Well in this case I'm knocking on your door and you're opening the door saying "Come right on in!"

Requesting access (ie knocking on a door/typing a url) is not illegal. If you grant that request (ie invite me in/serving a webpage), I am under no obligation to psychically infer that you didn't mean to and refuse your invitation.

Unfortunately, it's never that simple. So much of it is about intent.

If I could simply use the excuse "well, the computer gave me the information", then there would be no such thing as hacking. It's always a case of the computer sending the information to you.

It's not about intent, it's about authority. If I have the authority to access something, it's legal for me to access it, regardless of my intent. I may be breaking other laws depending on what my intent is, but it's not hacking.

Compare to a restaurant: simply walking into a restaurant is not illegal, but an owner can restrict access and ban someone from their restaurant. It takes no technical skill to break into the restaurant, the door is wide open, but without authority it is trespassing. However, it is on the owner of the restaurant to actually ban someone. For a public space, be it a restaurant or a webpage, by default you are permitted access. Attempting to enter a restaurant you've never been to before is not breaking and entering, nor is accessing a URL hacking.

If a website has some user agreement saying you will not access certain portions, or even if there is just a notice on a website saying this site is not public, then they have done all they need to do to revoke someone's authority, even though they would be incredibly easy to "hack." But as laid out under Van Buren v US, you don't lose authority to access things simply because you possess some intent undesirable to the owner. If you invite me into your home and I sleep with your wife, I haven't trespassed; if you tell me to get out and I don't leave then I have.

Further, there's a distinction between accessing something by normal, legal means and accessing something by other methods. For example if you invite me into your home only after I give you a false identity, I'm trespassing because I was never legitimately given authority to enter. Likewise if you hack a system with say a stolen password, you don't have authority to access the system no matter how easy it was. But if you grant authority to someone without them having to do anything nefarious, then they have authority regardless of whether you should have done it or not. If you have something sensitive, don't put it in a place (in the real world or online) where authority to access is granted automatically and without oversight.

If I send a HTTP request, and the server -who I believe is acting on behalf of the publishing party- sends a 200 OK response along with the data, how am I to conclude I wasn't authorized? Since when is authorization the client's responsibility?

Yep.

Send me a 401 (or a 403) status and I’ll know I’m not authorised.

In the physical world, nobody would lawyer up and go to court if someone walked through an open door with a sign saying “public entry here” and saw something confidential.

If you have confidential information around in the physical world, you make sure you have facilities staff who know the difference between “public entry here” signs and “authorised personnel only” signs. You also have facilities staff who know how to fit door locks and door closers, and security staff who know how to choose appropriate locks and to enforce compliance of locking doors. And if all that breaks down, it’s not Joe Concerned-Citizen who tells you about it, or even Mallory from your competitor who waltzes out with trade secrets who gets held to account, it’s the manager and/or executive in charge of facilities and security who’d be answering the difficult questions, probably with their lawyer at their side.

It sad that the legal system hasn’t yet started to hold people to account for having incompetent web developers and server operators.

If you make a library open to the public but then get upset they are reading the books, who is in the wrong here?

I generally agree with this, but there is more nuance involved- like what if the library has a sign that says "Keep out"? Does the trespasser then bear some responsibility? i.e. Being served a 403, then appending some URL param that grants access. I wouldn't call this hacking, but it's something else- like "Digital trespassing", after all the 403 is a sign, not a cop. All of this to say The Simpsons did it.

> Accessing data that you are not authorized to view is still wrong.

So if a piece of paper flies in my face and has company secrets and I manage to look at, I'm at fault here ?

> I might forget to lock my front door one day, but that doesn't make it ok

Sorry but if you're not going to secure your belongings, then expect to be robbed.

Being 'ok' has nothing to do with it.

> Sorry but if you're not going to secure your belongings, then expect to be robbed.

It’s not even “getting robbed” really. Nobody here deprived the owner of anything. It’s more like:

Sorry but if you're not going to secure your belongings, then expect to have people look at your stuff.

A public web service is not the threshold of your home. If you want to make a domestic analogy, it's the box you drop off at Goodwill. You put something in there that you didn't mean to, and you understandably feel violated now that people are browsing it on Goodwill's shelves, but you can hardly blame the shoppers for that.