Abstract
Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments' use of spyware and related components.
Department
Law
Subject
Cybersecurity Law
Publication Date
2024
Journal Title
Nebraska Law Review
Publisher
University of Nebraska
Document Type
Article
Recommended Citation
Fidler, Mailyn, "Zero Progress on Zero-Days: How the Last Ten Years Created the Modern Spyware Market" (2024). Nebraska Law Review. 513.
https://scholars.unh.edu/law_facpub/513
Included in
Computer Law Commons, International Law Commons, Internet Law Commons, Science and Technology Law Commons
