A California court of appeal affirmed a criminal conviction of a former employee in The People v. Childs arising out of the employee denying his employer’s access to its own computer systems. Terry Childs worked as a network engineer for the City of San Francisco. As part of the City’s integration of its law enforcement database with state and federal databases, City network employees had to pass a criminal background check in order to have continued access to these law enforcement databases. Childs’ background check revealed a felony conviction which he had not disclosed in his employment application. Rather than immediately discharge Childs, the City notified Childs that he would be reassigned to work that would not involve access to law enforcement databases. Childs was asked to give the City access to the databases. Childs refused. City employees and networks consultants began an intensive but unsuccessful effort to regain control of the City’s network. Childs was placed on unpaid leave and arrested. After his arrest, Childs disclosed the passwords and information necessary for City officials to recover control of its network. Costs incurred by the City to regain control amounted to about $1.4 million. Childs was charged and convicted of violations of the Section 502 of the California Penal Code, which is the California state analog of the federal Computer Fraud and Abuse Act. In defense, he argued that the law only applied to external hackers and not to an employee who, at the time, had authorized access to the employer’s network. Rejecting the argument, the court explained that the statute prohibited not only external hacking but also a “malicious employee’s victimization of an employer” by “maliciously tamper[ing] with a company’s database.” As a result, Childs’ conviction was affirmed. He was sentenced to four years in state prison and ordered to pay more than $1.4 million in restitution.