A Grave Threat to Democracy, This Is How Illegal Spyware Causes Concern in the EU

Illegal spying is on the rise in Europe, raising human rights concerns about undermining democracy. A new report issued by a committee of the European Parliament revealed results described as a scandal proving the involvement of the governments of 4 European countries in spying and eavesdropping using Israeli spyware.

It is noteworthy that the national security file is the first pretext for intelligence agencies to avoid legal accountability in cases of spying.

With the development of information technology in the world in the last decade, laws that protect electronic privacy have been delayed. Whereas, in 2020, the Supreme Court of the EU ruled that unrestricted mass surveillance of mobile phone and Internet data was illegal, and the serious ruling excluded cases of serious threat to national security without providing a clear explanation of the criteria for assessing the threat.

Current European law gives governments partial powers that include collecting two citizens’ Internet Protocol (IP) addresses, keeping them within the same limits when absolutely necessary, and allowing unfettered online spying on potential terrorist activities.

An investigation published by 17 international media on July 18, 2021, showed that the Pegasus program developed by the Israeli NSO allowed spying on no less than 180 journalists, 600 political figures, 85 human rights activists, and 65 company owners in several countries.

 

Illegal Use

On November 08, 2022, a committee of inquiry of the European Parliament issued a report exposing the illegal use of spyware by at least four European governments, calling on them to stop using these technologies, as reported by The Guardian.

The European Parliament established a committee to investigate the use of surveillance software in EU countries, on March 13, after the publication of data on spyware over the past year, and the committee’s aim is to establish European rules for the acquisition, import and use of electronic warfare software, such as Pegasus.

In turn, Dutch MEP and inquiry committee rapporteur Sophie In ’t Veld said during a press conference: “The abusive use of spyware in member states of the EU constitutes a serious threat to democracy in the entire continent.”

She added, “In a democratic country, putting people under surveillance should be the exception... It should not be exploited for political or partisan purposes.”

She pointed out that in many cases, the governments of Member States refused to share official information with the European Parliament’s committee of inquiry, which had to rely on other sources, especially journalistic investigations, in its work.

In Spain, there are strong indications that it was the government that spied on political figures, including members of the Catalan independence movement, and others who had nothing to do with a clear and imminent threat to national security, according to the European rapporteur.

“In Poland and Hungary, we see the Pegasus spyware as an essential part of a system designed to control and even suppress citizens who criticize the government, members of the opposition, journalists, and whistleblowers,” she asserted.

As for Greece, the committee’s rapporteur said: “No conclusive evidence has been found regarding the identity of the Predator spyware users on the phones of the Greek victims, but all indications point to people working in government departments.”

Sophie added that the committee of inquiry should focus more on the case of Cyprus, mentioning indications that these technologies are used to monitor citizens, adding that this country is a platform for exporting spyware.

The committee’s report accuses Cyprus and Bulgaria of serving as export hubs for spyware, Ireland of offering favorable financial terms, Luxembourg of providing banking services to developers, France of hosting manufacturers, Malta of being a popular destination for industry leaders, and even the Czech Republic of celebrating an annual exhibition dubbed the Wiretappers’ Ball.

Sophie asserted that all 27 EU countries have spyware at their disposal even if they do not acknowledge it, proposing to stop the sale, possession, transfer, and use of such technologies.

She added that this ban could be canceled according to the country if four conditions related to monitoring the use of these programs are met, calling for a common organization and definition of the concept of national security.

On July 27, 2022, the European Commission stated that it had found indications that the phones of some of its senior officials had been hacked through Pegasus, according to Reuters.

The Commissioner for Justice of the EU, Didier Reynders, said in a letter addressed to the Dutch representative, Sophie In ’t Veld, dated July 25, that Apple informed him, in November 2021, about a possible penetration of his mobile phone by the Pegasus program.

Reynders added in his letter that an internal investigation was conducted, but it did not find that Pegasus had hacked the devices, whether personal or professional, belonging to him or other EU officials, pointing out that the examinations of the devices led to the discovery of indications of the occurrence of breaches.

The Commissioner for Justice added that the commission had sent requests for more information to Hungary, Poland, and Spain regarding its use of Pegasus, while Budapest and Warsaw responded that the use of the software was for legitimate reasons of national security.

 

Spyware Developer

In the same context, the Israeli newspaper Haaretz revealed in its report on August 9, 2022, that the Israeli company that developed the spyware program Pegasus has contracts with 22 security and executive organizations in 12 countries within the EU, including security and intelligence organizations and law enforcement authorities.

European lawmakers discovered that NSO has traded with 14 countries in the EU in the past, while there are currently 12 countries that still use Pegasus.

According to the same data, NSO has recently severed its relations with two countries, namely Poland and Hungary, while some members of the committee believe that Spain has frozen its contract after revealing the monitoring of the leaders of the Catalan separatists.

In addition to the Israeli companies active in Europe, it was recently revealed that there are a large number of spyware manufacturers, as Microsoft recently revealed a new spyware program called Subzero developed by an Austrian company located in Liechtenstein.

Google also recently revealed a new spyware program called Hermit developed by an Italian company called RSC Labs, which is a program aimed at hacking iPhone and Android devices, and it was found in devices in Kazakhstan and Italy.

Spyware companies face a major dilemma after revealing the identity of the customer governments that use their software, as they are subject to mounting criticism from human rights organizations and the media, which jeopardizes future agreements due to what may be considered a breach of trust and confidentiality contracts with their customers.

 

Greece and Spain

On November 04, 2022, a European Parliamentary Committee called on Greek officials to make more efforts to shed light on the phone-hacking scandal of opposition politicians and journalists.

“We have learned a lot, but we still feel that many of our questions remain unanswered,” said committee chair Jeroen Lenaers after fact-finding visits to Greece and Cyprus.

On November 6, 2022, the Greek newspaper Documento published a list of 33 public figures in Greece, including current ministers, influential members of the ruling New Democracy Party, and potential rivals of Prime Minister Kyriakos Mitsotakis, who were targeted by the Predator spyware.

Among them is former Prime Minister Antonis Samaras, in addition to the current ministers of foreign affairs, finance, development, labor, and tourism, and businessman Evangelos Marinakis, owner of the Greek Olympiacos and Nottingham Forest football clubs.

The Greek Prime Minister’s office announced on August 5 that the Greek intelligence director, Panagiotis Kontoleon, had resigned amid a spying scandal against the leader of the opposition Greek Socialist Party, Nikos Androulakis.

Androulakis is also a member of the European Parliament who was elected on his party’s list in 2014 and 2019, and has been leading this party since December 2021, after the death of its former president, Fofi Gennimata.

It is worth noting that another deputy from the Greek opposition and three of the country’s journalists filed complaints months ago confirming that their phones were being spied on, and the Public Prosecutor’s Office opened investigations in this regard, while the Mitsotakis government denies using the Predator spyware, which allows monitoring calls, messages, photos and videos stored on a smartphone.

On May 10, 2022, the Spanish government sacked the director of the intelligence service, Paz Esteban Lopez, in connection with the phone-tapping scandal of Prime Minister Pedro Sanchez, Spanish Defense Minister Margarita Robles, and Catalan independent officials.

After analyzing the phones of all the ministers, the government revealed that the phone of the Minister of the Interior, Fernando Grande-Marlaska, was also spied on last year through the Israeli Pegasus spyware, just as it happened to the phones of Sanchez and Robles.

The Spanish government was also subjected to a lot of pressure and was asked to provide explanations for the exposure of dozens of phones of people linked in one way or another to the separatist movement in Catalonia, to penetration through spyware sold by the two Israeli companies, NSO and Candiru, according to what was revealed by the report of experts working in the Citizen Lab group, which was published on April 18, 2022.

“All of the hacks took place between 2017 and 2020, when efforts to create an independent state in northeastern Spain led to the country’s deepest political crisis in decades,” the report said.

The previous Catalan cabinet, which went ahead with an illegal independence referendum, was sacked, and most of its members have been imprisoned or fled the country, including former regional president Carles Puigdemont.

 

Poland and Hungary

Last March, the EU opened an investigation into the Pegasus program violations committed in Hungary and Poland.

According to this investigation, conducted by Amnesty International and Forbidden Stories with the participation of American and European journalists, the Hungarian government spied on opposition politicians, legal experts, and journalists through the illegal use of Pegasus.

The investigation concluded that the phones of journalists and photographers from the Hungarian center for investigative journalism, critical of the government, Direkt36, were hacked following the publication of reports in which they revealed problematic performance by the Russian and Hungarian governments.

Polish officials and a member of the Hungarian ruling party admitted that their governments bought NSO spyware in 2017, a few months after a meeting between then-Israeli Prime Minister Benjamin Netanyahu and Polish and Hungarian Prime Ministers Beata Szydlo and Viktor Orban, although the two countries have denied any wrongdoing regarding allegations of domestic espionage.

In January 2022, the Associated Press and Citizen Lab published a series of exclusive reports revealing that at least three prominent Polish opposition figures had had their phones hacked with spyware in recent years.