[_y5hn]

Anyone can increment an ID or try to inject sql. 30 years of security practices shows white/grey hat hacking to be a good thing, and should be expected. GDPR even makes poor security finable. Cyberdefence also requires more security expertise, which can only be had from real experience.

"It's fine when the good guys do it", is poor lawmaking. So intent is hard to prove, and not very practical. It also put the blame on the accused, having to prove their innocence.

I find it interesting that people equate information breaches with murder.