PEGA-UntersuchungsausschussOpfer erklären die Auswirkungen von Staatstrojanern

Der Staatstrojaner-Ausschuss konzentrierte sich in der Anhörung vom 30. August auf die Auswirkungen von Staatstrojanern auf die Opfer und mögliche Rechtsmittel. Wir veröffentlichen ein inoffizielles Wortprotokoll der Anhörung.

Carine Kanimba, Tochter des ruandischen Inhaftierten Paul Rusesabagina und selbst Opfer von Pegasus, spricht vor dem Staatstrojaner-Ausschuss.
Carine Kanimba, Tochter des ruandischen Inhaftierten Paul Rusesabagina und selbst Opfer von Pegasus, spricht vor dem Staatstrojaner-Ausschuss. – Alle Rechte vorbehalten Europäisches Parlament

Am 30. August veranstaltete der Staatstrojaner-Ausschuss eine Anhörung zum Thema „Staatstrojaner – Opfer und Rechtsmittel. Die Sitzung konzentrierte sich auf die Auswirkungen auf die Opfer von „Spionagesoftware“ und ob Opfer sich wirksam juristisch wehren können.

Von der Anhörung gibt es ein Video, aber kein offizielles Transkript. Daher veröffentlichen wir ein inoffizielles Transkript.


  • Date: 2022-08-30
  • Institution: European Parliament
  • Committee: PEGA
  • Chair: Jeroen Lenaers
  • Experts: Carine Kanimba (Victim, daughter of Paul Rusesabagina, wrongfully imprisoned in Rwanda), Dominique Simonnot (Victim, Journalist), Prof. Catherine Van de Heyning (University of Antwerp)
  • Links: Hearing, Highlights, Video
  • Note: This transcript is automated and unofficial, it will contain errors.
  • Editor: Emilia Ferrarese

Spyware – victims and remedies

Jeroen Lenaers (Chair): Okay. Dear colleagues, welcome to this afternoon’s session of our enquiry committee. Just to inform you that we will have interpretation in German, English, French, Italian, Dutch, Greek, Spanish, Hungarian, Polish, Slovakian, Slovenian, Bulgarian and Romanian. Our second hearing of today is going to be on spyware, victims and remedies. And I think it’s very important and we’ve always said this from the beginning of the work of our committee, that we should always be guided also from the perspective of the victims of this type of spyware. The huge invasion of the privacy is something we can maybe all have an understanding of, but never in the same manner and to the same extent as actually victims of spyware. So I am very happy that we are joined here today by victims, but also by those who can say something about what kind of remedies should be offered or in what way. So we are very happy to welcome to the European Parliament, Ms Carine Kanimba, who is a victim and a daughter of Paul Rusesabagina. I’m sorry for the pronunciation who was wrongfully imprisoned in Rwanda, which we also had a resolutions on here in the European Parliament. It will have. Professor Catherine Van de Heyning from the University of Antwerp with us today. And remotely connected is Ms. Dominique Simonnot, who was a victim and a journalist. Ms. Dominique Simonnot is remotely connected as we already went into the sort of the infrastructural problems with interpretation because she will speak in French. We are trying to find a practical solution so that we can have her testimony in our committee today. But we will start with our other two guests so that we have some more time to look at the to look at the options there. So without further ado, I’m very happy to give Ms. Carine Kanimba the floor for about 10 minutes.

Carine Kanimba (victim of spyware, daughter of the Rwandan politician Paul Rusesabagina): Members of the committee. Thank you for inviting me to speak here before you today. My name is Carine Kanimba. I’m 29 years old. I’m the youngest of six children of Paul and Tatiana races in both. I’m a Belgian and American citizen. I grew up between Europe and the United States, and until two years ago, I had a job that I loved in finance working in New York. In August 2020, everything changed. Exactly 766 days. My father was lured when travelling from my family home in San Antonio, Texas, to Burundi. He was kidnapped in Dubai by a illegal operation from the Rwanda Secret Services and was transported illegally to Kigali in a private jet that was chartered directly by the office of the Rwandan president. My father was then subject to forced disappearance. He was tortured before reappearing and being subjected to a sham trial. At the end of which he was unjustly sentenced to 25 years in prison. The Belgian government, the American government, the United Nations and numerous human rights organisations have designated my father as being arbitrarily detained in Rwanda in February and October 2021. The European Parliament passed two resolutions in favour of my father and called for his immediate release. Our family is extremely grateful to all of you members of the European Parliament. For leading the efforts for this resolution. In 2021, I became victim of the Pegasus spyware. If I may, I’d like to take a few moments to tell you about my journey and how I ended up being a victim of this software. I was born in Rwanda a few months before the 1994 genocide, the genocide which made me an orphan. My biological parents were amongst the 1 million people killed during that genocide. Leaving my sister Annalise and myself orphans. I was only 11 months old at the time during the genocide. Paul Rusesabagina was the manager of a hotel in Kigali. During this dark period in Rwanda’s history, 1268 people came to seek refuge in his hotel. And for almost three months, my father. But his own life at risk to protect these people against the militiamen and the military who came every day to look for people to kill. Thanks to my father’s interventions, none of the people who took refuge in the hotel were killed or were taken away. Their lives were saved. At the end of the genocide, Paul and his wife Tatiana heard that our parents had been killed. Had been killed. They searched for Anais and myself and found us in a refugee camp. Then they raised us and left us as their own children. And we became that along with my other brothers and sisters. This hotel, Diana and César, my big sisters, Lisa and Diana are here today with me. We stayed in Rwanda for a few months after the genocide, but some time later my father was victim of assassination attempts in Rwanda and took the decision to seek refuge in Belgium for our family because we would be safer there. Throughout all of those years, we found the protection that we were looking for here in Brussels at the heart of the European Union. In 2004, this story was shown in the film Hotel Rwanda, and my father’s name became known all over the world as a peace, a man of peace and virtue. In 2005, he was awarded the US Presidential Medal of Freedom, the highest civilian honour in the United States. My father used the attention he received to help others. He encouraged peace and dialogue and called on the world not to ignore the suffering of people who are victims of the atrocities in the Great Lakes of Africa region. He criticised the numerous human rights violations that were perpetrated by the Rwandan regime. Calling out loudly for democracy, freedom of expression and of the press and truth and reconciliation for all Rwandans. It’s by defending these beautiful values that we enjoy here in Europe and which of which you are the guarantors that he became a target of the Rwandan president, Paul Kagame. For many years, the Rwandan regime tried to silence my father through a targeted, brutal campaign, trying to discredit him. There were assassination attempts against my father in Belgium. There were burglaries and break ins in our house in Brussels. And there were intimidation attempts. But my father was never intimidated because he knew that he had a responsibility to use his platform. To use the platform that had he had been given to be the voice of people who were silenced by decades of dictatorship. However, the Rwandan government still managed to kidnap, torture and imprison him and then to convict him on the basis of fabricated charges, as they have done with many other people who criticise the government. Just as my father was a victim of the Rwandan regime, I too became a target. At the same time that I was pleading with all of you to save my father’s life, in February 2021, I was contacted by a collective of journalists called Forbidden Stories who work with International Amnesty International and Citizen Lab on the Pegasus process. Their research on Rwanda and Pegasus gave them reason to believe I was being spied on. I provided my phone for forensic analysis. I agreed to do that, and it showed that Pegasus surveillance had been used to target me. I was terrified. To understand why I was so frightened. You have to understand or imagine what would be happening now if Pegasus was on my phone. The Rwandan government would hear everything going on in this room. They could film us without us knowing. Without even knowing that the camera was on. They could see all of my emails and messages, hear all my calls and even private conversations with my lawyers. Basically, they would be able to track my each and every movement and word. The scariest part is that they put it on my phone without me having to click on any links. This is using technology that costs millions of dollars, and the Rwandan government considered me to be a worthwhile target here. Sitting before you today, I have lost all sense of security in my private actions and in my physical surroundings. The forensics reports have been presented to this committee and the Belgian intelligence have confirmed these reports through their own analysis. For instance, in June 2021, I was received by the Belgian Minister of Foreign Affairs in her office at the Ministry. The reports show that the spyware was activated during my meeting with the minister. From the moment I entered her office, until the moment I left. Throughout that time, the Rwandan government was listening to our whole meeting. It was active during my exchanges with a number of new members of the European Parliament, as well as when I spoke in front of human rights organisations or with journalists. While I was having exchanges with all of you by email about the resolutions that you passed to secure my father’s release in 2021, the Rwandan government was also spying on you. This surveillance is illegal under European law and has allowed the Rwandan government the same individuals who abducted and tortured my father to turn around and now target his children. 70% of Rwanda’s national expenditure comes from foreign aid. In your resolution of October, the seventh, 2021, in my father’s case, you asked the Commission to critically review the European Union’s assistance to the Rwandan government and to Rwandan public institutions in order to ensure that they fully promote human rights and do not negatively impact freedom of expression and association. Or political pluralism, respect for the rule of law or an independent civil society. Nevertheless, the EU has pledged €260 million to fund Rwanda over a four-year period. Rwanda is considered as a EU ally and a partner in multiple areas, including military and intelligence. European taxpayers and EU members of the European Parliament deserve to know that the government of Rwanda is spending humanitarian aid to finance the kidnapping of a democracy activist from Europe, from US soil and using military grade technology to save his daughter working for his release. Three years ago, my cousin Jean-Paul, in sunset on his phone, was also infected with Pegasus. He is a Belgian citizen for two years. He and I have been living in the same house here in Belgium. There are two phones now in the same house targeted by the same software, by the same authoritarian regime. I’m frightened by what the Rwandan government could do to me and my family. A few months ago, Citizen Lab discovered that the phone I taken as a replacement for the first one also had traces of the Pegasus software. Nothing can guarantee that this telephone isn’t also infected. It keeps me awake at night to know that they knew everything I was doing, where I was, who I was speaking to, my private thoughts and actions. And they could know that any time they wanted to. Unless there are consequences for countries and their enablers who abuse this technology to hurt innocent people. None of us is safe. I’m very grateful once again to have this opportunity to share my story and that of my father. I hope you found it useful and that you’ll be able to find ways to help both my father’s cause and to help him address this type of illegal activity. I promise you that we will never stop advocating for my father, Paul Rusesabagina, as long as he is not at home. Thank you.

Jeroen Lenaers (Chair): Oh, I think thank you very much. Thank you for being with us today. Also, a welcome to your family that has been invited today to join us here today. It’s a very a very impressive, impressive account. Your story, the fears you have, the sense that you lost all sense of security is something that unless you have experienced this, I think you will never be able to imagine what it does to you. And with your story that you presented so eloquently here today, at least we can get a little bit more of a feeling of what it means to you and to all those other victims of this kind of spyware. I’m really grateful for you for being with us and sharing that. And I’m sure there’s plenty of members who will also have questions to ask you and when we go to the Q&A. But I think the round of applause that you got here was very heartfelt. And it also shows the appreciation of all of us for your presence and participation here today. So thank you. Thank you very much. You’ll get plenty of opportunity to respond to colleagues in the House in the Q&A. Thank you. We move to our second speaker, which will be Professor Catherine Van de Heyning of. Yeah, because we have a little bit of time to to solve the issues for a remote connexion. And it will mainly be on the part of also remedies, procedures and redress. So I’m happy to give you the floor for 10 minutes as well. Thank you for being with us.

Catherine Van de Heyning (Professor, University of Antwerp): Thank you very much. And also thank you.

[during the next two minutes, her statement was unfortunately interpreted in a language other than English that neither our automatic transcription software nor we ourselves are able to understand, so this part is missing here]

It’s just I mean available in your play store and that’s not an invitation that advocates that which is less than $10 a month spyware you can spy on your girlfriends, ex-girlfriends, your employees, potential enemies, your children, etc.. And on the Web sites, you know, website, the. Website of this company. Is this actually legal? They say. Well, unless you have consent. This might be tricky. And maybe you should think twice about using phone monitoring software. The company has 1.5 million users, which means we have 1.5 million victims. You can also read the references for this very available spyware, less than $10 a month. I repeat. And it is I mean, excellently working because people say, well, I’ve been spying on my employees for many years now, and it functions perfectly because I could see one of my employees going out during the evening in and dancing and drinking and well, the next day was not functioning as I wanted it to. So, you know, I, I knew what it was and I fired him. So this is I mean, this is what is happening today. And so, obviously, we are looking at estates and Pegasus, and that is spyware at its worst because then it’s a threat to the rule of law, democracy and human rights that as is common at its efforts. Spyware is a serious threats threat and I hope you realise that from from the example I have given, it’s a serious threat to the personal integrity, personal safety and privacy of every one of us. And we ever more frequently see spyware, for example, in domestic violence cases. It has it is becoming just the general that we know there’s domestic violence. Please, can we also check your phone? Is probably there spyware on that? There’s actually already a judgement on that, which is very interesting judgement of the European Court of Human Rights followed in every Russia case where actually the European Court of Human Rights also put down some positive obligations on the states. States need to ensure redress, investigation, prosecution and legal remedies and measures to protect victims of such online surveillance. So that is one of I think for me is already a framework with which we can work if we think of legal remedies for spyware, because obviously it’s much more common than many think. And what has been in particular shocking to me from the Pegasus story is not that spyware is being used, not that it is used on journalists, etc., that for me it was not shocking because it has been in academic literature for many years and for as early as 2008, there have been calls to to regulate the export development of this kind of very high tech surveillance software. So that’s not what has been very shocking to me, is how our states and our speaking as European citizens, our our supposedly rule of law, democratic human rights. States have been using debt not just against their citizens, but also citizens of other member states against their own journalists, doctors and. I come back to the Prime Minister’s. So that is one of the things I find most shocking. That means that our checks and balances are simply not working. That what our intelligence services, some military service or other authorities are doing, that what we have in place is not sufficient. Secondly, what has been shocking to me is that all the revelations up until the revelations today of Predator and what is happening in Greece today have not come from parliament enquiries of committees, oversight bodies, courts. It has all come out because of whistleblowers and journalists. Once again, that means that our oversight bodies are enquiries are not working because we’ve heard of Pegasus a long time ago and yet most of the new revelations are not coming from what we have put in place ever since. So for me, those are two important conclusions to be drawn. Then I will come to the remedies. But before I come to by recommendations, I just as a principled matter, want to join the call that several have already made that the development sale, the export and import of spyware should be strongly regulated and also with oversight and transparency. I even agree with the elements that export of this kind of technology is the same as weapons. And therefore we should one note with this that such experts cannot simply go on as long as we don’t have stronger regulations and stronger oversight as to what we can change in the future for victims. And you probably know what my first recommendation will be. It’s oversight, control and transparency, and I believe everyone will stress that. I find it very remarkable that in our criminal procedures, we have so many rules and so much control when we use surveillance. And that’s where we actually agree on that. Certain kinds of surveillance are necessary in criminal investigations. But it’s very I mean, it’s very regulated in our codes of procedures. I don’t need to remind you of all the data retention judgements that that are out there, how much we focus on this kind of targeting, where there should be always judicial, independent oversight sites, how much the EU is focussing on the importance of impartial and independent lawyers and independent authorities. But we’re not doing that with the other authorities in the same way. And I do know that national security falls within the ambit of national states. But we are here. We are talking about ePrivacy. And within that scope, I do believe there should be basic criteria for the use of this kind of surveillance put in place at the EU level, given that there is a free market within the EU of this kind of technology. Secondly, as for the victims, one of the major problems with victims is that they don’t know that they are victims. That’s actually the purpose of spyware that you don’t know. And in many of our procedures at the national level, you can only start an investigation or a civil complaint when you are a victim. When you have standing, that’s in the legal framework with all that legal standing. And you only have that if you can prove that you have that you are real and direct, you have real indirect impact of a potential violation. And that is a problem because with spyware, you don’t know and you might assume you might have reason to believe that you are a victim, but you won’t know. So how can we address that? First, of course, this would, I believe, should be there is a notification duty. If state authorities use this kind of surveillance software that attends, they need to notify they need to notify those who have been under surveillance. I know this is hotly debated and it can only be done after that. There is no security threat anymore. That’s what constitutes a security threat. I think we need to focus on that because often an investigation has been closed and a state will say 30 years later, there’s still a security threat. So I think we need to focus more on at what time there needs to be notification, because the moment that there is notification, you know, that you were under surveillance and you will be a direct victim and you can access the file and you can control what has happened. So I believe that is one element where we need to focus on this is notification a six. An element is a legal standing, as I mentioned to you. And also there there has been some previous examples and one that probably many of you will known is standing as a victim before, for example, the European Court of Human Rights. There has been a case many years ago on security, which was the Class V Germany case, where also the court said you are a victim and you have legal standing in the case of secrecy measures because then you can’t know. So I do believe that the EU has a role here to play first to address that victims can access the courts and then a last elements. And then I will I will finish a last element where I also believe that we should we can help victims is that if you look to the EU. Regulations as they stand today. There are a lot of regulations on supporting victims, legal aids. That for me, there’s one thing that is missing and it’s expert advice and expert aids, because in these kind of cases, what is often missing is actually support on the tech sides. And you will have high targets, victims, you know, that can afford this kind of aid in each and any of those cases. And you are you just mentioned it as well. They will look at your phone and they will analyse your phone and you will need that technical expertise to really bring that case to court and to make a case. And that is also the reason why I think in the future it might be interesting for the EU to focus again on legal aid, but also where you would address expertise and how expertise can be affordable. And this is one of those case where you would could really help victims and it might be as important as legal aids by a lawyer or a counsel. Thank you very much. And I hope I have given some elements for debates.

Jeroen Lenaers (Chair): Thank you. You certainly have. And we will, after the next speaker, open up the debate. So, you will have ample time also to to further develop those points based on the questions that are going to be asked. Now, our third guest is Ms.Dominique Simonnot. She is connected from France, as we were only informed on Friday, that we cannot count on a full interpretation of her contribution to date and she will speak in French. We have a bit of a challenging situation, but since she is a victim and I do find it important that regardless of the technical infrastructure here, she has the right to be heard. She will address us in French. Certainly, some of us are either native or have a basic understanding of French in the positive sense that we will be able to answer questions. We will take make a verbatim report of her contribution translated as soon as possible, and send it to all members of the of the committee. I’m very sorry. First of all, to Madame Simonnot for this this this procedure. But I think it’s the best thing we can do under the circumstances. So, Madame Simone, or also, if you would please maybe try to speak not to quickly than many of us can certainly understand the gist of what you are saying to us. So please, you also have the floor for dix minutes.

Assistant: Ms Simonnot, please press on the speakt button only once.

Dominique Simonnot (victim of spyware, journalist): [statement in French due to missing interpretation service]

Jeroen Lenaers (Chair): Thank you. Thank you very much. And I think a lot of your story was also very clear even to those people who do not speak French. And I also would like to say that as much as you did it in a very nice way, there’s no need to downplay your own victimhood. I think especially what you said at the at the end of your contribution, that maybe we should be less naive and more prudent. I don’t think journalists should be more prudent. The journalists have a right to have safe communications. So in that sense, I think also your story and the effects that your targeting had on other journalists maybe in France is very important, too, here for this committee. So I also thank you very much for being with us today. Now we start with Q and A. We have an hour and 15 minutes, so I will ask colleagues to try to be brief in their questions so we can have as many colleagues ask questions as possible and also to our three panellists to try to answer to the point. And we will start, as always, with our rapporteur, Sophie in ’t Veld.

Sophie in ’t Veld (Renew): Yes, thank you, Chair. And I entirely agree with your remarks that it sounds so insane to say we have to be more prudent, more careful, but that essentially means we’re less free and less safe. That’s what we’re saying. But I would like to start by thanking Mrs. Kanimba and her relatives for being here, for sharing your story. Apart from all the spyware, of course, we all wish the quick return in safety of your father, as Parliament has expressed and the messages you’ve made about or you’ve given us about support to Rwanda, of course, are not for this committee, but the message has been taken, taken on board. And I think both stories show how, first of all, we are not safe even on European territory, because we can be spied upon by anyone from anywhere. And some cynical European governments could even hire somebody from outside the European Union to spy on us. So we need to reflect very carefully on what we do to protect our citizens. Because I agree with you, Professor, from the hating that we need to give rights to victims, but we should ideally prevent victims from existing. We have to it’s not enough to give legal remedies, which, by the way, are meaningless. I’ve been litigating against the surveillance law for the last six years. I’m still waiting for a reply. So it’s not it’s not a legal remedy. We need to give people the security that they cannot be spied upon, that they’re that they’re safe. Second remark question I’d like to make, because, Mrs. Kanimba, you told us you bought a new phone. Mrs. Human also said I’m more careful now and using my notebook a predator. The other brand of spyware is not zero click spyware, but there is a version which cannot be wiped off your phone anymore, even if you’re rebooted. So we’re looking at it. You know, it’s being improved all the time and it’s getting it’s getting more and more dangerous. And I think your stories also highlight what poison this is to society. If people have to look over their shoulders the whole time, if they have to be afraid, if to have to be diffident, if journalists are not free to speak to their sources anymore, if you’re not free to speak to ministers, to lawyers, if politicians cannot be free, then we still destroy democracy. And I don’t think we’re sufficiently aware to the degree that that’s happening. One question to Mrs. Kanimba are you satisfied that the Belgian authorities are really vigorously investigating this, trying to get to the source and also doing everything they can to protect you from new attacks? And I would actually like to ask the same question to Mrs. Simonnot, because I understand that you’re that the investigation or the procedures are still ongoing. Thank you.

Carine Kanimba: Thank you very much for your remarks and thank you for the question as well. I do not feel safe. So the reality is that my life has completely changed, not only as I have to continue to be public and to voice everything because my father is currently currently wrongfully detained and our advocacy is even what’s allowing him to continue to stay alive. But I my life has entirely change and I cannot be quiet because this is how we will get him home. In terms of the Belgian’s approach, I’m grateful for the work, the forensics report that they’ve conducted on my phone. However, I do believe there needs to be more done to protect us and our family. As I mentioned in my statement, my father was kidnapped after having been surveilled for many years. There were house break ins, intimidation, attempts. They followed him in many places, yet he was still kidnapped. And now I’m a victim of Pegasus. So and I don’t feel safe. And I have not seen anything that gives me the impression that I should feel safer. So is this what’s going to happen to me next? Will I be kidnapped, tortured and wrongfully detained in Rwanda? So that’s a question for the Belgian authorities. But I hope and pray that they will continue to look closely at this and find solutions to keep me and my family safe, but also everyone that can be targeted by this spyware. Thank you.

Jeroen Lenaers (Chair): Thank you. Ms. Dominique Simonnot. Everything we say in this room is interpreted so.

Dominique Simonnot: [statement in French again]

Jeroen Lenaers (Chair): Thank you. And then maybe professor on the effectiveness of legal remedies.

Catherine Van de Heyning: Well, of course I agree. We need to prevent it. I was, of course, also asked to talk about legal remedies. So that was what I was talking about. But we need to prevent this. What I do believe, but I do believe does work and also comes from research, is the most of the ills are being done in secrecy. So if there is a procedure that certain things after some time come to light, if there are archives, that can be. Access after a certain time. And this kind of I mean, all the several. Measures you can have for transparency, even being after ten years or an oversight board, etc., that is a deterrent for certain behaviour. So I do believe that that’s not a remedy, but that kind of oversight. Access the potential also for a victim to have access once notified that that will also work as preventive. That has also been seen in some other in in in in the past for some other elements of intelligence services actions that a certain amount of transparency can prevent actions not of individuals. Individuals can still, you know, sway certain parts. It can, as a policy, as a systemic use of certain measures, think of as torture, etc., certain techniques that have been used for investigations. Even our archives, if you know, for example, that at one point the victim will be notified and will have access. I do believe it is preventive. To a certain extent. But obviously that doesn’t work with dictatorial regimes. And I think that’s I mean, obviously, that’s that’s something I don’t need to highlight that that we have the EU situation and external situation as to legal remedies. There’s one remark I actually wanted to make after the second testimony, and that is the something that that is I really also want to warn against. What about this? Because I’ve heard that a lot in in, let’s say, more private meetings. This is something that it’s always been done. I mean, this is what intelligence services do. This is what you know, this is surveillance. And it has been done for many years. And that’s not true. Digital surveillance has changed the game because it is so easy that you don’t anymore need to select your targets more. I mean, I do. I really almost, you know, would advise for some of you to to follow a and a targeted surveillance operation, for example, when you want to hear, to phone, etc., often targeted. That’s not so easy. It takes a lot of time, it takes a lot of effort, etc.. That is not the case with this kind of technology. And so it’s very careful. I mean, the the as a victim, you need to I mean, this is that that’s for me, the big difference between the two stories that Madame Simone needs to think, what have I done on Morocco? I can’t even remember. And then it’s two articles. And that is sufficient, of course, because it’s easy. Just add someone to the list and click is done. And, and that is the real difference. And also the analysis is much more easier than you would have when you were eavesdropping or tapping l’époque, because then you really need to have, I mean, the target that you needed to have someone listening, writing it down, transcribing, etc.. So that has really changed the game. So that I think it’s really important also to, to highlight against the cynicism that I do notice is getting into these debates. Thank you.

Jeroen Lenaers (Chair): Thank you. And we have the EP, Mr. Zoido.

Juan Ignacio Zoido Álvarez (European People’s Party): Thank you, Chairman. And thank you to all the speakers for participating in this afternoon’s hearing. Particularly, I’d like to refer to Mrs. Kanimba for testimony which was so moving that she gave today. But also, I would like to pay tribute to her decision in favour of justice in Rwanda, despite the admission of how frightened she is at being harassed and persecuted. I’d also like to thank the family for having accompanied her on a very important day for her giving her testimony here, the headquarters of the European Parliament. And I hope that this sincerity will be of service, particularly the passion with which you have described the events. And I hope that this will be useful so that your father will be able to regain his freedom as quickly as possible. As we were saying this morning, there’s a need for the intelligence agencies and the security services of democratic countries where the rule of law is respected. They need to have access to this technology. Nonetheless, that should be restricted to restricted for repressive authoritarian regimes, as is the case of the Rwandan government. As the regime persecutes the dissidents inside the country and outside it, and it is prepared to use any weapons in the cyber arsenal to do this. I think that the European Union, as should engage in equivalently, stop authoritarian countries going gaining access to this spyware, particularly when potential victims are EU citizens as. We need to improve transparency in the management of these tools. And here I’m turning to the professor as well and to everyone. How can we in the European Parliament contribute to more transparency? We are asking these questions constantly. What should the Commission do? What should you do? Quite apart from putting on diplomatic pressure, I’m concerned about the possible unconscious and consciously complicit in this type of spying. And I’m referring to one of the statements which was made by Mrs. Kanimba. But I would like to ask a more general question. Mrs. Kanimba, do you think that it is possible that some of the aid which the EU sends to Rwanda. A has been used. Do you think it’s possible that it was that money was used to acquire Pegasus?

Jeroen Lenaers (Chair): Ms.. Kanimba first, maybe, and then Professor de Heyning.

Carine Kanimba: Thank you very much for your remarks and for the question. I as I mentioned in my statement, Rwanda is 70% of national expenditure depends on foreign aid and denied. The European Union has committed to $160 million €1,000,000 to Rwanda. So given its dependence on aid and the fact that Rwandan people are really poor, I believe that the chances are very likely that they’ve been using this money to purchase this very expensive technology. And so I think and I hope that a decision will be made from the European Union to change that, because it’s enabling Rwanda continued transnational repression on European soil. Thank you.

Jeroen Lenaers (Chair): Thank you. Professor van de Heyning.

Catherine Van de Heyning: Thank you very much. I’m going to give, of course, the more technical question. I’m sorry. In that respect, I’m really, I’m a lawyer, but obviously the EU needs to look at what it can work with because a part of, of those regulations simply still do fall within the ambit of national law. So where do I believe that there are scope definitely for the EU on regulation. The first one is obviously everything that’s export import and the markets. And I believe that’s really, I mean, that’s a platform where you can regulate. And there I do believe that certain criteria should be included, as has been done, for example, with weapons. And this is the kind of weapon we need to, to, to, to recognize that this kind of technologies, they are also I mean, most of these technologies are also the high-level ones developed by previously I mean military focused industry. It’s not for the, let’s see, the garden variety of this kind of spyware, but these ones, I mean, the intelligence the Israel gives us is a very clear example of that. So, I do believe we need to look at the other regulations we already have in place, such as for weapons, import export and the use of that. So, I think that’s the first from a second platform for me is e-privacy. And as the new e-privacy will come to pass in some time. Yeah, I do know I’m positive. I hope you are all working on that and supporting that. But I do think that that that that’s another platform where national security and I mean, it’s not just our intelligence services, it’s also our military services and it’s also other national sources that are using this kind of technologies up until certain financial administrations who are using certain kinds of surveillance technologies. Well, I do believe that we have a you has a potential to regulate and to provide certain minimum norms. Then there is the most difficult one, which we know is in crisis at the EU. And that is, of course, oversight, independence and impartiality of procedures. And once again, I make reference as well to the European Court of Justice that has highlighted the importance of independent oversight bodies. And then finally, I think there’s a last element I really want to stress. If you look at national legislation on surveillance and also on criminalisation of transgressions, of secrecy, private communication, still a lot of that regulation focuses on content. So, the classic eavesdropping, the listening to phones, the reading of texts, and of course, that’s extremely intrusive as extremely intrusive. And that your privacy there very clear that that’s I mean that’s the core of it and what you’re sending which is when you’re talking and I mean your testimony gives a very clear message that that is sanctioned in most of all, it’s criminalised in most of our countries, that that’s you know, but what this technology’s doing as well is the surveillance. Are these metadata where you are when you are with whom you’re speaking, for how long? And that’s, of course, one of the most dangerous one, because they’re they could track where a person was potentially for killing, potentially for abduction, which we have seen with Pegasus. And they’re not all national legislation has been up to speed with that, where they still focus on contents and not on this metadata. So, I believe there as well. I think it’s also the EU that has put this I mean, the importance of metadata really on the agenda. But I think it needs to be taken up as well here when we’re talking about this kind of technology and intelligence services, because a lot of the legislation, national legislation on intelligence surveillance as well as on criminalising or disciplinary sanctions for transgressions, focus is still on contents. And I think we need to I mean, it’s historical. I understand that we need to focus on that as well. Thank you.

Jeroen Lenaers (Chair): Thank you very much. The job of our committee is and then also to translate all the testimonies, all the information we get here into recommendation. So your lawyer’s perspective is very much welcome here today and it’s very useful. We move to Sandy. It’s gonna be Mr Heide and Madam Guillaume.

Sylvie Guillaume (Socialists and Democrats): Thank you so much. Thank you, everyone. I want to thank those who spoke about what happened to them. It was really shocking what was in store for you. Thank you for presenting that and thank you for the ideas you’re working on. I agree with much that’s already been said by Sophie. Obviously, we’re going to have similar ideas, similar questions. Ms. Simonnot. Not everyone is a native French speaker, but nevertheless, we’d like to hear from you in greater detail about how this surveillance happened. What impact did it have on your work and on your contacts? And are there further developments that you could tell us about? And then Ms. Kanimba. It’s apparent that a non-EU country has been meddling in the lives of an EU citizen of EU citizens. You did touch on it. What do you think about the reaction of the national authorities in the light of what’s happened to you? What kind of personal support have you been offered? What kind of legal remedies are you expecting as well? Final point, a question to Ms. Van de Heyning. I listened to the technical part of what you said, but earlier you were talking about strengthening and recognizing the status of victims. Could you tell us a bit more about that? How do we strengthen their status? Perhaps the final question. How can the European Parliament, together with the other European institutions, help you?

Jeroen Lenaers (Chair): Thank you very much. We start with the answers in the same order. So first, Madam Simonnot.

Dominique Simonnot: [statement in French again]

Jeroen Lenaers (Chair): Thank you. Ms. Kanimba, please.

Carine Kanimba: Thank you for your question. I still don’t feel safe. What I recently noticed was that some Rwandan officials have been tracking me physically in Belgium. There hasn’t been enough done to protect me or my family thus far. I’m really scared what might happen. This is an issue that. Well, it’s the intrusion. The meddling of the Rwandan government in the EU needs to be looked at at a legal and a political level. There are many ties between Rwanda and the EU. And politically speaking, something can be done to show that what is happening can’t happen. So that would help us to feel safe, but also make sure that they’ve got the message. Thus far, there hasn’t been haven’t been legal remedies for me, even though we have lodged a complaint in Belgium. I don’t know exactly what will happen. My hope is that there will be a new mechanisms created. Which will provide legal support and protection to victims, including myself. So I think it’s a political issue. But ties between the EU and Rwanda need to be looked at again.

Jeroen Lenaers (Chair): Thank you. That also leads to the question on the status of victims.

Catherine Van de Heyning: Thank you very much. I as to as to what more could be done, as I mentioned. Well, of course, there’s already there’s of course already regulation by the EU that is that is very helpful. And I’m thinking in particular of the several directives that have been already legislated concerning support of victims, legal aid, etc.. So that’s very important. We all know that they haven’t been put in place. But what I do think that is that is required. And there are some countries that are already doing that. I think. There’s a need for national enquiry. So what is happening here in European parliaments? As I mentioned, it has shocked me that the new revelations are still coming from journalists and whistleblowers and this should have come from a national enquiry. So that I think is a problem. A problem. And where did you do it? A parliamentary enquiry, a special enquiry. I mean, that’s a for a national state. But I do think that all I mean, almost every in almost every member state, there has been a mention in one of the several. Scandals. Look for a better word. But where did it’s Pegasus or whether it’s predator or whether it’s another one? So I do think that every state needs to look into this and it actually a national enquiry is needed. I don’t help you with that answer because that’s not something you do, that sort of thing. And I want to make reference to Spain. So in Spain they listed up ten recommendations and that I find very interesting because in those ten recommendations two were about victims and redress. And now come back to what the European Court of Human Rights has already mentioned. I think if there are recommendations, it must include that national states need to provide for investigation, protection and prosecution if needed, when there’s any mention. And then finally, I do. I it’s one of the basic things, of course, is that every state should provide for access to justice and that not just the victim, but also people who have a reasonable suspicion that they might have become victim should also have access to justice. In its best access also to all the information and documents. But I think that is. And I give an example. I’m sorry, I’m going to use your Kanimba. But because of the media and because of those who have contacted you and the research, we know that your phone has been targeted and also from some other family members. But other family members also have a reasonable, you know, suspicion that they might have been targeted as well. And under several of the states, they would not have legal standing or they would not have the possibility actually to ask for that. And I believe that is something that should be highlighted that already has been you know, has been mentioned in the past that with secretive measures. That’s why they secret if you don’t know. So if you have a reasonable suspicion and of course, I mean it’s that that’s not every journalist has a reasonable suspicion that they would have been targeted by Pegasus. But if you have a reasonable suspicion that you should also have that that that is and an essential element of access to justice. And of course, as well for NGOs or other civil society organisations that are working on these teams. So I believe that they’re definitely recommendations and a lot of the work needs to be done by states. I think national enquiries are needed also to look how, how it has gone so wrong and how everyone has been so shocked about it. But it was happening within our own authorities. So I believe that that’s obviously is not something you can do.

Jeroen Lenaers (Chair): Thanks. Thank you. For Renew Róża Thun.

Róża Thun und Hohenstein (Renew): Thank you very much. You say, Mrs. Van de Heyning, that the state should look into this, but that’s the whole day today that we hear about the responsibility of the state and the states. But the states are a part of this crime. The governments use those spying devices in an illegal way. So how do you think that they will look into this against themselves or what? We need an independent European system, institution, whatever of this. They will not look into this. And we shouldn’t be naive. And also, we cannot protect ourselves. It’s not our duty of the citizens, activists, journalists, whoever politicians to protect themselves against bugging, because Mrs. Simonnot will put away her smartphone and use a different phone, but she has a chip in her ring or something else. And, you know, this is the technology is always better than what and develops faster than the information we receive. And this is a duty of the security services. And we are a part of the European Union, our common security services. We, the citizens, must be protected. And I really think that that this is our duty to come to a way where all those who use illegally those spying devices know that they will bear very heavy consequences. They have to bear very heavy consequences, whoever it is. And now I also wanted to ask I’m sorry I was late. They had to vote in a different committee in envy. But I wanted to understand very exactly. Mrs. Kanimba, you were bugged by Rwanda while you were in the United States or Belgium. You’re backed by the Rwandese authorities while you were abroad. There was a unit somewhere in the United States or Europe that started on your. This is one question. And now the last sentence is my just a reflection. You know, I grew up in a communist country and I was a dissident. The colleague of MP Spanish was talking about the persecution of dissidents. The last time I experienced it was in the communist time and frankly speaking, there were no smartphones, etc. but we were targeted by all possible ways and spied upon and followed by the secret police, etc., etc. But you could see them and hear them. This was the you could hear them on the phone when sometimes they even spoke to us, those who listens to us in secret. But frankly speaking, it sounds funny, but it was not so funny when you constantly had their shadow behind your back and someone walked behind you. Also, there was a telephone with microphones in front of your house, etc. But frankly speaking, I thought once we abolished the communism, once we joined the European Union, that in the democracy this is absolutely impossible because, you know, I am so conscious through all this experience of the fact what it is and the you mentioned it very well when people are afraid of each other because one is bad because and Mrs. Similar said it also because it destroys democracy in society it’s extremely dangerous. People become lose the trust also to each other and I thought frankly speaking naive as I am, that in a democratic country this is over, that we cannot be illegally spied upon, that the society is a real society and we can trust each other and trust the institutions and see where we live. We live in in countries democratic countries where the citizen cannot trust its own elected government, because if you please, please will steal the data and then it just an appeal to all of us. And thank you for the cooperation. We must really elaborate a system when all those who use it illegally realize that it will, they will bear very heavy consequences. I don’t see another possibility.

Jeroen Lenaers (Chair): Thank you. Thank you. As much as it’s an important reflection and appeal. But I also want to ask really members to do restrict a little bit to the speaking time because we want all members and is also an important appeal all members to have equal speaking time in these hearings. And I can’t give everybody four or 5 minutes to make a point. There were two concrete questions to Professor Van de Heyning and to Ms. Kanimba. So first, Professor Van de Heyning.

Catherine Van de Heyning: Thank you. I mean, don’t get me wrong for me, there are three partners in this story. Three partners. And I mean, talking to the European Parliament to in this story, which is one what the EU can do. Second is of course to in. Yeah. And there can be a lot of regulation. I mentioned it as well. I mean, everyone is calling for rules on exports, control, etc. of everyone is calling for this. So, I hope that that will pass on as well and that the EU does have a lot of but the states are the third party and we have a rule of law issue in the EU today. We have one. We have backsliding of rule of law, but we are a union based on the rule of law, democracy, and human rights. And that still needs to be the ideal of which we are striving, not always followed by all actors in the EU, but we need to focus on that, and it should be the ideal. And we should ensure that within a state that is functioning on rule of law, that is functioning on democracy, human rights, that we do have oversights, that we do have parliamentary and judicial control that functions. And so that’s not something that you need to take out. If it. No, we need to make I mean, we need to put the states forward responsibilities. And I agree with you that in certain states, probably the oversight will not be working because we have a rule of law issue in the EU. But I also believe that in a lot of states where there will be oversight, where there will be control, where there will be independent bodies, where there will be judicial protection, that it will function, and that openness and transparency can function also where you have a free press, etc.. So I do hear you and I also know what your potential states are thinking of. And so, it might seem pretty naive to ask for national enquiries, but I think the national, me and the national debate needs to be done and also at the heart of democracy in the parliaments. And I believe that that what you are doing here should also be done at the national level. I believe it is important. But you can I mean, I do see your thinking. It’s naive, but it is it is the I mean, is the forum as well of our democracy. So, I believe it needs to be done taking into account the rule of law and democracy issues we are having in the EU.

Jeroen Lenaers (Chair): Thank you. Ms Kanimba.

Carine Kanimba: Thank you. So two years ago, exactly 766 days, my father was kidnapped. And since then, my family and I have been doing everything possible to bring him home. And that includes speaking with government officials across the world. Across Europe, across Africa, across the United States. I have two phones, a Belgian phone and a and an American phone. The Belgian phone was targeted while I was in Belgium. And an example I gave earlier is when I walked into the Belgian Minister of Foreign Affairs office for a meeting to plead for my father’s, just for the minister to help us save my father’s life. And the entirety of that meeting was spied on. And this is visible through the forensics reports in the United States. My U.S. phone was found with traces of Pegasus on it. So anywhere in the world, wherever I am, I feel like I can be targeted. And I think I agree with you that there has to be strong consequences on the country, the governments who are abusing this technology like Rwanda. And I think one way to go about it, for instance, in my father’s case, will be to ensure his safe return back home. This will be a clear signal to the Rwandan government that we are not okay with this and that we must keep our citizens safe. Another way to go about it, I think, would be to rethink the relationship with Rwanda, because and the aid to Rwanda, because it’s clearly being used to to to hurt innocent people here and across the world instead of helping the Rwandan people as it was intended. Thank you.

Jeroen Lenaers (Chair): Thank you. For the Greens Madam Bricmont. But there was no concrete question to Madam Simone, so…

Saskia Bricmont (Greens): Thank you very much. And thank you so much for being here with us today and also to the entire family and for just moaning about the effects and daily effects actually of the spying upon us on your cell phone in this situation. And I think it’s very important for us to understand, to hear how people get affected and what are the effects on the on the long run. You mentioned the constant threats and fear that you’re facing, also the lack of security measures that have been taking. We ask about the reaction of national authorities. I think this is something we should also bear in mind. You showed us the concrete effects, which is a chilling effect. Both of you, Madame Simonnot and Human Kanimba. You showed that there is a real chilling effect knowing only knowing you’ve been targeted, but even only knowing that you could be targeted and that it could lead to an arrest. Is something that that is just inacceptable. I think Ms. Simonnot said that the president this was weaker for her than in your situation. But our work is to avoid any prejudice, to avoid and to put a framework in place to really address the issues that you’ve been mentioning. You also added to your intervention the gender perspective, the gender dimension, because of the daily use that can be made of such spyware against your wife and your entourage. This is something also that we heard during a previous hearing with the on Israel from fundamental and digital rights experts. And this is also something that our committee has to address. You showed that there are direct victims, but also indirect victims. And so I think if we think about access to remedy and reparation, we should also enlarge it to the indirect victims, which is the family, for instance. I think this is also something that we need to take into account. Yes. You addressed one recommendation that could be linked to the conditionality and access to EU financing. This is something that we should also look into. Madam Van de Heyning, you added also a dimension that we didn’t address so far because we have been talking about government’s responsibility of EU and third country governments of companies this morning and their due diligence obligations. But you also added a way broader dimension, including all citizens, and the fact that this kind of tools can be accessible to anybody and misused. I’m sorry to say that you’re right. Since the first revelations, nothing has been done. Nothing has been done. And that’s why a couple of months after the revelations last July, we launched this enquiry committee because we need to address this seriously. And when we receive answers from the commission, repeating the answers from the national governments that this is about national security, this is just not the answer we want to hear you addressed a series of recommendations, which I all agree with, but I would also like to hear you on what we’ve been mentioning already, and that has been mentioned this morning about a moratorium on the use cell transfer of those technologies, at least as long as there is no clear, strong framework on fundamental rights protection.

Jeroen Lenaers (Chair): Could you also please conclude?

Saskia Bricmont (Greens): Yes, I speed up. I would like also to ask you, beyond the moratorium, would you support a ban of those technologies? Would that be helpful? And also about the due diligence directive on the responsibility of companies. You mentioned the ePrivacy. I’m wondering if e-privacy would apply in case of national security.

Jeroen Lenaers (Chair): I’m sorry, but.

Saskia Bricmont (Greens): Its insights on this.

Jeroen Lenaers (Chair): Almost four and a half minutes now.

Saskia Bricmont (Greens): Thank you.

Jeroen Lenaers (Chair): Thank you. Professor.

Catherine Van de Heyning: Thank you very much. First on the moratorium, I can’t repeat exactly what a special rapporteur has mentioned, and I think he has spoken here as well in European Parliament on this element of the UN. And that was what I agreed with. It comes down to the fact that am I in favour of a ban of surveillance technology? I’m not. I’m not, I’m not. I believe it is necessary and useful tool to use for intelligence services, including also for law enforcement. If we I mean, it is the way we work as well in a way as well, how criminals work, think of terrorists, etc.. And I think it’s important you will probably some of you will also follow the news of Belgium, maybe as seeing what’s happening in the Netherlands and in Antwerp on drug criminality. I do have my perspectives on that. But the point is they are highly I mean, they also have this spyware. This is being used by criminals as well. So, I’m not in favour. That is something else that what the special rapporteur has mentioned, which is that there’s a that there should be certain conditions and criteria fulfilled for exports, imports use. And I believe we need to work on those conditions. And he mentioned and well, I repeated that as well, that one of the most important ones is oversight and transparency. And so I that is that is much more what we should be looking at. And I believe or I’m not sure whether your committee has been doing that as well, is looking at the several national regulations on intelligence services and use of surveillance as well, and look at oversight and how you can improve that. So I believe we really need to be focused on that element. And one of the important elements I think has changed is, which I mentioned before, is selection in certain of the reports. It was mentioned that since Director X or Director Y came to to be the chief of an intelligence service, the number of people targeted with surveillance spyware has rocketed. Why? I mean, because it’s more easy and that’s the problem. So I think we also need to work on how our targets selected within intelligence services. To what extent is there oversight, etc.. So I believe all these conditions, notification, access are essential. And in that respect, I do follow that recommendation that this is this is what like the export of weapons, even though I also know that we are or export of weapons is not ideal, are far from ideal, but it should be addressed as a dangerous, exceptional use of a certain power by intelligence services. And so I believe that a full moratorium or ban is not the answer, but conditionality is. So I think we need to be working on that one. I must admit, I have completely forgotten your it was something which I was ePrivacy and then I’m sorry, but your second question was if it’s compatible with national security. And so yes, yes, member states. So indeed. So that’s one of the elements. I mean, national security, to a certain extent is, of course, outside of scope of EU law. However, certain elements are not. And I this first is the regulation of internal markets. So that is one of the elements. And secondly, I mean, the example is, of course, the data retention discussion that has been with European Court of Justice, where the European Court of Justice has made a certain access, has talked about the intelligence, and mentioned that to the extent that it targets, that it targets in a general way all the citizens, that it can put down certain rules in the light of the charter, because of course, it falls outside of the ambit of the EU. But insofar it targets e-privacy and it falls within the discretion of the Charter, within the scope of the Charter, that the European Court of Justice has a competence to scrutinize the use of certain or the retention of those data. So, I think the data retention judgements in in particular the privacy international case is really the example where already it is been set. Well, certain quite. Go on, surveillance can be put down. So, I think that’s a framework. And that included are the targets, in particular those metadata. So I believe there’s already the framework set by European Court of Justice for this committee to use.

Jeroen Lenaers (Chair): Thank you very much, Professor. There were no concrete questions for the other panellists, but will also at the end of the meeting to reflect on any comments that were made. I move the floor to Mr. Lebreton.

Gilles Lebreton (Identity and Democracy):Thank you, Chair. I’d like to start by thanking the two victims of espionage who have spoken. And I was very interested to hear what both of you had to say, particularly Madam Kanimba. She reminded me of that resolution that we voted on a few months ago now. I have a question for Madam Van de Heyning. She suggested a certain number of areas that we could look at to provide better protection for victims of the spyware, particularly also victims of illegal spying as well. One of the proposals that drew my attention was obligatory notification at the end of the illegal espionage period. Particularly if the spying has shown that this person was innocent of what they’d been suspected of. I think that’s the least we can do, of course. But in other cases, I think it would be a rather more complex situation, particularly in cases whereby at the end of the legal espionage period, there are still doubts about the innocence or otherwise of the person. And so perhaps more time is needed to reflect about the situation and decide whether or not it will be the surveillance will be renewed at that time. I don’t think you should proceed to notification. Did you think about those kind of situations?

Catherine Van de Heyning: Thank you for your question. And I mean, I agree on that. So, I think the what. So, on the one hand, I do believe notification can be can play a role. On the other hand, secrecy also plays a role is important as long as investigations are ongoing. What I’m not pleading for, to be clear, I’m not leading that at the moment. That’s, for example, the use of that technology stops that there should be a notification. I think there should be a moment of notification at the moment that a file is basically closed. However, what is a problem that in certain states cases are never closed? Or if that is the rule, cases will never be closed. So, there should be certain criteria put forward and I believe that warrants more research and more examination and more discussion also with intelligence services at what point on what criteria there should be in place where notification is needed. So that and once again, it’s also a rule of law issue that in certain countries, indeed, files are closed when there’s no longer any research for so and so periods. But in some countries, that’s not the case. So, I believe that weren’t. So, I’m also telling to you now I don’t have I don’t have an answer to your question what those criteria should be. I don’t think I should give the answer, because that is something that should come not only for research, but also for discussion with intelligence services, how you could bring about this kind of, you know, perspective. But I do believe in the importance of notification, as I mentioned as well, archives and transparency after a certain time for historical research and democratic oversights. So I do believe that that connection is of those two elements, it’s necessary. But there’s no I mean, I don’t have a golden bullets at taking into account, of course, that, you know, secrecy is important at several times during investigations. Thank you.

Jeroen Lenaers (Chair): Thank you. Mr. Georgiu.

Giorgos Georgiou:Thank you. I will be brief. But I’m not naive. And I’m therefore sure that through the action of our committee, we’ve made some people unhappy. The European Union and many Member States and a lot of companies who manufacture this software, and I’ve actually become pretty unhappy myself because listening to all this and hearing about Pegasus and other types of software, it’s almost as if I’ve lost a piece of my own freedom. I cannot talk to my political friends, my wife and my children and my neighbours because I might be under surveillance. Somebody said that Rwanda is an authoritarian state because it is monitoring Mrs. Kanimba, and I would like to express my sympathy with her. But what about Cyprus, Greece, Hungary, Poland, Spain, Germany, France, all these countries? Are they less authoritarian because they’re actually manufacturing this software where selling it to these countries? And the professor said that NGOs and journalists are investigating these this bugging and these phone interception states aren’t doing anything about it. And give you a suggests the case of Greece. A public prosecutor has adopted a 15 decisions to monitor people in one year for reasons of national security. The access to the file of Mrs. Koukakis. The journalist was refused because he was unable to find out why he was being monitored. And in Cyprus we have cases here as well. A lot of companies in Cyprus manufacture their software, they export it to Greece. And the prosecutor as saying said that we need to investigate this. So let’s say to the professor, bearing that in mind, the institutional framework within which we all work and the fact that the US, the countries refuse to investigate these cases, the do you think that we’re ever going to make progress on this? Do you have any other solution apart from EU, the EU and the Member States taking action?

Jeroen Lenaers (Chair): Thank you. Professor.

Catherine Van de Heyning: I’m afraid not. I mean, it all comes down in the end to a rule of law. She’d gone. If, if, if, if. There are no. If there’s no oversight, if there’s no remedies, if there’s if you can’t go to court, if. Yeah. In the end, it’s. That’s how that’s how our system has been developed. That’s how it should work. So. I don’t I don’t really have an answer, that’s short.

Jeroen Lenaers (Chair): Also to take away the. I also want to take away the impression that you are invited here to give us a two pager with which we solve all issues that we have. This is, in the end, the job of politicians at the national and the European level to come up with the solutions and your contributions. They are very helpful in helping us in that sense. So thank you. Thank you very much. And pass the floor to Mr. Puigdemont.

Carles Puigdemont i Casamajó (Non-attached): Thank you, Chair, and thank you to all of our speakers today for the experiences that they’ve shared with us. I think there are a number of comments that I’d like to make and then pose some questions based on those. First of all, we’re being threatened by uncontrolled technology, and that seems to be quite clear. That is alarm. Across Europe. We know that technology can be a useful tool to fight organized crime. But today we’re here because we’re seeing that democracy is being threatened, that we’re under surveillance and that that could change our lives. So. Question two Madam Kanimba. Madam Simonnot. When you say you’ve lost all feeling of security since it’s been discovered that there was spyware software on your phones up until today. Have you felt safer? Thanks to anything that states have done through legal proceedings, or have states done anything to make you feel that there is a real possibility? To be have more security than before. Well, do you feel that even if there is scrutiny of the use of this software, then this isn’t going to do anything to take away the feeling of liberty. To overcome the feeling of liberty that you’ve lost. There’s one particular aspect that’s concerning to us. It’s the uncontrolled use, the incorrect use of this software. And I don’t know if we were to pass legislation and decide on rules, we’d be able to overcome this. Incorrect use of the software. Experts have flagged up this type of threat for a number of years now. So a question to Madame Van de Heyning. Our citizens are frightened. They’ve had to change the way they live. They’re not going to meet their family or their colleagues because they’re frightened of being under surveillance. Is there a way to ensure protection for these citizens without having some kind of independent authority that wouldn’t be dependent on member states or the commission or the Court of Justice? It’s the states who are behind this improper use of the spyware. And then third. And finally. I can’t forget what Madam Kanimba said about she loses this feeling of security, and particularly in light of the tragedy that she’s experienced with her father. But her words, I think, are valid for everyone who’s been victim of this. What can we do to restore trust in the system after this huge loss of credibility? Thank you.

Jeroen Lenaers (Chair): Thank you. We’ll start with Madame Simonnot.

Dominique Simonnot: [statement in French again]

Jeroen Lenaers (Chair): Thank you, Ms. Kanimba.

Carine Kanimba: Thank you for the question. The only concrete measures that have been taken so far have been to invite me to speak here and also to address the American Congress. But otherwise, so far, nothing practical has been done. I’ve made a complaint here in Belgium, but still nothing really has come of it. The only thing I think that would make me feel a bit safer would be if there were to be proper consequences for these countries who are using technology to harm innocent people here in Europe. And if that means ceasing financial aid to Rwanda, I think that would be one step closer towards restoring a feeling of safety for me. I’m happy, however, that we’re at least having the conversation. And I hope that through this type of conversation, we can find solutions for victims like myself.

Catherine Van de Heyning: Thank you for the question Mr Puigdemont. I am. This may be one element, and I believe it has been addressed this morning already. I mean, there’s one element, of course, which we have not discussed. And one of the solutions also needs to come from industry. There’s a way they get in and Pegasus does not work on so much as social engineering on which a lot of those technologies work. They will work much more in zero days and vulnerabilities in technology and the phones to get in. So obviously, I mean, one of the one of the remedies that will come out needs to be also be technology to improve security, to have better, to have faster and better remedying when there are patches, when they do know there are vulnerabilities and sharing. And I think this shows as well how important it is reporting on when there are certain vulnerabilities in technology to share that as well with all manufacturers in old tech. So, I do believe that that’s also one of the solutions for the future as to oversight and authorities. It has been mentioned before that there is also some space of the… there are there some limitations in the competences of the EU concerning intelligence? There are some parts, I do believe, that can be regulated because does fall within the competences, even exclusively within the competences of the EU and some that will follow. So for that reason, as I mentioned, for the solution will have to be both you and both national. How would how would normally or how it should ideally work is that you do have at your national level, you should have independent oversight. That’s an EU obligation when concerning surveillance and collection of data. So in principle, that should be in place in a national system systems most of the time, in almost all of our member states, you will have a committee of the Golden Eye Committee or whatever that it’s mentioned, Intelligence Committee, where in secrecy with confidentiality still there can be oversight on what is being done. In addition, of course, we have the all the national and European authorities concerning the protection of personal data and follow up of DPR and all the other regulation that is already there because it concerns, of course, personal data. So I do believe that if we looking for independent oversight, they can also have a role to play. I’m not so much in fear, even always creating new authorities. I do think our IDPs might not all have been set up in a way that they can that they are tasked with this kind of I mean, very secret and high-level technical support. But they should be I do think they have a role to play. In some countries, they do play a role. Some countries I have not seen them really being very active. So I think there is also an element to look at rather than setting up a new authority, because I do believe that that the structure and the framework we have set up with the protection of personal data within the EU should also be a framework dealing with, I mean, with all new emerging technologies and the control of that and the support of that. And of course, as a last element, which is which is when I mean, criminal prosecution is in place, which depends case by case and independency and oversight, as I mentioned, a last element I want to mention as well is standardization of surveillance we are using today. We have some kind of it’s there are a lot of this kind of well markets, I would say, where all of the manufacturers show their new surveillance technologies. It is bold by our intelligence services, sometimes also by law enforcement, etc., but there’s little to no standardization, meaning that it’s many also by technology that either is not transparent to the outside world. What it can do, that what is advertised is only a very limited part of what it can do. And that’s what there is brochures and mentions, only a tiny bit of what it can do, but also that I do believe that some that are buying it don’t know what it can do and that. Future scandals might actually be our intelligence services being spied on by their own spyware. So I do believe that some standardization as well in the industry might be relevant as well, both for rule of law and democracy, because at least we know what is what is being used and that is important and what can be done, because then it can be regulated because maybe there are some uses we don’t even think about at this moment, but also for our national security, I believe it’s important to have standardization. Thank you.

Jeroen Lenaers (Chair): Thank you. Vlado Giertych.

Vladimír Bilčík (European People’s Party) Thank you very much. Just very briefly, because much has been already said, but I just also want to join everyone just by appreciating the fact that to be able to hear these testimonies of the victims. And I think this is extremely important. I also want to say, because there has been a lot of discussion here about different kinds of solutions. And I actually just want to concur with Ms. Van de Heyning that there has to be a national and European solution to this, and they are not going against each other. And I think it’s important to underline that we have this committee and we have these hearings and we have this specific hearing because in a number of member states, this wouldn’t be possible. I mean, this is this is this is the bare fact, and this is why we are doing it here. But at the same time, indeed, when we come to a possible solution, there is a European side to it and there is an EU side to it and there is an EU case for it, definitely. But there must be also national measures. Now, my question is just picking up on the initial statistics, which you mentioned, Ms.. Van de Heyning, that there might be 1.5 million victims, you know, based on what we download. Now, this is something which I’d like to explore a bit further, because we look at high profile cases and they are extremely important and they are the cases when you have the states attacking individuals, high profile individuals, but then you have these sort of individual to individual cases. And the question is, what can we do with this? You know, I want to look at remedies. I want to look at prevention. And, you know, out of this 1.5 million people, when they have realized this and there have been perhaps court cases, are there any suggestions how to how to look at this? I mean, are these not unfair market practices? Shouldn’t these companies be disallowed from entering the market to sell this product? Isn’t this a case of clear breach of the basic rules of fair competition? What might be other ways in terms of tackling the causes of what we are discussing so we don’t have to just discuss the remedies and the problems of the victims. And I, again, appreciate Ms. Kanimba and what she has said today, and fingers crossed that indeed your case, but also other cases are solved and they serve as big examples and important examples why we have to tackle this systematically. Thank you.

Jeroen Lenaers (Chair): Professor, you have one minute to answer this question. And also, if there’s any final comments you would like to make, please do it now and then after that, I’ll also give the floor to Madam Simonnot and Ms.. Kanimba to make some final remarks.

Catherine Van de Heyning: Thank you to come back on that part as well. I in all honesty, and there is simply a problem with this with this products, because I don’t see any need for it, because these are products where the other person that is being surveilled does not give consent or is not aware and cannot be detected. There is surveillance technology that is useful for us, for example, with your children. And you agree because then if there is an issue that I could go to, but why shouldn’t your child be aware of that? And that, of course, makes all that spyware. So I do believe that simply a good reason to then that kind of technology for commercial use, if there is no consent possible of the other one or tracing of the other person available. And it’s simply not regulated in the EU or in any member states and it’s freely available because it works on the the element of we said to our customers there basically should be consent, but the technology has does that. The other one, you can install it without consent. So I think that is something to look into.

Jeroen Lenaers (Chair): Thank you and for final remarks. Madam Simonnot.

Dominique Simonnot: [statement in French again]

Jeroen Lenaers (Chair): Thank you. And then I have for you the opportunity to close our meeting.

Carine Kanimba: Thank you. Thank you, Madam Simonnot. Thank you, Mr. Chairman. And thank you to all the members of the committee for inviting me to speak today. Today I have spoken about me and my family, but I also wanted to say that I’m speaking out because I don’t want this to happen to anyone else, and I don’t want anyone else to feel the way that I feel in the way that my family feels. This is all new. We are learning how to understand this technology, how to respond to it. But it is clear that steps have to be taken to stop states like Rwanda using this technology to target our citizens on our soil. And I’m really grateful for the opportunity to share my story and my father’s story and my whole family in particular. My father is also grateful for all the efforts you have already done to push for his release and the further resolutions you have passed. And I hope that we will continue and we will continue to have your support to continue to advocate for his release and to pressure the Rwandan dictator to let him go. Thank you.

Jeroen Lenaers (Chair): Thank you to all our guests for their contribution. I think it was a very, very impressive meeting this afternoon just to inform the members that.

No Tracking. No Paywall. No Bullshit.

Unterstütze auch Du unseren gemeinwohlorientierten, werbe- und trackingfreien Journalismus.

Die Arbeit von netzpolitik.org finanziert sich zu fast 100% aus den Spenden unserer Leser:innen. Werde Teil dieser einzigartigen Community und unterstütze jetzt unsere Arbeit mit einer Spende.

Jetzt spenden

0 Ergänzungen

Wir freuen uns auf Deine Anmerkungen, Fragen, Korrekturen und inhaltlichen Ergänzungen zum Artikel. Bitte keine reinen Meinungsbeiträge! Unsere Regeln zur Veröffentlichung von Ergänzungen findest Du unter netzpolitik.org/kommentare. Deine E-Mail-Adresse wird nicht veröffentlicht.