> That's why we should let the final verdict for authorized/unauthorized lie IN THE CODE DEPLOYED BY THE OWNER, not the law
I'm surprised to see this much victim blaming from such a passionate defender of personal liberties.
There is a stark difference between "AT&T deliberately decided to allow public access through this URL" and "AT&T improperly coded the authentication scheme for this URL".
From the outside the end result would be indistinguishable, which is why your binary logic can't be used in general. If we had it your way the only choice a potential victim would be legally allowed to ever make is "as strong a technical control as available (and don't screw it up, otherwise it's your fault)".
The only victims here are the people whose data ATT negligently mishandled, and even those are just civil claims.
ATT's reputational damage was earned, and was the consequence of facts that were disclosed about their terrible customer data handling practices.
There's nothing criminal at all at any point here. Even what ATT did was shitty, and they should probably get sued for being so careless and negligent, but no crimes were committed by anyone at any point along this chain.
I'm surprised to see this much victim blaming from such a passionate defender of personal liberties.
There is a stark difference between "AT&T deliberately decided to allow public access through this URL" and "AT&T improperly coded the authentication scheme for this URL".
From the outside the end result would be indistinguishable, which is why your binary logic can't be used in general. If we had it your way the only choice a potential victim would be legally allowed to ever make is "as strong a technical control as available (and don't screw it up, otherwise it's your fault)".