From securityboulevard.com
The federal computer crime law makes it both a criminal offense and a civil offense (you can sue for damages or loss) for someone to “access a computer without authorization” or to “exceed authorized access” to a computer, and then do certain proscribed things. But the meaning of the terms “access without authorization” and “exceed authorized access” has been, to say the least, somewhat vague and ambiguous.
Specifically, when someone uses a computer, or data contained in that computer, in a way that the computer or data owner does not want—for example, when the user violates the owner’s Terms of Use or Terms of Service—is this “exceeding authorization” to access that computer?