Security News > 2020 > September > Surprise! Voting app maker roasted by computer boffins for poor security now begs US courts to limit flaw finding

Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act, a law that critics say inhibits security research because it's overly broad. The app maker filed an amicus brief [PDF] on Thursday in Van Buren v. United States in support of the US government, which seeks to uphold the 2017 conviction of former Georgia police officer Nathan Van Buren under the CFAA. Van Buren was convicted of violating the CFAA for conducting a computer search for a license plate number.

Coincidentally, its app was slammed in February by computer scientists for a variety of security flaws.

"Voatz's own security experience provides a helpful illustration of the benefits of authorized security research, and also shows how unauthorized research and public dissemination of unvalidated or theoretical security vulnerabilities can actually cause harmful effects," the company's filing says, even as it insists the MIT researchers found no meaningful flaws.

In an email to The Register, Daniel Weitzner, Founding Director of the MIT Internet Policy Research Initiative, and one of the three authors of the Voatz app analysis [PDF], opposed the idea of letting companies criminalize security testing in their terms of service.

"The vagueness and potential breadth of the Computer Fraud and Abuse Act made it considerably more difficult for us to conduct our security analysis," said Weitzner.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/04/voatz_supreme_court/