Judge Won’t Lower $5M Bail for SF IT Administrator

A Bay Area man who has spent nearly 14 months in jail after refusing to hand over administrative passwords to San Francisco’s city network is likely to remain incarcerated after a county judge denied his motion for reduced bail on Monday.

Terry Childs has been held on a US$5 million bond since his July 12, 2008, arrest in a case that captured intense media interest.

Prosecutors had charged him with holding the city’s FiberWAN network hostage and installing unauthorized “back-door” modems on the city’s network. On Aug. 21, Superior Court Judge Kevin McCarthy threw out three of the four charges against Childs. Lawyers for the former city network administrator had hoped that this might lead to a bail reduction and a chance to get their client out of jail.

But that was not to be. On Monday, Judge Charles Haines denied the motion to reduce bail, alluding to “public security concerns,” according to Richard Shikman, who is representing Childs in court.

Childs is now charged with one count of disrupting computer services and could face as much as five years in prison, Shikman said.

The $5 million bail is high by any measure. The San Francisco Felony Bail Schedule, which provides bail guidelines for a variety of offenses, lists a $1 million bail for the most serious crimes, such as sexual assault of a child, aggravated arson, or kidnapping for ransom.

Prosecutors have argued that the bail is appropriate because, if released, Childs could cause damage to San Francisco’s network. They also believe that he represents a flight risk.

Childs eventually did hand over his administrative passwords to San Francisco Mayor Gavin Newsom, about a week after he was arrested last July. In court filings, his lawyers have argued that he refused to give the passwords to superiors at San Francisco’s Department of Telecommunications and Information Services (DTIS) because he believed that they were not qualified to manage the city’s network.

According to court filings, Childs had gotten embroiled in a dispute with Herb Tong, a DTIS manager who had ordered Childs to route all network configuration changes through the city’s change management system for approval. In a July 13 e-mail, filed with the court, Childs accused his managers of “gross incompetence,” implying that this policy would leave city systems exposed to attack.

In an Aug. 21 statement of decision, dismissing some of the charges, Judge McCarthy wrote that because the city was unable to gain administrative access to the network without Childs’ passwords, there was cause to believe that he had violated California’s computer crime law.

“The defendant’s withholding the passwords caused DTIS to be denied administrative access to the FiberWAN, which constituted a denial of computer services,” Judge McCarthy wrote.

Childs might be able to argue an “employment defense” — that he shouldn’t be charged with a crime because he was simply doing his job. However, according to the judge, “the defendant has not yet established the employment defense to such an extent as to eliminate probable cause, and warrant dismissal of the charges.”

It’s a crime in California to cause the “denial of computer services” to an authorized user of a computer network.

But California’s law was designed to prosecute people who break into computers, not those engaged in workplace disputes, said Jennifer Granick, civil liberties director at the Electronic Frontier Foundation. In Childs’ case, his bosses asked him to hand over a password and he refused to do it, she said. “I don’t think the California legislature contemplated that as a criminal action when they passed [the state’s computer crime law].”

“This interpretation of the statute basically criminalizes certain types of commercial and employment disputes,” she said.

Granick said that it “seems kind of wasteful” to incarcerate Childs for so long on the charges because he probably wouldn’t be sentenced to 14 months if convicted.

Childs’ trial is set to begin Oct. 9.