EU Parliament’s Pegasus committee fires against NSO Group

“I would like to understand which cases of terrorism and serious crime were at stake when you sold Pegasus, for example, to the Hungarian and Polish governments,” the rapporteur Sophie in 't Veld opened the debate. [mundissima/Shutterstock]

The inquiry committee to investigate the use of the Pegasus spyware questioned a representative of the Israeli company behind the technology, the NSO Group, with questions but still many remain unanswered.

The European Parliament set up the committee to look into the purchase and deployment of the controversial technology.

On Tuesday (21 June), the committee scrutinised the NSO Group by questioning Chaim Gelfand, the tech firm’s General Counsel and Chief Compliance Officer. 

The MEP and rapporteur Sophie in ‘t Veld said the way Gelfand responded to or declined to answer several questions was “an insult to our intelligence” and that there was a “complete disconnect between reality and what you are saying”.

“I would like to understand which cases of terrorism and serious crime were at stake when you sold Pegasus, for example, to the Hungarian and Polish governments,” Sophie in ‘t Veld said.

According to Gelfand, through the use of Pegasus, state authorities thwart numerous terrorist attacks, and it has been instrumental in apprehending paedophiles and other serious criminals. 

While the tangible impact of the technology is difficult to measure, Gelfand estimated that “probably many thousands of lives have been saved”. 

However, as has been revealed by a consortium of media outlets last year, the spyware has been used to hack the phones of critics, journalists and politicians, thus raising concerns about the mechanisms to control who can get hold of such technology. 

NSO software was used to spy on prominent European leaders such as Spanish Prime Minister Pedro Sánchez and French President Emmanuel Macron, as well as political groups in Poland, Hungary and Spain. 

EU Parliament to launch investigative committee on Pegasus spyware

The launch of a committee to investigate the use of Pegasus spyware within the EU has been agreed to and is expected to be approved for action by the Parliament next week.

Control mechanism

Gelfand emphasised that only governments can be the end-users of the Pegasus spyware, and they must pass a “due diligence review” to acquire it. 

This review is based on openly available information on a country’s respect for human rights and the rule of law as well as the national laws and is reviewed annually, according to Gelfand. 

Referring to the clearly problematic situations regarding the rule of law in certain European member states, the Polish MEP Róza Thun und Hohenstein asked: “who and how was checking the governments of Hungary and Poland? How on earth could they be verified by you?” 

The question was not directly answered as no information about specific clients could be disclosed, Gelfand reiterated. 

Pegasus: MEPs lash out at EU Commission for inaction

EU lawmakers revisited on Wednesday (4 May) new revelations of spying on European officials by the Pegasus software, criticising the lack of action by the European Commission, which prefers to leave the affair to the member states to handle.

Data access

Besides enabling countries – that many MEPs expressed should not pass such a review – to use the spyware, another question that kept coming up in the debate was how the NSO Group could ensure that countries were using their technology to fight against terrorism and crime. 

While a former employee said that the NSO Group had access to all the data, Gelfand said that data was not stored in any cloud and there was no backdoor access. 

“But if you have no access to this information, how do you know this is not being abused? Or if it is used correctly? Do you have any information on how this intelligence is being used,” Polish lawmaker Bartosz Arłukowicz asked. 

In response, Gelfand explained that since they do not have access to the intelligence, suspicion comes up through whistleblowing, which results in the NSO Group investigating certain cases. 

EU urged to step up curbs on foreign spyware

The EU has been urged to step up its actions to prevent politicians, journalists, and activists from being hacked by foreign spyware following new revelations of politicians targeted by the controversial Pegasus software.

Responding to breach of use

Thus, according to Gelfand, the NSO Group only reacts to breaches of use after these are reported. Following “credible” reports, the NSO Group initiates an investigation that can lead to an automatic suspension or the termination of contracts. 

In eight cases, investigations have led to terminations of contracts, Gelfand said. 

How many and which countries were affected by such terminations were not divulged. While admitting at least five EU countries used Pegasus, Gelfand did not name them but said he would hand in this information at a later stage. 

The NSO Group representative repeatedly stated that international regulation would be the best way to deal with this issue in the future, rather than leaving it up to private companies. “Countries would have to agree how they are using the system and would have to sign up. There would be international ability to oversee this,” he said. 

The MEPs expressed their hope that many of the unanswered questions would be followed up in writing. The chair of the debate, Jeroen Lenaers, announced that a mission to Israel would also take place to get further information from the NSO Group. 

Hungary employed Pegasus spyware in hundreds of cases, says government agency

The cases of Hungarian individuals who were targeted with the Pegasus phone spyware by the government were all completely legally justifiable, an investigation by the national security services found, Telex reported on Monday.

Without giving exact names because of privacy considerations, Attila Péterfalvi, …

[Edited by Luca Bertuzzi/Alice Taylor]

Subscribe to our newsletters