PEGA-UntersuchungsausschussStaatstrojaner haben schreckliche Folgen für Betroffene

Die Überwachung mit Staatstrojanern wie Pegasus stellt weltweit das Leben von Menschenrechts-Aktivist:innen auf den Kopf. Betroffene aus Palästina und Westsahara schildern dem EU-Parlament eindrücklich die schrecklichen und schädlichen Folgen. Wir veröffentlichen ein inoffizielles Wortprotokoll.

Rechtsanwalt Salah Hammouri
Rechtsanwalt Salah Hammouri spricht vor dem Ausschuss. – Alle Rechte vorbehalten Europäisches Parlament

Der PEGA-Untersuchungsausschuss im Europaparlament wollte am 9. Februar eigentlich die geopolitische Dimension von Staatstrojanern erörtern. Doch das erste Panel musste vertagt werden, weil es mal wieder zu technischen Problemen mit den Übersetzenden kam.

Bevor die Anhörung unterbrochen werden musste, kam die Menschenrechtsaktivistin Aminatou Haidar aus der Westsahara zu Wort. Haidar schilderte eindrücklich, wie die mutmaßliche Überwachung marokkanischer Behörden ihr Leben auf den Kopf gestellt hat. Sie hatte schon ihr ganzes Leben das Gefühl, überwacht zu werden, weil sie sich für die Rechte der maurischen Ethnie der Sahrauis eingesetzt hat. Aber seitdem sie weiß, dass sie auch mit Pegasus angegriffen wurde, hat sich ihr Leben völlig verändert:

[Das Hacken meiner zwei Handys mit dem Staatstrojaner Pegasus] hat sich auf alle meine Aktivitäten im täglichen Leben ausgewirkt. Jetzt weiß ich, dass die Folgen für meine Familie und meine engen Freunde äußerst schrecklich sind. Sie mussten alle ihre Kontakte mit mir einschränken aus Angst, dass auch ihre Geräte von Pegasus erfasst werden. Ich fühle mich nicht mehr sicher, wenn ich mit meiner Familie über irgendetwas spreche, das mein Privatleben betrifft, oder wenn ich zu genau weiß, was in ihrem Leben geschieht.

Im zweiten Teil der Anhörung sprach unter anderem der Rechtsanwalt Salah Hammouri. Er vertritt palästinensische politische Gefangene für die Menschenrechtsorganisation Addameer. Hammouri berichtete den Abgeordneten von der Situation für Menschenrechtsaktivist:innen in Palästina – und wie er und seine Kolleg:innen mit Pegasus angegriffen wurden. Auch Hammouri sprach von „aggressiven und schädlichen“ Folgen der Pegasus-Angriffe für ihn als Privatperson und seine Familie, aber auch in seiner Position als Anwalt. Schließlich müsse er davon ausgehen, dass die Überwachung seines Handys auch unmittelbar seine Mandant:innen gefährdet habe. Er forderte dringend klare Regeln, um Menschenrechtsaktivist:innen, Journalist:innen und politische Aktivist:innen auf der ganzen Welt zu schützen.

Peggy Hicks vom Büro des Hohen Kommissars der Vereinten Nationen für Menschenrechte (UNHCHR) in Genf, begrüßte die Arbeit des Ausschusses und signalisierte ihre Unterstützung für die vorläufigen Empfehlungen. Für UNHCHR geht es beim Einsatz von Überwachungstechnologie letztlich um Macht, also: wer besitzt die entsprechenden Tools und wer eben nicht. Gleichzeitig sollten die Erkenntnisse des Ausschusses nicht überraschen, so Hicks. UN-Menschenrechtler:innen warnen bereits seit Jahren vor „extralegalen Überwachungsinstrumenten“. Hicks wiederholte dann auch eine der inzwischen häufig gehörten Forderungen: Es benötige ein sofortiges Moratorium für den „Handel und Transfer von Überwachungstechnologie“, bis es eine hinreichende Regulierung gebe.

Von der Anhörung gibt es ein Video, aber kein offizielles Transkript. Daher veröffentlichen wir ein inoffizielles Transkript.


  • Date: 2023-02-09
  • Institution: European Parliament
  • Committee: PEGA
  • Chair: Jeroen Lenaers
  • Experts:
  • Panel 1: Aminatou Haidar (Sahrawi human rights activist), Madjid Zerrouky (Journalist at Le Monde), Rosa Moussaoui (Journalist at l’Humanité)
    Panel 2: Salah Hammouri (Lawyer and human rights defender), Peggy Hicks (Director, Office of the United Nations High Commissioner for Human Rights)

  • Links: Hearing, Video
  • Note: This transcript is automated, unofficial, and shortened for clarity. It will contain errors.
  • Editor: Tim Wurster

Geopolitics and spyware: experts and targeted people


Panel 1

Jeroen Lenaers (Chair): Dear colleagues. Good afternoon, everybody. It’s a couple of minutes after three, so I propose we start our meeting by welcoming all the full and substitute members of our PEGA committee and to inform you that we have interpretation today in German, English, French, Italian, Greek, Spanish, Hungarian, Polish, Slovakian, Slovenian, Bulgarian and Romanian. If there are no comments on the agenda, I consider it approved and we will move immediately into point two of our agenda, which is the hearing on the geopolitics of spyware.

Now, following up on the hearing organised by PEGA in December on spyware used in third countries and implications for EU foreign relations. Today’s hearing is focusing on geopolitics of spyware and will have to panels to participate in the first panel focused on the use of spyware, specifically in relation to Morocco. We will have the following speakers who are all remotely connected. We’ll have Ms. Aminatou Haidar, who is a human rights activist and advocate for the independence of Western Sahara, who has received, among others, the alternative Nobel Prize and was targeted by Pegasus. We’ll have Mr. Madjid Zerrouky who is a journalist at Le Monde covering the Maghreb region and who has worked intensively in the investigations of forbidden stories. And we’ll have Ms. Rosa Moussaoui, who is a journalist at l’Humanité and who writes regularly about Morocco and was also targeted by Pegasus in relation to her coverage.

I will give each of the speakers the floor for about 10 minutes, after which we will open the floor for questions and answers kind of request to the members in the room. If you want to participate in a Q&A, please indicate so before the end of the final speaker so we can immediately have a good look on the speakers list. Without further ado, I would immediately pass the floor to Ms. Aminatou Haidar for 10 minutes.

Aminatou Haidar (Sahrawi human rights activist) : Good morning, everyone. Ladies and gentlemen. I’d like to begin by really thanking the Secretariat of this Investigative Committee on spying on Pegasus spyware, and specifically the political groups that suggested I might be one of the speakers during this very important public hearing. I hope that the hearing will contribute to contribute to the positive work of the Investigative Committee on the use of Pegasus by word spyware and any type of similar activity within the European Parliament. I would like to underscore the importance of shedding light on this criminal activity as carried out by some undemocratic countries like Morocco.

I’d like to begin by explaining, introducing myself. My name is Aminatou Haidar. I am a human rights activist in Occidental, and I have been committed ever since a very young age for peaceful combat, for the independence of my country to Occidental. And that is how at 20 years of age I was assigned to a forced disappearance, torture, and arbitrary detention. I was also a. Fired from my job in 2005 and. Thrown out of my country in November to own 2009 as well as. This was against my will without my passport and on an aircraft that was on its way to Lanzarote in the Canary Islands. My children have also been targeted by this repressive Moroccan policy.

Now, as a recognition of what is the rightful cause of my people, the Sahrawi people, and to encourage my activity in this peaceful combat in favour of legitimate rights. Several NGOs and international NGOs, as well as state organisations have given me prizes, human rights prizes, for example, the Juan Maria Banderas that has been given out by Singer in 2006 in Madrid, the Silver Rose Prize that was handed out by Soledar and also this was celebrated in the European Parliament in 2006 and 2010. I also was nominated for the Sakharov Prize as well as the Nobel Prize in 2008.

Now turning to the conference, the subject of our conference this afternoon, I would like to really assure you that. I was a since 1991 in June and since my liberation under constant phone tapping and surveillance by the intelligence and secret services in Morocco. And this was used by Morocco to limit my freedoms. There were serious violations of my rights following the Pegasus attack. I recall very well that, and I remember very well that I received a message from Apple that tipped me off to this surveillance. And then I was contacted by Right Livelihood Foundation, and I sent the Apple message to them. The RLA foundation, contacted Amnesty International and asked for their advice. Amnesty then requested that we contact directly the technical laboratory of the Digital Security Office of Amnesty International. Indeed, I personally contacted the in the second week of January 2020 to this office, and then we immediately began the procedure to analyse my telephones. An iPhone six and iPhone eight.

And just a few days later, I was contacted by the head of the Laboratory of the Digital Security Office of Amnesty International. That informed me that the two devices, the two telephones had been infected and that there were traces of the Pegasus spyware, spyware that were detected on both telephones and that it was relatively recent from November 2021. That means that just a few months after the scandal erupted and that the protests were carried out on a national international level, that and after this information had been published by Amnesty International.

So, I publicly accused Morocco and specifically their intelligence services, DGED and DGST. They have continued to carry out surveillance on me. Within the context of Amnesty International’s work on the subject. Amnesty International was also contacted by the Moroccan authorities, as well as the Israeli company, NSO.

Now we know in Morocco that they were continued to not give the correct answer to the actions that they carried out against me and Amnesty International. Nonetheless, the Pegasus spyware. Case has gone beyond any limits that we have seen to date.

And now I’ve seen that despite myself, all my habits have changed. And that has a huge consequence on my work as a human rights defender. It has also affected all of my activities in my daily life. Currently, I know that the consequences are extremely awful for my family as well as for my close friends, and they have had to limit all of their contacts with me and avoid it being under surveillance via their telephones and for fear that their devices are also covered by Pegasus.

Personally, I’ve always had the impression that I’ve been under surveillance for the entire my entire life and every single day. Now we know that my activities and my way of kind of communicating have completely changed. I no longer feel that I’m in safe to speak about anything related to my personal life with my family or to know precisely what is happening in their lives.

So, I know that this scandal could put me and my life in danger. We’ve also taken additional measures to make sure that we are protected. Whenever I share any information. I am very careful to not use my telephones. In fact, even if it says that it is a safe connection, I am extremely careful to disseminate any information because we knew that we were the subject of a spy of spy activities, even prior to understanding that the spyware was installed in the phone.

Now, when I would contact my colleagues, my Sahrawi colleagues, I have taken great care to make sure that this is the case significantly. Now, the measures that I’ve taken, it’s extremely difficult to explain precisely, but I know that the two phones that were infected by Pegasus spyware, I know that this would that I that I have to always make sure that I do not use those, but disconnect from Wi-Fi at any time and to make sure that the phones that I do use are always extremely far away from me, are in another room of my house.

Ladies and gentlemen, I have been a victim of digital spyware with the use of the Pegasus spyware. And therefore, I would like to communicate to you as follows First and foremost, we must speak out publicly against these digital spy activities and the very serious human rights violations against human rights activists, as well as innocent civilians, civilians. This is extremely urgent. The European Parliament, the United Nations, as well as any international organisation, must take deterrent measures that are serious and urgent to be able to hold those responsible to account.

It is also urgent to open an investigation to determine exactly who used the spyware and if it was a danger for our lives and those people that are around us and for our families and our children, for example, as well as for those activists and the Sahrawi community.

Now, we also need to make sure that we slap sanctions on any of the corporations that underpinned the development of the spyware.

Finally, it is impossible to understand how a country like Morocco that is recognised by the UN and other international organisations as a country, how it could carry out these huge violations of human rights and the occupied Western Sahara? And how is it possible that they have this spyware, including Pegasus and other types of software with similar functions of functions? And we need to make sure that sanctions therefore are put in place against these actions. Thank you very much for your attention.

Jeroen Lenaers (Chair): Thank you very much, Ms. Haidar, for, I think, a very, very impressive contribution. It’s, of course, not the first time we speak to a victim of spyware in this in this committee. But every and each individual story always has an impressive impact. And therefore, I really want to thank you for also sharing your personal story here today. I’m sure there will be many questions for you later. But first here from our other two panellists, and we start by giving the floor to Mr. Zerrouky. You have the floor also for 10 minutes.

Madjid Zerrouky (Journalist at Le Monde) : Good afternoon. Good afternoon to everybody. I hope you can hear me properly. Thank you for this invitation. I think. The person who spoke before me has indicated very clearly what this type of spyware Pegasus spyware has as personal consequences and social life, political, public personal life of the victim. So, I think what we’ve just heard is very important. I wanted to. Come at this from my experience, as if you like, as a third party and thankfully not as a victim.

Based on my journalism work, I know the consumption on forbidden stories with 17 international countries coming together on Pegasus was one group that I worked with. It was Pegasus, but it could have been something else. We focussed on Pegasus when because we had access to the data on this software, well, it was leaked to us.

First of all, let me just share our initial feelings when we were faced by this information about Pegasus. First of all, we were just really overwhelmed. Many of our colleagues were just blown over to have this industrial level of spyware. We were expecting everything but that we had access. To this software. From the information we got, there were 50,000 phones around the world being spied on over a period of two years. And it was this was only partial data that we got. So, we were only seeing the tip of the iceberg.

So, this was massive espionage of personal telephones by authoritarian states. Of course, we can talk about other states after. Earlier, we spoke about Morocco, but you could talk about Rwanda, India and many other countries. So that massive spying against human rights defenders, but political opponents, journalists, civil society within their countries in Morocco, for example, to refer to the example that was just shared with us, they were spying on people at home, but also abroad because people were targeted in France and Spain. Rwanda, for example, spied on people in the UK. If I recall. And there were states that were even spying. On people who are actually loyal to them. In the case of Morocco, there were members of parliament, politicians of the employers’ associations. When you’re talking about 50,000 people? Well, it’s not much when you compare it to the whole of humanity. But when you talk of many thousands of people who are part of the political, economic and social elites or civil society personalities…. [continues in French]

Jeroen Lenaers (Chair): Sorry, Mr. Zerrouky. I’m not sure if there’s a problem with the English interpretation or it’s just my…

Interpreter : There’s a problem with the sound of the speaker.

Jeroen Lenaers (Chair): There’s a problem with the sound of the speaker. Is it impossible to to interpret? Just one second. Okay. There’s a problem with the sound. So apparently, it’s not good enough to interpret into English or into any other language. It’s a recurring issue. I’m getting quite fed up with this, to be honest. I’m not sure if there is a possibility to finish your contribution in English or if not, we will do our best in in French. And of course, the questions are going to be asked from the colleagues can be interpreted in all the languages. So that’s not a problem. But for your presentation and for the answers, there is there is a problem. So, I’m not sure if you have an availability to do it in English. If not, we will.

Madjid Zerrouky (Journalist at Le Monde) : I would prefer in French, honestly.

Jeroen Lenaers (Chair): I understand. I’m looking. Looking at the room. I get some thumbs up for the French. On va essayer en français. Et doucement, s’il vous plait.

Madjid Zerrouky (Journalist at Le Monde) : [My translation, editors note] Uh, no. I was saying that this software had also, unfortunately in some cases, been used for the commission of very serious crimes or misdemeanours that have targeted opponents, including in the Khashoggi case where his entourage had been monitored by Pegasus before the fate that was meted out to him. Before the sad fate that was rendered to him, that is, his disappearance in the Saudi embassy in Istanbul. There is also a citizen of the United Arab Emirates who was intercepted while trying to escape from her country on the basis of eavesdropping by Pegasus.

So, the other question that arises with the circulation of this type of surveillance software is that of the export and sale of intrusive technologies that are carried out without any effective control in terms of international rules and laws. Because when we talk about Pegasus or others, it is a weapon. In fact, it is a weapon of war, it is a digital weapon. Except that it is not at all subject to international laws which, despite all their limitations, are supposed to regulate the arms trade. So, it is something that circulates in a way. What’s more, we’re talking about private companies, in particular, we’re talking about networks of private companies that sell this type of software to state actors, whoever they may be, without any control.

So, it falls into the hands of states that we’re going to call not very recommendable second, that is to say authoritarian states of dictatorship. Let’s call it what we want, but there is also a European component, including in European states that are supposed to be states of law or democratic states, since from memory, it seems to me that there are four countries in the Union that are suspected of having illegally used Pegasus-type software against political figures in particular. I am thinking of Hungary, Poland, Spain and recently Greece with a software called Predator. This means that even European states or states that are supposed to be states governed by the rule of law are not protected against the abuses of this type of software, which gives a very simple capacity, which is very easy to use, and which makes it possible to spy very easily and perhaps also to act on security, police or even political institutions, much simpler acts than before, tapping someone’s phone which implied a judicial authorization or an infrastructure which meant that you couldn’t do that very easily and there were safeguards and I just wanted to finish.

I think that the real question that arises, whether at the international level, at the European level or in each of our countries, is the urgent need to establish safeguards to regulate and control the use of this type of software. I know that there is a debate about a moratorium on the use of this type of tool. Well, I’m not going to be, I was going to say I don’t want to be naive, so I’m not sure that it can happen. But that’s fine in principle. But in any case, I think that there is a real need for controls and control by independent, judicial authorities, especially because this type of software is used in almost all European countries. Who can we understand?

Yes, it can help to fight against organized crime, terrorism, etc. But we see that there are abuses, including in our countries and elsewhere. But on the other hand, we see that there are abuses, including in our countries and elsewhere. I’m not talking about that because the example of Morocco and authoritarian countries was cited. But in any case, this new era of spyware has arrived in a world where everyone is equipped with a phone, a smartphone, a laptop. We all have that part of our life in fact, in a social and personal life that often in the hands of phone, make that we enter a possible era of extremely dangerous surveillance at the level of our societies and that there is a certain democratization of the surveillance, I was going to say not. Then there is this software that allows any state, sometimes a small state, or any security or police institution to put a large number of people under surveillance without necessarily having any control. That’s what I wanted to tell you to open the debate. Thank you.

Jeroen Lenaers (Chair): Thank you, Mr. Zerrouky, and apologies for the fact that we couldn’t have interpretation for your message in other languages. I hope everybody understood that. It baffles me how everybody in this room is perfectly able to understand in French what you were saying, but somehow, it’s impossible to interpret it into other languages. And I will write another letter of complaint about the situation because it really is starting to be more ridiculous than it should be.

So, I really apologise to you, and I would really call for some sort of effort and cooperation here. We move on and I pass the floor to Ms. Rosa Moussaoui for 10 minutes as well, please.

Rosa Moussaoui (Journalist at l’Humanité) : Good afternoon. I hope you can hear me…

Interpreter : I think it’s the same problem.

Jeroen Lenaers (Chair): Excuse me, miss, could you give us one moment? Because apparently there are, again, technical issues. Could somebody please indicate what the problem is, at least, from the interpreter’s booth?

Interpreter: There’s background noise that makes it impossible to interpret.

Jeroen Lenaers (Chair): Okay. One. One second. They will try to sort this out. Okay. We’re going to try again and see how we get on.

If there is no interpretation for our guest speakers who are participating remotely, I don’t think there’s any other possibility than to just at some point end the meeting and try to organise it for some other time because we have language rights for our members. It is a responsibility for all of us, including the interpreters, to make sure that those language rights are upheld. And if we can only listen to the discussion in French, this is not the way we were going to organise our meeting.

So once again we try once again with Ms. Moussaoui to start your contribution and fingers crossed that we can also understand you in different languages. Thank you.

Rosa Moussaoui (Journalist at l’Humanité) : [My translation, editors note] Thank you. These technical problems are indeed detrimental. I don’t know if you can hear me better now, if these are better conditions to be able to interpret my words. First of all, I would like to thank the members of this committee for the opportunity to be heard as a journalist on cyber-surveillance, which is a serious violation of human rights.

Interpreter and Lenaers: [Inaudible, editors Note]

Jeroen Lenaers (Chair): … It’s a contribution because I can hear you perfectly in French. And if my French was a bit more fluent, I could interpret you myself. But apparently, for our interpreters, this is not enough. So, I’m really sorry. But for the participants who are remotely connected today, I’m afraid we’ll have to reschedule to another moment. And I will take this up with the with the hierarchy in the European Parliament to finally find a solution for this. And not all of our members can understand you in French, and some of the nuances of your contributions might be lost. And this is not the way I want to preside over this meeting.

So, I really, really do apologise from the bottom of my heart because I feel very, very bad about having to do this, but I see no other way in the current circumstances.

Now for the second panel we have today, we have one guests who is here in the room. So, my proposal would be that we invite our guests to the podium to make his contribution, and then we will see for to find a new date where hopefully we can either have better connections or better cooperation or an in-room presence by our guests. Ms. In ’t Veld.

Sophie in ’t Veld (Renew): Yes. Thank you. Thank you. Chair. I know that the secretariats are doing everything they can, but this is indeed not the first time, and it’s now the fourth or fifth time. It’s really annoying.

In particular, as we were very keen to hear two speakers, not least in light of the fairly, let’s say, remarkable contribution that we received from the Moroccan government. I was very keen to hear the testimonies of our guests today. So, I hope that we can we can schedule a hearing at the shortest possible notice, preferably already next week in Strasbourg.

Jeroen Lenaers (Chair): No, I fully I fully agree with that. And once again, apologies to our guests, but I hope that it’s also important for you that your message is clearly, clearly heard by all members of the parliament, even those that are not fluent in in French. And once again, I apologise and I will do everything necessary to make sure we can do a rain check of this meeting as soon as possible, and we’ll try to plan that for next week in Strasbourg.

Then I propose we take a five minute break and then we start in 5 minutes with our guests from the second panel with once again, my apologies.


Jeroen Lenaers (Chair): Okay, Dear colleagues, apologies for the situation we’re in today, but we’ll continue with our second panel and our first speaker of our second panel who is joined, who joins us here in the room. So that should normally work is Mr. Salah Hammouri, who is a lawyer and a human rights defender. So, without further ado, I will pass you the floor, Mr. Hammouri, for about 10 minutes, and then we can open the floor to questions and answers, please.

Salah Hammouri (Lawyer and human rights defender): Thank you. Good afternoon to everyone here. Thank you to this committee for having given me the floor, allowing me to witness, to give, to bear witness about what’s happening to me and other human rights defenders in Palestine.

Let me introduce myself. My name is Salah Al Hammouri. I am Franco-Palestinian, born in Jerusalem. I’m a lawyer, a human rights defender, and a lawyer for Palestinian political prisoners. In the case of Addameer, where we defend human rights and defend Palestinian political prisoners.

Because of the Israeli occupation that has lasted over 22 years. I was wounded in the leg quite early in the day. Then I spent ten years in Israeli prisons for having defended or spoken up for human rights and spoken out for the rights of Palestinians.

Today, I am here not to tell you only about what has happened to me, but to also tell you about what’s happened to other Palestinians, colleagues of mine, who unfortunately do not have the opportunity to be able to tell you about what has happened to them.

I discovered by chance that my telephone had Pegasus spyware. What happened was, was that the al-Haq human rights organisation is the one colleague, as I said, found there was a problem in his with his phone and he was contacted by front line defenders. They analysed his phone and discovered the Pegasus spyware on his phone and following their advice, our telephones, all our telephones were then analysed and in October, I send my phone to frontline defenders, and they discovered that in October that I’d had the Pegasus spyware on my phone since April.

And I knew this when frontline defenders sent the analysis to the lab of Amnesty International and they confirmed the presence of the Pegasus spyware on my phone.

So, in October, my phone was discovered to be infected. And my organisation, Addameer, was ruled illegal by the Israeli government and my resident card of Jerusalem was also annulled. And in one week I was attacked three times. And I think none of this was by chance.

The influences of this espionage system or the effects of this were very aggressive against me and deleterious to me as a lawyer, as you know, personally. As you can imagine, my private life messages whenever I use my microphone, my photographs, my entire private life was infiltrated by this spyware in my phone. And this was because I was a defender of human rights as a lawyer for political prisoners.

I was not the only person at risk because of this espionage. At that time, I was in daily contact with the families of political prisoners. I was in daily contact. With the prisoners I was working for in jail. There was a lot of information about the various files. There were witnesses that were put a danger. There were illegal military actions by the police and these witnesses were at risk. I don’t know. Whether. This led to the lies that that we find in the file that the Israelis security forces are saying that they have against me. I was in house arrest for over two years based on a secret file, and no one knows what’s in that file. I think that the presence of the Pegasus spyware definitely led to putting information, false information into that file. That the Israeli occupiers then used against me.

I think that today I am here to say that the European Parliament must come up with rules that help to protect people. This spyware should be stopped. People who are responsible for its use. Against human rights activists, against journalists, against political opponents around the world. Well, they should be protected. And I think we should really work with civil society around the world that has helped to uncover this system, with Access Now, citizens, with Citizens Lab, with Amnesty International, so that we can stop this harassment against human rights activists. Thank you.

Jeroen Lenaers (Chair): Thank you. Thank you very much for being with us today and for your very important contribution to our panel today. Since we are not yet connected with Peggy Hicks, who is our second guest in the second panel, I would propose we start the round of questions, so we can really focus on your contribution here today, and then afterwards we’ll do a round with Peggy Hicks as well. So, we’ll start with our rapporteur Sophie in ’t Veld and if anybody else would like to take the floor please indicate so.

Sophie in ’t Veld (Renew): Yes thank you Chair and thank you Mr. Hammouri, for your testimony. A few questions.

First of all, I’d like to better understand the legal context. Are you in any way, let’s say at least on paper, do you have any legal protection, do you have rights, the right to legal remedy. What laws are governing the use of spyware? Because we have heard on several occasions that the Israeli authorities, when they are using spyware in Israel, I mean there was this big scandal where allegedly the police had used spyware, but apparently, they can freely and without limitations, use spyware on Palestinian citizens. Can you say something about that?

Secondly, I would expect that in any legal system the profession of lawyer and client lawyer communications are protected. In any case. So, then any interception of a client lawyer communication would be unlawful unless there is a let’s say, an imminent threat to national security or something like that.

And can you say something about, you know, the specificity of spyware is that it goes it goes beyond, you know, regular eavesdropping. Regular wiretapping is not just the use of the microphone and the camera. It’s the fact that they have access to all your documents, your files, the applications that you’re using and everything. Can you say in what way have you noticed that they have used that material, which they may have obtained against you because you said that some material has popped up in your file, for example, and that it had been distorted, so it’s used against you to discredit you or attack you or whatever. But can you be a bit more specific about what kind of material and what kind of distortions are we talking about? Thank you.

Salah Hammouri (Lawyer and human rights defender) : As to the first question on the legal protection. Unfortunately. In Israel. The legal system, the Israeli legal system does not give the right to Palestinians to bring charges. When it comes to the use of spyware, specifically Pegasus spyware.

Now because I’m also French and part of the. Spying took place in France whilst I was there during one of my trips to France. That is how I was able to obtain the right to press charges. I filed this complaint. Because my phone had been infiltrated by spyware and therefore was under surveillance on French territory.

The second question. As pertains to the issue related to what is on my phone. For example, there were some cases of my testimonials and I don’t necessarily use them immediately, but I will use them in or have intention to use them in the future for my clients pictures, for example, or photos, information on my clients, their depositions and all of that information was there and would be available to me to be able to defend these prisoners at a certain date.

Unfortunately, all of this information that was obtained, contained in my phone, well, all of that was suddenly made public or made available, it was communicated. Accessible. It was no longer hidden, and therefore this information was taken and picked up by the Pegasus system that had infiltrated my phone.

Now, all of the defence then and the work that I had done to compile a defence from my clients, all the work that I carried out, it had been discovered. By those who had used the system against me. Now, in my opinion, I realised that we don’t really know for the time being who exactly planted the spyware into my device. But I think that the interest of doing that, those who would have a motive, that’s quite clear. Anyone who would want to know about the defence of those prisoners and all of my clients’ secrets were then all of a sudden compromised by those who had infiltrated my phone.

Jeroen Lenaers (Chair): Yes. Thank you very much, Ms. Incir.

Evin Incir (Socialists and Democrats): Thank you very much for being with us today and sharing your testimony. And of course, I am really sorry to hear about the attacks that you have been under.

I have a question on how many more people have been victims of Pegasus in your organisation, but also other organisations working within the same field that you know of. Because I also heard from some ministries of in Palestine that even the Palestinian Authority ministries have also been under this kind of surveillance of Pegasus. So yeah, my question is are there more of your colleagues that have been victims of Pegasus? Thank you.

Salah Hammouri (Lawyer and human rights defender) : Yes, unfortunately, when our colleague Alok discovered his phone was infected. Many organisations, civil society associations and the Palestinian Authority had their phones checked. And in 5 am the Human Rights Defence Organisations released in Palestine. We noticed that there was at least one person in each association whose phone was infected by the Pegasus spyware, and also in the Palestinian Ministry of Foreign Affairs, there were people whose phones had been affected by the system.

Jeroen Lenaers (Chair): Thank you. Hannah Neumann.

Hannah Neumann (Greens): Thank you. And first of all, thank you for your testimony. And I can understand your frustration, especially in your professional work, if basically what you did over months is shared with those who you wanted to use it. And I have three different kinds of questions.

First of all, you mentioned that you were supported by front line defenders, and you had the initial suspicion that they are spying on you. So, I would just like to better understand how Frontline supported you in finding out that you were spied upon. And if there’s other kind of support that you had wished for, that front line could, for example, and not give you. So, if there is a gap in support on this side.

And the second place and it relates to the question of Sophie in ’t Veld. The moment you find out that you have been spied upon, is there any authority, any interaction point, or something in Israel where you could complain, ask for more information and get some kind of redress and remedy? I mean, is there something or are you basically left alone and don’t know how to complain, make this stop or start a formal investigation?

The third question relates more to the fact that we know by now that you are not the only one in the Palestinian territories, but that there are people like a number of organisations and people being spied upon with spyware. How did that change, or did it change at all the kind of work you do, how you interact, how you communicate with each other, basically knowing that all the time you could be spied upon.

And the last question is more of a political nature. It was the old Netanyahu government that allowed NSO to export rather freely. There have been some restrictions on the export licenses by the recent governments, which was also the time that our delegation visited Israel. And now we have a new Netanyahu government. Do you expect, again, NSO, being able to export more freely or do you expect them to stick to the more restrictive approach that they had previously? Thank you.

Jeroen Lenaers (Chair): Yes, our members ask a lot of questions. So, it’s good. It’s good to write them down.

Salah Hammouri (Lawyer and human rights defender): Well, the first question, the support of front line defenders. It was thanks to them that we discovered the fact that the software. Pegasus software. Had been. Had infiltrated my system. And then they contacted me on more than one occasion to analyse the information on the phone, in the phone. And once the of the phones went into their labs, the. Information was analysed and that’s how they were able to uncover the fact that the spyware had been wormed into my phone.

And since April. To be even ever more certain they shared information. So, Amnesty International’s lab and the Citizen Lab Association also carried out these tests. They confirmed the fact that my phone, as well as the phones of my colleagues, had been infiltrated. Three big human rights associations. That confirmed this fact that the system was installed and was installed on other phones. And that’s precisely how we were able to discover the whole thing.

Now. When it comes to the question of Israel, I believe that the Israel Israeli government. Is not far from the use of these systems. And I would even have reason to believe that perhaps the Israeli government abetted the use of this software, this Pegasus software.

Now, when we begin to understand the fact that the Palestinian people are occupied, everything is done to repress them and to find a way to sentence them. By way of example, there are some 800 Palestinian prisoners being held under administrative custody. Administrative custody means that the Israeli army can arrest a Palestinian based on secret information. Neither the lawyer nor the person being held in custody can have access to the information in the in the charges.

So, I believe that the use of Pegasus spyware against Palestinian civil society is a part of a plot that goes hand in hand with the administrative custody process, a process because everything goes hand in hand in the occupied territories.

I’m fortunate I have French citizenship, too, and therefore, I can speak on behalf of my colleagues who had infiltrated telephones. But I would love very much for my colleagues who work in human rights organisations. I wish that they could be here to give to bear testimony to what’s happening to them in the occupied territory.

Now, when it comes to how our work changed, I’d have to say that our work changed very much because of all of this spying. Everything happened in a week’s time, as I said. Our phones were. Being spied on. Our offices were invaded by the Israeli army and. Then my residence card was stripped of me, and they put me in prison for nine months in administrative custody. And on the 18th of December, I was deported from prison directly to Charles de Gaulle Airport in Paris. So. The things cannot be taken individually. It all goes together in a colonial system, in power in Palestine.

The fourth question. I believe that the NSO will continue to carry out its work with the government that is now a far-right government. We see what the political intentions are vis a vis the Palestinians and what they would aim to do in the region with support to the dictatorships in the region, with a normalisation of relations with the Gulf countries and with Morocco. All of these dictatorships. That are also occupying people and have been for some 65 years. I believe that NSO will have the green light to broaden its activities in the region and against human rights defenders.

Jeroen Lenaers (Chair): Thank you very much. Róża Thun.

Róża Thun und Hohenstein (Renew Europe): Thank you very much for that really tragic story that you described to us. Just a few questions to make sure that I’ve understood. You said that you spent ten years in prison for defending human rights in Palestine. What were the charges brought against you and how old were you at the time? When did this happen?

Another thing, your Palestinian and French both. And your residence card in Israel was cancelled. So, you’re living in Palestine now or are you living in France? To be held to be able to defend the people you spoke about. Are you doing it from France or are you doing it from Palestine? Because as you said, you were under surveillance in France by the state or secret services of Israel. But where’s your permanent residence if you have one? That’s all for now. Thank you.

Salah Hammouri (Lawyer and human rights defender): Well, I got to know the Israeli prisons quite early in life. From the age of 16. And I was deported quite recently on the 18th of December. So altogether, I’ve spent about ten years in Israeli prisons, three times in administrative detention and twice condemned by the Legal Military Tribunal of Israel in the occupied territories. And once freed after ten days of detention due where I was subjected to interrogation and not just that was I was working on human rights, I received. Orders banning me from going to the courts. Going to work. I couldn’t go into the West Bank for 18 months because of these military orders that were issued. Often, I was stopped from going into courts to defend my clients. Sometimes the ban went was up to seven months. I couldn’t go to defend my clients.

As I said, I was born in Jerusalem and spent my entire life in Jerusalem. Since 2019. Well, to better understand this, in 2018, the. Israeli parliament. Gave the right to the minister of interior of Israel to cancel the I.D. card of a Palestinian simply because there is a security secret security file and the person is not loyal to the state.

And so, since 2019, with the lawyers, I’ve been working to get my resident’s card back. Unfortunately, I was on the 7th of March in 2022, I was put under administrative detention that was renewed three times. And on the 18th of December, the Israeli Interior Ministry decided to deport me back to France, even though the United Nations and several international organisations have said that this forced deportation was a war crime. Today I live in France, and I continue to work remotely with my association. Of course, I cannot work directly with my clients, but I continue to defend human rights for the rights of for Palestinians.

Róża Thun und Hohenstein (Renew Europe): I would like to just clarify one thing. Thank you. Now, you were. You have been sentenced several times. But what were the prosecutors’ charges or what were the accusations?

Salah Hammouri (Lawyer and human rights defender): Let me find them so I can be clear. Shall I read it? Okay.

In 2001, the Israeli authorities arrested me for the first time. They imprisoned me for six months. I was 16 at the time. I didn’t know that this was going to be the beginning of my state harassment or harassment by the state. It was a long road, sowed with many terrible painful events via the military. And at that time, I was a target. Sentenced for having been a part of a student union at the age of 16 years. And that was in 2001.

In 2005 I was arrested for five years. It was held for five years for having. It was apparently because of an attempt to assassinate someone from the far right.

Jeroen Lenaers (Chair): Thank you. Saskia Bricmont.

Saskia Bricmont (Greens): Let me add my voice to colleagues to thank you for watching for what you’ve said to us and to congratulate you for the work that you used to do and continue to do.

Secondly, how has this Pegasus scandal changed the political dynamics and media attention in Israel? Can you tell us what about the Parliamentary Commission of Inquiry of the Israeli Parliament.

With regards to what you were saying on the use of Pegasus in the occupied territories. There was use of the software against individuals. Has there been massive use in as a type of testing in the Palestinian Authority? Has the company been using it as a testing ground for the spyware?

Do you believe that the Israeli authorities are using Pegasus and the data that they get from it against targets in Europe? Do you have any indications that would lead you to believe that?

To your knowledge, do authorities get the data from this surveillance automatically? Are they sent on through export data, export consent contracts? Has this data been directly used against you in legal cases? Was it accepted to be admissible evidence?

Now, with regards to the case you have in France. Can you tell us where that stands now with regards to the litigation you have in France?

Salah Hammouri (Lawyer and human rights defender): So on your first question. I don’t think anything has changed in their behaviour. Of the Israeli state because of what has happened to Pegasus or because of NSO. We have not seen any changes in the relationship. We haven’t seen any type of sanctions, or any type of pressure being brought to bear on the company to halt its activities and sales of the system.

I think the Israeli government actually sees Pegasus being developed as to its advantage. With regards to the investigation in the Israeli parliament, I am unaware of what’s happening there. I don’t think anything actually has taken place there.

With regards to targets in Europe and whether the information was utilised. Well, unfortunately, we don’t know where this information goes. That’s what’s difficult. I know that my phone. Was tapped, but I don’t know who tapped my phone. And this is why I say when you put it all together since 2017, I’ve spent two years in administrative detention. You don’t know why you’re there. It’s a secret file. You don’t have any access to it. Your lawyer doesn’t have access. You don’t stand trial, you’re not defended. You don’t know what the charges against you are.

For example, and I can say this when my colleague has said, how did he discover that this spyware was in his phone, someone said to him, why did you call me 5 minutes ago? And he said, no, I didn’t call you 5 minutes ago. And he says, yes, your number showed up on my on the screen here. And he says, Send me a screenshot of this. And the person did that, and that’s how he discovered that he didn’t use his phone to call this person, but the person got a call from his. Mobile phone.

So, someone was controlling his phone and they can do things that can actually be dangerous for you all. They can call someone, send a message so they can actually build a case without you knowing this case is being built against you. So, you don’t know where the information is going.

In my opinion, when you think of which country has been harassing me for the last 20 years and has any interest in doing so, then quite clearly I will say it’s Israel using information from the Pegasus system, at least in the occupied territories. Unfortunately. The human rights activists and associations. We discovered the Pegasus spyware because we had our phones analysed. But perhaps this is being used massively in the occupied territories and against the occupied people. Maybe they are testing it on the Palestinians before selling it across the world.

Saskia Bricmont (Greens): France, in relation to France, is your situation being taken seriously in France? The complaint.

Salah Hammouri (Lawyer and human rights defender): The complaint was issued was submitted. At the beginning of January. Unfortunately, the complaint was rejected by the judge. We have now submitted an appeal that was filed last week. The International Federation of Human Rights assisted. That is the organisation that is following my file in France.

Saskia Bricmont (Greens): And what was the basis? What were the grounds for rejecting your your complaint?

Salah Hammouri (Lawyer and human rights defender): It was inadmissible. It was inadmissible without any further explanation.

Jeroen Lenaers (Chair): Thank you. Thank you very much. That concludes our speakers list for this session. Thank you very much, Mr. Hammouri, for sharing your story with us today. Like I said in the previous panel, we’ve met many victims of spyware already in our community. But each story is very impactful and very impressive in its own way.

So, I very much appreciate that you wanted to come all the way to Brussels to share your story with us. And it’s very helpful for the members of our committee in the work that we tried to do here. So please also stay in touch with us, have a close eye on the investigations that we undertake and on the recommendations that we will in the end drafts for to improve this situation for the future. Thank you very much. Thank you very much.

Dear colleagues, we move to the next speaker on our agenda, which is Ms. Peggy Hicks. Now we had a session with Ms. Hicks before in Strasbourg that we had to suspend due to technical issues in the interpretation, I’m sure, and the irony of the situation escapes no one. But we are hopeful that we have a good connection with Ms. Hicks at this very moment. We were not able to get to test it with the interpretation, but I hope that that we will be able to also get it fully interpreted.

Just to remind you, for those who also were not present in Strasbourg when we had our first meeting, Ms. Hicks is the director at the Thematic Engagement, Special Procedures and Right to Development Division, Office of the United Nations High Commissioner for Human Rights. I understand that in the meantime, since we last spoke, Ms. Hicks, that there has been a discussion in the Human Rights Council on spyware as well. So, in that sense it is good that we meet you again today, so you can also brief us on any new developments.

Having said that, I also pass the floor to you for about 10 minutes and once again, apologies for the technical issues the last time we met, and I hope we can avoid them today. Thank you. You have the floor.

Peggy Hicks (Director, Office of the United Nations High Commissioner for Human Rights): [inaudible, editor’s note] important issue and very much thankful for the work that the committee is doing on it.

For us, use of Spyware as the title of this hearing reflects, is about power: who has it, who doesn’t, and how to hang on to it. These dynamics play out not just among states, but within states with companies and significantly with people. Those people, I would emphasise, are not randomly selected, but include those suspected of being a great threat to our societies. But seemingly just as commonly as we’ve heard, those who are essential for the fabric of democracy, including journalists, activists, and dissenters.

The UN Human Rights Office here in Geneva shares this conclusion of PEGA’s draft report and recommendations based on our own work in 100 countries worldwide. This reality should not come as a surprise. UN human rights experts repeatedly raise the alarm on the risks of the proliferation of extralegal surveillance tools beginning ten years ago. And reports from this parliament similarly raised concerns regarding an emerging surveillance export industry, including in the context of the Arab Spring.

As highlighted in the draft report, there’s a widespread appetite for surveillance tools in both democracies and in authoritarian states, and that appetite has been allowed to flourish with limited constraints, far from judicial oversight and public scrutiny.

There can be no doubt that criminal activity and security threats need to be investigated. At the same time, the evidence is clear that the use of spyware often far exceeds those legitimate needs.

The threat spyware poses is clear. When spyware is used, as we have heard, to target human rights defenders, journalists and politicians, it violates the rights not just of those spied upon, but all of us. It undermines essential work, silences, critical voices and threatens democracy.

The unchecked development and expansion of the surveillance industry is a particularly graphic example of the harms of a global market in which digital technologies have too often proliferated with very little transparency, regulation and oversight on their sale, purchase and application.

We need better solutions to this global problem. This is where the human rights framework can be helpful. Its binding legal obligations have been agreed by states across the globe and should be used to set guardrails around the use of spyware. Human rights law, for example, requires that surveillance measures can only be justified in narrowly defined circumstances based on law and with a legitimate goal. They must be both necessary and proportionate to that goal. Government hacking at the scale now reported clearly does not meet these criteria.

We have suggested at least four critical steps to address the threats posed by the widespread abuses connected with the surveillance industry and market. Step one It’s time to pause. Governments should implement a moratorium on the sale and transfer of surveillance technology until sufficient guardrails can be put in place.

Step two. States should, during this pause, work on export control regime and boost legal frameworks. Securing Privacy. Let me say a few words more on that point.

We welcome the recent adoption of the EU dual use export control rules. At the same time, much more needs to be done in the field of surveillance technology. Oversight often remains inadequate and sporadic and is coupled with non-compliance with existing privacy protection safeguards in Europe. The result is that spyware is exported without a sufficient screening process or export licenses.

As a first step, the dual use regulation must be fully implemented, including by first. All export licenses for spyware should be reviewed, and those not in line with the dual use regulation should be repealed. And second, decisions and justifications to approve or deny export permits should be made publicly available together with the name of the company and the name of the exporting country.

In addition, we believe the dual use regulation should be strengthened both by clarifying ambiguities that facilitate circumvention, such as its applicability in transit and by precluding export permits when there is a reason to believe that spyware will be used for the Commission of a human rights violation. In addition to export controls, national legal frameworks for privacy need to be improved in the face of the growing surveillance apparatus. And unfortunately, best practices in this area are all too rare.

Privacy regulation should be founded on human rights obligations, recognising that surveillance and hacking should be one allowed only when necessary and proportionate to investigate specific and serious crimes, two, narrowly targeted to the person suspected of committing those acts and three, authorised by an independent body and subject to strict independent oversight.

In addition, as highlighted in our 2022 report on privacy in the digital age, states should adopt and effectively enforce through independent, impartial, and well-resourced authorities, human rights compliant data privacy legislation for both the public and private sectors.

Step three. Effective human rights due diligence is critical. As clearly underscored by the UN Guiding Principles on Business and Human Rights. Companies have a responsibility to conduct human rights, due diligence to identify, prevent, mitigate and account for how they address their impacts on human rights throughout the value chain.

The forthcoming European Union Directive on Corporate Sustainability due diligence is a key opportunity for states to set clear rules for companies on how to address the human rights risks of surveillance technologies. As such, the scope of application of the directive should include the downstream risks and impacts of such companies to ensure that those salient risks in the technology sector are covered.

UNHCHR Chair welcomes the commitment to advancing the protection of human rights and the environment through due diligence. However, it’s crucial that the ultimate directive is aligned with relevant international standards, in particular the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises.

Those standards call for a risk-based approach to human rights, due diligence under which areas and actions to prioritise are determined by where the most severe risks to people are.

So, for example, applying criteria for which companies are covered by the directive that look solely at the number of employers or revenue and do not reflect a risk-based lens could mean that serious human rights issues, including those relating to spyware, fall outside the scope of the directive.

Further, a directive that excludes downstream human rights impacts of companies would largely fail to cover tech specific risks, in particular those relating to Pegasus and equivalent spyware. Excluding downstream risks would first not be consistent with the UN guiding principles. Second, undercut the EU’s own stated objectives. And third, ignore the existing efforts by companies to implement downstream human rights due diligence.

As the European Parliament continues its negotiations over this Directive, we urge you to ensure alignment of the Directive with the UN Guiding principles, including to ensure that issues of concern for the EU such as spyware, are appropriately covered. Our office welcomes the opportunity to engage with EU institutions on the Directive as it enters the next phase.

And finally, step four Accountability. Finally, real progress in this space depends on strengthening accountability. And this, of course, is an area in which this committee is already playing an important role. Oversight and investigations of the abuses that have and will continue to occur are critical. This important work cannot be left to human rights defenders and journalists. It requires a strong commitment by democratic institutions tasked with oversight and accountability. There are a range of concrete steps that we believe should be taken.

First, governments should agree that they will only contract with surveillance firms that meet a specific threshold of due diligence around human rights compliance, which can be measured with real data and independent oversight. Such an allowed denied list of vendors would not run the risks worse offenders out of the business entirely but would marginalise them from important marketplaces.

Second, existing regulatory measures should also be used to hold the worst offenders and mercenary spyware industry legally accountable. And we’ve seen some examples of this. For example, the French investigation into amnesty for complicity in acts of torture in Libya.

Third, legislation could also open avenues for private litigation, allowing victims of targeted espionage to hold both governments and companies accountable. Currently, governments are able to rely on foreign sovereign immunity provisions, and vendors may avoid responsibility for harm caused by their products when used by government clients. Amending legislation to include exceptions to sovereign immunity that would allow victims to sue both vendors and government clients would increase liabilities for companies, investors and governments alike. And this, of course, is an approach that has been taken in a number of places already.

At the same time, technology platforms whose infrastructure has been exploited by spyware companies could litigate against those companies for violation of their terms of service and other damages.

Fourth, we also see a need to increase transparency. Government should expand public disclosures about surveillance practices, including tools acquired and used when legitimate reasons require heightened security and independent or parliamentary body should be informed.

Fifth, further efforts to improve the digital security capabilities of human rights defenders like those you’ve heard from within the EU and outside, is also important. These efforts should go hand in hand with work. To strengthen digital knowledge of the public, particularly those at risk to detect spyware attacks. For example, the committee’s report recommendation to set up a citizen lab type project of the EU could be very useful. The EU can also play an important role by making increased funding available to organisations that support civil civic space actors in this regard.

Finally, and crucially, the EU and states should be careful not to undermine technology that’s crucial for stable cybersecurity, including end to end encryption, an issue highlighted in our recent report and June and September of 2022 as well. I’ll close there and look forward to your questions.

Jeroen Lenaers (Chair): Thank you very much Ms. Hicks, for a very rich contribution. I’m not sure if it’s possible, but if you have speaking notes of your contribution, maybe you could also share them with us so we can also have the time to read it, read it back, because there was a lot of information in there.

Thank you very much. And I’m very happy it works. After a first attempt some time ago. Thank you very much for being with us today. I open the floor for questions from our members. I will start with our rapporteur, Sophie in ’t Veld.

Peggy Hicks (Director, Office of the United Nations High Commissioner for Human Rights): Thank you, Chair, and thank you, Madam Hicks, for being with us and also thank you for your work on the topic. Taking an interest, I have to say I am not sure I have a question. The point is that I agree with pretty much everything you said and a lot of what you have said, except maybe one or two topics where I think I will follow your suggestions are included in my reports and draft recommendations.

The point is, is it’s not so difficult to see what should be done. The one ingredient that is missing is political will, because the very governments who are abusing spyware or who are benefiting from the illicit trade in spyware are the ones who should actually take these measures. So, you know, this is a difficulty we see when it comes to the trade in spyware, for example. I mean, you can easily see that it’s not a regular transparent trade that can withstand the daylight.

And yet this very murky market is basically supported by the governments. And they have a shared interest. I mean, they’re very, very, very powerful players in. The stakes are incredibly high. I have to say. I’m an optimist by nature, but this is this is a this is a big one. And it’s very difficult to see how we’re going to tackle it and how we are going to give people the tools, because I think those governments are not voluntarily going to introduce the reforms that you are calling for. And I as well.

So how are we going to give people, citizens the tools to counter this effectively, to force transparency, to force accountability, to get access to information, to get support for, you know, screening of their devices, etc. Can you name those two things? So how are we going to generate some political will? How are we going to create incentives for governments to try to introduce these these reforms? And how are we going to actually empower the people to make sure that we are going to to counter this problem effectively? Thank you.

Jeroen Lenaers (Chair): Thank you. Miss Hicks, a simple question, but maybe with a not so easy answer.

Peggy Hicks (Director, Office of the United Nations High Commissioner for Human Rights): Thank you so much. I agree that there is there is a great deal of commonality between the rapporteurs report and the recommendations that our office has arrived at through our work as well. And I share your concern over what it will take to really move the bar on these issues.

As my testimony said, they have been talked about for a long time and we haven’t seen the situation improve. And in fact, as your testimony in these hearings has shown, there have been, you know, very dire circumstances and very in, you know, that are ongoing.

Now, I do think there are a couple of levers that we have that will make a difference here. I think the types of transparency that we’re talking about here, where these issues are not just, you know, things that are known about in and small circles is very important. And so, to have monitoring and oversight that publishes the types of reports and findings that that this body is very important. But we’d really love to see that on an ongoing basis. And we do look for support maybe at the UN level or at the regional level to have ongoing information sharing, you know, not just by NGOs or companies or journalists, but a consolidated basis of what’s currently happening in that space.

Because while I agree with you, there are some actors that will be very difficult to move. There are some actors in the space that can be pushed through that sort of public exposure to improve their policies and approaches. So, there are, for example, governments that have said that they are committed to not reselling to countries that that may engage in these abusive practices.

But, you know, we’re not we don’t have as much transparency as we need to check up on those commitments. So, putting in place that type of regime that that requires transparency and pushes it forward, I think is one of the key elements.

But you also spoke about the other side of the equation, which is, you know, how do we make sure that the public sees this issue and that they create that political will for this to happen? And I do think the compelling nature of the testimony of others and the fact that, you know, this message about the fact that this type of spying ultimately will undermine the ability of our democratic systems to function as it is, is critical for people to hear and understand.

And that means, of course, as we’ve said, you know, more digital literacy, more and more popularisation of sort of the findings and work. It’s often a difficult space for people to fully understand. They may understand, you know, now the idea of fishing where you know and you know, don’t click on this link, but the idea that you can be spied upon not having made any mistakes or done anything is something I think most people in the public probably don’t fully comprehend. And if they did, they might have a stronger reaction to whether their government or other governments are using those sorts of technologies.

And alongside that, it is absolutely essential that we just develop better tools, and we resource those who are most at risk to be able to use them effectively. So, more funding, more resources for journalists, human rights defenders and others who are who are greatly at risk, I think are the key ingredients here.

Jeroen Lenaers (Chair): Thank you very much. I look around in the room to see … Saskia Bricmont.

Saskia Bricmont (Greens): Yes. Thank you very much for your presentation and for being with us today. In your report, you say that the right to privacy and freedom of speech are under threat. And one threat is the extensive use of spyware by states and non-states. This is key in our work. We have an issue is that our own EU authorities do not listen. Did you reach out to them? Did you have contacts with the commission? Did you have contacts with the Council, with the member States? And have you had the opportunity to present and present your report to them and had any reaction? This is my first question.

And my second question is are there any further steps to be taken at the UN level? I mean, by that by that, for instance, a UN framework to regulate spyware and also to touch upon the fundamental rights and the rights of the victims. In the previous panel, even action in justice in front of the French courts is declared. You receivable. So, I wonder what’s happening there. A French citizen by national but still French spied bomb in France that goes to court, and it’s declared irretrievable.

So, I’m really wondering what’s going on both at political and justice level. And so I think, of course, the EU has many possibilities to act, but we need international framework. And could we work hand-in-hand towards such a UN framework? Thank you.

Jeroen Lenaers (Chair): Thank you, Miss Hicks.

Peggy Hicks (Director, Office of the United Nations High Commissioner for Human Rights): Thank you very much for those questions. Maybe starting with the issue around the UN’s potential role on the Secretary-General has raised issues around surveillance technology and as part of his roadmap on digital cooperation and our common agenda in his landmark report that sets forward the future of the UN and how we can develop a better and more human rights compliant approach to digital technologies generally. He has pushed the need for us to take up these issues as a UN system, recognising really, as I said, that an advantage the UN brings to this is that we do have this foundation of rights to privacy and freedom of expression that have been agreed across all regional groups, across all states. And finding a way to make those actionable at a global level, given that the technologies we’re talking about, of course are go across borders with no problem is essential.

Now, what that looks like, I think is really up to the member states of the of the UN to decide. But there has been work here at the Human Rights Council, although the work that we’re discussing was mandated a mandated report by the UN Human Rights Council in which we sort of outlined some of these risks of surveillance technology. And in one of the things, of course, that the that the UN can do, or the Human Rights Council can do is to ask us to do further work on that. We’ve also, in other cases, called for ongoing monitoring and reporting on these issues.

So not just a onetime report, but an ongoing analysis that would allow real time information to be released about issues in a particular area of human rights threat. So, one could see that developing around issues of spyware as well, rather than waiting for the, you know, the next exposé by journalists to take up the same sort of thing that you’re talking about with a citizen lab at the EU level to try to do that at a at a global level through the United Nations.

You asked, though, more specifically about a regulatory framework at the UN level. I think that that’s the sort of thing that that people look to the UN potentially to do. The reality is that this is a space that evolves very quickly and the ways to develop those regulatory frameworks on a global level are require substantial investment of resources and time. We now have, of course, the ongoing discussions around a cybercrime convention that may even hit on some of these issues in different ways, but it would be a multiyear process.

But I do think using those levers simultaneously with what is done at the EU and at national levels is essential. We should pursue all the levels to try to move these issues forward in terms of our conversations with EU, with European Union.

We did present the report at the at the Human Rights Council and the EU is an active participant there and we meet with their permanent mission here in Geneva frequently and they are very much engaged in the discussions around these resolutions and the work that’s being done.

We’re also engaging with the European Commission and European Union around the corporate sustainability due diligence proposal. And have you know, we’ve been asked for our views on that and have found an open door to bring in some of the concerns that we’ve raised here. But as I noted in my testimony, we find that there are still some areas where we’d like to see some continuing work done. Thanks.

Jeroen Lenaers (Chair): Thank you very much. There are no further requests for the floor. I just have one question. Maybe a point for .. ah, Mr. Lebreton. I apologise. I didn’t see you. You have the floor.

Gilles Lebreton (Identity and Democracy): Yes. I wanted to briefly take the floor, first and foremost to thank Ms. Hicks. Your speech was extremely interesting. Very technical indeed.

I’d like to just make an introductory remark and then I will ask your question. The comment was the fact that you questioned the French system. Now, I don’t know exactly the in the case of the individual who lodged a complaint about declassifying of a file in France, there is a legal provision that is the opportunity to prosecute. That means that a prosecutor can open a file and then not prosecute. It’s relatively frequently used. I’m not sure why it was used in this case, but I did want to just say that that might be something that could be easily explained by the legal approach arrangements in France.

Now, you proposed a moratorium, and I already had the opportunity to discuss this in this committee. The moratorium always concerns me somewhat. I think the use of spyware by Democratic states could be justified to fight terrorism by way of example. The problem is that we can’t accept a moratorium without some precautions because that could create a vacuum. So, what type of precautions would you take in the case of this moratorium?

Jeroen Lenaers (Chair): Thank you. Thank you very much. This is actually my question for clarification indeed, because moratorium is always a recurring theme in our discussions. But the problem is that with the term moratorium, many people mean different, different things.

And I think in your presentation, you mentioned a moratorium, or a government pause on the sale and export of such systems, but I wasn’t sure if I heard anything about the use as well. So as a as a follow up on the question of Mr. Lebreton, just to clarify that.

Peggy Hicks (Director, Office of the United Nations High Commissioner for Human Rights): Thanks very much for both of those questions. Just to clarify on the French law question, I actually did not myself bring up the issue around the inadmissibility and then would not in any way be qualified to speak to the French law implications. So, I take your point there. We pointed actually to the French case involving Libya, which is a relevant example of where the French courts have gotten engaged on these issues and in a useful way.

These issues around the moratorium. I take your point. And that’s why we made a point within the testimony of noting that there are legitimate potential uses of this type of spyware, but that those uses must be constrained by human rights law and by the needs of society generally, which would require that they not be used in this way that we’ve heard discussed, which against human rights defenders, journalists, and dissidents in different ways. And that does, of course, pose a bit of a quandary when one asks for a moratorium. If you have legitimate uses that you think you need the spyware for, and we’re saying, you know, it shouldn’t be sold and exported at this at this stage.

To be frank, I think that that type of moratorium is called for as a tool to galvanise movement on this issue because of the concerns that we haven’t seen things moving forward and that without some cost, maybe we won’t be able to generate the movement that that we need. As the rap tourist questions reflected, if there were lots of movement happening, we perhaps would not be able not feel it necessary to say that there’s a moratorium.

I mean, I think it’s a difficult question to say, you know, don’t use something that might help us, you know, protect our security better. But I think that’s really only looking at one part of the puzzle, because when we say we’re going to roll out technologies that help us with the security concern on one side, but in fact, in a in a broader sense, undermine our security by undermining human rights, by silencing critics and making journalists and others, you know, vulnerable, you know, trade-offs somehow don’t come into it.

And so, yes, I mean, I think reality the reality is that moratoriums can be needed. That means that we delay use of some technologies that we are not yet sure how to regulate them in a way that will ensure that they’re used in in a way that is appropriate for our legal obligations under human rights law. And for the needs of society more generally, not just in the specific area that that that the technology is supposedly going to serve.

There’s something called techno optimism, which is the idea that, you know, the second we get the technology, we have to use it to whatever extent we possibly can. And I think we’ve all seen that that can be incredibly problematic in terms of both predictable and sometimes unpredictable human rights consequences. This is one case where we know that the consequences of unregulated sale and export of these technologies have been incredibly dire. And it is the moment to pause.

That goes to your question about continued use of the technologies. Our call, I think, has not been as specific and detailed in this reflection. We’d really have to engage in a further conversation to look at what it would mean in particular context. But the main thing is that that we’re really looking at limiting the further spread of technologies and their use in ways that that are contrary to human rights. So, if we’re talking about a technology that has already been distributed in a context where it would not have passed human rights due diligence standards, then of course we would be saying that the use should be ended. However, there may be contexts where the use is being controlled in a way or limited in a way that that would not necessarily need to be limited through a moratorium. Thank you.

Jeroen Lenaers (Chair): Thank you very much. Our rapporteur has one follow up question. She indicated she’s an optimist. I’m not sure if that also falls under a techno optimist. But one more question.

Sophie in ’t Veld (Renew): I think technology is wonderful, but I think we are also not sufficiently aware of the implications its use may have for democracy.

Because I think, Mrs. Hicks, your opening remarks were, this is, you know, it’s not about technologies, about power, and it’s, these technologies are giving an extraordinary amount of unlimited power to parties, states which are already very powerful.

But I’m pretty confident that we can come up with a proposal for a let’s say, a smart moratorium, which will allow us to ban the let’s say, the negative use, the abuse while still allowing for responsible use, but that this is for the negotiations on the amendments.

But my question would be, if we if we accept the premise that spyware may be used for purposes of national security, but then we leave it to the national governments to define what that is, we’re basically giving them a blank check. And that’s also the way they seem to be using it, because there’s no definition, there’s no demarcation, there are no common standards.

They can, I gave the example last time here, that the use of road salt when it’s snowing in my country is a matter of national security. So, you know but are you doing any work on that seem better defining national security or developing common standards, common criteria guidelines, something like that.

Jeroen Lenaers (Chair): Thank you, Ms. Hicks.

Peggy Hicks (Director, Office of the United Nations High Commissioner for Human Rights): We don’t have any work specifically in this context on that theme, but we do look at it across, for example, we’ve done lots of work in the counter-terrorism space about what types of limitations should be inherent within counter-terrorism legislation and regulation based on overbroad use of national security as a justification.

And the common standards through a human rights-based approach are the same. It looks at making sure that there is the legitimate purpose of national security, but also looking at using the least intrusive way of doing it a necessary and proportional response.

So, you might try to claim that road salt is a is a national security measure, but you would have to be able to show that you absolutely needed to regulate it in order to accomplish your ends. And so, you know, those are the types of constraints that human rights law can bring in. That framework can be applied to ensure that those sort of overbroad interpretations of what’s meant by national security really don’t pass that pass the human rights test.

Jeroen Lenaers (Chair): Thank you very much. Thank you for, like I already said in the beginning, a very rich contribution and a very clear. So, if there’s recommendations, we will also share them with the members of the committee. But thank you very much. And we’re very happy that we managed to very clearly hear and understand what you had to say. So, thank you very much.

The only thing I have to say is that our next meeting will be next Thursday morning in Strasbourg with our country specific hearing on Hungary, also in preparation of the mission to Hungary that will follow in the week after our plenary session. And I look forward to seeing you all there.

And then we will try as soon as we can to schedule another moment to hear from our three guests that we had invited for today in relation to Morocco and see and then maybe it’s not going to be next week because it’s going to be, I think, more feasible if we invite them to come here and be in our meeting room in person wherever possible. So, but we will update you about that as soon as possible. So once again, with apologies for the technical inconvenience, I close the meeting and I look forward to seeing you next week. Thank you.

Deine Spende für digitale Freiheitsrechte

Wir berichten über aktuelle netzpolitische Entwicklungen, decken Skandale auf und stoßen Debatten an. Dabei sind wir vollkommen unabhängig. Denn unser Kampf für digitale Freiheitsrechte finanziert sich zu fast 100 Prozent aus den Spenden unserer Leser:innen.

0 Ergänzungen

Dieser Artikel ist älter als ein Jahr, daher sind die Ergänzungen geschlossen.