

Finfisher Spyware Let Bahrain Government Hack Political Activist - pallian
http://www.theverge.com/2015/1/21/7861645/finfisher-spyware-let-bahrain-government-hack-political-activist/?

======
secfirstmd
One day, these people will be held accountable for what they sell. "We didn't
know what they would so with it" is not good enough.

~~~
tptacek
Worthwhile exercise: write a model statute that would stop the practice, then
work through it's implications.

(Not for nothing, but the sentiment you're expressing here is how I got my
start in security; I continue to agree wholeheartedly with it).

~~~
dmix
Remote exploitation of computers by law enforcement is not even very well
defined in law or policy yet. Even in Western countries.

What type of statute do you mean? Guidelines for legal warrant based
surveillance or something to counter foreign authoritarian countries from
using them? Export controls on exploits/intrusion software will not
effectively stop that IMO - but this is the approach Europe is taking at the
moment.

~~~
tptacek
If your response is "it's probably not possible to derive a workable statute",
that is in itself an interesting result.

~~~
dmix
The only practical response I can think of is increasing the bar for it to be
effective. For ex: investing in hardening, detection, and attribution. And in
the near term it doesn't seem governments are well incentivized to help in
this area.

