The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU.
Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies.
The abuse of this kind of solution poses a serious threat to fundamental rights, particularly on the rights to privacy and data protection.
“It comes from the EDPS’ conviction that the use of Pegasus might lead to an unprecedented level of intrusiveness, which threatens the essence of the right to privacy, as the spyware is able to interfere with the most intimate aspects of our daily lives.” states the European Data Protection Supervisor (EDPS).
“Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy.”
Privacy advocated and cybersecurity experts demonstrated the use of the Pegasus in surveillance campaigns worldwide targeting journalists, political figures, dissidents, and activists.
Pegasus was used by governments with dubious human rights records and histories of abusive behaviour by their state security services.
The surveillance software allows to completely take over the target device and spy on the victims. Developers of surveillance solutions leverage zero-click zero-day exploits to silently compromise the devices without any user interaction. Pegasus is known to have used KISMET and FORCEDENTRY exploits to infect the devices of the victims.
NSO Group has repeatedly claimed that its software is sold exclusively to law enforcement and intelligence agencies to fight crime and terrorism, in so-called “life-saving mission.”
According to a series of disclosures by the business publication Calcalist in recent weeks, dozens of citizens in the country were targeted by Israel Police with the NSO Group’s spyware to gather intelligence without a search warrant authorizing the surveillance.
“National security cannot be used as an excuse to an extensive use of such technologies nor as an argument against the involvement of the European Union.” continues EDPS.
EDPS urges tight control over the use of surveillance and hacking tools to prevent and disincentive unlawful use.
(SecurityAffairs – hacking, Pegasus)