Document Type

Book Review

Publication Date



In the book, Perlroth traces the development and use of cyber capabilities, focusing on the U.S. government’s unintended role in creating a market for these cyber goods. Her purpose is a straightforward one: to illuminate. Perlroth explains that her goal is to “help shine even a glimmer of light on the highly secretive and largely invisible cyberweapons industry so that we, a society on the cusp of this digital tsunami called the Internet of Things, may have some of the necessary conversations now, before it is too late.”7 She seeks to accomplish this purpose by offering a treatise-like treatment of the subject, defining terms, tracking the historical development of governmental cyber capabilities and the parallel growth of a vulnerability broker industry, identifying key players and entities in the market, and profiling a slew of cyber operations and events. Despite the length and breadth of the book, her thesis is precise and blunt: the U.S. government’s practice of purchasing vulnerabilities for use in law enforcement, intelligence collection, and military operations led to a black market for these tools and an arms race between governments and an array of questionably-motivated private actors. She argues that the U.S. government’s myopic focus on the offensive use of these cyber tools, and its corresponding failure to anticipate or consider the consequences of that offensive focus, led to unexpected and negative results for the United States and the world.

Publication Title

Dickinson Law Review