During yesterday’s plenary session in Strasbourg, the Parliament urged the EU to ensure that those responsible for manufacturing and marketing the spyware were held accountable for the use of the malware application to spy on journalists, opposition members and activists.
”The recklessly insecure information technology on the market has become a risk to our lives. We need to hold commercial manufacturers liable for the damage caused by vulnerabilities in their products”, MEP Patrick Breyer (Greens) told Brussels Morning.
Commission’s investigation in Hungary
In Strasbourg, Justice Commissioner Didier Reynders said the EU is closely following an investigation initiated by Hungary’s data protection authority. The Hungarian body claims that Viktor Orban’s government was one of many targeting journalists, media owners and opposition with the Pegasus spyware.
“We know that Orban’s government has authorised a record number of surveillance operations, but all information regarding the background of these operations is kept secret”, MEP Istvan Ujhelyi (S&D) declared.
The Hungarian MEP encouraged EU institutions to “force the Orban government” to “account for its use of the Pegasus software”.
Overall, MEPs remain sceptical about the EU executive’s efforts. In his remarks to Brussels Morning, Breyer was unequivocal. “The Commission must stop to attack and undermine secure end-to-end-encryption under the guise of combatting child pornography. The EU‘s actions to undermine IT security speak louder than its cyber security talk.”
MEPs maintained that governments should address the abuses and vulnerabilities immediately and stop exploiting and incentivising them for their own surveillance purposes.
Pegasus is the main product of the NSO Group, an Israeli surveillance company. Once installed, Pegasus can theoretically harvest any data from user device and transmit the information back to the attacker.
The spyware system enables clients to access to the complete contents of the targeted individual’s phone, and can even remotely access camera and microphone features, according to a forensic analysis that was conducted by Amnesty International’s Security Lab in partnership with Forbidden Stories.
In July, an international investigative journalism consortium revealed that various governments may have misused Pegasus, the commercially available quasi-military spyware product, to carry out surveillance on opposition figures, human rights activists, journalists and lawyers in the EU and elsewhere.
The consortium’s analysis of the leaked data identified at least ten governments believed to be NSO clients, who were making use of the system to trawl for confidential data. Those listed were: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE).
“There should be no excuses for inaction,” Michelle Bachelet the UN High Commissioner for Human Rights, declared. “States have come together to acknowledge the chilling effect that illegal surveillance poses to public freedoms and to the tenets of democracy in successive UN resolutions”, he said.