No moratorium, as envisaged for a time, but an increased regulatory framework. After a year of work, the committee of inquiry of the European Parliament on spyware has just made its copy, with the adoption Monday, May 8 of its final report.
After several scandals around the espionage of several personalities, including European parliamentarians, the 37 MEPs had been tasked with shedding light on this sulphurous industry. In their line of sight, the Pegasus spyware, developed by the Israeli company NSO, already pinned for having targeted Emmanuel Macron, but also other related malware.
Framework of use
The publication of this report follows a declaration, at the end of March, of eleven governments, including France. These states called for “preventing the proliferation of commercial spyware” used in an abusive manner. In particular, they suggested prohibiting the export of technologies and equipment that could be used in malicious cyber activities.
MEPs recommend them to limit the use of spyware to certain Member States, clearly those where there are sufficient legal guarantees, such as compliance with the decisions of the European Court of Human Rights. And they call for community-wide rules to be put in place to regulate their use by the police, authorized “in exceptional cases, for predefined purposes and for a limited period”.
MEPs point to ‘major breaches’ in Hungary and Poland, the latest country where Pegasus spyware is part of a ‘system for monitoring opposition and critical voices’. This kind of software has also been used in Greece to monitor journalists, politicians and business executives, with MEPs finally flagging their concerns in Spain.
A European technical laboratory
Stressing the “major” role of Cyprus in the export of spyware, MEPs also call for the repeal of the export licenses already issued by this republic. Finally, they recommend greater regulation of the discovery, sharing, resolution and exploitation of unknown computer vulnerabilities, the famous zero-days.
Lastly, the members of the committee of inquiry suggest setting up a European technical laboratory. This independent research institute would be empowered to investigate this kind of surveillance and could provide “legal and technological support”, for example by carrying out investigations into cases of espionage. Currently, this kind of digital surveillance is first documented by NGOs, from Citizen Lab to Amnesty International.