The European Data Protection Supervisor (EDPS), the EU’s independent data protection authority, has issued a report calling a ban on modern spyware tools like NSO Group’s Pegasus.
The preliminary report dives deep into the history of Pegasus and similar tools, acknowledging their usefulness in combating terrorism and serious crime, but also their dangerous surveillance capabilities as exerted by nation states against activists, journalists, dissidents and political figures.
Pointing at the infamous Pegasus, the watchdog says the malware belongs to a new category of spyware tools that differ from traditional interception tools used by law enforcement.
In the report, the supervisor acknowledges experts’ view that Pegasus is perhaps the most powerful hacking tool ever deployed, and that it grants complete, unrestricted access to the targeted device – including the camera, microphone, communications that are supposed to be secured by encryption, etc. – regardless of phone model or operating system.
It also highlights Pegasus’s zero-click deployment advantages, stressing that “even a cyber-security-savvy user can do nothing in order to prevent it from happening.”
The document highlights various scenarios where, even if spyware is used lawfully, it can still hinder a person’s inherent rights, including the right to privacy or discussions with a lawyer.
It therefore concludes that “Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy. This fact makes its use incompatible with our democratic values.”
“Therefore, the EDPS believes a ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms,” the watchdog stresses.
The authority accepts that if such tools are still applied in exceptional situations, such as to prevent an imminent threat, there should be some non exhaustive steps and measures to use as guidance against unlawful use. The watchdog offers its own suggestions in this regard, adding that it wants to keep discussions open on whether spyware tools like Pegasus should have any place in a democratic society.