The Pegasus scandal, which rocked the world three years ago, exposed the dangers and pervasive nature of spyware. Despite the initial shock, the spyware problem has only grown worse over time. In response to this escalating threat, a group of civil societies recently penned an open letter urging EU regulators to take decisive action against the use of spyware. Their demand is clear: an EU-wide ban on the production, export, sale, import, acquisition, transfer, servicing, and use of spyware.
The concept of spyware itself is fundamentally incompatible with the right to privacy. Spyware refers to a type of malware that is installed on a digital device without the user’s knowledge. Once installed, it has the ability to collect a vast array of sensitive information, ranging from location data and camera footage to personal messages and banking details. The true danger of spyware lies in its ability to operate undetected, making it extremely difficult to protect against.
While some argue that spyware can be a necessary tool for governments to ensure national security, the reality is that its misuse far outweighs any potential benefits. Numerous cases have emerged of authorities abusing their access to spyware, targeting journalists, activists, and ordinary citizens. The Pegasus scandal, for example, revealed how the NSO Group’s powerful surveillance technology was used to spy on Mexican journalists and activists. The investigation into Pegasus also uncovered that over 46 countries, including 14 EU nations, had purchased this invasive spyware.
Not only are governments utilizing spyware for surveillance purposes, but companies are also increasingly turning to these tools to monitor their employees. Bossware, as it is commonly referred to, allows employers to track the activities and productivity of their remote workers. While these monitoring apps may be legal, they open the door to potential abuse and invasion of privacy.
Spyware is not only a concern for governments and corporations; it is a tool that can be easily wielded by hackers, stalkers, and criminals. The accessibility of spyware means that anyone with minimal technical skills can launch an attack, making individuals vulnerable to invasion of privacy and even physical harm. Recent data from security firm Avast revealed a 329% increase in mobile stalkerware usage since 2020, highlighting the prevalence of these threats.
The question then becomes: Can spyware ever be a legitimate market? Given its inherent violation of privacy, the answer is a resounding no. The spyware industry has thrived for far too long, with even major tech companies like Google expressing concern over its impact on free speech, the free press, and the integrity of elections worldwide. The proliferation of spyware vendors, who specialize in developing and selling attack exploits, has resulted in real-world harm.
Calls for regulation have been made, but it is clear that mere regulations are not enough to address the harm caused by spyware. Lawmakers have struggled to develop a legal framework that effectively mitigates these risks. The EU, for instance, has yet to take strong action to protect the free press against spyware, despite being directly affected by the Pegasus scandal. The use of spyware is still allowed on a “case-by-case basis” and is subject to authorization by a juridical authority in certain situations.
Even recent international agreements, such as the one led by the UK and France, seem insufficient to prevent abuses and protect privacy. The intrusive nature of modern spyware, which can interfere with the most intimate aspects of our daily lives, raises serious concerns about its compatibility with privacy laws. The European Data Protection Supervisor (EDPS) stated that such intrusive technology is fundamentally incompatible with EU law. It is clear that regulating the use of spyware alone is not sufficient, and a complete ban on spyware is necessary to safeguard privacy.
In conclusion, the pervasive threat of spyware demands immediate action. The increasing misuse and abuse of spyware by governments, corporations, hackers, stalkers, and criminals necessitates an EU-wide ban on the production, export, sale, import, acquisition, transfer, servicing, and use of spyware. Strong regulations have proven inadequate to address the societal harm caused by spyware. It is time for decisive action to protect our right to privacy and prevent further erosion of this fundamental human right. As Natalia Krapiva, Tech legal counsel at Access Now, aptly stated, “Discussions do not suffice. We expect action.”
Source link
