1. 11
  1.  

  2. 1

    As laid out in the UN Guiding Principles on Business and Human Rights, NSO Group should urgently take pro-active steps to ensure that it does not cause or contribute to human rights abuses within its global operations, and to respond to any human rights abuses when they do occur. In order to meet that responsibility, NSO Group must carry out adequate human rights due diligence and take steps to ensure that HRDs and journalists do not continue to become targets of unlawful surveillance.

    I disagree. First of all software is even harder to regulate than arms and it does not work out there either. Secondly the root cause is not the software, but the toleration of zero day exploits. If NSO does not exploit these somebody else can still do it. Many democratic countries are not actively doing something about the existence of zero day exploits. This will inevitably lead to usage of zero day exploits by „bad“ actors.

    In my opinion the key to stopping businesses like NSO is firstly outlaw the concealment of zero day exploits so individuals can be made personally accountable for the work they do at government agencies or private security firms. Secondly much more money and resources must be put into bug bounty programs and security research in general. Another idea targeting anonymous individuals would be a whistle blower system, which gives you crypto currency if they give away zero day exploits found by their organization*. Everything which makes the work harder and less lucrative for firms like NSO is good.

    *Of course such a system must be designed so it cant be exploited. Currently it is just a very vague idea.

    1. 1

      In my opinion the key to stopping businesses like NSO is firstly outlaw the concealment of zero day exploits so individuals can be made personally accountable for the work they do at government agencies or private security firms.

      I generally agree with your thoughts, but I think this part isn’t really feasible in the US, at least, without running afoul of compelled speech protections. It’s not 100% clear how a challenge would play out, as the courts have historically been somewhat less strict on that in commercial/professional cases, but it seems to me almost certain that it would be at least be challenged on those grounds.