EU parliament spyware inquiry eyes Italian firms
-
The investigation revealed Tykelab and RCS Lab were using surreptitious phone network attacks and sophisticated spyware against targets on a global scale (Photo: CAFNR)
European lawmakers probing the Israeli spyware Pegasus may now start looking into Italian firm Tykelab and parent company RCS Lab following media revelations of mass surveillance.
Set up in the wake of the Israeli NSO spy scandal, the Pega inquiry committee gathers information on the extent to which states use intrusive surveillance technology and how such technology undermines human rights.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
Its chair, Dutch liberal MEP Jeroen Lenaers and Pega secretariat told EUobserver in an email ahead of the publication of the investigation, that Tykelab and RCS Lab could become a fresh part of the committee's probe.
"The mandate of the Pega committee is not limited to NSO/Pegasus only, but would clearly cover something like Tykelab and RCS Lab that you mention," said the Pega secretariat, in an email, with Lenaers in copy.
The committee's vice chair, German liberal Moritz Körner, made similar comments.
"We look at different firms and software. So I think Tykelab and RCS Lab could definitely become a topic in the committee," he said.
The investigation by Lighthouse Reports along with media partners Der Spiegel, Domani and Irpimedi , found that both Tykelab and RCS Lab were using surreptitious phone network attacks, and sophisticated spyware, against targets in southeast Asia, Africa and Latin America, as well as inside Europe.
EUobserver was given summary conclusions of those findings ahead of publication, including a snap shot of previously unpublished phone signalling datasets.
The phone-signalling data paints a disturbing picture of surveillance practices that are said to be almost on par with Pegasus, the Israeli software used to infiltrate mobile phones and extract data or activate cameras or microphones.
Such signals expose vulnerabilities in phone networks that in turn give up the locations of phone subscribers.
Although not explicitly highlighted in the Pega inquiry, RCS was still briefly mentioned in a 21 June hearing as part of the spyware industry by Privacy International's Edin Omanovic.
Omanovic at the time said a 2016 analysis had found over 500 firms that sell surveillance technology for government end-users for surveillance.
"They sell a full spectrum of tools ranging from spyware to techniques which take advantage of vulnerabilities in telecomms networks, to spy on people anywhere, to huge internet monitoring tools which sweep up internet traffic on a nationwide level," he said.
There is also a massive regulatory gap and lack of legal redress in case of abuse, said professor Ben Wagner, director of the AI Futures Lab at TU Delft, in comments made at the same hearing.
"We've unleashed an industry that we have not been sufficiently willing as Europeans to regulate," he said.
"Sooner or later this will be misused, whether it's in election campaigns, whether it's in so-called corruption cases," he said.
Firms that make such software often claim it is used to track down criminals or terrorists — including Israel's NSO Group that led to the European Parliament inquiry into Pegasus.
The NSO Group reportedly has active contracts with 12 of the 27 members of the European Union and is now seeking to expand its client base to Nato members, the western defensive alliance of some 30 countries.
But some state actors in the EU and elsewhere are also targeting political opponents and journalists.
The latest scandal ensnared Greek prime minister Kyriakos Mitsotakis earlier this month after it was revealed that state intelligence service EYP tapped the mobile phones of a political opposition leader and a financial journalist who works for CNN Greece.
EYP reports directly to Mitsotakis' office, which has denied any involvement.