Jamie Williams writes:
One of the most frustrating things about law is how slowly it changes, leaving courts to apply old laws to facts that Congress never anticipated. That’s certainly the case with the Computer Fraud and Abuse Act (CFAA)—the federal “anti-hacking” statute, which was passed back in 1986 and is notoriously out of touch with how we use computers today. This year has seen some minor victories for the CFAA, but we still have a long way to go.
The CFAA makes it illegal to intentionally access a “protected computer”—which includes any computer connected to the Internet—without authorization or in excess of authorization. But it doesn’t tell us what “without authorization” means. This has given overzealous prosecutors broad discretion to bring criminal charges under an anti-hacking statute for behavior that in no way qualifies as “hacking.”
Read more on EFF.