Governments all over the world, both democratic and authoritarian, are using spyware to hack the phones of activists, journalists and political rivals critical of their governments. While the spyware industry initially had a few known actors, such as Hacking Team and FinFisher, it has ballooned over the past decade with the evolution of technology and the ubiquity of smartphones and computers. As a result, it’s worth asking whether this industry can operate ethically and legally, and how we can counter state-backed abuses of spyware – including the risk of harassment, arbitrary detention, and killings.
Marietje Schaake and John Scott-Railton, both experts in cybersecurity policy and investigations, will host a session discussing these issues on the Security Stage at TechCrunch Disrupt 2023 in San Francisco. The session, titled “The Spyware Industry is Out of Control. Now What?”, will explore whether governments can be trusted to use these technologies at all and how we can ensure they are used proportionately, legally and fairly. Furthermore, they will discuss what companies who manufacture spyware themselves can do, or what they should be compelled to do, in order to limit abuse.
Governments’ use of spyware which exploits flaws found in billions of phones puts everyone at risk. It is crucial to establish a vulnerabilities equities process to ensure serious vulnerabilities are reported and disclosed to the relevant technology companies affected, as per the process used by the US intelligence.
Tech companies have stepped up their counter-spyware protections and worked to prevent digital intrusions for at-risk users. But what more can they do to fix spyware-exploitable security flaws they don’t even know about?
Marietje Schaake, the international policy director at Stanford University’s Cyber Policy Center, is a strong advocate against spyware abuse, having served as a member of European Parliament from 2009 to 2019. During this time, she was one of the first lawmakers in the world to put spyware abuse on the map for policymakers and pushed for regulating government spyware. John Scott-Railton, a senior researcher at Toronto’s Citizen Lab has led investigations into targeted threats against civil society, including mercenary spyware and disinformation linked to a variety of countries and groups.
Other topics on the Security Stage at TechCrunch Disrupt 2023 include data protection, privacy regulations, information sharing and risk management. Attendees will have an opportunity to hear from experts and industry professionals on how to navigate these breakthrough sectors.
