Facebook is continually changing its features, partly to enable it to collect more information that it hopes will be of interest to advertisers.  Ironically, though, some of the very practices it encourages, or at least allows, violate its terms of service (TOS) – such as tagging a photo of a friend without his consent or soliciting recommendations about where to go to dinner without posting your very own privacy policy first (yes, these really do violate Facebook’s TOS).  And according to a recent federal court decision in Facebook v. MaxBounty, a user who violates Facebook’s TOS may thereby violate the Computer Fraud and Abuse Act (CFAA), on the theory that the user exceeded her “authorized access” to the site.  The logic of the ruling, of course, applies to violations of any website’s TOS, not just Facebook’s.  We’ve reported on previous court decisions that applied this logic in the criminal context.  But the ordinary user runs little risk of being prosecuted for a TOS violation.  A civil suit, though, may be a realistic possibility if a website has a beef with a user.  This places an enormous amount of discretion – and leverage – in the hands of website operators.  By the same token, it creates new risks for website users who violate a site’s TOS.