Voatz demands restrictions on impartial cybersecurity analysis in Temporary Supreme Court case | Zoom Fintech

Blockchain voting startup Voatz argued that cybersecurity bug bounty requests should be exploited under strict surveillance in a temporary ‘friend of the court’ before the role of the United States Supreme Court (SCOTUS).

Voatz weighed in on Van Buren v. United States, a Supreme Court file verifying whether or not it is a federal crime for someone to enter a computer “for improper purposes” if they have already obtained permission to ‘enter different data. on this pc.

Nathan Van Buren, the petitioner in the case, is a former Georgia police officer who was charged under the Laptop Fraud and Abuse Act (CFAA) after trying a license plate for knowledge. Van Buren claims that a lower court decision upholding his conviction could be interpreted to imply that “any ‘insignificant violation'” of a computer system could be a federal crime.

The scope of the case appears to have widened, covering not only the violations, but also how the CFAA itself might be interpreted. The query listed on the SCOTUS briefs reads as follows:

“If there was sufficient evidence to establish that the applicant, a police sergeant, exceeded his authorized access to a protected computer to obtain information for financial purposes, in violation of 18 USC 1030 (a) (2) (C) and (c) (2) (B) (i), in exchange for payment in cash, he searched a confidential law enforcement database to see if a particular person was an undercover police officer.

The United States, the respondent, argued that this was a “bad vehicle” to check if the CFAA is just too wide, and mentioned in its draft article that the SCOTUS overview does is not even justified.

In its draft, Voatz says the CFAA should not be restricted and that some computer method violations are needed. Nonetheless, the agency argues that researchers attempting to explore potential vulnerabilities should especially test with companies they assess before doing so and will only do so with the permission of the companies.

“Bug bounty programs are very effective,” Voatz wrote. “They’re extremely prevalent in the tech industry, and even outside that industry, a 2019 survey found that 42% of companies outside of the tech industry were running a crowdsourced cybersecurity program.

The temporary update is available in response to another complaint filed by a group of security researchers who argue that the CFAA has certainly “been interpreted too broadly”, hampering computer security efforts. This provisional criticizes Voatz among his various arguments.

General guidelines

Voatz notably faced criticism from cybersecurity researchers, as well as an MIT staff member who printed a report in February claiming that Voatz had insufficient transparency and that its internal methods faced various vulnerabilities. Voatz disputed the allegations in the report.

Path of Bits, another cybersecurity agency commissioned by Voatz to conduct an audit of its methods, confirmed the MIT researchers’ claims in a subsequent report.

Voatz immediately fought with the researchers. Late last year, US attorney Mike Stuart said the FBI was attempting an “unsuccessful break-in attempt” into Voatz, which was presumably instigated by a Michigan scholar or students attending a class. of security.

In its draft article, Voatz said “ill-advised student activity” was reported to West Virginia agents because the company could not distinguish between their analysis and a specific hostile attack.

“Regardless of the details, however, the West Virginia incident illustrates the damage caused by attacking or ‘searching’ critical infrastructure without proper access and authorization, particularly in the middle of an election,” Voatz wrote. .

Non-malicious researchers attempting to break into digital instruments “impose significant additional costs” on organizations, have mentioned permissible temps, and will undermine public trust.

Jake Williams, who founded Rendition Safety, informed CNET {that a} “vast majority” of cybersecurity researchers would undoubtedly not be licensed, which means Voatz’s help for a large CFAA ” would make the task 100% more difficult “for the researchers.

Voatz’s interim comes a day after a press release was issued claiming the Michigan Democratic Celebration used its app at an ongoing press conference when voting for various positions. Michigan’s Democratic Celebration did not immediately return a request for a remark.

Opposite views

Voatz’s arguments aside, his temp makes a variety of quotes and assertions that seem to lack context.

Voatz says it has been used in 70 elections, including state and municipal elections, and immediately claims it is “critical infrastructure” by the Homeland Security Division.

The elections include West Virginia (which announced in March that it will not use Voatz for its next election) and Utah County (whose clerk and auditor has secured a donation of $ 1,500 for the campaign. marketing from Overstock CEO Jonathan Johnson, who may be chairman of investor Voatz Medici. companies).

The company declared its assembly requirements by Professional V&V, a federal voting system verification laboratory, but according to Politico cybersecurity reporter Eric Geller, “the report does not make sense” because the requirements have were defined years ago and the analysis was not a goal.

Eddie Perez, global director of technology growth at the Open Supply Election Know-how Institute, wrote that the Election Help Fee (EAC), the federal entity that accredited Professional V&V, doesn’t even have requirements national for remote voting methods.

The EAC itself issued a press release saying that “these test reports are not to be taken as an implicit endorsement on the part of the [voting system test laboratories] or the EAC that the evaluated systems comply with [voluntary voting system guidelines] standard or equivalent to an EAC certified voting system.

“Currently these programs are run by Voatz itself, but in the past some were run through a vendor such as HackerOne Inc.,” the temp said. He did not point out that HackerOne severed ties with Voatz in March.

Additionally, HackerOne Founder and CTO Alex Rice said on Twitter that “we support the opposing arguments made by” the Digital Frontier Basis (EFF), which demands a shrinking of the CFAA, unlike Voatz, which has quoted HackerOne in the provisional.

Likewise, Casey Ellis, founder and technical director of the participatory security platform Bugcrowd, whom Voatz has repeatedly cited, also wrote that he signed and supported the temporary EFF program, and never that of Voatz.

Each Rice and Ellis mentioned that Voatz had not contacted them before submitting the temporary.

Disclosure

A leader in blockchain information, Fintech Zoom is a medium that strives to meet the best journalistic requirements and adhere to a strict set of editorial insurance policies. Fintech Zoom is an impartial working subsidiary of Digital Foreign Money Group, which invests in cryptocurrencies and blockchain startups.


Source link

About Michael Sauers

Avatar

Check Also

Technicals Recommend Bitcoin Want To Erase $ 9,800 In Hopes Of Recent Rally | Zoom Fintech

Bitcoin is currently correcting the increase in aid of $ 9,300 towards the US greenback. …

Leave a Reply

Your email address will not be published. Required fields are marked *