I don't see any reason why attempting SQL injections on a few forms on the County website should be treated any differently than trying a few ways to pick the lock on a county building. Should the punishment for the latter depend on the sophistication of the lock-picking techniques the intruder uses?
Web servers are other peoples' property, and there's no "right to tinker" with them. All you have is an implied license to use the site in the way the owner expects you to use it, the same as with a physical storefront.
Yes but there are degrees with these things. If you attempt to open a locked door they don't charge you with armed robbery, even if that door has a sign that says "employee's only". I'm not suggesting attempting a SQL injection should just be ignored, but it should clearly be at worst a misdemeanor and not a felony, about on par with trespassing in terms of severity. Now, if you then use that SQL injection to steal protected data, gain further access, or delete data, then yeah you're talking about moving into felony territory.
Web servers are other peoples property, but they're also a public space when you open then up to the public by hosting public services on them. A private server is different from a public server in the same way private property is different from a public storefront. By making your server accessible to the public you lose some of the expectations of privacy and implicitly allow a certain degree of access.
Would you mind explaining which charges you'd get hit with? As a non-laywer, trespassing and entering (not breaking and entering, since you didn't break anything) are the only charges that would make sense to me in that context.
I agree, but I do see one distinction that I find interesting: if someone tries to pick a lock on a county building and they try 44 different lock picks, is that one charge or 44?
Even once is a serious charge, but I'm not sure there were 44 crimes committed.
A better analogy than lock-picking: the door has a sign that says "turn knob to the right to enter", he was arrested for unsuccessfully turning the knob to the left to see if it would opened into another room.
There is an interesting disconnect in the "HN perspective" in that online data is incredibly important and should be subject to all sorts of legal protections from the government (even if it's shard in plain text with all sorts of 3rd parties) but at the same time it should be completely OK for an individual to try to steal it just for fun.
Web servers are other peoples' property, and there's no "right to tinker" with them. All you have is an implied license to use the site in the way the owner expects you to use it, the same as with a physical storefront.