: Is viewing a site's unpassword protected HTTP logs/stats illegal? If not, why? If so, please provide US Federal code, or case law confirming this is the case.

@Cody1181609

US federal law pertaining to Fraud and related activity in connection with computers suggests that it is unlawful to:


intentionally access a computer
without authorization or exceeds
authorized access, and thereby obtain

information contained in a financial
record of a financial institution, or
of a card issuer as defined in section
1602 (n) of title 15, or contained in
a file of a consumer reporting agency
on a consumer, as such terms are
defined in the Fair Credit Reporting
Act (15 U.S.C. 1681 et seq.);

information from any department or
agency of the United States; or

information from any protected
computer;


Whether publicly-served log files are covered is really going to depend upon the information contained in the logs (i.e. if there are requests which include sensitive data) and the definition of "protected computer".

It's generally bad practice to expose log data, however, even if the logs do not clearly contain sensitive information, I'd say it is equally bad practice to go around reading other peoples' logs (even if it's not a criminal offense, you could still run afoul of a civil court if you're somehow using someone else's "semi-private" logs to your advantage).

Update:

Comments seem to be primarily focused on the definitions of legal terms and that's far beyond the scope of the answer - the judicial system hasn't figured it out yet, either.

Vote Up Vote Down