|
Authored by: Anonymous on Saturday, May 04 2013 @ 09:18 PM EDT |
[ Reply to This | Parent | # ]
|
|
Authored by: Anonymous on Sunday, May 05 2013 @ 12:58 PM EDT |
I think it is you who are missing the point. A URL with a secret part is no
different from a password, except that you have a second step. Why should we
care about the technical method used to get the information, when the question
is one of law and prior authorisation ?
Let's imagine what would happen with your "login" difference: there
would presumably a page where you could enter a password. Then, presumably,
you'd enter an URL without the password in (or, more probably, click on a link
that has that URL). The only difference is that instead of entering that guessed
(as we're assuming you don't know this password in the first place) password in
the URL, you're entering it in a text box. Technically, if the system is not
very good at hiding things, the login version might actually be sending the
password as part of the URL anyway, but I digress.
The distinction is irrelevant. I have not missed that point, I have seen it, and
think it is irrelevant. What is relevant is that if you know you are not
supposed to access something, then trying to access it anyway is clear evidence
of intent to access what you do not have thre right to.
Now, an aside, because people often forget that someone can see both sides of a
story: I do believe that the punishment was way too much. My point is also not
that this particular case *should* be a crime. My points are just (1) that there
*should* not be a difference between guessing a password in a URL or in a text
box, and (2) that the main issue is one of prior authorization.
Let's use another example: if your bike gets stolen, and it did not have any
lock on it, you might have been dumb to leave it unattended without a lock, but
it's still a crime to steal it, even if it had no lock. Even if it had just a
cardboard lock. Even if there was no "please don't steal me" lock. And
the reason is that there is no prior authorization to take the bike. If you DO
give someone the authorization to take it, then that person taking it is now not
a crime. And that, I believe, is the main issue.
By the way, I do not like the metaphors used in the quoted article. "Just
visiting a website is a crime". This reeks of misrepresentation. It's the
same kind of double speak as saying "just walking a step is a crime",
when you're talking about someone enter a private area without authorization,
and thus trespassing.
Whether or not you or I agree that such things should or should not be crimes,
we should still be able to agree that the issue is one of prior authorization.
If you do not, then please explain why you think it is not so.
[ Reply to This | Parent | # ]
|
|
|
|
|