The SysAdmin Trap

Terry Childs is Guilty.

In mid-2008, Terry Childs, the (then) System Administrator for the City of San Francisco, was called into a meeting with the COO (his boss); the CIO of the SF Police Department; a Human Resources representative; and, unbeknownst to Terry, by phone, a few of the engineers he managed. He was ordered to share the system passwords for the network. He made them up. Subsequently challenged with this fact, he refused to reveal the passwords, ending up in a city jail cell.

Close to two years later, Childs has been found guilty of felonious computer tampering and faces up to five years in prison (he’ll likely be let off in two, with his racked time counting toward the total).

Open and shut, right?  The city claims, and the court found it believable, that Childs’ obstinate refusal to provide passwords resulted in over $200,000 lost city revenue.  He lied to his employer.  He held the city ransom.

Childs’ defense has always been that he was protecting the city’s network.  He wasn’t going to share sensitive passwords with people who, in his estimation, wouldn’t respect the sensitivity of those passwords, and would likely share them other employees and contractors.

To my mind, while that’s a valid concern, it doesn’t clear him.  He still works for the person who was asking for the passwords, and he was obligated to provide them.

The real crime here, though, is not that Childs’ hoarded the keys to the system. It’s that the meeting occurred at all, and the reasons that it came to the point of a stand-off are all too criminally common.  Was Childs guilty? Sure! But others shared guilt in bringing it to that point.  Consider:

  • The System Administrator reported to the COO.  No CIO? No VPIT? No IT Director?  This means that there was a gap between the absolute tech and the non-technical businessperson, and that’s a critical layer, particularly for an organization as large as the government of a major U.S. city.
  • There were no policies governing use of system passwords. The fact that Childs was allowed to be the sole keeper of the entire network was a lapse in operations that never should have been allowed.
  • Childs was a city employee for ten years.  If there were concerns about his trustworthiness or reliability, shouldn’t they have been addressed earlier in that decade?

All too often, IT departments are isolated from the organizations they serve.  Part of this is due to the nature of technology work and techies — we speak a language of our own; enjoy working with the tools that many people find obstructive and confusing; and the majority of us are not very good at casual socializing. More of it is due to the fact that most people — including the CEOs and VPs — don’t get technology, and don’t know how to integrate technology tools and purveyors into the organization.

But that lack of comprehension shouldn’t be a license for persecution.  Everyone’s a loser here, most personally Childs, but the city suffered from a situation they created by not investing properly in technology.  And, by investing, I don’t just mean hiring the right amount of staff and equipment — I mean that CEOs, COOs and everyone up the chain has to step out of their comfort zone and either learn more; hire staff and consultants to vet and translate; or, optimally, both.  The CEO doesn’t have to be as knowledgeable as Bill Gates, but they have to have educated oversight on how IT is run that “gets” what IT is about and how the technology practitioners operate.

As much as Terry Childs is guilty of a crime, he’s tenfold a victim of one, and it’s a cautionary tale for any of us who work in environments where management is happy to let us build a big, isolated kingdom.

What drove Terry Childs to commit a felony was a crime unto itself.

Share Button
Tags: