EU probe accuses multiple member states of using spyware

10 Nov 2022

Dutch MEP Sophie in ’t Veld. Image: © European Union 2016 - European Parliament (CC BY-NC-ND 2.0)

MEP Sophie in ’t Veld has called for a moratorium on the use of spyware and said EU Council members ‘may be complicit in the illegitimate hacks’.

An EU lawmaker investigating spyware in Europe claims several powerful European politicians could be involved in their use.

An investigation into the use of spyware in Europe is being led by European Parliament member Sophie in ’t Veld. It follows revelations in 2021 that military-grade spyware such as Pegasus was used to target journalists, activists and government officials in the EU.

Pressure has been growing for the EU to take action on the use of spyware in Europe. In February, the European Data Protection Supervisor warned that military-grade spyware could cause “unprecedented risks and damages” to the rights and freedoms of individuals.

In a draft report shared by Politico, in ’t Veld said the probe’s findings “are shocking and should alarm every European citizen”. She said that “four or five” governments from EU members states are accused of abusing spyware.

Some of the scandals surrounding the use of spyware in Europe have previously occurred in countries such as Spain, Greece, Hungary and Poland.

The report claims that “some of the “perpetrators” sit on the European Council. “The four or five governments accused of abusing spyware represent almost a quarter of the EU population, so they carry considerable weight in the council,” it says.

In an interview with Politico, in ’t Veld said that all member states have spyware at their disposal, whether they admit it or not.

The report claims that the European Council has not responded “publicly or substantively” to the scandal of spyware use in the EU. It accuses members of the council of engaging in “omertà”, a code of silence about criminal activity used by the Italian mafia.

“Some of its members have a stake in the matter, as they themselves may be complicit in the illegitimate hacks, or they simply wish to keep the EU weak and powerless in this area,” the report said. “The council is a legislator, but it may well be reluctant to regulate its own members.”

In March, the European Parliament established the PEGA committee to investigate the use of Pegasus and other surveillance spyware.

In her report, in ’t Veld said this commitee is working “diligently” but that it has no powers to summon witnesses, hear them under oath or access classified information.

“It is quite cynical that the European Parliament does not have the full powers to investigate, when
some of its own members are victims of illegal surveillance,” reads the report.

In a statement, the Dutch MEP described the use of spyware in Europe as “an all-out attack on democracy” and said it is “a pan-European problem”.

“The European Union is not equipped to respond to attacks on democracy from within,” in ’t Veld said. “From outside, yes, but from within we’re fairly helpless.”

The MEP also said that the spyware industry is a “very, very murky business” that needs to be urgently regulated.

Calls for a moratorium

In ’t Veld has called for a moratorium on the use and trade of spyware across the EU. She said under this proposed moratorium, member states would need certain “guarantees” to have this prohibition lifted, such as rule of law and fundamental rights.

These countries would also need to agree to EU oversight and immediately repeal export licenses for software that does not pass certain criteria.

“I think it is very worrying what’s happening,” she said. “And I also would appeal to the Greek government to provide clarity very rapidly because next year, there will be elections.”

Earlier this week, Greece’s government said it would ban the sale of spyware following a report that more than 30 people had been under state surveillance through phone malware, Euractiv reports.

Meanwhile, security advisers have warned delegates at the COP27 climate summit not to download an app over spyware fears, Politico reports.

These advisers are concerned that the Egyptian government’s official app for the event could be used to hack the private emails, texts and voice conversations of attending delegates.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Dutch MEP Sophie in ’t Veld. Image: © European Union 2016 – European Parliament via Flickr (CC BY-NC-ND 2.0)

Leigh Mc Gowran is a journalist with Silicon Republic