Jrgen Flchle - Fotolia

MEPs demand EU probe into Pegasus spyware abuse

A group of European Parliament Members has called for an EU-wide investigation into NSO Group’s Pegasus spyware after it emerged EU member states may have used it

Members of the European Parliament (MEPs) belonging to the centrist-aligned, pro-European Union (EU) Renew Europe bloc have called on Brussels to open an investigation into the use of NSO Group’s Pegasus spyware by EU governments, following revelations in recent weeks that the Polish government may have abused the tool.

Renew Europe, whose members include governing French party La République en Marche, the FDP in Germany, and Fianna Fáil in Ireland, demanded the establishment of a Committee of Inquiry on the abuse of Pegasus spyware by right wing governments in Poland and Hungary, both of which have attracted criticism over policies that run counter to the stated goals of the EU.

Pegasus, which is a piece of malware known as a remote access trojan (RAT) is sold by Israel-based NSO Group as a tool designed to aid law enforcement in legitimate investigations, but a series of investigations in the past year have revealed it was also sold to governments that used it to surveil illegitimate targets such as activists, journalists, lawyers and opposition politicians.

Renew Europe LIBE coordinator and co-initiator of the inquiry, MEP Sophie in ‘t Veld of Dutch party Democraten 66, said: “We need a full inquiry into the Pegasus spyware scandal. European democracy is being undermined and the EU should act accordingly. There are clear signs of abuse, of governments using it against the democratic opposition in their countries.

“The European Commission must follow the United States’ example and quickly blacklist Pegasus’ parent company NSO. We cannot let this pass – our democracy is at stake.”

MEP Róża Thun, member of Polska 2050 in Poland, and MEP Anna Donáth, party leader of Momentum Movement in Hungary, added in a joint statement: “Hacking citizens with Pegasus spyware took place in several EU countries. In Poland and Hungary, it was used against lawyers, journalists, independent media owners and head of campaign of the biggest contender in the Parliamentary elections.”

“Our group is inviting the leaders of the other political groups of the European Parliament to support our initiative, which would constitute the first action from an EU institution on this matter and set up the mandate of the inquiry. The EU needs to investigate, protect the victims, and deliver an appropriate response.

“We see clearly that the governments’ purpose was to act against democracy. This is not acceptable in the EU. Renew Group is calling for a fully fledged committee of inquiry on this scandal. We need to uncover the extent of those practices and find the people responsible for Pegasus’s illegal use in the EU. Protecting citizens’ rights and privacy is our common duty. Renew Group will stand by European citizens,” said Thun and Donáth.

Both said that against the background of the Hungarian governments alleged “deep involvement” in the use of Pegasus, and new revelations that the Polish government had used it to snoop on opposition politicians, the need for an investigation was now prescient.

The Hungarian government’s abuse of Pegasus was highlighted last summer following an in-depth investigation by the Pegasus Project, a global investigative consortium. Technical analysis at the time uncovered the data of 10 lawyers, an opposition politician and five journalists – including the phones of two journalists at Direkt36, the Pegasus Project’s partner in Budapest. That the Hungarian Interior Ministry bought and used Pegasus was confirmed beyond all doubt in November 2021, when a member of the ruling Fidesz party told a committee the government was a customer of NSO Group.

In Poland, investigations have found that Pegasus was used to hack and surveill the smartphone of a senator, Krysztof Brejza, on multiple occasions in 2019, when Brejza was running an opposition election campaign against the government. SMS messages stolen from the phone were allegedly doctored and leaked to state television networks at the height of the campaign and may have influenced the result. Other victims uncovered by the investigation were prosecutor Ewa Wrzosek and lawyer Roman Giertych, who has represented Brejza’s Civic Platform party. The Polish government has denied these allegations.

Amnesty International, which has been closely involved in the Pegasus Project investigations, said that it had independently confirmed Brejza’s device was hacked.

Anna Błaszczak, Poland director at Amnesty International, said: “These findings are shocking but not surprising. They raise serious concerns not only for politicians, but for the whole of Poland’s civil society in general, particularly given the context of the government’s record of persistently subverting human rights and the rule of law.

“Activists and protesters have been targeted through criminal investigations, [which is] undermining the rights to freedom of expression and peaceful assembly. Meanwhile, judges and prosecutors who raised concerns over the lack of independence of the judiciary face disciplinary and even criminal investigations.

“Despite media reports that the Israeli government stopped exports of the NSO software to a group of countries including Poland, this does not seem to have affected existing licences and the use of Pegasus in Poland,” she said.

“These revelations demonstrate yet again why there is an urgent need for a commitment from governments to stop any forms of surveillance that breaches human rights and the need for a global moratorium on the export, sale, transfer and use of surveillance equipment, until a robust human rights-compliant regulatory framework is in place,” added Błaszczak.

Read more about the NSO Pegasus scandal

Read more on Privacy and data protection