> The rules are interpretable as it being illegal to access data with a publically available password using this password, so we're going to apply them, despite it being patently absurd.
I very much agree. I do think that this kind of ethical hacking should have a legal framework around it, to protect both sides during such an access. But this should be more on the basis of responsibly minimizing access to protected data as well as minimizing foreseeable damage.
For example - running a select on a database may show you private and protected data, but if this is done to validate a problem, fine. Start digging for data on specific persons? Touch something called "Pump Controls"? This would however require technologically competent judges, and those are rare.
As I said, a frustrating topic and it will become very interesting if a hostile state starts pushing on this.
I very much agree. I do think that this kind of ethical hacking should have a legal framework around it, to protect both sides during such an access. But this should be more on the basis of responsibly minimizing access to protected data as well as minimizing foreseeable damage.
For example - running a select on a database may show you private and protected data, but if this is done to validate a problem, fine. Start digging for data on specific persons? Touch something called "Pump Controls"? This would however require technologically competent judges, and those are rare.
As I said, a frustrating topic and it will become very interesting if a hostile state starts pushing on this.