No, because AT&T is a open Business, which needs to be in business zones, following business statues, not personal computers connected to ISP servers. It's more like the brothel analogy I just made:
https://news.ycombinator.com/item?id=6435769
> If you visit and internet cafe and someone's forgotten to log out of their bank account and you fiddle with it, that's probably a crime.
That can be construed as impersonation without unauthorized access, which is in some jurisdictions is illegal.
But that is not what AT&T did, which is more like a open brothel with conference rooms and private bedrooms. They just let in anyone that looked in one type of attire, and had some numbered badge come into one of the reserved conference rooms. IoW, the security person did not ask for ID, or a password to enter. The fault lies on the brothel, not the visitor. For all we know, anyone could have come in looking with that attire, and a matching badge out of coincidence (maybe there was a costume party, who knows, still the brothel did not do a good job of securing the reserved conference rooms).
> No password, no HTTPS, no access controls at all. Who is responsible for the security breach? You or the bank?
The bank, they are not complying with the legal statues, and more than likely violating their own privacy policy, if any exist.
> I would argue that if there are no technological access controls in place, there is no such thing as "unauthorized access" You can't be unauthorized if there is no authorization. The default on the internet is "can access"
That is correct. In that analogy, it would be an open business, like store or malls. It follows jurisdictions of private properties, with some business statues, but overall, since it is an open-doors business, there are no authorization requirements.
> They're prosecuting him for the digital equivalent of walking down a street and taking pictures of houses which don't display numbers on their mailbox.
No. Like in the example above, they are charging him of wearing an attire with a numbered badge, and coming into the reserved conference room, and learning the attendants names or addresses (which should not be there in the first place, esp. with no security protocols). The worst they can charge him is for impersonation. However, what can incriminate him is if the pages he visited clearly displayed or linked the Term of Services or EULA, which does detail this scenario, and he violated it in some way.
Obviously. If the administrator locked access to matches, nothing could be burned. The admin is responsible for leaving matches open at the library, and allowing the librarian to do as they please.
You are welcome to critique, not harass⸮: