That there is no legal definition of "authorized access" is the problem with the CFAA. One could argue that if the website is sending the data to your computer, you're authorized to access it, and that's the end of it. That'd definitely be the most favorable interpretation for the tech community. Unfortunately, in many cases, extrapolations like those you've invoked are used instead: "He knew he wasn't supposed to have it", "we told him to go away", etc.