Mr. Terry Childs served as the principal network engineer for the Department of Telecommunications and Information Services (DTIS) of the City and County of San Francisco. DTIS was responsible for administering the city's computer network, providing computer services to city departments including Internet and department database access. The company was responsible for maintaining, operating, and repairing the network.
In 2005, Mr. Childs was assigned to configure, implement, and administer the city's then new fiber-optic wide area network-FiberWAN. Mr. Childs began to take the job very personally and would not provide the password for the network to any other employees. Towards the end of 2007, Mr. Childs stated he had "booby-trapped" the network so if any other employee's attempted a password recovery or if an unauthorized user attempted to enter the system, the network would shut down.
Finally, DTIS removed Mr. Child from the project and asked for the passwords to the network but he refused to reveal them. Mr. Childs was placed on administrative leave for failing to provide access. On July 21, 2008, Mr. Childs finally gave the correct passwords to the Mayor of San Francisco. The city had no access to the network between July 9, 2008 and July 21, 2008.
Mr. Childs was charged and tried on one count of disrupting and denying the use of the city's computer network. As a defense, Mr. Childs urged the jury to conclude that his dispute with the city was an employment matter, not a criminal act. As a defense to the charges, he claimed that he acted within the scope of his employment, and had the City's permission for the access. A jury convicted Mr. Childs of disrupting and denying computer services to an authorized user. He was sentenced to four (4) years in state prison and ordered to pay more than $1.4 million in restitution. In two consolidated appeals from the conviction and restitution order, Mr. Childs contends that the statute was not intended to apply to an employee.
The challenges that Mr. Childs raised to his conviction turn on the argument that the unauthorized computer access statute was meant to apply only to unauthorized computer users and not to an employee who was authorized to use the computer system. The specific referenced statue was created in 1979 to make two types of computer usage criminal: 1) accessing a computer system to commit fraud or theft; and 2) damaging or destroying a computer system. In 1985, the following sections were added, 3) unauthorized accessing of a computer and 4) malicious disruption of a computer system. In 1989, unauthorized computer access was specifically held not to apply to one who accessed an employer's computer within the scope of employment. "Scope of employment" was held to mean, when an employee performs acts which are reasonably necessary to the performance of his or her work assignment. However, in Mr. Child's case, the Court of Appeals held that the statute did apply to an employee who uses his or her authorized access to a computer system to disrupt or deny computer services to another lawful user and affirmed his conviction.
Mr. Childs reasoned that his conduct was merely insubordinate and should have been resolved by civil means as an employment dispute, rather than by a criminal prosecution. However, this defense wrongly assumes that insubordinate employee behavior can never be so egregious that it might also justify the filing of criminal charges. Distinctly, an employee can be civilly and criminally liable for some acts although done in the scope of his or her employment.
If you have a question about a termination for behaviors done in the scope of your employment, contact us at / to discuss your legal rights.