The EU Parliament’s Pegasus Committee approved its final report, on Tuesday, May 9th, calling for tight regulations for the use of military-grade spyware on citizens, and condemning some member states for using spyware against citizens without proper, legal oversight.
Spyware, which refers to software that can be surreptitiously installed in a third-party smartphone, is able to read messages, geolocate, and secretly turn on the device’s camera and microphone. Pegasus, developed by the Israeli-based firm NSO, is the most well-known.
The final report concludes 14 months of work of the special committee, launched following investigative work by a media consortium that presented evidence of spyware used against politicians of various levels, journalists, human rights activists, and business leaders in various countries around the world. The committee made visits to Spain, Hungary, Greece, and Poland, and heard from victims and experts on spyware during hearings.
Poland and Hungary have been severely reprimanded for their use of such software; Spain and Greece had received a slap on the wrist, according to the report.
The report condemns both Poland and Hungary for using spyware against citizens without judicial oversight. In Hungary, according to the report, spyware is used as “part of a calculated and strategic campaign to destroy media freedom and freedom of expression by the government.” In Poland, it has been part of “a system for the surveillance of the opposition and critics of the government; designed to keep the ruling majority and the government in power.”
The report states that in Greece, spyware use “does not seem to be part of an integral authoritarian strategy, but rather a tool used on an ad hoc basis for political and financial gains” and calls on the government to respect the country’s independent oversight mechanisms.
Spain, the report says, “has an independent justice system with sufficient safeguards,” but MEPs also urged the Spanish government to further investigate 47 cases where “it is unclear who authorised the deployment of spyware, and to make sure targets have real legal remedies.”
It also calls out Cyrus for exporting spyware to governments known for human rights abuses.
The committee also called for an in-depth investigation of spyware export licences and stricter regulation on the use of spyware and exploiting vulnerabilities in technology, such as computer software. MEPs also want to see “the creation of an EU Tech Lab, an independent research institute with powers to investigate surveillance, provide legal and technological support, including device screening, and perform forensic research.”
“Today, the committee of inquiry concludes its work. This does not mean that the work of this Parliament is finished,” the committee’s rapporteur, Sophie In ‘t Veld, said in a statement.
Not one victim of spyware abuse has been awarded justice. Not one government has really been held accountable. The member states and the European Commission should not sleep easy, because I intend to keep on this case until justice is being done. The unimpeded use of commercial spyware without proper judicial oversight poses a threat to European democracy, as long as there is no accountability. Digital tools have empowered us all in various ways, but they have made governments far more powerful. We have to close that gap.
The committee also called for a ban on the use of spyware until tighter regulations have been approved.
