The members of the European Parliament’s PEGA Committee of Inquiry into Pegasus spyware and spyware in general approved by a solid majority on Monday 8 May in the evening in Strasbourg the draft report and recommendation of Dutch MEP Sophie in ’t Veld on the use of spyware by Member States by 30 votes in favour, three against and four abstentions and 30 votes in favour five against and two abstentions.
While the members of this committee have regularly complained about the lack of cooperation from the Member States (see EUROPE 13107/10), they have sent them a series of requests to stop using spyware such as Pegasus or Predator against citizens, political opponents or journalists without a clear legal framework and to define more strictly the conditions of use of such software.
Having caused political crises in Spain and Greece and still being used in Hungary and Poland, spyware can also be illegally exported from the EU to dictatorships, in violation of dual-use technology laws, an issue also addressed by the Dutch MEP, whose two drafts will be submitted to the plenary session before the summer.
More than 2,100 amendments have been made to both drafts since the work was presented in early November (see EUROPE 13059/20).
The draft report describes the situation in all Member States, although it focuses on Greece, Spain, Hungary, Poland and Cyprus as software exporting countries, while the recommendation sets out courses of action for governments and proposes, in particular, a framework to better contain the use of software in the context of national security, a concept considered too vague by the Dutchwoman. The draft recommendation thus proposes to delimit the concept of national security and to establish a common basis of definition for all Member States.
However, the draft recommendation no longer proposes to develop a European definition of national security, but to delimit the concept of national security.
The PEGA Committee’s work was highly politicised, with some sources expecting Parliament’s political families to vote according to the countries concerned, with the EPP abstaining from voting on Greece and the S&D abstaining from voting on Spain, where the government has been accused of using the software against Catalan separatists.
“Despite the extreme politicisation of the issue, national interference and the obvious lack of cooperation from Member States and the European Commission, the final report of our committee of inquiry provides a comprehensive overview of the problem and makes ambitious recommendations”, Belgian MEP Saskia Bricmont (Greens/EFA) said earlier in the day.
“The findings of our committee of inquiry are damning and do not ignore any known abuses and practices to date. States will no longer be able to hide behind a fallacious national security argument to justify the use of this type of surveillance software, a justification that is all too often used to monitor and convict or harm political opponents or to silence criticism”.
According to the compromise amendments put to the vote, PEGA MEPs thus indicated that the use of spyware by Member States “must be proportionate, must not be arbitrary, and surveillance must only be authorised in narrowly, pre-determined circumstances”.
Effective ex ante mechanisms for judicial review are essential to protect individual freedoms. “The ability of the judiciary to perform meaningful and effective ex-post oversight in the area of requests for surveillance for national security is also important, to ensure that disproportionate use of spyware by governments can be challenged”.
On national security, the PEGA Committee said it is “concerned about cases of unjustified invocation of ‘national security’ to justify the deployment and use of spyware” as a pretext for abuse.
“If authorities invoke national security grounds as justification for using spyware, they should demonstrate compliance with EU law including adherence to the principles of proportionality, necessity, legitimacy, legality and adequacy. The justification should be easily accessible and made available to a national scrutiny body for assessment”, the compromise also states.
“Regardless of the precise demarcation, the domain of national security shall be subject to independent, binding and effective oversight in its entirety”, the committee insists.
In terms of recommendations to governments, Hungary is called upon, for example, to “urgently restore sufficient institutional and legal safeguards, including effective binding ex ante and ex post scrutiny as well as independent oversight mechanisms, including judicial review of surveillance activities”. Budapest must also comply with the judgments of the EU Court of Justice, as must Poland, which is called upon to launch an investigation into these spyware.
The Greek government, for its part, is called upon to “urgently clarify the situation around the misuse of spyware in Greece, so as not to cast any doubt on the integrity of the upcoming elections”, which will be held on 21 May.
The recommendations also focus on tightening EU rules for the export of dual-use goods and on dialogue with third countries. Europe will continue to follow the matter.
Links to the adopted compromise amendments: https://aeur.eu/f/6rl; https://aeur.eu/f/6rm (Original version in French by Solenn Paulic with Nithya Paquiry and Thomas Mangin)