[rebuilder]

Maybe it's more accurate to say "any publicly linked URL"? IIRC, charges have been successfully brought against people for e.g. iterating through user identifiers in URLs to gain access to other users' data. (Do correct me if I'm wrong on that count!)

[fragmede]

Andrew Auernheimer, more commonly known as weev, got all of AT&T's ipad users' email addresses at that time, by enumerating all the possible sim-card IDs, against a public facing ATT website. He was charged and convicted the Computer Fraud and Abuse Act (CFAA), and sentenced to 41 months in federal prison that. His sentence was vacated after 13 months due to a technicality of the venue; that judge did not address the substantive question on the legality of the site access.

Weev may be an odious person, but everyone has rights in a court of law, even white supremacists.

[OldHand2018]

> His sentence was vacated after 13 months due to a technicality of the venue; that judge did not address the substantive question on the legality of the site access

So the way the American legal system works is:

  if(venue == correct && facts == bad) {
    guilty();
  } else {
    not_guilty();
  }

If the venue is not correct, the facts of the case are not evaluated. If you go read some lawsuits, you'll see that the first page or two is an argument about why the judge reading it is the correct judge to read it.

[x220]

Generally, that is the way it works, but it is foolish to try and understand the legal system like it's software. If the venue is incorrect, the judge may more or less tell them to get lost. That's not the same as "not guilty". A lot of rules are adhered to to make sure that courts don't get gummed up with meaningless cases and to make sure that judges with the appropriate authority handle the appropriate cases.

[OldHand2018]

You are right; I wanted to give a general idea. And if you've ever written software for Itanium, you'd know that relying on evaluation rules in an if statement is a dangerous thing to do!

[bdowling]

> If the venue is not correct, the facts of the case are not evaluated.

More precisely, the facts of the case are not evaluated by that court. Usually the case will be transferred to a different venue (i.e., federal court in a different district) or dismissed and refiled in a different forum (e.g., state court instead of federal court).

In Mr. Auernheimer's case, had he been successful in his improper venue motion, he probably would have faced prosecution in either his home district or the district where the AT&T servers were located. The result of that trial might have been the same, but there wouldn't have been a vacatur.

[komali2]

Some kid was charged for that but in my opinion it was stupid. URL to me means part of the UX. If you search on Google using a query parameter directly instead of entering the query in their search box, should that count as wrongful use?

[rebuilder]

Stupid or not, that's a matter for the lawmakers. What I'm saying is that, as far as I know, a ruling that any publicly accessible URL is fair game would contradict previous rulings.

Now, this is based on my very patchy memory of sensationalist reporting of legal matters in a jurisdiction I don't reside in, so there's probably some wiggle room there ;)

[jayalpha]

No, it should not. But what if you try some SQL injection to do something nasty?

The modern law system distinguishes between result and intent.

[lonelappde]

If I guess your password in the password form input, should that count as wrongful use?

If I rifle through your personal papers because your door was open, should that count as wrongful use?