[halviti]

In the US, this will get you arrested, you will have a huge fine and probation, and prison time is not off the table.

I'll refer you to the CAN-SPAM Act of 2003, which does not just govern unsolicited e-mail, but all commercial mail which the law defines as electronic communication (bulk faxes, etc.)

[joering2]

Lets not overreact here.

The printers are on public wire.

You had not done any crime by using Google to find them.

You obtained access to their open HP admin panel via public link with no password or credentials you had to pass.

You haven't stole any information and, furthermore, there is NO confidential information even to be stolen to start with.

On the top of that, you cannot even determine who they are (name, company, address, email, nothing?). They are totally undefinable sitting by a raw IP address. Sure you know someone is using HP printer. Can you get legally punished for that?

I don't think that taking advantage of a publicly accessible information is punishable by jail, especially since noone got hurt and no information were stolen, whether it is information someone made their living off of (Aaron case), or just totally worthless information as of what brand computer of printer is being used. It would be hard for a company to sue you -- (lack of merit)?

If Google got away with snooping private data from open Wifs (and I am sure they made some sort of use from all that gathered data, even if only internally), then I am pretty sure you wont get any heat for such a petite stretch of snooping people's printers.

another though: you may say that someone can sue you for printing a page using their material and toner, but thats too little of damage to even start with. However, arguendo, if you would get slammed with class action lawsuit, you are most likely a millionaire from your idea anyways :)

[X-Istence]

But you are not AUTHORISED to access said resources, so you would be in violation of the Computer Fraud and Abuse Act.

[dragonbonheur]

It's about time for all people to recognize that web server software is an unrestricted broadcasting system by default and that if users want some sort of security they should definitely get behind a firewall or restrict MAC addresses. If they fail to enforce security it should be their fault, not the person accessing them. Apache and other web server software vendors should put that in their license. If that clause had been there maybe Aaron Swartz would still be alive today. As things stand today it's just a lame way to enable irresponsible people to set up web servers and printers containing web servers to put their hands up and way "not my fault." If people want to play geek they'd better learn geek, No excuses.

[jQueryIsAwesome]

Who says I am not authorised? I can claim that public access is an implicit authorization, like any website! And there is no warning or message in the public control panels.

[bmm6o]

Can you really argue in good faith that you are legally authorized to print something on their printer?

[jlgreco]

Is a printer publicly accessible over an IP network really so different from a fax machine publicly accessible over switched phone network? Hell, many times (probably always these days) the fax machine is a printer so if the printer is a "computer" the fax machine half of it surely should be as well.

I can see them getting you for spam, just as they can with unsolicited faxes I believe, but anything more than that? Seems a little silly.

To add to the printer/fax comparison, I have known people who used printers in different physical locations within an organization as a "fax machine" that was easier to use with a computer. Need to send some documents to the guys across the state? Print it to them.

[pbhjpbhj]

Yes, I think you can.

There have been case(s) I think (in USA) concerning websites where it was argued successfully that placing an non-password protected page available on the public internet was implied consent to access/use that service.

That seems the right way to do it. You can't then, for example, put up a website which enables printing and then claim that people who use it are financially liable for using that service.

That would be like putting a bench on a busy street and then popping up and charging people if they happened to sit on it - if they sit down, you can tell them they're not authorised to sit without payment, or you can advertise lack of authorisation (eg with a price list) but otherwise you're implying consent.

[X-Istence]

Yeah, and there is a guy currently fighting in court because he changed some numbers in a URL and was able to get information on other customers from AT&T ... CFAA.

[0x0]

Do you really believe that? That the owners of the printers on this public wire would appreciate, in fact deliberately encourage, anonymous users accessing them like that?

[joering2]

good faith doesnt matter. it (at least should) matter what the law says.

[njharman]

> Who says I am not authorised?

The Federal Prosecutor threatening with 50years of jail time Or you can accept this no-brainer plea bargain for only 1year.

See also, 50 million posts on this subject last couple weeks since prominent software engineer suicided himself.

[X-Istence]

http://en.wikipedia.org/wiki/Weev is getting sued for inputting information on a public website which at that point gave him details about users...

[pbhjpbhj]

I don't see where the implied consent is unless they were advertising the availability of those addresses on the public internet, eg they were listed in Google. It's a small but crucial difference to the legal position IMO.

[zschallz]

If I leave my keys in the car, leave the car turned on with the door opened, are you authorized to drive my car?

[nitrogen]

One cannot reason about computers using analogies and expect to come to any useful conclusion.

[evan_]

> The printers are on public wire. > You had not done any crime by using Google to find them. > You obtained access to their open HP admin panel via public link with no password or credentials you had to pass.

There's even less barrier to sending a junk fax, and that can get you fined and potentially jailed.

[joering2]

I will argue. Junk fax is a message send to a number for no reason. In my example I would only send messages (print) on the printers that would be low with toner. I would NOT print on every single printer just because I can. Huge difference.

[nathan_long]

Your statement is totally sane. But the legal system isn't. Typing a public URL passes for "hacking" in our crazy courts.

[anonymouz]

You miss the point. Even if it is not illegal for you to connect to the printer, it is illegal to spam.

[sjg007]

I think it would fall under unauthorized access.