But you are not AUTHORISED to access said resources, so you would be in violation of the Computer Fraud and Abuse Act.

It's about time for all people to recognize that web server software is an unrestricted broadcasting system by default and that if users want some sort of security they should definitely get behind a firewall or restrict MAC addresses. If they fail to enforce security it should be their fault, not the person accessing them. Apache and other web server software vendors should put that in their license. If that clause had been there maybe Aaron Swartz would still be alive today. As things stand today it's just a lame way to enable irresponsible people to set up web servers and printers containing web servers to put their hands up and way "not my fault." If people want to play geek they'd better learn geek, No excuses.

Who says I am not authorised? I can claim that public access is an implicit authorization, like any website! And there is no warning or message in the public control panels.

Can you really argue in good faith that you are legally authorized to print something on their printer?

Is a printer publicly accessible over an IP network really so different from a fax machine publicly accessible over switched phone network? Hell, many times (probably always these days) the fax machine is a printer so if the printer is a "computer" the fax machine half of it surely should be as well.

I can see them getting you for spam, just as they can with unsolicited faxes I believe, but anything more than that? Seems a little silly.

To add to the printer/fax comparison, I have known people who used printers in different physical locations within an organization as a "fax machine" that was easier to use with a computer. Need to send some documents to the guys across the state? Print it to them.

Yes, I think you can.

There have been case(s) I think (in USA) concerning websites where it was argued successfully that placing an non-password protected page available on the public internet was implied consent to access/use that service.

That seems the right way to do it. You can't then, for example, put up a website which enables printing and then claim that people who use it are financially liable for using that service.

That would be like putting a bench on a busy street and then popping up and charging people if they happened to sit on it - if they sit down, you can tell them they're not authorised to sit without payment, or you can advertise lack of authorisation (eg with a price list) but otherwise you're implying consent.

Yeah, and there is a guy currently fighting in court because he changed some numbers in a URL and was able to get information on other customers from AT&T ... CFAA.

This is different in essential details. Google are indexing these pages. That means the pages are advertised as part of the public internet.

Now not every layman knows how to properly hook things up to the internet, but there is a definite implied consent in doing so. If the pages were restricted by password and we were bypassing it, or they were locked to an IP and we could spoof it, then there wouldn't be an implied consent to access the service being provided; but that's not the case here.

If you want to look at intent then it's notable that many listed are University addresses - people setting up those printers absolutely know what they're doing.

If you purposefully used excessive paper/ink or you kill the hardware with a broken firmware update then those things are definitely not authorised by the implied consent and would constitute vandalism.

But we didn't change anything here; is just a website that says: "Select the file you want to print" and that's it.

And you think the owners of the printers really enjoy others using them like that? That all those IPs are set up like this on purpose?

Is there a fact we can examine to answer that/those questions?

If you have to ask the question, I think you already know the answer.

The enjoyment or lack of it by the printer owners is probably not a valid legal argument.

[Citation needed]

(also, how very considerate of you)

Do you really believe that? That the owners of the printers on this public wire would appreciate, in fact deliberately encourage, anonymous users accessing them like that?

good faith doesnt matter. it (at least should) matter what the law says.

> Who says I am not authorised?

The Federal Prosecutor threatening with 50years of jail time Or you can accept this no-brainer plea bargain for only 1year.

See also, 50 million posts on this subject last couple weeks since prominent software engineer suicided himself.

http://en.wikipedia.org/wiki/Weev is getting sued for inputting information on a public website which at that point gave him details about users...

I don't see where the implied consent is unless they were advertising the availability of those addresses on the public internet, eg they were listed in Google. It's a small but crucial difference to the legal position IMO.

If I leave my keys in the car, leave the car turned on with the door opened, are you authorized to drive my car?

One cannot reason about computers using analogies and expect to come to any useful conclusion.

> The printers are on public wire. > You had not done any crime by using Google to find them. > You obtained access to their open HP admin panel via public link with no password or credentials you had to pass.

There's even less barrier to sending a junk fax, and that can get you fined and potentially jailed.

I will argue. Junk fax is a message send to a number for no reason. In my example I would only send messages (print) on the printers that would be low with toner. I would NOT print on every single printer just because I can. Huge difference.

Your statement is totally sane. But the legal system isn't. Typing a public URL passes for "hacking" in our crazy courts.

You miss the point. Even if it is not illegal for you to connect to the printer, it is illegal to spam.

I think it would fall under unauthorized access.