If you pay much attention to technical news, you probably have heard of Terry Childs. Childs is the network admin formerly employed by the City of San Francisco who was arrested in 2008 after he was fired for insubordination and subsequently refused to give his supervisor the passwords for the FiberWAN routers. If you know this much, you probably also heard that he was found guilty of one felony count on Tuesday. For the sake of continuing this paragraph, I’ll assume you heard that. Since you know this, I think it’s fairly safe to assume that your response to his conviction falls into one of two summaries: “he had it coming” and “this is an outrage.”
The prevailing mood on Slashdot and elsewhere seems to favor the latter summary. My own take is more toward the former. I’m not sure if that’s because I’m a short-hair type (side note: in my experience, there are two broad classifications of admins — short-hair and long-hair. There’s often a stark behavioral/mindset difference between the two. Maybe I’ll write about that at some point.), or if it’s because I’m still a youngin, or if it’s just because I’m being more sensible than everyone else.
My opinion on the case has softened a bit since it first broke. Initially, the city was claiming that Childs had booby-trapped systems so that they would fail if anyone tried to gain access after he left. As it turns out, things continued to run smoothly after Childs was fired. There was a lot of stupid surrounding this case, and neither side comes out particularly sympathetic. InfoWorld’s Paul Venezia had a good summary of the case in July 2008.
I don’t fault Terry Childs for refusing to give the passwords to people who asked for them, as the city had a very sensible password policy in place (don’t give user or system account passwords to anyone. The End). What he didn’t do was put the passwords in the appropriate central repository. I can understand his reasoning — we’ve all had incompetent coworkers that we didn’t want to share a password with, but sometimes that’s what we have to do.
Perhaps the city’s biggest mistake was letting Childs “own” the FiberWAN in the first place. By all accounts, it was a pretty brilliant design, and every artist should be proud of the work they do, but that doesn’t make it their work. Let’s face it: except in very rare cases, the work an admin does for his employer is the property of that employer. We all like to think of systems as “ours”, but the reality is that we’re just caretakers, even when we design the system. Think of a gardener as an analogue.
System/network/database/whatever-else admins have access to a great deal of sensitive information — grades in education, financial or research data in the public sector, medical records in hospitals, etc. There is definitely a compelling need to restrict access in a sensible, responsible manner, but this must also be balanced out with a need to increase the bus factor. There should always be at least one other person who has access to the passwords in case something unfortunate happens to the person with primary responsibility, even if this person is only authorized to get the passwords in the event of an emergency.
Childs also failed to play nice with others, and that’s the only reason we’ve heard about this at all. Allegedly, he harassed a new manager to the point where she locked herself in a room to get away from him. Like it or not, admins have to deal with other people, and that’s often the skill that is most lacking. However, it is also perhaps the most necessary. Technical position or no, we all need to be able to manage our role in office politics. I sometimes think that should be a required class for sysadmins. Maybe someone could set up a certification program?