EU’s competences to handle spyware abuse in question – EURACTIV

The issue of the EU’s competences to scrutinise spyware use came to the forefront during a parliamentary hearing on Tuesday (30 August), where a Europol representative said the agency’s mandate was limited to supporting member states choosing to launch an investigation. 

With countries such as Greece trying to sweep the use of surveillance technologies against its citizens under the carpet of national security interests, the question of how the EU can interfere if abuse of the technology is suspected has resurfaced. 

In June this year, an EU regulation on Europol’s capabilities was amended, thus providing the European law enforcement agency with the opportunity to ask member states to initiate investigations rather than wait for member states to take action. 

However, during Thursday’s Pegasus inquiry meeting, Jean-Philippe Lecouffe, Europol’s deputy executive director of operations, said that this possibility has not yet been exploited by Europol to push member states to look into spyware cases. 

“We have created the new powers for Europol. (…) It’s a duty. Those powers were granted to you in order to protect the EU citizens. Refusing to use those powers is not an option,” said Sophie in ‘t Veld, the rapporteur for the European Parliament’s spyware inquiry committee, also known as PEGA. 

Within the list of crimes falling under Europol’s remit, the rapporteur counts at least three which would be relevant in cases involving surveillance technology, namely cybercrime, corruption, and racketeering and extortion.

Therefore, in ‘t Veld sees ample justification within Europol’s mandate, slamming it as “shameful” that the agency left it to journalists and NGOs to uncover the Pegasus scandals “with diligent and brave work.”

Europol’s representative previously said that the agency first learned about the scandals through media reports. At the same time, even if the agency can propose investigations to the member states, the respective national authorities might refuse to do so.

Governments part of the problem

Therefore, it once again appears that the EU’s hands are tied, as taking action is hindered when national governments refuse to play ball.

As of now, it is known that at least 14 European governments have purchased spyware from the NSO group behind Pegasus, and experts estimate that many more suppliers are operating in the EU.

However, there is a lack of transparency rules for member states and the process of granting and receiving export licences for surveillance technologies, as Claudio Guarnieri, Head of Amnesty International’s Security Lab, said. 

The notion that “governments are part of this organised crime network”, as expressed by MEP Róża Thun und Hohenstein on Tuesday, is why many insist that more safeguards and external authorities are needed to control the increasing use of surveillance technologies. 

Potential ways forward 

Suggested ways to tackle the growing issue include putting a complete ban or a moratorium on surveillance technologies until stable safeguards and regulations are in place to control them. 

Yet, Clara Portela, a professor at the University of Valencia focused on international sanctions and arms control, believes there are too many drawbacks for a full prohibition of spyware. According to Portela, there are also beneficial uses to fight terrorism and crime, and banning it in the EU does not mean external actors will refrain from using the technology. 

“It would be best to adopt a conditional approach that does not completely ban the spyware, but that makes sure that it is exported only to countries which have effective and solid legislation protecting citizens’ rights,” Portela argued. 

However, there is no publicly available data to prove a correlation between using surveillance technologies and successfully fighting crime, stressed Rosamunde van Brakel, research professor at the Vrije Universiteit Brussels. 

Remedies for victims 

It is clear that the effects of the abuse of spyware on its victims can be incisive.

“Research has shown that surveillance technology often harms communities, groups in society or society as a whole,” van Brakel said. Research indicates that this could also lead to a loss of trust in the government. 

“Member states, companies need to be obligated to provide some mechanism of remedy to victims of unlawful surveillance that have not been heard, that have not been given justice,” Guarnieri suggested. 

He added that such remedies should be incorporated in any regulation for disseminating this type of software. 

So far, “the only concrete measures taken have been to speak here,” Carine Kanimba, a victim of spyware and daughter of the Rwandan politician Paul Rusesabagina said in the same hearing. 

“The only thing that would make me feel a bit safer would be if there were to be proper consequences for these countries that are using technology to harm innocent people here in Europe,” Kanimba said. 

[Edited by Luca Bertuzzi/Nathalie Weatherald]

Source: https://www.euractiv.com/section/digital/news/eus-competences-to-handle-spyware-abuse-in-question/