Re: Vengeful Bureaucrat?
@DanForSupervisor, you'd never get my vote at all, as you've failed to comprehend the law's basics.
I'll use an example for you.
Kwikset is a cheap, popular lock that is extremely easy to pick. His SQL injection attack was like me sticking my lock picks into that Kwikset lock and picking the lock. Without permission, I'd be committing burglary and rightfully convicted of burglary. With permission, I'd be evaluating security by showing that even my modicum of skill was able to pick the lock in seconds.
He should have written up a proposal, explaining that he's a security researcher and he was interested in examining their network for vulnerabilities for free. There's a fair chance that he'd have gotten permission. Instead, he went in, played around, exfiltrated data, all without permission. He picked the cheap lock and entered.
I'd have pushed to have him charged as well. I'd also have hit the roof that my site was so vulnerable and saw to it that it was properly secured.
But then, I'm an information security professional. The only systems I break into are my own and obviously I've given myself permission to breach my own systems.