European Policy, Government Surveillance
Euractiv – Governments spying on citizens: Who is to blame, what can the EU do?
This op-ed, authored by CDT Europe’s Silvia Lorenzo Perez, first appeared in Euractiv on May 22, 2024. A portion of the text has been pasted below.
The Polish Ministry of Justice recently revealed nearly 600 individuals were targeted with Pegasus spyware during the previous administration. This announcement provides further evidence of the troubling reality the European Parliament’s PEGA committee uncovered: EU governments deploy spyware surveillance against their citizens for nefarious purposes unrelated to national security.
Before the Pegasus revelations, debates on regulatory aspects of spyware had been confined to cybersecurity, trade, defence and foreign policy. That lens placed responsibility and potential criminal liability primarily on the private entities, known as cyber mercenaries, who developed or wielded the tools to conduct cyber intrusion operations that threatened states’ national security.
Governments evaded accountability for their actions, shielding themselves from guilt with the secrecy surrounding national security operations. However, the spotlight rightfully shines on the state as a key perpetrator after the Pegasus scandal.
When attributing responsibility for spyware abuse, we should question whether placing all the responsibility on the private actors who develop and sell the tools will adequately address the problem.