Circumventing an intentional security measure is illegal in some areas...and at best unethical in others. The file you point to may be accessible if you go to the site it is hosted on and click the link, but pretty obviously they don't want it hotlinked or they wouldn't have gone through the trouble to prevent such a thing.
From technical point of view, the URL parameter could be concerned for their own management issues only, and tells nothing about their intentions on preventing for hotlink, except if they mention it in T&C within the web site, if they don't mention it, it cannot be illegal, but it may be unethical, which cannot be measured in legal term.
Do you find any case in court how people discuss in this potential unethical issue?
Thanks everyone very much for any suggestions