Further to my previous post, I recommend Stephen Carter's column for Bloomberg View on the American zeal for making more and more conduct criminal. Referring to Douglas Husak's book, Overcriminalization, he writes:
The Computer Fraud and Abuse Act -- the principal statute under which Swartz was charged -- is a good example of Husak's point [about the government's expanding "power to arrest and prosecute nearly everyone"]. Enacted in the 1980s, before the Internet explosion, the statute makes a criminal of anyone who "intentionally accesses a computer without authorization or exceeds authorized access" and, in the process, obtains financial information, government information or "information from any protected computer."
What's wrong with this language? Consider: You're sitting in your office, when suddenly you remember that you forgot to pay your Visa bill. You take a moment to log on to your bank account, and you pay the bill. Then you go back to work. If your employer has a policy prohibiting personal use of office computers, then you have exceeded your authorized access; since you went to your bank website, you have obtained financial information.
Believe it or not, you're now a felon. The likelihood of prosecution might be small, but you've still committed a crime.
Carter recommends, as a partial remedy for prosecutorial excess, a measured rolling back of prosecutors' immunity from civil liability. It's a very good article.