The threat in question is the threat of criminal prosecution under the Computer Fraud and Abuse Act.
The threat is "credible" as long as it is not definitively rule out. The plaintiffs need not subjectively fear prosecution. They do not need to show that the government has not prosecuted such cases in the past. Government policies and statements that it does not intend or expect to prosecute such cases do not show the threat is not credible. The court notes, "Absent a specific disavowal or a clear indication that plaintiffs’ conduct falls outside the scope of the criminal provisions, plaintiffs adequately demonstrate a credible threat for standing purposes."
You have completed this tutorial.