Pro-tip: CFAA only applies if you cross state lines between you and the server. Otherwise, state laws applies and there are/were some states that never passed any 'anti-hacking' laws.
Pro-er tip: if you are in the US and access a computer over any kind of service provider network (Internet, leased line, etc.) you should operate on the assumption your traffic is crossing state lines and the CFAA applies to your activities.
Tools like traceroute cannot show you where your traffic is physically being sent because: there may be no geographic information in the router reverse DNS records, that information might not be accurate if it is present, and layer 3 tools cannot show you the underlying layer 1/2 path (which might be wildly different than the layer 3 hops would suggest.)
Spot on. More simply, no matter the technical underpinnings, the case will be made in court that because your service provider (and probably the carriers it's connected to) have infrastructure across state lines at all, your traffic could have crossed state lines, and the court will be asked to assume it did. And they probably will.
You can make a reverse DNS record (or any DNS record, for that matter,) say anything at all. There isn't a National Committee for the Verification of DNS Updates checking this stuff out and demanding in-person inspections and notarized affidavits swearing that 100% of all information in the DNS is accurate and means whatever the end-user might infer it to mean.
For instance, part of the tracroute from my house to Google looks like this:
6 be-33112-cs01.doraville.ga.ibone.comcast.net (96.110.43.81) 19.602 ms
7 be-33142-cs04.doraville.ga.ibone.comcast.net (96.110.43.93) 22.738 ms
8 be-302-cr13.56marietta.ga.ibone.comcast.net (96.110.39.49) 23.202 ms
You can see these hostnames are obviously meant to encode some geographic data -- strictly for the convenience of the provider, it doesn't mean anything else -- but you, as the user, cannot tell from these records that these routers are actually where you think they are, based on the host names.
Another issue is the server you're communicating with might take a completely different path to get back to you, and you'd have no real way of knowing that.
rDNS information is provided by the owner of the IP address, not the owner of the domain. More generally there are spoofing and poisoning attacks against DNS.
Absolutely not. Any computer connected to the internet, even behind a firewall / NAT / etc. is considered to be involved in interstate or foreign commerce and thus a "protected computer" subject to 18 USC 1030. It's not your actions that make it a protected computer. 1030(e)(2)
Source: experience.