|
|
|
|
|
|
by Natsu
3680 days ago
|
|
|
Yes, the law on the subject is mostly nonsense. That said, I've thought a lot on the subject and this is what I think the law should have been - For 'unauthorized access' to a computer system you (should) need to knowingly access a protected system in a way not permitted by the rights granted to you by the computer system, or by deliberate deception of either the computer systems or people. So for 'knowing' we have to actually know (via banners, etc.) that we're somewhere we shouldn't be. For 'protected' it has to be actually protected (none of this "I found unprotected files lying around with no password" nonsense). The last two clauses cover privilege escalation attacks and social engineering. So it should matter if you're operating the system normally or if you accidentally just click/type something wrong and found your way in vs. you were deliberately hacking / social engineering your way in. I'd also add a safe harbor for anyone who in good faith reported the issue to the site operators, police, or government regulatory bodies to prevent reprisal like this ugly case. Sadly, I don't get to write these laws. |
|
|