Privacy watchdog proposes EU-ban on Pegasus-like spyware
-
Government officials in both Poland and Hungary initially denied using the spyware, which turns smartphones into surveillance devices against their users - but eventually acknowledged its use (Photo: CAFNR)
The EU's top privacy watchdog wants a ban on the Israeli-made Pegasus spyware, which has been used by the Hungarian and Polish state reportedly against journalists and opposition figures.
The Brussels-based European Data Protection Supervisor (EDPS) warned the software could lead to an unprecedented level of intrusiveness into citizens' private lives and shake the foundations of a free-thinking society.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
Although the supervisor can only make suggestions and offer recommendations, the input adds to the growing chorus of outrage over a software that may have been sold to dozens of countries worldwide.
And while its broadside against Pegasus was welcomed by privacy advocates, it ramps up pressure on Europe to craft a data regime that balances citizens' rights with allowing law enforcement to limit privacy where needed to combat crime and terrorism.
Even so, the EDPS doubted that spyware such as Pegasus - or other possible future variants on it - could even meet the requirements of proportionality given its highly intrusive technology, it said in a briefing paper.
And in an emailed statement on Tuesday (15 February), the EDPS suggested an EU-wide "ban on the development and the deployment of spyware with the capability of Pegasus."
The United States has since blacklisted NSO Group, the Israeli-firm behind Pegasus software, saying the company knew foreign governments would use it to "maliciously target" the phones of human rights defenders, journalists and others.
Lawmakers at the European Parliament plenary session in Strasbourg were quick to point out that — aside from public statements — little else had been done to curtail its use in Europe.
"Within Europe, where this is happening, the Council and the Commission have so far been silent," Dutch liberal MEP Sophie in 't Veld said. "Yes, you have condemned the practices, but what has actually been done? Nothing."
"European governments spying on their own citizens for political purposes, is totally and wholly unacceptable," she said.
Calls for EU sanctions against the NSO Group have been made by Human Rights Watch, as well as numerous other advocacy groups and experts.
EU justice commissioner Didier Reynders, also speaking at the plenary debate, acknowledged the EU's limits when it came to national security.
But that "does not mean that member states are exempt from their obligations in line with EU law," Reynders said.
A consortium of journalists who were part of the so-called Pegasus Project revealed widespread abuse of the NSO's hacking spyware.
Although the company said its tools were only for use against terrorists and criminals, the Pegasus Project revealed how the digital dragnet had ensnared many others, including human rights activists, journalists and lawyers.
Among those targeted was the Hungarian journalist Szabolcs Panyi from the investigative website Direkt36. Panyi said his phone had been hacked in 2019, while investigating Russian influence in Hungary.
An investigation by the Associated Press revealed at least three people in Poland had been targeted by Pegasus, among them Polish prosecutor Ewa Wrzosek and opposition senator Krzysztof Brejza.
A number of Polish senators have since announced plans to draft laws to rein in such surveillance abuses.