MEPs slam lack of EU response to spyware abuse

MEPs have criticised the lack of follow-up to European Parliament (EP) proposals on curbing spyware abuse in Europe, adopting a resolution that specifically singled out Cyprus, Greece, Hungary, Poland and Spain to be assessed whether they meet the relevant conditions.

With 425 votes in favour, 108 against, and 23 abstaining, the EP adopted a resolution on 23 November, “on the lack of follow-up to Parliament’s proposals following its inquiry into the use of Pegasus and equivalent surveillance spyware”.

MEPs said that although they had asked for a number of legislative changes to respond to abusive spyware use in Europe back in June, the European Commission has yet to present a plan on how to respond to “threats posed to people and democracy”.

“To abide by the EU’s interinstitutional agreement, Parliament urges the Commission to take necessary enforcement measures,” the EP said in a press release. “As set out in the recommendation adopted by MEPs, the Commission should also assess by the end of November whether Cyprus, Greece, Hungary, Poland and Spain fulfil the conditions for the continued use of spyware.”

In the resolution, MEPs highlighted new cases of spyware abuse in Europe since the inquiry’s final recommendation was adopted, which they said suggest that the current legal framework is not enough to prevent spyware abuse. They noted that Russian journalist in exile Galina Timchenko has been infected with Pegasus in Germany, and that MEPs themselves have been targeted with spyware.

Highlighting recent developments in spyware inquiries of EU member states, MEPs noted that in Greece, two Greek National Intelligence Service (EYP) officials are facing criminal charges, and the Hellenic Authority for Communication Security and Privacy (ADAE) has faced sudden changes in its investigation into spyware abuse, including the transfer of the case to another prosecutor. In Poland, the national inquiry committee concluded that people were targeted with spyware for political reasons, whereas in Spain, the spyware inquiry has been provisionally dismissed due to a lack of cooperation by Israeli authorities.

“Additionally, the French company Nexa Technologies has sold Predator spyware to repressive regimes (including Egypt, Vietnam and Madagascar), and in Ireland, the Oireachtas Committee on Justice has been asked to investigate the role of Intellexa Group in the sale of spyware,” MEPs said. And even though reports suggest violations of the EU’s dual-use export controls, there has been no credible follow-up, said MEPs. “They note that this creates a favourable environment for malicious actors in Europe, whereas in the United States, authorities have blacklisted the EU-based spyware companies Intellexa and Cytrox.”