[c1ccccc1]

Let's say I'm viewing a webpage, and I'm curious about some aspect of how it's implemented. I click "view source", and see something that isn't supposed to be there. Is the conclusion "whoops, guess I'm a criminal now"? Shouldn't there be some way for people to avoid committing a crime besides knowing in advance that a website is going to send them private data?

You could say, "obviously stumbling across the data is fine, as long as you then responsibly report the issue, or ignore it and go on with your day. It's only illegal if you then go on to do nefarious things with it." But this is exactly what the current system is failing at by prosecuting this reporter.

Getting the hacking issue right should not be this hard. In practice, it's pretty obvious what's hacking/unauthorized access and what isn't.

In the hacking category: SQL injection. Breaking DES. Cross site scripting attacks. Tracking cookies and browser fingerprinting, arguably.

In the not-hacking category: Incrementing integers in the URL. "Breaking" rot13. Using "view source".