BRUSSELS BEHIND THE SCENES
Weekly analysis and untold stories
With SAM MORGAN
Opération Pegasus
A new European Parliament committee started work investigating a spyware scandal that has rocked governments and the EU institutions themselves. But how far could the probe go and what will it find?
The scandal revolves around software known as Pegasus, developed by an Israeli technology firm, which can be used to infiltrate smartphones, read text messages, listen to phone calls and activate microphones.
It is a powerful piece of spyware, made all the more dangerous still by the fact that it has been sold exclusively to governments around the world. Intended to counter terrorism, it has unfortunately been used for more unscrupulous reasons.
In recent months, evidence has emerged of Pegasus being used against journalists, civil rights activists, MEPs, EU officials and even prime ministers. The scandal has shone a damning light on cybersecurity and caused outrage.
So much outrage that it has prompted the European Parliament to set up a special committee tasked with investigating the affair. MEPs assigned to the panel kicked off their work this week and have some lofty ambitions for their inquiry.
BRUSSELS BEHIND THE SCENES is a weekly newsletter which brings the untold stories about the characters driving the policies affecting our lives. Analysis not found anywhere else, Sam Morgan helps you make sense of what is happening in Brussels. If you want to receive Brussels behind the scenes straight to your inbox every week, subscribe to the newsletter here.
“The gravity of the Pegasus scandal cannot be overstated. When governments target individuals for political purposes, then that runs against every democratic and lawful instinct I have,” said Sophie in ‘t Veld, a Dutch MEP that will draft the committee’s final report.
Lawmakers have already announced their intention to call representatives from national governments to give evidence and they also want to grill the head of NSO, the firm that developed Pegasus.
The committee’s work is expected to last about 12 months but is curbed by one important factor: it will not have any actual power to hand down punishments or sanctions.
Such is the nature of special Parliament committees, they can make recommendations and issue a resolution based on their findings but their real weapon will be making as much noise as possible to draw attention to the scandal.
The investigation will kick off by looking at the existing national surveillance and security laws of the 27 member states, with a view to establishing whether how Pegasus has been used breaches either national or EU law.
Hungary, Poland and Spain are among the countries that have allegedly deployed the spyware against various individuals. MEPs will be keen to compile a full roll call of EU governments that are on NSO’s client list.
Establishing that list will be a further step towards the committee’s ultimate aim of calling for a ban on the use of Pegasus against journalists, legal professionals and politicians. Public outrage may then result in people being held accountable.
Belgian Green MEP Saskia Bricmont told The Brussels Times that “we need urgently to decide on a moratorium before the situation spirals totally out of control.”
The Parliament certainly will not be able to rely on the European Commission to launch its own inquiry, even though one of its top officials – Belgium’s Didier Reynders – was reportedly the target of a cyberattack last year.
According to the Commission, an inquiry is not part of its remit and it should be left up to national authorities and regulators to delve into the matter.
Sophie in ‘t Veld insists that this is a case of the Commission “ducking its responsibility as guardian of the Treaties. Ensuring compliance with fundamental rights and the right to privacy is squarely a task of the Commission.”
Commission Vice President Margrethe Vestager nevertheless appeared to downplay the risk posed by spyware like Pegasus earlier this week, quipping that her phone only holds “boring” information.
Pegasus may be a Pandora’s Box that the Commission does not want to open. If it is confirmed that EU governments were responsible for targeting its officials, that could turn what is already a full-blown scandal into a crisis.
Ramifications would have to follow but how that would exactly work is an open question. Infringement procedures can be opened but as has been proved time and time again, they are too drawn out and toothless to enact any meaningful change.
Withholding EU money or even stripping countries of their voting rights are also options but that requires unanimity among the member states. Given that many of them have used Pegasus, it would be a bit like turkeys voting for Christmas.
It has already proven futile trying to convince governments to punish the likes of Hungary and Poland for rule of law breaches, so bringing up the issue of cybersecurity could also reveal that the EU-mperor has no clothes.
This current dynamic means that member states would not want to have any EU-level discussion about what they will certainly claim is a national security matter. It would be a case of ‘for our eyes only’.
BRUSSELS BEHIND THE SCENES is a weekly newsletter which brings the untold stories about the characters driving the policies affecting our lives. Analysis not found anywhere else, Sam Morgan helps you make sense of what is happening in Brussels. If you want to receive Brussels behind the scenes straight to your inbox every week, subscribe to the newsletter here.