were numerous other extenuating circumstances that weren't turned into charges, but that's because getting a conviction in a democracy is difficult. Ask any cop or D.A. for even the most blatant of crimes. District attorneys have to weigh the hard evidence and only pursue the the specific violations they have a likliehood of being able to convict on when the defense has the advantage. This is not some government conspiracy. The police and D.A. presented their evidence to third party, a judge, and the judge ruled there was substantial evidence to put him in jail with a very high bail due to the maliciouness and seriousness of the crime. This is rare, but so is the extent and blatant criminality and insolence Terry demonstrated.

Yes, some companies would simply just send two corporate security guards and have the guy yanked from the building. But corporations have real security, separation of privilege, peer review, and the ability to remove personnel at their discretion at even the hint of impropriety. Government more often than not does not have this luxury due to lack of resources. You either bring the full force of the law on them or you give in to their terrorism and try to squeeze them gently out at serious risk. The union protections and general HR bureacracy simply does not give government the same tools for dealing with a rogue. That's unfortunate, but it still does not get Terry off the hook. He did it; and he knew is was wrong. I'm sure his attorneys told him to cut a plea-any good one probably would, and he was as hardheaded as usual. They may also told him if you don't fight it, the civil damages will also be severe and unavoidable. He's not fighting because he's innocent. He's fighting to protect himself.

The City of SF, the SFPD, and Gavin Newsom handled this appropriately and should be applauded for taking a difficult but correct stand. I'm sure the city will work to fix their how did a guy get so much power problems, but that's not easily fixed in the best of times, much less the worst of economic times. Regardless, Gavin Newsom did a great job at resolving the issue, and the SFPD did a great job at doing theirs.

I'm sure the management was clueless and was bogged down in all the same problems that all management faces, but governing IT in government is difficult and insiders are problematic. Blatant ones that take it to the limit are monumental in their destructive and disruptive power. If you need your mother to watch over you to keep you honest, don't work in government. They'll have to bring the full force of the law on you when you screw up.

And to your point of corporations not pursuing these types, they do it all the time. Yes, often they keep it discrete. They can put a guy in a room and threaten him with a team of civil lawyers to make his life holy hell if he reciprocates. They also have a chance at actually being to undo all of their sabotage and protect their systems with more resources at their disposal. Visit the FBI site, cybercrimes.gov and see all the programmers/employers/network admins, the FBI has nailed. It usually takes an egregious case where the company has a lot at stake and is willing to cooperate and go public, but plenty do it. The FBI seems to nail someone every week, and again that is no easy feat in a democracy.

You are not a lawyer. Terry has legal counsel and will get a fair trial. Stop grandstanding that this some railroading of a innocent admin, a government conspiracy to cover their incompetence, or some new legal precedent. They guy was clearly operating outside the law. Whether or not they get a conviction, depends on the hard evidence as it is allowed to be admitted to the court. His lawyer can object at any turn, and an honest judge will decide if he is getting a fair trial.

Save your commentary until after the verdict, and stop sensationalizing his "martyrdom." Your job as a journalist is to present all the facts from both sides whether or not it helps your point of view, and let the public judge its merit.

Terry Childs committed the horrific 'crime' of protecting taxpayer assets from pointy-haired managers who wanted admin rights just so they could say they had admin rights. As to the all-important passwords he said he would give them to Mayor Newsome and he did.
Absolutely no crime has been committed by Terry Childs but there have been some crimes committed against HIM by the City of San Francisco and when he eventually settles his lawsuit against the City I hope they hurt from it. As I see it, Childs is protected under State and Federal Whistleblower statutes and when the time comes for his legal team to pursue damages they will correctly cite these statutes' clauses about illegal retaliation from employers who are caught abusing the public trust.

Really, no crime committed? Sueing the city of SF? Why doesn't he do it now?

If you hide the keys to the town's firetruck from the mayor, you are guilty of a crime(s).

If you cut the wires to a city's fibre lines, taking out phone and 911 service, you are guilty of a crime.

If you hijack an airplane, a bus, or train, with a fake or real bomb, whether or not someone gets hurt, you are guilty of a crime(s).

If you hide the passwords for the network for an entire city, especially when you turned on the self destruct button on the system upon a password change, and the management has demanded you turn them over, you are, yes, guilty of crime.

You do not own these systems. The governement or your employer owns them. TC would not have been put in jail if he had cooperated as a whistleblower, even if there was something wrong. He was an insolent maniac that caused millions of dollars in damages.

Whistleblowers can fill out a form and go to their bosses boss or an attorney. You don't steal the keys from the fire truck or the network because you think you are right or because you can. This is terrorism in many ways, and it is a crime.

I'm fairly certain that alexK is psychotic and fsb is employed by the city of San Francisco.

I've been following this case with immense interest due to the password policy implications and how potentially it can affect law. I have written about it here:
http://blog.american-helpdesk.com/2009/09/03/terry-childs-political-techie-prisoner.aspx

Bad/NO ITIL practices.

No fsb, save YOUR breath. There is now only one charge left and even that does not hold up as the network never went down and none of the actual services (email,etc.) were even impacted. The city brought the damages upon itself. If anything, the management that allowed TC to hold the network hostage is the one to be fired. And the officials who stupidly decided to put him behind bars are the ones who have brought the city shame. I happen to know TC through work and I do not like him at all. But he is no criminal.

Its one thing (and an easy thing) to complain about the chronicle, but you seem a bit conspiracy nut in defense of childs. Will there be an updated interview with PW later, as the case (rather than the news coverage) progresses?

News Topics

Recommended for You

Got a Question?