We all want to be safe and secure

People’s ability to communicate without unjustified intrusion – whether online or offline – is vital for our rights and freedoms, as well as for the development of vibrant and secure communities, civil society and industry.

When people are under threat, they need privacy-preserving technologies to communicate with journalists and lawyers, coordinate protection for their families, and fight for their safety and rights.

Encryption is great for protecting the way our messages travel on the internet. Through “end to end encryption”, anyone can make sure that the content of an online conversation is can not be intruded upon, not even the server that facilitates the transmission.

Despite this, our communications, devices and with them our freedom and safety are under threat.

States and companies attack our devices and communications through spyware tools and encryption circumvention methods

We see more and more attacks on encryption, by state actors such as law enforcement agencies, or Europol. In 2022, we started our campaign “Stop Scanning Me” with a goal to protect encryption in EU’s CSAR proposal. But new commercial tools such as spyware are also emerging, and with them a whole unregulated market profiteering from exploiting our devices.

Attacks on Encryption

Europol and law enforcement are pushing to legalise hacking methods that weaken encryption. These methods rely on ordering a service provider (those who develop or maintain the software, computer system, network, or electronic device) to build vulnerabilities in their systems. With this demand, state actors want to enable the police or intelligence agencies to have access to our data and break encryption. Client-side scanning (scanning of all content such as text,images, videos, etc. on a device or shared in a communication channel) is a method proposed under the EU CSA Regulation. Key escrows or “key recovery”, involves placing decryption keys in a “vault” managed by a trusted authority or group of trusted authorities, who can break them out when access to the encrypted data is needed. Finally, ghost proposals refer to the modification of the encryption system to enable a third-party listener to be silently added to encrypted conversations.

Proliferation of Spyware

Modern spyware is, a software that can secretly get everything from your phone: your messages, photos, contacts, location, microphone, camera, and browsing history, without you ever knowing. These tools turn a personal device into a constant surveillance instrument, following you in your private life, work, and relationships. Spyware developers use systems vulnerabilities to get into your device, and their products are often used by States to spy on political dissidents, journalists, activists. The spyware industry depends on the abuse of software vulnerabilities, a practice that weakens cybersecurity for everyone:. At least 14 EU Governments have acquired or used spyware, and many private vendors are based in Europe: Thalestris Limited (the parent company of Intellexa) in Ireland, Greece, Switzerland and Cyprus, Memento Labs or Cy4Gate in Italy, DSIRF in Austria, QuaDream in Cyprus, Amesys and Nexa Technologies in France, Paragon in Germany or Paradigm Shift, Palm Beach Networks and Epsilon, companies based in Barcelona. Non-EU spyware is also used by European actors. The “Catalangate” scandal revealed thousands of direct and collateral victims from Pegasus – a spyware tool built by the Israeli company NSO Group. In many regions of the world, this spyware was used to limit dissent, political expression, organisation and journalism.

The impact on people, society, economy

If we lose encryption, we will also lose trust in anything we do online, risking the security of our democratic society, economy and our human rights. We will all be impacted by the chilling effect of unreliable, unsafe communications: journalists engaging with sources or combating disinformation, lawyers consulting their clients, doctors and therapists supporting their patients, human rights defenders chatting online, youth organising protests, families chatting with each other.

If decision-makers allow the commercial spyware industry to continue unhinged, anyone who can pay enough will be able to target activists, politicians, investors, journalists and any of us, basically. The spyware market is a systemic threat not only to human rights, but also to cybersecurity, democratic stability, and global safety.

The KISS Campaign is led by a group of civil society organisations active at national, European and international level, advocating for a ban on spyware and for measures to protect encryption.

Launched in February 2026, the KISS campaign is co-led by the EDRi (European Digital Rights) together with allies Iuridicum Remedium (Czechia), SHARE Foundation (Serbia), Access Now (International), EPIC (International), danes je nov dan (Slovenia), Alternatif Bilisim (Turkey), OsservatorioNessuno (Italy), Belgrade Centre for Human Rights (Serbia), Digitale Gesellschaft (Germany),Independent Journalists’ Association of Serbia (Serbia), PEGA Coalition (International), Lobby4Kids, Partners Serbia (Serbia).

We represent technologists, victims of spyware, journalists and human rights advocates.