from the be-the-injustice-you-want-to-see-in-the-world dept
Voatz has decided to weigh in on a Supreme Court case that could turn a lot of normal internet activity into a federal crime. At the center of this CFAA case is a cop who abused his access privileges to run unauthorized searches of law enforcement databases. The end result -- after a visit to the Eleventh Circuit Court of Appeals -- was a CFAA conviction for violating the system's terms of use.
That's why this case is important. If the CFAA is interpreted this broadly, plenty of people become criminals. And it won't just be security researchers risking criminal charges simply by performing security research. It will also be everyone who lies to social media services about their personal info. Lawprof Orin Kerr's brief to the Supreme Court points out what a flat "no unauthorized use" reading would do to him.
Like the majority of American adults, I have a Facebook account. Facebooks terms of service require its users to [p]rovide accurate information about themselves. See Facebook Terms of Service, https://www.facebook.com/legal/terms/plain_text_ terms (last visited July 1, 2020). I recently violated that term by listing my home city as Sealand. Sealand is an offshore platform in the North Sea near England built during World War II to host anti-aircraft guns. Its not actually my home city. I list it only to make a point about the CFAA. But under the governments position, my joke is no laughing matter. It is a federal crime.
No one should want the law to be read this way. Not even sites that would greatly prefer users to respect the terms of service. The collateral damage of a broad reading would make it far easier to prosecute people who use sites in ways owners don't expect or engage in research efforts that require ignoring the rules. And it would give abusive site owners plenty of ways to harass users and visitors they don't like.
But one developer wants this to happen. And it's a developer of notoriously flawed e-voting systems. Voatz has made plenty of headlines lately. None of them have been flattering. MIT researchers discovered a bunch of flaws in Voatz software. Voatz tried to combat this negative press by hiring outside researchers to perform an independent audit of its systems. This went no better than the MIT study. Voatz is full of holes, which made its accusations that the MIT researchers were only in it for the clicks look even stupider.
Voatz thinks the court should read the CFAA as broadly as possible, which will make it easier for it to punish security researchers for finding flaws in its software. It's literally the only thing it's arguing. Its 16-page brief [PDF] makes this ridiculous claim:
A BROAD READING OF EXCEEDS AUTHORIZED ACCESS IN THE CFAA WILL NOT HAVE A DELETERIOUS EFFECT ON COMPUTER SECURITY
That's it. That's the argument. That is all Voatz wants to say.
The brief says researchers won't be harmed because bug bounty programs and controlled access for authorized penetration testing, etc. operate using completely different terms of service. Under these guidelines, researchers are "free" to conduct their research without worrying about CFAA charges.
But that's a very limited view of security research. Lots of security research is ongoing and not limited to hunting bugs for bounties or at the behest of sites and services. That's what would be affected by a broad reading and Voatz's interest in securing a broad reading can be traced back to the MIT research it still claims is incorrect. It's also still very defensive people have accused Voatz of sending the FBI after some freelance researchers. For no apparent reason, it recounts this incident in its brief, submitting as evidence of something.
The Computer Researchers also cite a news account claiming that Voatz reported two college students to the Federal Bureau of Investigations. (Computer Researchers amicus brief, p. 24). That account is at least partially inaccurate, in that Voatz made no report to the FBI or any other federal authority. Rather, Voatz reported the students unauthorized attempts to access its systems to its customer, the State of West Virginia, because the students ill-advised activity was indistinguishable from a hostile attack and the students did not seek any prior authorization privately or through Voatzs public bug bounty program. It is a standard practice for technology companies to report attack attempts to their clients and Voatz is contractually required to report such potential attacks during live elections the same way an electric company would be required to report an attack on an electric grid to state and federal authorities, or a dam operator would be required to report an attack on software that monitors and operates dams to authorities such as the Army Corps of Engineers. Officials in West Virginia, in their discretion and independent of Voatz, then chose to refer the matter to the FBI. To Voatzs knowledge, no one was prosecuted.
Following Voatz's argument to its logical conclusion, a broad reading would result in more prosecutions because there's very little security research that doesn't involve violating terms of service agreements. It would allow everything to hinge on "discretion." This might mean something if entities caught with their security pants down were more reasonable in their responses. Unfortunately, shooting the messenger is still the most popular response.
And the less said about the supposed "discretion" of prosecutors the better. Prosecutors pursue convictions, not justice. And the DOJ has not shied away from pursuing very questionable CFAA prosecutions in the past.
Voatz wants messengers shot. It's that simple.
While the Computer Researchers portray themselves as under threat of being victimized for inadvertently tripping over a restriction, the reality is different: they wish to be free to deliberately infiltrate a live system in violation of readily accessible terms, openly publish any results obtained, and be immune from being intercepted or reported for doing so.
Voatz thinks the law should aid and abet its antagonism towards researchers who've uncovered flaws in systems it hopes to sell to government agencies. If the Supreme Court decides to side with Voatz, it will be open season on researchers. This is what Voatz wants. And there are others like Voatz out there that would welcome the chance to punish people for exposing problems they're not interested in fixing. But only Voatz has put it in writing.
Thank you for reading this Techdirt post. With so many things competing for everyones attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise and every little bit helps. Thank you.
The Techdirt Team
Filed Under: cfaa, e-voting, security research, supreme courtCompanies: voatz
View original post here:
- The Principality of Sealand - Become a Lord, Lady, Baron or ... - December 8th, 2016 [December 8th, 2016]
- SeaLand Toilets - Motorhome, RV & Marine - PPL Motor Homes - December 23rd, 2016 [December 23rd, 2016]
- Schedules - SeaLand - December 28th, 2016 [December 28th, 2016]
- Sealand man jailed for high speed police chase near Chester - LeaderLive - February 10th, 2017 [February 10th, 2017]
- sealand | eBay - February 15th, 2017 [February 15th, 2017]
- Floatplane fuselage donated for entrance feature - Campbell River Mirror - February 22nd, 2017 [February 22nd, 2017]
- Burglar in 'lunatic' Flintshire police chase jailed - Daily Post North Wales - February 23rd, 2017 [February 23rd, 2017]
- Did you get married in this Sealand church? - Daily Post North Wales - March 1st, 2017 [March 1st, 2017]
- Global Camping Toilet Market 2017 By Manufacturers Zodi, Camco, SeaLand, Thetford Marine - NetDugout - March 2nd, 2017 [March 2nd, 2017]
- Sealand Natural Resources, Inc. (OTCMKTS:SLNR) Files An 8-K Unregistered Sales of Equity Securities - Market Exclusive - March 2nd, 2017 [March 2nd, 2017]
- Sealand - The Principality of Sealand - March 8th, 2017 [March 8th, 2017]
- Sealand of the Pacific - Wikipedia - March 11th, 2017 [March 11th, 2017]
- Gardening club launch at Sealand and Queensferry Dementia Caf - Deeside.com - April 8th, 2017 [April 8th, 2017]
- Sealand - The Principality of Sealand - thoughtco.com - April 8th, 2017 [April 8th, 2017]
- Malawi govt over paid farm input suppliers by K61billion - Nyasa Times - June 7th, 2017 [June 7th, 2017]
- About Sealand - June 7th, 2017 [June 7th, 2017]
- How Are Analysts Interpreting Sealand Natural Resources Inc (SLNR)'s Relative Strength? - Nelson Research - June 8th, 2017 [June 8th, 2017]
- Inquiry date for Chester flood plain homes plan - ChesterChronicle.co.uk - June 14th, 2017 [June 14th, 2017]
- sealand toilet | eBay - June 14th, 2017 [June 14th, 2017]
- Unusual Activity Spotted in Sealand Natural Resources Inc (SLNR) - BVN - June 16th, 2017 [June 16th, 2017]
- Sealand Natural Resources Inc (SLNR) Moving -40.00% in Session - BVN - June 17th, 2017 [June 17th, 2017]
- Pivot Points in Focus: Sealand Natural Resources Inc (SLNR) - Nelson Research - June 21st, 2017 [June 21st, 2017]
- Independence Day 2017 SeaLand & Port Schedule - American Journal of Transportation - June 27th, 2017 [June 27th, 2017]
- Flooding on Chester's Sealand Road after downpour - ChesterChronicle.co.uk - July 14th, 2017 [July 14th, 2017]
- Chester floodplain housing scheme unanimously rejected - ChesterChronicle.co.uk - August 6th, 2017 [August 6th, 2017]
- 150 years of the Shipping Forecast: The magic and poetry of Dogger, Fisher and German Bight - Country Life - August 25th, 2017 [August 25th, 2017]
- Sealand - Wikitravel - August 25th, 2017 [August 25th, 2017]
- About Us - Principality of Sealand - August 25th, 2017 [August 25th, 2017]
- About - Principality of Sealand - February 6th, 2018 [February 6th, 2018]
- Principality of Sealand - Wikipedia - June 5th, 2018 [June 5th, 2018]
- Sealand | MicroWiki | FANDOM powered by Wikia - July 29th, 2018 [July 29th, 2018]
- Sealand The Mystery Solved - Part One - YouTube - August 30th, 2018 [August 30th, 2018]
- Sealand Marine Toilet Parts | West Marine - September 16th, 2018 [September 16th, 2018]
- Search for a route - sealand.com - September 16th, 2018 [September 16th, 2018]
- About Sealand - Become a Lord, Lady, Baron or Baroness - October 16th, 2018 [October 16th, 2018]
- SeaLand is now Dometic | Dometic - Mobile living made easy. - November 24th, 2018 [November 24th, 2018]
- Sealand | Dynamic Ship Simulator III Wiki - dss-iii.wikia.com - December 5th, 2018 [December 5th, 2018]
- Sealand | Fifth World Wiki | FANDOM powered by Wikia - December 5th, 2018 [December 5th, 2018]
- Vacuflush Parts and Systems for marine and RV toilets. - January 11th, 2019 [January 11th, 2019]
- Sealand | West Marine - January 11th, 2019 [January 11th, 2019]
- Sealand | Hetalia Archives | FANDOM powered by Wikia - January 11th, 2019 [January 11th, 2019]
- About Sealand | The Principality Of Sealand - January 11th, 2019 [January 11th, 2019]
- Sealand Marine - 4 Locations Across Nebraska and South ... - May 14th, 2019 [May 14th, 2019]
- Surfer cleans his playground by turning pollution into functional fashion - East Coast Radio - October 1st, 2019 [October 1st, 2019]
- Hefty bill for Sealand farmer who ignored warnings to clear waste off his land - LeaderLive - October 1st, 2019 [October 1st, 2019]
- IN PICTURES: Terry is first person to complete nine-mile swim from Sealand to Dovercourt - Harwich and Manningtree Standard - October 1st, 2019 [October 1st, 2019]
- Great Escapes: The Pristine Shores and Year-Round Charm of Denmarks North Sealand - Barron's - October 1st, 2019 [October 1st, 2019]
- Terra Firma Imagines a Tiny Country Surviving the Rising Waters - TheaterMania.com - October 14th, 2019 [October 14th, 2019]
- Appeal launched over refusal of plans to store cars and caravans on green barrier land in Sealand - LeaderLive - October 14th, 2019 [October 14th, 2019]
- Queues on Sealand Road in Chester due to water works - Cheshire Live - October 14th, 2019 [October 14th, 2019]
- Coleg Cambria volunteers clean-up streets and rivers of Deeside for community event - Deeside.com - October 16th, 2019 [October 16th, 2019]
- Review: In Terra Firma, a Wee Wet Country on the Brink - The New York Times - October 16th, 2019 [October 16th, 2019]
- Appeal launched over refusal of plans to store cars and caravans on green barrier land in Sealand - Deeside.com - October 16th, 2019 [October 16th, 2019]
- Global Smart Container Market Set to Reach $5.74 Billion by 2024 - Asia-Pacific Expected to Grow at the Highest CAGR - PRNewswire - December 18th, 2019 [December 18th, 2019]
- Panerai Celebrates the Year of the Rat With Sparsello-Decorated Luminor Sealand - HYPEBEAST - December 18th, 2019 [December 18th, 2019]
- Former football star and Telegraph photographer Gary Talbot dies at 82 - Lancashire Telegraph - December 27th, 2019 [December 27th, 2019]
- SeaWorld Prisoner Kyuquot the Orca Needs Our Help! - The Union Journal - December 27th, 2019 [December 27th, 2019]
- Somaliland in the Guide to the 'almost countries' of The World - MENAFN.COM - December 27th, 2019 [December 27th, 2019]
- All the shops and businesses Chester said goodbye to in 2019 - Cheshire Live - January 2nd, 2020 [January 2nd, 2020]
- Easter eggs are already on sale in Plymouth - Plymouth Live - January 2nd, 2020 [January 2nd, 2020]
- This is what was happening in Chester as the 1990s dawned - Cheshire Live - January 2nd, 2020 [January 2nd, 2020]
- Chinese New Year Gifting 2020: From Gucci to Faberg, Rats & Mice Galore | Jewellery | Watches & Jewellery - Luxury London - January 14th, 2020 [January 14th, 2020]
- Sealand Community Council to decide three new positions by co-option | The Leader - LeaderLive - January 30th, 2020 [January 30th, 2020]
- Roadworks in and around Flintshire over the next few days - Deeside.com - February 24th, 2020 [February 24th, 2020]
- Photographer from Deeside on 'cloud nine' with accolade - LeaderLive - February 24th, 2020 [February 24th, 2020]
- China firms in $10 billion share sale rush as funding rules eased amid virus worries - Reuters - February 24th, 2020 [February 24th, 2020]
- Sealand reduces transit time between Chile and the US for table grapes - FreshPlaza.com - February 24th, 2020 [February 24th, 2020]
- The 72 businesses with a five star food hygiene rating in Flintshire - Daily Post - March 16th, 2020 [March 16th, 2020]
- More than three weeks of overnight closures on Cheshire roads to start - Cheshire Live - March 22nd, 2020 [March 22nd, 2020]
- Flintshire man who went to see son play in band in Chester caught drink-driving on way home - The Chester Standard - March 22nd, 2020 [March 22nd, 2020]
- Heres Why Sealand Capital Galaxy (LON:SCGL) Must Use Its Cash Wisely - Simply Wall St - March 22nd, 2020 [March 22nd, 2020]
- Man charged with alleged offence under new Covid 19 legislation following incident in Deeside on Thursday - Deeside.com - April 9th, 2020 [April 9th, 2020]
- SeaWorld trainer torn limb from limb by killer whale turned 'psychotic' by captivity - Mirror Online - April 26th, 2020 [April 26th, 2020]
- Revamped Aldi Chester store to open its doors next week - The Chester Standard - May 11th, 2020 [May 11th, 2020]
- Weekly Update: Global Coronavirus Impact and Implications on Fresh and Naturally Fermented Birch Juice Market Analysis, Trends, Forecast, 2019-2025 -... - June 1st, 2020 [June 1st, 2020]
- Residents urged to take care after house fire in Sealand - LeaderLive - June 1st, 2020 [June 1st, 2020]
- Someone has used a chainsaw to cut down a tree in Garden City which blocked Welsh Road - Deeside.com - June 9th, 2020 [June 9th, 2020]
- Covid-19 Impact on Global Coriolis Mass Flowmeters Market (2020-2026) | Potential growth, attractive valuation make it is a long-term investment | Top... - June 25th, 2020 [June 25th, 2020]
- Sales in the Birch Water Market Expected to Grow as Demand from End-Use Industries Gathers Pace 2017 2025 - Jewish Life News - July 10th, 2020 [July 10th, 2020]
- Breaking down the top 10 LB recruits in Vanderbilt history - 247Sports - July 12th, 2020 [July 12th, 2020]