> What weev did was quite different in that he accessed this web service in exactly the way it was intended.
So is a thief who walks through a door carelessly left unlocked "accessing it exactly in the way it was intended." It's what he does afterwards that makes the difference.
> What is the difference, under the law, between someone accessing a private Google API and the private AT&T API that weev accessed? As a web developer with zero documentation, zero information beyond simply knowledge of the API URL's existence, there is no apparent difference beyond what content was being served by these APIs. So, if that is the case, at what point should web developers accessing undocumented APIs begin to be concerned about their criminal liability?
When the content you get back from a URL is other people's private data, it doesn't take a genius to figure out that maybe there's some criminal liability there.
>So is a thief who walks through a door carelessly left unlocked "accessing it exactly in the way it was intended." It's what he does afterwards that makes the difference.
If he takes some pictures and leaves he certainly isn't guilty of breaking and entering.
So is a thief who walks through a door carelessly left unlocked "accessing it exactly in the way it was intended." It's what he does afterwards that makes the difference.
> What is the difference, under the law, between someone accessing a private Google API and the private AT&T API that weev accessed? As a web developer with zero documentation, zero information beyond simply knowledge of the API URL's existence, there is no apparent difference beyond what content was being served by these APIs. So, if that is the case, at what point should web developers accessing undocumented APIs begin to be concerned about their criminal liability?
When the content you get back from a URL is other people's private data, it doesn't take a genius to figure out that maybe there's some criminal liability there.