The Computer Fraud and Abuse Act of 1986 (CFAA), which subjects to criminal liability anyone who “intentionally accesses a computer without authorization or exceeds authorized access.” 18 U. S. C. §1030(a)(2). ” Exceeds authorized access” is defined to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. §1030(e)(6).  This decision holds that to exceed authorized access, the defendant must have accessed information which he was not authorized to access at all.  It is not a violation of the statute for an authorized user to access information that he is authorized to access but do so for a purpose that is unauthorized or to use the accessed information in an unauthorized manner.