Commercial spyware is a dual-use technology: it can theoretically be an essential last-resort tool for the most critical national security and law enforcement investigations, but it carries profound risk of abuse. Criticisms of spyware proliferation have focused primarily on its human rights violations, such as its abusive deployment against journalists, activists, and others merely exercising their freedom of expression and assembly. But like every dual-use technology – drones, small arms, nuclear materials, or biological agents – the proliferation of spyware poses a national security threat to the United States and its allies and partners unless the international community develops and enforces firm regulations and export controls governing their development and sale.
In the past, if a government sought to acquire the capabilities of modern commercial spyware, it would have to cultivate the requisite talent base, recruit scores if not hundreds of government hackers from this community, and maintain that workforce indefinitely.1 Today, that workforce can be centralized in a single company headquartered abroad, exporting to dozens of client governments with little regard for how the tools sold are used. The result is as if the Manhattan Project were undertaken by a corporate R&D department in a faraway land and the spread of nuclear weapons was driven not by generals and spy chiefs, but shareholders and c-suites.
This status quo is dangerous and unsustainable. When cybersecurity researchers discover a vulnerability in a widely used device or application, they have a financial incentive – and, many would argue, a moral duty – to report that vulnerability to the developer – a process known as a “bug bounty.” However, the emergence of the commercial spyware industry creates a perverse incentive for researchers to sell or use their discovery to help develop hacking tools instead, which not only harms the targets of these hacking tools, but systemically puts all users of the underlying vulnerable technology at risk.
Read More:-https://www.thirdway.org/memo/unregulated-spywares-threat-to-national-security
Source Credit:https://www.thirdway.org/memo/