Natalie Davidson is a Senior Lecturer and Vice-Dean for Teaching at Tel Aviv University's Buchmann Faculty of Law. She researches and teaches International Human Rights Law, Constitutional Law, and Law & Society, focusing recently on the regulation of the global arms trade and authoritarian uses of law.

‍

Personal profile page #1

Personal profile page #2

LinkedIn

In the past decade, spyware has emerged as potent tool for rulers to shrink democratic contestation and transnational mobilization through the global public sphere. In response to calls from scholars and activists, states and international organizations have updated their regulation with the aim of limiting exports where there is a risk of human rights violations through use of spyware. Yet, recent scandals have made clear that even the updated regulatory framework is inadequate to the task. A diverse array of actors are currently debating the reasons for existing regulation’s failures, and proposing new measures such as a treaty imposing additional export controls or regulation by design.

Against the background of this regulatory conundrum, this article reveals the regulatory role that Big Tech – specifically Meta, Google, Microsoft and Apple – has taken upon itself with respect to the human rights implications of spyware. Through an analysis of legal proceedings, advocacy campaigns and research activities by Big Tech, the article argues that Big Tech is emerging as a potentially effective regulator of spyware production and export, not only protecting targets and reinforcing the security of its own products, but also developing norms and enforcing them so as to constrain the spyware industry and market. While stepping in where both states and spyware companies have failed, this form of regulation has involved the assistance of state institutions such as courts, and a partnership with actors in the U.S. executive.

While contributing a new, socio-legal chapter to the literature on Big Tech’s involvement in geopolitics in cyberspace, this study also contributes to the urgent policy debates on international spyware regulation. It reframes the critique of existing spyware regulation as a critique of the effectiveness of self-regulation in cyberspace (by states and spyware sellers) and analyses in depth a regulatory phenomenon that has been generally ignored in those debates. Big Tech is not only a third party to the spyware trade, avoiding the limitations of self-regulation. The companies forming Big Tech are also positioned at key nodes in cyberspace, enabling them to exert effective regulatory power. Finally, the article’s analysis highlights not only benefits but also dangers in Big Tech’s current regulatory role in relation to spyware, and lays the ground for developing possible responses thereto.