The term "access" is very broadly defined. Even issuing a command to a computer may be termed "access." As Professor Orin Kerr has pointed out (pdf):

Imagine a user wishes to log on to a password-protected computer, and sends a request to the computer asking it to send back the page that prompts the user to enter a username and password. The computer complies, sending the page back to the user. This would not access the computer from a virtual perspective, as it would be something like walking up to a locked door but not yet trying the key. From a physical-world perspective, however, the request would be an access; the user sent a command to the computer and received the desired response. Similarly, consider whether sending an e-mail accesses the computers of the recipient’s Internet service provider. From a virtual perspective, the answer would seem to be no; a user who sends an e-mail to the ISP does not understand herself to have "entered" the ISP. From a physical perspective, however, the answer seems to be yes; the user has in fact sent a communication to the ISP that its servers received and processed.

Thus, in cases like State v. Allen in Kansas in 1996, the court threw out an indictment of someone who merely attempted to log in to a password protected account, even though he technically "accessed" the computer. In the civil and threatened criminal prosecution of Georgia computer researcher Scott Moulten, whose was charged with conducting an unauthorized port scan on a computer network, the analogy between physical trespass and electronic unauthorized use breaks down. In the Robert Morris Internet worm case, Morris used, among other techniques, a feature in the sendmail protocol to propagate his worm. The Court of Appeals in that case, (disclosure: I prosecuted and handled the appeal) had to deal with the fact that Morris was authorized to send mail, but not necessarily "authorized" to make an exploit. The court concluded:

The evidence permitted the jury to conclude that Morris's use of the SEND MAIL and finger demon features constituted access without authorization. While a case might arise where the use of SEND MAIL or finger demon falls within a nebulous area in which the line between accessing without authorization and exceeding authorized access may not be clear, [the statute has since been modified to prohibit both] Morris's conduct here falls well within the area of unauthorized access. Morris did not use either of those features in any way related to their intended function. He did not send or read mail nor discover information about other users; instead he found holes in both programs that permitted him a special and unauthorized access route into other computers.

Thus, under the Morris analogy, if you use a program or command in a way that it is not intended to be used, you run the risk of this being an "unauthorized" access.

But what about Ritz? He used the zone transfer precisely as it was intended to be used, but it appears that Reynolds and Sierra had not configured their network to prevent a zone transfer. Does failing to prevent something constitute "authorization" to do it? Is the rule, anything is permitted unless expressly prohibited, and even so, unless technology is deployed to prevent it? Or is the rule, you aren’t allowed to do anything unless the website operator says you can? In one case, subpoenaing e-mail was considered an unauthorized access to a computer!

There are no hard and fast rules here. Do we look at what the property owner intended (I never expected anyone to use my wireless connection), what the alleged trespasser thought (hey, there was no sign, and it was configured to allow it), or some hybrid (what would a reasonable computer user have thought?) Obviously, the trespasser should have some knowledge that their actions were in some way "wrongful" although common law trespass did not always require this.