Six months have passed since the massive espionage case against Catalan politicians and their relatives, activists and lawyers became public. Known as CatalanGate, the operation saw more than 60 phones – mine included – targeted or infected with Pegasus, a spyware technology. It is probably Europe’s most extensive espionage case in the last 30 years.
In the six months since Citizen Lab, a Canadian research group, published its investigation into CatalanGate and alerted the world to this espionage, we’ve learnt many things about Pegasus and its producer, the Israel-based NSO Group. But many questions are still unanswered.
The European Commission has remained too silent. While assertive when Pegasus was affecting only Poland, Hungary or Greece, the suspicion that Spain has been spying on Catalan citizens who are pro-independence has been met with indifference. European Commission President Ursula von der Leyen didn’t say anything about it when she went to Barcelona at the end of April, just a week after CatalanGate became public. And even worse, she didn’t mention the threat caused by Pegasus spyware in her State of the Union speech. Not a single word about the cyber-espionage campaigns waged against European citizens and their consequences for the future of civil rights in Europe.
How can Europe stop autocratic regimes abroad from using such a dangerous technology that its own Member States use in an uncontrolled manner?
The message for regimes around the world is deeply disturbing. At the end of the day if this kind of cyber-espionage is acceptable in the EU, why not everywhere else? How can Europe stop autocratic regimes abroad from using such a dangerous technology that its own Member States use in an uncontrolled manner? Democratic dissidents, minorities and opposition members around the world are more at risk than before due to the inaction of the EU.
The situation is even more disturbing as we know that Pegasus technology allows for the creation of messages and content in the mobile phones being spied on, which can endanger whole investigations. How will we know if a message is real or fake?
The European Data Protection Agency has already stated that Pegasus structurally violates so many rights that it should be banned. Has it been listened to? Is it enough for a judge to give the green light to use Pegasus on someone? How can we control its correct use? My wife, my former head of cabinet, my current head of cabinet and former advisors were all spied on using Pegasus.
Is it enough for a judge to give the green light to use Pegasus on someone? How can we control its correct use?
I think regulating Pegasus is impossible, and so like the European Data Protection Agency stated, it should be banned. Even more when we take into account that NSO keeps records of all the data collected, further infringing national law and data protection standards.
We are working on all this in the European Parliament’s Pegasus committee, of which I am a member. I think our work is going in the right direction. However, even here in this house, the extensive use of Pegasus against the Catalan pro-independence movement is somewhat swept under the carpet as a fact-finding trip to Spain has been discarded. Does it make any sense to exclude from such missions a trip to a country where Pegasus has been used so extensively?
I’ve lived for five years in exile, and if there’s something I have learnt, it is that the more the EU protects Spain, the more its double standards on civil rights damage its internal and external credibility. We cannot do it any longer. Pegasus is not only a crisis, it is an opportunity to fight for a better Europe. A lot is at stake.