Let's say you accidentally discover a vulnerability in a bank's web site by mistyping a URL and you ended up at a different customer's account. You write up your finding, and you privately send it to the bank's security team and ask them for nothing in return other than that they act quickly to protect your account. And let's say they turn around and accuse you of hacking them under the Computer Fraud and Abuse Act, and they provide your own written report to the Secret Service as evidence against you? Who is the ethical party? How would money alter the ethics? If you gave them the details of the flaw and asked the bank for a $1,000 reward, would that change things? What if you offered to tell the bank of the flaw in exchange for $1,000? If they don't pay, are you ethically bound to not sell the vulnerability to a third party? What if you don't know of any specific flaw in your bank's site, but you would like to make some side money as a pen tester; so you send them a letter asking if they have a "pay for vulnerability policy", and they respond by placing a hold on your account and calling in the Secret Service? Who is acting ethically in that scenario? What if you fear retribution so you ask this question anonymously? Are you more or less suspicious to the bank? Should they be more or less likely to seek your prosecution? What if you exploit the vulnerability personally to view Paris Hilton's bank balance, but you don't do anything malicious to her account? What if you disclose that balance information to the tabloids? What about viewing the bank data of a non-celebrity? And if not the bank, which third party might you sell it to? A security researcher? A competing bank? Microsoft? A hacker? Some random alias on darkode? Different people are likely to view these behaviors differently, including banks, law enforcement, hackers, computer security professionals, lawmakers, bank customers, and the general public. Different legal cases with different judges are likely to interpret these differently, as well.
I'm sorry, I don't see a single one of those as vague ethical quandaries. You seem to be confusing "ethics" with "what a bank/government would do in today's litigious, paranoid, and ignorant society."
To answer your questions in order though:
1) You were acting ethically, the bank was not.
2a) No, you're now simply asking for a tip for services already rendered.
2b) Dramtically by introducing an artificial and selfishly motivated barrier to aiding those in need.
2c) You are ethically bound to not "sell" the solution to anyone, but rather to freely inform those who have the power to address the situation without affecting other innocent parties.
3) There was no ethical attribute to your action, the bank is being unethical.
4a) No
4b) No, they shouldn't be seeking prosecution in either case.
5) You are acting unethically in all three scenarios, especially the 2nd.
6) The information should not be sold at all. But if the bank is not interested, then a security firm, and the FTC, FCC, SEC, and FDIC should be next on your list.
I don't think they would view these scenarios differently than laid out above from a strictly ethical point of view without a damaged moral compass. Legally speaking, there might be slightly more of a gray area around whether the bank has the right to charge you with a crime, but selling the information will be illegal barring an agreement struck with the bank before you were in possession of the knowledge. Viewing another person's account information, famous or not, is always illegal. You're really not raising any hard questions.
Did you know all living things have exactly the same length of life in terms of heart beats. All animals get about 2 billion heartbeats of life.
Did you know that most factoids found on the Internet are wrong?
First, the factoid states 1 billion, not 2.
Second, it only holds remotely true when restricted to mammals.
Third, it's really not a very tight correlation between 1 billion beats and lifespan. (scroll down a bit)
Fourth, the real correlation is between energy consumption and size.
Fifth, don't believe everything you read, and please, please, don't go spouting off everything you "know."
I have to prop my tablet up on a pillow
OH!! the HUMANITY!!
I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"
