Hypothetical scenario as an existence proof (not related to the situation currently at trial):
Suppose you're an investigative reporter. You regularly investigate a person or company that you feel gets away with too much, whose public actions always skate right on the line, and figure they must be doing something wrong. You feel vindictive about it because you haven't managed to find anything about them in the past. You fully intend to find something to report on that will cause their business harm; it's less about the story at this point, and more about you versus them. You find your story, you report on it (truthfully), and the result is serious enough that their business takes a major hit.
You had malicious intent to cause harm, and managed to cause the intended harm, and yet you've still done absolutely nothing wrong. (Remember that truth is an absolute defense against slander/libel accusations.)
Malicious intent to cause harm is frequently a necessary condition for a crime (leaving aside things like negligence), but never a sufficient one. You still have to do something inherently wrong.
In legal terms, see "mens rea" versus "actus reus".
Breaking into a computer system without permission by exploiting a security hole: generally a crime.
Accessing data made accessible to the general public: not wrong in the slightest, regardless of intent.
Changing your user-agent isn't exploiting a security hole (modulo changing it to ');drop table students;-- ), nor is automated access to a website (modulo DoSing). And embarrassing a company by showing that they made private user data publicly accessible definitely shouldn't be criminal.
>modulo changing it to ');drop table students;-- )
As an aside, about a year ago I made a simple web crawler that got (among other things) HTTP headers from all the servers it found. After an hour of crawling, I took the headers to start working on a parser for them, and found 7 attempts at an sql injection. Do I get to prosecute whoever set up those servers?
Suppose you're an investigative reporter. You regularly investigate a person or company that you feel gets away with too much, whose public actions always skate right on the line, and figure they must be doing something wrong. You feel vindictive about it because you haven't managed to find anything about them in the past. You fully intend to find something to report on that will cause their business harm; it's less about the story at this point, and more about you versus them. You find your story, you report on it (truthfully), and the result is serious enough that their business takes a major hit.
You had malicious intent to cause harm, and managed to cause the intended harm, and yet you've still done absolutely nothing wrong. (Remember that truth is an absolute defense against slander/libel accusations.)
Malicious intent to cause harm is frequently a necessary condition for a crime (leaving aside things like negligence), but never a sufficient one. You still have to do something inherently wrong.
In legal terms, see "mens rea" versus "actus reus".
Breaking into a computer system without permission by exploiting a security hole: generally a crime.
Accessing data made accessible to the general public: not wrong in the slightest, regardless of intent.
Changing your user-agent isn't exploiting a security hole (modulo changing it to ');drop table students;-- ), nor is automated access to a website (modulo DoSing). And embarrassing a company by showing that they made private user data publicly accessible definitely shouldn't be criminal.