(no title)

There's a few big differences here: (1) the "someone" is a company with $7B/yr in revenue and dedicated security resources, also (2) with millions of users relying on their doing an Ok job securing the "home", and (3) which is connected to a network immediately accessible to anyone from bored teenagers all over the world to organized criminals and nation states looking to harm their users' interests. If a random script kiddie can find this hole by accident, how many determined teams with even minor budgets were accessing their network? Spooking KPN's security team into action was a mitzvah all around, even if he did not with whole heart and mind intend it as such [1].

More generally, the story this reminded me of most is that of Aaron Schwartz -- it's a true sadness that our societies deal so poorly with analytically developed folks' efforts being even slightly mis-applied by some fiendish letter-of-the-law measure and otherwise "good" people entrusted to exhibit moral judgement seem to go into a frothing-at-the-mouth attack against those who literally did no harm to groups that are supposedly being protected (scientific publishing / ISP users). I'm not sure if there is a theory of law by which a more-global net-good can completely outweigh more-local crimes, but it seems a society that were to allow for that would be both more successful and just.

1. https://judaism.stackexchange.com/questions/28579/do-you-get...