[__b__]

What if Zuckerberg had received a cease and desist letter when he was accessing computers without authorization at Harvard?

Before any student willingly sent him personal information, he had to exfiltrate such information i.e. photos of other students so other students would be compelled to look at websites he created using said photos.

He did eventually receive a cease and desist letter, and he ignored it. But of course it was not from the people charged with protecting students' personal information nor the students themselves. You know the story.

As with Google, under today's culture it's acceptable for Facebook to aggressively collect personal information in bulk and pay little attention to obtaining permissions, but it is not acceptable for anyone to attempt to collect information in bulk from Google or Facebook. This make no sense to me, but I gues I am just obtuse.

Maybe what Kerr is wondering is when the necessity of sending costly snail mail cease and desist letters will give way to some less expensive digital form of notice. When that happens, the threat of the CFAA can be used on a mass scale. Perhaps then we would see it in every Terms of Service. Maybe we could create a new HTTP response code: HTTP/1.1 606 CFAA Notice.