Voatz: Unauthorized Security Research Should Fall Under Abuse Act

The blockchain voting app Voatz explained to the Supreme Court that unauthorized security research has to fall under the computer fraud and abuse act as we are reading more in our blockchain news today.

Voatz filed an amicus to the US Supreme Court arguing that unauthorized security research should be regulated under Abuse Act and Computer Fraud. Electronic Frontier Foundation argued that the interpretation of the act has to put a chill on the valuable security research. The MIT researchers earlier this year,  the blockchain-based voting app Voatz to task alleged security vulnerabilities. Voatz criticized the researchers on assumptions instead of asking for access to the server.

The government might not be ready to declare #Election Day a federal holiday – so more companies are saying they'll give employees time off to #vote this November. https://t.co/OMTgisEPir

— Voatz (@Voatz) September 3, 2020

Voatz told the US Supreme Court that the third-party researchers should not be legally able to poke around other systems without permission of the company that is researched and under supervision. In the case under review is the ability of independent researchers to do their work and to alert the public that vulnerabilities could get swept under the carpet.

Voatz submitted an amicus brief to the US high court in the case of Van Buren v United States. The case involved an ex-Georgia police sergeant under the name Nathan Van Buren who demanded an unnamed person give him money for accessing a law enforcement database. Van Buren was busted by the FBI during a sting operation and was therefore convicted of violating the Computer Fraud and Abuse Act, which prevents people from hacking computers.

Van Buren argued that the CFAA doesn’t apply because he had access to the databases but he was not supposed to use it in that matter. He claimed that he is not just some hacker and then the case made its way to the Supreme court which will rule on “whether a person who is authorized to access information on a computer for certain purposes violates…the CFAA if he accesses the same information for an improper purpose.”

The criminal justice organizations have weighted in and saw the case setting a bigger precedent. The Electronic Frontier Foundation that filed the brief, argued that CFAA could be used to convict someone that violates the websites’ terms of service. According to them, this will put independent computer security researchers are legal risks if they engage in beneficial security testing over standard security research practices such as accessing publicly available data that will be beneficial to the public that is prohibited by the owner of the data.