Penalty: "shall be punished by a fine of not more than one hundred dollars or by imprisonment for not more than thirty days or both such fine and imprisonment."

On top of that, look at the wording: You have to have some specific notice that you're unauthorized before it's trespass. And then the penalty is a $100 fine or 30 days. So okay, you want to have the digital equivalent of trespass, let's do the same thing: You have to have been specifically told (not implied by some trumped up circumstantial nonsense about MAC and IP addresses or URLs) that you aren't allowed to access a particular computer and then have done it anyway, and then the penalty should be $100 or 30 days.

Because that's the trivial offense. That's the one that should have the really low penalties because it doesn't necessarily imply any substantial harm. The high penalties should be for high value financial fraud or misappropriating classified materials or disrupting the control systems at a power plant or a chemical processing facility, and they should each be separated out so that we know what they are and have penalties proportional to the specific offense.

And to do that we don't need to talk about XML or SOAP or AJAX, because that isn't what matters. It doesn't matter specifically how you did it, it matters what you did and what you intended to do. This is why we don't have laws against trespassing while wearing a yellow shirt. Because you don't need to specify the irrelevant details, only the relevant ones, and the specific underlying technology is almost always irrelevant to a particular class of criminal activity. Sometimes it does make a difference, and then you need to update the law, but that doesn't actually happen so often that we can't keep up with it if we're paying attention.