Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime
EU Complicit in Spread of Advanced Spyware, Charges VeldPEGA Committee Rapporteur Sophie in 't Veld Calls for Spyware Moratorium
A member of the European Parliament accused the European Union of complicity in the spread of advanced spyware within member states and across the globe.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Presenting on Tuesday preliminary findings of a parliamentary committee investigating since March the abuse of spyware tools such as Pegasus, Dutch representative Sophie in 't Veld called the apps a threat to democracy.
The union's executive body is accustomed to fighting external threats to democracy, "but when the threat to democracy come from within, the Commission is silent," said the Dutch member of the Renew Europe alliance of liberal representatives, referring to the European Commission.
The commercial advanced spyware industry "is fully Europeanized, making use of the internal market, Schengen, and the reputation of the EU label," she added. Google's Threat Analysis Group says it has identified 30 manufacturers worldwide of mercenary spyware, of which the Israeli-based NSO Group, maker of Pegasus, is the most well known. Veld is the committee's rapporteur, meaning she will present the final report. Schengen refers to an area of 26 member states where border control has been abolished.
"All member states have spyware at their disposal. Even if they don't admit it, they do," she said.
The European Parliament overwhelmingly voted in March to empanel the 38-member PEGA Committee after reports surfaced that authorities in Poland, Greece, Hungary and Spain had used Pegasus to surveil politicians, journalists and activists. At its most advanced, Pegasus can infect a mobile device without a user having to click on a malicious link. Targeted surveillance through undetectable infections on mobile devices is a worldwide problem with political ramifications felt everywhere from Mexico to India.
Cyprus and Bulgaria act as export hubs for spyware and take advantage of weak enforcement of regulations on dual-use items, Veld charged.
"Luxembourg is where spyware vendors do their financial business. Ireland offers fiscal conditions which are attractive. Malta, interestingly, seems to be a comfortable home to spyware bosses with golden passports and letterbox companies," she added.
"Italy, France and Austria are home to some very important manufacturers and vendors of spyware. The Czech Republic hosts every year the big spyware fair," she continued.
The Greek government announced Monday it intends to ban the sale of spyware after a newspaper published a list of more than 30 people whose smartphones have allegedly been infected with advanced spyware. The list includes government ministers and business people, reported Reuters.
PEGA Committee Chair Jeroen Lenaers has complained that national governments are stonewalling the investigation by citing baseless national security concerns, and Veld has repeated those charges (see: European Parliament Pegasus Investigation Faces Resistance).
"They pull the card of national security, and from that moment on, the door is closed, the window is closed, no questions asked, no accountability, you get no information," she said.
She proposed a European moratorium on advanced spyware that could be lifted on a country-by-country basis only after demonstrating certain conditions, including investigations into abuses, a legal framework for acceptable use, allowing Europol to investigate allegations of illegitimate use, and repeal of all export licenses not in full compliance with regulations on dual use items.
Clamping down on advanced spyware will require supranational enforcement, Veld said, questioning whether the European Union is equal to the task. "When it comes to defending the most important thing, democracy and freedom, Europe is weak and impotent."
A statement from Lenaers following Veld's press conference stressed the preliminary nature of the report. "All members of the PEGA Committee will have the opportunity to present amendments to the draft report. Only the final report and recommendations, as adopted at the end of our period of activity, represents the position of the European Parliament as a whole," he said.