Security News > 2020 > September > Voatz Under Fire From Infosec Community Over Its Views on Security Research
In the amicus brief it filed, Voatz suggests that only authorized security research should be considered lawful, but not independent security research, even if in good faith.
"It is clear security research has tangibly improved the safety and security of systems we depend upon. It is not a given that this vital security work will continue. A broad interpretation of the CFAA would magnify existing chilling effects, even when there exists a societal obligation to perform such research," the letter reads.
Voatz even disputed MIT research that identified vulnerabilities disclosed in collaboration with CISA, further demonstrating its hostility toward security researchers, says the letter.
"To companies like Voatz, coordinated vulnerability disclosure is a mechanism that shields the company from public scrutiny by allowing it to control the process of security research. The fact that the MIT researchers discovered vulnerabilities that reflect poorly on Voatz's security only underscores the need for public scrutiny - what is simply a hassle to Voatz is a crucial warning flare to the public," the letter reads.
"A broad interpretation of the CFAA risks undoing many of these positive advancements. Voatz's actions threatening good-faith security research are indicative of what may come should the Court decide that a breach of contractual terms constitutes a criminal CFAA violation. We cannot afford to lose the benefits of security research on our digital and physical safety, and our democracy as a whole. Thus, we urge the Court to adopt a narrow interpretation of the CFAA in support of the petitioner," the letter reads.