You can legally hack and wiretap your own phone, and build tools to do that. It's also legal to sell those tools.

The business is not hacking and wiretapping the phones of the victims. They are selling tools to governments, who either have the legal right to do the hacking under their own laws, or can safely flaunt their laws.

> You can legally hack and wiretap your own phone, and build tools to do that. It's also legal to sell those tools.

Just because you have a right to do something to your own device doesn't mean you have a right to sell it. It is not a huge stretch of the imagination to see 0-days being classified as munitions and encumbered by ITAR. I've seen open source drone guidance software taken down for similar reservations, and that was far from a weaponized instance.

Ah, reminds me of the days RSA was restricted for export[0]. Coming from Germany with FinFisher[1] having actively circumvented export restrictions it also appears those only help a bit if $$$ is involved.

[0]: https://en.m.wikipedia.org/wiki/Export_of_cryptography_from_...

[1]: https://www.ccc.de/de/updates/2022/etappensieg-finfisher-ist... (it appears they actually went bancrupt due to this in the long run)

There are still plenty of laws that are not in compliance with the digital age of the 21st century. Some laws only apply explicitly to hardware or physical or physically connected devices and you cannot extrapolate to get the law to apply from software standpoint. In some cases even “wireless” hardware such as a cell phone is legally different from a landline. One case is interfering with emergency calls being a Felony California if it’s a landline but a Misdemeanor if it’s a cell phone. That may be the basis for the drone thing but I’m just guessing.

The drone thing was because the algorithms implemented in the software could be used for missile guidance IIRC.

They have poweful western customers in the cops & spooks depts.