Unfortunately the law's definition of "publicly accessible" is a bit retarded. If I post a url ending in pic002.jpg, and you try to access a similar url ending in pic001.jpg, and that picture happens to contain sensitive data, then you are a hacker.
If I tell you the combination on my laptop case is 1-2-3-4 so you can get me my power adapter and you then try 1-2-3-4 on my luggage and successfully steal my collection of Kylie Minogue's undergarments (I never travel without them), while I am a (rather creepy) idiot, you are a naughty boy.
It's completely ridiculous to ethically or legally equate trespass and theft on/with physical property with data copying and access. Whereas I can be expected to know you don't want me looking through your briefcase, given a link to something without any context is nowhere near as clear. Your example makes sense only for data where someone is guessing usernames and passwords because they know they are trying to circumvent some access control. It absolutely does not make sense for guessing addresses.
Sending requests to servers must be likened to finding publicly posted data. E.g, Buildings 1, 2, and 3 all have neat flyers, so you look at building 4's flyer. Oops, that was a felony.
If your power adapter is in glass case 1, and I curiously glance at glass case 2 and see the undergarments was I wrong?
Combination locks are locks and are designed to prevent access.
Web servers are online. They provide responses to web clients. There are established methods to control access to what a client can and cannot access.
If it's online, and responding to my client, and not giving a 401 or 403 or etc status code then it's hard to understand why just visiting example.com/example1.jpg example.com/example2.jpg makes someone a federal criminal at risk of years in prison.
Yes, and if I find your laptop and login as Administrator and try 1-2-3-4, I am a felon. There is currently no requirement of any due diligence in protecting a computer.
