Spyware: MEPs take stock of developments in the member states

In a debate on Thursday, MEPs heard expert testimonies on the continued use of spyware in the EU, and urged the Commission and member states to respond appropriately.

During the debate on the use of spyware in some member states, MEPs in the Committee on Civil Liberties heard from people directly involved in recent revelations and investigations.

Developments in Greece

Christos Rammos (President, Hellenic Authority for Communication Security and Privacy - ADAE) updated MEPs on the latest developments regarding the so-called Predator scandal in Greece. He mentioned new legislation that was passed in the end of 2022, which was subsequently interpreted (erroneously, according to the speaker) by the Chief Prosecutor as limiting the Authority’s right to inform the subjects that they have been under surveillance. He also spoke about being personally targeted by the government and top ruling party politicians, and highlighted the (constitutionally controversial) change to the composition of the Authority’s board, which has raised concerns about its functioning. He also defended his former collaborators in the Authority who are being prosecuted, ostensibly for doing their jobs. MEPs’ questions revolved around the Commission’s weak reaction to the revelations and the need to implement the PEGA Committee’s recommendations to limit the use and sale of spyware, as well as the integrity of judicial proceedings and parliamentary processes in the country.

Response to spyware attacks insufficient

Donncha Ó Cearbhaill, Head of the Security Lab at Amnesty Tech, said that spyware is a European problem, with tools produced in the EU and exported elsewhere. He also recounted “brazen” attempts to spy on politicians, including MEPs and European Commission officials, and journalists, amounting to an attack on democracy. Mr Ó Cearbhaill urged the EU institutions to enforce the legislation on dual-use exports and ensure independent investigations into suspected abuse.

MEPs asked how the current dual-use legislation could be used to improve on the situation, or if it should be reformed, and questioned how effectively national governments are responding to reports of abuse or collaborating with Amnesty Tech investigations. They also raised the importance of cases in Latvia and Poland, and asked about the possibility of evidence being destroyed before investigations can be carried out.

Finally, journalist and CEO of Meduza Galina Timchenko described how recent Russian laws against independent media were used to pressure her and her colleagues, and how her phone was afterwards infected with Pegasus spyware, compromising the safety of herself and her contacts. Following up on Ms Timchenko’s testimony, MEPs asked if establishing an EU Tech Lab to investigate surveillance could help tackle the issues, and wanted more details on the German and Latvian authorities’ reported refusal to cooperate in investigating Ms Timchenko’s case.