What law is he breaking (relative to both the US and Germany)?
In US criminal law, there is the Computer Fraud and Abuse Act, which has very specific narrow provisions, including the test of "has to intentionally cause damages to a computer system part of interstate or foreign commerce."
Which does not apply here.
McD's would have to pursue, instead, a civil case, based around a EULA or ToS, tantamount to breach of contract, and to recover damages.
I would assume that Ronald McDonald Esq would just issue a form Cease and Desist, and call it a day.
> [DMCA] section 1201 creates a potential legal obstacle for a researcher or coder if a software vendor employs mechanisms that control the way copyrighted software or other materials can be accessed or used. Many people think of section 1201 as prohibiting cracking digital rights management schemes (DRM). However, the language of section 1201 prohibits more than breaking traditional “copy-protection” mechanisms applied to DVDs and digital video downloads. It also prohibits breaking “access controls”. Software vendors have argued, or are likely to argue, that techniques such as authentication handshakes, code signing, code obfuscation, and protocol encryption all qualify as “technical protection measures” protected by the DMCA.
Under the Computer Misuse Act in the UK, unauthorised access is enough, especially if it impedes other uses from legitimate access. (IANAL either mind)