Abstract
Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, focusing on the conversation about trade in zero-day vulnerabilities and exploits and more recently spyware. This Article also applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on entity- or use-based export controls and leverage broader sanctions that target specific bad actors rather than focusing on technology-specific controls. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components.
Recommended Citation
Mailyn Fidler,
Zero Progress on Zero-Days: How the Last Ten Years Created the Modern Spyware Market,
102 Neb. L. Rev. 713
(2023)
Available at: https://digitalcommons.unl.edu/nlr/vol102/iss4/2