> Also, the protected computer has to be involved in commerce.

In the US, virtually everything is involved in 'interstate commerce'. See https://en.wikipedia.org/wiki/Commerce_Clause

> The Commerce Clause is the source of federal drug prohibition laws under the Controlled Substances Act. In a 2005 medical marijuana case, Gonzales v. Raich, the U.S. Supreme Court rejected the argument that the ban on growing medical marijuana for personal use exceeded the powers of Congress under the Commerce Clause. Even if no goods were sold or transported across state lines, the Court found that there could be an indirect effect on interstate commerce and relied heavily on a New Deal case, Wickard v. Filburn, which held that the government may regulate personal cultivation and consumption of crops because the aggregate effect of individual consumption could have an indirect effect on interstate commerce.

> The word "accessed" is used multiple times throughout the law.

So what? It isn't in the section I quoted above. I could be wrong, but my reading is that transmitting information that can cause damage with the intent of causing damage is a violation, regardless of if you "access" another system.

> Also, the protected computer has to be involved in commerce

Or communication.

Now, from an ethics standpoint, I don't think there is anything wrong with returning a zipbomb to malicious bots. But I'm not confident enough that doing so is legal that I would risk doing so.

> So what? It isn't in the section I quoted above.

You can't read laws in sections like that. They sections go together. The entire law is about causing damage through malicious access. But servers don't access clients.

The section you quoted isn't relevant because the entire law is about clients accessing servers, not servers responding to clients.

Every reference to access I see in that law is in a separate item in the list of violations in section 1. Where do you see something that would imply that section 5a only applies to clients accessing servers?