English
Estonian
Latvian
Lithuanian
Polish
Romanian
Russian
Ukrainian
One year after the breaking of the Pegasus scandal, many argue that there is still a way to go in terms of transparency, accountability and regulation.
On 18 July 2021, an investigation by a collective of 17 media outlets, led by Amnesty International and Forbidden Stories, revealed how the spyware was sold to authoritarian regimes and used to target activists, politicians and journalists. It soon became clear that democratic governments, too, have used Pegasus illegitimately.
While the use of cyber espionage technology is not new, the scandal raised alarm across Europe and triggered an EU inquiry committee for Pegasus and other spyware.
However, one year has passed, and many victims, civil society, researchers and politicians are dissatisfied with the lack of progress made.
“One year later, the time for indignation and condemnation is over. Action is needed now,” Kristina Hatas, advocacy officer at Amnesty International, told EURACTIV.
What is known
Top politicians targeted by the spyware include European Commissioner Didier Reynders, Spanish Prime Minister Pedro Sánchez and French President Emmanuel Macron.
Chaim Gelfand, a representative of the Israeli company behind the technology, NSO Group, admitted that the firm sold to at least five member states.
The German Federal Criminal Police Office confirmed acquiring and deploying a modified version of the Pegasus software.
In France, Finland and Belgium, Pegasus’ use has been “forensically confirmed”, while in the Netherlands it is categorised as “possibly”, according to a recent study by the European Parliament.
Sophie in ‘t Veld, the Pegasus committee’s rapporteur, said that there are reasons to also look into Greece and its spyware use.
But Pegasus is just one software forming part of a larger spyware ecosystem, Ben Wagner, professor at the University of Technology Delft, emphasised. “Pegasus is just the tip of the iceberg”, he said.
“We should map out all the providers – there are many, but it’s very obscure, deliberately so, and impossible to retrace who is doing what,” in ‘t Veld added.
Recommendations
Wagner presented multiple policy recommendations to the Pegasus committee, one of which was to prevent European governments from purchasing this technology by creating high tariffs and increasing transparency.
Wagner also raised the issue that victims of spyware abuse do not get redress or protection. Tariffs or fines could be used to compensate victims and protect the vulnerable.
In ‘t Veld also said a proper legal framework is needed because “currently, it is different or absent across member states. We also need better oversight.”
As pointed out in the 2022 rule of law report, despite allegations related to the use of Pegasus, no investigation was launched by the Polish prosecution service.
Double standards?
The Pegasus committee will present the results of their twelve-month investigation in spring 2023. Missions to Israel, Poland, Hungary and the US to gather more information have been confirmed.
This has led to an outcry on the side of the Catalans, who believe the decision that there will not be a mission to Spain is proof of the EU’s “double standard” in dealing with different countries affected.
Erika Casajoana Daunert, deputy representative of the Catalan Government to the EU, told EURACTIV that Spanish MEPs such as Juan Antonio Zoido, who is a member of the Pegasus committee, try to obstruct investigations in Spain as this could destabilise the government even further.
Zoido was Spain’s minister of the interior between 2016 and 2018. The Catalan independence referendum was held in 2017 and many supporters have reportedly been targeted by Pegasus.
In ‘t Veld’s office explained that Poland and Hungary were selected to be investigated as they have larger problems relating to the rule of law.
Possible consequences
This is not the first time that recommendations have been given on how to mitigate the abuse of cyber-surveillance technology. But, as of now, taking action remains within the competence of member states.
Asked about her hopes of changing more this time, in ‘t Veld stressed that “we can make as much noise as we possibly can. We can’t completely discipline member states, but we will do what we can.”
Amidst a situation where it is unclear which countries are using spyware, on whom exactly and for what motives, some experts suggested a moratorium on the technology’s use.
“If it now takes another five years before we agree on rules which protect human rights adequately, more spyware should not be exported in the meantime,” Hatas said.
The US already blacklisted Pegasus for “maliciously targeting” the phones of dissidents, human rights activists and others.
However, it is unlikely that the European Parliament will support a ban, according to Sophie in ‘t Veld.
Instead, the EU is currently planning to set up a secure bunker protecting high-level discussions from spies, located in the EU Council.
[Edited by Luca Bertuzzi/Nathalie Weatherald]
