Agreed, however if a government official says “These records are confidential, please don’t look at them” and then they leave them on a park bench in front of you, then it is a felony to for you to look at them.
In this case, it would be like going through the UI and trying to access the record and getting denied because of a client side access block, so you make a direct call to the backend instead to retrieve the record. You’re making a perfectly legitimate HTTP request but for something you know you shouldn’t be able to access: illegal.
Obviously. But I was responding to a particular argument. Why is "knowingly accessing records that you know you shouldn't have access to" so different in this case? There's no trespassing or equivalent; the computer itself was set up for public access.
And "protected computer" is basically all computers. Imagine if the records were on a kindle; that shouldn't change the legality and if the CFAA does so that's a bad thing.
A phone is a personal device and I'd like that to be treated differently in many ways.
A public web server doesn't have such direct privacy issues.
When it comes to records on a bench vs. a non-personal kindle on a bench, I think they should have equal and low protection. Abusing the data should face penalties, but not poking around.
Why should you have any right to “poke around” a kindle you find on a park bench? Beyond any general rights you might have permitting you to take ownership of lost property, that is.
I don’t see any obvious reason as to why this should be allowed, but it’s trivial to come up with a whole plethora of reasons for why you shouldn’t be allowed to poke around such devices.
When the access is freely given out without any subterfuge, it's not my job to self-enforce my best guess at what my access level should have been.