weev was convicted and sent to prison for violating the CFAA, based on his "unauthorized access" to AT&T's site (the limits of which are presumably defined by the ToS). His conviction was reversed on the technicality of improper venue, not the dubious nature of the conviction or the belief that ToS should not be eval'd into federal law.
IANAL, but my feeling is that eventually the evil companies will come up with a TOS so awful that even the Supreme Court will be sickened by it and be inspired to thoroughly reevaluate CFAA. They won't throw it out entirely, but they'll pick out a particular set of valid terms, and we'll learn to live with TOSes built with those.
The CFAA is a critical component in maintaining highly significant tech monopolies like Facebook. I don't think that SCOTUS will clamp it down. Computer access is abstract enough that it is hard to get a political fervor generated, and most people are able to use their computers without impediment, so they're never going to really care (cf. copyright, which is possibly the most widely violated law today, yet the function of which most people continue to remain completely ignorant).
The parties that are interested in these things are going to be large companies that are paying lobbyists to get stricter restrictions pushed through, not political grassroots mobilizing to reverse it.
As an example, last year Congress passed and President Obama signed a law strengthening the CFAA's restrictions by prohibiting the circumvention of "any technological control on an Internet website or online service ... used to enforce online ticket purchasing limits or to maintain the integrity of posted online ticket purchasing order rules".
Like many laws, at a superficial reading, this looks fine, but then we get into the details. What constitutes an "event" or a "ticket"? Is a restaurant reservation an event, and does one circumvent a technological control if they inform a user that a reservation may be available (compare OpenTable)? Is hailing an Uber an event that creates a ticket, and if so, how would this impact third party applications that interface with Uber in some way? etc.
Like copyright, the CFAA, in some form or another, is here to stay, because it is a major part in the legal force used to prevent direct competition against the entrenched interests/incumbent players. It's really hard to get a political upswell over abstract, rarely-deployed concepts (even then, they make a token change and the meat of the policy remains intact).
Health coverage is a much more pressing abstract issue that negatively impacts a much larger percentage of the citizenry and we still can't find a way to agree on that, I'm not optimistic about copyright and/or network access.
It is possible that the CFAA will go away in many years after there is much more cross-generational technical awareness, but I'm personally doubtful. Would someone have been having the same kind of discussion re: copyright in the 18th century, as legal frameworks allowing people to own information emerged?
The ability to eval a ToS into federal law and get people sent to prison for it will probably go away, but the ability of a site's owner to pursue someone who won't quit asking their server for information in an undetectable-server-side, non-disruptive manner probably won't.
Disclaimer: I'm not a lawyer.
Edit: It was MySpace.
https://en.wikipedia.org/wiki/United_States_v._Drew
> United States v. Drew[1] is the final decision in a criminal case that charged Lori Drew of violations of the Computer Fraud and Abuse Act (CFAA) over the alleged cyberbullying of a 13-year-old, Megan Meier, who committed suicide.
Also:
> On September 4, 2008, the Electronic Frontier Foundation filed an amicus brief in support of Drew's motion to dismiss the indictment.[10] The brief argued that Drew's indictment was wrongful because Drew's alleged violation of the Myspace terms and conditions was not an "unauthorized access" or a use that "exceeds authorized access" under the CFAA statute; that applying the CFAA to Drew's conduct would constitute a serious encroachment of civil liberties; and that interpreting the CFAA to apply to a breach of a website's Terms of Service would violate the Due Process protections of the Constitution and thereby render the statute void on the grounds of vagueness and lack of fair notice.
My understanding is that since this decision occurred at the district court level, it does not have a precedential effect, so I don't think anyone with a pending case can necessarily relax or assume that a similar outcome will be easily obtained.
Note also that in this case, a guilty verdict was entered for the defendant before being vacated by the district court almost a year later. If other CFAA cases have to go through the same process to get a similar outcome, that's better than nothing, but not really something to get excited about from the perspective of someone who has not yet been convicted.
Obviously I'm not privy to the details of weev's legal strategy, but this case didn't seem to help him either in preventing his conviction or in securing his exoneration. His conviction was overturned on unrelated grounds. Perhaps this would've been significant if the venue was not improper. (I haven't read the decision overturning weev's conviction, so it may discuss the applicability of this case regardless).
---
re the EFF's amicus brief, amicus briefs are an opportunity for the public to file their comments on the case for the court's consideration. They merely express the author's opinion and hold no value. The EFF opposes the CFAA as written as well as several other bad laws, but that's nothing new.
IANAL.
