Document Type

Article

Publication Date

2024

Publication Citation

85 Ohio State Law Journal 809

Abstract

Almost everything we do on the Internet is achieved through Internet-connected devices, such as smartphones and laptops. This reality has produced a new sprawling industry of commercial spyware corporations: a vast network of companies specializing in selling security vulnerabilities in the very devices we all use. These companies provide clients with tools and services for unauthorized access and surveillance. Investigative reporting has unearthed the scope and nature of the systematic abuses produced by these technologies. Around the world, government actors rely on spyware to target human rights activists, journalists, and dissidents with almost no accountability.

Spyware companies have long defended their activities by claiming that they are nothing more than technology companies. Embracing this false narrative, regulators have turned to a set of legal tools that have been used in the past to regulate technology companies. These include export controls, ad hoc civil and criminal enforcement against designated businesses, and certain human rights and corporate governance techniques. None of these approaches have worked so far, pushing certain government policymakers, United Nations agencies, and civil society organizations to propose a broader tech ban against the industry as a whole.

In this Article, I explain why all past efforts to regulate this market have failed. I further argue that tech bans only provide an illusion of safety. Such industry moratoriums are not only impractical but pose risks to the future integrity of our information and telecommunication systems. Instead, I develop a set of building blocks for a multilateral framework that could serve regulators in promoting and managing a legitimate and human rights-compliant spyware market.

Download

Share

COinS