Voting app maker roasted by computer boffins for poor security now begs US courts to limit flaw finding.
WE WILL NEVER STOP LOOKING AT THE SHIT YOU DO.
Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act (CFAA), a law that critics say inhibits security research because it’s overly broad.
The app maker filed an amicus brief [PDF] on Thursday in Van Buren v. United States in support of the US government, which seeks to uphold the 2017 conviction of former Georgia police officer Nathan Van Buren under the CFAA.
Van Buren was convicted of violating the CFAA for conducting a computer search for a license plate number. Although he was authorized to access the police database as part of his job, he offered to look up license plates for a stripper in exchange for cash. The exotic dancer went to the Feds, who busted him in a sting operation: for a fee, he ran a plate on someone the stripper described as an undercover cop investigating her for prostitution. The license was a fake, and Van Buren was collared.
The flaws could let a hacker alter, stop or expose how a person has voted.
The MIT analysis of the application, called Voatz, highlighted a number of weaknesses that could allow hackers to “alter, stop, or expose how an individual user has voted.”
Additionally, the researchers found that Voatz’s use of Palo Alto-based vendor Jumio for voter identification and verification poses potential privacy issues for users.