the CFAA is written is such an ambiguous and dated way that the punishments it prescribes are often wildly disproportionate to the crime. For example, the CFAA allows prosecutors to pursue the same draconian measures—with punishments ranging from five to 15 years per charge—for acts as benign as violating the terms of a vendor’s service agreements and those as malicious as a concerted effort to break into a computer and steal credit card numbers. The CFAA violations that Swartz, Downey and Auernheimer were charged with were hardly major acts of computer terrorism, yet the law treated them as such.