Monday, September 9, 2019
Orin Kerr has this post at The Volokh Conspiracy. In part:
Under the new decision, violating the CFAA requires "circumvent[ing] a computer's generally applicable rules regarding access permissions, such as username and password requirements," that thus "demarcate" the information "as private using such an authorization system." If the data is available to the general public, the court says, it's not an unauthorized access to view it—even when the computer owner has sent a cease-and-desist letter to the visitor telling them not to visit the website.
This is a major case that will be of interest to a lot of people and a lot of companies. But it's also pretty complicated and easy to misunderstand.