Pegasus Scandal Hits EU from Within

Published: 15 November 2022

Sophie in t Veld EU Parliament

Dutch EU parliamentarian Sophie in 't Veld warns that the EU has no internal protection instruments against infamous spywares, such as Pegasus. (Photo: European Union 2014 - European Parliament, Flickr, License)

By Zdravko Ljubas

The European Parliament’s Inquiry Committee into Pegasus and other spyware met Monday for a hearing on the situation in Germany, after a study revealed that a number of EU countries had been utilizing the infamous Pegasus malware.

However, nobody from the German government attended the hearing although the committee invited the Vice President of the German Federal Police Martina Link three times but each time she remained unavailable.

“It’s not a very good sense of cooperation we receive from the German authorities in this sense,” said Jeroen Lenaers, a Dutch Member of the European Parliament who chaired the hearing.

The only expert who attended was investigative journalist Andre Meister from the Berlin-based outlet Netzpolitik.org. He said that the fact that “the German government and police turned down the invitation of this committee is disgraceful.”

Government agencies in Germany have been spying on people for at least two decades, recently particularly on “anti-facshist human rights defenders and climate activists. In this very moment 12 climate activists are in prison without trial or charges,” he said. This kind of incarceration is used to keep them from protesting on the street, he added.

Similar hearings will be organized in the forthcoming period since a report presented before the European Parliament last week revealed that at least 14 EU governments have used the infamous malware to spy on journalists, civil society, lawmakers or civilians.

“The spyware scandal is not a series of isolated national cases of abuse, but a full-blown European affair,” the report said. “EU Member State governments have been using spyware on their citizens for political purposes and to cover up corruption and criminal activity.”

The report warned that some EU governments “went even further and embedded spyware in a system deliberately designed for authoritarian rule,” while others “may not have engaged in abuse of spyware, but they have facilitated the obscure trade in spyware.”

The document claimed that Europe has become an appealing location for mercenary spyware as well as an exporter to dictatorships and brutal regimes such as Libya, Egypt and Bangladesh, “where the spyware has been used against human rights activists, journalists and government critics.”

“We are looking at, on the one hand, the abuse of spyware by the EU governments, and on the other hand, the trade in spyware, because Europe is a very important and attractive place for the spyware industry,” the Committee’s rapporteur, Dutch lawmaker Sophie in ‘t Veld, said presenting the summary of the report’s key findings to the EU Parliament.

Poland and Hungary attracted the worst criticism. In ’t Veld claimed that these two countries used the spyware as an “integral part” of a system aimed to “control and even oppress citizens,” notably government opponents, the opposition, journalists, and whistleblowers.

In the case of Poland, the country’s former Prime Minister and current member of the European Parliament Beata Szydło, together with the former Foreign Minister Witold Waszczykowski, in November 2016 “attended dinner at the home of then Israeli Prime Minister Benjamin Netanyahu.”

“The following year in July, Szydło and Netanyahu met with the heads of governments of the Visegrad Group countries and allegedly discussed ‘strengthening cooperation in the area of innovation and high technologies’ and ‘issues related to the broadly understood security of citizens’,” according to the report.

Soon after that, the Polish government acquired Pegasus, “following a meeting between Prime Minister Mateusz Morawiecki, Hungarian Prime Minister Viktor Orban and Netanyahu.”

The report also described numerous questionable usage of the spyware by the country’s governmental institutions, mostly under strong political control.

Speaking about Hungary, the report reminds that it was one of the first countries that was “embroiled in the European spyware scandal.”

The paper cites the 2021 Pegasus Project, which revealed that “a number of Hungarian phone numbers were listed among the 50,000 identified as potentially hacked by the NSO product,” including political activists, journalists, lawyers, entrepreneurs and a former government minister.

“The use of Pegasus in Hungary appears to be part of a calculated and strategic destruction of media freedom and freedom of expression by the government. The Fidesz government has utilized this spyware in order to introduce a regime of harassment, blackmail, threats and pressure against independent journalists and media moguls,” read the report.

It underlined that as a result, only a handful of independent media outlets remain in that country.

More apparent cases were also spotted in Greece, which used Predator spyware against opposition, Cyprus and Spain, but also in the Netherlands, Belgium, Germany, Malta, France, Ireland, Luxemburg, Italy, Austria, Estonia, Lithuania and Bulgaria.

In presenting the report, Dutch MEP in ‘t Veld emphasized that the EU has swiftly increased its capacity to respond to external threats to democracy, such as war, misinformation campaigns, or political meddling. The problem, as she stressed, is the EU capacity to respond to internal threats to democracy.

“Anti-democratic tendencies can freely spread like gangrene throughout the EU as there is impunity for transgressions by national governments. The EU is ill equipped to deal with such an attack on democracy from within,” read the report.

The EU institutions so far reacted to the warnings of the Parliament’s Committee by expressing concern, while the EU Agency for Law Enforcement Cooperation – Europol, according to the report, “has so far declined to make use of its new powers to initiate an investigation.”

“Only after being pressed by the European Parliament, it addressed a letter to five Member States, asking if a police inquiry had started, and if they could be of assistance,” the document read.

The Parliament’s Committee of Inquiry has been investigating the use of Pegasus and equivalent surveillance spyware (PEGA), held hearings with experts and organized several fact-finding visits during the last seven months.

According to the 2021 Pegasus Project, a collaborative investigation into the spyware produced by a company staffed by former Israeli military intelligence personnel, the Pegasus software can be used to infiltrate mobile phones, extract data, access geolocation, and activate cameras or microphones – all without the target's knowledge.

A consortium of reporters, including OCCRP, revealed that various regimes have used the malware to spy on human rights activists, journalists, politicians, government officials, and at least 10 heads of state, including French President Emmanuel Macron.