Pegasus spyware should face blanket ban, EU says

News
By Sead Fadilpašić
published

Governments are using Pegasus a lot more than thought, EU claims

A finger pressing a padlock icon
(Image credit: Shutterstock)

The European Data Protection Supervisor (EDPS) has called for a blanket ban on the use Pegasus spyware throughout the European Union.

Reports claims that the EDPS issued a report called “Preliminary remarks on modern spyware” in which it drills down on Pegasus, what it is, how it works, how it’s abused, how it could be put back into a regulatory framework, and what the EU should do about it.

Pegasus is spyware developed by the Israeli company NSO Group. It is a potent piece of software, as it allows the attacker to compromise an endpoint with zero clicks on the victim’s side, gain access to the entirety of the device, including personal data, photos, messages, and GPS location, making identity theft just one of the potential use cases.

Abusing the privilege

NSO claims it only sells it to governments, and that it’s used exclusively for the purpose of tackling terrorism, and similar threats to national security. However, numerous reports have suggested that some governments abused the privilege, targeting journalists, human rights activists, and other individuals whose actions could not be described as a threat to anyone else but the ruling regime.

In the report, EDPS suggests a ban on Pegasus, and similar malware, is necessary to protect “fundamental freedoms but also to democracy and the rule of law.”

Read more

> Are you a target of Pegasus spyware? Get an iPhone and stay safe

> This malware pretends to be Amnesty International protection from Pegasus

> Pegasus spyware spied on mobile users around the world

EDPS is not naive, though, admitting that there are instances in which such spyware could be useful. In that case, however, the governments should apply eight steps to ensure lawful use. 

These include strengthening of democratic oversight over surveillance measures, strict implementation of the EU legal framework on data protection, judicial review, both ex-ante and ex-post, and empowering the civil society to bring awareness and public debate forward. 

“At the center of any such discussion,” the EDPS concludes, “should not only the use of technology itself, but importance we attribute, as a society, to the right to privacy as the core element of human dignity”.

Via: TechCrunch

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.