"Clicking a link" on a results page by itself is unlikely to be a crime (in any US jurisdiction). OTOH, having a certain criminal intent, constructing a search query aimed to realize that intent, and then clicking on a resulting link to complete the realization of that intent might be.

> Can you construct a hypothetical situation where clicking a link on a Google result page (or, any page, for that matter) would be a crime?

I'm not sure that's even necessary, and there's no point getting into a debate about the browser (you commanded it to do something, after all).

IANAL, but I don't think you need to be one to appreciate the potential for legal trouble. Depending on your interpretation of the CFAA and whether or not you agree with the assertion that the Ninth Circuit limited the scope of the CFAA's reach by requiring a certain degree of intent [1], unauthorized access alone could be construed as a crime. If you want a particularly extreme interpretation of the statute, you can find such almost anywhere you look (here's one from 2005 [2]).

In the latter case, it's notable that if you access material it 1) need not be trademarked, copyrighted, a trade secret, or even particularly sensitive--it need only be "valuable" and 2) unauthorized access is defined rather loosely as accessing "information in the computer that the accessor is not entitled so to obtain." One could argue that password protected resources or databases that are not publicly advertised are not considered something for dissemination to the public and therefore protected by statute.

So, if we apply the CFAA in a manner similar to what you might expect of a prosecutor who is up for re-election this year, let's look at the abuses the article's author committed:

Unauthorized access - check? There's no obvious revocation of the right to access Unilever's MongoDB database, but it probably passes the "reasonable person" test that this information isn't intended to be public. Playing the game of "intent" is a bit risky, so this might be another option in mounting a defense.

"Valuable" information - definite check (the author stated rather plainly: "Within the databases I found personal details like names, e-mail addresses and also private chat logs;" I suspect this would be considered "valuable" information). I don't think this is something I would have admitted. I certainly wouldn't have posted screen captures.

I admit the timing of this is funny, because I was just about to watch a few videos on bosnianbill's Youtube channel earlier when I got to thinking about how inconsistent lockpick possession laws are in the US, and it's interesting how it applies to this story. In some states (notably Tennessee), simply owning a lockpick without the appropriate license can land you a misdemeanor (fine, maybe jail time, depending on my memory of their law), while other states (like my own) require intent and/or possession of multiple "burglary tools" (e.g. a crowbar in addition to a lockpick). While intent alone is insufficient protection from particularly enthusiastic prosecutors, it does at least afford some defense if you wind up in front of a jury. Hoping for the same under the framework of the CFAA is a bit like playing with fire even if you successfully mount a defense (legal costs, opportunity costs from the time wasted on defense, etc).

Not worth it.

[1] http://www.bullivant.com/Computer-Fraud-Abuse-Act

[2] https://www.dorsey.com/newsresources/publications/2005/02/cf...

Federal prosecutors -- the only ones that can prosecute for criminal CFÀA violations -- are Presidential appointees, they are never up for election. So that scenario never actually occurs.