The CFAA may have been written with malicious computer break-ins in mind, but in reality it’s used to target an incredibly broad range of activities completely divorced from “hacking,” and Aaron Swartz is only the most recent example. Framed during a time of widespread computer illiteracy when nefarious depictions of hackers dominated mainstream media, the law attempted to bring order to the new computational “Wild West” by combating unauthorized access to protected systems in government and finance. But today, the CFAA can effectively mark anyone who uses a computer to access another computer (e.g., anyone on the internet) as a felon.

The hook in Swartz's case had to do with something we should all be familiar with: Terms of Service. Whether we’re using Gmail or Facebook or logging on to a company-owned server at work, these contracts have us agree to certain rules as a condition of accessing a computer or service. If we break any of these rules, the company has the right to suspend access, terminate employment, or sue in court, if the resulting damage is significant.

All of that would be just fine if it weren’t for a section of the CFAA describing “unauthorized” and “excessive” access of a “protected computer” — or to be more accurate, not describing it. This section is supposed to define the terms which constitute a criminal intrusion, but the language is so plain that the law basically leaves this up to the imaginations of the courts.

The result is that the courts actually default to the language in those Terms of Service, network use policies, and other private contracts, as defined by the employers and web services in question. To wit, the CFAA can make breaking a code of conduct or violating a social network’s Terms of Service into a felony, which in effect gives private companies the ability to set the definitions of criminality wherever a computer is involved.

That’s not because of any recent changes in the law’s text, however — it’s due to aggressive federal prosecutors taking advantage of the CFAA’s malleable nature to crack down on a wide variety of computer-related activities — including, conveniently enough, the kind that embarrass or undermine the authority of the federal government and their corporate sponsors.