Home > IPLJ > Vol. Volume XXXVI > No. 3 ()
Keywords
spyware, Big Tech, regulation
Abstract
Spyware has emerged as a potent tool for leaders to shrink dem- ocratic contestation. In response to calls for constraints on the trade in spyware, states have updated the principal multilateral agree- ment on export controls, civil society groups have employed strate- gic litigation, and the European Union has altered its regulation, in each case with the aim of limiting exports where there is a risk of human rights violations. Yet, scandals involving the Israeli company NSO, among others, have made clear that even the updated regula- tory landscape is inadequate. Many actors are currently debating the reasons for existing regulation’s failures, and proposing new measures such as a treaty imposing additional export controls or regulation by design.
Against the background of this regulatory conundrum, this Article reveals the regulatory role that Big Tech—specifically Meta, Google, Microsoft and Apple—has taken upon itself with respect to the human rights implications of spyware. This Article shows that through legal proceedings, research activities and advocacy campaigns, Big Tech has sought to reign in the activities of spyware companies.
In addition, this Article analyzes these efforts, in particular Big Tech’s mobilization of international law and of its legal contracts, in light of current scholarship on transnational private regulation. Like other instances of such regulation, Big Tech’s regulation of spyware is paradoxically both a response to the failures of the state in the face of harmful transnational economic activities, and dependent on collaboration with the state. In addition to providing a new, more legal chapter to the literature on Big Tech, regulation and geopolitics, this Article contributes to the urgent policy debates on international spyware regulation. With respect to those debates, its contribution is threefold. First, this Article reframes the critique of existing spyware regulation as a critique of the effectiveness of self-regulation, whether by states or spy- ware sellers. Second, building on that reframing and the attention it draws to the identity and interests of the regulator, the Article analyzes in depth a regulatory phenomenon that has been ignored in those debates. While legal scholars have noted some of Big Tech’s legal activities against spyware companies, they have not under- stood their regulatory function and structural advantages. Big Tech is not only a third party to the spyware trade, avoiding the limitations of self-regulation. The companies forming Big Tech are also positioned at key nodes in the communications network that many forms of spyware must pass through. Third, and finally, this Article’s analysis highlights both the promise and dangers in Big Tech’s regulatory activities from the perspectives of both democratic politics and effectiveness, laying the ground for developing responses thereto. An important implication of the Article is that lawyers, activists, and policymakers seeking to regulate the international trade in spyware must integrate Big Tech into their analysis, and target not only international and domestic state rules but also Big Tech’s governance structure and terms of operation.
Recommended Citation
Natalie R. Davidson,
Big Tech as Transnational Spyware Regulator,
36 Fordham Intell. Prop. Media & Ent. L.J. 477
().
Available at: https://ir.lawnet.fordham.edu/iplj/vol36/iss3/1