>I very much feel their ruling is correct. The CFAA is intended to target "hackers," not policy violations.
ok, but devil's advocate for a second - much hacking is actually just lying to people to get access to things you shouldn't have access to - so pretty much closer to policy violations than the stuff most people associate with 'hacking'
I believe this would still be covered by the first clause, the one not even being argued in this decision.
> Subsection (a)(2) specifies two distinct ways of obtaining information unlawfully—first, when an individual “accesses a computer without authorization,” §1030(a)(2), and second, when an individual “exceeds authorized access” by accessing a computer “with authorization” and then obtaining information he is “not entitled so to obtain,” §§1030(a)(2), (e)(6).
I fraudulently obtain and use credentials to a system which authorize another person to access it. I am still "accessing a computer without authorization", because those credentials never authorized me.
This starts to get really fuzzy if I fraudulently have credentials explicitly granted to me...
But let’s say you called someone on the phone and lied to them to gain access to a computer system, you committed wire fraud doing so. It’s just a different crime because the thing you did wrong involves lying on the phone.
ok, but devil's advocate for a second - much hacking is actually just lying to people to get access to things you shouldn't have access to - so pretty much closer to policy violations than the stuff most people associate with 'hacking'