A European Parliament inquiry has called for tighter regulation of surveillance spyware targeting political opponents, journalists and civil society. It flagged concerns that the EU is currently not ready to deal with such threats.
MEPs sitting on the European Parliament’s Committee of Inquiry to investigate the use of surveillance spyware (PEGA) embarked on a year-long inquiry into its use inside the EU, finally adopting the report on Monday.
Instances of spyware use were uncovered and investigated in Greece, Hungary, Poland, Cyprus and Spain. As things stand, EU governance structures cannot effectively deal with attacks to intimidate political opposition, silence critical media and manipulate elections.
Spyware should only be allowed when strict conditions are fulfilled, MEPs say. They highlighted the urgent need for a uniform definition of "national security" to prevent it from serving as a shield for human rights abuses.
“Not one victim of spyware abuse has found justice. Not one government has really been held accountable. The Member States and the European Commission should not sleep easy: I intend to keep on this case until justice is being done,” Rapporteur Sophie In ‘t Veld (Renew, NL) stated.
Four EU countries under the lens
In Hungary, MEPs argue that the use of spyware has been “part of a calculated and strategic campaign to destroy media freedom and freedom of expression by the government.”
While in Poland, Pegasus spyware has been part of “a system for the surveillance of the opposition and critics of the government – designed to keep the ruling majority and the government in power.” In both cases, the countries have dismantled bodies for independent oversight.
“Our inquiry has made it clear that spyware has been used to violate fundamental rights and endanger democracy in several EU member states, Poland and Hungary being the most blatant cases,” Committee Chair Jeroen Lenaers (EPP, NL) stated.
In Greece, Predator spyware has been used against journalists, politicians and businesspersons, and exported to countries with poor human rights records.
Yet MEPs believe that spyware use “does not seem to be part of an integral authoritarian strategy, but rather a tool used on an ad hoc basis for political and financial gains.” However, the report confirmed the surveillance of political opponents and journalists through Predator and the Greek intelligence services, which leads directly to the office of Greek Prime Minister Kyriakos Mitsotakis.
In that context, MEPs called on the Greek government to “urgently restore and strengthen the institutional and legal safeguards,” repeal export licences that are not in line with EU export control legislation, and respect the independence of the Hellenic Authority for Communication Security and Privacy.
Two spyware scandals have hit Spain: one which saw Morocco spy on the Spanish government, and the other involving Madrid surveilling Catalan separatist leaders.
The Spanish government has given assurances that it is taking steps to guard against spyware though MEPs have added to pressure on authorities to ensure “full, fair and effective” investigations. In particular this concerns the 47 cases where it is unclear who authorised the use of spyware against Catalan politicians.
Cyprus has also played a major role as an export hub for spyware, prompting MEPs to call for all export licences to be investigated and, when not in line with EU legislation, to scrap them. A joint EU-US spyware strategy is needed, holding talks with Israel on spyware exportation, and ensuring EU development aid does not support its use.
Cross-border controls for international problem
MEPs want EU-wide rules on the use of spyware by law enforcement, which should only be authorised in exceptional cases for a pre-defined purpose and for a limited time. MEPs have also argued for a common EU definition for "national security" – one of the main excuses used by governments in excusing their use of spyware.
Politicians, doctors or the media should not have their data collected or placed under surveillance “unless there is evidence of criminal activity.”
MEPs are proposing mandatory notifications for targeted people and for non-targeted people (whose data was accessed as part of someone else’s surveillance) and highlight the need for more independent oversight and setting the standards for the admissibility of evidence collected using spyware.
Related News
- Pegasus investigation: EP report discloses biggest spyware scandal in Europe
- Like the Stasi: Greece's spyware scandal escalates in European Parliament
- Spyware ‘grossly abused’ by Hungarian Government
Yet the committee stopped short of calling for an EU-wide ban on spyware, instead announcing that “Stricter EU-level scrutiny is needed to ensure that spyware use is the exception, to investigate serious crimes... We acknowledge that when used in a controlled manner it can be an important tool to combat crimes like terrorism.”
“Our committee has formulated a wide range of proposals to regulate the use of spyware, while respecting national security competences,” stated Lenaers.
Rapporteur In’t Veld pointed towards the dangers of giving governments the unimpeded power of spyware. She added that the commercial use of spyware, without proper judicial oversight, poses a threat to European democracy: "Digital tools have empowered us in various ways, but they have made governments far more powerful. We have to close that gap."