Today, my colleague Sarah McKune and I co-authored an article, entitled “Who’s Watching Little Brother? A Checklist for Accountability in the Industry Behind Government Hacking.”  A blog post about the report can be found here, and the article is available in PDF here.

The report outlines a “checklist” for regulating the commercial spyware market.  As we have reported on numerous occasions as part of Citizen Lab’s research, there is ample evidence of growing abuses surrounding the commercial spyware market. In spite of the pledges made by some in the industry — that self-regulation works, that they are just following “local laws” — we have shown how companies like Finfisher, Hacking Team, and NSO Group supply their products and services to governments that use them to target journalists, human rights defenders, and even anti-obesity activists. We have tracked the proliferation of some of these services to some of the world’s most autocratic regimes.  It is obvious that these abuses are going to grow unless something is done to mitigate these trends.

Unfortunately, debate until now about what to do about these abuses has revolved in binary form around either export controls or an unregulated wild west.  In our article, we develop instead a checklist for a “web of constraints” around the industry that involves multiple strategies and different mechanisms, including application of existing laws.  We hope that these checklist provides a helpful roadmap for policymakers and others who want to do something about the excesses of this industry and we look forward to feedback.

Read the article here: https://citizenlab.org/wp-content/uploads/2017/03/citizenlab_whos-watching-little-brother.pdf [PDF]