Will the Brussels spyware scandal finally convince the EU to act?
In February, Brussels was rocked by reports of phone hacking and spyware attacks on members of the European Parliament’s defence and security committee. Such intrusions are a huge threat to EU democracy — interfering with decision-making and allowing obstructive disruptions to public debate. Three weeks on, nothing seems to have changed with the EU’s approach to spyware.
If you thought that a major attack on EU democracy would stir lawmakers into finally taking action against spyware, the events of the last few weeks would prove you wrong.
In February, Brussels was rocked by reports of phone hacking and spyware attacks on members of the European Parliament’s defence and security committee. Such intrusions are a huge threat to EU democracy — interfering with decision-making and allowing obstructive disruptions to public debate. Three weeks on, nothing seems to have changed with the EU’s approach to spyware, which has rapidly become a free-for-all abusive practice, thanks to an out-of-control industry.
It’s not like the harms of spyware aren’t already well documented. This technology allows for unchecked and unlimited access to a person’s communications, intimate photos, personal contacts and online behaviour data — everything without the knowledge of the victim.
Spyware can turn a phone into a real-time spying device, even remotely activating the microphone and camera.What it means for elected representatives is a significant danger of confidential data theft which can be used for blackmailing and manipulation. This can have disastrous consequences for the integrity and reliability of democratic processes such as elections and policy-making.
EU twiddling its thumbs despite global alarm bells
Warnings from concerned civil society groups about the many ills of spyware have been widespread and insistent, even before we found in 2021 that over 180 journalists in 20 countries — including Hungary, Spain and France — had their phones infected by the Pegasus spyware, often by their own countries’ governments.
As a response, the EU Parliament had set up the PEGA inquiry committee to look into the use of surveillance software. Although the committee fell short of calling for an EU-wide ban on spyware, they recommended a condition-based moratorium and a European regulatory framework. However, almost a year since the recommendations were issued, there’s been little follow-up, largely due to the European Commission and member states’ inaction.
The European Commission remains stubborn despite the many scandals unearthing the dangers of these spying tools. They maintain that nothing can be done under the scope of EU competences and are pushing back on the European Parliament’s pressing calls for action. Member states — who famously love to abuse spyware against journalists — also refuse to engage with the Parliament about robust regulation against this technology.
While the EU keeps its head in the sand, the US government has taken the matter very seriously. After banning trade with the Israeli spyware producers NSO Group and Candiru in 2021, the Biden administration announced this February that it would impose visa restrictions for people suspected of being involved in the abuse of commercial spyware around the world.
They have also extended their sanctions regime to founders and employees of EU-based spyware companies, notably the Greek Intellexa, effectively prohibiting US companies and persons from engaging in any financial transaction, material or technological support with them. On the other side of the Atlantic, political torpidity on spyware is on its way to slowly eroding EU democracy.
Another democratic pillar hit by spyware: journalists
Not only is the EU failing to protect its lawmakers from intrusive spyware, they’ve also thrown journalists, media workers and human rights defenders under the bus. This week, the European Parliament voted on the European Media Freedom Act (EMFA), which was proposed in 2022 to protect journalists and media providers and serve as a push for strengthening EU democracy.
It is the first-ever law with binding rules on the use of surveillance technologies by European governments against journalists. Despite the admirable intentions, the regulation falls short of achieving its goals of protecting journalists from spyware. Not only does it lack crucial safeguards against surveillance of journalists, it may in fact end up promoting the use of spyware against them in the EU.
During final negotiations on the EMFA, EU institutions caved to member states’ demands for being allowed to put journalists under surveillance and even deploy spyware against them under very weak conditions.
This violates journalists’ rights, interferes with their work which is critical for the health of EU democracy, and poses a tangible threat to everyone’s freedom of expression and access to information. The threat of spyware is impeding lawmakers from independent decision-making and journalists doing their job to hold power to account.
It’s evident that spyware abuse isn’t just about privacy or the safety of journalists. It’s a democratic issue, with two key pillars under attack from this nefarious technology.
The EMFA has fallen short of its goals of protecting journalists from spyware. Even the intermediary solutions proposed by the European Parliament’s PEGA Committee have barely seen any follow-up.
This makes it clear that the current EU mandate has not delivered on protecting the EU’s democracy from the looming menace of spyware.
A total ban on spyware should be on the EU’s agenda next
The current EU regulations on spyware are not cutting it. With European elections coming up in June, we will soon have a new set of Members of the European Parliament and new decision-makers in the European Commission.
The next mandate will be an opportunity for them to pick up the slack and confront the threat of spyware. To do that, we need a protective EU-wide framework against spyware. Civil society organisations will continue to advocate for a complete ban on these spying tools to ensure the strength of our democracy and a safe and secure digital environment for journalists, people, policymakers and other communities to thrive in.
The incoming EU lawmakers have a choice: confront and act against the menace of spyware to ensure our safety and the integrity of our democracy or become the next targets of this surveillance technology.
This article was first published here by euronews.
Contribution by: Chloé Berthélémy, Senior Policy Advisor & Shubham Kaushik, Communications and Media Officer at European Digital Rights (EDRi)