[rurabe]

The CFAA is a law about how you access systems, so this ruling defines "authorization" under the CFAA as "had legitimate access to this system" only.

There are many other laws that you can still be charged with that govern what you access, irrespective of how, ie copyright, child porn, confidential information.

The people who view this as a win are worried that if "authorization" is defined as "against any rule, made by anyone" then the CFAA could be used to criminalize almost anything online. Note that restriction of the CFAA does not let you off the hook of other laws.

The people who worry about this are worried that judges had to use a fair bit of extrapolation and guessing as to the intent and effects of the law because the wording is pretty vague, and probably problematic for internet activity if interpreted very narrowly.