Design is a poor guide to authorization

James Grimmelmann has a great post on the ambiguity of the concept of “circumvention” in the law. He writes about the Computer Fraud and Abuse Act (CFAA) language banning “exceeding authorized access” to a system. There are, broadly speaking, two ways that a computer user could “exceed[] authorized access.” The computer’s owner could use words [...]