Civil society and journalists’ groups in Europe are calling on the EU to take tougher action against spyware applications.
The Center for Democracy and Technology (CDT Europe), and the fellow organizations in a “co-ordination group”, argue that spyware “poses a significant threat to EU democratic values, public debate and healthy civic spaces.”
In a joint statement, issued with civil society organizations, CDT Europe warns that spyware “undermines independent decision making by lawmakers,” as well as making it harder for journalists and activists to hold governments to account.
The group claims that spyware is illegal under EU law, as it breaches both privacy rights and data protection regulations.
CDT Europe also points to the European Parliament’s Committee of Inquiry into Pegasus spyware, the PEGA committee, which found that the majority of EU states had both spyware tools. Some states, the Committee said, had used those tools to carry out surveillance on journalists, politicians and human rights activists.
Decisive Action Urged
The co-ordination group members are calling on EU institutions, including the EU Commission, the EU Council and member states, as well as the European Parliament, to take stronger measures against spyware.
These include suspending exports of surveillance technology, providing better remedies to victims of spyware and avoiding national security “carve outs” to EU legislation that undermine citizens’ rights.
Above all, the group wants to see a new EU legal framework that “addresses the challenges posed by spyware.”
As well as an export ban, this would extend to banning the production, import, servicing and use of spyware within the EU “which disproportionately interfere with fundamental rights.” Any spyware that is used must have safeguards.
The group is also calling for a “complete ban” on commercial companies developing and selling spyware. Furthermore, it is seeking a ban on organizations trading vulnerabilities, “for any purpose other than strengthening systems security and mandate the responsible disclosure of vulnerability research findings.”
Previously both governments and tech companies joined together to fight both spyware and human rights abuses online. The agreement, known as the Pall Mall process, was signed by the UK, the US, France and 22 other countries as well as firms including Google, Apple, Microsoft and Meta.
However, the Pall Mall Process does not include a number of EU countries, or Israel, where Pegasus originated.