PEGA-UntersuchungsausschussStaatstrojaner-Skandale müssen Konsequenzen haben

Staatstrojaner gefährden die Demokratie, sie müssen entweder verboten oder streng kontrolliert werden. Der Untersuchungsausschuss im Europaparlament diskutiert, welche Konsequenzen die Politik aus den Skandalen und Enthüllungen ziehen soll. Wir veröffentlichen ein inoffizielles Wortprotokoll.

Sophie in ’t Veld
Sophie in ’t Veld stellt den Entwurf vor. – Alle Rechte vorbehalten Europäisches Parlament

Der PEGA-Untersuchungsausschuss im Europäischen Parlament hat am 24. Januar diskutiert, welche Konsequenzen aus den Staatstrojaner-Skandalen gezogen werden müssen. Die Berichterstatterin Sophie in ’t Veld hatte einen Vorschlag mit Empfehlungen erarbeitet.

Ihr Ziel ist eine umfassende Regulierung von Staatstrojanern in der gesamten EU. Deren unrechtmäßiger Einsatz, Handel und Export durch Regierungen und staatliche Institutionen soll unterbunden werden. Bis dies umgesetzt ist, soll es ein bedingtes Moratorium geben.

Die Berichterstatterin spricht sich für eine engere Definition von „nationaler Sicherheit“ aus, um es als Totschlagargument für staatliche Überwachung zu entkräften. Schließlich schlägt in’t Veld eine mögliche Kooperation mit den Vereinigten Staaten vor.

Wir haben den Entwurf zusammengefasst: Untersuchungsausschuss soll Moratorium für Staatstrojaner fordern.

Von der Anhörung gibt es ein Video, aber kein offizielles Transkript. Daher veröffentlichen wir ein inoffizielles Transkript.

  • Date: 2023-01-24
  • Institution: European Parliament
  • Committee: PEGA
  • Chair: Jeroen Lenaers
  • Links: draft recommendations, press release, Video
  • Note: This transcript is automated and unofficial, it will contain errors.
  • Editors: Anna Seikel

The Committee’s proposal for a recommendation

Jeroen Lenaers (Chair): Good morning, colleagues. If everyone could please take their seats, we can start this morning’s meeting of our PEGA committee. I hope that the technical infrastructure is working now, so that people also following this online actually end up at the correct meeting. Not like yesterday. We have interpretation in German, English, French, Italian, Greek, Spanish, Hungarian, Polish, Slovakian, Slovenian, Bulgarian and Romanian.

As you were informed yesterday evening, with regards to point number four on our agenda, we had foreseen a hearing on the intelligence services to map procedures in spyware development. Unfortunately, yesterday we were informed that none of the member states we invited for this hearing will in the end participate. And we have to see also among ourselves how to follow up on that. But it fits in a in a systematic approach by member states to, most member states, at least, to not cooperate with this committee, we have still also not received replies to the questionnaire we send from many of the Member States so we can see how we follow up on that. But I am personally getting a little bit fed up with this approach by the Member States.

So instead we will hold the exchange of views with Mariette Mousseau, who is the chair of the Dutch Investigatory Powers Commission, and we will see any other suggestions we can explore later on as well. The extension of the mandate has been approved by the Conference of Presidents last Thursday in Strasbourg. So we also have a little flexibility to add items to the agenda in the upcoming months.

Then we move to point three of our agenda, which is the presentation of the draft recommendations. We are kicking off one of the most important items for the term of our committee, I would say. After our rapporteur, Sophie in ‚t Veld, presented the draft report last November, we will today hear the presentation of the PEGA committee’s draft proposal for recommendation of the European Parliament and after giving the floor to the rapporteur, I have of course happy to give the floor to the shadows as well and other members who would like to take the floor afterwards. But I first give the floor to our rapporteur, Sophie in ‚t Veld, to present the recommendation, the draft recommendation. Sophie, you have the floor.

Sophie in ’t Veld (Renew): Yes. Thank you, Chair. Let me start indeed by echoing what you said about the attitude of the member states, which I think also applies to the European Commission. I think this is a very important element of this whole exercise of the inquiry committee, namely that we are being stonewalled completely by the member States, the Council and the European Commission, which I think is a very, very serious fact, because in my view, the abuse of spyware and the, let’s say, the characteristics of the trade in spyware equal a very serious attack on democracy. We were all very worried about, you know, Brazilians storming the parliament or the 6th of January in the US. But this is a digital attack on democracy from within. It’s very, very serious. And the attitude of the commission and the council and the member states is unacceptable and unforgivable.

But we are going to proceed not just with the inquiry, finding out what is what is happening, but also making recommendations to address the situation. I have laid down in a draft resolution a series of not just observations, but also recommendations to address the problems. And I think you can maybe cluster the problems into three or four – I see that the EPP is a tad busy, okay – three or four sets of issues.

One is the lazy, illegitimate use, the abuse of spyware by public authorities, by governments for political purposes. So not for security, but for political purposes targeting the opposition and targeting critics. We have seen that a number of governments in the European Union in different ways and to different degrees are guilty of this, and I have singled them out. And of course, not all governments are doing this, but the risk is there. It’s clear that the regulatory framework in place is too weak and the weak rules that exist are not being applied by the European Commission.

The second set of problems concerns indeed the trade in spyware, and particularly the exports of spyware from the European Union. I think the European Union is really a very comfortable place for vendors of spyware, because although we have export rules in place, they’re basically not being applied and the European Commission is turning a blind eye. The European Commission is choosing not to apply the rules, deliberately choosing to turn a blind eye. It’s very serious because European Union has become a kind of hub for exports of spyware to oppressive regimes, let’s say, names that we have seen in the course of our inquiry include, for example, Libya, Bangladesh, Madagascar, Egypt, Sudan and several other places. And if on the one hand, this House is passing one resolution after another condemning human rights violations around the world. But on the other hand, the European Commission and the member states are freely exporting this weapon to such countries. I think we have a bit of introspection to do as a European Union. So it’s the abuse of spyware within the European Union. It’s the exports of spyware to other countries through repressive regimes.

Of course, we have also seen that third country governments or other non-state actors in third countries are also using spyware to target persons within the European Union. As we know, there are suspicions of the Moroccan authorities, for example, targeting the French government, the French president, the Spanish prime minister, the Spanish minister of defence, etc., so that is another problem. But that is one which is going to be more difficult to tackle given that we cannot regulate what search countries are doing. So it’s the abuse of spyware, it’s the trade in spyware, the exports in particular.

But it’s also the fact that we do have a set of rules. We have instruments in place. But as I have said a couple of times, the European Commission basically chooses not to nor to enforce. The commission doesn’t even respond to two questions of the European Parliament, which I think is very, very serious. And the same applies to the member states and the European Commission, just, you know, as it does in many policy areas, rather than working with the presumption of compliance, i.e. member states complying with EU law, the European Commission is now working with the pretence of compliance and the member the Commission just assumes that Member States will comply and if they do not comply, then the Commission just pretends it doesn’t notice. So these are some of the problems that we have to tackle. So I have made a long list of recommendations, a wide variety of recommendations. So I will not address them all, but I’ll go through some of them in random order, basically.

First of all, you will see that I have made specific recommendations per Member State addressing some of the Member States recommendations aiming to end the abuse of spyware and to end the illegitimate exports of spyware. And some of the countries that we caught that we named specifically are Poland, Hungary, Greece, Spain and Cyprus, who all in different ways, I believe, do not comply with the rules.

And then we need rules governing the use of spyware within the European Union. And it’s not as if standards don’t exist. We have standards. There is case law. There are standards that have been proposed by the Venice Commission. There are standards or instruments, rather, which exist already, like the e-privacy directive, which is currently being revised and hopefully transformed into e-privacy regulation. And we need to make sure that those standards become part of a legal framework, a solid legal framework applied by all the member states.

Then there are, I call for rules governing the trade in spyware, the various aspects of trade in spyware. I’ve already mentioned the need to very strictly apply the dual use regulation and to revisit the export licenses which have been granted already, but to also urgently investigate the exports which are taking place outside the legal framework laid down by the European Union.

Then, we know that it’s going to take time to regulate. First of all, we have to overcome the complete refusal by the member States in the European Commission to regulate. So that’s going to take some time. And even when we have overcome that, when the European Commission will agree to put forward legislative proposals, it’s going to take time to go through the whole legislative process. But in the meantime, I’m afraid that the problems that we have observed will continue to exist unless we intervene.

And that is why I am calling for a so-called conditional moratorium or a partial moratorium. What does that mean? And I feel the need to explain, because I know that people get worried if I use the term moratorium, that means that from one day to the next, spyware can no longer be used for legitimate purposes, like, you know, catching terrorists or serious criminals. And I would like to explain, therefore, that the conditional moratorium means that a moratorium is called for all the member states, but it can be lifted on a country-by-country basis if countries meet the conditions. Now, countries which are making responsible and legitimate use of spyware can continue to do so. But those countries that do not will first have to take some measures before they can continue to use spyware.

And the four conditions are, first of all, that all cases of alleged abuse of spyware are fully investigated and resolved without delay by the appropriate law enforcement, prosecutorial and judicial authorities. So in those cases where there are allegations of abuse of spyware, it will have to be immediately investigated and resolved. That’s one. So I would say that’s an easy condition to be met because if member states refuse to do so. Then we have a problem of an entirely different order. Secondly, member states will have to demonstrate that the framework governing the use of spyware is in line with the standards laid down by the Venice Commission and the relevant case law by the courts in Luxembourg and Strasbourg.

Three, they have to explicitly commit to cooperate with Europol in the context of Article 6 of the Europol Regulation, which means that if Europol proposes to conduct a investigations, that Member States should accept that. And again, I think this is a condition that should be easily met.

And four, Member States should commit to repealing all export licences that are not fully in line with both the letter and the spirit of the dual use regulation. Now I would say those four conditions are easy to meet for any Member State, which is sincere about protecting fundamental rights, protecting the rule of law and protecting democracy. So all the member states that are willing to meet those four conditions and it can be quickly done, they can continue to use spyware, as I said, in a responsible and legitimate manner without any obstacle. So that is with regard to the conditional moratorium, with regard to the standards to govern the use of spyware.

I have made some remarks about the need to regulate the market to trade in spyware. Then I think another important one is we need a definition of the notion of national security, because we see that national security is being used like a kind of a joker by all the member state governments. You know, if they don’t want any scrutiny, they just say, oh, this is a matter of national security. And the nobody can ask any questions anymore. We get no access to information. They refuse to cooperate and they consider that any measure, any use of spyware is justified. And that is unacceptable. National security has just become an area of lawlessness. It’s like the Wild West. It’s unacceptable. So we need preferably a common European definition of the notion of national security, or at least a kind of European obligation for all member states to demarcate the area in which the national security regime applies and what rules apply and what safeguards and it should be on the basis of common European standards. And if you say that this is not possible, that national security is an area of strict national competence, I would like to point out that the European Commission itself has written to the member states, reminding them that although national security is indeed an area of national competence, it doesn’t mean that they have a kind of a blank check to decide for themselves what is and what isn’t national security. I think I said it in a previous meeting. If I look at the national security in my own country, it is very, very broad and it even includes the strategy for road salt. You know, when it’s snowing and freezing. So there is a strategy to make sure that we have sufficient salt to free the roads. And that’s a matter of national security. I mean, to give you an idea of how broad it is. So clearly, we need to have a clear demarcation.

Then a few last remarks. As I said, we need better enforcement of existing legislation. I mean, this is an issue that we need to address with the European Commission. And I also feel that as a European Parliament, we cannot continue to just politely ask whether the European Commission would be kind enough to do its job as the guardian of the treaties, but to actually demand that the Commission does its job as the guardian of the Treaties. Because, friends, we have given our vote of confidence to the European Commission three and a half years ago and we have the right to repeal that vote of confidence if we feel that the Commission is not delivering. And I think it is not optional for the Commission to apply the law. It is an obligation. It’s their job. It’s what they’re paid for. So I think we should be a bit tougher on this.

Then, I also think that we should reach out to our friends in the United States because I think, as I said, we cannot regulate what third countries are doing. But the combined market power and the combined political power of the European Union and the United States, I think would make a difference in the world.

And then finally, maybe this really final remark. I think I’ve been around for a while, as you know, and I was on a previous inquiry into spying. And we did a similar exercise in this European Parliament doing an investigation, having hearings, adopting a resolution. And then if you go back to that resolution, which is by now some eight years old, I find that most of the recommendations have not been executed and that we have actually done very little in terms of, you know, scrutinising, monitoring the follow up. So I have basically copy pasted some of the recommendations of the 2014 resolution, and I suggest that this time we’re going to be a bit tougher in monitoring the follow up and really demanding that the European Commission in particular delivers, but also the Member states. So we should also be, let’s say, you know, not just be very satisfied with ourselves and pat ourselves on the back and open a bottle of champagne when we’ve adopted a resolution, but actually very closely monitor that what we adopt here, that our recommendations are being executed so well. There’s much more in the resolution, but I have taken up a lot of your time already, so I’ll stop here. Thank you.

Jeroen Lenaers (Chair): Thank you. Sophie, take all the time you need because it’s an elaborate resolution, and it’s important that we can also go into the detail. The same goes for the shadow rapporteurs and any other members that would like to and would like to speak. And indeed, also just to echo that as Chair, I think it’s very important that the work that we do in this committee does not end with adopting a report and adopting a resolution, because I think sometimes in this Parliament we do that too often, we adopt the legislation, we adopt the resolution, we’re very happy with ourselves, but then nothing happens. So this would be mainly a job for the next parliament. I think giving the time line to really make sure that the recommendations that we make are followed up and that we can also put that on the Commission or on the next commission to do so. We’ll start with the political groups and first form for the EPP, it’s Mr. Zoido replacing Mr. Bilčík.

Juan Ignacio Zoido Álvarez (EPP): Thank you very much, Mr. Chairman. Mr. Bilčík could not come today, and this is why I am going to make his contribution. I’d like to thank the rapporteur for the work she did and presenting these recommendations before this committee. I think this text is a good starting point for negotiating and I would like to thank you for using the type of language. Nonetheless, there is a whole array of issues that we have to explore. And in the EPP we will present some recommendations to this effect.

The recommendations are the most important text from this commission because it will have to be adopted in the plenary. We need true cooperation, so we need to find a well-balanced document reflecting the problems and reflecting what we heard in the hearing and on research and inquiry. We have to be aware of our mandate and what its limits are. We cannot prejudge and we’ve got to have a European framework which allows us to establish vulnerability and to identify misuse of cyber tools. And the Pegasus incident has affected the member States more than others. So we have to be able to deal with certain facts and certain false accusations. Personal liberty and fundamental rights must be protected. There’s no doubt about it. Guarantees for victims should be part of the recommendations and this should be within the member states. And it is crucial to find proper remedies for the victims of this misuse of cyber tools. But we’ve got to keep in mind the other side of the mountain. Spying and espionage is a problem with our technology. We cannot totally prevent it. We can try to ask for moratorium on the use of this technology, except that this technology is part of our security and it’s crucial to keep the forces of order going. So if you try to cut down the potential of new technology would be a terrible thing. And we’ve got to use this technology to protect our citizens and democracy. So these, we need to find the balance between the use of spyware technology for security purposes and the protection of rights and liberties of Europeans. This is what Mr. Bilčík told me to say. Thank you.

Jeroen Lenaers (Chair): Thank you, Mr. Zoido. In a move, the S&D shadow rapporteur, Mr. Heide.

Hannes Heide (Socialists and Democrats): Thank you, Chair, and many thanks to the rapporteur. It is not an easy task to do a report on surveillance spyware as we can follow new developments day by day. So it will be hard work and it was hard work that Sophie in ‚t Veld has done to follow all these new developments, technical and all events happening. So during the time this committee is at work, we had a lot to think about and we had a lot to experience. But I think it’s not only very voluminous to make a report on this, all these aspects, it will be our task for a legal framework to define what use and misuse of surveillance spyware.

And I agree that there will be two very important definitions. It’s moratorium and it is the definition of national security. As we experience different approaches and as we have heard already, it’s sometimes used not to get information or to give information. I want to ask our rapporteur more on the countries about the decision, why these countries come to account within the report. Then you also mentioned that the United States and Europe would have a combined power on the market and in the field of politics. How realistic is it that we can find these powers from your view, I want to ask. And what I’m also interested, because this is a new aspect for me, the recommendations of the spying report from 2014. There must have been a lot of technical development and a lot of events. What has been timeless from this recommendations from 2014? It would be very interesting to hear. Thank you very much. Thank you very much for the work so far done.

Jeroen Lenaers (Chair): Thank you very much, Mr. Heide. And we move to Hannah Neumann for the Greens.

Hannah Neumann (Greens): Thank you, Chair. And this, as Sophie just said, we are finally getting to the essence of our work in this committee. And the first of all, I would like to thank you, Sophie, for the very strong and encompassing and rather complete recommendations put forward with this, well, part of whatever of the first report and then the final report where we have the results and part first, where we are discussing amendments at the moment inside the groups, we will table them. So a description of the status quo and then the political recommendations, which indeed are a key. And I agree with you, we should also make sure that even though this may take us to the next legislative term, we make sure that some of the implementation is actually happening. And we are not just producing paper.

What we as Greens appreciate a lot about the recommendations part of this report is that it also includes separate and detailed sections for the five EU member states where the misuse of spyware has been reported. At the moment it’s five. Let’s hope it will not be more by the time that we conclude the work on this report, namely Poland, Hungary, Spain, Greece and Cyprus. We also find it very important and good that with regards to the first report that we had from you, there is an update following up on the finding of the EU Ombudsman that was here in the committee stating that the European Commission failed to sufficiently assess the human rights risks before providing support to African countries especially. But we also have to look at Middle East and North African countries to develop surveillance capabilities, notably in the context of the EU Emergency Trust Fund for Africa. And you have full support from us for the Court to introduce and conduct human rights impact assessments in the Commission and to immediately hold any support of third countries aimed at enabling them to develop surveillance capacity or otherwise facilitate such development. And we will, in our amendments, also look a bit more into other potential complicity of EU Member States or EU institutions themselves in human rights violations in third countries of the use or misuse of spyware. The dual use regulation that is not fully implemented is one part, but others are, for example, financing structures where EU companies may be part of financing infrastructure or mother daughter companies that are producing spyware that is then sold to autocratic regimes.

We reiterate our full support for the call for the immediate adoption of a moratorium on the sale, acquisition, transfer and use of spyware. We are also favourable of the idea that this can be lifted on a case-by-case, country-by-country case, once they comply with the framework that we set out. But we will also introduce and I would be a bit more detailed about that later, some kind of a scrutiny body with the involvement of the European Parliament and that checks if they really comply and also checks if they continue to comply. Because what I find very important is that we do not sign the member states off once and then they can use it. And once we detect a misuse, then what? So we really need a mechanism that continues and it checks and scrutinise and surveys if they are really in line with the legal framework or not just a one-off thing.

However, and this will be one of our key points, there are certain forms of spyware that we really think should be banned, especially those that go back in time that allow institutions who use the spyware to go back in time, even before the date where the use of spyware was allowed. And those that really can modify data on the device. These, to our understanding, is absolutely not in line with the concept of proportionality underlying all our legal systems and all our assessments. And therefore, we think these kind of capabilities of spyware should be banned completely inside the European Union, but also on an international level. And we will table an amendment asking for the ban of these kind of very intrusive spyware.

We strongly welcome and support the call for the creation of an independent European Interdisciplinary Institute. We can also call it EU based tech lab or whatever. And I think it’s worthwhile to also learn from the Canadian model where such an institute has been established within an academic framework, and such an institute could also support the Commission and the Parliament with annual reports about the state of play in the spyware industry, but also in assessing if member states actually fully comply with the legal framework that we set out. And because we have some more time, Mr. Chair, maybe we can dedicate one session to seeing for ourselves and exploring concepts of what this EU based tech lab that apparently everyone here wants could look like and would meaningfully look like.

Let me add some areas where the Greens are planning to introduce amendments on the vulnerabilities and we had the discussion yesterday with the private actors using spyware. If there is a vulnerability, we can expect many people using it and misusing it. So once there’s a vulnerability, I think technology companies should be notified so that they can close them as soon as possible.

On the reporting, we think it would be important to introduce a reporting scheme for member states where they report to the commission in how many cases a year they have used spyware, on what category of victims or I mean, or offenders, but on what categories of people, and for what crimes. So that we have an overview about the use of spyware and we get already some understanding of how member states are using that differently. It is, for example, a common practice in Germany where the counties on the German level have to notify the central level about the use of spyware in their respective vicinities. And I think that could also happen on a more aggregated form by EU member states notifying a council, working body or the Commission. We have the same thing for arms exports where all member states fully report, for example, their arms exports decision to the European level. So this is really not something new, but I think something very helpful to get an understanding of the use and potential misuse of spyware in the European Union.

Then the scrutiny body, I already said that I think there should be a body that where also the European Parliament, but not just the European Parliament plays in a role that scrutinises how member states are using spyware and can also assess the appropriateness of the use of the spyware. And it can play a role in the question of, well, when should the moratorium be lifted or reinstated?

And then regarding the issue of national security that I think all my colleagues also pointed out as a very crucial issue. We as Greens think that any use of spyware is a massive infringement on fundamental rights. That could be proportionate. That could be legal in a very limited number of cases, but it constitutes a massive infringement of fundamental rights. And fundamental rights are the responsibility of the European Union, so of EU institutions, including the European Parliament. And we understand that there can be a limited number of cases where Member States can say it’s in their national security interest. But we would really like to reverse the concept of who has to bring the proof. So for us, it’s a European Union business and member states have to justify and explain why in very specific cases it’s a matter of national security. And they have to also prove that even if they use it as a matter of national security, they uphold the principles enshrined in the European Convention on Human Rights, the European Treaties and the European Charter, namely proportionality, necessity, legitimacy, legality and adequacy. And that would be the core points that we as Greens, we put forward on this overall, I think, very good recommendations of our rapporteur.

Jeroen Lenaers (Chair): Thank you. I don’t see any representatives from ID or ECR, so I move to Cornelia Ernst on behalf of the Left.

Cornelia Ernst (Left): Yes. Thank you very much indeed. Thanks to the rapporteur who’s done some great work under very difficult circumstances. We’ve already had committees where we’ve simply received more information, which could be proven, but it wasn’t all that easy to actually prove things here. We’ve heard from NGOs, people affected, activists who were able to provide us with proof. So this is some really excellent work. And if you look into the annexe and see how much of that is reflected, it becomes very clear how much work has been put in. So I’m happy that we’ve got this report before us in this shape. We are ready to work together with you. That goes without saying. And we support the rapporteur to ensure that the important things really can be pushed through here and that can be expressed as clearly as possible.

So what are we talking about? I think we need to send out a very clear message to Member States and indeed to the Commission. That we can’t deal with the fundamental rights of our citizens in this way. Yes, we see that the fundamental rights of citizens are being affected here. And if you look at who’s affected by this software, it’s those people who are unpleasant to governments, opposition journalists, etc.. And in Spain, we talked with lawyers who were affected. We’ve heard of lawyers in Poland as well, and from other people, journalists, for example, in Greece and many other countries what the use of this spyware actually means. I personally feel that we have to think very carefully about the extent to which this type of software can actually be used. This software of this type cannot be reformed, I believe. I don’t believe that. Regardless of the criteria we introduce here for control mechanisms, etc., we all know perfectly well that there are limits to this.

And so we need to discuss in general terms how we deal with spyware. And I believe that this type of software should be banned. We also have to discuss the sales of surveillance, technology and exports from the EU. I think the discussion on control mechanisms is really important because if we have this type of spyware, spyware, it goes without saying we need the control mechanisms. So we need to check. We must have some kind of annual reporting. The proposal from the Greens I think is good. In other words, that you have to provide justification before use as to why it should be necessary. This argument of national security has already created major headaches for us. It can be used to push many things through, and I think that as long as this type of software exists, we need really stringent control mechanisms, including here in the parliament, a control committee that would deal with this. We have that in the Bundestag, for example. I think that type of mechanism is of extreme importance.

Then we also have to discuss this question of the bog of the international spyware economy, this trade going on. We had this from the Israeli group, how this happens, where the problems lie, and we have to drain this marsh of this trade in this. We have to look at the mentioned trade, but the commercial use and the exploits, that’s really important. I don’t know whether with this type of spyware, it’s even possible to actually get a grip on everything to avoid misuse thereof. But of course, we will submit all of the points related to this.

Yes, I think the moratorium in pragmatic terms is probably correct. But we also want to open the discussion as to what type of software should actually be banned. And I think this is one. So we’re going to submit points on countries not yet mentioned. There’s a problem with the German authorities. I think there’s some indication that there has been some type of use, whatever form it took. We’ll be submitting that and we will be submitting amendments on Greece and, of course, Spain. We find it very unfortunate that there was no mission to Spain. I think it would have been very worthwhile. I still think that’s important and we would continue to support that because we think that when you’re talking about this, this bog, we have to think about the use of this type of spyware. And I’d also like to add that there’s another effect as well disciplinary intimidatory for citizens who are affected. And when I talk to ministers in Spain, in Catalonia who are no longer ready to say anything, even when their own offices, they’ll only speak when they are outside. Then that means that we have reached a truly unacceptable situation and we can’t simply accept it.

Jeroen Lenaers (Chair): Thank you very much. Cornelia, let’s remember what I said already. We have an extension of three months on the mandates, and that also gives the opportunity to look at the schedule of both of hearings and also of missions. So there are no final decisions taken there. Yes, but concludes the list of our shadow rapporteurs we have on the speakers. This still, Ms. Vozemberg, Mr. Kouloglou and Ms. Novak. So if nobody else wants to take the floor. I close the vote on the voting list. We do not close any voting list. I close the speakers lists, the voting list I wish the Secretariat already lots of luck with preparing that for later and we give the floor first to Ms. Vozemberg.

Elissavet Vozemberg-Vriondi (EPP): Thank you very much indeed, Chairman. First and foremost. Colleagues. I have to say that there’s been some very in-depth work here. I will not undermine in any way the work that’s been put in in order to come up with is a recommendation from the Parliament to Council and Commission. But allow me to say that there are certain points which need to be referred to.

I’ve listened to people’s positions, I’ve followed the debates, but we have to refer to certain things which are proven and definite. And I’m referring here to the Member States that the rapporteur and the report are looking at saying that they didn’t cooperate with the committee in giving answers to the questions, information, clarification about those issues being investigated by the committee. I’d just like to recall that in a previous meeting Mrs. In ’t Veld had agreed on this as well, that both Greece and Cyprus did not only accept the committee, but some of the leading officials took part in the hearing and gave the information they felt needed to be provided to inform the committee and answer any of the questions it’s had and to provide data either to do with the illegal software or the functioning of the rule of law.

I would also remind you that there is no proof whatsoever as far as my country, Greece is concerned about the illegal software Pegasus or Predator have also involved the government. It’s been denied and no one has come up with any evidence which could support that fact.

Surveillance of politicians or others conducted by the national information body for reasons of national security happened in every member state. So I would ask there to what extent our committee has the right to intervene in the interpretation of security in every member state. I’ve got certain hesitations there, but I’d like to hear from the other side as well so we can discuss it. This is not linked in any way with this illegal software which the government some months ago it legislated on that. There’s a clear prohibition on the sales and use of that illegal software. If the legal software exists, I know that the rapporteurs looked at this into in depth and knows better than any of us here that this type of thing exists in all member states, of course, not only in the European Union, and it’s being led by economic interests because it’s a very expensive product. And when we want to link this and we have to link it with use by official governments, then in that case we need very sound proof supporting evidence of that.

I should say that in this report we feel that the finger is being pointed at member states and it’s almost libelling certain countries. I’m saying this because I know that there are references made to specific countries in which discussions are going on. Certainly there has to be an investigation. I agree with that, as does the EPP to which I belong, as does my own government. But that investigation has to be done on an objective basis. And I’m saying that because the recommendations being set out for Greece on the basis of this, basically, I think to some extent we’re being told by this report that it’s telling my country how it should go about changing some of its legislation. I’m really sorry, but we don’t have the right to do that. Only in those areas where national legislation clashes with EU legislation. Yes, I could accept that, but it would be in specific terms that the specific points that there may be a clash with directives or with the ways of working of a democratic country.

Colleagues, Greece is a democratic country with a democratically elected government, with all of the parties represented in the parliament, with independent authorities working under the constitution of the country. And this democracy is one of the very best in the European Union. It’s not me that’s saying this just because I’m a Greek. All of the international reports say this about Greece, so please think very seriously.

And this is the last point I’m going to make before I conclude in this committee for the rapporteur. I don’t question her democratic nature. Does she think, though, it’s correct, that if you’ve got this type of document where we have all made our comments, amendments, statements, etc., this is going to go out and a member of a committee is going to give an interview and support an image, present an image of a member state Greece in this case as if it were some illegal country. You know, I’m referring to Mr. Bricmont who made and gave an interview, who said pretty much that well, with an eye to the national elections in Greece, it was clear that observers would have to be sent for the elections as if this were some extreme regime in power. Well, I’m really sorry, colleagues, but that is not the role of our committee. Please allow me. Mrs. In ’t Veld, don’t complain, I listened very carefully to you, and we always do listen carefully to you, but allow me to defend my own country on points where comments have been made, which are going to be adopted. And then there are this go out and when it’s publicised it only supports the opposition. And when we talk about the rule of law, I think you should know that in Greece there are articles which even speak out against the Prime Minister, the President, and they have been allowed to express themselves freely because with freedom of expression we’ve even accepted extreme input as well. But that has nothing to do with the way in which our committee is referring very specifically. And that means that we need to have proof and evidence. If you slander or stigmatise a member state, then I don’t think that really reflects what should be the true role and aim of this committee. Thank you.

Jeroen Lenaers (Chair): Thank you, Ms. Vozemberg. And we move to Mr. Kouloglou.

Stelios Kouloglou (Left): Well, thank you. I think this is a very important and very well documented document. We have to take and continue working. It’s very extensive. It covers all the issues. And for my country, Greece also has a very important recommendations. Why? You know, the Greek government and the allies are saying that, you know, Greece is a very democratic country because why? Because there is free press. But nobody is accusing Greece of being a dictatorship. So to you know, to, for with the newspapers. What’s going on right now in Greece is a systematic violation of the rule of law concerning every aspect of the rule of law. A divided authorities are not allowed to do their job. Justice is under control from the government. The general prosecutor sees the eruption of the scandal in the summer. The general prosecutor is doing everything in this in his capacity to stop the investigation. He is not investigating the scandal itself, but who leaked the scandal to the press. The media are under control using unlawful means and the money of the European Union.

How we how we ended up like this? You know, because now I think the report is trying to solve a very important dilemma between tackling the problem of terrorists and terror and the problem of abusing their despised words for political purposes. But since up to now, we don’t know many cases that a terrorist organisation or a criminal organisation was found due to the use of the spyware on the coder know that Jamal Khashoggi has been targeted and then cut into pieces because they were following him using the spyware. Morocco was doing the same with the French and the Spain government and so on and so on. And, you know, I mean, in Greece, they were spying on everybody. You know, they were spying on the ministers, they were spying of the journalists, they were spying on the on the opposition. There were spying om the prime minister’s sister, they were spying on the prime minister nephew, they were spying on the prime minister’s sister of the of the a nephew, who is a member of Office. They were spying on everybody. I truly believe that if they the only person they did not spy within the environment of prime minister was his dog. If his dog had a mobile they would follow the dog as well.

You know, everybody was followed. And this is, you know, has nothing to do, and then the government, mind you, did not deny the allegations. You know, the judge said that they were not, you know, having to do it. We don’t know who was following them, you know, and we still know that the some people who were followed by the national security services, including ministers, including the chief of staff of the of the armed forces. And, you know, nothing’s happening. So what is important from the recommendation is that the and finally, the commission has to take its own political responsibilities and you know, and to do something to take a position to investigate what really happens. And the same goes with the Europol. The Europol has also to use its mandate to investigate. Thank you.

Jeroen Lenaers (Chair): Thank you. And then to conclude our list of speakers, Ms. Novak.

Ljudmila Novak (European People’s Party): Thank you. First of all, I’d like to thank the rapporteur for the work she has done and presented to the members of the Pega Committee. I agree with the recommendations that she sets out and I really think we should demand that the European Commission investigate in these already known cases. And Member States also must show that their rules comply with the Venice Commission ones. I do know, though, that it’s always difficult as when it’s one’s country that is being investigated and when the government is being investigated like Greece and Spain. If it’s able to show that it acted legally, no problem. But I think we should really investigate the cases that have come to notoriety recently.

I also think that we need a common definition for national security because it’s a very wide notion and it can hide a lot of other concepts such as special operations. So national security is really something that needs a definition so that everyone is clear on its meaning. And I also agree that we need to cooperate more with the United States, especially the intelligence services. And the same time in the EU, we’re really trying to find the right balance between security and citizens privacy, which is why I’m not so keen with us to tighter cooperation with the US. But I hope that we will adopt the resolution, that we will find a consensus among agreement on our requests and demands. And I think it is our role to follow closely what is going on and guarantee that the European Commission will implement this report because otherwise there’s no point.

And the European Commission should closely monitor all Member states, not just the ones that we have highlighted as those who possibly use spyware in an inappropriate manner. I think the European Commission should draw up a report on each and every member state on their use of this surveillance software to see whether they’re using it legally or not. These software systems are always a step or two ahead of those investigating them, which is why this resolution should really be of the kind to be long lasting in time.

Jeroen Lenaers (Chair): Thank you, Ms. Novak. And we pass the floor back to our rapporteur, Sophie in ’t Veld.

Sophie in ’t Veld (Renew): Yes. Thank you, Chair, and thanks to all the colleagues for their comments. I would like to start by responding to the remarks by Mrs. Vozemberg. It seems that we have a very different idea of what our job is here. I feel as a member of the European Parliament, I am responsible for the general interest of all European citizens. I am accountable to all European citizens. I am not here to defend or to attack my national government. You may have noticed, Mrs. Vozemberg, that there is a small chapter about my own country in this report. I would also like to point out that my political party is a member of the Coalition government, but I do not feel it is my job to represent my national government. It is our job, Mrs. Vozemberg, to ensure that all European citizens are protected and that democracy is protected. That is our job, Mrs. Vozemberg.

And I think you should be very careful when you use terms like libel. Don’t use it frivolously, because I think everything that’s in this report, the resolution and the report and the amendments that I intend to table, it is extensively documented. And I would say, Mrs. Vozemberg, that there is reason for serious concern about the situation in Greece. And indeed, nobody has said that it’s a dictatorship. But there is very, very serious concern. And the essence of democracy is checks and balances. Yes, Mrs. Vozemberg. And independent institutions. And that is precisely the issue at stake in Greece at the moment. You know full well that the ADAE investigating and that the DPA, the Data Protection Authority, is investigating. And because they’re doing that, they’re under pressure. They’re being threatened with legal measures by the general prosecutor. I find that reason of concern. Yes, Mrs. Vozemberg, this is a fact. I have not invented. This is a fact. And when democracy is under threat in one of the member states, democracy in the entire European Union is under threat. Because I would like to point out to you, as I’ve done in the report, that all the member states are represented in the council, for example, they nominate members of the European Commission. Okay. Members of this House have been targeted. No, I have the floor, Mrs. Vozemberg. We are facing a threat of European democracy and we are being concerned about what is happening in the United States or in Brazil. We should be, we should be…

Dominik Tarczyński (ECR): [Shouting.]

Sophie in ’t Veld (Renew): I have the floor, Mr. Tarczyński.

Dominik Tarczyński (ECR): [Shouting.]

Sophie in ’t Veld (Renew): I have the floor, Mr. Tarczyński. No.

Jeroen Lenaers (Chair): Excuse me.

Sophie in ’t Veld (Renew): I shout as much as I want, because yes, I am concerned about democracy.

Jeroen Lenaers (Chair): One moment, colleagues. First of all, Mr. Tarczyński, there is no point in coming in an hour and 15 minutes late and starts shouting through the proceedings of this House. If you want the floor, Mr. Tarczyński, you can ask for the floor and I can give it to you. And maybe sometimes coming on time – you come in and you start shouting. If you don’t come here to listen to all the people, then leave. It’s your free choice. The rapporteur, the rapporteur Sophia in ’t Veld, has the floor. Everybody else who wanted to take the floor had the opportunity to speak. So Miss in ‚t Veld will continue with her remarks now without interruption. Thank you very much.

Sophie in ’t Veld (Renew): Thank you. Chair. So as I said, I think democracy is under threat and that is something that we should all be very concerned about. It’s not a national matter. It’s a European matter. Okay. I’ll go into the remarks in a bit more detail. Unfortunately, Mr. Zoido is not here, but he spoke about his concerns about a moratorium, saying that that would not allow the authorities to use spyware, you know, in legitimate ways. I share that concern. And precisely for that reason, I have proposed not just a, you know, a moratorium full stop, but a conditional moratorium which can be lifted if member states meet the four criteria. And I think the four criteria are very reasonable. We can negotiate about the precise wording, but I think such a conditional moratorium would allow, on the one hand, the authorities to continue using spyware in a legitimate manner. I know that not all groups agree that it can ever be used legitimately, but I think it can. But at the same time, it would put a moratorium on the illegitimate use.

Then to Mr. Heide, why the choice of countries? Well, I think almost all the countries have been mentioned specifically in the reports. It’s just that there are five countries where I think we have a very specific concerns about either the abuse of spyware for political purposes or the, let’s say, illegitimate exports in particular, but not exclusively Cyprus. But I have made it very clear in the report that we have concerns about all the member states and also the fact that they are collectively silent. They are collectively keeping in place a system which is rotten. I have mentioned my country, I’ve mentioned Luxembourg, Ireland, Lithuania, Italy, Germany, Austria. I mean, you know, most of the countries are mentioned and I think they are all collectively responsible for the current situation and a refusal to resolve it.

With regard to the 2014 resolution, I think one of the key, because I’ve reintroduced the exact same text that had been adopted in 2014, and you’ll see that many of those paragraphs addressed the issue of oversight, and it’s calling, for example, for kind of a high level group to be set up to define standards that independent and parliamentary oversight should meet. There are a couple of other issues, but oversight, you know, shaping the oversight, defining what kind of oversight we need over the intelligence activities, etc.. That is one of the core issues. And I think that’s still very valid regardless of the technologies used.

When it comes to the EU and the US joining forces, I note that the United States are already very active. They are there actually investigating the abuse of spyware. And interestingly, the FBI is investigating the abuse of spyware on European soil, whereas Europol is saying that, you know, they have no competence to do so. I find that, I mean, that is, you know, that’s bizarre. But the U.S. is also, they have blacklisted a number of companies. They’re also elaborating legislation and standards. And I think if we would elaborate common standards, then we would really, you know, the voice of the EU and the US really carry weight in the world, because then, for example, if companies, let’s say that we were to elaborate common standards and a common blacklist, now if companies would then choose to continue to sell to unsavoury regimes, they can do so. But then they would end up on a joint blacklist by the European Union and the United States. I mean, that would severely hamper their business opportunities. So I really think this transatlantic access could have an impact.

Yes. Well, I’m looking forward to the amendments announced by the Greens. I think, indeed, I forgot to mention one thing, and that is the proposal for an EU tech lap. And I would actually and I hope it’s going to come up in the coordinators meeting as well. I would actually say this. Okay. We’re going to include it in the resolution, but I think we should actually move much faster and this House should actually, you know, even today decide to free up money in the budget to create such a tech lab today. It could have the shape of a network even, you know, we don’t need like a building today, but even just a few million euros, which is peanuts compared to the expenditure of the European Union, could be freed up today and could be used to bring together a network of experts who are going to help us so that we don’t have to rely exclusively on the citizens lab, which is, first, they’re excellent, they’re brilliant. They’ve done a fantastic job, but they’re not European and they’re overburdened. So we really need to move today I think. Um, yes.

And final remark about the cooperation or rather the non-cooperation of the authorities. I disagree with Mrs. Vozemberg. Yes. The Greek authorities have agreed to meet with us. We’ve also received letters by some of the other national authorities or European authorities. But we have to recognise that the information we got was meaningless. Meaningless, because they all hide behind the argument of national security. So if you say that we have no rock solid proof, no, we have no rock solid proof because the authorities refuse to give us proof. They refuse to give us. Yes, haha, Mr. Tarczyński, I don’t think it’s funny. You know, if democracy is under threat, I don’t think it’s funny. I don’t think it’s funny. We have seen we have seen no democracy in Europe too often. This time we should be vigilant, not just for the Brazilian democracy and US democracy, but for our European democracy. And I think that is the task of this committee. Thank you.

Jeroen Lenaers (Chair): Thank you all for this exchange. I would like to note that the deadline for amendments to the draft recommendation is set on the 10th of February at 6 p.m. The next meeting of our committee is at 3:00 this afternoon and we have a coordinator’s meeting that will start at 11.30 in this room. So I’ll see the coordinators there. Thank you very much.

Deine Spende für digitale Freiheitsrechte

Wir berichten über aktuelle netzpolitische Entwicklungen, decken Skandale auf und stoßen Debatten an. Dabei sind wir vollkommen unabhängig. Denn unser Kampf für digitale Freiheitsrechte finanziert sich zu fast 100 Prozent aus den Spenden unserer Leser:innen.

3 Ergänzungen

  1. >>Von der Anhörung gibt es ein Video, aber kein offizielles Transkript. <<

    Bedeutet das, es gibt kein Sitzungsprotokoll? Arbeiten die Ausschussmitglieder ohne schriftliche Grundlagen?
    Was ist der Grund, dass es keine offizielles Transkript gibt? Was bezweckt die EU damit? Wie groß ist das Medieninteresse an dem Ausschuss? Welche Resonanz gibt es unter den EU-Bürgern in der Sache?

  2. Solange dem Michel eingetrichtert wird das es „notwendig“ ist um schwere Verbrechen zu bekämpfen, solange sind Polizei u. co. bemüht immer wieder an die Grenzen des machbaren zu gehen. Verfassungswidrige Tools nutzen bis es aufgrund der Überlastung erst nach 5-10 Jahren einkassiert wird und dann einfach wiederholt wird. Es hat ja keine Konsequenzen.

  3. Unabhängig davon wie weitreichend man nun den legalen Einsatz von Trojanern gestatten bzw. regulieren will sollte grundsätzlich dafür gesorgt werden, dass der _illegale_ Einsatz direkt strafrechtliche Konsequenzen für die Verantwortlichen hat! Und zwar ohne wenn und aber, auch wenn es sich um ausländische/verbündete Staaten handelt – dann müssen eben die Behördenmitarbeiter des verantwortlichen Staates von der (Bundes-)Staatsanwaltschaft ins Visier genommen werden!! („Allein mir fehlt der Glaube!“; die diplomatische Verstimmung will in der bundesdeutschen Republik niemand haben)

Dieser Artikel ist älter als ein Jahr, daher sind die Ergänzungen geschlossen.