Zero Progress on Zero-Days: How the Last Ten Years Created the Modern Spyware Market The Nebraska Governance and Technology Center Symposium 102 Nebraska Law Review 2023-2024

102 Neb. L. Rev. 713 (2023-2024)
Zero Progress on Zero-Days: How the Last Ten Years Created the Modern Spyware Market

handle is hein.journals/nebklr102 and id is 749 raw text is: Mailyn Fidler*

Zero Progress on Zero-Days: How
the Last Ten Years Created the
Modern Spyware Market
ABSTRACT
Spyware makes surveillance simple. The last ten years have seen a
global market emerge for ready-made software that lets governments
surveil citizens and foreign adversaries alike and to do so more easily
than when such work required tradecraft. The last ten years have also
been marked by stark failures to control spyware and its precursors
and components. This Article accounts for and critiques these failures,
providing a socio-technical history since 2014, focusing on the conver-
sation about trade in zero-day vulnerabilities and exploits and more
recently spyware. This Article also applies lessons from these failures
to guide regulatory efforts going forward. While recognizing that con-
trolling this trade is difficult, I argue countries should focus on build-
ing and strengthening multilateral coalitions of the willing rather than
on strong-arming existing multilateral institutions into working on the
problem. Individually, countries should focus on entity- or use-based
export controls and leverage broader sanctions that target specific bad
actors rather than focusing on technology-specific controls. Last, I con-
tinue to call for transparency as a key part of oversight of domestic
governments' use of spyware and related components.
© Copyright held by the NEBRASKA LAW REVIEW. If you would like to submit a
response to this Article in the Nebraska Law Review Bulletin, contact our Online
Editor at lawrev@unl.edu.
* Assistant Professor, University of New Hampshire Franklin Pierce School of Law,
and Faculty Affiliate, Berkman Klein Center for Internet & Society at Harvard
University. Thank you to Katie Moussouris of Luta Security, Trey Herr of the
Atlantic Council, Andrew Self of the State Department, and a senior security
engineer with insight into the zero-day trade for enlightening conversations about
developments in this field. Thank you to Trey Herr, Asaf Lubin, James Shires, and
Randy Wheeler for comments, Matt Kristoffersen for research and revision assis-
tance, and Susan Drisko Zago for research guidance. For a repository of primary
documents on this topic referenced in this Article, please visit mailynfidlercom/
primary-sources-zero-days. As responses to FOIA requests associated with this
Article are received, they will be posted there

713

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

What Is HeinOnline?

Purchase Access

Contact Us

Log In

NEED HELP?

CONTACT US

Get started

Subscribe to our Newsletter