So practically yes, let's be aware that the author could indeed be persecuted under the CFAA. But let's not grandstand and pretend that following that law is some sort of moral imperative that benefits everyone. The common individual will be the target of the same attacks with or without that law.
My perspective is that a fundamental aspect of the Internet and the digital world is that the software-codified rules are basically authoritative. While constructive behavior still does matter - eg knowingly turning off a hospital ventilator is still murder - the only gain here was temporarily obtaining some transit. The real remedy is for the provider to fix their systems.
Do you think that hacking per se is ever immoral?
In isolation, why would finding a hole in someone else's ruleset be immoral? If hacking per se were immoral, then there could be no such thing as a "white hat".
I specifically wrote "per se", so no - I'm not.
> If hacking per se were immoral, then there could be no such thing as a "white hat".
White hat hacking it typically specifically authorized (e.g. red teams). That is not the case with the example from the article.
In the locksport community there is a pretty strong norm to only pick locks you own or have specific authorization to pick.
Computer security not the same thing, but it's also not that different.
That is merely one kind of white hat hacking. Another kind would be figuring out an exploit for software that you have a local copy of, even against the wishes of its developer. If we agree that this is moral, then general finding of holes itself cannot be immoral.
I don't think you mean to imply that in locksport, you only pick models of locks that the manufacturer has given you the go-ahead to attack. Rather you're referring to ownership of the physical lock itself, which is merely one type of authorization. I would also guess that the reason the community repeats this prominently is to head off legal entanglement.
To the extent that a given ruleset only exists on a specific device that one does not own, then it is indeed hard to find holes in it without also affecting that device itself. However, it is still important to draw the distinction between any effects and the logical hacking itself, lest minor effects end up being persecuted inequitably.
In the context of the original article, there are essentially no damages and a little bit of unjust enrichment. Yet this whole thread has blown up about a spectre of harsh punishment under the CFAA, when equity is closer to the amount of the access fee.
EDIT: I’m fairly sure at current prices a single flight could pay for a month’s service for a single plane, probably several times over. The profit margins (& I imagine some the cut to the airline) must be enormous, & there is no pretense of fair terms at sale time because a single corporation can entirely monopolize your attention.
In what bizarro world are people being forced to buy inflight wifi?
How come that isn't happening here?
Anyway, it's a commodity. The positioning of it as a luxury service amounts to theft.