Governments worldwide are in the process of updating the Budapest Convention, also known as the Convention on Cybercrime, which serves as the only major international treaty focused on cybercrime. This negotiation of an additional protocol to the convention provides lawmakers an opportunity the information security community has long been waiting for: modernizing how crimes are defined in cyberspace. Specifically, the Computer Fraud and Abuse Act (CFAA), codified at 18 U.S.C.§ 1030, dictates what constitutes illegal acts in cyberspace in the United States. Andrew Burt and Dan Geer write in Lawfare that without changing the CFAA—and other cybercrime laws like it—we’re collectively headed for trouble.