> You're not wrong, but I would have a hard time as a jury member convicting them of a CFAA violation or whatever for creating a user named "Test TestOnly" with a bright pink image instead of a photo.
If they had added themselves as known crewmembers and used that to actually bypass airport screening, then yeah, they'd be in jail.
I think it could go any which way. The prosecution could argue that the defendant may have tampered with existing records or deleted some. In this particular case, it’s probable that the system does not have any or adequate audit trails to prove what exactly transpired. Or the claim could be that the defendant exfiltrated sensitive data (or that the defendant is trying to hide it) to share with hostile entities.
If the system has no audit logs, the prosecutor would have no evidence of any of that.
And in a system this broken the defence could even argue that anyone could have done it and modified the logs to implicate the defendant. You can't use any data from this system as evidence.
I think it could go any which way. The prosecution could argue that the defendant may have tampered with existing records or deleted some. In this particular case, it’s probable that the system does not have any or adequate audit trails to prove what exactly transpired. Or the claim could be that the defendant exfiltrated sensitive data (or that the defendant is trying to hide it) to share with hostile entities.