Governments all over the world, authoritarian and democratic, use spyware to hack the phones of activists, journalists, and political rivals who are critical of their governments.

Initially, the spyware industry consisted of a few known actors, like Hacking Team and FinFisher. But over the past decade — as the technology evolved and smartphones and computers became ubiquitous — the industry has ballooned in size. Can this industry operate legally and ethically? If not, what can we do to counter state-backed abuse of spyware and its violent consequences, including harassment, arbitrary detention, and killings?

We’re thrilled that Marietje Schaake, the international policy director at Stanford University’s Cyber Policy Center, and John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, will join us on the Security Stage at TechCrunch Disrupt 2023, which takes place September 19-21 in San Francisco.

The surveillance genie isn’t going back in the bottle. Schaake and Scott-Railton will tackle this challenging topic in their session, “The Spyware Industry is Out of Control. Now What?”

We’ll discuss whether governments can be trusted to use these technologies at all and, if so, how do we ensure they use them proportionately, fairly and legally? What should spyware makers themselves do (or be compelled to do) to limit abuse?

Governments using spyware that exploit flaws found in billions of phones put everyone at risk. Should there be a vulnerabilities equities process to ensure serious vulnerabilities are reported and disclosed to the relevant technology companies affected, the way that U.S. intelligence does now?

We’ve already seen companies, like Apple, step up their counter-spyware protections aimed at trying to prevent digital intrusions that target at-risk users, but what more can tech companies do to fix spyware-exploitable security flaws they don’t even know about?

Learn more about our expert speakers and their qualifications for tackling these complicated challenges, below.

Marietje Schaake: Stanford University International Policy Director

Marietje Schaake has been vocal about spyware abuse for more than a decade, ever since she served as a member of European Parliament from 2009 to 2019, where she worked on trade, foreign and tech policy. At the time, she was one of the first lawmakers in the world who put spyware abuse on the map for policymakers and pushed for regulating government spyware.

She currently serves as the international policy director at Stanford’s Cyber Policy Center and is a fellow at the Institute for Human-Centered AI. Schaake is also a columnist for Financial Times, and she sits on a number of not-for-profit boards.

John Scott-Railton: University of Toronto Senior Researcher

John Scott-Railton is a senior researcher at Citizen Lab, a digital investigative unit based at the University of Toronto’s Munk School of Global Affairs and Public Policy. He leads investigations into targeted threats against civil society, including mercenary spyware and disinformation.

Scott-Railton has led collaborative investigations into operations attributed to Russia, Iran, Syria, China, ISIS and others. He has also investigated the abuse of commercial mercenary spyware around the globe. Conducted in close partnership with at-risk dissidents, journalists and human rights defenders, these investigations have discovered hundreds of targets of sophisticated hacking carried out with products sold by Hacking Team, FinFisher, NSO Group and others. They have also uncovered zero-day exploits against Apple and Microsoft products, among others, resulting in patches to billions of devices worldwide.

Scott-Railton has testified before the House Permanent Select Committee on Intelligence, the European Parliament’s Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware (PEGA), and was part of the Parliament of Poland’s inquiry into Pegasus spyware. He also founded The Voices Projects, collaborative information feeds that bypassed internet shutdowns in Libya and Egypt.

Join us at the Security Stage

You’ll find more conversations with leading experts on the Security Stage, which features topics like data protection, privacy regulations, information sharing, risk management and more. It’s just one of the six new stages for six breakthrough sectors at Disrupt.

Join the global startup community at TechCrunch Disrupt 2023 on September 19–21 in San Francisco. Buy your pass now and save up to $625.

TechCrunch Disrupt’s Security Stage highlights the risks of spyware, government surveillance by Zack Whittaker originally published on TechCrunch