The EU Parliament’s spyware investigation into Spain continues to spark controversy –

A parliamentary hearing on Spain’s involvement in the Pegasus spyware scandal, scheduled for Tuesday (Nov. 29), has sparked controversy after allegations against two speakers resulted in one of the panel not being invited.

After the scheduled hearing program was leaked, spyware victims sent a letter to lawmakers from the European Parliament’s Pegasus Committee (PEGA), experts and civil society actors, including Access Now, ARTICLE19 and the Digital Rights Foundation.

The letter expressed concern about two speakers invited to attend the hearing, which will focus on allegations that the Spanish government has used spyware to monitor figures associated with the Catalan independence movement.

According to the signatories, two speakers at the hearing, Jose Javier Olivas, a political scientist from Spain’s Universidad Nacional de Educación a Distancia, and Gregorio Martin, professor emeritus of computer science at the University of Valencia, have both been linked to discredited research into the Pegasus scandal and defamatory claims about investigators and victims.

Oliveras, the letter says, has “led a campaign to discredit the work of expert organizations,” including Amnesty International and Citizen Lab, both of which were involved in exposing the Pegasus scandal last year.

“It appears that the actions of these individuals are part of a larger campaign of disinformation to discredit the work of trusted organizations against spyware and to distract the committee from its investigative mission,” the authors of the letter wrote, calling for reconsider their invitations. .

After receiving the letter, a meeting of the coordinators of the PEGA Commission was held on Monday (November 21), an EU official told EURACTIV. At this meeting, Renew, the centrist political group that had originally proposed Oliveras as a speaker, withdrew his name from the program.

The centre-right EPP group, which had put forward Martin as speaker, upheld its invitation to speak for next week’s hearing.

After not being invited to the event, Olivas took to Twitter to oppose the decision, accusing parliament of agreeing to “veto an academic researcher who gives expert testimony, based on a defamatory letter of a group of people with vested interests in the matter.”.

The absence of spyware victims from the scheduled hearing was also raised during the coordinators’ meeting. Previous hearings, such as those on the use of spyware in Poland and Greece in recent months, have included testimonials from those affected by the technology.

After the talks, one victim is now invited to the hearing. The Greens/EFA group will also host a second meeting on the same day with additional spyware targets.

“As an institution, we have to carefully consider who we invite to hearings. I can only regret the limited space given to the victims to testify at this hearing,” MEP Saskia Bricmont, PEGA coordinator for the Greens/EFA group, told EURACTIV.

“I also regret seeing there was a majority to keep on the panel someone accused of spreading conspiracies and known for attacking the work of Citizen Lab, whose work has been consistently praised by experts, academics and investigative journalists,” she said. .

This is not the first time the commission’s handling of Spain’s involvement in the Pegasus scandal has drawn criticism. Questions have also been raised about why lawmakers have yet to visit the country to investigate the allegations, as they have with several others.

Earlier this month, presenting a report on the commission’s initial findings since it started work in April, MEP Sophie in ‘t Veld said she hoped there would soon be a majority to support such a trip. supports.

Spyware systematically used by some EU governments, say MEPs

Spyware is systematically used as a means of control in some EU countries and a “deep rethink” of European governance is needed to protect democracy, said the lawmaker who heads the parliamentary committee charged with investigating the Pegasus spyware scandal.

In addition to the country-specific hearings, the PEGA Committee continues to organize discussions on the issue and practice of spyware in a broad sense.

On Thursday (November 24) the committee also held a hearing on zero-day vulnerabilities, flaws that have yet to be discovered or addressed by developers and are particularly susceptible to abuse.

Speakers at the hearing came the day after the European Parliament’s website went down for hours after a cyberattack for which a pro-Kremlin group claimed responsibility.

Parliament President Roberta Metsola stressed the destabilizing implications of the growing market for zero-day exploitation and the complexity of its approach.

“Shockingly,” noted Ian Beer, a white-hat hacker on Google’s Project Zero team, which tracks zero-day attacks, in half of the 58 instances of wild zero-day vulnerabilities reported by Google in 2021. followed, the root cause was a variant of something that the industry was already aware of and could have better addressed.

MEP In ‘t Veld said the discussion had left her with a sense of “desperation and hopelessness” at the prospect of addressing zero-day vulnerabilities.

“We seem to be in a situation where both government agencies and criminals seem to share the same interest, which is to maintain the trade of vulnerabilities,” she said.

[Edited by Luca Bertuzzi/Nathalie Weatherald]


Leave a Comment