Support And Scepticism Over Efficacy Of EU Spyware Ban

Geopolitically, cyberspace is becoming a critical battlefield for governments (Photo © Unsplash)

Human rights champions have applauded the call for a ban on Pegasus-like spyware within the EU, however cyber security experts say any ban will be powerless against cyber criminals.

In its preliminary remarks on modern spyware, published on 15 February, Europe’s data protection watchdog the EDPS tackled the revelations of a “game-changer” type of spyware produced by Israeli firm NSO Group, capable of carrying out zero-click attacks on phones and other electronic devices which grant the attacker full access to the targeted device.

Pegasus has been linked with hacks on mobile phones belonging to journalists, lawyers, opposition leaders and human rights activists within the EU.

A number of EU governments, including that of Luxembourg, have admitted to buying Pegasus from the NSO Group for targeted surveillance. EDPS writes that when used for law enforcement, such spyware must comply with “primary and secondary law”. The advanced features of Pegasus, however, “render many of the existing legal and technical safeguards ineffective and meaningless.”

The report concluded: “The EDPS believes a ban on the development and deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms.”

Regulation First

In November 2021, the US Department of Commerce added NSO Group to its trade restriction list. Human rights group Amnesty International was among 80 organisations to to call on the EU to place NSO Group on its global sanctions list.

Contacted by Silicon Luxembourg, Amnesty International Luxembourg director Olivier Pirot stressed the importance of restricting the deployment of tools like Pegasus.

“The use, sale and transfer of surveillance tech must be stopped until there is a proper regulatory human rights framework in place,” he said, adding: “Pegasus has been used to unlawfully target activists, journalists, lawyers and others globally–including in member states of the European Union such as Belgium, France, Hungary and Spain. A lack of meaningful accountability, coupled with weak and inadequate regulation has allowed these human rights violations flourish in the EU and globally.”

The Luxembourg cybersecurity community warned that regardless of any ban, spyware with Pegasus capability will always be available on the illegal market place. Excellium Services managing partner Christophe Bianco told Silicon that there are cybercriminals who “make money (or have developed a business) by operating such tools to perpetrate illegal activities and it is quite lucrative.”

Bianco said that spyware is either used for borderline activities: to monitor a spouse, children or staff, or to perform malicious activities. And he says that the number of investigations his firm conducts into cyber attacks is doubling year on year.

Geopolitically, cyberspace is becoming a critical battlefield for governments. Bianco said: “They are using such tools and techniques to operate not just in an defensive posture but more and more in an offensive one. The current situation between Russia and Ukraine highlights these dynamics. So I’m not sure they will support the ban (like most of them are trying to ban encryption to monitor activities).”

Total
0
Shares
Related Posts
Total
0
Share