State Trojans are considered dystopian technology. The most famous variant of these digital weapons is Pegasus from the Israeli NSO Group. This surveillance software has been described by critics as a “monster out of control”. Among other things, she is said to have played an important preparatory role in the murder of the Saudi journalist Jamal Khashoggi, who wrote for the Washington Post, among others, in 2018. In July 2021, the international media network Forbidden Stories and Amnesty International brought spyware to the center of global attention. They revealed hundreds of cases in which police and secret services used Pegasus to spy on human rights defenders, journalists and opposition figures.
Advertisement
The use of spyware
State hackers infected victims’ smartphones with the software to record their communications, spy on their contacts, and track and sabotage their work. It quickly became apparent that the Federal Criminal Police Office (BKA) and the Federal Intelligence Service (BND) had also acquired Pegasus licenses. The outcry, especially in civil society, was great. The EU Parliament set up a committee of inquiry in March 2022. The trigger was reports that Hungary and Poland were abusing the espionage program to target media representatives and opposing politicians on a large scale. Comparable activities, especially in Spain and Greece, quickly became the focus of reconnaissance.
In May, after a year of research, MPs approved their final report along with a long list of recommendations. The EU countries should therefore introduce a series of protective measures by the end of the year if they continue to use state trojans. According to the appeal, governments must prove that the use of spyware complies with European standards for human rights and the rule of law.
The people’s representatives are demanding that all licenses for the sale of spy software that are not compatible with the dual-use regulation for military and civilian technologies be withdrawn. There should be no exception in the area of national security, in which the member states basically have the say. All cases of suspected misuse of spying software should be “comprehensively investigated and immediately resolved” by the responsible authorities.
Use of espionage programs by governments
In general, Parliament “strongly condemns the use of spying software by Member State governments” to “monitor, blackmail, intimidate, manipulate and discredit critics and civil society.” The unlawful use of espionage programs by the governments of EU countries and third countries “directly and indirectly affects the Union’s institutions and the decision-making process”, which “undermines the integrity of democracy”.
The MPs demand “that the trade in and use of spyware must be strictly regulated”. Abuse should be stopped immediately. They call for “a ban on selling vulnerabilities in a system for purposes other than strengthening” its security. If government agencies receive information about security gaps, they must be disclosed “in a coordinated and responsible manner” as standard. Exceptions should be evaluated “on the basis of necessity and proportionality”. It should also be considered whether the affected infrastructure “is used by a large part of the population”. The EU Commission is due to evaluate whether the member states meet the requirements by November 30 and publish the results.
Fundamental rights vs. national security – “Somehow hardly anyone cared”
What has the months-long work of the people’s representatives achieved so far? The EU parliamentarian Hannah Neumann from the Greens, who was a member of the committee, sees it as a success that “we have come significantly further than all national attempts to come to terms with the situation”. In order to break down the walls of the EU countries, the committee members reversed the logic: “Prove us wrong,” was the appeal of the MPs, or see the cases uncovered as facts. The current line of argument runs along the tough debate: “Where do fundamental rights end, where does national security begin.”
In general, they struggle with the discrepancy between the “massiveness of the encroachment on fundamental rights and the dangers to democracy” and the fact “how few people actually care about it,” Neumann recently reported at a panel discussion at the Heinrich Böll Foundation in Berlin. MEPs, who are subject to parliamentary immunity, were also bugged. But there were no riots: “Somehow hardly anyone was itchy.” At the very least, EU Justice Commissioner Didier Reynders promised to present a legislative initiative based on the report.
Dual-use regulation
Above all, the Greens would like to see a stricter dual-use regulation. This should contain a clause according to which exporters would have to prove that and why relevant surveillance technology cannot be misused. Parliament had already called for such a provision in the most recent reform of the regulation, but was unable to get it implemented – also due to the resistance of the then German Economics Minister Sigmar Gabriel (SPD).
The establishment of an EU Tech Lab is also close to Neumann’s heart. This will be an independent research institute modeled on the Citizen Lab at the University of Toronto with the authority to investigate suspected cases and provide legal and technological support, including testing devices. Such a forensic investigation would then also be legally binding, the MP emphasizes: overreaching security authorities should know that they “can no longer get away with it”.
What is missing: In the fast-paced world of technology, there is often the time to re-sort all the news and background information. At the weekend we want to take it, follow the side paths away from the current events, try out other perspectives and make nuances audible.
Fundamental rights have become too “self-evident” for many?
Ann Cathrin Riedel, chairwoman of the liberal internet policy association Load, was also moved in the group “that many people care so little.” She explains this by saying that basic rights have “become a matter of course” for many in the West. Citizens are often no longer aware that they are the basis for democracy. In politics, too, nothing is gained with the topic of “civil rights in the digital world”. What is needed are “supervisory authorities whose staff are able to look at such tools”. It is strange that Apple can send warnings if spy software is suspected on the iPhone, but state authorities have not yet.
According to the traffic light alliance’s coalition agreement, the state in this country should “not purchase or keep open security gaps” but should “always strive to close them as quickly as possible” through effective vulnerability management. For over a year, nothing happened in implementing these requirements because the Federal Ministry of the Interior in particular was stonewalling and wanted to exploit security gaps. Even now, a spokeswoman for Nancy Faeser (SPD) told heise online only: The implementation of the project has not yet been completed. The coordination between the authorities and the departments “on the specific design and implementation is ongoing”.
The ministry remains silent about potential rules for the use of Pegasus at the BKA: In principle, no public information is provided about procedures in the area of IT surveillance “in order not to endanger the investigative ability of the security authorities.”
To the home page
#Missing #Link #State #Trojan #democracy #killer #cares