In the first part of this series, I raised a few questions about weaponized software and how complex regulating it has become. Malware with clear criminal intent from criminal actors seems easy to regulate — you just make it or the crimes they facilitate illegal, and this has been the approach taken by law enforcement over the last few decades. But what about government approved malware from external consultants? I mean, it steals information, audio, video, and the like, just as more criminal strains. But because a central government approves it, it's not a crime to have been developed or used. Even when targeting people in different countries.
But the two smell awfully similar.