[nitrogen]

Judging intent doesn't really work at scale. That's why we invented access controls.

[res0nat0r]

Access controls are in place, but they aren't absolute. Hence why intent is key in this case, and why he was found guilty.

[nightski]

Ah wonderful, so now I have to worry about how my intentions might be perceived by the government when visiting a publicly accessible web page.

But the company leaking consumer information to the public without any proper security at all is not punished.

[res0nat0r]

Yes. If you accidentally stumble upon something you shouldn't and don't exploit it or sell it to someone when you know you clearly shouldn't be you will be fine. It is pretty straightforward.

Everyone here keeps purposefully ignoring intent, but in the context of the law this is impossible. So no matter how much you hate it, this isn't something that can be a binary yes/no illegal/legal question based on some computer response to your query.

[victorf]

He didn't exploit it or sell it and he's fucked. We're ignoring intent because a crime has yet to be committed. Intent doesn't matter without a crime. If intent is the only dividing line, you are in favor of thoughtcrime.

[res0nat0r]

Well...his crime actually was that he intentionally accessed data he knew he should not have been accessing. That is a crime. Thus he was found guilty. I'm not sure why this is so hard to reconcile or is being purposefully ignored just because this crime is one of many that involves a computer.

[victorf]

Please show me the section of US legal code regarding intentional access of data one knows one should not be accessing; without mentioning trespass, which he did not do, and without mentioning causing a computer to act in a manner the owner does not desire, which he also did not do.