On the Zero-Day Market
New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“:
Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components.
echo • May 24, 2024 7:34 AM
The proposals about more government openness and more emphasis on import-export controls is good. In practice these are often flawed. More emphasis needs to be placed on positive public interest and also public benefit tests to discourage secrecy for the wrong reasons and also prevent banning activities which are of public benefit because they’re automatically caught up in blanket bans. With that in place you also need to revise broader policy to ensure where some activities are permitted you also need access and remedy. Failure to take either of these steps causes big headaches.
While you need politicians who “get stuff done” you also need to put the brakes on them so this is given due consideration or you get bad law being rammed through even when it contains known faults. That creates another set of headaches when attempting to revise or challenge the law. Politicians can become welded to their policy and fight tooth and nail refusing to accept it needs revision and it can drag on for years causing umpteen problems, expensive legal cases, and everyone their cat and their dog banging their head against the wall.
An education in legislative process, committees, and various common law and how this can be used and abused can help. Then there’s all the backchannels from vested interests whether they are state agencies or lobbyists and politicians egomania hiding behind “legal advice”. Also keep your eye on secondary legislation mechanisms. After legislation is passed they can be abused too.
It’s also nice to have a champion in politics so learn who to butter up and when to get a tame journalist to plant their scare stories!
Have fun!