The EU must swiftly legislate to further protect the rights of activists, journalists and politicians following the Pegasus spyware scandal, and the perpetrators of illegal tapping must be prosecuted, the bloc’s justice commissioner has told the European parliament.
Didier Reynders told MEPs that the European Commission “totally condemned” alleged attempts by national security services to illegally access information on political opponents through their phones.
He said: “Any indication that such intrusion of privacy actually occurred needs to be thoroughly investigated and all responsible for a possible breach have to be brought to justice. This is, of course, the responsibility of each and every member state of the EU, and I expect that in the case of Pegasus, the competent authorities will thoroughly examine the allegations and restore trust.”
He added that the EU’s executive branch was closely following an investigation by Hungary’s data protection authority into claims that Viktor Orbán’s far-right government had been among those targeting journalists, media owners and opposition political figures with invasive Pegasus spyware.
Reynders said that it was already the case, as confirmed by the European court of justice, that governments could not “restrict the confidentiality and integrity of communications”, except in “very strictly limited” scenarios.
But he added that a pending EU privacy regulation would further tighten the rules, and called for MEPs and the member states to urgently agree on the details of that new law in light of the spyware scandal.
Reynders said: “Various reports have shown that certain national security services used Pegasus spyware, to have direct access to citizens, equipment, including political opponents and journalists.
“Let me say right at the start that the commission totally condemns any illegal access to systems or any kind of illegal trapping or interception of community users communications. It’s a crime in the whole of the European Union.”
A consortium of 17 media outlets, including the Guardian, revealed in July that global clients of the Israeli surveillance firm NSO Group had used hacking software to target human rights activists, journalists and lawyers.
The investigation was based on forensic analysis of phones and analysis of a leaked database of 50,000 numbers, including that of the French president, Emmanuel Macron, and European Council president, Charles Michel, along with other heads of state and senior government, diplomatic and military officials, in 34 countries.
Reynders, a former Belgian justice minister, was speaking at the start of a debate in the European parliament on the scandal.
Sophie In ‘t Veld, a Dutch MEP in the liberal D66 party, said the parliament’s civil liberties, justice and home committee, of which she is a leading member, would launch an investigation into the use of Pegasus within the EU.
“We want total clarity and honesty now,” she said. “The European Commission denies having had any contacts with the company, but I find that hard to believe. At our initiative, [the committee] will start a quick investigation into the allegations.
Last month Hungary’s data protection authority, the NAIH, said it had launched an official investigation into allegations about the Hungarian government’s use of the Pegasus software.
At least five Hungarian journalists appeared on a leaked list reviewed by the Pegasus papers consortium. Also on the list was the number of the opposition politician György Gémesi, the mayor of the town of Gödöllő and the head of a nationwide association of mayors.
Hungarian law provides that in cases where national security is at stake, the intelligence services can order surveillance with no judicial oversight, only the signature of the minister of justice.
Hungary’s justice minister, Judit Varga, has declined to comment, but said “every country needs such tools”.
In ‘t Veld said: “Journalists, politicians and activists must be able to do their work without being spied on by an increasingly authoritarian government. If proven otherwise, this constitutes a massive infringement of civil liberties.”
Gwendoline Delbos-Corfield, an MEP in the Europe Ecologie Les Verts party, said: “So far, the Hungarian government still hasn’t reacted to the Pegasus project revelations. Neither transparency nor accountability has been brought to the public debate.”
NSO has denied that the inclusion of a number on the leaked list was indicative of whether it was selected for surveillance. “The list is not a list of Pegasus targets or potential targets,” the company said. “The numbers in the list are not related to NSO Group in any way.”
A number of MEPs from Catalonia also highlighted the alleged targeting of local politicians with spyware, claiming involvement by the Spanish government.
Current and former leaders of Catalonia’s pro-independence government have called for an inquiry over what has been described as a “possible case of domestic political espionage” in Europe.
Last year, a joint investigation by the Guardian and El País determined that the mobile phones of at least five members of the regional independence movement – including the speaker of the Catalan parliament – were targeted.
NSO is an Israeli surveillance company regulated by the country’s ministry of defence, which approves sale of its spyware technology to government clients around the world.
The company says it sells only to military, law enforcement and intelligence agencies in 40 unnamed countries for the purpose of terrorism and crime investigations.
It further claims to rigorously vet its customers’ human rights records before allowing them to use its spy tools. NSO says it “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets”.