Nosal’s conviction under CFAA hinged on a clause that criminalizes anyone who “knowingly and with intent to defraud, accesses a protected computer without authorization”. Though CFAA is often understood to be an anti-hacking law, that clause in particular has been applied to many cases that fall far short of actual systems tampering.

CFAA has, for instance, been used to prosecute violation of Terms of Service agreements (which are themselves a contested practice). Most notoriously, the law was used to pursue Aaron Swartz, the young programmer who committed suicide after being charged with mass-downloading research papers from an MIT database, in violation of its terms of service—despite the fact that he was then a research fellow at MIT, with authorized access to the involved database.

Because of cases like this, The New Yorker’s Tim Wu has described the CFAA as “the worst law in technology“.

One of the Ninth Circuit judges, Stephen Reinhardt, seemed to agree with those interpretations in his dissenting opinion.