This is the bizarre story of a San Francisco network engineer, working for the Department of Technology, who faces two-five years in prison for withholding passwords from the City. I don't consider this a California story, though; this could happen anywhere. Follow the link for details, but I'm not posting this to debate his actions or motives (which are somewhat suspect), but to pose a question for the IT people out there; could you envision a legitimate situation where a superior demands a password and you're not sure whether you should surrender it? How about if there's litigation underway and an e-discovery attorney like myself requests access?
The reason I bring this up is, I was faced with this very scenario once, and although it may seem like the answer is easy, let me assure you, it isn't.
I was the head email consultant in Los Angeles for a world-wide conglomerate, but I reported directly to the domestic CIO, not the world-wide CIO, who was based in New York. Our CEO & CIO were called to New York for a meeting with the world-wide group. I received a call from my CIO's subordinate, an Executive Vice President, who informed me that our CEO was being fired, that I was not to ask any questions nor seek confirmation from anyone else, and that I was to immediately disable my CEO's password and supply it to him.
So, I'm being asked by an executive two-levels below the CEO to disable the CEO's password, on his word alone; nothing in writing. And if it so happens there are political games going on – which occurred frequently at the company – this would result in my firing, at minimum. "Trust me", he said.
Would you? I made my decision purely on the good faith of what I was being told, then
hoped I hadn't made the wrong choice. Luckily, I hadn't.
Unfortunately, the relief didn't last long. The former CEO sued the company for $66 million shortly thereafter. Yes, crazy things like this do happen…this is why E&O insurance exists.