A bill designed to stop criminal hacking could also end up snagging those who would fall into the category of noncriminals: people who use their work computers for personal reasons or provide fake information on websites–even if that information is as simple as one’s age or weight.

The attorney general’s office that helped create the bill says the intention is not to criminalize legitimate behavior. Instead, they say, the goal is to prosecute snoopers, or hackers, who access computer systems whether or not they disrupt or steal data.

However, because of the wording in the measure is broad, some worry that people who go beyond their user agreements or who hack to identify cybersecurity flaws that should be fixed could be swept into the criminal category.

Read the full story at The New York Times.