[kokanee]

I agree that this would be an improvement, but I see two problems:

1) This would require law enforcement, attorneys, judges, and juries to learn how the Internet works. For most people, what a server sent is what you can see in a web page. Concepts like server and client aren't ubiquitous.

2) This doesn't account for vulnerabilities. If I use an open source package that has a security flaw, and that flaw is exploited causing my server to send sensitive data, did I still implicitly authorize this because the server was acting as an agent of my interests? I probably need to be held accountable, but surely the attacker is not innocent. If we agree on this, then how do we craft a law that draws the line between incrementing a query parameter and remote code execution?