The Supreme Court is considering whether to adopt a broad reading of the Computer Fraud and Abuse Act that critics say could criminalize some types of independent security research and create legal uncertainty for many security researchers. Voatz, an online voting vendor whose software was used by West Virginia for overseas military voters in the 2018 election, argues that this wouldn’t be a problem.
“Necessary research and testing can be performed by authorized parties,” Voatz writes in an amicus brief to the Supreme Court. “Voatz’s own security experience provides a helpful illustration of the benefits of authorized security research, and also shows how unauthorized research and public dissemination of unvalidated or theoretical security vulnerabilities can actually cause harmful effects.”
As it happens, we covered a recent conflict between Voatz and an independent security researcher in last Thursday’s deep dive on online voting. And others involved in that altercation did not see it the way Voatz did.
This reminds me of TurboTax in the United States, who lobbies aggressively to keep filing taxes as difficult as possible as to protect its business.