Regulators have said the NSO Group software could -and likely already has- lead to an unprecedented level of spying. Includes the latest list of confirmed targeted individuals from other sources.
15 February 2022 | Richard Connor | DW | Plus additional files collected by Clipper Media
The European Union Data Protection Supervisor (EDPS) on Tuesday proposed a bloc-wide ban on use of the Pegasus spyware tool, saying it was the best way to guard against unwarranted spying on consumers.
The recommendation follows media reports alleging the product has been used by certain governments to spy on human rights activists, journalists and politicians.
Why did regulators recommend a ban?
The EPDS said Pegasus combined “a level of intrusiveness that is incomparable with what we have seen before, with features capable to render many of the existing legal and technical safeguards ineffective and meaningless.”
The product, from Israeli developer NSO, is seen as having the potential to turn a phone into a pocket spying device.
“Pegasus represents a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy,” the EDPS said in its report.
Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones running most versions of iOS and Android. Pegasus is reportedly able to exploit all iOS versions up to 14.6, through a zero-click iMessage exploit.Wikipedia
“This fact makes its use incompatible with our democratic values. Therefore the EDPS believes a ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms.”
The EDPS said it could not rule out a need for the spyware to be deployed in exceptional circumstances, for instance, to prevent a very serious imminent threat such as terrorism.
The watchdog proposed a list of “steps and measures as a guarantee against unlawful use,” in the event that it was deployed.
Some EU governments, including Hungary and Poland, have admitted to having bought Pegasus from the NSO Group.
Powerful tool for good — or ill
NSO, the company behind the tool, has said its product has helped to prevent terror attacks, gun violence and has helped break up pedophilia, sex and drug trafficking rings.
The spyware grants “complete, unrestricted access to the targeted device,” the EDPS said.
Research from Amnesty International’s Security Lab shows that the tool allows the attacker so-called “root privileges” on the device to the extent that “Pegasus can do more than what the owner of the device can do.”
As a result, the software could allow the attacker to gain access to digital credentials and impersonate the victim to access personal information and financial assets.
Evidence has mounted showing the potential for abuse of the tool for questionable motives.
It found a list of thousands of potential surveillance targets, including 180 journalists, 600 politicians, 85 human rights activists and 65 business leaders.
NSO has said it does not operate the system, nor is it involved in any way in the system, once sold to governmental customers.
Claims of spying on citizens
Israel itself has been subject to global pressure over allegations that Pegasus has been abused.
Meanwhile, Israeli media has reported that the secret spyware was also turned on the country’s own citizens, including those not suspected of criminal activity and without a judge authorizing the surveillance.
Business daily Calcalist reported last week that police used the Pegasus spyware to hack the phones of former Prime Minister Benjamin Netanyahu’s son, along with aides and other members of his inner circle.
Netanyahu has previously accused law enforcement of unfairly targeting him, although it’s unclear why the software would have been used against those close to the former premier.
NSO has said it could not confirm or deny any current or potential customers for Pegasus.
This report was written in part with material from Reuters news agency