Comment Re:To the point... (Score 1) 148
No, he sent a query to the webserver, and the webserver did what it was designed to do and answered it.
You're overlooking the part about purposefully manipulating the query in such a fashion as to trick the webserver into thinking you're someone else.
AT&T was the one making the mistake by assuming that all trivially-correctly-formatted requests were from AT&T customers as opposed to actually checking whether the requester was - in fact - a customer (something they could've easily done!)
AT&T's mistakes do not excuse the actions of the accused.
It's about precedent, and "some queries shouldn't be sent to a webserver, but you don't know what those are until we nail your ass" is a pretty damn bad precedent.
There's no overly broad precedent here, unless you're trying to claim that prosecuting people for impersonation is a scary precedent.