Andrew Crocker a staff attorney with the Electronic Frontier Foundation, says the San Bernardino case highlights the need for oversight of the government’s purchase and use of zero days.
“The fact that it was not useful is the biggest headline to me,” says Crocker told WIRED. “It’s a lot of money, but there’s nothing to compare it to. There’s no insight into how this fits into the [government] market for vulnerabilities. If the government is going to continue on a course of spending a lot of money on vulnerabilities that are perhaps not useful or short-lived, it’s the sort of thing that Congress should have some oversight on it.”