Please reply to the below post with a substantive response

This is a good summary of the laws, but what do you think? Please explain "in excess of authorization" for me.

Here is my mini-lecture

Cyberspace is particularly difficult to secure due to several factors:

• the ability of malicious actors to operate from anywhere in the world,
• the linkages between cyberspace and physical systems,
• and the difficulty of reducing vulnerabilities and consequences in complex cyber networks.

Implementing safe cybersecurity best practices is important for individuals as well as organizations of all sizes.

• Using strong passwords,
• updating your software,
• thinking before you click on suspicious links,
• and turning on multi-factor authentication are the basics of what we call "cyber hygiene" will drastically improve your online safety.

These cybersecurity basics apply to both individuals and organizations. For both government and private entities, developing and implementing tailored cybersecurity plans and processes is key to protecting and maintaining business operations.

As information technology becomes increasingly integrated with all aspects of our society, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend.

Cybersecurity Information Sharing Act's (CIAS's) Role

In light of the risk and potential consequences of cyber events, CISA strengthens the security and resilience of cyberspace, an important homeland security mission.

CISA offers a range of cybersecurity services and resources focused on operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework.

CISA helps individuals and organizations communicate current cyber trends and attacks, manage cyber risks, strengthen defenses, and implement preventative measures.

Every mitigated risk or prevented attack strengthens the cybersecurity of the nation.

The Computer Fraud and Abuse Act (CFAA) was enacted in 1986, as an amendment to the first federal computer fraud law, to address hacking.

Over the years, it has been amended several times, most recently in 2008, to cover a broad range of conduct far beyond its original intent.

The CFAA prohibits intentionally accessing a computer without authorization, or more than authorization, but fails to define what "without authorization" means. With harsh penalty schemes and malleable provisions, it has become a tool ripe for abuse and use against nearly every aspect of computer activity.

As technology advances, the use of the criminal law to regulate conduct using such technology also advances.

Perceptions concerning the role of technology in both traditional and high-tech criminal conduct prompted the US Congress to enact the first federal computer crime law thirty years ago. Increases in computer availability and mainstream usage, however, have propelled government regulation of computer conduct into overdrive.

Over the course of thirty years, federal computer crimes went from non-existent to touching on every aspect of computer activity for intensive and occasional users alike. The Computer Fraud and Abuse Act (CFAA) of 1986, and over the years, it has been amended several times, most recently in 2008, to cover a broad range of conduct far beyond its original intent.

The breadth and ambiguity of the CFAA are deeply troubling to the National Association of Criminal Defense Lawyers (NACDL). NACDL supports wholesale reform of the CFAA and believes violations of website terms of services should not be federal crimes. NACDL opposes any additional expansion of the CFAA and is actively working to reform the CFAA throughamicussupport, coalition building, and legislative advocacy.