The European Parliament’s inquiry on Pegasus is over; the struggle for freedom from illegitimate surveillance is not.
Two years ago, the consortium of journalists Forbidden Stories, together with Amnesty International and Citizen Lab, revealed massive, illegal use of spyware against journalists, human-rights defenders, political activists, high-level politicians and lawyers. Following this so-called ‘Pegasus’ scandal—named after the spyware marketed by the Israeli company NSO—the European Parliament set up an inquiry committee to investigate illegal uses of this and other spyware, which began its work in April 2022. I was appointed co-ordinator for the Greens/EFA group and together with my team have been heavily involved since in the work of the committee.
Active committee members have dedicated hundreds of hours to expert hearings with victims, representatives of public authorities, academics, non-governmental organisations and others concerned, as well as technical and political negotiations and fact-finding missions to Israel, Poland, Greece/Cyprus, Hungary and Spain.
This important investigation, which lasted over a year and was marked by a lack of co-operation on the part of the member states, culminated with the adoption of our report and recommendations at the June plenary session of the parliament. Those recommendations should be the first step towards binding legislation at national and European levels.
End to misuse
Endorsing our report, the parliament is calling for an immediate end to the misuse of spyware. Indeed, by the end of the year any use should only be in compliance with strict conditions. These include respect for the principles of proportionality and necessity; prohibition of certain uses, situations and functionalities; and protection of certain professions, such as lawyers. This should de facto lead to the moratorium sought by many stakeholders.
Mere rehearsal by European Union governments of ‘national security’ as a catch-all defence of spyware use, without offering any substantive argument, will no longer be sufficient. Our investigation has shown that systematic deployment of this notion can lead to abuses of civil liberties. Decisions taken in the name of ‘national security’ must therefore be subject to strict controls to guarantee fundamental rights: personal privacy, freedom of the press and exercise of political opposition.
The European Commission is powerless when national governments evoke this ‘national security’ argument. This must change. In case of alleged abuse, in addition to a full investigation by the relevant authorities, the commission must be able to assess and determine if the conditions to use spyware have been fulfilled.
Assistance for victims
The parliament is also calling for the creation of an ‘EU Tech Lab’, to provide assistance and information to victims. As things stand, individuals with no institutional backing cannot have their phones screened for spyware or receive support in judicial proceedings. The proposed Tech Lab would be accessible to every individual residing in the EU (not just national and EU citizens).
In addition, we propose a ‘right to notification’ after the surveillance has ended for the targeted person, as well as for non-targeted persons whose data have been trawled in the course of the operation. This would ensure that every person is informed of surveillance with spyware, which is currently not the case.
Other recommendations in the report include a prohibition on selling ‘hacking as a service’, as well as a ‘rule-of-law-by-design’ requirement. These would make it effectively impossible to deploy spyware such as Pegasus.
Meaningful legislation
Closing our inquiry is not the end of the battle. Despite its ambitions, the PEGA report is not binding. It does not fall within the competence of the parliament to initiate legislative proposals. That remains the prerogative of the commission, which we call on to propose meaningful legislation to tackle spyware abuses effectively. We also urge national parliaments and member states to adopt and implement such legislation.
The threat of spyware to our fundamental rights and democracy, amid ever-growing challenges to the rule of law in the EU and elsewhere, makes the adoption of strict rules necessary. Just days ago, we learned that phones of Belgian police officers and magistrates, including the magistrate Michel Claise, who was in charge of the ‘Qatargate’ investigations, had been illegally infected with Pegasus-type software. This goes against not only the rule of law but also the separation of powers and requires urgent political reaction.
Such attacks on the rule of law and fundamental rights must stop. And the European Parliament will not give up. As long as these abuses exist and are not regulated, we shall continue to put pressure on the commission and member states to propose and adopt legislation based on our recommendations—and monitor their performance.
Saskia Bricmont has been a member of the European Parliament since 2019. She is a member of the LIBE (Civil Liberties, Justice and Home Affairs) and INTA (International Trade) committees. Respect for human rights, particularly children's rights, is the common thread of her political commitment.