> There probably needs to be a way to address the situation where someone knows the data they are accessing ought to be restricted, but your analogy throws away an awful lot of the context that is important to that discussion.
Perhaps, but IMO it's really the core moral question.
But you are right that context is important, which is why these debates go so often into what "reasonable" persons would do.
So with weev, for instance, I think a "reasonable" person could probably say that they're not really supposed to have access to so much personal data, and that they probably shouldn't have gone way the hell out of their way to get 114,000 email addresses when 4 orders of magnitude less would have sufficed to prove the vulnerability.
Now, do I think that email addresses of any kind warrant 41 months in prison? Absolutely not! But I also don't see how it's a stretch to consider that weev stepped beyond the bounds of reasonable behavior.
Whole societies often end up with unpleasant moral opinions though (I don't mean to suggest that this sets aside the value of acting morally, I mean to suggest that moral intuition is not necessarily a good guide for setting the rules for a society).
A good trick would be massive civil penalties for disclosing personal data to third parties. That leaves us uncomfortable with weev scraping large amounts of data but able to punish him for any damage he causes by sharing it, and it makes some potential for innocent little AT&T to share the stick.
Edit: better to say that it leaves us able to punish weev for causing damage. There is easily potential for causing more damage than could be restored by a single person.
Perhaps, but IMO it's really the core moral question.
But you are right that context is important, which is why these debates go so often into what "reasonable" persons would do.
So with weev, for instance, I think a "reasonable" person could probably say that they're not really supposed to have access to so much personal data, and that they probably shouldn't have gone way the hell out of their way to get 114,000 email addresses when 4 orders of magnitude less would have sufficed to prove the vulnerability.
Now, do I think that email addresses of any kind warrant 41 months in prison? Absolutely not! But I also don't see how it's a stretch to consider that weev stepped beyond the bounds of reasonable behavior.