Yes, stealing something is a crime whether the item is locked or not. However, cases like that of the Weev guy (http://en.wikipedia.org/wiki/Weev) are very different than someone coming into an unlocked garage and stealing your stuff.
His case is more like a going into a store that is open and invites you in (this was a public website he went to). You are browsing around, looking at stuff for sale.. you then see an unmarked door in the middle of the store. It isn't locked, and doesn't say "Employees Only", so you walk in.
The store can't then turn around and have criminal charges brought against you just because you weren't supposed to go into the door. There were no locks or signs, and you were in a place you were supposed to be. Now, if there was any sort of lock at all (even a crappy, broken, one that was easy to bypass) you could argue that it is a crime.
If I send a standard request to a website, with no special forged auth or anything, and that website gives me back data, you can't blame the person who made the request. It is up to the website to tell me "no, you are not allowed to access that."
If I accidentally leave my front door unlocked, it's still a crime for you to waltz into my house and peak around. I wouldn't describe what weev did as just walking through an unlocked door, either. It's more like he walked through an unmarked door, looked into a filing cabinet and saw some private business records, then thought "Cool. There's more in this cabinet. I'll just go ahead and make copies of them all for myself."
> If I send a standard request to a website, with no special forged auth or anything, and that website gives me back data, you can't blame the person who made the request. It is up to the website to tell me "no, you are not allowed to access that."
Many remote exploits are going to fit this description. Sometimes it's just magic parameters or misconfigured URL routes.
Your concept of computer crime requires a bit more depth than that. Intent matters, as does what you do with data on their end and on your end.
The room analogy may be reasonable. Except weev realized the room contained private company records. He proceeded to copy everything, then went home and published it in the newspaper. He wasn't really prosecuted for the entering of the room, it was that second part that did it.
His case is more like a going into a store that is open and invites you in (this was a public website he went to). You are browsing around, looking at stuff for sale.. you then see an unmarked door in the middle of the store. It isn't locked, and doesn't say "Employees Only", so you walk in.
The store can't then turn around and have criminal charges brought against you just because you weren't supposed to go into the door. There were no locks or signs, and you were in a place you were supposed to be. Now, if there was any sort of lock at all (even a crappy, broken, one that was easy to bypass) you could argue that it is a crime.
If I send a standard request to a website, with no special forged auth or anything, and that website gives me back data, you can't blame the person who made the request. It is up to the website to tell me "no, you are not allowed to access that."