A San Francisco Superior Court judge has dismissed three of the four felony charges brought against Terry Childs, a former network administrator who was arrested last year for allegedly sabotaging a crucial city network.
The charges that were thrown out relate to allegations that Childs quietly placed three modems on a San Francisco city network to have backdoor access to the city network. In dismissing the charges, Judge Kevin McCarthy ruled on Friday that there was insufficient evidence to show that Childs had placed the modems on the network with malicious intent.
But the judge left standing a fourth charge, that Childs refused to hand over passwords he had used to lock up the city network for days. If Childs is convicted on that count, he faces up to five years in prison. A hearing is scheduled for today to determine a date for the trial.
A spokeswoman for the San Francisco District Attorney's office said today that prosecutors in the case will appeal Judge McCarthy's ruling. In December 2008, Superior Court Judge Paul Alvarado had held that Childs would need to stand trial on all four of the counts he had been charged with, the spokeswoman said. But, in response to motions filed by Childs' attorney, three of those counts were vacated last Friday, the District Attorney's spokeswoman said.
"We disagree with Judge McCarthy's ruling. We believe that Judge Alvarado's ruling should stand," the spokeswoman said.
Childs, a network administrator working for San Francisco's IT Department of Telecommunications and Information Services (DTIS), was arrested in July 2008 for allegedly locking up access to the city's FiberWAN network by resetting administrative passwords to its switches and routers.
He is also alleged to have planted network devices that enabled illegal remote access to the FiberWAN network, which carries almost 60% of the city government's traffic. He was arrested after first refusing to provide the passwords to city officials and then providing them with wrong passwords. Childs was jailed on a $5 million bond and is currently awaiting trial.
Judge McCarthy's ruling is a significant victory for the defense team, which has been arguing that Childs' actions were far from criminal, and were instead in line with standard network security practices.
Childs' lawyer, Richard Shikman, has argued that the three modems that Childs is supposed to have installed for criminal purposes were instead used for work-related purposes. In court filings the lawyer has maintained that one of the modems was set to dial out on Childs' pager in the event of a network emergency, while another was designed to connect city computers to a disaster recovery site. The third modem had been set up even prior to Childs' arrival at DTIS and was designed to test the city's access to the Internet, his lawyer has said.
In other court filings, Childs had said that he refused to hand over the network passwords to city officials because he feared the passwords would be shared with outside contractors and others who were unauthorized to access the network.
The case has evoked mixed responses so far. Some have argued that Childs may have felt justified in withholding the password information because he was concerned about unauthorized users gaining access to a crucial city network. They have also argued that Childs had been well within the scope of his job description and responsibilities when he installed the modems that prosecutors claimed were meant for malicious purposes.
Others though have highlighted the case as a classic example of the kind of havoc that an insider with privileged access can wreak on a network. They have pointed to the case as an example of why companies need to implement measures for limiting what users with administrative access to critical enterprise networks and systems can do with their access.