is it a criminal offense to access an open website? if you had to use even a default password you could imagine it being improperly accessed,but if it's just open to the internet how is a criminal offence committed?
People have been tried and committed for crimes in court for this type of thing. It probably varies from country to country but there is definitely legal precedence that if you come across data that you know shouldn't be publicly accessible, you can't just pretend that it's okay to use it as if it was. Intent and common sense probably plays into it.
I would link some sources because you shouldn't trust just my vague memory, but it's incredibly difficult to find the right google search terms.
Note in the UK the CPS guidance which talks about "unauthorised access".
There has to be knowledge on the part of the offender that the access is unauthorised
So I guess it depends what the "offender" googled and what the link description said before they clicked it wrt open websites. And no doubt their explanation and demeanour when questioned etc.
> ... manipulating the URL, that presumably counts as a crime.
"Manipulating the URL" -- "?id=1", "?id=2", "?id=3", in effect -- was enough to get Andrew Auernheimer (a.k.a. "weev") convicted and sentenced to ~3.5 years in prison [0].
Yes, his conviction was later vacated -- albeit due to a "technicality" ("improper venue"). Regardless, he still spent more than two years locked up for what really does seem like some completely exaggerated bullshit!
> "... [the Third Circuit judges] were skeptical of the original conviction, noting that no circumvention of passwords had occurred and that only publicly accessible information was obtained."
---
(Note: I've never met the guy, nor would I ever want to. Everything I've heard and read indicates that he's a pretty shitty human being -- and I suspect that didn't help him very much at trial. He almost certainly was deserving of some "bad karma" but that's not for the "justice system" to dish out.)
TL;DR: If you're in the U.S., you might want to think long and hard before taking that chance!
I'm somewhat puzzled when this defense comes up, but I think it's worthwhile debating it. Does the condition of how you came upon the contents have any real bearing on the matter? I mean, nobody is really saying that accessing an open website itself is illegal. But it's not as if this circumstance will alleviate all future repercussions of your subsequent actions. I suspect I don't have to give analogies of what might be an inappropriate action - there are a number of things you could find on an open website that could be illegal to distribute.
I suspect a much more interesting argument exactly is the issue with having this particular data - what laws are being broken by redistributing it (I don't have the answer). But that was not the point that you raised, hence my reply.
I assume gdpr (and/or equivalent) is still law in the UK? If so, dealing with person data (traveldata + car registration should qualify) - without explicit consent is illegal, yes. Just storing the data would be illegal. (getting consent, and then not storing it securely would also be an offense).
As I understand it, under GDPR data controllers have a responsibility to take reasonable measures to secure the data. I believe failure to do so is a criminal offense.
