The way the legal system works, the safe option is to not do anything with systems that you don't own or have authorization to use.
Like public facing websites that advertise they are meant to have users are pretty safe, but after that, explicit authorization is a good idea vs deciding for yourself whether it might be critical infrastructure.
Like public facing websites that advertise they are meant to have users are pretty safe, but after that, explicit authorization is a good idea vs deciding for yourself whether it might be critical infrastructure.