Spyware-Missbrauch ist eine Gefahr für die Demokratie, innerhalb der EU und außerhalb – siehe auch unsere Webseite www.spywarefiles.eu. Ein Jahr haben wir uns im Pegasus-Untersuchungsausschuss mit dem Thema beschäftigt, für die Grünen/EFA habe ich dabei die Verhandlungen geführt. Insgesamt wurden 1281 Änderunsanträge für den Bericht und 805 Änderungsanträge für die Empfehlungen verhandelt. Unsere Fraktion hat zu beiden Berichtsteilen insgesamt 472 Änderungsanträge eingereicht. Es gab 23 Anhörungen und 15 Meinungsaustausche mit mehr als 200 Gesprächspartner*innen, z.B. Betroffenen, Expert*innen und Behördenvertreter*innen. Und der Ausschuss ist in fünf EU-Mitgliedsstaaten sowie nach Israel gereist (das Land, das bei Entwicklung und Vertrieb von Spionagesoftware für EU-Mitgliedstaaten besonders relevant ist).
Diese Woche war es nun soweit: Der Ausschuss hat einen umfangreichen Bericht sowie Empfehlungen vorgelegt – beides wurde mit einer deutlichen Mehrheit angenommen. Was genau steht drin?
The recommendations condemn the abuse of spyware within the EU, particularly the surveillance of journalists, opposition politicians, civil society activists, or lawyers. It also emphasizes that exporting spyware to third countries with a problematic human rights situation or to states that use the software against human rights defenders, journalists, and government critics violates the fundamental rights enshrined in the EU Charter.
As MEPs, we demand that certain conditions be met for the lawful use of spyware in member states, such as:
- The competent authorities should promptly and fully investigate suspected cases of abuse.
- Member states must align their national legislation with the relevant case law of the European Court of Justice, the European Court of Human Rights, and the Venice Commission (an institution of the Council of Europe).
- Europol must be involved in investigations when there are suspicions.
- Export licenses for spyware that do not comply with the Dual-Use Regulation must be revoked.
By December 2023, the Commission should assess in a public report whether member states meet the above minimum requirements to legally use spyware in the future.
In addition, we have made further demands to prevent spyware abuse:
- Surveillance using spyware should only take place in exceptional situations, on the basis of a judicial warrant and only for a clearly limited period of time.
- The targeted individual and individuals whose data has been intercepted during surveillance should have the right to be informed about the surveillance after it has been completed.
- Surveillance software must contain a marker to enable supervisory authorities to clearly identify the operator in case of suspected abuse.
- Certain professions, such as lawyers, journalists, or members of parliament, should not be spied on with spyware unless they are involved in criminal activities or pose a threat to national security.
- Victims should be able to take legal action against surveillance and there should be standards for the admissibility of evidence collected by spyware.
Key messages of the recommendations are directed at the five EU member states that were the focus of the investigations due to spyware abuse: Cyprus, Greece, Hungary, Poland and Spain.
On Hungary and Poland, the recommendations state that EU law was significantly violated in the use of spyware. Both member states are urgently called upon to restore "legal security guarantees" and "independent oversight bodies," and investigations into abuse cases are also demanded.
The text is more reserved when it comes to Greece and Spain because, during the negotiations, the political groups involved in the respective governments of these member states watered down or deleted critical passages of the text. At least, Greece is also called upon to "urgently restore and strengthen institutional and legal safeguards". Furthermore, it is also necessary that the required resources are made available to carry out investigations. In the case of Spain, the focus is on the demand for "comprehensive, fair, and effective investigations" to uncover the abuse cases. The text highlights individuals who were spied on in the context of "Catalangate," where it remains unclear in nearly 50 cases which authority ordered the measures and whether judicial authorizations were obtained.
The recommendations also criticize the "previous inaction" of the European Commission (see also my speech on the topic): The Commission should conduct an investigation into the misuse and trade of spyware within the Union since there have been reports of spyware being used against EU officials too. With regard to the upcoming European elections, the Commission is asked to set up a special task force (involving national electoral committees) to prevent disruptions caused by the misuse of spyware.
The committee also calls for the establishment of an "EU Tech Lab" that can examine citizens' smartphones in case of suspicion and – if necessary – help them to produce forensic evidence that can be used in court.
The recommendations will be discussed and put to a vote in plenary in mid-June.
The report provides a comprehensive overview of spyware abuse in the EU and identifies many areas where urgent action is needed. Unfortunately, many member states have been unwilling to cooperate with us (see also my speech on this matter). The authorities hardly provided any meaningful records or necessary documents. Representatives of these authorities have even refused to answer general questions on the use of spyware – and this is not limited to the five member states in question.
Nevertheless, the report compiles extensive evidence of spyware abuse and documents how the spyware scandal has developed within the EU and beyond.
The report criticizes the European Commission's lack of response to the misuse of spyware. It clearly states that the Commission has failed to use all the tools at its disposal to shed light on the issue.
For me, one of our greatest successes as the Greens/EFA group is a section we introduced (which was not in the original draft) on the role of third countries. It documents to what extent spyware has made it possible to illegally spy on journalists, politicians, law enforcement officials, diplomats, lawyers, businesspeople, civil society actors, and human rights defenders worldwide, endangering their work and lives. The chapter describes in detail the spyware abuse in third countries and how the EU, through inaction or even complicity (such as the inadequate enforcement of dual-use legislation), has enabled the export of such systems to these states.
The report details numerous cases of EU citizens who were apparently wiretapped with spyware at the behest of certain member states' authorities, including MEPs from Greece and Spain. Two of these targeted MEPs are members of the Green/EFA group (Diana Riba i Giner and Jordi Solé).
For the report, the vote in committee was the last stage.
What happens next
After a year of committee work, one thing has become more than clear: the use of spyware in the EU is out of control and the export to third countries with problematic human rights records is a huge problem.
As Green/EFA, we have achieved many negotiating successes, but we want to further improve the recommendations in the plenary vote and will table respective amendments. For example, we call for a general ban on particularly dangerous spyware. This concerns in particular software capable of manipulating content or accessing the social media accounts of the target individuals because it opens the door to manipulation and tampering with evidence!
Other groups will also submit amendments, but I expect that these amendments will not affect the final vote. I will of course keep you updated – you will hear from me at the debate in June!
If you’re interested in delving deeper into the background of the PEGA report, you’ll find more information below this article. I had the opportunity to speak with reporters from ZeitOnline for their podcast titled “The Spy in Our Phones” (in German). Spanning across six episodes, this podcast provides a detailed explanation of how the Pegasus spyware has transformed digital surveillance, while highlighting the grave risks it poses to human rights, freedom, and democracy. Have a listen!