The CFAA only applies to us little guys. It doesn't apply at all to larger corporations. Especially ones in excess of 1$ billion a year revenue.

one would argue that when you voluntarily install a device that listens to unauthenticated verbal requests, you pretty much consent to everything.

In other words, people who buy alexa and ghome do not get to complain about unauthorized use, or privacy for that matter.

A verbal request from your TV is pretty much equivalent to typing in an URL "by hand", and AFAIK people got sacked under CFAA for the latter, because of "unauthorized" access to data.

In my layman's opinion, there's a potential for a case here.

Unauthenticated != Authorized

And for that matter

Authenticated != Authorized

Whether you can do something is orthogonal to whether you're allowed to do it.

Correct. Example: this user logged into my service. Let's try to log into gmail with the same password. It worked. I'm authenticated, but not authorized.

AT&T won the unauthenticated iPad emails thing, putting weev in prison. As far as i can tell, i have to divine the intentions of the owner of any computer i connect to before i connect to it, or i'm breaking the law.