Based on the government's definition of unauthorized access, Kozinski observed, that provision would apply to "large groups of people who would have little reason to suspect they are committing a federal crime," such as employees who violate company policy by using workplace computers to play games, answer personal email, read blogs, watch YouTube videos or check sports scores. Even people using their own computers on their own time could be prosecuted for violating "terms of service" they have never read by fibbing about their age or weight on dating sites, posting photos of other people without their permission or sharing content that Facebook deems offensive.
Kerr notes that terms of service "are written extremely broadly to give providers a right to cancel accounts and not face any liability." Hence, "violating the TOS is the norm," and criminalizing such violations "would give the government the ability to arrest anyone who regularly uses the Internet."
That danger is not merely theoretical. Remember Lori Drew, the Missouri woman who was widely vilified in 2007 after she played a MySpace prank on a 13-year-old girl who later committed suicide? Although Missouri prosecutors concluded that Drew had broken no laws, Thomas O'Brien, then the U.S. attorney in Los Angeles, took it upon himself to prosecute her for violating the CFAA by disregarding MySpace's terms of service.
In 2009, U.S. District Judge George Wu threw out Drew's conviction, ruling that O'Brien's reading of the CFAA would make the law unconstitutionally vague, giving grandstanding prosecutors like him unbridled discretion while leaving their potential targets -- pretty much everyone -- uncertain about how to comply with the law. As Kozinski put it, "We shouldn't have to live at the mercy of our local prosecutor."