Sign In

Communications of the ACM

ACM TechNews

Online Voting Company Pushes to Make It Harder for Researchers to Find Security Flaws


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The Voatz app.

In a brief submitted to the U.S. Supreme Court, e-voting company Voatz argues that security researchers should need authorization to search its app for vulnerabilities.

Credit: Voatz

The Voatz electronic-voting company argued in a brief filed with the U.S. Supreme Court that security researchers should only seek flaws in e-voting systems with companies' permission.

The company said, "Allowing for unauthorized research taking the form of hacks/attacks on live systems would lead to uncertain and often faulty results and conclusions, [and] makes distinguishing between true researchers and malicious hackers difficult."

Voatz in February disputed Massachusetts Institute of Technology researchers' conclusions that its e-voting platform was rife with vulnerabilities, claiming their findings were "relatively useless" because the investigation was unauthorized.

Researchers are pushing for the high court to consider such work shielded from the Computer Fraud and Abuse Act, which deems any intentional, unauthorized access to a computer a federal crime.

They warned that malefactors will exploit the knowledge gap created if flaw detection and disclosure are allowed only with companies' explicit consent, rendering security research ineffective.

From CNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found