>all the statute cares about is whether authorization existed or not.
No, that's not all the CFAA cares about.
>(a)(2)(C) Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer;
Thus my confusion. Why present the case as "without authorization" (based on the TOS) in the first place, when "exceed[ing] authorized access" (based on the C&D) seems like a much lower bar to clear and is less likely to provoke nonprofits complaining about precedent?
No, that's not all the CFAA cares about.
>(a)(2)(C) Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer;
Thus my confusion. Why present the case as "without authorization" (based on the TOS) in the first place, when "exceed[ing] authorized access" (based on the C&D) seems like a much lower bar to clear and is less likely to provoke nonprofits complaining about precedent?
https://www.law.cornell.edu/uscode/text/18/1030#a_2