“Security Risks of Government Hacking”
Riana Pfefferkorn, Center for Internet and Society, Stanford University, September 4, 2018
This paper addresses six main ways that government hacking can raise broader computer security risks. These include:
* Creating a disincentive to disclose vulnerabilities that should be disclosed because other attackers might independently discover them;
* Cultivating a market for surveillance tools and 0-days;
* Risking that vulnerabilities exploited by the malware will be identified and used by other attackers, as a result of either law enforcement's losing control of the hacking tools, or discovery by outsiders of law enforcement's hacking ability;
* Creating an incentive to push for less-secure software and standards; and
* Risking that malware will affect innocent users.
There's also the possibility that government cracking might discourage the use of free software, which would be extremely disadvantageous even if it were not a security risk.