Access isn't necessarily the same as authorization. After all, any hacker who successfully penetrates a system technically has access to it at that point. Their argument would be that you exceeded your authorization by deleting files or a website, defacing it with porn or a "Widgets Inc. Doesn't Pay Its Bills" notice, scrubbing a Git repo, or whatever other poison pill you implemented to force payment.
And they'd likely win with that argument under the CFAA. Even if they just handed you login credentials, they did so in the context of you fulfilling a specific task. From a technical perspective, those credentials might give you root access that lets you do anything. From a legal perspective, that's not the same as giving you authorization to do anything. For the CFAA, this would likely constitute "exceed[ing] authorized access." Not to mention that taking down a site (or just defacing it) is, on its face, clearly against a client's interests.
In any case, you're using the threat of damage to force payment. Even if the client owes you a valid debt, those threats can likely be considered extortion. The sort of jerks who will gleefully screw over a freelancer because, as they so kindly informed you, "no one will listen to you" are often the sort who have no problems with screwing you another way.
And they'd likely win with that argument under the CFAA. Even if they just handed you login credentials, they did so in the context of you fulfilling a specific task. From a technical perspective, those credentials might give you root access that lets you do anything. From a legal perspective, that's not the same as giving you authorization to do anything. For the CFAA, this would likely constitute "exceed[ing] authorized access." Not to mention that taking down a site (or just defacing it) is, on its face, clearly against a client's interests.
In any case, you're using the threat of damage to force payment. Even if the client owes you a valid debt, those threats can likely be considered extortion. The sort of jerks who will gleefully screw over a freelancer because, as they so kindly informed you, "no one will listen to you" are often the sort who have no problems with screwing you another way.