Traverse Internet Law pursues hackers. And things are a bit murky out there right now as to who is, and is not, a hacker, or cracker. There are criminal laws against hacking, and there is both statutory and common law (trespass to chattels) authority for bringing a civil action against a hacker, but the real problem I have is the failure to distinguish between a serious hacker attempting to do damage and a passive unauthorized access by wandering eyes. So, for instance, the guy who breaks into a hospital's records by finding a hole in its system, and then runs a password program once he is past the initial line of protection, all so he can get in, take confidential medical information about his enemies and publish it on the web, and while he is in the system he intentionally corrupts the database...well, that guy is a real problem, a real criminal, and he deserves what is coming.
On the other hand, someone who visits his competitor's website weekly to check on information available to members, on which there is a user agreement provision prohibiting competitors from visiting, is likely just as guilty, criminally and civilly, under many state laws. Traverse Internet Law tried a hacking case last year in which my client, a CTO of a Fortune 500 company, was indicted on felony charges because he got his estranged wife's email address from one of his kids and went into his wife's password protected online email account. Luckily the prosecutor made a misstep in the middle of trial and my motion to dismiss was granted. But, it was a ridiculous waste of time, and considering my client's job as Chief Technology Officer, any hacking conviction would have ended his career. That result would obviously have been punishment disproportionate to the misconduct.
There is unauthorized access (similar to trespass) and then there is hacking (similar to assault and battery!). We need to get the legislators to understand the difference between the two, and pass some laws that are reflective of reality. Those that access a competing website by borrowing a roommate's password (like just about all college kids do) to see information thousands of others can see is likely trespassing, but he is not a hacker. Not by a long shot.
It is not difficult to see the line, and when the intent of the trespasser is to damage or steal and he actually causes damages above an appropriate threshold, I can appreciate that criminal prosecution is justifiable. Otherwise, let the parties deal with it in civil court.