The EP spyware inquiry committee adopted its final report, which included a number of recommendations. It condemned the use of spyware in several EU countries and outlined a path forward.

The European Parliament’s Committee of Inquiry, which investigated the use of Pegasus or equivalent surveillance software (PEGA), adopted its final report on Monday evening. This follows a year long investigation into the abuse of spying software in the EU. MEPs condemn the use of spyware to intimidate political opponents, silence critical media, and manipulate elections. They say that EU governance structures are not equipped to deal with such attacks effectively and reforms are required.

Problems systemic in Poland and Hungary

MEPs have condemned major violations of EU laws in Poland and Hungary where the governments have dismantled their independent oversight mechanisms. MEPs in Hungary argue that the use spyware was “part of a calculated, strategic campaign by the government to destroy freedom of media and freedom of speech.” In Poland, Pegasus was used as part of a “system for the surveillance and monitoring of the opposition and critical of the government” to keep the ruling minority and government in power.

MEPs urge Hungary and Poland, to remedy the situation and restore judicial autonomy and oversight bodies. They should also ensure independent judicial authorization before the deployment and judicial review after, launch credible investigations into abuse and ensure citizens have access proper legal redress.

Concerns about spyware in Greece and Spain

MEPs in the European Parliament say that spyware is not used as part of a comprehensive authoritarian strategy but rather as a tool for financial and political gains. Despite the fact that Greece has a “fairly robust legal framework” in principle, legislative amendments have weakened safeguards. Spyware has been used to target journalists, politicians, and businessmen, and exported into countries with a poor record on human rights.

The MEPs demand that the government “urgently restore, strengthen and implement the legal and institutional safeguards”, and repeal export licenses that do not comply with the law. EU Export Control LegislationRespect the independence of the Hellenic Authority for Communication Security and Privacy. They also note that Cyprus has played an important role as an export hub of spyware and should repeal any export licences issued by it which are not in accordance with EU legislation.

MEPs concluded that Spain has a “strong independent justice system” with adequate safeguards, but there are still some questions about the use of spyware. MEPs note that the government has already begun to address the shortcomings. They call on authorities to conduct “full, effective and fair” investigations. This is especially important in the 47 cases when it is unclear who authorized the deployment of spyware.

Abuse must be prevented by stronger regulation

MEPs believe that to stop illegal spyware practices immediately, spyware should only be used by member states where allegations of abuse of spyware have been thoroughly investigated. National legislation must also be in line both with the Venice Commission recommendations and with EU Court of Justice case law and European Court of Human Rights decision, Europol should be involved in investigations and export licenses not in compliance with export control regulations have been repealed. In a public report by December 2023, it is the responsibility of the Commission to assess whether these conditions are met.

MEPs are calling for EU rules to limit the use of spy software by law enforcement. It should only be used in exceptional circumstances and for a defined purpose, with a limited duration. They claim that data belonging to politicians, doctors, or the media, or falling under the lawyer-client privilege, should not be monitored unless there are clear signs of criminal activity. MEPs propose mandatory notification for both targeted and non-targeted individuals whose data has been accessed by someone else as part of their surveillance, independent oversight once it has occurred, meaningful legal remedies and standards for admissibility of evidence gathered using spyware.

MEPs call for a legal definition of national security being used as a basis for surveillance in order to avoid attempts to justify abuses.

EU Tech Lab boosts vulnerability research

MEPs have proposed the creation of a EU Tech Lab to help uncover illegal surveillance. This independent research institute would be able to investigate surveillance, offer legal and technological assistance, including device screening, as well as perform forensic research. They also want to see new laws that regulate the discovery, sharing and exploitation vulnerabilities.

Foreign policy dimension

MEPs want to see a thorough investigation of spyware export licenses, a stronger enforcement of EU export control rules, an EU-US strategy for spyware, discussions with Israel and other countries to establish rules regarding spyware marketing and export, and to ensure that EU development aid doesn’t support the acquisition and use spyware.

Quotes

After the vote, the Chair of the Committee Jeroen Lenaers (EPP, NL) “Our investigation has shown that spyware has been misused to violate fundamental rights and undermine democracy in several EU members states, with Poland and Hungary being two of the most blatant examples. Spyware must be used in a proportionate manner and only when authorised by a competent judiciary. Unfortunately, this is not the case for some parts of Europe. It is necessary to have a more strict EU level of scrutiny to ensure that the use of spyware is an exception and not the norm, when investigating serious crimes. We acknowledge that spyware can be a powerful tool in combating crimes such as terrorism when used in a controlled way. Our committee has developed a range of proposals for regulating the use of spyware while respecting national safety competences. Now it’s up to the Commission and the member states to do their part, and translate our recommendations into concrete laws that protect citizens’ rights.”

Rapporteur Sophie In ‘t Veld (Renew, NL) “Today the committee of inquiry has completed its work.” This does not mean the work of Parliament is done. No victim of spyware abuse has received justice. No government has been held accountable. The member states and European Commission should not rest easy because I will continue to pursue this case until justice has been done. As long as there is a lack of accountability, the unrestricted use of commercial software without proper judicial oversight threatens European democracy. Digital tools have empowered all of us in different ways, but have also made governments more powerful. “We have to close the gap.”

Next steps and the procedure

MEPs adopted two documents: a report detailing the findings of an inquiry with 30 votes for, 3 against and 4 abstentions, and a document outlining future recommendations with 30 votes for, 5 against and 2 abstentions. The full Parliament is expected to vote on the latter text during the plenary sessions starting 12 June.

Votes in Plenary c) @ Europan Parliament

Source link