Law in the Internet Society

The Rapidly Evolving Global Private Market of Cyber-Surveillance

-- By DonnaZamir - 11 Oct 2019

In recent years, we have occasionally been provided with high-profile reports describing private entities who offer cutting-edge cyber-surveillance services to other wealthy entities, for varied purposes. An area once dominated by countries and government officials, is now becoming a highly lucrative global industry, eminently comprised of private actors.

Among the prominent names that gained much attention in the global media are Dark Matter, NSO group, Hacking Team, and Gamma Group; yet, there are many other less-known private companies and individuals, who are also deeply involved in the cyber-spying global market.

These private entities engage in activities described by various terms, such as cyber-surveillance; cyber-spying; competitive or business intelligence. While the conduct of these entities is of high interest, most of their activity remains unknown to the general public.

Some Features of the Private Cyber-Surveillance Market

The private cyber-surveillance market provides services to both private as well as public entities.

Private customers include organizations and individuals who are seeking information about their business competitors or other rivalries.

Government and other state officials are typically interested in using cyber-surveillance for fighting terrorism and other types of criminal conduct. However, as we are intermittently informed, state actors may also apply these services for surveilling human rights activists, journalists, political opponents and even "ordinary" individuals. The hiring procedures of these private cyber-spies are usually conducted "under the radar", without any official tenders or other type of public process.

Furthermore, this rapidly emerging industry is highly comprised of former military and other national security officials. Thus, people who obtained the utmost advanced technological knowledge and expertise while serving their country, subsequently might use this acquired knowledge in the global private market.

Concerns of Massive Human Rights Infringements

It can certainly be argued that this is not a new phenomenon – the sale of weapons and technologies by private actors, including former national security figures, is a long-standing and well-known routine.

Nonetheless, contrary to other means of warfare, the global distribution of cyber-surveillance technologies can be done much faster; can be more far reaching; and is conducted under substantial confidentiality. Thus, in a world with inadequate restrictions and regulations on the cyber-surveillance market, it is now technically possible to surveil entire populations overnight, without (nearly) anyone knowing.

This situation clearly generates serious concern regarding massive infringements of fundamental human and civil rights, such as the rights to privacy; free speech; assemble; movement; and even life and bodily integrity. Various human rights organizations are constantly seeking to raise awareness to the matter and initiate change, albeit without much success.

Who Should be Held Accountable?

In light of the aforesaid, one should ask: what is being done about this? The answer is, in short, very little.

In his recent report on the Surveillance Industry and its Interference with Human Rights, the UN Special Rapporteur on Freedom of Opinion and Expression indicated that the cyber-surveillance industry is currently not subject to any effective global or national control. He therefore called for an immediate moratorium on the sale, transfer and use of surveillance technology, until human rights-compliant regulatory frameworks are in place.

Yet, the question of whom should this regulatory framework address, is highly complex.

One option is to hold the private entities accountable for any abuse of the spyware they provide. However, this may pose major difficulties. First, the cyber-surveillance market is inherently highly secretive, thus making it practically impossible to track and enforce. Second, the private spyware providers often present their customers with a disclaimer, by which the purchaser guarantees to use the services provided for legitimate purposes only, thus somewhat "immunizing" the providers.

Another option is to hold accountable the countries who allow the sale of cyber-surveillance means from their jurisdiction. Nevertheless, it seems that many countries are quite reluctant (to say the least) to regulate against their own ability to sell and use cyber-surveillance means, for security and commercial objectives. The cyber-surveillance market is a highly profitable and competitive field. It is also an area of mutual development and cooperation between different nations with common interests. Therefore, effective regulation is not expected to emerge from the international community any time soon.

What's Next?

Considering the above-described situation, it can be anticipated that, in the near future, far more advanced technologies will be accessed by increasingly more people around the world.

However, there are some current efforts to affect some change in this chaotic market.

Many suggest, and I tend to agree, that certain cyber-surveillance means should be treated and regulated as weapons, with all that it entails.

One effort in this direction is initiated by the Wassenaar Arrangement (the "WA") – a voluntary international export control regime of conventional arms and dual-use goods and technologies, comprised of 42 state members, including the U.S. In a statement of December 2019, the WA Plenary Chair announced that the participating states have adopted new export controls in several areas, including cyber-warfare software, communications monitoring and digital investigative tools. While, generally, this might be a substantive declarative act by the international community, the WA has no actual enforcement mechanisms; and, in any event, some of the prominent states in the cyber-surveillance market are not members of the WA.

An additional attempt to apply restrictive measures upon the cyber-surveillance industry stems from ongoing litigation procedures. In recent years, civil organizations and individuals have been bringing lawsuits against both governments and private entities, for violation of privacy and other related laws. Currently, no affirmative judicial decision has yet to be made in this regard.

Another intriguing litigation avenue is being carried out by the private entities themselves of the cyber-surveillance industry. For instance, in October 2019, WhatsApp? Inc. (owned by Facebook Inc.), filed a complaint against NSO Group in California, asserting that its spyware had been used to surveil communications of WhatsApp? users, including attorneys, journalists and human-rights activists.

Thus, while currently there is no clear solution for the various acute problems incurred by the private cyber-surveillance industry, these regulatory and litigation efforts may be helpful in raising public awareness and promoting the sorely needed change.

This is a strong draft. You are seeing the issue clearly, helping the reader to understand both what is happening and what it means.

On the execution side, you can tighten the writing substantially. Find a way to make half the sentences shorter and more precise. You can make the piece more readable and gain back probably 150 words.

As to substance, you are correct in your statement of the barriers to the successful regulation of the cyberarms trade. So it is reasonable to ask what incremental measures might be achievable, and how they might form the basis of further progress as public opinion and the various national interests in arms control vary from time to time.

Navigation

Webs Webs

r7 - 10 Jan 2020 - 11:30:40 - DonnaZamir
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM