I don't think they believe it either. It's just easier to treat people as criminals by default. Why go through the effort of engineering things properly when you can have 10+ cops break down your door and shoot your dog?
> Isn't that how most home door locks work, though?
Not at all. Short of building a fortress, you won't stop someone determined to get inside, but you can make it sufficiently difficult that they're more likely to be noticed, or more likely to seek out an easier alternative.
> it's pretty helpful to have legal deterrents to amoral actions...
Nobody is suggesting otherwise; rather, the issue is that legislating against something doesn't stop it from happening, and therefore you do still need to secure against it as part of your threat model.
Furthermore, laws tend to paint with a very broad brush; changing a number in a URL isn't "hacking", for instance. Laws should work with technical measures. Climbing a fence makes it much more obvious that you're trespassing.
Wait, "Not at all"? Yes, it very much is, what you just said is literally the explanation I would give if someone asked me to explain why a front door lock is a legislative protection, not an actual security feature...
Legislation meaning you don't need to defend against it is actually quite real in meat space (and quite effective), so pretending like it's universally a bad idea is incongruous with your own facts.
Most people do not live in houses that I would call "secure systems". The reason locks in residential homes are not that sophisticated is because it's not worth the cost to make them secure when there is still going to be a glass window right next to it.
It's a true belief for companies like Equifax, who can offload all of the liability so long as it's the criminal that is guilty instead of them. For Equifax, securing reads is worth very little because as long as they can A. stop competitors from using their data and B. have no liability all of their needs are met.
