The site was not "on the web" in the sense of a site open and inviting anyone to come in. It had a robots.txt file to indicate its contents were not to be indexed. That someone got in is testimony to the fact that security -- everywhere -- is imperfect....In the comments, after a challenge — "I'm sorry, but there's no way that typing a URL into a web browser is analogous to jiggling a lock for 30 seconds" — Lessig backs away from the idea that the analogy is perfect:
I don't accept that this is a "public place" just because the public can easily get to it. But I'm also not arguing that someone should be treated as a trespasser because he or she wanders through a directory structure. My only point is that it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse. Norms of privacy should therefore apply.Another commenter — James Nightshade — pushes back:
Robots.txt is a voluntary access control mechanism, but it does not prevent resources from being "on the Web" in any sense. The document describing the robots.txt standard refers specifically to web robots. Robots.txt was not intended to apply to interactive web browsers. It is roughly analogous to a sign one might find beside a residential street: "No trucks except for deliveries." The street is still a part of the road network, even if some vehicles are asked not to visit.I'm not buying the analogy, but I get it that Lessig is trying to promote privacy on the web. Or not on the web. Whatever. I have a lot of trouble seeing what the "disgruntled litigant" did as "hacking" or trespassing.
Another example is the form I'm typing this into. It has an accompanying CAPTCHA form to identify robotic spam submissions. Blocking these robots doesn't effectively take the submission form off the Web. If one wants to avoid public access to a Web resource, there are access control mechanisms which can do that. Passwords are one example; robots.txt is not an example.
Seems to me, when you're on line, you can poke around as much as you want and look at anything you can click to. Isn't that what most of us think? That's how we behave on line. In the physical world, we know we can't just go anywhere we can physically get to. Forget badly locked window. We won't even pull open an unlocked screen door to a house. I was going to say a "private building," which assumed the answer to the question about privacy, but that ordinary usage — public/building — shows that we have a deeply embedded expectation about privacy.
But Lessig's idea about privacy on the web is something I'd never even heard of. Lessig, of course, knows that. He prefaces his analogy with: "Cyberspace is weird and obscure to many people. So let's translate all this a bit." Are we just at the beginning of forming our expectations of privacy on line, or have we already decided we are free to look wherever we can go?
IN THE COMMENTS: MCG notes: "Alex Kozinski provided public links into his "stuff/" directory in the past." He points to this email Kozinski sent for publication on a high-profile blog. Kozinski thus eagerly invited the whole world into his back pages.