I'm a bit surprised that after the furor here on NANOG when the story
first broke (in 2008) that there's been no discussion about the recent
outcome of his trial (convicted, one count of felony network tampering).
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/04/27/BA4V1D5Q22.D
TL&tsp=1
-JFO
I'm a bit surprised that after the furor here on NANOG when the story
first broke (in 2008) that there's been no discussion about the recent
outcome of his trial (convicted, one count of felony network tampering).
Anytime you mess with a government entity, without legal guidance, you are at
great risk. Mr.Childs took a risk and jury decided he was wrong. He faces
5 years in prison.
-henry
Surely even at DeVry they teach that if you refuse to hand over
passwords for property that is not legally yours, that you are
committing a crime. I mean, think about it, it's effectively theft, in
the same sense that if you refuse to hand over the keys for a car that
you don't own, you're committing theft of an automobile.
I fail to see the operational relevance to this conviction; it's basic
common sense.
William
Unfortunately, Terry Childs was withholding the passwords because he thought
(with some justification) that they'd adger up the net if they had the passwords.
So if you want to make an analogy, it's more like taking the keys away from
a drunk so they can't drive. Good luck finding a DA who will indict you for
grand theft auto for taking the keys to prevent a DWI.
Operational content: What design, procedure, and policy errors did the
network owners make that Childs was able to do that to them? (The cynic
in me says that if the net management was that screwed up that he *could*
do it, he was justified in doing it... 
Henry Linneweh wrote:
Anytime you mess with a government entity, without legal guidance, you are at
great risk. Mr.Childs took a risk and jury decided he was wrong. He faces
5 years in prison.
Unlikely.
From the article:
"However, Judge Teri Jackson is expected to impose a sentence under which Childs would serve a few additional months at most, after she gives him credit for the nearly two years he has spent in county jail since being arrested in July 2008"
I didn't know jury trials went this way, if a juror doesn't agree you simply kick the person out. You learn something new every day. 
"The jury deliberated for several days before a lone holdout against conviction was removed from the panel, for reasons that were not disclosed. After an alternate was put in that juror's place, the panel started over and reached a decision in a matter of hours."
And one can argue he behaved like any security conscious IT person should behave, although I'm sure in this case the truth lies more in the middle:
"Shikman acknowledged that Childs may have been "paranoid" about protecting the system and undiplomatic with his bosses, but nothing worse
(..)
"All they had to do was ask him (for the passwords) in a secure and professional way, consistent with policy and standards," Shikman told the jury."
Regards,
Jeroen
I've seen a dismissed employee withhold a password. The owner of the
company threatened legal action, considering it, like you, theft. My
father-in-law is an attorney, so I asked him about the situation. He
said that it wouldn't be called "theft," rather "illegal control."
The more-informed reporting on this says that the charge was actually
"illegal denial of service." I'm guessing this is what my father-in-law
was getting at, or that this is what "illegal control" means when
applied to computer equipment.
dk
According to news reports in this case it was not a charge of theft,
but a charge of criminal Denial of Service. The service denied
being the ability to administer their network devices by their
authorized admins: in this case that Childs had been ordered by
people with management authority over him on various occasions to
provide some access to equipment they owned, and he had refused on
all occasions, or deceived them by intentionally providing
incomplete or useless access details.
It was well within management's authority to demand this, and not in
violation of any laws (not equivalent to DWI).
It may be of concern to some individuals, but the operational impact
to well-managed networks should be zero. Make sure the collective
management of the organization that owns the network has a means of
directly conveying full access at all times to any user they
authorize, that is provided on demand, or that there is a clear
password policy that ensures that administration cannot be denied
to authorized users ?
"Theft" of keys does not equal theft of vehicle, and restraining
someone who is not acting rationally and is intent upon committing a
crime, directly endangering lives, is completely different
Courts might take a much more dim view towards a valet/driver
re-assigned to a different job refusing to surrender the keys to the
owner's new valet, out of fear the vehicle might get treated in a way
they considered poor or reckless.
Same difference, he still committed a crime and anyone who is defending
him seems to not understand this. Whatever we want to call that crime,
it's still a crime, and he got the appropriate penalty.
William
Illegal control = Conversion = at least a tort, but could also be a crime.
I beg to differ (the archives may reflect my objection last time around).
I agree that a crime was committed.
It was committed by the management that allowed this situation to exist.
It is a pretty easy matter to maintain controls that make the passwords
secure but still available to management when they need it. The
simplest system was one of sealed envelopes in several different
District Managers locked desks. Every now and again a manager would
take his or her envelope out and test the passwords to see if they
worked (usually just before the scheduled password change each month).
Hi William. I have to agree that it does seem he committed an offence but we will have to agree to disagree on the penalty. Two years (or more) in jail for withholding a password for one week seems disproportionate to me. I wonder how expensive the trial was.
Rob
I don't disagree, but he should not have withheld passwords to devices
that were not his direct property when asked by a superior.
William