[neilk]

"Attacking" - are databases people? Do they have rights?

I'm stumbling around trying to figure out what the right balance is too, but I think the existing laws we have around fraud and privacy are all that we need. That is, we don't need to criminalize accessing inadvertently public information; we just need to criminalize exploiting it.

[fnordfnordfnord]

Exploiting it is criminalized. Exploiting it is harder to detect and enforce. It is easy to read server logs and parse them for crimes. Lazy man's way to enforce the law.