| ▲ | ecb_penguin 14 hours ago | |
Because people think they are clever and are trying to separate the act from the intent. Unlocked doors, open windows, any lack of security doesn't give you permission to enter. Just as "incrementing a GET request" doesn't mean anything outside of the intent. The intent was to do damage. | ||
| ▲ | Dylan16807 4 hours ago | parent [-] | |
He did have permission to "enter". He was authorized to use the server. His intent of releasing the data was bad (assuming he started with that intent!) but he wasn't committing any fraud when collecting it. He didn't bypass any authentication or damage the server. CFAA is the wrong law to use. If a restaurant puts a bunch of proprietary documents in a dusty corner of the public lobby, you shouldn't browse through them but you're not breaking and entering if you do so. No matter what your intent is. | ||