[trs8080]

> If your server sends it, but you never intended (sysadmin, programmer error, bureaucracy, unsecured servers etc), and it's clear for me the information was never meant to be public, then I'm committing unauthorized access.

So if your server sends privileged data and I "View Source" to see how you implemented some unrelated part of your site and accidentally see that data, I'm now guilty of unauthorized access and should be prosecuted?

How about we shift the burden back to the people who have been entrusted to keep this data secure in the first place?

[iypx]

So if you left open the front door of a police station and I enter to see how an unrelated part of the building is built, and accidentally grab a gun I see on somebody's desk.. then I would most certainly expect to be prosecuted.

I understand you want to punish whoever forgot to close the door, and obviously the guy who abandoned his gun, I agree... but I have no business of being there whatsoever!

[Kim_Bruning]

We don't need to get this creative.

Say I mail a dead tree letter to the Department of Elementary and Secondary Education. And say in that letter I put a request for information on a particular teacher.

They send me a bit of a heavy envelope back. Which is a bit funny for my simple query but eh, I've gotten heavy envelopes before . The first page actually has the answer to my query, and then there seems to be a large number of pages of small print.

Normally people don't really read the small print, but today I'll do it anyway (maybe I'm suspicious due to the large packet) . What I find is that there's some normal legalese for a page or two I guess, and then on say page 5 through 100 it's actually a table with row after row of teacher's names and social security numbers. Ok, that's not good.

So the letter is addressed to me, and it landed on my doormat. It's pretty clear I'm the intended recipient.

In THAT case, I don't think it would fly for the state to go "But you were only supposed to read the first page, you were never supposed to read small print". I think that might be going a bit too far.

* If we assume the letter was printed by a computer, and

* And we assume the same knuckleheads who wrote the website also wrote the letter printing code.

Then it's not so much an analogy as it is very nearly the same thing (but now in terms a lawyer can understand, hopefully). All we've done is changed the underlying protocol and representation.

[trs8080]

Except in your analogy, I didn't "grab" anything -- I asked a question about paying a parking ticket at the front desk and as an answer they handed me a loaded gun. When I tried to give it back, they prosecuted me for theft.

[zaphod4prez]

There is a very big difference here. In your example, you've clearly entered into someone else's property; in the case of reading the info sent to your computer... I am reading a thing you sent me!

A more accurate version of your analogy is if I asked to hold a police officer's tazer and he handed me his gun by accident... or even if I asked to see his gun and he handed it to me thinking it was empty, but it was in fact loaded.

Point being, the website essentially put that information on my computer! I am asking for something from them, but what they give me is 100% their business! They don't have to obey my request but they do have to not-send-private-data-to-random-people-who-ask-for-it