This Note analyzes multiple problems with the existing arms control framework for cyberweapons as well as surveillance technology and calls for four specific areas of reform. First, the existing framework does not specifically enumerate the software controlled under existing arms control treaties, which can lead to gaps in international export control compliance. Cyberweapons should be enumerated with greater specificity to prevent confusing and disjointed implementation by states. Second, the divide between Wassenaar and Shanghai Cooperation Organization conceptions of what constitutes a cyberweapon reduces the effectiveness of international control because nations do not share an agreed upon cyberweapon definition. States should form a multilateral treaty utilizing a shared definition to ensure cyberweapon exports are regulated by a treaty and include a greater diversity of countries covering a larger share of this market. Third, the Wassenaar Arrangement, the current treaty regulating many cyberweapon exports, fails to impose strict controls on cyberweapons and surveillance technology. Under the Wassenaar Arrangement, cyberweapons and surveillance technology should be listed as “very sensitive items” and subject to additional control because exports can lead to derivative viruses, which multiply the harm of the original export. Finally, the existing framework is unclear in its differentiation between cyberweapons subject to strict control as weapons and those subject to less control as dual-use items. International control lists should include an addendum to the general rule assigning particular types of software to consistently implement each category across jurisdictions.
Arms Control 2.0: Updating the Cyberweapon Arms Control Framework,
Mich. Tech. L. Rev.
Available at: https://repository.law.umich.edu/mtlr/vol28/iss1/6